HP WBEM Services Version A.02.
© Copyright 2009 Hewlett-Packard Development Company, L.P. All rights reserved Legal Notices Confidential computer software. Valid license from HP required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP WBEM Services Version A.02.07 Release Notes.................................................5 Announcement.......................................................................................................................................6 What's in This Version............................................................................................................................6 Product Documentation.............................................................................
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 1-7 1-8 4 HP WBEM Services Releases...........................................................................................................7 Remote User Authentication Methods..........................................................................................10 Software requirements and OS platform/version compatibility:..................................................13 HP-UX 11i v1 WBEM Solution Compatibility Table.........................................
1 HP WBEM Services Version A.02.
Announcement The following information is for Version A.02.07 of HP WBEM Services. HP WBEM Services for HP-UX is available from http://software.hp.com. As the HP-UX implementation of the DMTF WBEM standard, the HP WBEM Services product enables management solutions that deliver increased control of enterprise resources at reduced cost.
• Audit Logging - Provides a mechanism from which auditors can use to track various WBEM client operations and provider usages. The audits include access, activity, and configuration changes on the selected CIM server for the WBEM client(s). A dynamic configuration property, enableAuditLog, is used to enable or disable audit logging at run time. By default, enableAuditLog is set to false.
• The HP WBEM Services run-time environment — Binary command line executables — Shared libraries — Configuration files — CIM schemas • Packaged Provider Modules — Computer System — Operating System — Process — Domain Name Service — Network Time Protocol — Network Information Service — IP To install any A.02.07 Version, use the instructions contained in these Release Notes. Product Documentation • • HP WBEM Services Administrator’s Guide, Second Edition B8465-90017 available from http://docs.hp.
HTTPS connection points may be disabled using the cimconfig command line utility. However, the UNIX domain socket connection is always enabled when the CIM Server is running. Security Considerations Keep in mind the following security considerations if you plan to make use of SNMP as well as PRM and WLM: • You can use tools such as Process Resource Manager (PRM) and Workload Manager (WLM) to limit computing resources used by the WBEM Services processes. You can purchase these products from http://www.
Table 1-2 Remote User Authentication Methods Certificate Based Authentication (CBA) HTTP Basic Authentication Description The cimserver requests the client certificate while HTTPS Using a request/challenge mechanism and authenticating connection is in progress. the user-supplied username and password through Pluggable Authentication Modules (PAM). Benefits and Considerations • Requires a one-time server configuration.
NOTE: HP-UX uses the cimservera executable in HP WBEM Services to provide the cimserver with PAM Authentication services. For more information, see the HP WBEM Services for HP-UX and Linux System Administrator's Guide (part number B8465-90017, chapter 3). More about using Client Certificate-Based Authentication Before making use of CBA, you must do the following: 1. 2. 3. Enable Certificate Based Authentication (CBA) using the cimconfig command. By default, CBA is disabled.
Here are two examples of updating certificates when an earlier version of HP WBEM Services was already installed: • Scenario 1: Using the default installed certificates from WBEM Services Version A.01.05: It is recommended that after installing HP WBEM Services Version A.02.07, you do the following: 1. — Delete the existing /var/opt/wbem/server_2048.pemand/or /var/opt/ wbem/server.pem files and use the certificates in /etc/opt/hp/sslshare directory. OR 2.
NOTE: The wbemexec command uses the file /etc/opt/hp/sslshare/client.pem as its trust store. Import the server certificates for this client into the /etc/opt/hp/ sslshare/client.pem file. Standards Conformance This version of the HP WBEM Services product complies with the following standards: • • • • CIM Operations over HTTP, Version 1.1 Representation of CIM in XML, Version 2.1 CIM Infrastructure Specification, Version 2.3 CIM Schema, Version 2.13.
NOTE: As updates to OpenSSL become available and installed over time, the HP WBEM Services cimserver process must be shutdown and restarted in order to run against any new version of OpenSSL. For more information on shutting down and restarting the cimserver, see the HP WBEM Services System Administrator’s Guide. • • For HP-UX 11i v1 install Strong Random Number Generator depot KRNG11i.
Table 1-4 HP-UX 11i v1 WBEM Solution Compatibility Table Product Tag Product Title Product Version Supported HP WBEM Services Version iCOD HP-UX iCOD (Instant Capacity) B.11.11.09.02.00.07 A.02.07.xx NParProvider nPartition Provider HP-UX B.12.02.07.03 SW-DIST HP-UX Software Distributor B.11.11.0909.340 WBEMP-LAN LAN Provider for Ethernet B.11.11.0706 LAN interfaces VParProvider vPar Provider - HP-UX B.11.11.01.06 WBEMP-FCP WBEM Provider for FC HBAs B.11.11.
NOTE: Unless otherwise indicated, the table column titled “Product Version” indicates support for the listed or later versions. Table 1-5 HP-UX 11i v2 WBEM Solution Compatibility Table Product Tag Product Title Product Version Supported HP WBEM Services Version iCOD HP-UX iCOD (Instant Capacity) B.11.23.08.03.00.22 A.02.07.xx NParProvider nPartition Provider HP-UX B.23.01.07.04* SW-DIST HP-UX Software Distributor B.11.23.0803.317 WBEMP-LAN LAN Provider for Ethernet B.11.23.
Table 1-6 details HP-UX 11i v3 with product bundle and WBEM version compatibility information. NOTE: Unless otherwise indicated, the table column titled “Product Version” indicates support for the listed or later versions. Table 1-6 HP-UX 11i v3 WBEM Solution Compatibility Table Product Tag Product Title Product Version Supported HP WBEM Services Version iCOD HP-UX iCOD (Instant Capacity) B.11.31.08.03.00.22 A.02.07.xx NParProvider nPartition Provider HP-UX B.31.01.10.
Compatibility Starting with the A.02.05 release, HP WBEM Services for HP-UX will support an option that allows a WBEM Provider (i.e., the management instrumentation) to run as the user who issued the management request. Prior to this release, all WBEM Providers executed in a privileged context. With the release of HP WBEM Services A.02.05.02 for HP-UX 11i v3, WBEM Providers will, by default, be invoked in the context of the user requesting an operation (i.e., “Run-As-Requestor”).
command and follow the instructions to install the software from the depot. The filesets that make up the HP WBEM Services product are: • • • • WBEM-CORE, A.02.07.xx - WBEM Services core fileset for hp Integrity servers WBEM-CORE-COM, A.02.07.xx - WBEM Services core fileset for hp Integrity servers and hp 9000 servers WBEM-MAN, A.02.07.xx - WBEM Services man pages WBEM-MX, A.02.07.
The command to register these three providers is (all on one line): /opt/wbem/bin/cimmof -I /opt/wbem/bin/cimmof -n root/PG_InterOp /etc/opt/wbem/mof/HPUX_ManagedSystemSchema20R.mof NOTE: For HP-UX 11i v1, these three providers are NOT automatically registered because you must install a patch first. See Required and Recommended Patches below. Running the HP WBEM Services CIM Server After installation, the HP WBEM Services CIM Server process (cimserver) is active.
Contact your HP support representative for up-to-the-moment information. Patches can be superseded or withdrawn at any time, so always be sure to check the status of any patch before downloading it. Table 1-7 Required Patches Patches HP-UX Version WBEM Version Notes PHCO_36184 11i v1 A.02.07.
Table 1-8 Defects Fixed in HP WBEM Services A.02.07.06 (continued) Identifier Description Resolution QXCR1000865453 If the permissions of the cimserver trust store path /etc/opt/hp/sslshare are corrupt or incorrect, then the cimserver does not start up. The error message displayed in this scenario has been modified to indicate the nature of the error and the remedial action.
Table 1-8 Defects Fixed in HP WBEM Services A.02.07.06 (continued) Identifier Description Resolution QXCR1000814657 When a system is ignited from a CD/DVD media, the certificate is generated with the following values: commonName=localhost. When certificates from two such systems are added to the cimtrust database on the server, the second certificate is not loaded into the cimtrust database. An error message indicates that the certificate already exists.
HP WBEM Services is not installed appropriately on systems that use NIS • What is the problem? While installing HP WBEM Services, the configure phase creates the cimsrvr user and group in the passwd(4) and group(4) files. But when you upgrade to HP WBEM Services, as part of a custom bundle, on a system that has NIS configured, and the custom bundle requires a restart, the configure phase is run before the NIS services are up and running.
/var/opt/wbem/cimserver_planned.conf 2. If the usePAMAuthentication configuration option is present, then run the following command before updating the WBEM Services product. # cimconfig -u usePAMAuthentication -p Software Availability in Native Languages HP WBEM Services is available only in English.
