Edit: Still a good option to consider
Originally posted October 2, 2018 on AIXchange
I love NIM. I rely on NIM when I’m doing new server builds, and it’s also my go-to for installing the VIO server.
Chances are you love NIM as well. That said, one thing you might not be fond of is firewalls between your NIM server and NIM clients, which requires you to work with your network team and ask for ports to be opened.
Here’s a breakdown of ports that need to be opened in a firewall for use with NIM:
| Protocol | Port(s) |
|---|---|
| nimsh | 3901 – 3902 |
| icmp | 5813 |
| rsh* | 513 – 1023** |
| rlogin* | 513 |
| shell* | 514 |
| bootp | 67 – 68 |
| tftp | 69 and 32,768 – 65,535 |
| nfs | 2049 |
| mountd | 32,768 – 65,535 or user’s choice |
| portmapper | 111 |
| NIM | 1058 – 1059 |
Again, in some environments, getting approval for such extensive access can be a challenge. Fortunately, a potential alternative exists. Read this IBM Knowledge Center doc to determine if using NIM over HTTP can work in your environment:
Network Installation Manager (NIM) supports the installation of AIX updates over the Hypertext Transfer Protocol Secure (HTTP) protocol to conform to the emerging data center policies that restrict the use of network file server (NFS).
AIX BOS installation still requires the use of the NFS version 3 protocol or the more secure NFS version 4 protocol. In addition to the installation of filesets, NIM customization processes such as script execution and copying the file_res directory are supported over the HTTP protocol.
The HTTP protocol provides the following advantages for NIM management:
- All communication occur over a single HTTP port. Hence, the authorization through a firewall is easier to manage.
- AIX installation steps are driven from the client’s end, that is, the target system of the installation. Therefore, remote access is not required for running the commands.
- NIM or any other products that currently use the client-server model of NFS can easily use HTTP.
- (The capability) to extend the end product to support additional protocols.
AIX 7.2.0 ships a new service handler that provides HTTP access to NIM resources. The nimhttp service is defined in the /etc/services and the nimhttp daemon, which listen for requests over the 4901 port. When the nimhttp service is active, NIM clients attempt to access the /etc/services file and request customization of the scripts that are defined in the nimhttp service. If HTTP access fails or if the access is denied, access failover attempt to the NFS client occurs.
Were you aware of this option? Have you used it before?