Authentication and authorization process between HMC and partitions
On HMC: DMSRM pushes down the secret key and HMC hostname to NVRAM when it detects a new CEC. This process is repeated every 5 minutes. Each time an HMC is rebooted or DMSRM is restarted, a new key is used.
On AIX: CSMAgentRM, through RTAS, reads the key and HMC hostname out from NVRAM. It will then authenticate the HMC.
This process is repeated every 5 minutes on LPAR to detect new HMC(s) and key changes. An HMC with a new key is treated as a new HMC and will go though the authentication and authorization processes again.
On AIX: After authenticating the HMC, CSMAgentRM will contact the DMSRM on HMC to create a ManagedNode resource in order to identify itself as an LPAR of this HMC. (At the creation time, the ManagedNode’s Status attribute will be set to 127.)
CSMAgentRM then creates a compatible ManagementServer resource on AIX.
On AIX: After the creation of the ManagedNode and ManagementServer resources on HMC and AIX respectively, CSMAgentRM grants HMC permission to access necessary resource classes on the LPAR. After the granting HMC permission, CSMAgentRM will change its ManagedNode, on HMC, Status to 1.
Without proper permission on AIX, the HMC would be able to establish a session with the LPAR but will not be able to query for OS information, DLPAR capabilities, or execute DLPAR commands afterward.
On HMC: After the ManagedNode Status changed to 1, LparCmdRM querries for OS information, DLPAR capabilities, notifies CIMOM about the DLPAR capabilities of the LPAR, then waits for a DLPAR command from users.
If the partitions support DLPAR capabilities, lsparittion -dlpar will list partitions with Active: and DCaps:.