HP WBEM Services Version A.02.
© Copyright 2010 Hewlett-Packard Development Company, L.P. All rights reserved Legal Notices Confidential computer software. Valid license from HP required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP WBEM Services Version A.02.09 Release Notes.................................................5 Announcement.......................................................................................................................................6 What's in This Version............................................................................................................................6 Security .........................................................................................
List of Tables 1-1 1-2 1-3 1-4 1-5 4 HP WBEM Services Releases...........................................................................................................7 Remote User Authentication Methods............................................................................................9 HP-UX 11i v2 WBEM Solution Compatibility Table.....................................................................13 HP-UX 11i v3 WBEM Solution Compatibility Table...............................................
1 HP WBEM Services Version A.02.
Announcement The following information is for version A.02.09.04 of HP WBEM Services. HP WBEM Services for HP-UX is available from http://software.hp.com. As the HP-UX implementation of the DMTF WBEM standard, the HP WBEM Services product enables management solutions that deliver increased control of enterprise resources at reduced cost.
• • From this release, the CIM Repository (/var/opt/wbem/repository) is a database instead of file-based repository. This change is done to increase the robustness of CIM repository. wbemassist - A command-based troubleshooting utility to identify problems related to HP WBEM Services on the managed nodes. This utility can be used to troubleshoot configuration or installation problems as well as to determine if the CIM server is working appropriately or not.
Security HP WBEM Services supports four connection points • • • • HTTP port HTTPS (HTTP Secure) port HTTPS port for Export Connections a Unix domain socket for local connections HP WBEM Services uses dedicated ports for CIM-XML traffic. The ports 5988 (HTTP TCP/IP communication) and 5989 (HTTPS TCP/IP communication) are dedicated for CIM-XML communications between CIM Clients and the CIM Server.
The UNIX domain socket connection point is used for local connections, so this traffic is not visible on the network interconnect. Remote User Authentication The CIM Server can authenticate remote users by: • HTTP Basic Authentication • Certificate Based Authentication (CBA) The following table details each remote authentication option in greater detail.
# Session management wbem session required libpam_hpsec.so.1 wbem session sufficient libpam_unix.so.1 wbem session required libpam_ldap.so.1 # Password management wbem password required libpam_hpsec.so.1 wbem password required libpam_ldap.so.1 try_first_pass wbem password required libpam_ldap.so.1 try_first_pass NOTE: HP-UX uses the cimservera executable in HP WBEM Services to provide the cimserver with PAM Authentication services.
Managing Certificates During the install process, if /etc/opt/hp/sslshare/cert.pem and /etc/opt/hp/ sslshare/file.pem files are found on the system, the following messages will be generated in the install log: NOTE: /etc/opt/hp/sslshare/cert.pem - SSL Certificate file already exists. New certificates are not created. The existing files, /etc/opt/hp/sslshare/cert.pem and /etc/opt/hp/sslshare/ file.pem may have been created by an earlier installation of HP WBEM Services A.02.
1. Copy the certificate (/etc/opt/hp/sslshare/cert.pem) from the system where HP WBEM Services is installed. NOTE: Do not copy the key in the /etc/opt/hp/sslshare/file.pem, copy only the public certificate in the /etc/opt/hp/sslshare/cert.pem file. 2. Use the ssltrustmgr command to add the certificate (from cert.pem) to the trust store .pem on the client machine. NOTE: The wbemexec command uses the file /etc/opt/hp/sslshare/client.pem as its trust store.
NOTE: Unless otherwise stated, the tables indicate support for the listed and later versions of WBEM providers that are compatible with HP WBEM Services Version A.02.09.04. Note that this version of HP WBEM Services could work with earlier versions of the providers that are already installed in your environment. However, these earlier versions are not tested with HP WBEM Services Version A.02.09.04.
Table 1-3 HP-UX 11i v2 WBEM Solution Compatibility Table (continued) 14 Product Tag Product Title Product Version KernalProviders HP-UX Kernel Providers B.01.00.04 gWLM-Agent HP Global Workload Manager Agent A.6.0.0.77716 HP WBEM Services Version A.02.
Table 1-4 HP-UX 11i v3 WBEM Solution Compatibility Table Product Tag Product Title Product Version Supported HP WBEM Services Version iCOD HP-UX iCOD (Instant Capacity) B.11.31.10.00.00.11 A.02.09.04 NParProvider nPartition Provider HP-UX B.31.02.00 SW-DIST HP-UX Software Distributor B.11.31.1003 WBEMP-LAN LAN Provider for Ethernet B.11.31.1009 LAN interfaces VParProvider vPar Provider - HP-UX B.11.31.01.04 WBEMP-FCP WBEM Provider for FC HBAs B.11.31.
the management request. Prior to this release, all WBEM Providers executed in a privileged context. With the release of HP WBEM Services version A.02.05.02 for HP-UX 11i v3, WBEM Providers will, by default, be invoked in the context of the user requesting an operation (i.e., “Run-As-Requestor”). This default setting can break backward compatibility for certain types of Providers. This means that existing Providers that run in the user context of the CIM Server may break.
NOTE: As updates to OpenSSL become available and installed over time, the HP WBEM Services cimserver process must be shutdown and restarted in order to run against any new version of OpenSSL. For more information on shutting down and restarting the cimserver, see the HP WBEM Services System Administrator’s Guide.
/opt/wbem/bin commands, executables /opt/wbem/lbin Executables that are not intended to be used directly by customers. /opt/wbem/lib Shared libraries. /opt/wbem/mof/CIM217 MOF files. /opt/wbem/mof MOF files. /opt/wbem/mx Reserved. /opt/wbem/providers/lib Links to shared libraries for providers. /opt/wbem/sbin Commands and executables that only root user can run. /opt/wbem/share/man Man pages. /var/opt/wbem Configuration files, CIM repository, log files, etc.
NOTE: While re-installing HP WBEM Services, any existing repository in /var/opt/wbem/repository is moved to/var/opt/wbem/prev_repository before building a new repository. HP WBEM Services version A.02.09 upgrades the existing repository to CIM schema 2.17.1 by recreating the schema extensions from the old repository (/var/opt/wbem/prev_repository) into the new repository (/var/opt/wbem/repository) that has been initialized with the new version of the schema.
Fixes in this Release Unless listed in the Known Problems and Workarounds section, all known problems of previous versions of HP WBEM Services have been fixed in this version. Table 1-5 describes the defects fixed in HP WBEM Services Version A.02.09.xx. Table 1-5 Defects fixed in HP WBEM Services Version A.02.09.xx Identifier Description Resolution Defects fixed in A.02.09.
Table 1-5 Defects fixed in HP WBEM Services Version A.02.09.xx (continued) Identifier Description Resolution QXCR1000873670 The manpage for the osinfo command The manpage for the osinfo does not indicate that the /etc/opt/hp/ command has been updated. sslshare/client.pem file is required for Client Based Authentication (CBA). QXCR1000914874 The cimmof and other WBEM client commands result in a core dump while accessing ICU libraries. This defect has been fixed to resolve these error messages.
Users and groups of HP WBEM Services conflict with users and groups of NIS, LDAP and other network services • What is the problem? During installation, HP WBEM Services creates a user cimsrvr and a group cimsrvr. If you are using Network Information Services (NIS), Lightweight Directory Access Protocol (LDAP) or any other network service for managing user and group accounts, there is a possibility that the user ID (UID) and the group ID (GID) created for HP WBEM Services is already in use by other users.
2. If the usePAMAuthentication configuration option is present, then run the following command before updating the WBEM Services product. # cimconfig -u usePAMAuthentication -p Related Documentation Following are the documents available with this release of HP WBEM Services: • • HP WBEM Services Administrator’s Guide, Second Edition B8465-90017 available from http://docs.hp.com/en/netsys.html Release Notes for this version and for previous versions of HP WBEM Services are available from http://docs.hp.
