Requirements for using Remote Execution and Access (RXA)
You can use Remote Execution and Access in WebSphere Application Server Version 8.x and 7.x. WebSphere® Application Server Network Deployment provides management features, such as initiating installations of product packages and maintenance from the administrative console. The product uses the Tivoli Remote Execution and Access (RXA) toolkit to access your remote workstations.
Windows target requirements
RXA supports the SMB1 protocol, which is insecure. It is strongly recommended that you install an SSH service, such as the SSH daemon from Cygwin, and disable the SMB1 protocol. For more information about how to enable and disable the SMB1 protocol, see How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server.
Many RXA operations require access to resources that are not generally accessible by standard user accounts. Therefore, the account names that you use to log onto remote Windows targets must have administrative privileges.
Simple file sharing
Windows XP system targets must have simple file sharing
disabled for RXA to work. Simple networking requires that you log in as guest
. A
guest login does not have the authorization necessary for RXA to function correctly.
To disable Simple File Sharing, open Windows Explorer and click Use Simple File Sharing check box. Click Apply and OK.
. Clear theUser Account Control (UAC) on Microsoft Windows 2008, VISTA, and 7
In order for RXA to connect to a user on a host on Microsoft Windows 2008/Vista/7, User Account Control (UAC) must be disabled. If UAC is not disabled, the connection fails. To Disable UAC, follow these steps:
- Open User Accounts. Click Start > Control Panel.
- Click User Accounts and Family Safety > User Accounts. If you are connected to a network domain, click User Accounts from the control panel.
- Click Turn User Account Control on or off. If you are prompted for an administrator password or confirmation, enter the password or provide confirmation.
- To turn off UAC, uncheck the Use User Account Control (UAC) to help protect your computer check box. Click Ok.
- Open the Control Panel from the start panel.
- Click System and security.
- Click Action Center.
- Click Change User Account Control settings.
- To set User Account Control to the least secure setting, click and drag the bar to Never Notify.
Firewalls
Windows XP systems include a built-in firewall called the Internet Connection Firewall (ICF), which is disabled by default. For Windows XP Service Pack 2 systems, the Windows firewall is enabled by default. If either firewall is enabled on a Windows target workstation, RXA cannot access the target workstation. On Windows XP Service Pack 2, you can select the File and Printer Sharing check box in the Exceptions tab of the Windows Firewall configuration to allow access. Do not block port 445.
File sharing and printer sharing
RXA cannot establish a connection unless file sharing and printer sharing are enabled. To enable file sharing and printer sharing, follow these steps:
- Microsoft Windows XP
- Open Windows Network Connections in the Start menu and right-click My Network Places.
- Right-click all connected connections. Click Properties.
- Verify that the File and Printer Sharing for Microsoft Networks check box is selected.
- Microsoft Windows Vista
- Click Network in the Start menu.
- Under Sharing and discover, enable file sharing and printer sharing.
- Microsoft Windows 2008
- Select the Control Panel from the Start menu.
- Click Network and Sharing center.
- Enable file and printer sharing.
- Microsoft Windows 7
- Select the Control Panel from the Start menu.
- Click Network and internet.
- Click Network and sharing center.
- Click Change advanced sharing settings.
- Enable file and printer sharing.
Remote Registry
- On Control panel, click Run.
- Enter "services.msc". Click OK.
- Scroll down. Click Remote Registry.
- To enable Remote registry, right-click .
- To enable the Remote registry service to start during system start up, right-click Remote Registry > Properties. Change the start up type to Automatic.
Administrative sharing
You must enable administrative sharing to successfully use RXA to connect to your Windows systems targets. Examples of the default administrative disk share are C$ and D$ . If you disable sharing, RXA considers directories that are located within the drives as hidden. In this case, the following message is displayed:
XCIM0009E: Error connecting to remote target <host_name>. Exception: java.io.FileNotFoundException:
CTGRI0003E The remote path name specified cannot be found: file_or_directory_path>.
Cause: com.starla.smb.SMBException: The network name is incorrect.
Follow these steps to enable administrative sharing:
Connecting to Windows Vista, Windows 7, or Windows 2008 Server R2 targets
To connect to Windows 7 and Windows 2008 Server R2 targets, use either option 2 or option 3 that follows disabling the User Account Control in step 1. Before you begin, ensure that the Remote Registry in Windows Services is started, and port 445 is unblocked in the firewall.
Linux and UNIX target requirements
The centralized installation manager, through RXA, uses SSH Version 2 to access UNIX and Linux target workstations. This usage requires the use of either OpenSSH 3.6.1 (or, if accessing AIX targets, OpenSSH 4.7), or Sun SSH 1.1 on the target hosts.
Note that OpenSSH 3.7.1, or higher, contains security enhancements not available in earlier releases, and is recommended.
Using Secure Shell (SSH) protocol
Remote Execution and Access does not supply SSH code for UNIX operating systems. You must ensure SSH is installed and enabled on any target you want to access using CIM.
In all UNIX environments except Solaris, the Bourne shell (sh) is used as the target shell. On Solaris targets, the Korn shell (ksh) is used instead due to problems encountered with sh.
PasswordAuthentication yes
The default value for the PasswordAuthentication
property is no.
/etc/init.d/sshd stop
/etc/init.d/sshd start
IBM i targets
Use of SSH public/private key authentication to IBM® i targets is not supported.