Reviews & Opinions
Independent and trusted. Read before buy HP 9000 RP5400 L1000 Servers!

HP 9000 RP5400 L1000 Servers

Manual

Preview of first few manual pages (at low quality). Check before download. Click to enlarge.
Manual - 1 page  Manual - 2 page  Manual - 3 page 

Download (English)
HP 9000 RP5400 (l1000) Servers Laptop & Notebook, size: 4.8 MB
Related manuals
HP 9000 RP5400 (l1000) Servers Information For Integrity Products

Instruction: After click Download and complete offer, you will get access to list of direct links to websites where you can download this manual.

About

HP 9000 RP5400  L1000  ServersAbout HP 9000 RP5400 L1000 Servers
Here you can find all about HP 9000 RP5400 L1000 Servers like manual and other informations. For example: review.

HP 9000 RP5400 L1000 Servers manual (user guide) is ready to download for free.

On the bottom of page users can write a review. If you own a HP 9000 RP5400 L1000 Servers please write about it to help other people.

 

[ Report abuse or wrong photo | Share your HP 9000 RP5400 L1000 Servers photo ]

User reviews and opinions

<== Click here to post a new opinion, comment, review, etc.

No opinions have been provided. Be the first and add a new opinion/review.

 

Documents

doc0

On the right side of the chassis, as you face the server, is a label containing the system serial number. To access the right side of the chassis: Stand-alone (deskside) servers: it will be necessary to remove the top cover of the stand-alone enclosure to view this label. Cabinet-mounted servers with slide-rails: slide the server out of the front of the cabinet. The label will be visible on the right-hand side.

Chapter 1

rp5400 to rp5450 Upgrade rp5400 to rp5450 Upgrade Procedure Cabinet-mounted servers without slide-rails: either remove the right side panel of the cabinet or remove the server from the cabinet.
Step 3. Included in the upgrade kit is the Key Request Form, shown below. Copy the serial number you located in step 2 onto page 1 of the Key Request Form.
Step 4. Contact SIDO via the World Wide Web at the URL shown in the center of page 1. You will be able to fill out the Key Request Form on-line at SIDOs web site. (Alternatively, you can fax the form to SIDO. Fax instructions are provided on the second page.)
rp5400 to rp5450 Upgrade rp5400 to rp5450 Upgrade Procedure SIDO will respond by providing a Key Certificate, as shown following:

CAUTION

The Key Certificate is an upgrade license document. Store it in a safe place.
rp5400 to rp5450 Upgrade rp5400 to rp5450 Upgrade Procedure Step 5. Your upgrade kit comes with a set of labels that will be affixed to various locations on your server. A sample of the label sheet is shown following: Copy the value that appears in the Your Key is: field of the Key Certificate onto the system upgrade label set. An example of the label set is shown following:
Step 6. Copy the serial number onto the 360 MHz or 440 MHz label shown in the illustration. Copy the value from the Key Certificate Your Key Is: field onto the label shown in the illustration. Also copy your license number onto the label. Do not do anything further with the labels at this time. You are now ready to begin with the system upgrade.
Detailed Upgrade Procedure
Upgrade Procedure Overview 1. Back up the system 2. Shut the system down 3. Enter the upgrade command 4. Verify the upgrade
rp5400 to rp5450 Upgrade rp5400 to rp5450 Upgrade Procedure 5. Apply the labels 6. Install additional components 7. Boot the server Detailed Upgrade Procedure Step 1. Perform a full system backup. Step 2. Shutdown and reboot the operating system. Example: shutdown -r 0
If AUTOBOOT is enabled, the server will display a message indicating: Autoboot enabled, Hit any key within 10 seconds to interrupt the boot process
Step 3. Interrupt the boot process. Step 4. From the firmware Main Menu, change to the Service menu. Example: Main Menu: Enter command or menu > service Step 5. Type upgrade. The server will respond with a message indicating that this command will perform an rp5400 to rp5450 model upgrade and that the server must be reset following the operation. Type Y (yes) to continue. The server will prompt you to enter the key. Enter the key value that appears in the Your Key is: field on the Key Certificate. Example: Service Menu: Enter command > upgrade system serial number: USS392600R The system is about to be upgraded to rp5450, do you wish to continue with this upgrade? [y/n]: y Enter key from key certificate: F5A52E9243F0 Upgrade successful. Please reset system for changes to occur. Service Menu: Enter command >

The following graphic shows an old style bezel.

Chapter 2

rp5430 to rp5470 Upgrade rp5430 to rp5470 Upgrade Procedure Cabinet-mounted servers without slide-rails: either remove the right side panel of the cabinet or remove the server from the cabinet.
Step 3. Included in the upgrade kit is the Key Request Form. Copy the serial number you located in step 2 onto the Key Request Form. Step 4. Contact SIDO via the World Wide Web at http://licensing.hp.com. You will be able to fill out the Key Request Form online via the web site. (Alternatively, you can fax the form to SIDO. Fax instructions are provided in the kit.) SIDO will respond by providing a Key Certificate.
Step 5. Your upgrade kit comes with a set of labels that will be affixed to various locations on your server. Copy the value that appears in the Your Key is: field of the Key Certificate onto the system upgrade label set. Step 6. Copy the serial number onto the 550 MHz, 650 MHz, 750 MHz or 875 MHz label as appropriate. Also copy your license number and the value from the Key Certificate Your Key Is: field onto the label. Do not do anything further with the labels at this time. You are now ready to begin with the system upgrade.
Upgrade Procedure Overview 1. Back up the system 2. Shut the system down 3. Enter the upgrade command 4. Verify the upgrade 5. Apply the labels
rp5430 to rp5470 Upgrade rp5430 to rp5470 Upgrade Procedure 6. Install additional components 7. Boot the server Detailed Upgrade Procedure Step 1. Perform a full system backup. Step 2. Shutdown and reboot the operating system. Example: shutdown -r 0
Step 3. Interrupt the boot process. Step 4. From the firmware Main Menu, change to the Service menu. Example: Main Menu: Enter command or menu > service Step 5. Type upgrade. The server will respond with a message indicating that this command will perform an rp5430 to rp5470 model upgrade and that the server must be reset following the operation. Type Y (yes) to continue. The server will prompt you to enter the key. Enter the key value that appears in the Your Key is: field on the Key Certificate. Example: Service Menu: Enter command > upgrade system serial number: USS392600R The system is about to be upgraded to rp5470, do you wish to continue with this upgrade? [y/n]: y Enter key from key certificate: F5A52E9243F0 Upgrade successful. Please reset system for changes to occur. Service Menu: Enter command >
rp5430 to rp5470 Upgrade rp5430 to rp5470 Upgrade Procedure Step 8. Verify the upgrade took place. From the server Main Menu, type: in pr Examine the model string value. It should be 9000/800/L3000-xx; 5x (550 MHz CPU), 6x (650 MHz CPU), 7x (750 MHz CPU) or 8x (875 MHz CPU). Example: Main Menu: Enter command or menu > in pr Model: hp server rp5470 (model string 9000/800/L3000-7x) PROCESSOR INFORMATION HVERSION SVERSION Processor ---------Speed -------750 MHz 750 MHz Model -------0x05e0 0x05e0 : : : : Model/Op -------0x0491 0x139404607 0x084f253f 0x01f0 CVERSION -------2.3 2.3 Processor State ------------Active Idle

Step 4. At the console, press CTRL+B to go to the GSP (Guardian Service Processor) prompt then enter the GSP command RS to reset the server. Example: GSP> RS
Step 5. Verify the downgrade took effect. From the server Main Menu, type: in pr Examine the model string value. It should be 9000/800/L1500-xx; 5x (550 MHz CPU), 6x (650 MHz CPU), 7x (750 MHz CPU) or 8x (875 MHz CPU). Example: Main Menu: Enter command or menu > in pr Model: hp server rp5430 (model string 9000/800/L1500-7x) PROCESSOR INFORMATION
rp5430 to rp5470 Upgrade rp5430 to rp5470 Upgrade Procedure HVERSION SVERSION Model Model/Op CVERSION -------- -------- -------0x05e0 0x0491 2.3 0x05e0 0x0491 2.3 : 133 Processor State ------------Active Idle

Processor --------0 2

Speed ------750 MHz 750 MHz
Central Bus Speed (in MHz)
Software ID (dec) :139404607 Software ID (hex) : 0x084f253f Software Capability : 0x01f0 Main Menu: Enter command or menu > Step 6. Reboot the operating system and address the cause for the downgrade. If necessary, contact Hewlett Packard for assistance. Follow the Detailed Upgrade Procedure when ready to upgrade to an rp5470.
3 rp5400 to rp5430 Upgrade
rp5400 to rp5430 Upgrade Procedure

Introduction

This section explains how to upgrade an rp5400 system to an rp5430 system. Because the process of upgrading to an rp5430 system is complex and time consuming, HP recommends reading and becoming familiar with the procedures contained in this section before attempting to install the upgrade. You should allow 2 to 4 hours for completion.
Failure to properly complete the steps in this procedure will result in erratic system behavior or system failure and may void the server warranty. For assistance with this procedure contact your local HP Authorized Service Provider. All hardware and software procedures must be performed in the order given in this section. Failure to do so will result in boot failure. Observe all ESD safety precautions before attempting this procedure. Failure to follow ESD safety precautions could result in damage to the server.
PCI I/O Slot Differences By Model

record record record record record record record record record record record record record record record record record record record record record record record record_DYN_MAJORvariant record record record record record record
rp5400 to rp5430 Upgrade rp5400 to rp5430 Upgrade Procedure c7200.4.0.0 sdisk0.4.0.0.1.0 sdisk0.4.0.0.3.0 sctl0.0.1.0.7.0 sctl0.0.1.1.7.0 sctl0.0.2.0.7.0 sctl0.0.2.1.7.0 sctl0.10.0.0.7.0 <------Note path change from 0.4.0.0.7.0 _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant record record record record record record record record record record record record record record record record record record record record record record record record record record record record record record
Step 10. Unmount the CD-ROM using the following commands: # cd # umount /ProcUpgrade Step 11. Remove the CD-ROM from the CD-ROM drive.

Shutdown System

To shutdown the system, proceed as follows: Step 1. Make sure all users are logged off the system and that no applications are running. Step 2. At the system prompt, enter:
rp5400 to rp5430 Upgrade rp5400 to rp5430 Upgrade Procedure # shutdown -h -y 0 Step 3. Turn off the system via the front panel power switch and unplug all power cords.

Hardware Removal

Prior to installing rp5430 hardware, existing hardware must be removed. It will be necessary to remove all PCI I/O cards to remove the I/O backplane. It will not be necessary to remove any of the embedded disks or removable media.

Record the location of all PCI cards as they are removed. Failure to replace them in the correct slot location(s) will require a system reconfiguration and could cause a system boot failure.
To prepare for installation of the rp5430 upgrade system board, remove the following hardware. Remove side service bay components: 1. Remove the side service bay cover. 2. Remove the four hot swap card cage fans. 3. Remove all installed PCI cards. 4. Remove PCI card separator/extractors. 5. Remove the two core I/O cards (GSP and LAN/SCSI). 6. Disconnect and remove the side fan assembly housing and the PCI backplane. 7. Remove PCI I/O backplane and retain the screws (7 short and 4 long screws). 8. Remove the disk media backplane. Remove top service bay components: 1. Remove the top cover and air baffle. 2. Remove the processor support modules (0 and 1). 3. Remove all memory DIMMs. 4. Remove all CPUs (up to four). 5. Remove the platform monitor. To remove the system board, proceed as follows: Step 1. Unplug and remove all cables and connectors. Step 2. Remove the platform monitor card guide.
rp5400 to rp5430 Upgrade rp5400 to rp5430 Upgrade Procedure Step 3. Remove the 23 T-15 screws that secure the system board to the chassis (including the four bus bar screws).

Bus Bar Screws

* rp5400 System Board (A5191-60001) shown
The system board is large and may be easily damaged. To prevent damage, use care when lifting and angling it out of the server chassis.
Step 4. Angle one side of the system board up and carefully lift it out of the chassis. Step 5. Follow instructions in the Upgrade Return Instruction Kit to return rp5400 hardware to Hewlett-Packard. Remove sheet metal parts Step 1. Remove the front card guide by loosening the six captive T15 screws. Step 2. Remove the shuttle plate by sliding it toward the rear, then lifting it out.

Install rp5430 Hardware

The rp5430 hardware upgrade (A6800A) consists of sheet metal parts, a system board, an I/O backplane, a disk media backplane, and labels. CPUs (A6146A), (A6798A), (A6805A/A6805B) or (A6152A) and memory carrier(s) (A6155A) are required to complete the rp5430 upgrade. rp5430 CPUs and memory carrier(s) are not part of the A6797B rp5430 upgrade and must be ordered separately.
Observe all ESD precautions while handling components and performing this upgrade. Failure to follow these precautions can result in damage to components.
rp5400 to rp5430 Upgrade rp5400 to rp5430 Upgrade Procedure To install the rp5430 sheetmetal parts, proceed as follows: rp5430 Sheet metal Parts

For HP-UX 11i: Use the uname -a command and look for B.11.11 - or Examine the output of the swlist command for the following HP-UX Enterprise Operating Environment Component entry: HPUX11i-OE-Ent B.11.11.%24 An example of the # uname -a command screen output follows. # uname -aHP-UX fesrhap B.11.11 U 9000/unlimited-user license An example of the swlist commands screen output for HP-UX 11i follows:
# swlist# Initializing.# Contacting target fesmarc.## Target: fesmarc:/### Bundle(s):# B7609BA A.03.20.01 Event Monitoring Service BUNDLE11i B.11.11.0102.2 Required Patch Bundle for HP-UX 11i, February CDE-English B.11.11 English CDE Environment FDDI-00 B.11.11.02 PCI FDDI;Supptd HW=A3739A/A3739B;SW=J36 26AA FibrChanl-00 B.11.11.06 PCI/HSC FibreChannel;Supptd HW=A6684A,A6685A,A5158A GigEther-00 B.11.11.14 P CI/HSC GigEther;Supptd HW=A4926A/A4929A/A4924A/A4925A;SW=J1642AA HPUX11i-OE B.11.11.0106 HP-UX 11i Operat ing Environment Component HPUXBase64 B.11.11 HP-UX 64-bit Base OS HPUXBaseAux B.11.11.0106 HP-UX Base OS Auxiliary HWEnable11i B.11.11.0109.6 Hardware Enablement Patches for HP-UX 11i, September 2001 OnlineDiag B.11.11.04.09 HPUX 11.11 Support Tools Bundle, Sep 2001 RAID-00 B.11.11.01 PCI RAID; Supptd HW=A5856A ##
Product(s) not contained in a Bundle:# DMI B.11.11.32 Desktop Management Interface for HP-UX OBAM B.11.0 0.05.3.04 Object Action Manager user interface framework for HP-UX tools SCR B.11.11.32 System Configurat ion Repository SW-DIST B.11.11.0109 HP-UX Software Distributor
rp5470 Revision B systems require at least one 550 MHz CPU (A6146A), 650MHz CPU (A6798A), 750 MHz CPU (A6805A/A6805B) or 875 MHz CPU (A6152A) appropriate PSM, and one new memory carrier (A6155A). CPUs, PSMs, and memory carriers are not included in the rp5470 Revision B upgrade and must be ordered separately.

Table 4-2

Part Number A6797-60001 A6144-60002 A6144-00001 A6144-00002 A6144-00003 A6144-00004 A6144-00005 A3639-00149 A3639-04024 A5191-10011 A5191-96016 A5191-96017 A6147-84007 A6144-84010 5182-4197 5021-1126 0515-0435 Description rp5470 Revision B System Board rp5470 I/O Backplane rp5470 Top Clamp Plate rp5470 Platform Monitor Card Guide rp5470 Shuttle Plate rp5470 Front Card Guide rp5470 Rear Card Guide rp5470 Memory Carrier Guide PCI Card Separator/Extractor (qty = 2) rp54xx HW Install & Operators Guide rp54xx Basic Cables Connections rp54xx Safety and Regulatory Information rp5470 Revision B Upgrade Label rp5470 Revision B System Identification Label Upgrade Return Instruction Kit Readme Memory Carrier Support Screws (qty = 2)
Part Number 0515-0436 A5191-60104 A6797-84004 A6797-84002
Description PCI I/O Backplane Screws (qty = 2) Disk Media Backplane Regulatory/PCI Upgrade Label Slots Available Labels
The ioconfig and X25 scripts are available from two locations: The rp54xx HW Install & Operators Guide CD-ROM via FTP at: http://hprfes.rose.hp.com/fes/scripts/L3000_remap/l3000_upgrade_script.htm

rp5400/rp5450 to rp5470 Revision B Upgrade rp5400/rp5450 to rp5470 Revision B Upgrade Procedure asio00.0.4.0 asio00.0.5.0 c7200.4.0.0 sdisk0.4.0.0.1.0 sdisk0.4.0.0.3.0 sctl0.0.1.0.7.0 sctl0.0.1.1.7.0 sctl0.0.2.0.7.0 sctl0.0.2.1.7.0 sctl0.4.0.0.7.0 _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant Remap btlan30.0.0.0 c7200.0.1.0 c7200.0.1.1 sdisk0.0.1.1.0.0 sdisk0.0.1.1.2.0 c7200.0.2.0 sdisk0.0.2.0.0.0 sdisk0.0.2.0.2.0 c7200.0.2.1 stape0.0.2.1.0.0 asio00.0.4.0 asio00.0.5.0 c7200.4.0.0
rp5400/rp5450 to rp5470 Revision B Upgrade rp5400/rp5450 to rp5470 Revision B Upgrade Procedure sdisk0.4.0.0.1.0 sdisk0.4.0.0.3.0 sctl0.0.1.0.7.0 sctl0.0.1.1.7.0 sctl0.0.2.0.7.0 sctl0.0.2.1.7.0 sctl0.10.0.0.7.0 <------Note path change from 0.4.0.0.7.0 _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant _DYN_MAJORvariant record record record record record record record record record record record record record record record record record record record record record record record record record record record record record record
To shutdown the system, proceed as follows: Step 1. Make sure all users are logged off the system and that no applications are running. Step 2. At the system prompt, enter: # shutdown -h -y 0
rp5400/rp5450 to rp5470 Revision B Upgrade rp5400/rp5450 to rp5470 Revision B Upgrade Procedure Step 3. Turn off the system via the front panel power switch and unplug all power cords.
Prior to installing rp5470 Revision B hardware, existing hardware must be removed. It will be necessary to remove all PCI I/O cards to remove the I/O backplane. It will not be necessary to remove any of the embedded disks or removable media.
To prepare for installation of the rp5470 Revision B upgrade system board, remove the following hardware. Remove side service bay components: 1. Remove the side service bay cover. 2. Remove the four hot swap card cage fans. 3. Remove all installed PCI cards. 4. Remove PCI card separator/extractors. 5. Remove the two core I/O cards (GSP and LAN/SCSI). 6. Disconnect and remove the side fan assembly housing and the PCI backplane. 7. Remove PCI I/O backplane and retain the screws (7 short and 4 long screws). 8. Remove the disk media backplane. Remove Top Service Bay Components: 1. Remove the top cover and air baffle. 2. Remove the processor support modules (0 and 1). 3. Remove all memory DIMMs. 4. Remove all CPUs (up to four). 5. Remove the platform monitor. To remove the system board, proceed as follows: Step 1. Unplug and remove all cables and connectors. Step 2. Remove the platform monitor card guide.

Extractor/Separator Mounting Blocks Jackscrew Shorter Screws go here Longer Screws rp5470 I/O Backplane shown 0515-0436 go here
Step 4. Install the GSP and LAN/SCSI core I/O cards.
Install side service bay components
Install top service bay components
Once all the upgrade kit hardware has been properly installed, proceed to power up the server. Step 1. Reconnect all GSP and LAN/SCSI cables.
rp5400/rp5450 to rp5470 Revision B Upgrade rp5400/rp5450 to rp5470 Revision B Upgrade Procedure Step 2. Reconnect the power cord(s). Put the front panel power switch in the ON position. Interrupt the boot process (if autoboot is enabled) when the following prompt appears: Autoboot in progress. Hit any key in 10 seconds to interrupt the boot process Step 3. Verify that all hardware is present by typing the command in all at the main menu prompt. For example: Main Menu: Enter command or menu> in all Step 4. Use the path command to make changes to PRIMARY and/or ALTERNATE boot paths, if these device paths changed as a result of installing the rp5470 Revision B upgrade. For example: Main Menu: Enter command or menu> pa pri 0/10/0/3.0 Step 5. Use the path command to make changes to CONSOLE path if the revision B GSP is installed. For revision A, A6696A GSP in all models, the console path is 0/0/4/0. For revision B, A6696B GSP in all models, the console path is 0/0/4/1. For example: Main Menu: Enter command or menu> pa con 0/0/4/1 (A6696B)
Step 6. Use the ser ss_update command to set the MODEL, SERIAL NUMBER and ORIGINAL PRODUCT values.
After entering the SERIAL NUMBER and ORIGINAL PRODUCT NUMBER, the system must be reset via the GSP>rs command for the values to take effect. The following is an example of the console display when entering the serial number and original product number. Service Menu: Enter command > ss_update Lockword :Z1e71a223 Enter Password (Hex):. ---- SS_update Menu --------------------------------------------------CommandDescription-----------------SERialNumberChange or update serial number SYSMOdelUpgrade/downgrade system model DIsplayDisplay the ss_update menu MAinDisplay the main menu HElp [<command>]Display help for specified command ---SS_update Menu: Enter Command > sern Original System Serial Number is USS0000000. Enter the System Serial Number, <RETURN> for default: USS392600R This action cannot be undone. Confirm System Serial Number USS392600R [Y/N/Q(uit)]? yThe system has been i nitialized with Serial Number USS392600R

rp5400/rp5450 to rp5470 Revision B Upgrade rp5400/rp5450 to rp5470 Revision B Upgrade Procedure Original Product Number is: 000000 To change, enter the Original Product Number otherwise press Return: A5191A This action cannot be undone.Confirm Original Product Number A5191A [Y/N/Q( uit)]? yThe system has been initialized with Product Number. A5191A SS_update Menu: Enter Command > Step 7. Power down and add remaining CPUs, memory, and PCI I/O cards. Step 8. Boot from the PRIMARY path. For example: Main Menu: Enter command or menu> bo pri If the root disk is configured as a whole disk partition, boot the system from the root disk and type N to the query, Interact with IPL (Y, N, or Cancel)?> The remapping of ioconfig for the boot disk, is complete. Any additional hardware system configuration and checks may be completed. If the root disk is configured as an LVM volume, boot the system to LVM maintenance mode. To do this, type Y to the query, Interact with IPL (Y, N, or Cancel)?> Step 9. At the ISL prompt, invoke HP-UX in LVM maintenance mode. For example: ISL>hpux -lm /stand/vmunix Step 10. If the path of the root disk has changed. Enter the following commands: # insf # ioscan -fnC disk Step 11. Write down the special device file name for the root disk: ____________________ For example: /dev/dsk/c4t3d0 # vgexport /dev/vg00 # mkdi /dev/vg00 # mknod /dev/vg00/group c 64 0x000000 # vgimport /dev/vg00 <special device file name from above> For example: # vgimport /dev/vg00 /dev/dsk/c4t3d0 The following WARNING will appear: vgimport: Warning: Volume Group belongs to different CPU ID. Can not determine if Volume Group is in use on another system. Continuing. Warning: A backup of this volume group may not exist on this machine. Please remember to take a backup using the vgcfgbackup command after activating the volume group.
rp5400/rp5450 to rp5470 Revision B Upgrade rp5400/rp5450 to rp5470 Revision B Upgrade Procedure # vgchange -a r vg00 Activated volume group Volume group "vg00" has been successfully changed. # lvlnboot -R /dev/vg00 Volume Group configuration for /dev/vg00 has been saved in /etc/lvmconf/vg00.conf Reboot the system. For example: # shutdown -r -y 0
Returning Ioconfig Files To Their Original State.

If hardware failure or upgrade compatibility issues forces you to abort the upgrade, return the system to its previous state by performing the following steps: Step 1. Return the hardware to its original state. Step 2. Boot the system in single-user mode, as follows: Power on the system and interrupt the autoboot sequence (if necessary) to get the boot prompt. Boot from the root disk and answer Y to the prompts to interact with IPL (Y, N, or Cancel)?> At the ISL prompt, invoke HP-UX in the single user mode. ISL>hpux -is Step 3. Mount file systems and find the backup /stand/ioconfig file. Step 4. Mount the file systems from the root disk to ensure that certain commands are available: # mount -a Both /stand/ioconfig and /etc/ioconfig, files must be identical for the system to boot. When the proc_upgrade.L3000, script is run, a backup copy of the ioconfig file is made. The backup file is named /stand/ioconfig.PRV. Find the ioconfig backup copy by using the ls command. For example: #ls /stand/ioconfig* /stand/ioconfig /stand/ioconfig.PRV If you find more than one.PRV file in each directory, choose the earliest dated pair of files. Use the ls -lrt command to display file creation dates and times in reverse chronological order.
rp5400/rp5450 to rp5470 Revision B Upgrade rp5400/rp5450 to rp5470 Revision B Upgrade Procedure Step 5. Copy the ioconfig backup file to the original location. For example: #cp -p /stand/ioconfig.PRV /etc/ioconfig #mv /stand/ioconfig.PRV /stand/ioconfig Step 6. Remove the check file and reboot the system. For example: # rm /etc/ProcessorUpgrade #shutdown -r -y Once the system returns a login prompt, the ioconfig files will be back to their original state.
5 rp5470 Revision A to rp5470 Revision B

Upgrade

rp5470 Revision A to rp5470 Revision B Upgrade Procedure
This section explains how to upgrade an rp5470 Revision A system to an rp5470 Revision B system. Because the process of upgrading to an rp5470 Revision B system is complex and time consuming, HP recommends reading and becoming familiar with the procedures contained in this section before attempting to install the upgrade. You should allow 1 to 2 hours for completion.

3. Upgrade Kit Contents

Table 7-1
Part Number 5182-4197 5021-1126 A6144-60012 Description Upgrade Return Instruction Kit Read Me First Revision B GSP
Part Number A6144-63001 A5191-10009 A6696-84001 A3024-80004
Description M-Cable, used with A6144-60012 revision B GSP only rp54xx CD Operators Guide GSP Core Label ESD Kit

4. Shut Down System

To shut down the system, proceed as follows: Step 1. Make sure all users are logged off the system and that no applications are running. Step 2. At the system prompt, enter: # shutdown -h -y 0 Step 3. Turn off the system via the front panel power switch and unplug all power cords.

5. Remove Revision A GSP

Prior to installing the revision B GSP, the revision A GSP must be removed. Remove side service bay components: 1. Remove the side service bay cover. 2. Disconnect all cables from the revision A GSP, including the A5191-63001 W cable. 3. Disconnect and remove the side fan assembly housing and the PCI backplane. 4. Remove PCI I/O backplane and retain screws (7 short and 4 long screws).
6. Install Revision B GSP
Follow core I/O replacement instructions prior to Revision B GSP installation.

7. Apply labels

Apply the MAC address and core I/O labels. Place core I/O label over the existing label located at the rear of the server. Place MAC address label as indicated in the photograph below.

Core I/O Label

MAC address label

8. Power-Up Procedure

Once all of the upgrade kit hardware has been properly installed, power up the server. Step 1. Reconnect all PCI I/O cards, GSP and LAN/SCSI cables. Step 2. Reconnect the power cord(s). Go to Configure System Console. After configuring the console, proceed to step 3. Step 3. Put the front panel power switch in the ON position. Interrupt the boot process (if autoboot is enabled) when the following prompt appears: Autoboot in progress. Hit any key in 10 seconds to interrupt the boot proces s Step 4. Verify that all hardware is present by typing the command, in all at the main menu prompt. For example: Main Menu: Enter command or menu> in all Step 5. Use the path command to make changes to CONSOLE path if the revision B GSP is installed.
Revision A to Revision B GSP Hardware Upgrade Revision A to Revision B GSP Hardware Upgrade Procedure For revision A, A6696A GSP in all models, the console path is 0/0/4/0. For revision B, A6696B GSP in all models, the console path is 0/0/4/1. For example: Main Menu: Enter command or menu> pa con 0/0/4/1 (A6696B)

The middle SCSI cable (A5191-63006) will be used during the installation of the HP Server rx5670 components. 2. Remove the T-15 screws that attach the side fan assembly housing to the chassis (the screws go through the backplane) (graphic item 1) and set the housing aside. 3. Remove the PCI backplane retainer T-15 screws on the left side, bottom edges, and upper right corner of the backplane (graphic item 2). 4. Remove the I/O separator guide T-15 screws (upper right side) (graphic item 3). These screws are longer than the other retainer screws. 5. Detach all cables from the backplane. 6. Locate the jackscrew (lower left side) (graphic item 4). Using a T-15 Torx driver, rotate the jackscrew counter-clockwise to free the PCI backplane from the connector block.
The jackscrew must be turned counterclockwise until the PCI backplane moves away from the chassis. 7. Grasp the backplane by the edges and carefully remove it from the side service bay.
rp54xx to rx5670 Upgrade Removing rp54xx Components The following graphic shows the rp5400/rp5450 PCI backplane.
The rp5470 PCI backplane removal steps are identical to rp5400/rp5450 PCI backplane removal steps, with one exception. Some of the bottom edge retainer screws are now located within the I/O separator guide. See the following graphic, items 2 and items 3.
rp54xx to rx5670 Upgrade Removing rp54xx Components The following graphic shows the rp5470 PCI backplane. 3
Step 8. Top Cover Removal To remove the top cover, perform the following steps: 1. Loosen the captive T-15 screws that hold the top cover in place. 2. Grasp the strap handles, raise the cover slightly, and pull the cover toward the front of the server to free the cover tabs from the slots in the chassis. The air baffle will be exposed. Loosen the captive T-15 screws that hold the air baffle in place then lift the air baffle off of the server.
rp54xx to rx5670 Upgrade Removing rp54xx Components The following graphics show the top service bay cover and the air baffle. The first graphic shows the top service bay cover.
The second shows the air baffle.
Step 9. CPU Removal There can be up to four CPUs installed in the server. To remove the CPUs from the server, perform the following steps for each CPU: 1. Loosen the four captive T-15 mounting screws that hold the CPU in place.
The four CPU mounting screws should be loosened a little at a time, moving from screw to screw (start with the screw marked 1 then to 2, 3, and 4) until they are all loose. The mounting screws will not back out of the CPU and cooling tower assembly. 2. Grasp the top of the CPU and cooling tower assembly and carefully lift it out of the server.
rp54xx to rx5670 Upgrade Removing rp54xx Components The following graphic shows a CPU being removed.

Figure 8-27 Processor Alignment Tabs

Alignment Tabs

procsoctabs
rp54xx to rx5670 Upgrade Installing rx5670 Components Step 17. Install the new processor extender board
Figure 8-28 Processor Extender Board

ever026

To install the new processor extender board, perform the following steps:
Do not modify the settings of the DIP switches located on the processor extender board. These switches are for factory use. Failure to observe this caution will result in system failure.
1. Ensure the extraction levers are positioned in the outward, unlocked position. 2. Align the processor extender board with the front and rear card guides. 3. Slide the processor extender board down until it begins to seat in the socket located on the system baseboard.
rp54xx to rx5670 Upgrade Installing rx5670 Components 4. Push the extraction levers inward to the locked position in order to fully seat the processor extender board. Step 18. Install the original side cover
Figure 8-29 Side Cover Installation

ever016

To install the original side cover, perform the following steps: 1. Install a new PCI slot label to the rear of the chassis as shown in Figure 8-30 and a new PCI slot label to the side cover as shown in Figure 8-31.
Figure 8-30 Rear PCI Slot Label
Figure 8-31 Side PCI Slot Label
2. Grasp the strap handle and insert the tabbed end of the side cover into the server chassis slots at the rear of the side service bay. 3. Push the side cover into the side service bay opening and fasten the captive T-15 screws that hold the side cover in place.
Step 19. Install the original top cover
Figure 8-32 Top Cover Installation

ever046

To install the original top cover, perform the following steps: 1. Install the new memory/CPU installation label to the outside of the top cover. 2. Align the tabs at the rear of the top cover with the corresponding slots in the chassis and fully seat the tabs into the slots. 3. Seat the top cover in the top of the service bay and tighten the captive T-15 screws that hold the top cover in place.

doc1

UK IT SECURITY EVALUATION AND CERTIFICATION SCHEME
COMMON CRITERIA CERTIFICATION REPORT No. P176
Hewlett-Packard HP-UX (11i)
Version 11.11 September 2001 release with specified patches running on HP 9000 platforms

Issue 1.0 February 2003

Crown Copyright 2003 Reproduction is authorised provided the report is copied in its entirety
UK IT Security Evaluation and Certification Scheme Certification Body, PO Box 144 Cheltenham, Glos GL52 5UF United Kingdom

EAL4 CAPP

HP-UX (11i) Version 11.11 September 2001 release with specified patches running on HP 9000 platforms
ARRANGEMENT ON THE RECOGNITION OF COMMON CRITERIA CERTIFICATES IN THE FIELD OF INFORMATION TECHNOLOGY SECURITY
The Certification Body of the UK IT Security Evaluation and Certification Scheme is a member of the above Arrangement and, as such, this confirms that the Common Criteria certificate has been issued by or under the authority of a Party to this Arrangement and is the Partys claim that the certificate has been issued in accordance with the terms of this Arrangement. The judgements contained in the certificate and Certification Report are those of the Qualified Certification Body which issued it and of the Evaluation Facility which carried out the evaluation. There is no implication of acceptance by other Members of the Agreement Group of liability in respect of those judgements or for loss sustained as a result of reliance placed upon those judgements by a third party.
Trademarks: All product and company names are used for identification purposes only and may be trademarks of their owners.

Page ii

Issue 1.0

February 2003

CERTIFICATION STATEMENT
Hewlett Packards HP-UX Version 11.11 is Hewlett Packards implementation of UNIX. The product may execute on a single HP 9000 server or be connected to other HP 9000 servers executing identical versions of the product to form a local distributed system. HP-UX Version 11.11 September 2001 release with specified patches has been evaluated under the terms of the UK IT Security Evaluation and Certification Scheme and has met the Common Criteria Part 3 conformant requirements of Evaluation Assurance Level EAL4, for the specified Common Criteria Part 2 extended functionality, when running on HP 9000 platforms as specified in Annex A. It has also met the requirements of the Controlled Access Protection Profile.

Originator

Dr R J Canham Certifier J C Longley Technical Manager of the Certification Body 28 February 2003
Approval and Authorisation

Date authorised

Page iii
(This page is intentionally blank)

Page iv

TABLE OF CONTENTS
CERTIFICATION STATEMENT... iii TABLE OF CONTENTS.... v ABBREVIATIONS.... vii REFERENCES..... ix I. EXECUTIVE SUMMARY.... 1 Introduction.... 1 Evaluated Product.... 1 TOE Scope..... 1 Protection Profile Conformance.... 2 Assurance.... 2 Strength of Function Claims... 2 Security Policy.... 3 Security Claims..... 3 Evaluation Conduct.... 4 General Points.... 4 II. EVALUATION FINDINGS... 7 Introduction.... 7 Delivery.... 7 Installation and Guidance Documentation.... 7 Strength of Function.... 8 Vulnerability Analysis.... 8 Platform Issues.... 8 III. EVALUATION OUTCOME.... 9 Certification Result.... 9 Recommendations.... 9 ANNEX A: EVALUATED CONFIGURATION... 11 ANNEX B: PRODUCT SECURITY ARCHITECTURE.. 15 ANNEX C: PRODUCT TESTING.... 19

Page v

Page vi

ABBREVIATIONS

ACL CAPP CC CCIMB CEM CESG CLEF DAC EAL ETR FSO HFS HP ITSEC JFS NFS NIS OSP PAM PA-RISC SAM SFR SOF TCB TCSEC TOE TSF TSFI UKSP Access Control List Controlled Access Protection Profile Common Criteria Common Criteria Interpretation Management Board Common Evaluation Methodology Communications-Electronics Security Group Commercial Evaluation Facility Discretionary Access Control Evaluation Assurance Level Evaluation Technical Report File System Object High-speed File System Hewlett Packard Information Technology Security Evaluation Criteria Journalled File System Network File System Network Information Service Organisational Security Policy Pluggable Authentication Module Precision Architecture - Reduced Instruction Set Computer System Administration Manager Security Functional Requirement Strength of Function Trusted Computing Base Trusted Computer System Evaluation Criteria Target of Evaluation TOE Security Functions TOE Security Functions Interface United Kingdom Scheme Publication

Page vii

Page viii

REFERENCES

a. HP-UX Version 11.11 Security Target, Hewlett Packard Limited, HPUX11CC-TR-01, Issue 4.0, September 2002. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model, Common Criteria Interpretation Management Board, CCIMB-99-031, Version 2.1, August 1999. Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Requirements, Common Criteria Interpretation Management Board, CCIMB-99-032, Version 2.1, August 1999. Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Requirements, Common Criteria Interpretation Management Board, CCIMB-99-033, Version 2.1, August 1999. Controlled Access Protection Profile, US National Security Agency, Version 1.d, 8 October 1999. Description of the Scheme, UK IT Security Evaluation and Certification Scheme, UKSP 01, Issue 4.0, February 2000. The Appointment of Commercial Evaluation Facilities, UK IT Security Evaluation and Certification Scheme, UKSP 02, Issue 3.0, 3 February 1997. Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology, Common Evaluation Methodology Editorial Board, CEM-99/045, Version 1.0, August 1999. Evaluation Technical Report, HP-UX Version 11.11, CMG CLEF, 111761/T53/1, Issue 1.0, September 2002. Certification Report 97/76, HP-UX Version 10.10 UK IT Evaluation and Certification Scheme, Issue 1.0, January 1997.

Page ix

Certification Report No. P111, HP-UX Version 10.20, UK IT Evaluation and Certification Scheme, Issue 1.0, February 1999. Evaluation Technical Report, HP-UX Version 10.10, Admiral Management Services Ltd, 5295C/T8.15/1, Issue 1.0, December 1996. Evaluation Technical Report, Annex I, HP-UX Version 10.20, Admiral Management Services Ltd, 7115A/T15/1, Issue 1.0, December 1998. UKSP 14 Addendum: EAL4 Delta Evaluation, UK IT Security Evaluation and Certification Scheme, Issue 2.C, 21 March 2000. Trusted Delivery, Hewlett Packard, Version 2.0, 8 August 1996. HP-UX 11i Installation and Update Guide, Hewlett Packard, 5185-6511, Edition 3, September 2001. Common Criteria HP-UX 11i Evaluated Configuration Guide, Hewlett Packard, 5990-3527, Edition 8, November 2002. Managing Systems and Workgroups: A Guide for HP-UX System Administrators, Hewlett Packard, B2355-90742, Edition 5, June 2001. Using HP-UX, Hewlett Packard, B2355-90164, Edition 1, December 2000. Multi-Platform Rationale, Hewlett Packard, HPUX11CC-TN-01, Issue 1.0, 12 February 2002 Trusted Computer Systems Evaluation Criteria, Department of Defense, United States of America, DOD 5200.28-STD, December 1985. Strength of Function Analysis, Hewlett Packard, HPUX11CC-TP-01, 15 May 2002.

Page x

EXECUTIVE SUMMARY
Introduction 1. This Certification Report states the outcome of the Common Criteria (CC) security evaluation of HP-UX Version 11.11 to the Sponsor, Hewlett Packard Limited, and is intended to assist prospective consumers when judging the suitability of the IT security of the product for their particular requirements. 2. Prospective consumers are advised to read this report in conjunction with the Security Target [Reference a], which specifies the functional, environmental and assurance evaluation requirements. Evaluated Product 3. The version of the product evaluated was : HP-UX Version 11.11 September 2001 release with the patches identified in Annex A The product is also described in this report as the Target of Evaluation (TOE). The Developer was Hewlett Packard Limited. 4. HP-UX Version 11.11 is Hewlett-Parkards implementation of UNIX. When running in an evaluated configuration (as described in paragraph 2.2 of the Security Target [a]), it meets the requirements of the CC Controlled Access Protection Profile (CAPP) [e], which is equivalent to class C2 of the Trusted Computer System Evaluation Criteria (TCSEC) [u]. 5. 6. Annex A provides details of the evaluated configuration of the TOE. Annex B provides an overview of the TOEs security architecture.

TOE Scope 7. Section 2.2 of the Security Target [a] provided details of an evaluated configuration of HP-UX Version 11.11. In summary: a. the TOE executes on any single 64-bit computer system from the family of HP 9000 servers (for a fuller discussion of the consideration given to hardware platforms see Platform Issues below); the TOE supports user interaction via any of the supported Shells (including the POSIX, Bourne, C and Korn Shells); The TOE supports the HFS and JFS file systems; the TOE includes Pluggable Authentication Modules (PAM) with default configuration for authentication consisting of user identity and password;

b. c. d.

Page 1
HP-UX (11i) Version 11.11 September 2001 release with specified patches running on HP 9000 platforms the TOE executes with HP-VUE and X-Windows disabled and excludes the use of a restricted configuration of the System Administration Manager (SAM); the TOE includes socket based network functions and the following network applications (other network applications, such as NFS and NIS are excluded): ftp(1) rexec(1) rlogin(1) telnet(1)
The following are excluded from the evaluation: a. b. c. d. The Online JFS file system; HP-VUE; X-Windows; and network applications other than those listed at paragraph 7.f above.
9. The version of the TOE that was subject to evaluation was HP-UX 11.11 September 2001 release with patches identified in Annex A. The evaluated configuration of the TOE is described in Annex A. Protection Profile Conformance 10. The Security Target [a] claimed conformance to CAPP [e].
11. The TOE assurance requirement of Evaluation Assurance Level 4 (EAL4) exceeded, and was more than necessary to conform to, the EAL3 requirements of CAPP [e]. Assurance 12. The Security Target [ ] specified the assurance requirements for the evaluation. The a predefined Evaluation Assurance Level EAL4 was used. CC Part 3 [d] describes an increasing scale of assurance given by predefined assurance levels EAL1 to EAL7. An overview of CC is given in CC Part 1 [b]. Strength of Function Claims 13. The Security Target [a] states that the claimed minimum Strength of Function (SOF) for the password-checking mechanism is SOF-medium. Section 8.2.5 of the Security Target states that this claim is consistent with the CAPP [e] Security Functional Requirement (SFR) FIA_SOS.1 as justified in CAPP Section 7.5. 14. The CAPP [e] security functional requirement FIA_SOS.1 states that the passwordchecking mechanism should meet the following:

Page 2

HP-UX (11i) Version 11.11 September 2001 release with specified patches running on HP 9000 platforms a. b.
For each attempt to use the authentication mechanism, the probability that a random attempt will succeed is less than one in 1,000,000; For multiple attempts to use the authentication mechanism during a one minute period, the probability that a random attempt during that minute will succeed is less than one in 100,000; and Any feedback given during an attempt to use the authentication mechanism will not reduce the probability below the above metrics.

Page 4

associated patches exist for the product and whether such patches have been eva luated and certified. 30. The issue of a Certification Report is not an endorsement of a product.

Page 5

Page 6

II. EVALUATION FINDINGS

Introduction 31. The evaluation addressed the requirements specified in the Security Target [a]. The results of this work were reported in the ETR [i] under the CC Part 3 [d] headings. 32. The following sections note considerations of particular relevance to either consumers or those involved with the subsequent assurance maintenance and re-evaluation of the TOE. Delivery 33. Secure delivery of the TOE is described in the Delivery Procedures [o] (available from HP), which describe the process of releasing the TOE to consumers. 34. After the consumer places an order for the product, the consumer is sent a letter confirming the order. This letter contains a unique security handle. The consumer contacts HP with this handle, which is checked prior to shipping the CD to the consumer. With the CD is a letter on HP-headed notepaper which contains full details of the CD and of the security handle. The CD is sent securely shrink-wrapped by trusted couriers. 35. Patches may be sent out to consumers using the trusted delivery procedures described above or they may be downloaded from the HP support website. The website requires a user ID and password. Note, however, that there is no inherent security in the download of patches from the HP support website and consumers are recommended to request delivery of the patches from HP using the trusted procedure described for delivery of the operating system. 36. On receiving the TOE, the consumer is recommended to check that it is the evaluated version and to check that the security of the TOE has not been compromised during delivery. Installation and Guidance Documentation 37. Secure installation, generation and startup of the TOE are described in the Installation and Update Guide [p], the Common Criteria Evaluated Configuration Guide [q], and the Administrator Guide [r]. 38. The Evaluated Configuration Guide [q] should be read first, as it details the steps that must be followed to install the TOE in its evaluated configuration. The Evaluated Configuration Guide references out to the Installation and Update Guide [p] and the Administrator Guide [r], as appropriate. 39. When the installation of the TOE is complete, the Man Pages can then be accessed.
40. Administrator guidance for the TOE is provided in the Installation and Update Guide [p], the Common Criteria Evaluated Configuration Guide [q], the Administrator Guide [r] and the Man Pages. User guidance is provided in [s].

Page 7

Strength of Function 41. The SOF claim for the TOE is identified above under the heading Strength of Function Claims. 42. Based on their examination of all the evaluation deliverables, the Evaluators confirmed that there were no other probabilistic or permutational mechanisms in the TOE. 43. The Evaluators examined the assertions, assumptions and analysis presented in the Developers Strength of Function Analysis [v] and confirmed that the SOF claim of SOFmedium for the TOE is upheld. Vulnerability Analysis 44. The Evaluators vulnerability analysis was based on public domain sources and the visibility of the TOE given by the evaluation process. Platform Issues 45. The TOE was tested on the hardware platforms specified in Annex A.
46. In addition, the Evaluators confirmed their agreement with the Developers Multi-platform rationale [t] that the results of the evaluation would be applicable to other hardware platforms. As a result of their examination of this rationale, the Evaluators considered the evaluation outcome should apply to all of the additional platforms identified in paragraph 11 of Annex A. 47. All of the platforms identified in the Developers Multi-platform rationale [t] are based on HPs Precision Architecture - Reduced Instruction Set Computer (PA-RISC) architecture version 2.0. The hardware in the HP 9000 platforms varies according to the processor version, processor speed, number of processors, amount of memory, I/O expandability, I/O buses and types of I/O adapters as allowed by the PA-RISC architecture. The Developers Multi-platform rationale discusses each of these hardware variations in the context of the assurance requirements and provides justification that none of the variations affect the evaluation results.

Page 8

III. EVALUATION OUTCOME
Certification Result 48. After due consideration of the ETR [i] produced by the Evaluators, and the conduct of the evaluation as witnessed by the Certifier, the Certification Body has determined that the TOE meets the CC Part 3 [d] conformant requirements of Evaluation Assurance Level EAL4, for the specified CC Part 2 [c] extended functionality, when running on HP 9000 platforms as specified in Annex A. It has also met the requirements of the Controlled Access Protection Profile [e]. 49. The Certification Body has also determined that the TOE meets the minimum SOF claim of SOF-medium for the password-checking mechanism given above under the heading Strength of Function Claims. Recommendations 50. Prospective consumers of the TOE should understand the specific scope of the certification by reading this report in conjunction with the Security Target [a]. 51. The TOE should be used in accordance with a number of environmental considerations, as specified in the Security Target [a]. 52. The TOE should be delivered, installed, configured and used in accordance with the supporting guidance documentation [o - s] included in the evaluated configuration. 53. Only the evaluated TOE configuration should be installed. That for which EAL4 assurance has been demonstrated is specified in Annex A, with further relevant information given above under the headings TOE Scope and Evaluation Findings above. 54. Prospective consumers, and authorised administrators should be aware of certain issues arising from the use, on the TOE, of POSIX-compliant utilities that do not handle all security attributes. This arises from the fact that the TOE is a POSIX-compliant UNIX operating system with added security features. As noted in [q, section 7.7], whilst a large number of POSIXcompliant programs will work adequately, legacy programs that are unaware of the security features in the TOE and, so, may harm the configuration of the system. See, also, [r] for more details.

Page 9

Page 10

EAL4 CAPP Annex A

ANNEX A: EVALUATED CONFIGURATION
TOE Identification 1. The TOE is uniquely identified as: HP-UX Version 11.11 September 2001 release with the patches identified in Table A1. TOE Documentation 2. The guidance documents evaluated were: Trusted Delivery [o] HP-UX 11i Installation and Update Guide [p] Common Criteria HP-UX 11i Evaluated Configuration Guide [q] Managing Systems and Workgroups: A Guide for HP-UX System Administrators [r]. Using HP-UX [s]
3. Further discussion of the guidance documents is provided above under the heading Installation and Guidance Documentation. TOE Configuration 4. The TOE should be configured in accordance with the guidance documents [p - r] identified in paragraph 2 above. Environmental Configuration 5. Details of the TOEs environmental configuration are provided in Section 2.2 of the Security Target [a] and summarised above under the heading TOE Scope. 6. Further details of the hardware requirements are provided in Annex B under the heading Hardware and Firmware Dependencies. 7. The Evaluators performed their independent testing of the TOE on the following hardware platforms : a. Hewlett-Packard HP 9000 server rp5400 (L1000): b. PA8500 1.5MB cache 360 MHz CPU 256 MB RAM 18.2 GByte hard disk
Hewlett-Packard HP 9000 server rp5400 (L1000): 2 x PA8500 1.5MB cache 360 MHz CPU 256 MB RAM 18.2 GByte hard disk

Page 11

8. During the Evaluators independent testing, the above machines were networked to allow testing of the network commands (ftp, rexec, rlogin and telnet) included within the TOE. 9. The Developers conducted their testing on the hardware platforms identified in paragraph 7 above and on the following platforms: a. Hewlett Packard HP 9000 server c3600: b. PA8600 CPU, 552Mhz 512MB RAM 36 GB hard disk
Hewlett Packard HP 9000 server rp8400 (Keystone): 2 * PA8700 CPU, 750Mhz 512MB RAM 36GB hard disk
10. The version of the software that was used during the Developers testing and during the Evaluators independent testing and penetration testing was HP-UX 11.11 September 2001 release with the patches applied as identified in Table A-1. 11. In addition, as discussed above under Platform Issues, the evaluation results were determined, through analysis, to hold for other HP 9000 servers. The complete list of HP 9000 servers for which the evaluation results hold is as follows:: rp2400 (A400), rp2450 (A500) rp5400 (L1000), rp5430 (L1500), rp5450 (L2000), rp5470 (L3000) rp7400 (N4000), rp7410 rp8400 Superdome b2600, c3600, c3650, c3700 j5600, j6000, j6700

Patch Number PHCO_22958 PHCO_23083 PHCO_23263 PHCO_23333 PHCO_23492 PHCO_23510 PHCO_23774 PHCO_23909 PHCO_23914 PHCO_24173 PHCO_24777 PHCO_24839 PHCO_25111 Version 1.0 1.0 B.11.11.15 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 Description set_parms newgrp(1) patch HP AutoRAID Manager cumulative patch LVM Virtual Array support Kernsymtab Patch gsp parser & dimm labels Partition Commands cumulative patch cu(1) patch Enhancement support to Ultrium tape ups_mond(1M) cumulative patch mountall cumulative patch. libpam_unix cumulative patch lpspool subsystem cumulative patch

Page 12

Patch Number PHCO_25311 PHCO_25831 PHCO_25870 PHCO_25887 PHCO_26061 PHCO_26951 PHCO_27018 PHCO_27049 PHCO_27694 PHCO_27704 PHCO_27752 PHKL_22857 PHKL_23203 PHKL_23246 PHKL_23290 PHKL_23292 PHKL_23293 PHKL_23294 PHKL_23295 PHKL_23296 PHKL_23297 PHKL_23298 PHKL_23299 PHKL_23300 PHKL_23301 PHKL_23302 PHKL_23303 PHKL_23304 PHKL_23305 PHKL_23306 PHKL_23307 PHKL_23308 PHKL_23309 PHKL_23310 PHKL_23311 PHKL_23312 PHKL_23314 PHKL_23315 PHKL_23316 PHKL_23335 PHKL_23423 PHKL_23505 PHKL_23625 PHKL_23626 PHKL_23666 PHKL_23810 PHKL_23957 PHKL_24278 PHKL_24626 PHKL_24824 PHKL_25166 PHKL_25218 PHKL_25610 Version B.11.11.15 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 Description HP Array Manager/60 cumulative patch SCSI Ultra160 driver Online Addition script cumulative SAM patch Software Distributor Cumulative Patch Kernel configuration commands patch. itemap support for FireGL graphics cards ugm cumulative patch audit(5) man page patch login(1) cumulative patch audisp(1M) cumulative patch audevent(1M) cumulative patch SCSI Tape (stape) cumulative Invalid 32-bit I/O blocks moved to iospace. MO dev 4K sector size errors & FIFO panic system_space.h header file patch scsi_surface.h header file patch assert.h header file patch buf.h header file patch debug.h header file patch dnlc.h header file patch io.h header file patch ki_iface.h header file patch pfdat.h header file patch proc_debug.h header file patch proc_iface.h header file patch rw_lock.h header file patch sem_alpha.h header file patch sem_beta.h header file patch sem_sync.h header file patch sem_utl.h header file patch spinlock.h header file patch vas.h header file patch vfd.h header file patch vnode.h header file patch inode.h header file patch pci.h header file patch spinlock.h header file patch cpu.h header file patch map.h header file patch solve inode deadlock with mmap and pagefault improper core dump msg Support for more than 10 SD IOX-cabinets Fix initial clock sync for SD derivatives Fibre Channel Mass Storage Patch SCSI IO Subsystem Cumulative Patch Enable SCSI floppy for 64 bit computers Boot panic (w/Fiber Ch. & Gig. Ethernet) fix Softpower enablement for bladed servers Cumulative USB Driver patch par fans, cabtype, sinc, hwpath, cell info early boot,Psets,vPar,Xserver,T600 HPMC PDC Call retry,PDC_SCSI_PARMS,iCOD hang fix New audio h/w support + cumulative fixes

Page 13

Patch Number PHKL_25770 PHKL_25896 PHKL_26233 PHKL_26425 PHKL_26833 PHKL_27025 PHKL_27151 PHKL_27152 PHKL_27153 PHKL_27154 PHKL_27155 PHKL_27156 PHKL_27219 PHKL_27225 PHKL_27737 PHKL_27753 PHKL_27949 PHNE_22722 PHNE_23275 PHNE_23289 PHNE_23594 PHNE_24130 PHNE_24492 PHNE_25084 PHNE_25184 PHNE_25644 PHNE_26388 PHNE_27765 PHNE_27777 PHSS_22898 PHSS_25983 PHSS_26138 PHSS_26492 PHSS_26493 PHSS_26577 PHSS_26799 PHSS_26947 PHSS_27182 PHSS_27812 Version 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0
Description stape kernel tunable cumulative patch SCSI IO Cumulative Patch VM -JFS ddlock, mmap,thread perf, user limits Cumulative DLKM module load/unload patch FXE perf, server patch, cumulative graphics SCSI Ultra160 Driver with OLAR support Syslog,HighTempAlerts,vPar,IntrMigr,PCI-X I/O Cumulative, PA 8700 2.2, vPar, PCI-X PCI cumulative patch, HPMC at boot, PCI-X PA-8800 PA-8800 TLB optimization PA-8800 p2p_bcopy optimization adjtime(2) support for cpu speeds over 1 GHz IDE/ATAPI cumulative patch Enable Posix IPC syscalls to be audited audit subsystem cumulative patch shm_lock scaling; shm_open-shm_unlink audit NTP timeservices upgrade plus utilities Bind 8.1.2 Patch mux4.h header file patch Cumulative Mux and Pty Patch inetd(1M) cumulative patch LAN product cumulative patch Cmulative STREAMS Patch sendmail(1m) 8.9.3 patch cumulative ARPA Transport patch ONC/NFS General Release/Performance Patch ftpd(1M) patch r-commands cumulative mega-patch HP aC++ -AA runtime libraries (aCC A.03.30) B1000/B2000/C3X00/J5X00/J6000/J7000 5.0 FW OV EMANATE14.2 Agent Consolidated Patch CDE Base Periodic Patch CDE Applications Periodic Patch Xserver cumulative patch Tachyon TL Fibre Channel Driver Patch EMS & HA Monitors (A.03.20.01) patch OV EMANATE14.2 snmpdm - subagent handling Support Tool Manager Sep 2002 Patch
Table A-1: patches applied to evaluated configuration

Page 14

EAL4 CAPP Annex B
ANNEX B: PRODUCT SECURITY ARCHITECTURE
1. This annex gives an overview of the products main architectural features that are relevant to the security of the TOE. Other details of the scope of evaluation are given in the main body of this report and in Annex A. Architectural Features 2. The product may execute on a single HP 9000 Server or be connected to other HP 9000 Servers executing identical versions of the product to form a local distributed system. 3. The product incorporates network functions but contains no network specific security requirements. Networking is covered only to the extent to which the product can be considered to be part of a centrally managed system that meets a common set of security requirements. 4. The main security features of the product are: user identification and authentication discretionary access control (DAC), including access control lists auditing

Identification and Authentication 5. All users of the product are authenticated and held accountable for their security related actions. Each user is uniquely identified by the product. The product records security related events and the user associated with the event. 6. 7. The product supports an ordinary user role and a superuser (administrative) role. A superuser has root privilege and is not constrained by the products security policies.
8. An ordinary user does not have root privilege and is constrained by the products security policies. 9. The product allows a superuser to associate individual users with a privileged group, thus permitting a process acting on the users behalf to change the ownership of files. 10. The authentication features are supported by constraints on user-generation of passwords and an encryption mechanism. Discretionary Access Control 11. All subjects are associated with an authenticated user identity, and all named objects are associated with identity-based protection attributes. These are used as the basis of DAC decisions, which control the access of subjects to objects. 12. The product implements a DAC policy, which provides both the traditional UNIX owner, group, other access mode permissions and a more granular Access Control List (ACL) mechanism, controlled by the objects owner.

Page 15

EAL4 CAPP Annex B 13.
The product implements 2 independent ACL mechanisms: HFS ACLs for the HFS File System; and JFS ACLs for the JFS File System.
14. DAC is supported by object reuse mechanisms to ensure that information is not inadvertently transferred between subjects when objects are re-allocated. Auditing 15. The product is capable of collecting audit records for all security relevant events that occur. A superuser may select the users and events for which audit data is collected from time to time. 16. Audit records may be viewed by a superuser selectively for any period on the basis of criteria such as user name, event type and outcome. 17. Facilities are provided to enable the superuser to manage audit log files and to ensure that audit data is retained during abnormal conditions. Note that audit records are buffered in memory before they are written to disk. In these cases it is likely that some of these records will be lost if the operation of the TOE is interrupted by hardware or power failures (see [a] paragraph 6.2.3.27). Design Subsystems 18. The Trusted Computer Base is divided into Kernel and non-kernel software.

Kernel TCB 19. The entire kernel TCB executes in (hardware/privileged) kernel mode. This allows the kernel to execute privileged hardware instructions and perform low-level I/O. The kernel interface is via instruction trap. User/unprivileged processes call the trap instruction as an interface. There is no separate process that represents the kernel; rather, through the trap instruction, kernel functions are available to every process on the system. 20. The kernel TCB is a collection of distinct logical subsystems, and is summarized as follows: a. Memory Management - Provides for access, allocation, deallocation, and control of all memory, for all processes, both kernel and non-kernel, within the system. Interfaces with the hardware for address translation, enabling memory sizes far in excess of actual hardware, for all processes. Further, this subsystem tracks all address space allocations to all processes, allows for the sharing of memory between processes, and prevents the sharing of memory between processes, thereby maintaining address space integrity. Process Management - Initiates processes, allocates and deallocates system resources, tracks and manages all processes within the system from point of initiation

Page 16

to final termination. This subsystem accomplishes the aforementioned for both kernel, and nonkernel processes. c. File System and Device I/O - Provides for the creation, access, and manipulation of file system objects by non-TCB processes, and maintains device independence for end user applications. This component provides the interface for low- level device I/O drivers and non-TCB processes. Inter Process Communications (IPC) Mechanisms - Facilitates synchronization of processes or events, and the sharing of information, between processes for both kernel and non-kernel processes. Kernel Audit Support - Creates and writes Audit records for each of the user selected events and system calls to provide a complete audit trail of user space processes and services of the kernel TCB. Access Media tion - This subsystem enforces security policy for Discretionary Access Control to file system objects (FSOs). Functionally, it determines the access rights of the requestor to FSOs, and compares the associated access rights to the security policy of the system, and/or as defined in ACLs, and enforces that policy, for each request.

21. All of the above subsystems provide the interface to the TCB hardware for all processes and objects for the definition and enforcement of the security policy, thereby ensuring system security. Non-kernel TCB 22. The non-kernel TCB contains executable and nonexecutable components. All executable components in the non-kernel TCB are trusted programs that run in user mode, which prevents them from executing privileged hardware instructions. Note that all non-kernel TCB components have discretionary access set to prevent unauthorized modification. 23. Non-kernel TCB trusted programs consist of specific function-related code combined with common routines found in the system libraries. Alt hough many of these libraries are dynamically linked at execution time, the locations of these libraries are specified by HP at compile time. These libraries are stored in files and memory that cannot be modified by untrusted users. 24. The non-kernel TCB consists of a number of functions that support the operation of the system. The interface, just as any untrusted process, to the TCB, for protected services, is via an instruction trap. The functions are included as a part of the TCB because their operation supports the kernel TCB, and are necessary for administration of the system. The components of the non-kernel TCB are summarized as follows: a. Audit programs - a collection of programs and functions that enables the auditing of processes and events, to a g ranularity of an individual user, of security relevant actions requested, or taken by the process.

Page 17

EAL4 CAPP Annex B b.
HP-UX (11i) Version 11.11 September 2001 release with specified patches running on HP 9000 platforms System Call Libraries - a set of files containing the executable system calls and service routines invoked by the kernel TCB for accomplishing a trusted func tion on behalf of an untrusted process. TCB Databases - set(s) of files operated upon, and/or used by the kernel, and nonkernel TCB for the enforcement of the security policy, and administration of the TCB. Binary Libraries - contain the executable files for commands and user initiated actions Trusted Processes - Support processes that provide an interface to call on components of the kernel TCB, or allow for modification of user or untrusted process access rights. Trusted Commands - Commands that may be initiated by untrusted users, or processes, that are trusted to restrict initiation of the command to those entities that are authorized to do so. Batch Processing Programs - Facilities that schedule the initiation and execution of programs at a future date.
25. One of the major subsystems of the Non-Kernel TCB is the System Administration Manager. This facilitates the definition, maintenance, control, and implementation of the desired security policies to ensure system integrity of the trusted system. Through this subsystem, all access to system resources by all potential users, privileges associated therewith, as well as audit trails, are defined and maintained in SAMs respective databases for use and interface by the foregoing components. 26. The non-kernel TCB also contains security databases, file system objects, and trusted libraries whose access is limited to specific users or groups. Hardware and Firmware Dependencies 27. The TOE relies on the correct operation of processor mode and memory separation mechanis ms to ensure system security.

Page 18

EAL4 CAPP Annex C

ANNEX C: PRODUCT TESTING

IT Product Testing 1. The Evaluators performed independent functional testing on the TOE to confirm that it operates as specified. They also witnessed initiation of 2 of the 3 suites of Developer tests and of the Developers suite of evaluation-specific tests and confirmed the results of a sample of 20% each of the Developer tests and of the Developers suite of evaluation-specific tests to confirm the adequacy of the Developers testing of all of the TSF, subsystems and TSFI. 2. The Evaluators then performed penetration testing which confirmed the SOF claimed in the Security Target [a] for the password checking mechanism The penetration testing also confirmed that all identified potential vulnerabilities in the TOE have been addressed, i.e. that the TOE in its intended environment has no exploitable vulnerabilities. Test Platforms 3. The Evaluators and Developers conducted their testing on the hardware platforms identified under the heading Environmental Configuration in Annex A.

Page 19

Page 20

 

Tags

VLH617 11954 EQS560 PG-3300 GSP 776 Fur DAY 4350FCT KD-S731R EWF12480W LV2393 M1319 MFP Lexmark 5600 PFM-500A3WU BN-60 A6100 ICD-SX78 PV-GS83 EX-H10 DVP-FX870 TH-65PF12UK Janome 2006 Audi Plus DC720KA MHC-RV20 Optio E10 AVA-1209A F1225 19LG3100 SPP-S9226 RB-1050 47LG6000 AEK Magicolor 7450 DX7630 Keyboard CDX-S1000 VGN-FW21ZR HL-T5075S DMC-ZR1 VGC-LT2S E4715 RH7500 K7VT2 MY101X DM-D110 LE26R51BM Review HC3800 CCD-TR718E Alertegps G50 HP501 Set-TOP Z5635 W1250 WD-80160NUP WF8602NHW P4S533-E Videostudio SE V2 0 SA-500 Dopod P100 HR1821 ARC50 GZ-MG26E TX-350 Hcb-105 Modeler CDA-9813 HDS-5M Paperport 11 Team Plus Drivers LX-131A DSC-T2 P-1453 VGN-FZ31S 20U51 RCM 127 180I-MB5 Mouse LM742 HD7460 RC400 Desktop PC 7 GO D3122 Presario 3600 Solus VGN-FW21M Cglm23-2H P2270HN JEH 351E CD1920 98127 LE37A430 Onis 300 LAC6900RN 3 5 CDP-XB720 Player RDR-GX257 Digital

 

manuel d'instructions, Guide de l'utilisateur | Manual de instrucciones, Instrucciones de uso | Bedienungsanleitung, Bedienungsanleitung | Manual de Instruções, guia do usuário | инструкция | návod na použitie, Užívateľská príručka, návod k použití | bruksanvisningen | instrukcja, podręcznik użytkownika | kullanım kılavuzu, Kullanım | kézikönyv, használati útmutató | manuale di istruzioni, istruzioni d'uso | handleiding, gebruikershandleiding

 

Sitemap

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101