HP XP P9000 Command View Advanced Edition Suite Software 7.6.1-00 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP XP Array Manager Enterprise Media Kit

HP P9000 Command View Advanced Edition

Suite Software

Administrator Guide

Part number: TB581-96390

Twelfth edition: January 2014

Summary of content (560 pages)

PAGE 1
HP P9000 Command View Advanced Edition Suite Software Administrator Guide Part number: TB581-96390 Twelfth edition: January 2014
PAGE 2
Legal and notice information © Copyright 2010, 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Date January 2014 Version 7.6.1-00 Edition Twelfth Description Added information for new and changed features.
PAGE 4
PAGE 5
Contents Preface .............................................................................................. 27 1 System configuration and requirements ............................................... 29 System configuration ................................................................................................................. Hardware configuration ...................................................................................................... Software configuration ......................
PAGE 6
System configuration for using a virtual command device server configuration to manage copy pairs .................................................................................................................. System configuration for using an SVP configuration to manage copy pairs (when copy pairs are defined in a configuration definition file) ...................................................................
PAGE 7
About the hierarchical structure model .......................................................................... About the flat model ................................................................................................... About the BaseDN ..................................................................................................... Registering an external authentication server and an external authorization server .................... Setup items in the exauth.
PAGE 8
Operation workflow for secure communication between a management server and a CIM client (two-way authentication for object operations) ....................................................... Operation workflow for secure communication between a management server and a CIM client (event indications) ..............................................................................................
PAGE 9
Editing an MOF file for object operations ...................................................................... Exporting a server certificate for object operations ......................................................... Enabling two-way authentication for object operations .................................................... Importing a client certificate for object operations .......................................................... Creating a keystore file for event indications ......................
PAGE 10
7 Configuring Device Manager for CIM/WBEM ................................... 277 About CIM/WBEM ................................................................................................................. CIM/WBEM functions in Device Manager ................................................................................. Specifying a namespace ..........................................................................................................
PAGE 11
10 Managing the database ............................................................... 321 Managing databases .............................................................................................................. Backing up databases ............................................................................................................. Backing up a database in non-cluster configuration ..............................................................
PAGE 12
Configuration definition file for managing copy pairs .................................................................. Prerequisite environment for using the configuration definition file ........................................... Editing the configuration definition file ................................................................................ Configuration definition file parameters supported Device Manager .................................
PAGE 13
Two copies of HBase Agent are displayed in the Programs and Features window ............... 404 HBase Agent is displayed in the Programs and Features window ..................................... 404 JavaVM terminates abnormally .................................................................................... 404 An OutOfMemory error occurs on a host, and after a while the host stops responding ........ 404 The file system name is not displayed in the Device Manager GUI ...................................
PAGE 14
server.horcmconfigfile.hostname ......................................................................................... server.base.initialsynchro ................................................................................................... server.cim.agent ............................................................................................................... server.cim.support ............................................................................................................
PAGE 15
client.migration.use.legacymode ......................................................................................... client.launch.HPPA.report.protocol ...................................................................................... client.launch.HPPA.report.host ............................................................................................ client.launch.HPPA.report.port ............................................................................................
PAGE 16
server.mail.smtp.host ......................................................................................................... server.mail.from ............................................................................................................... server.mail.errorsTo ........................................................................................................... server.mail.smtp.port ........................................................................................................
PAGE 17
hdc.common.rmi.ssl.serverPort ............................................................................................ hdc.common.https.serverPort .............................................................................................. hdc.service.rmi.registryIPAddress ........................................................................................ hdc.service.fileCleanup.startTime ........................................................................................ hdc.adapter.esx.
PAGE 18
server.agent.rm.location .................................................................................................... server.agent.rm.optimization.userHorcmFile .......................................................................... server.agent.rm.horcm.poll ................................................................................................. server.agent.rm.temporaryInstance ...................................................................................... server.agent.rm.
PAGE 19
Figures 1 Basic system configuration ........................................................................................ 29 2 Most secure configuration: separate management LAN plus firewall .............................. 33 3 Second-most secure configuration: separate management LAN plus firewalled devices ..................................................................................................................
PAGE 20
23 Example of a configuration in which the management server is used as a bridge between networks .............................................................................................................. 100 24 Operating workflow for user authentication on an LDAP directory server ...................... 118 25 Operating workflow for user authentication on a RADIUS server .................................. 120 26 Operation workflow for user authentication on a Kerberos server ...........................
PAGE 21
Tables 1 Maximum number of management resources .............................................................. 36 2 Appropriate memory heap size for Common Component ............................................. 37 3 Appropriate memory heap size for the Device Manager server ..................................... 39 4 Hosts that can be managed by Device Manager ......................................................... 41 5 Host management software supported by Device Manager .................................
PAGE 22
26 Port number that must be registered as a firewall exception between the Host Data Collector computer and a host ............................................................................................... 94 27 Port numbers that must be registered as firewall exceptions between the management server and an SMI-S provider ...................................................................................
PAGE 23
51 Properties set in the HtsmgetTI.properties file ............................................................. 245 52 Categories and descriptions ................................................................................... 245 53 Audit events that are output to audit logs (when the category is StartStop) .................... 247 54 Audit events that are output to audit logs (when the category is Authentication) .............
PAGE 24
81 HBase Storage Mgmt Web Service property settings (for Windows Server Failover Clustering) ........................................................................................................... 303 82 HCS Device Manager Web Service property settings (for Windows Server Failover Clustering) ........................................................................................................... 303 83 DeviceManagerServer property settings (for Windows Server Failover Clustering) ..........
PAGE 25
108 Support status of HORCM_LDEV parameter description format .................................... 380 109 Values that can be specified for the ip_address of HORCM_INST parameter ................ 381 110 Support status of HORCM_INST parameter description format .................................... 381 111 Values that can be specified for the ip_address of HORCM_INSTP parameter ............... 382 112 Support status of HORCM_INSTP parameter description format ...................................
PAGE 26
141 Output level of message log data ............................................................................ 513 142 Output level of trace log data ................................................................................. 514 143 Host Data Collector property files ............................................................................ 519 144 Correspondences between the hdc.ssl.secure property values and the port numbers to be opened ........................................................
PAGE 27
Preface This manual explains how to configure HP StorageWorks P9000 Command View Advanced Edition (abbreviated hereafter as Device Manager), HP StorageWorks P9000 Tiered Storage Manager (abbreviated hereafter as Tiered Storage Manager), and HP StorageWorks P9000 Command View Advanced Edition Suite Common Component (abbreviated hereafter as Common Component), and also explains how to set up an environment as well as how to troubleshoot management servers.
PAGE 28
Preface
PAGE 29
1 System configuration and requirements This chapter describes the system configuration and system requirements for Device Manager and Tiered Storage Manager. System configuration The following figure shows a basic system configuration in which Device Manager and Tiered Storage Manager are used. Figure 1 Basic system configuration A TCP/IP network must be used to connect a management server to management clients, and the management server to storage systems.
PAGE 30
Management server A management server is a computer that integrates and manages storage systems and host computers. P9000 Command View AE Suite is installed on this computer. The management server supports an active-standby type clustering configuration consisting of two computers. Management client A management client is a computer used to operate Device Manager and Tiered Storage Manager. Host (application server) A host (application server) is a computer that uses the volumes in a storage system.
PAGE 31
NOTE: Only Host Data Collector can be installed on a separate computer. Device Manager agent The Device Manager agent component collects information about hosts or storage systems that it then reports to the Device Manager server.
PAGE 32
Common security risks System administrators frequently separate production LANs from management LANs. In such cases, management LANs act as a separate network, which isolates management traffic from a production network and reduces the risk of security-related threats. If a management controller such as the SVP exists on a production LAN, the storage systems are left open for access by any entity on the IP network.
PAGE 33
Figure 2 Most secure configuration: separate management LAN plus firewall Level 2 security: Placing managed devices behind the firewall and creating a separate management LAN In this configuration, the machine hosting the Device Manager server and all other application servers must be single-homed, and the actual managed devices must be separated from Device Manager by a firewall.
PAGE 34
Figure 3 Second-most secure configuration: separate management LAN plus firewalled devices Level 3 security: Dual-homed management servers and creating a separate management LAN In this configuration, the management servers themselves act as the intersection point between the management LAN and a production LAN. The server running Device Manager or management applications is dual-homed.
PAGE 35
Figure 4 Third-most secure configuration: dual-homed management servers plus separate management LAN Level 4 security: A flat network Here, the management application servers, managed devices, and managed clients all coexist on the same network. This configuration is the least secure, though it is the most flexible. It affords no protection to any of the components required for storage management operations, so management application server hardening is paramount.
PAGE 36
Figure 5 Least secure configuration: flat network Management server requirements This section describes the system requirements for the management server. Maximum number of resources that can be managed There are upper limits to the number of resources that can be managed by Device Manager, Tiered Storage Manager, and Replication Manager. HP recommends that you operate each product within these limits.
PAGE 37
Number of paths = number of LDEVs x average number of paths per LDEV Related topics • Changing Device Manager server properties, page 466 • server.cim.support.job, page 471 Changing the memory heap size of Common Component To change the memory heap size for Common Component, use the hcmdschgheap command.
PAGE 38
If you manage both open volumes and mainframe volumes, calculate the number of copy pairs by using the following formula: number-of-open-system-copy-pairs x 6 + number-of-mainframe-systemcopy-pairs To change the memory heap size: 1. Stop the P9000 Command View AE Suite product services. 2. Check the current setting for the memory heap size. In Windows: installation-folder-for-Common-Component\bin\hcmdschgheap /print 3.
PAGE 39
Information to collect in advance • Number of LDEVs to be managed Table 3 Appropriate memory heap size for the Device Manager server Memory heap size OS Managed resource Windows (IPF) Window(x86), Window(x64) or Linux 256 MB (Min: 128 MB) 512 MB (Min: 128 MB) 1,024 MB (Min: 128 MB) Number of LDEVs per storage system 2,000 or less 2,001 or more -- Number of LDEVs per storage system 2,000 or less 2,001 to 6,000 6,001 or more Legend: --: You cannot specify this memory heap size.
PAGE 40
P9000 Command View AE Suite products can be used with the following JDK versions: Operations to complete in advance • Check the JDK for P9000 Command View AE Suite products For details, see HP P9000 Command View Advanced Edition Suite Software System Requirements. To change the JDK: 1. Stop the services of P9000 Command View AE Suite products. 2. Execute the command below, and in the window that opens, select the JDK you want to use.
PAGE 41
Host requirements Device Manager can manage, as hosts, computers that use volumes on managed storage systems. By using Device Manager to centrally manage the disk resources for individual hosts, you can assign the most appropriate volume based on usage. Hosts that can be managed by Device Manager To allocate storage system volumes to hosts (application servers) or check the volume usage of each host, target hosts must be registered in Device Manager as Device Manager resources.
PAGE 42
Open host Host management software Normal host Virtual machine Virtualization server Mainframe host vMA N N Y N P9000 mainframe agent N N N Y Legend: Y: Supported N: Not supported #: If both Host Data Collector and the Device Manager agent manage information about normal hosts or virtual machines, the Device Manager GUI or CLI uses the information acquired by the Device Manager agent.
PAGE 43
Prerequisites for normal hosts To manage normal hosts by using Host Data Collector or the Device Manager agent, you must perform environment setup of the normal hosts before registering them in Device Manager. Prerequisites for normal hosts managed by Host Data Collector To use Host Data Collector to manage normal hosts, install Host Data Collector, and then perform environment setup on each normal host.
PAGE 44
user-name-used-for-host-registration hosts-to-be-registered =(execution-user-name-alias)NOPASSWD:/tmp/FsDataGatherLauncher.Unix.sh For hosts-to-be-registered, specify the IP address, host name, or ALL. For execution-user-name-alias, specify ALL, or root. NOTE: If a general user account is used to register a host into Device Manager, do not use the root account to register the host a second time.
PAGE 45
NOTE: Do not use a name that contains a semicolon (;) for the following host items: • If managing a Windows host: - Network connection name - Comment field for the shared disk • If managing a UNIX host: - Mount-destination directory name - Disk group name (volume group name and disk set name) - Logical volume name - Network name - Shared disk directory name - Device name of the network drive (directory name of the shared disk that has been set up on the reference destination host) Related topics • How to s
PAGE 46
Figure 6 Environment settings on virtual machines (when Host Data Collector is used for management) Host Data Collector comes with P9000 Command View AE Suite, which is installed on the management server, but can also be installed on a computer other than the management server. Before you register virtual machines in Device Manager, the following environment settings must already be specified on the virtual machines.
PAGE 47
• Registering virtual WWN in Device Manager (when managing the virtualization server with vMA) When managing a UNIX host (When information about the host is collected by using the root account) • SSH is enabled. • Settings have been performed so that you can log in as root via a remote SSH login with password authentication.
PAGE 48
NOTE: If a general user account is used to register a host into Device Manager, do not use the root account to register the host a second time.
PAGE 49
• For virtual machines running the AIX OS, set the ODMDIR environment variable. • If an HBA is shared by multiple virtual machines • Install a Device Manager agent on any one of the virtual machines. • For virtual machines running the AIX OS, set the ODMDIR environment variable. • If a virtual HBA is allocated to each virtual machine (if an NPIV HBA is used) • Install a Device Manager agent on each virtual machine.
PAGE 50
Configuration in which an HBA is shared by multiple virtual machines Figure 9 Operation workflow for allocating volumes to virtual machines (when sharing an HBA by multiple virtual machines) 1. Register one of the virtual machines that share an HBA as a normal host in Device Manager. Do not register the virtualization server that runs in the same physical environment in Device Manager. 2.
PAGE 51
Configuration in which a virtual HBA is allocated for each virtual machine (by using NPIV HBAs) Figure 10 Operation workflow for allocating volumes to virtual machines (when allocating a virtual HBA to each virtual machine) 1. 2. 3. 4. Register the virtualization servers that run the virtual machines whose volume status you want to manage in Device Manager.
PAGE 52
Registering virtual WWNs in Device Manager (createnpivinfo command) When using vMA to manage virtualization servers on which NPIV HBAs are used, execute the createnpivinfo command to register the virtual WWN assigned to each virtual machine in Device Manager.
PAGE 53
If you move a virtual machine from one virtualization server to another : You need to update (refresh) the information of the source and destination virtualization servers in Device Manager. After moving a virtual machine, if there are no volumes assigned to the source virtualization server, manually delete the information about the source virtualization server from Device Manager. If a virtual WWN was added or changed: 1. Execute the createnpivinfo command to register the virtual WWN in Device Manager.
PAGE 54
Figure 11 Environment settings on virtualization servers (when Host Data Collector is used for management) • Host Data Collector comes with P9000 Command View AE Suite, which is installed on the management server, but can also be installed on a computer other than the management server. To install multiple Host Data Collector computers, make sure that the same Host Data Collector version and revision are installed on all computers.
PAGE 55
Figure 12 Environment settings on virtualization servers (when vMA is used for management) • You must deploy vMA on a virtualization server, and then specify the virtualization server or VMware vCenter Server as the monitoring target of vMA. • IPv6 can also be used for communication between the Device Manager server and vMA.
PAGE 56
Figure 13 System configuration in which vMA monitors VMware ESX that is in the same physical environment Figure 14 System configuration in which vMA monitors VMware ESX that is in a different physical environment To register a virtualization server in Device Manager, you need to specify vMA information such as the IP address and user account. When you specify the vMA information, the physical environment managed by vMA is registered as a virtualization server.
PAGE 57
NOTE: • If a virtualization server is managed by Device Manager, do not make the virtual machines running on that virtualization server management targets of Device Manager, except when NPIV HBA is used in the configuration. • If you change vMA information such as the IP address and user account, you must re-register the vMA in Device Manager (but you do not need to delete it).
PAGE 58
NOTE: • If a virtualization server is managed by Device Manager, do not make the virtual machines running on that virtualization server management targets of Device Manager, except when NPIV HBA is used in the configuration.
PAGE 59
• Re-register the vMA that manages the virtualization servers in Device Manager (but you do not need to delete it). Note that, if you change the hardware configuration of a virtualization server, after the configuration information of the monitored virtualization server is applied to vMA and VMware vCenter Server, you need to update (refresh) the Device Manager information.
PAGE 60
Related products This section describes the products related to Device Manager and Tiered Storage Manager. Replication Manager Replication Manager provides centralized management of configurations and operating statuses of replication volumes distributed over a storage network. The Replication Manager GUI can be displayed from Device Manager GUI. Hitachi Dynamic Link Manager Hitachi Dynamic Link Manager manages each LUN path between a storage system and host.
PAGE 61
• Storage system requirements for managing copy pairs, page 74 System configuration for managing copy pairs Device Manager supports the following four types of system configurations to manage copy pairs. • Local management method In this configuration, copy pairs are managed for each host by connecting a command device to each application server via Fibre Channel.
PAGE 62
CAUTION: Note the following if using Device Manager to manage a copy pair that was created by using a management tool other than Device Manager: • When the copy pair is created by using Remote Web Console, SVP, or RAID Manager LIB, You need to perform either of the following: - Manually create a configuration definition file to define the copy pair. - Dissolve the copy pair by using the management tool that was used when creating the copy pair, and then create a copy pair by using Device Manager.
PAGE 63
Figure 18 Example of a system configuration for managing copy pairs (local management) Management server conditions: The following computers must be registered as the Device Manager management resources: • A host that recognizes the P-VOL • A host that recognizes the S-VOL Host (application server) conditions: • Device Manager agent must be installed on hosts as follows: - If there is one host that recognizes the P-VOL and one host that recognizes the S-VOL, install a Device Manager agent on each of the hos
PAGE 64
• The P-VOL and S-VOL must be managed by a single management server (Device Manager server). • The P-VOL and S-VOL must be recognized by the hosts (application servers). Note that if you manage copy pairs defined in a snapshot group, the S-VOL does not need to be recognized by the hosts. HP recommends that P-VOL and S-VOL be assigned to separate hosts. • From the P-VOL or S-VOL, LUN security must be set for the host (application server). From the P-VOL and S-VOL, LUN security can be set for different hosts.
PAGE 65
CAUTION: When the Device Manager agent is running, do not perform logout processing of user authentication for the storage system by directly executing a RAID Manager command. If you do so, processing performed from the Device Manager GUI or CLI might not finish properly. If you need to log out, stop the Device Manager agent service first.
PAGE 66
• Device Manager agent must be installed on the pair management server. • The server.agent.rm.centralizePairConfiguration property for the Device Manager agent on the pair management server must be set to enable (default: disable). • RAID Manager must be installed on the pair management server. If the command devices recognized by the pair management server support the authentication function, install version 01-25-03/01 or later of RAID Manager on the pair management server.
PAGE 67
- All journal volumes that make up a journal (when managing Continuous Access Journal pairs) • A shared resource group in which a command device has been registered must be created and assigned to each user. Note that, if each user uses a different command device, register the command device in a resource group managed by the users, instead of registering them in a shared resource group.
PAGE 68
Figure 20 Example of a system configuration for managing copy pairs (virtual command device server configuration) Management server conditions: The following computers must be registered as the Device Manager management resources: • A host that recognizes the P-VOL • A host that recognizes the S-VOL Host (application servers) conditions: • Device Manager agent version 7.1 or later must be installed on the application servers.
PAGE 69
CAUTION: • If the HORCM_ALLOW_INST parameter is specified in the configuration definition file on the virtual command device server, the default port number (34000+instance-number+1) must be used for the RAID Manager initiator port of the application server. • Before you manipulate the copy pair from the Device Manager GUI or CLI, check whether authentication mode is enabled for the command device that is connected to the host (application server).
PAGE 70
CAUTION: When the Device Manager agent is running, do not perform logout processing of user authentication for the storage system by directly executing a RAID Manager command. If you do so, processing performed from the Device Manager GUI or CLI might not finish properly. If you need to log out, stop the Device Manager agent service first.
PAGE 71
• A host that recognizes the S-VOL Pair management server conditions: • Device Manager agent version 7.1 or later must be installed on the pair management server. • RAID Manager version 01-25-03/01 or later must be installed on the pair management server. Copy pair (P-VOL and S-VOL) conditions: • The P-VOL and S-VOL must be managed by a single management server (Device Manager server). • From the P-VOL and S-VOL, LUN security must be set for the host (application server).
PAGE 72
System configuration for using an SVP configuration to manage copy pairs (when copy pairs are defined as a device group) Set up the management server, hosts (application servers), and storage system so that the prerequisites are satisfied.
PAGE 73
GUI: In the storage system view, select the target storage system, click the Refresh Storage System button. CLI: Execute the AddStorageArray command for the target storage system. Copy pair (P-VOL and S-VOL) conditions: • The P-VOL and S-VOL must be managed by a single management server (Device Manager server). • From the P-VOL and S-VOL, LUN security must be set for the host (application server). The management server does not need to recognize the P-VOL or S-VOL.
PAGE 74
Storage system requirements for managing copy pairs Use Element Manager to set up an environment appropriate for the storage system requirements. Table 7 Storage system requirements for managing copy pairs Storage system Function Requirements • Prerequisite software for Continuous Access Journal must be installed and the license must be enabled. • There must be a fibre-channel connection between the two ports used for an MCU-RCU path.
PAGE 75
Storage system Function Requirements • Prerequisite software for Snapshot must be installed and the license must be enabled. Snapshot • To be used as an S-VOL, a V-VOL (a special LU) must be prepared in advance. Perform the preparations in the following order: • Create a pool. • Create a V-VOL. • Prerequisite software for Fast Snap must be installed and the license must be enabled.
PAGE 76
• System configuration for using an SVP configuration to manage copy pairs (when copy pairs are defined in a configuration definition file), page 70 • System configuration for using an SVP configuration to manage copy pairs (when copy pairs are defined as a device group), page 72 Prerequisite version of the Device Manager agent for managing copy pairs The prerequisite version of the Device Manager agent varies depending on the storage system to be managed and the program to be used.
PAGE 77
To create a configuration definition file, Device Manager agent version 3.1 or later must be installed on each host. #: The following table lists the Device Manager agent version required for each storage system model. Table 10 Device Manager agent version required for each storage system model when managing copy pairs by using the CLI Storage system model Device Manager agent version P9500 7.0 or later XP24000 5.7 or later XP20000 5.8 or later XP12000 XP10000 1.
PAGE 78
• If you want to use Device Manager to control copy pairs managed by RAID Manager, the configuration definition file on the host that manages the P-VOL of the copy pair and the configuration definition file on the host that manages the S-VOL of the copy pair must have the same group name and the same pair name. If different names are specified, Device Manager cannot control that copy pair.
PAGE 79
2 Network configuration This chapter describes the settings for the P9000 Command View AE Suite products that are required in various network configurations. Port settings This section describes the port numbers and firewall settings used by the P9000 Command View AE Suite products. Ports used by P9000 Command View AE Suite products Avoid specifying port numbers used by other programs installed on the same computer for the port numbers used by P9000 Command View AE Suite products.
PAGE 80
Port number Description 23018/tcp Used internally for Common Component communication (receiving a termination message from the Web server). This port number can be changed. Used internally for Common Component communication (communication with the Web server). 23025/tcp This port number can be changed. Used internally for Common Component communication (receiving a termination message from the Web server). 23026/tcp This port number can be changed.
PAGE 81
Port number Description Used for communication with a CIM client (service discovery). 427/tcp You cannot change the settings by using Device Manager. If products using these ports are installed on the same computer, change the settings of those products. Used internally for Device Manager server communication, for communication with management clients (via the GUI or the CLI),for communication with storage systems, and for communication with hosts (Device Manager agents).
PAGE 82
Ports used by the Tiered Storage Manager server For the management server, ensure that the port numbers specified for use by the Tiered Storage Manager server are different from the port numbers used by other programs installed on the same computer. Table 13 Ports used by the Tiered Storage Manager server Port number 20352/tcp 24500/tcp Description Used for communication with management clients (via the Tiered Storage Manager CLI or the legacy mode Tiered Storage Manager GUI).
PAGE 83
Port number 22104/tcp 22105/tcp 22106/tcp Description Used for SSL communication between the Device Manager server and the RMI registry. You can change the port by using the hdc.common.rmi.ssl.registryPort property in the hdcbase.properties file of Host Data Collector. Used for SSL communication between the Device Manager server and the RMI server. You can change the port by using the hdc.common.rmi.ssl.serverPort property in the hdcbase.properties file of Host Data Collector.
PAGE 84
Port number Description Used for communication with the Device Manager server. 24042/tcp You can change the port by using the server.http.port property in the server.properties file of the Device Manager agent. Used internally for Device Manager agent communication. 24043/tcp You can change the port by using the server.http.localPort property in the server.properties file of the Device Manager agent. Related topics • • • • Changing Device Manager agent properties, page 529 server.agent.
PAGE 85
Target storage system Port number Description 1099/tcp Used for communication with the management server or management clients (GUI). This port number cannot be changed. 51099/tcp Used for communication with the management server or management clients (GUI). This port number cannot be changed. 51100/tcp Used for communication with the management server or management clients (GUI). This port number cannot be changed. 80/tcp Used for communication with management clients (GUI).
PAGE 86
3. Start the services of the P9000 Command View AE Suite products. 4. If you change the following port numbers, you need to change the URLs of all P9000 Command View AE Suite products that are installed on the management server: • 23015/tcp (used for accessing HBase Storage Mgmt Web Service) You need to change the URLs if you use non-SSL for communication between the management server and management clients.
PAGE 87
Default port number Settings files Location In Windows: installation-folder-for-Common-Component\CC\web\containers\HiCommand\ usrconf\usrconf.properties In Linux: webserver.connector.ajp13.port installation-directory-for-CommonComponent/CC/web/containers/HiCommand/usrconf/usrconf.properties In Windows: 23018/tcp installation-folder-for-Common-Component\CC\web\containers\HiCommand\ usrconf\usrconf.properties In Linux: webserver.shutdown.
PAGE 88
Default port number Settings files Location In Windows: installation-folder-for-Common-Component\HDB\CONF\emb\HiRDB.ini In Linux: PDNAMEPORT installation-directory-for-CommonComponent/HDB/conf/emb/HiRDB.
PAGE 89
• Stopping services, page 318 • How to specify settings for Plug-in for Virtualization Server Provisioning: HP P9000 Command View Advanced Edition Suite Software Plug-in for Virtualization Server Provisioning User Guide Registering firewall exceptions When the ports or processes used by P9000 Command View AE Suite products are registered as firewall exceptions, connection to the registered ports or processes from outside the network is permitted.
PAGE 90
Originator Destination Remarks Port number Machine Port number Machine 24500/tcp# Management server Management client any/tcp (Tiered Storage Manager CLI) This setting is required when SSL communication is used. #: This port number can be changed.
PAGE 91
Originator Destination Remarks Port number Machine Port number Machine • P9500 • XP24000 • XP20000 any/tcp Management server 51099/tcp • XP12000 • XP10000 - • SVS200 • XP1024 • XP128 any/tcp Management server 51100/tcp any/tcp Management server 51100/tcp • XP24000 • XP20000 • P9500 This setting is required when you perform an upgrade installation to a Device Manager server version 6.0.0-00 or later. - Legend: -: Not applicable #: This port number can be changed.
PAGE 92
Originator Destination Remarks Port number Machine Port number Machine • P9500 • XP24000 • XP20000 any/tcp Management client (GUI) 1099/tcp • XP12000 • XP10000 - • SVS200 • XP1024 • XP128 • P9500 • XP24000 • XP20000 any/tcp Management client (GUI) 51099/tcp • XP12000 • XP10000 - • SVS200 • XP1024 • XP128 any/tcp Management client (GUI) • P9500 51100/tcp • XP24000 - • XP20000 Legend: -: Not applicable Table 21 Port numbers that must be registered as firewall exceptions between the mana
PAGE 93
This port number can be changed. Table 22 Port numbers that must be registered as firewall exceptions between the management server and a virtualization server Originator Destination Remarks Port number Machine Port number Machine • VMware ESX • VMware vCenter Server that manages VMware ESX This setting is required when a virtual WWN is assigned to a virtual machine by using NPIV.
PAGE 94
Register the value specified for the client.launch.HPPA.report.port property in the client.properties file.
PAGE 95
#: This port number can be changed. Table 27 Port numbers that must be registered as firewall exceptions between the management server and an SMI-S provider Originator Destination Remarks Port number Machine Port number Machine any/tcp SMI-S provider 5983/tcp# Management server - any/tcp Management server 5988/tcp# SMI-S provider This setting is required when non-SSL communication is used.
PAGE 96
This port number can be changed. Table 29 Port numbers that must be registered as firewall exceptions between the management server and a mail server Originator Destination Remarks Port number Machine Port number Machine This setting is required to send an email to a user when the following events occur: any/tcp Management server (Device Manager server) 25/tcp#1 Mail server#2 • An alert occurs in a storage system. • A task executed from the Migrate Data wizard completes.
PAGE 97
Originator Destination Remarks Port number Machine Port number Machine any/tcp Management server 1812/udp# RADIUS server - Legend: -: Not applicable #: This port number is generally used. However, a different port number might be used for an external authentication server.
PAGE 98
Component Name added to the exceptions list Path Tiered Storage Manager(htsmHDvMUser) installation-folder-for-the-Tiered-Storage-Manager-server\inst\htsmHDvMUser.exe Tiered Storage Manager(htsmVersion) installation-folder-for-the-Tiered-Storage-Manager-server\inst\htsmVersion.exe Tiered Storage Manager(schemaDrop) installation-folder-for-the-Tiered-Storage-Manager-server\inst\schemaDrop.
PAGE 99
2. Select Firewall configuration, use the Tab key to move to the Run Tool button, and then press Enter. The Firewall Configuration window is displayed. 3. Set Security Level to Enabled by pressing the space key to select Enabled, use the Tab key to move to the Customize button, and then press Enter. The Firewall Configuration - Customize window is displayed. 4. In Other ports specify the port to be registered as an exception, use the Tab key to move to the OK button, and then press Enter.
PAGE 100
Network settings for using the management server as a network bridge To use the management server as a network bridge by installing multiple network interface cards (NICs) on the server, set up the networks so that the management server, management client, and storage systems can mutually communicate. The sections where settings must be specified are explained by using the configuration example shown below.
PAGE 101
Device Manager settings in IPv6 environments Device Manager supports IPv6-based communication. To use Device Manager in an IPv6 environment, you need to change the Device Manager settings according to the environment's requirements. To use Device Manager in an IPv6 environment, make sure that the Device Manager settings meet the following requirements: • Set up the OS so that both IPv6 and IPv4 can be used because, even if IPv6 is being used, IPv4 is also required for processing in the product.
PAGE 102
3. Delete the heading hash mark (#) from the #Listen [::]:port-number line to enable IPv6-based communication. For example, in the httpsd.conf file configured for SSL communication, the location of the line from which you delete a hash mark (#) is shown below. CAUTION: • If you use non-SSL communication, you do not need to delete the hash mark (#) from the Listen line under SSLSessionCacheSize. • By default, all IPv6 addresses are set to allow communication.
PAGE 103
To link with storage systems that support IPv6: • On the Device Manager server, open the server.properties file, and set either of the following items for the server.http.host property: • The IPv6 address of the computer on which the Device Manager server is installed • The host name of the computer on which the Device Manager server is installed The host name must be resolvable to the IPv6 address.
PAGE 104
2. If TLS/SSL is used for communication between the management server and management clients or an SMI-S provider, re-create a server certificate of the management server by using the new host name. This step is necessary if SSL/TLS is used for communication between the following components: 3.
PAGE 105
• Changing the URL for accessing P9000 Command View AE Suite products (hcmdschgurl command), page 107 • Operation workflow for secure communication between a management server and a management client (GUI), page 165 • Operation workflow for secure communication between a management server and a management client (Device Manager CLI), page 167 • Operation workflow for secure communication between a Device Manager server and Replication Manager server, page 169 • Operation workflow for secure communication be
PAGE 106
2. Edit the httpsd.conf file. If the old IP address is specified for the ServerName parameter, change the IP address to the host name or the new IP address. • In Windows: installation-folder-for-Common-Component\httpsd\conf\httpsd.conf • In Linux: installation-directory-for-Common-Component/httpsd/conf/httpsd.conf NOTE: HP recommends that you specify the host name in the httpsd.conf file. 3. Change the IP address of the management server, and then restart the computer.
PAGE 107
You need to execute the hdvmagt_setting command to change the settings for the Device Manager server information. • When the Replication Manager is used: If you change the IP address or the host name registered as the information source, re-register the information source. . • When a RADIUS server is used to authenticate accounts: Check the settings in the exauth.properties file.
PAGE 108
To change P9000 Command View AE Suite product URLs: 1. Execute the hcmdschgurl command.
PAGE 109
2. In Windows, change the URL in the shortcut file. In Windows XP, Windows Server 2003 R2, Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2: Select Start, All Programs, HP P9000 Command View Advanced Edition Suite, and then rightclick Login - Command View AE Suite. In Properties, change the URL on the Web Document tab.
PAGE 110
• Changing the management server environment from a non-cluster environment to a cluster environment , page 307 110 Network configuration
PAGE 111
3 User account management This chapter describes the settings required for managing user accounts of P9000 Command View AE Suite products. About password policies A password policy is a set of conditions related to the number of characters or combinations of character types that can be used in passwords for user accounts. By setting a password policy, you can prevent users from setting easily guessed passwords, and reduce the risk of unauthorized access from third parties.
PAGE 112
To set a password policy: • Edit the security.conf file. The security.conf file is stored in the following locations: • In Windows: installation-folder-for-Common-Component\conf\sec\security.conf • In Linux: installation-directory-for-Common-Component/conf/sec/security.conf The following table shows the password policies that can be set in the security.conf file. Table 32 Password policies that can be set in the security.conf file Item Description password.min.
PAGE 113
CAUTION: • In all P9000 Command View AE Suite products, set password policies apply only to user accounts that are added and passwords that are changed after the policy was set. New password policies do not apply to existing user accounts, so users of such accounts can log in to the system even if their passwords do not satisfy the set conditions. • You can also set password policies from the GUI.
PAGE 114
failed login attempts to 3 and a user fails to log in to Device Manager once, Tiered Storage Manager once, and then Replication Manager once, the user account is automatically locked. Setting account locking policies You can set an account locking policy for P9000 Command View AE Suite products in the security.conf file. To set an account locking policy: • Edit the security.conf file. The security.
PAGE 115
2. Open the user.conf file. The user.conf file is stored in the following locations: • In Windows: installation-folder-for-Common-Component\conf\user.conf • In Linux: installation-directory-for-Common-Component/conf/user.conf If the user.conf file does not exist, create it. 3. Use the following format to specify the account.lock.system property: account.lock.system=true 4. Start the P9000 Command View AE Suite product services.
PAGE 116
To unlock a locked account: • Execute the hcmdsunlockaccount command to unlock the account.
PAGE 117
• Kerberos server About linking to an external authorization server In addition to an external authentication server, if you also use an external authorization server to perform user authentication, access permissions for the management server (a P9000 Command View AE Suite product) can be controlled on the external authorization server.
PAGE 118
Figure 24 Operating workflow for user authentication on an LDAP directory server 118 User account management
PAGE 119
NOTE: • When a P9000 Command View AE Suite product is in operation, to switch to the system configuration linked to an external authorization server, delete any user ID that has the same name as the ID registered in Common Component, or change the user name. If the same user name is registered, when the user logs in to the P9000 Command View AE Suite product, the user is authenticated in Common Component (internal authentication).
PAGE 120
Figure 25 Operating workflow for user authentication on a RADIUS server 120 User account management
PAGE 121
NOTE: • When a P9000 Command View AE Suite product is in operation, to switch to the system configuration linked to an external authorization server, delete any the user ID that has the same name as the ID registered in Common Component, or change the user name. If the same user name is registered, when the user logs in to a P9000 Command View AE Suite product, the user is authenticated in Common Component (internal authentication).
PAGE 122
Figure 26 Operation workflow for user authentication on a Kerberos server 122 User account management
PAGE 123
NOTE: • When a P9000 Command View AE Suite product is in operation, to switch to the system configuration linked to an external authorization server, delete user any ID that has the same name with the ID registered in Common Component, or change the user name. If the same user name is registered, when the user logs in to a P9000 Command View AE Suite product, the user is authenticated in Common Component (internal authentication).
PAGE 124
When performing user authentication on an LDAP directory server, check which data structure is being used, because information about the LDAP directory server registered on the management server and the operations you need to perform on the management server depend on the data structure. In addition, when performing user authentication or authorization on an LDAP directory server, also check BaseDN, which is the start point for searching for users.
PAGE 125
Figure 28 Example of the flat model The user entities enclosed by the dotted line can be authenticated. In this example, BaseDN is ou=people,dc=example,dc=com, because all of the user entries are located just below ou=people.
PAGE 126
Registering an external authentication server and an external authorization server In the exauth.properties file, set the type of the external authentication server to be used, the server identification name, and the machine information about the external authentication server and external authorization server. Operations to complete in advance • Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux). • Copy the template of the exauth.properties file.
PAGE 127
• For Kerberos authentication: • Machine information about the external authentication server and the external authorization server Host name or IP address Port name • Realm name • Domain name managed by the LDAP directory server (when linking to an external authorization server) • BaseDN (when linking to an external authorization server) To register an external authentication server and an external authorization server: 1. Specify required items in the exauth.properties file being copied. 2.
PAGE 128
NOTE: • To use StartTLS for communication between the management server and the LDAP directory server, you need to directly specify information about the LDAP directory server to connect to in the exauth.properties file. • If you use the DNS server to look up the LDAP directory server to connect to, it might take longer for users to log in. Table 34 Setup items in the exauth.properties file for LDAP authentication (common items) Property Details Specify an external authentication server type.
PAGE 129
Property Details Specify whether to also link to an external authorization server. Specify true to link to an external authorization server. auth.group.mapping Specify false to not to link to an external authorization server. Default value: false Table 35 Setup items in the exauth.properties file for LDAP authentication (when directly specifying information about the external authentication server) Attributes Details Specify the protocol for connecting to the LDAP directory server.
PAGE 130
Attributes Details Specify the attribute (Attribute Type) to use as the user ID during authentication. • For the hierarchical structure model Specify the name of the attribute containing the unique value to be used for identifying the user. The value stored in this attribute will be used as the user ID for P9000 Command View AE Suite products.
PAGE 131
Note: To specify the attributes, use the following syntax: auth.ldap.auth.server.name-property-value.attribute=value #1: When communicating by using StartTLS as the protocol for connecting to the LDAP directory server, you need to specify the security settings of Common Component. #2: When using StartTLS as the protocol for connecting to the LDAP directory server, in the host attribute specify the same host name as the value of CN in the LDAP directory server certificate. You cannot use an IP address.
PAGE 132
Attributes Details Specify the attribute (Attribute Type) to use as the user ID during authentication. • For the hierarchical structure model Specify the name of the attribute containing the unique value to be used for identifying the user. The value stored in this attribute will be used as the user ID for P9000 Command View AE Suite products.
PAGE 133
Attributes Details Specify true. dns_lookup However, if the following attribute values are already set, the LDAP directory server will be connected to by using the user-specified values instead of by using the DNS server to look up the information. • auth.ldap.auth.server.name-property-value.host • auth.ldap.auth.server.name-property-value.port Default value: false Note: To specify the attributes, use the following syntax: auth.ldap.auth.server.name-property-value.
PAGE 134
auth.server.type=ldap auth.server.name=ServerName auth.group.mapping=false auth.ldap.ServerName.protocol=ldap auth.ldap.ServerName.timeout=15 auth.ldap.ServerName.attr=sAMAccountName auth.ldap.ServerName.basedn=dc=Example,dc=com auth.ldap.ServerName.retry.interval=1 auth.ldap.ServerName.retry.times=20 auth.ldap.ServerName.domain.name=EXAMPLE.COM auth.ldap.ServerName.dns_lookup=true • When directly specifying information about the LDAP directory server (when also linking to an authorization server) auth.
PAGE 135
Setup items in the exauth.properties file for RADIUS authentication In the exauth.properties file, set the type of the external authentication server to be used, the server identification name, and the machine information about the external authentication server. • Common properties Table 38 • Properties for an external authentication server Specify these property values for each RADIUS server.
PAGE 136
Property names Details Specify the server identification names of RADIUS servers. You can specify any name for this property in order to identify which RADIUS servers the settings such as the port number and the protocol for connecting to the RADIUS server (see Table 39) are applied to. ServerName has been set as the initial value. You must specify at least one name. When specifying multiple RADIUS server identification names, separate the names with commas (,).
PAGE 137
Attributes Details Specify the host name of the Device Manager management server. The RADIUS server uses this attribute value to identify the management server. The host name of the management server has been set as the initial value. Specifiable values: Specify no more than 253 bytes of the following characters: attr.NAS-Identifier#2 A to Z a to z 0 to 9 ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ Default value: none Specify the IPv4 address of the Device Manager management server.
PAGE 138
Attributes Details Specify whether to use the DNS server to look up the information about the LDAP directory server. If you want to directly specify information about the LDAP directory server in the exauth.properties file, specify false. If you want to use the DNS server to look up the information, specify true.
PAGE 139
Attributes Details Specify the BaseDN, which is the DN of the entry that will be used as the start point when searching for LDAP user information on the LDAP directory server. The user entries that are located in the hierarchy below this DN will be checked during authorization. Specify the DN of the hierarchy that includes all of the user entries to be searched. basedn Specify the DN by following the rules defined in RFC4514.
PAGE 140
server, in the host attribute specify the same host name as the value of CN in the LDAP directory server certificate. You cannot use an IP address. Table 42 Setup items in the exauth.properties file for RADIUS authentication (when an external authorization server and StartTLS are used for communication) Property auth.ocsp.
PAGE 141
Attributes Details timeout Specify the amount of time to wait before timing out when connecting to the LDAP directory server. If you specify 0, the system waits until a communication error occurs without timing out. Specifiable values: 0 to 120 (seconds) Default value: 15 Specify the retry interval (in seconds) for when an attempt to connect to the LDAP directory server fails. retry.
PAGE 142
auth.server.type=radius auth.server.name=ServerName auth.group.mapping=true auth.ocsp.enable=false auth.ocsp.responderURL= auth.radius.ServerName.protocol=PAP auth.radius.ServerName.host=radius.example.com auth.radius.ServerName.port=1812 auth.radius.ServerName.timeout=1 auth.radius.ServerName.retry.times=3 auth.radius.ServerName.attr.NAS-Identifier=host_A auth.radius.ServerName.domain.name=EXAMPLE.COM auth.radius.ServerName.dns_lookup=false auth.group.EXAMPLE.COM.protocol=ldap auth.group.EXAMPLE.COM.
PAGE 143
• When directly specifying information about the Kerberos server: Table 45 • When using the DNS server to look up information about the Kerberos server: Table 46 • Properties for an external authorization server These properties need to be set if you directly specify information about the Kerberos server and an external authorization server is also linked. Specify the properties for each realm.
PAGE 144
Attributes Details Specify the encryption type used for Kerberos authentication. This property is enabled only if the management server OS is Windows. You can use the following encryption types: • aes128-cts • rc4-hmac • des3-cbc-sha1 default_tkt_enctypes • des-cbc-md5 • des-cbc-crc If you want to specify multiple encryption types, use a comma to separate the encryption types.
PAGE 145
Attributes Details Specify the information about the Kerberos server in the following format: host-name-or-IP-address[:port-number] This attribute is required. host-name-or-IP-address value-specified-for-realm_name.kdc# If you specify the host name, make sure beforehand that the name can be resolved to an IP address. If you specify the IP address, use an IPv4 address. In an IPv6 environment, you must specify the host name. Note that you cannot specify the loopback address (localhost or 127.0.0.1).
PAGE 146
Attributes Details Specify the encryption type used for Kerberos authentication. This property is enabled only if the management server OS is Windows. You can use the following encryption types: • aes128-cts • rc4-hmac • des3-cbc-sha1 default_tkt_enctypes • des-cbc-md5 • des-cbc-crc If you want to specify multiple encryption types, use a comma to separate the encryption types.
PAGE 147
Attributes Details Specify the port number of the LDAP directory server. Make sure beforehand that the port you specify is set as the listen port number on the LDAP directory server. port Specifiable values: 1 to 65535 Default value: 389 Specify the BaseDN, which is the DN of the entry that will be used as the start point when searching for LDAP user information on the LDAP directory server. The user entries that are located in the hierarchy below this DN will be checked during authorization.
PAGE 148
When communicating by using StartTLS as the protocol for connecting to the LDAP directory server, you need to specify the security settings of Common Component. Table 48 Setup items in the exauth.properties file for Kerberos authentication (when an external authorization server and StartTLS are used for communication) Property auth.ocsp.
PAGE 149
• When directly specifying information about a Kerberos server (when also linking to an external authorization server): auth.server.type=kerberos auth.group.mapping=true auth.ocsp.enable=false auth.ocsp.responderURL= auth.kerberos.default_realm=EXAMPLE.COM auth.kerberos.dns_lookup_kdc=false auth.kerberos.clockskew=300 auth.kerberos.timeout=3 auth.kerberos.realm_name=RealmName auth.kerberos.RealmName.realm=EXAMPLE.COM auth.kerberos.RealmName.kdc=kerberos.example.com:88 auth.group.EXAMPLE.COM.
PAGE 150
gistered in P9000 Command View AE Suite products, you need to register a user account used to search for LDAP user information on the management server. Conditions for LDAP search user account Conditions for the LDAP search user account vary depending on the authentication method. Prepare a user account that satisfies the following conditions on the LDAP directory server. For LDAP authentication: • The user account can bind to the DN specified for auth.ldap.auth.server.nameproperty-value.
PAGE 151
Registering an LDAP search user account Use the hcmdsldapuser command to register the an LDAP search user account on the management server. Operations to complete in advance Register an LDAP search user on the LDAP directory server. Information to collect in advance • DN and password of the LDAP search user • Server identification name of the LDAP directory server (for LDAP authentication) Specify the server identification name that was specified for the auth.server.name property in the exauth.
PAGE 152
NOTE: • In the LDAP directory server, you can use double quotation marks (") for the DN and password. In the management server, however, you need to register a user account whose DN and password do not include double quotation marks. • If you are using Active Directory, you can use the dsquery command provided by Active Directory to check the DN of a user.
PAGE 153
Checking the LDAP directory server that registered LDAP search user account Use the hcmdsldapuser command to check which LDAP directory server has registered the LDAP search user account on the management server. To check the LDAP directory server that registered the LDAP search user account: • Execute the hcmdsldapuser command.
PAGE 154
To delete a shared secret: • Execute the hcmdsradiussecret command.
PAGE 155
Check the user accounts registered on the RADIUS server. • For Kerberos authentication When linking only to an external authentication server: Check the user accounts that are registered in P9000 Command View AE Suite products and whose authentication method is Kerberos authentication. When also linking to an external authorization server: Check the user accounts not registered in P9000 Command View AE Suite products.
PAGE 156
Phase 1 The command verifies that common properties have been correctly specified in the exauth.properties file. Phase 2 The command verifies that the properties for the external authentication server and properties for the external authorization server have been correctly specified in the exauth.properties file. Phase 3 The command verifies that the external authentication server can be connected to.
PAGE 157
hcmdsradiussecret -set "secret01\\" -name ServerName Encryption types for Kerberos authentication Configure the Kerberos server so that the encryption types supported by P9000 Command View AE Suite products can be used. In P9000 Command View AE Suite products, the encryption types listed below can be used for Kerberos authentication.
PAGE 158
User account management
PAGE 159
4 Security This chapter describes the security settings required to operate P9000 Command View AE Suite products. Login warning banners A warning banner is a field for security messages displayed in the Login panel of P9000 Command View AE Suite products. P9000 Command View AE Suite products can display an optional message (warning banner), as a security risk measure at login.
PAGE 160
To create and register a message displayed on a warning banner: 1. Use a text editor to create a message. Sample messages in English (bannermsg.txt) and Japanese (bannermsg_ja.txt) are provided in the following locations: • In Windows: installation-folder-for-Common-Component\sample\resource • In Linux: installation-directory-for-Common-Component/sample/resource These sample files are overwritten at installation so, if you wish to use a sample file, copy it and then edit it.
PAGE 161
NOTE: If you execute the hcmdsbanner command and a message for the specified locale is already registered, it will be updated by being overwritten. TIP: You can also use the GUI to perform the following operations: • Registering a message without the locale specified • Editing a message that has been registered by the hcmdsbanner command with the locale option omitted When you use the GUI to perform operations, the following restrictions apply: • Available HTML tags are limited.
PAGE 162
TIP: You can also use the GUI to delete the following messages: • A message registered from the GUI • A message registered by the hcmdsbanner command with the locale option omitted If the system is in a cluster configuration, operations from the GUI are applied only to the executing node. To apply the operation to the standby node, switch the nodes and then perform the same operations.
PAGE 163
Figure 29 Secure communication routes for Device Manager and Tiered Storage Manager • Between a management server and a management client (GUI) SSL/TLS can be used for communication between the components listed below. In either case, communication is also possible in advanced security mode.
PAGE 164
• Between an LDAP directory server and a management server StartTLS can be used for communication between an LDAP directory server and Common Component. Communication is also possible in advanced security mode. • Between the Device Manager server and Replication Manager server SSL/TLS can be used for communication between the Device Manager server and Replication Manager server. Communication is also possible in advanced security mode.
PAGE 165
Operation workflow for secure communication between a management server and a management client (GUI) You need to create server certificates for Common Component and the Device Manager server on the management server, and then import them into the Web browser in the management client (GUI).
PAGE 166
Figure 30 Operation workflow for secure communication between a management server and a management client (GUI) NOTE: • You do not need to create and import a server certificate for the Device Manager server if you do not use Remote Web Console from Element Manager in the Device Manager GUI. • If you want to restrict which cipher suites are used for SSL/TLS communication, change the value of the server.https.enabledCipherSuites property in the server.properties file of the Device Manager server.
PAGE 167
Related topics • Changing the URL for accessing P9000 Command View AE Suite products (hcmdschgurl command), page 107 • Configuring an SSL server (Common Component), page 182 • Configuring an SSL server (Device Manager server), page 191 • Configuring an SSL client, page 210 • Changing Device Manager server properties, page 466 • server.https.
PAGE 168
• Configuring an SSL client, page 210 • Changing Device Manager server properties, page 466 • server.https.enabledCipherSuites, page 490 Operation workflow for secure communication between a management server and a management client (Tiered Storage Manager CLI) The self-signed certificate bundled with the Tiered Storage Manager server is used for SSL/TLS communication between a management server and a management client (Tiered Storage Manager CLI).
PAGE 169
Operation workflow for secure communication between an LDAP directory server and a management server You need to specify the settings for linking with an external authentication server on the management server, and then import the server certificate for the LDAP directory server into the truststore (ldapcacerts).
PAGE 170
Figure 34 Operation workflow for secure communication between a Device Manager server and Replication Manager server Note that, if the server certificate was issued by a well-known certificate authority, the certificate authority's server certificate might already be imported to the truststore (jssecacerts).
PAGE 171
• server.https.enabledCipherSuites, page 490 Operation workflow for secure communication between a Host Data Collector machine and a management server You need to create a server certificate for Host Data Collector on a Host Data Collector machine, and then import it into the truststore (dvmcacerts).
PAGE 172
• • • • hdc.classloader, page 496 hdc.usessl, page 497 Changing Host Data Collector properties, page 519 hdc.ssl.secure, page 524 Operation workflow for secure communication between a virtualization server and Host Data Collector You need to configure an SSL server on a virtualization server, and then change the communication protocol used to connect with the virtualization server from the Device Manager GUI or CLI.
PAGE 173
Figure 37 Operation workflow for secure communication between a virtualization server and a management server Related topics • Changing virtualization server information, page 220 • How to set up an SSL server on a virtualization server: See the VMware documentation.
PAGE 174
Figure 38 Operation workflow for secure communication between an SMI-S provider and a management server Related topics • Configuring an SSL server (Device Manager server), page 191 • Configuring an SSL client, page 210 • How to set up an SSL server and SSL client for an SMI-S provider: See the documentation for the SMI-S provider.
PAGE 175
When using the server certificate bundled with P9500, if you launch Remote Web Console by using Element Manager from the Device Manager GUI, an error message is displayed in the Web browser. To avoid this, you need to create a server certificate in which the IP address of P9500 is specified for Common Name.
PAGE 176
Figure 40 Operation workflow for secure communication between a management server and a CIM client (object operations) NOTE: If you want to restrict which cipher suites are used for SSL/TLS communication, create a new cimxmlscpa.properties file, and then specify a value for the Ciphers property.
PAGE 177
Figure 41 Operation workflow for secure communication between a management server and a CIM client (two-way authentication for object operations) NOTE: If you want to restrict which cipher suites are used for SSL/TLS communication, create a new cimxmlscpa.properties file, and then specify a value for the Ciphers property.
PAGE 178
Figure 42 Operation workflow for secure communication between a management server and a CIM client (event indications) NOTE: If you want to restrict which cipher suites are used for SSL/TLS communication, create a new cimxmlscpa.properties file, and then specify a value for the Ciphers property.
PAGE 179
Figure 43 Operation workflow for secure communication between a management server and a CIM client (two-way authentication for event indications) NOTE: If you want to restrict which cipher suites are used for SSL/TLS communication, create a new cimxmlscpa.properties file, and then specify a value for the Ciphers property.
PAGE 180
AES (whose key size is 128 bits or more) 3KeyTDES TIP: After performing an upgrade installation of P9000 Command View AE Suite from version 6.3 or earlier, or importing a database that was exported in 6.3 or earlier, if you want to switch operation to advanced security mode, you need to set user passwords again by using the GUI to save them with the new hash method.
PAGE 181
installation-directory-for-Common-Component/jdk/jre/lib/security/ jssecacerts • ldapcacerts The truststore for Common Component. To use StartTLS to communicate with an LDAP directory server, import the LDAP directory server certificate into ldapcacerts. In Windows: installation-folder-for-Common-Component\conf\sec\ldapcacerts In Linux: installation-directory-for-Common-Component/conf/sec/ldapcacerts • dvmcacerts The truststore for the Device Manager server.
PAGE 182
In Linux: installation-directory-for-Device-Manager-server/Server/wsi/server/ jserver/bin/indtruststore • Java Web Start truststore In Windows: Program-Files-folder\Java\JRE-version\bin\cacerts In Solaris: /usr/j2se/jre/javaws/cacerts In Linux: /usr/java/JRE-version/javaws/cacerts In HP-UX: /opt/JRE-version/jre/javaws/cacerts Related topics • Changing Device Manager server properties, page 466 • server.https.security.
PAGE 183
installation-folder-for-Common-Component\bin\hcmdsssltool /key privatekey-file /csr certificate-signing-request-file /cert self-signed-certificate-file /certtext contents-of-a-self-signed-certificate [/validity number-of-valid-days] [/dname DN] [/sigalg signature-algorithm] In Linux: installation-directory-for-Common-Component/bin/hcmdsssltool -key private-key-file -csr certificate-signing-request-file -cert selfsigned-certificate-file -certtext contents-of-a-self-signed-certificate [-validity number-of-val
PAGE 184
The following table lists and describes the attribute types and values specified for the DN. Table 50 Attribute types and values specified for the DN Attribute type Full name of attribute type Attribute value Specify the host name of the management server (HBase Storage Mgmt Web Service). This attribute is required. Specify the host name used when connecting to the management server (HBase Storage Mgmt Web Service of Common Component) from the management client (GUI).
PAGE 185
To apply to a certificate authority for a Common Component server certificate: • Send the created certificate signing request to a certificate authority. Usually, server certificates issued by a certificate authority are sent via email. Make sure that you save the response from the certificate authority. NOTE: Certificates issued by a certificate authority have an expiration date. You need to have a certificate reissued before your certificate expires.
PAGE 186
2. Specify the path to the private key and the path to the server certificate for each directive in the httpsd.conf file, and remove the hash mark (#) at the beginning of the lines. In Windows: installation-folder-for-Common-Component\httpsd\conf\httpsd.conf In Linux: installation-directory-for-Common-Component/httpsd/conf/httpsd.
PAGE 187
• For the SSLCertificateKeyFile directive, specify the absolute path to the private key file for Common Component. Do not specify a symbolic link and junction for the path. 3. • For the SSLCACertificateFile directive, if you use a server certificate issued by a certificate authority, specify the absolute path to the server certificate. Multiple server certificates can be contained in one file by chaining multiple PEM format server certificates by using a text editor.
PAGE 188
ServerName example.com : Listen 23015 #Listen [::]:23015 SSLDisable SSLSessionCacheSize 0 Listen 23016 #Listen [::]:23016 ServerName example.com SSLEnable SSLProtocol SSLv3 TLSv1 SSLRequiredCiphers AES256-SHA:AES128-SHA:DES-CBC3-SHA SSLRequireSSL SSLCertificateFile /opt/CVXPAE/Base/httpsd/conf/ssl/server /httpsd.pem SSLCertificateKeyFile /opt/CVXPAE/Base/httpsd/conf/ssl/server /httpsdkey.pem # SSLCACertificateFile /opt/CVXPAE/Base/httpsd/conf/ssl/cacert /anycert.
PAGE 189
2. Edit the httpsd.conf file to comment out the non-SSL communication port settings. Add a hash mark (#) to the beginning of the line below to turn it into a comment. The following example shows the locations for where to add hash marks (#). This example indicates the default port number. The httpsd.conf file is stored in the following locations: In Windows: installation-folder-for-Common-Component\httpsd\conf\httpsd.conf 3. In Linux: installation-directory-for-Common-Component/httpsd/conf/httpsd.
PAGE 190
2. Comment out the SSL-related directives, such as the path to the private key and the path to the server certificate, in the httpsd.conf file by adding a hash mark (#) at the beginning of the lines. In Windows: installation-folder-for-Common-Component\httpsd\conf\httpsd.conf 3. In Linux: installation-directory-for-Common-Component/httpsd/conf/httpsd.conf Start the services of the P9000 Command View AE Suite product.
PAGE 191
ServerName example.com : Listen 23015 #Listen [::]:23015 SSLDisable SSLSessionCacheSize 0 #Listen 23016 #Listen [::]:23016 # # ServerName example.com # SSLEnable # SSLProtocol SSLv3 TLSv1 # SSLRequiredCiphers AES256-SHA:AES128-SHA:DES-CBC3-SHA # SSLRequireSSL # SSLCertificateFile /opt/CVXPAE/Base/httpsd/conf/ssl/server /httpsd.pem # SSLCertificateKeyFile /opt/CVXPAE/Base/httpsd/conf/ssl/server /httpsdkey.pem # SSLCACertificateFile /opt/CVXPAE/Base/httpsd/conf/ssl /cacert/anycert.
PAGE 192
If you use SHA256withRSA as the signature algorithm, server certificates signed with SHA256withRSA must be supported by the Web browser used on the management client (GUI). (see “About advanced security mode” on page 179, “Web browsers that do not support advanced security mode” on page 180) To create a key pair and a self-signed certificate for Device Manager server: 1. Execute the following to start HiKeytool. In Windows: installation-folder-for-the-Device-Manager-server\Server\ HiKeytool.bat 2.
PAGE 193
16. Enter the keystore password (minimum of 6 characters). 17. Restart the P9000 Command View AE Suite product services for the changes to take effect. If you will continue to specify other security settings by using HiKeytool, you do not have to restart the services after each setting. Changes will become effective when you restart the services after you have finished specifying all settings by using HiKeytool.
PAGE 194
>1 Enter Server Name [default=example]:example.com Enter Organizational Unit [default=Device Manager Administration]: Enter Organization Name [default=example]:Hewlett-Packard Enter your City or Locality:New York Enter your State or Province:New York Enter your two-character country-code [default=US]: Enter Key Alias [default=example]:example.com Passwords must only contain characters (A-Z,a-z), digits (0-9) and whitespaces.
PAGE 195
Enabling SSL/TLS for the Device Manager server To enable SSL/TLS for the Device Manager server, from the HiKeytool main menu, select SSL configuration for Device Manager Server, and then Set Device Manager Server Security Level. Operations to complete in advance • Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux). • Create a self-signed certificate and key pair for the Device Manager server. To enable SSL/TLS for the Device Manager server: 1.
PAGE 196
Operations to complete in advance • Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux). • Create a key pair for the Device Manager server. • Enable SSL/TLS for the Device Manager server To create a certificate signing request for Device Manager server: 1. Start HiKeytool, and then in the main menu, enter 1 (SSL configuration for Device Manager Server). 2. In the server main menu, enter 3 (Generate CSR).
PAGE 197
Operations to complete in advance Create a certificate signing request for the Device Manager server. Information to collect in advance • How to apply to a certificate authority and the support status You need to have a server certificate issued in X.509 DER or X.509 PEM format. For details about how to apply for a certificate, check the website of the certificate authority you will use.
PAGE 198
-----BEGIN CERTIFICATE----MIIDMDCCApmgAwIBAgIDOBcYMA0GCSqGSIb3DQEBBAUAMIGHMQswCQYDVQQGEwJa QTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEChMU VGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRFU1QgVEVTVCBURVNUMRww ... ... ...
PAGE 199
TIP: You can change the keystore file in the Device Manager server by editing the server.https.security.keystore property in the server.properties file. >4 Preparing to import digitally signed certificate. Enter the location of the digitally signed certificate [default=C: \Program Files\CVXPAE\DeviceManager\Server\example.com.cer]: Beginning import... Digitally signed certificate imported. You must restart the Device Manager Server for the changes to take effect.
PAGE 200
Viewing the Device Manager server key pair information in verbose mode To view the key pair information registered in the Device Manager server keystore in verbose mode, from the HiKeytool main menu, select SSL configuration for Device Manager Server, and then Display verbose contents of Device Manager Server KeyStore. Operations to complete in advance Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux).
PAGE 201
2. In the server main menu, enter 7 (Delete an entry from the Device Manager Server KeyStore). 3. Enter the number of the key pair to be deleted. 4. Check the displayed message, and then press the y key. 5. Restart the P9000 Command View AE Suite product services for the changes to take effect. If you will continue to specify other security settings by using HiKeytool, you do not have to restart the services after each setting.
PAGE 202
7. Restart the P9000 Command View AE Suite product services for the changes to take effect. If you will continue to specify other security settings by using HiKeytool, you do not have to restart the services after each setting. Changes will become effective when you restart the services after you have finished specifying all settings by using HiKeytool.
PAGE 203
3. Enter the alias for the server certificate to be imported. 4. Enter the absolute path to the server certificate to be imported. 5. Repeat steps 2 through 4 if you import more than one certificate. 6. Restart the P9000 Command View AE Suite product services for the changes to take effect. If you will continue to specify other security settings by using HiKeytool, you do not have to restart the services after each setting.
PAGE 204
>11 Listing Contents of Device Manager Server TrustStore Alias ========== 1) verisignclass3ca, Fri Nov 25 12:04:38 JST 2005 MD5 Fingerprints:10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67 2) verisignclass3g2ca, Fri Nov 25 12:04:37 JST 2005 MD5 Fingerprints:A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9 3) verisignclass2g2ca, Fri Nov 25 12:04:35 JST 2005 MD5 Fingerprints:2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 4) verisignclass1g2ca, Fri Nov 25 12:04:34 JST 2005 MD5 Fingerprints:DB:23:3D:F9:69:FA:4B
PAGE 205
>12 Listing Contents of Device Manager Server TrustStore 1) alias: verisignclass3ca Issued by: "VeriSign, Inc." Organizational Unit: Class 3 Public Primary Certification Authority Organization: "VeriSign, Inc.
PAGE 206
>13 Delete an entry from the Device Manager Server TrustStore.
PAGE 207
4. Enter the new truststore password. You can use the following characters: A-Z a-z 0-9 spaces The password is case sensitive. If you enter a character other than the above, you might render your keystore unusable. 5. Enter the new password again. 6. Restart the P9000 Command View AE Suite product services for the changes to take effect. If you will continue to specify other security settings by using HiKeytool, you do not have to restart the services after each setting.
PAGE 208
Options key Specify the absolute path to the location to which a private key will be output. csr Specify the absolute path to the location to which the certificate signing request will be output. keypass Specify the private key password (minimum of 6 characters). For the keypass option and the storepass option, specify the same password. storepass Specify the keystore password (minimum of 6 characters). For the storepass option and the keypass option, specify the same password.
PAGE 209
Usually, server certificates issued by a certificate authority are sent via email. Make sure that you save the response from the certificate authority. NOTE: Certificates issued by a certificate authority have an expiration date. You need to have a certificate reissued before your certificate expires. Importing the Host Data Collector server certificates into the keystore To import the server certificates into the Host Data Collector keystore, use the keytool utility.
PAGE 210
2. Execute the following command to import a Host Data Collector server certificate. In Windows: installation-folder-for-Host-Data-Collector\HDC\Base\jre\bin\keytool -import -alias hdc -keystore keystore-file-name -file certificatefile-name In Linux: installation-directory-for-Host-Data-Collector/HDC/Base/jre/bin/ keytool -import -alias hdc -keystore keystore-file-name -file certificate-file-name • alias: Specify the name used to identify the certificate in the keystore.
PAGE 211
To download a Device Manager server truststore file: 1. Start a Web browser and access the following URL: http://management-server-IP-address-or-host-name:Device Manager-server-port-number/service/DeviceManagerCerts 2. Specify a user account, and download the truststore file.
PAGE 212
When you use a self-signed certificate for testing encrypted communication or any temporary use, you first need to export the server certificate from the truststore file (DeviceManagerCerts). To import a server certificate into Internet Explorer: 1. Start Internet Explorer, and then select Tools and Internet Options. If you are using Internet Explorer 8 or a later version, the Tools menu might not appear. In this case, press the Alt key to display the menu bar, and then perform the above operation. 2.
PAGE 213
2. Specify the URL of each P9000 Command View AE Suite product in the Address of website to allow text box, and then click the Add button.
PAGE 214
2. If the Device Manager CLI is executed from an AIX OS, configure the settings so that JSSE can be used from the JRE. Add the following line to the file JRE-installation-directory/lib/security/ java.security: ssl.SocketFactory.provider=com.sun.net.ssl.internal.ssl .SSLSocketFactoryImpl 3. Change the setting in the hdvmcli.properties file. The hdvmcli.properties file is stored in the directory in which the Device Manager CLI executable (hdvmcli.bat) is stored. • hdvmcli.
PAGE 215
(see “Changing ports used by Common Component” on page 85) • User account for Tiered Storage Manager To download the Tiered Storage Manager server truststore files: 1. Start a Web browser and access the following URL: http://management-server-host-name-or-IP-address:port-number-for-HBaseStorage-Mgmt-Web-Service/TieredStorageManager/TieredStorageManagerCerts 2. Specify a user account, and download the truststore file.
PAGE 216
Information to collect in advance • Host name or IP address for management server • SSL communication port number for the Tiered Storage Manager server (default: 24500) You can use the server.rmi.security.port property in the server.properties file of the Tiered Storage Manager server to check the port number. (see “Changing ports used by Common Component” on page 85, “server.rmi.security.port” on page 506) To enable SSL/TLS for the Tiered Storage Manager CLI computer: 1.
PAGE 217
The certificates issued by all the authorities from the authority that issued the Device Manager server certificate to the root certificate authority must form a certificate chain. When using a self-signed certificate: Export a Device Manager server self-signed certificate from the truststore file.
PAGE 218
To import a server certificate into the truststore: 1. Execute the following command.
PAGE 219
• The CN (in the Subject line) of the LDAP directory server certificate matches the value of the following specified attributes in the exauth.properties file. • When the server uses LDAP for the authentication method auth.ldap.value-specified-for-auth.server.name.host • When the server uses RADIUS for the authentication method and links with an external authorization server When an external authentication server and the authorization server are running on the same computer: auth.radius.
PAGE 220
Operations to complete in advance • Name resolution settings Make sure that management clients can resolve the IP address for the management server at the primary site from the host name. For example, register the server into the hosts file. • Import the Device Manager server certificate into the truststore (jssecacerts).
PAGE 221
command of the Device Manager CLI. This section shows how to refresh the system from the Device Manager GUI. Operations to complete in advance • Enable SSL/TLS for the Device Manager server. • Import a server certificate into the Device Manager server keystore (see “Importing a server certificate into the Device Manager server keystore” on page 198). To refresh a storage system: 1. Select Managed Resources in the Administration tab. 2.
PAGE 222
To use SSL server authentication for event indications, you need to create a server certificate in the CIM client, and then import it into the Device Manager server. To use two-way authentication, you need to create a client certificate in the Device Manager server and then import it into the CIM client. Creating a keystore file for object operations To create a keystore file for object operations, use the hcmdskeytool utility (for Windows) or the keytool utility (for Linux).
PAGE 223
The encrypted keystore password is displayed. You will need to specify this string in the MOF file for object operations. Editing an MOF file for object operations Set the keystore password encrypted by WSIEncryptString.jar in the MOF file for object operations, and then compile the file. Operations to complete in advance Create a keystore file for object operations. Information to collect in advance Keystore password encrypted by WSIEncryptString.jar. To edit an MOF file for object operations: 1.
PAGE 224
3. Execute the mofcomp command to compile the MOF file for object operations. In Windows: installation-folder-for-the-Device-Manager-server\Server\wsi\bin\ mofcomp.bat In Linux: installation-directory-for-the-Device-Manager-server/Server/wsi/ bin/mofcomp mofcomp -m -o ..\server\jserver\logr ..\server\jserver\mof\wbemserver \CIMXMLSIndicationHandlerTLSSettingData_instances.mof 4. Start the P9000 Command View AE Suite product services.
PAGE 225
Enter keystore-password:serverssl Enter alias:foocorpserver Enter authentication-filename(absolute path):c:\tmp\server.cer Enabling two-way authentication for object operations To enable two-way authentication for object operations, select SSL configuration for SMI-S, and then Set Security Level for Object Operations from the HiKeytool main menu. To enable two-way authentication for object operations: 1. Stop the P9000 Command View AE Suite product services. 2. Execute the following to start HiKeytool.
PAGE 226
Related topics • Starting services, page 317 • Stopping services, page 318 Importing a client certificate for object operations To import a CIM client certificate for object operations in two-way authentication into the truststore file (.truststore), select SSL configuration for SMI-S, and then Import Client's Certificate to TrustStore for Object Operations from the HiKeytool main menu.
PAGE 227
In Linux: installation-directory-for-the-Device-Manager-server/Server/wsi/ server/jserver/bin/indkeystore To create a keystore file for event indications: 1.
PAGE 228
2. Set the keystore password encrypted by WSIEncryptString.jar in the MOF file for event indications (CIMXMLSIndicationHandlerTLSSettingData_instances.mof), and then change the MutualAuthenticationRequired value to true.
PAGE 229
Exporting a client certificate for event indications To export a client certificate for event indications in two-way authentication from the keystore (indkeystore) file, select SSL configuration for SMI-S, and thenExport Server's Certificate from KeyStore for Event Indications from the HiKeytool main menu. Operations to complete in advance Edit the MOF file for event indications.
PAGE 230
2. Execute the following to start HiKeytool. In Windows: installation-folder-for-the-Device-Manager-server\Server\ HiKeytool.bat 3. In Linux: installation-directory-for-the-Device-Manager-server/Server/ HiKeytool.sh In the main menu, enter 2 (SSL configuration for SMI-S). 4. In the SMI-S main menu, enter 2 (Set Security Level for Event Indications) . 5. Enter 2 (SSL with two-way authentication) . The MOF file for event indications will be compiled, and the SMI-S main menu will appear again. 6.
PAGE 231
Operations to complete in advance • Obtain a CIM client server certificate for event indications (see “Exporting a server or client certificate for a CIM client” on page 234). • Delete the existing truststore file for event indications (indtruststore). (see “Truststores” on page 180) To import a server certificate for event indications: 1. Execute the following to start HiKeytool. In Windows: installation-folder-for-the-Device-Manager-server\Server\ HiKeytool.bat 2.
PAGE 232
Self-signed certificate for object operations supplied with the product The self-signed certificate for object operations that comes with Device Manager uses the SHA256withRSA algorithm and has a key size of 2,048 bits. The self-signed certificate is stored in the following keystore file (whose password is wbemssl): In Windows: installation-folder-for-the-Device-Manager-server\Server\wsi\server\ jserver\bin\.
PAGE 233
NOTE: If the message The compilation of the MOF file failed.
PAGE 234
Exporting a server or client certificate for a CIM client Use the keytool utility to export a server or client certificate for a CIM client from the client's keystore file. Operations to complete in advance • Install Java (JDK 1.5) onto the CIM client. • Create a CIM client server certificate.
PAGE 235
Controlling management client access to the management server In P9000 Command View AE Suite products, you can control which management clients can access the management server through the GUI or CLI. To restrict the management clients that can access the management server, edit the httpsd.conf file and the properties file for the Device Manager server.
PAGE 236
2. Add information about the management clients that can access the management server to the last line of the httpsd.conf file. Location of the httpsd.conf file • In Windows: installation-folder-for-Common-Component\httpsd\conf\httpsd.conf • In Linux: installation-directory-for-Common-Component/httpsd/conf/httpsd.conf Format for specifying clients in the httpsd.conf file order allow,deny allow from management-client [management-client...
PAGE 237
• Stopping services, page 318 • server.http.security.clientIP, page 488 • server.http.security.clientIPv6, page 488 Changing the password-encoding level in the Device Manager CLI and the Tiered Storage Manager CLI If a password is specified in advance, you do not need to enter your password when you execute commands by using the Device Manager CLI or the Tiered Storage Manager CLI.
PAGE 238
Security
PAGE 239
5 Configuring Device Manager for use with related products This chapter describes the settings required for linking with related products. Linking with PA Linking Device Manager or Tiered Storage Manager to PA will allow you to use the Mobility tab to check performance information, such as the parity group usage and the volume IOPS. It will also let you launch the PA GUI.
PAGE 240
Related topics • Starting services, page 317 • Stopping services, page 318 • Properties for connecting to PA (hppa.properties file), page 499 Launching the PA GUI Before you can launch the PA GUI, you must set up the client.properties file on the Device Manager server. However, if you want to launch the PA GUI from the Tiered Storage Manager GUI in Legacy mode, you must set up the client.properties file on the Tiered Storage Manager server. Operations to complete in advance • Set up PA.
PAGE 241
Operations to complete in advance Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux). Information to collect in advance • Storage Essentials startup URL For details, see the Storage Essentials documentation. To launch the Storage Essentials GUI: 1. Use a text editor to create a file named StorageEssentials.conf. In the StorageEssentials.conf file you created, set the LaunchURL parameter in the following format: LaunchURL=Storage-Essentials-startup-URL 2.
PAGE 242
To manage a storage system by SCVMM 2012: • On the window for registering the SMI-S provider of SCVMM 2012, specify the following items: • Protocol Specify SMI-S CIMXML. • IP address for the SMI-S provider Specify the IP address for the Device Manager server. Related topics • Changing Device Manager server properties, page 466 • server.cim.request.queue.
PAGE 243
6 Setting up logs and alerts This chapter describes the settings required to use the P9000 Command View AE Suite products to monitor the status of the system and errors. Setting up integrated log files Common Component provides a common library used for logging. P9000 Command View AE Suite products use this library to output trace log information to log files. Setting up trace log files (Windows) To change the number or size of Common Component trace log files, use the Windows HNTRLib2 utility.
PAGE 244
Setting up trace log files (Linux) To change the number or size of Common Component trace log files, use the utility program (hntr2util). WARNING! Changing the common trace log settings affects other program products that use the common trace logs. Operations to complete in advance Log in to the system as a root user. To set up Common Component trace log files: 1. Execute the utility program stored in the following location: /opt/hitachi/HNTRLib2/bin/hntr2util 2.
PAGE 245
To collect Tiered Storage Manager CLI log files: • Set the necessary properties in the HtsmgetTI.properties file stored in the following location. In Windows: installation-folder-for-the-Tiered-Storage-Manager-server\SupportTools\CollectTool\ In Linux: installation-directory-for-the-Tiered-Storage-Manager-server/SupportTools/CollectTool/ Table 51 Properties set in the HtsmgetTI.properties file Property Description Specify the directory in which Tiered Storage Manager CLI is installed.
PAGE 246
Categories Description Events indicating hardware or software failures: Failure • Hardware failures • Software failures (memory error, etc.
PAGE 247
Categories Description Events indicating that abnormal communication occurred: • SYN flood attacks to a regularly used port, or protocol violations • Access to an unused port (port scanning, etc.) Different products generate different types of audit log data. For details on the contents of the output audit log data, see “Checking audit log data” on page 414.
PAGE 248
Type description Automatic account lock Audit event Severity Message ID Failed login (to the external authentication server) 4 KAPM02451-W Successful logout 6 KAPM08009-I Automatic account lock (repeated authentication failure or expiration of account) 4 KAPM02292-W Table 55 Audit events that are output to audit logs (when the category is ConfigurationAccess) Type description Audit event Severity Message ID User registration Successful user registration 6 KAPM07230-I Failed user regist
PAGE 249
Type description Audit event Severity Message ID Failed account lock release using the hcmdsunlockaccount command 3 KAPM07240-E Successful authentication method change 6 KAPM02452-I Failed authentication method change 3 KAPM02453-E Authorization group addition Successful addition of an authorization group 6 KAPM07247-I (GUI) Failed addition of an authorization group 3 KAPM07248-E Successful deletion of one authorization group 6 KAPM07249-I Authorization group deletion Failed deletio
PAGE 250
Type description Audit event Severity Message ID User group deletion Successful deletion of a user group 6 KAPM07265-I Failed deletion of a user group 3 KAPM07266-E Successful update of a user group 6 KAPM07267-I Failed update of a user group 3 KAPM07268-E Successful registration of a role 6 KAPM07269-I Failed registration of a role 3 KAPM07270-E Successful deletion of a role 6 KAPM07271-I Failed deletion of a role 3 KAPM07272-E Successful update of a role 6 KAPM07273-I Faile
PAGE 251
Type description Database input/output Database area creation or deletion Authentication data input/output Audit event Severity Message ID Successful data output using the hcmdsdbmove command 6 KAPM06543-I Failed data output using the hcmdsdbmove command 3 KAPM06544-E Successful data input using the hcmdsdbmove command 6 KAPM06545-I Failed data input using the hcmdsdbmove command 3 KAPM06546-E Successful database area creation using the hcmdsdbsetup command 6 KAPM06348-I Failed databas
PAGE 252
Type description Device Manager server (via CIM) processing Acquisition of storage domain information#3 Acquisition of migration group information#3 252 Audit event Severity Message ID Response transmission (normal) 6 KAIC53100-I Response transmission (abnormal) 3 KAIC53300-E Request reception (normal) 6 Request reception (abnormal) 3 Response transmission (normal) 6 Response transmission (abnormal) 3 Successful acquisition of all storage domain information 6 KATS90000-I Failed acqu
PAGE 253
Type description Acquisition of storage system information#3 Acquisition of task information#3 Acquisition of storage tier information#3 Acquisition of pool information#3 Audit event Severity Message ID Successful acquisition of migration group summary information 6 KATS90000-I Failed acquisition of migration group summary information 4 KATS90001-W Successful acquisition of storage system information 6 KATS90000-I Failed acquisition of storage system information 4 KATS90001-W Successful
PAGE 254
Type description Acquisition of keystore file information#3 Acquisition of volume information#3 Acquisition of information about unused capacity of parity groups#3 Acquisition of external connection settings#3 Storage domain operations#3 254 Audit event Severity Message ID Failed acquisition of the number of pools returned from a search 4 KATS90001-W Successful acquisition of keystore file information 6 KATS90000-I Failed acquisition of keystore file information 4 KATS90001-W Successful a
PAGE 255
Type description Migration group operations#3 Task operations#3 Audit event Severity Message ID Failed update of a storage domain 4 KATS90001-W Successful volume addition to a migration group 6 KATS90000-I Failed volume addition to a migration group 4 KATS90001-W Successful acquisition of the list of storage tiers that can be specified as migration destinations 6 KATS90000-I Failed acquisition of the list of storage tiers that can be specified as migration destinations 4 KATS90001-W Suc
PAGE 256
Type description Storage tier operations#3 Audit event Severity Message ID Successful registration of a storage tier 6 KATS90000-I Failed registration of a storage tier 4 KATS90001-W Successful deletion of a storage tier 6 KATS90000-I Failed deletion of a storage tier 4 KATS90001-W Successful update of storage tier information 6 KATS90000-I Failed update of storage tier information 4 KATS90001-W #1: If an account is locked because the authentication method was changed for a user whose
PAGE 257
Type description Audit event Severity Message ID No permission to stop a task 4 KATS90010-W Note: This information is output only by operations from the Tiered Storage Manager CLI or the Tiered Storage Manager GUI in Legacy mode.
PAGE 258
Type description Acquisition of information from an external authentication server Audit event Severity Message ID Successful acquisition of user information from the LDAP directory server 6 KAPM10135-I Failed acquisition of user information from the LDAP directory server 3 KAPM10136-E Successful acquisition of the SRV record from the DNS server 6 KAPM10137-I Failed acquisition of the SRV record from the DNS server 3 KAPM10138-E For details about the output format of message text, see “Mess
PAGE 259
Item Description Specify the audit event categories to be generated. When specifying multiple categories, use commas (,) to separate them. In this case, do not insert spaces between categories and commas. If Log.Event.Category is not specified, audit log data is not output. For information about the available categories, see Table 53 to Table 57. Log.Event.Category is not case-sensitive. If an invalid category name is specified, the specified file name is ignored. Log.Event.
PAGE 260
Although you can specify this value, HP does not recommend that you specify it. The table below shows the correspondence between the severity levels of audit events, the values indicating severity that are specified in the syslog.conf file, and the types of event log data. Table 60 Correspondence between the severity levels of audit events, the severity levels in syslog.conf, and the types of event log data Severity of audit events Severity in syslog.
PAGE 261
For storage system alerts, you can specify that the contents of received alerts are automatically sent to users by email. Error detection by Device Manager Device Manager detects errors in management-target storage systems as follows: • Polling (default) Device Manager regularly monitors the operating status of the storage systems, and displays an alert when an error is detected. An alert includes the location where an error occurred and overview of the error.
PAGE 262
• Settings for reporting SNMP traps to Device Manager • The IP address of the management server must be registered in the SNMP Agent settings for storage systems as a target for trap notification. After the above settings finish, the Device Manager server receives SNMP traps from all communities and displays them as alerts. Related topics • Changing Device Manager server properties, page 466 • server.dispatcher.daemon.
PAGE 263
NOTE: • Device Manager sends email only once when an alert is issued. If the Device Manager server fails to send an email, the same email will not be sent again. Information on an alert and email address of the intended destination of this email, are output to the Device Manager trace log file. • If the Device Manager server service stops before the Device Manager server sends an email about an alert, the email will not be sent.
PAGE 264
TIP: The users who receive emails need to use email software that supports Unicode (UTF-8) encoding because, when sending an email, the Device Manager server sets the character encoding of the email to Unicode (UTF-8).
PAGE 265
Operations to complete in advance • Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux). • Set the server.mail.smtp.auth property of the Device Manager server Specify true. Information to collect in advance • User ID and password for which All Resources has been assigned as a resource group and Admin has been set as the role in Device Manager. • User ID and password used for SMTP authentication. To register an SMTP authentication user account in Device Manager: 1.
PAGE 266
In Windows: installation-folder-for-the-Device-Manager-server\Server\config In Linux: installation-directory-for-the-Device-Manager-server/Server/config The following shows the settings of the default mail-alert-detection.txt file: Specify the mail-alert-detection.txt file so that all of the conditions below are satisfied. If at least one condition is not satisfied, the Device Manager server will create an email by using the default settings. • Do not change the file name and location.
PAGE 267
Parameter name Description Time at which the Device Manager server acquired alert information occurrenceTime Display format: yyyy/mm/dd hh:mm:ss hh is displayed by using 24-hour display. Related topics • Starting services, page 317 • Stopping services, page 318 Sending SNMP traps to log files Device Manager receives SNMP traps issued by devices on the network and outputs them to log files.
PAGE 268
• Device Manager must be able to use port 162/udp of the management server. • Specify true for the server.dispatcher.daemon.receiveTrap property. • Settings required to report SNMP traps to Device Manager# • The management server information must be registered in SNMP related software as the target for trap notification. For example, to receive storage system SNMP traps, SNMP Agent settings must be specified.
PAGE 269
Event Description Specified time elapsed This event occurs when a period specified by a user for a migration group created via the Tiered Storage Manager CLI or Tiered Storage Manager GUI in Legacy mode has elapsed (for the GUI the period is until a specified date; for the CLI the period is a specified number of days).
PAGE 270
TIP: To send notifications about executed tasks via the Tiered Storage Manager CLI or the Tiered Storage Manager GUI in Legacy mode, the following properties in the Tiered Storage Manager server server.properties file must be set: • server.mail.from • server.mail.smtp.host • server.mail.smtp.port • server.mail.smtp.auth • server.mail.errorsTo • server.eventNotification.mail.to • server.
PAGE 271
Type Event Template file • In Windows: installation-folder-for-theTiered-Storage-Manager-server\ conf\mail-shreddingtask-end.txt Shredding task ended#2 • In Linux: installation-directory-for-theTiered-Storage-Manager-server/ conf/mail-shreddingtask-end.txt • In Windows: installation-folder-for-theTiered-Storage-Manager-server\ conf\mail-lockingtask-end.txt Locking task ended#2 • In Linux: installation-directory-for-theTiered-Storage-Manager-server/ conf/mail-lockingtask-end.
PAGE 272
#1: The template files are stored in the following locations: • In Windows: installation-folder-for-the-Device-Manager-server\Server\template • In Linux: installation-directory-for-the-Device-Manager-server/Server/template #2: The template files are stored in the following locations: • In Windows: installation-folder-for-the-Tiered-Storage-Manager-server\template • In Linux: installation-directory-for-the-Tiered-Storage-Manager-server/template By specifying, within the template files, parameters that will a
PAGE 273
The parameters that can be specified in a template depend on the events. The parameters are listed in Table 65 to Table 67. Table 65 Parameters for events that occur when tasks end (migration tasks created via the Migrate data wizard) Parameter Description task Task name taskType Task type status Task status description Task description user The user ID of the user who created the task.
PAGE 274
Parameter Description targetStorageTierName Name of the target storage tier eraseData Whether data after migration is to be deleted migratedVolumes Device numbers of both migrated volumes and volumes whose data has been erased shreddingMethod Shredding method shreddedVolumes Device numbers of shredded volumes guardMode Lock mode retentionDays Retention period (days) lockedVolumes Device numbers of locked volumes unlockedVolumes Device numbers of unlocked volumes moveToMigrationGroupName
PAGE 275
TIP: To send notifications about executed tasks via the Tiered Storage Manager CLI or the Tiered Storage Manager GUI in Legacy mode, an SMTP authentication user account must be set up on the Tiered Storage Manager server by using the htsmmodmailuser command. Format of the hdvmmodmailuser command The SMTP authentication user settings set by the hdvmmodmailuser command are also used for alert email notification .
PAGE 276
Related topics • Starting services, page 317 • Stopping services, page 318 Format of the htsmmodmailuser command Execute the command after moving to the following folder or directory: In Windows: installation-folder-for-the-Tiered-Storage-Manager-server\bin In Linux: installation-directory-for-the-Tiered-Storage-Manager-server/bin The following shows the syntax of the htsmmodmailuser command: Format htsmmodmailuser -u Tiered-Storage-Manager-user-ID -p Tiered-Storage-Manager-password SMTP-authentication-use
PAGE 277
7 Configuring Device Manager for CIM/WBEM This chapter explains how to configure Device Manager for CIM/WBEM . About CIM/WBEM Device Manager supports CIM and WBEM, which have been defined by the DMTF standards group. CIM is a method of managing systems in a network environment. WBEM is a standard for managing network devices, such as hosts and storage systems, over the Internet. The CIM model that Device Manager uses complies with the SMI-S specifications advocated by SNIA, and is compatible with SNIA-CTP.
PAGE 278
The SMI-S specifications, which Device Manager conforms to, define the interfaces for devices that make up a storage network, such as storage systems, virtual storage systems, switches, and hosts. The functions that need to be provided by the management service to manage the devices are grouped in a profile for each device. The profiles used by the CIM/WBEM functions of Device Manager are the Array profile and its subprofiles. The Array profile defines the interfaces for storage systems.
PAGE 279
Specify root/smis/smisxx (xx is an abbreviation for the version number). For example, to specify version 1.5.0, enter root/smis/smis15. The latest namespaces that complies with the specified SMI-S version is selected. • Specify the condition current. Enter root/smis/current. The current namespace is selected. • Specify interop. SMI-S 1.3.0 or a later version supports the namespace interop.
PAGE 280
Role in Device Manager CIM method that can be executed Admin Modify View Peer Service methods CIM operations -- -- Yes -- Not permitted Permitted -- -- -- Yes Not permitted Permitted Legend: Yes: This role has been assigned. --: This role has not been assigned. Permitted: These CIM methods can be executed. Not permitted: These CIM methods cannot be executed.
PAGE 281
CAUTION: • If you delete a storage system while disabling CIM/WBEM functions, perform step 2 in the following order to restart the services. 1. In the server.properties file, change the server.logicalview.initialsynchro property to true. 2. Restart the P9000 Command View AE Suite product services. 3. In the server.properties file, change the server.logicalview.initialsynchro property back to false.
PAGE 282
• • • • • server.cim.http.port, page 471 server.cim.https.port, page 472 Ciphers, page 490 HTTPPort, page 501 HTTPSPort, page 501 Settings for acquiring storage system performance information by using CIM/WBEM functions This section describes the system configuration that is required to use the performance information acquisition function, and how to specify settings for acquiring performance information.
PAGE 283
Device Manager agent version 7.0 or later is required for P9500 storage systems, and Device Manager agent version 5.9 or later is required for XP24000/XP20000 or XP12000/XP10000/SVS200 storage systems. HP recommends that use the same computer for the management server and for the host that acquires performance information.
PAGE 284
3. Use the perf_findcmddev command to register command devices. CAUTION: • If you upgrade the Device Manager agent from version 6.3 or earlier to version 6.4 or later, the settings in the perf_cmddev.properties file remain unchanged. If you are using a storage system in an SLPR environment, after the upgrade installation finishes, refresh the information of SLPR command devices defined in the perf_cmddev.properties file. • If you are using the Device Manager agent version 6.
PAGE 285
Storage directory of the command In Windows: installation-folder-for-the-Device-Manager-agent\bin In Linux: /opt/HDVM/HBaseAgent/bin Options write [-file file-name] This option outputs the settings of all command devices recognized by the host to the file. You can use the -file file-name option to specify the desired file name. To specify the file name, you can use an absolute or relative path. If you do not specify the -file option, the perf_cmddev.properties file will be overwritten.
PAGE 286
Raid ID Serial# R500 14050 R601 44332 R501 UNKNOWN SLPR# 0 1 - LDEV# 345 456 1045 Device file name \\.\PhysicalDrive3 \\.\Volume{xxxxxxx-xxxx-xxx-xxxxxxxx} \\.\PhysicalDrive10 Related topics • Format of the perf_cmddev.properties file, page 286 Format of the perf_cmddev.properties file Edit the perf_cmddev.properties file to define the command device of the target storage system. Storage directory of the perf_cmddev.
PAGE 287
Setting item Value LDEV-number Specify the CU:LDEV number of the command device by using a decimal (base 10) number. Specify the command device identifier (the PhysicalDrive number, VolumeGUID, or device file name) that the host recognizes in the following format:# • In Windows: \\.\PhysicalDriveX deviceFileName \\.\Volume{GUID} • In Linux: /dev/sdx x is an integer.
PAGE 288
OpenSLP 1.2.0 OpenSLP is provided with the SUSE Linux Enterprise Server system. For details on OpenSLP, see the Novell website (http://www.novell.com/). Starting and stopping the SLP service This section describes how to start and stop the SLP service. Starting and stopping the SLP service (Windows) Operations to complete in advance Log in as a user with Administrator permissions.
PAGE 289
To stop the SLP daemon: • Execute the following command: installation-directory-for-the-Device-Manager-server/Server/wsi/bin/ slpd.sh stop Starting and stopping the SLP service (SUSE Linux Enterprise Server) Operations to complete in advance Log in as a user with root user.
PAGE 290
2. Execute the following command: slpd -remove Releasing the SLP daemon (Linux) Operations to complete in advance Log in as a user with root user. To release the SLP daemon: 1. Stop the SLP daemon. 2. If /etc/init.d/slpd exists, delete it. # chkconfig --level 01345 slpd off # chkconfig --del slpd # rm -f /etc/init.
PAGE 291
8 Setting up a cluster environment By clustering two P9000 Command View AE Suite product management servers together in an active-standby configuration, the availability of P9000 Command View AE Suite products can be improved. This chapter explains how to set up a cluster environment for P9000 Command View AE Suite products. Verifying the management server environment The setup procedure differs depending on the management server environment.
PAGE 292
The sizes of the Device Manager, Tiered Storage Manager, Replication Manager, and Common Component databases are equal to the sizes of the folders or directories that contain the database files for the corresponding products. For details about the sizes of other P9000 Command View AE Suite product databases, see the manuals for those products. CAUTION: • The disk configuration must be the same on all the nodes that make up a cluster.
PAGE 293
2. If any other P9000 Command View AE Suite products are included in the cluster environment, remove the P9000 Command View AE Suite product services and resource group from the targets of the cluster management. CAUTION: Do not remove the following resources from the cluster management • Shared disk • Cluster management IP address • Logical host name 3. Perform a new installation of P9000 Command View AE Suite on the executing node.
PAGE 294
6. Use a text editor to create a cluster-configuration file. This step is not required if the cluster environment has been configured for other P9000 Command View AE Suite products. The items to be specified in the cluster-configuration file are as follows: mode=online virtualhost=logical-host-name onlinehost=executing-node-host-name standbyhost=standby-node-host-name Save the created file as cluster.conf in installation-folder-of-Common-Component\ conf. CAUTION: • Specify online for mode.
PAGE 295
9. Execute the following command to back up the database after the new installation. As preparation in case of a failure, HP recommends that you back up the databases. installation-folder-of-Common-Component\bin\hcmdsbackups /dir target-folder-for-storing-backup-files /auto dir Using an absolute path, specify the local disk folder for the database backup files. Verify that the folder for the dir option is empty. auto Automatically starts or stops P9000 Command View AE Suite services.
PAGE 296
11. Execute the following command to migrate the database to the shared disk: installation-folder-of-Common-Component\bin\hcmdsdbclustersetup / createcluster /databasepath target-folder-for-re-creating-database / exportpath target-folder-for-storing-database /auto createcluster This option changes the P9000 Command View AE Suite product in a non-cluster configuration to a cluster configuration. databasepath Specify the folder in which you want to re-create the database.
PAGE 297
• Services and resource group that need to be removed from the cluster management: The manuals for P9000 Command View AE Suite products. • How to install P9000 Command View AE Suite: HP P9000 Command View Advanced Edition Suite Software Installation and Configuration Guide Installing on the standby node (new installation) To perform a new installation of P9000 Command View AE Suite on the standby node: 1. Perform a new installation of P9000 Command View AE Suite on the standby node.
PAGE 298
5. Set the database on the shared disk as the database to be used. The procedure is described in steps 6 through 7. If a cluster environment has been configured for another P9000 Command View AE Suite product, there is no need to perform the steps for changing the settings if you want to use the database on the shared disk. Proceed to step 8. 6. If HiRDB is currently using a different port number than the default (23032/tcp), keep a note of the current port number. 7.
PAGE 299
9.
PAGE 300
Dialog box name Setting Dependencies Register the drive letter and network name of the shared disk. Generic Service Parameters Registry Replication Service name: HiRDBClusterService_HD0 Start parameters: Specify nothing. Specify nothing. Table 74 Settings for registering the HBase Storage Mgmt Common Service as a resource (for Microsoft Cluster Service) Dialog box name New Resource Setting Name: HBase Storage Mgmt Common Service (optional) Resource type: Generic Service.
PAGE 301
Dialog box name Generic Service Parameters Registry Replication Setting Service name: DeviceManagerWebService Start parameters: Specify nothing. Specify nothing. Table 77 Settings for registering the DeviceManagerServer as a resource (for Microsoft Cluster Service) Dialog box name New Resource Setting Name: DeviceManagerServer (optional) Resource type: Generic Service. Possible Owners Make sure that the executing and standby nodes have been added.
PAGE 302
• If there is a resource group in which another P9000 Command View AE Suite product has been registered, use that resource group. Make sure that the resource group consists of only those resources that are related to P9000 Command View AE Suite products. To set up Windows Server Failover Clustering: 1. Right-click the name of the resource group, and choose Add Resource, then Generic service.
PAGE 303
Tab name Setting Advanced Policies Possible Owners: Make sure that the executing and standby nodes have been added. Policies Specify nothing. Registry Replication Specify nothing. Table 81 HBase Storage Mgmt Web Service property settings (for Windows Server Failover Clustering) Tab name Setting General Startup parameters (or Startup type): Specify nothing (if a value is specified, delete it). Dependencies Register HBase Storage Mgmt Common Service.
PAGE 304
Tab name Setting Registry Replication Specify nothing. Table 84 HP StorageWorks XP Tiered Storage Manager property settings (for Windows Server Failover Clustering) Tab name Setting General Startup parameters (or Startup type): Specify nothing (if a value is specified, delete it). Dependencies Register DeviceManagerServer. Advanced Policies Possible Owners: Make sure that the executing and standby nodes have been added. Policies Specify nothing. Registry Replication Specify nothing.
PAGE 305
4. Use the cluster management application on the executing node to take the following service offline: 5. • HiRDB/ClusterService _HD0 On the standby node, perform the same operations described in steps 1 to 4. 6. Use the cluster management application to suppress failover of the resource group. On the executing or standby node, change the settings of the resources listed below.
PAGE 306
3. Execute the following command to back up the database after the upgrade or overwrite installation is complete: installation-folder-of-Common-Component\bin\hcmdsbackups /dir target-folder-for-storing-backup-files /auto dir Using an absolute path, specify the local disk folder for the database backup files. Verify that the folder for the dir option is empty. auto Automatically starts or stops P9000 Command View AE Suite services.
PAGE 307
4. 5. In the Services window, open the properties for the following services, and then change Startup Type from Automatic to Manual: • HBase Storage Mgmt Common Service • HBase Storage Mgmt Web Service • HCS Device Manager Web Service • DeviceManagerServer • HP StorageWorks XP Tiered Storage Manager Use the cluster management application to enable failover of the resource group. Change the settings of the resources listed below.
PAGE 308
Manager, or Replication Manager server operating in a non-cluster configuration is used for the executing node in the cluster. CAUTION: During setup of a cluster environment, P9000 Command View AE Suite services stop. Therefore, do not access P9000 Command View AE Suite while setup is in progress. To change the management server environment to a cluster configuration: 1. Install P9000 Command View AE Suite on the computer to be used as the standby node. 2.
PAGE 309
4. Use a text editor to create a cluster-configuration file on the executing node and a cluster configuration file on the standby node.
PAGE 310
6. Execute the following command to back up the database at the executing node. installation-folder-of-Common-Component\bin\hcmdsbackups /dir target-folder-for-storing-backup-files /auto dir Using an absolute path, specify the local disk folder for the database backup files. Verify that the folder for the dir option is empty. auto Automatically starts or stops P9000 Command View AE Suite services.
PAGE 311
8. From the executing node, execute the following command to migrate the database to the shared disk. installation-folder-of-Common-Component\bin\hcmdsdbclustersetup / createcluster /databasepath target-folder-for-re-creating-database / exportpath target-folder-for-storing-database /auto createcluster This option changes the P9000 Command View AE Suite product in a non-cluster configuration to a cluster configuration. databasepath Specify the folder in which you want to re-create the database.
PAGE 312
11. On both the executing and standby nodes, change settings so that the following services start manually. • • • • • HBase Storage Mgmt Common Service HBase Storage Mgmt Web Service HCS Device Manager Web Service DeviceManagerServer HP StorageWorks XP Tiered Storage Manager In the Services panel, open the properties of each service, and then change Automatic to Manual in Startup Type. 12. Using the cluster software, register resources.
PAGE 313
6. Use the cluster management application to suppress failover of the resource group. Perform the following operation on the services listed in step 5 that you do not want to delete: 7. If Microsoft Cluster Service is used: Right-click the resource name, and choose Properties, the Advanced tab, and then Do not restart. If Windows Server Failover Clustering is used: Right-click the resource name, and choose Properties, the Policies tab, and then If resource fails, do not restart.
PAGE 314
16. To continue using the remaining resource group, enable failover. Specify the following settings for the resources whose failover was suppressed in step 6: If Microsoft Cluster Service is used: Right-click the resource name, and choose Properties, the Advanced tab, and then Restart.
PAGE 315
9 Starting and stopping services This chapter explains how to start and stop the P9000 Command View AE Suite product services on the management server. Resident processes of P9000 Command View AE Suite P9000 Command View AE Suite (Device Manager, Tiered Storage Manager, and Replication Manager) operation requires that resident processes are running on the OS. The following table describes the resident processes of Device Manager, Tiered Storage Manager, and Replication Manager.
PAGE 316
Process name Service name Function pdservice.exe#3 HiRDB/EmbeddedEdition _HD0 HiRDB process server control #1: Do not register it as a cluster resource. #2: Displayed in Windows (x64) only. #3: This process must always be running. Do not stop it manually or register it as a cluster resource.
PAGE 317
Starting services You can start the P9000 Command View AE Suite product services from the Windows menu or by using the hcmdssrv command. Operations to complete in advance Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux). To start the services: • Perform the following operations.
PAGE 318
Stopping services You can stop the P9000 Command View AE Suite product services from the Windows menu or by using the hcmdssrv command. Operations to complete in advance Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux).
PAGE 319
Related topics • How to stop the services of the P9000 Command View AE Suite products whose versions are earlier than 5.7: See the manuals for the corresponding versions of P9000 Command View AE Suite products. Checking the operating status of services You can check the operating status of the P9000 Command View AE Suite product services from the Windows menu or by using the hcmdssrv command.
PAGE 320
Starting and stopping services
PAGE 321
10 Managing the database This chapter describes how to back up and restore the database for P9000 Command View AE Suite products. Managing databases The following table describes backing up and restoring, as opposed to exporting and importing. Table 87 Backing up and restoring as opposed to exporting and importing Item Backing up and restoring Exporting and importing Restrictions on P9000 Command View AE Suite product versions No restrictions Version 5.
PAGE 322
Required space: (total-size-of-all-P9000-Command-View-AE-Suite-product-databases-to-bebacked-up + 2.
PAGE 323
2. Execute the hcmdsbackups command to back up the database. In Windows: installation-folder-for-Common-Component\bin\hcmdsbackups /dir folder-for-storing-backup-files /auto In Linux: installation-directory-for-Common-Component/bin/hcmdsbackups -dir directory-for-storing-backup-files -auto dir Specify the absolute path of the directory on the local disk in which the database backup files are stored. In Linux, do not specify a path that includes a space.
PAGE 324
3. Execute the hcmdssrv /stop command to stop the P9000 Command View AE Suite product services. Then, execute the hcmdssrv /statusall command to make sure that the services have stopped or that the return code of the command is 0. 4. Use the cluster management application to take the following service offline: 5. • HiRDBClusterService _HD0 Use the cluster management application to suppress failover of the resource group. Change the settings of the resources listed below. 6.
PAGE 325
8. Use the cluster management application to enable failover of the resource group. Change the settings of the resources listed below. 9.
PAGE 326
When the hcmdsdbrepair command is executed, all of the P9000 Command View AE Suite databases installed on the management server are forcibly deleted and then replaced by the exported databases. Restoring a database when a data inconsistency occurs If a database inconsistency occurs, execute the hcmdsdb command to restore the database by using a database backed up via the hcmdsbackups command. CAUTION: • The hcmdsdb command, which is used in the procedure below, creates temporary files during execution.
PAGE 327
2. Execute the hcmdsdb command to restore the database. In Windows: installation-folder-for-Common-Component\bin\hcmdsdb.bat /restore backup-file /type name-of-the-P9000-Command-View-AE-Suite-productto-be-restored /auto In Linux: installation-directory-for-Common-Component/bin/hcmdsdb -restore backup-file -type name-of-the-P9000-Command-View-AE-Suite-productto-be-restored -auto restore Specify the absolute path to the database backup file (backup.hdb) that was created by using the hcmdsbackups command.
PAGE 328
10. Check the status of Device Manager tasks from the Device Manager GUI. If a Device Manager task is not completed or has failed, re-create the task or change the execution schedule of the task as necessary. 11. See the message log of Tiered Storage Manager. When Tiered Storage Manager is started for the first time after a database is restored, make sure that the message KATS50354-E is output to a log file.
PAGE 329
5. Use the cluster management application to suppress failover of the resource group. Change the settings of the resources listed below. 6.
PAGE 330
9. Use the cluster management application to enable failover of the resource group. Change the settings of the resources listed below.
PAGE 331
Restoring a database when a database is corrupted If a database is corrupted, execute the hcmdsdbrepair command to restore the database by using a database that was exported via the hcmdsdbtrans. CAUTION: During database restoration, P9000 Command View AE Suite services stop. Therefore, do not access P9000 Command View AE Suite while restoration is in progress. Restoring a database when it is corrupted (in a non-cluster configuration) To restore a database if the management server is not clustered: 1.
PAGE 332
12. See the message log of Tiered Storage Manager. When Tiered Storage Manager is started for the first time after a database is restored, make sure that the message KATS50354-E is output to a log file. The task IDs of Tiered Storage Manager tasks whose status was changed to Failure are output to KATS50354-E. 13. See the volume information of the tasks indicated in the message KATS50354-E and check whether those tasks are completed.
PAGE 333
5. Use the cluster management application to suppress failover of the resource group. Change the settings of the resources listed below. 6.
PAGE 334
11. On the executing node and standby node, change the value of the server.base.initialsynchro property on the Device Manager server back to false. 12. On the executing node and standby node, change the value of the server.base.initialsynchro property on the Tiered Storage Manager server back to false. 13. Refresh the storage system from the Device Manager GUI or CLI. 14.
PAGE 335
Prerequisites and restrictions on migrating databases The following are notes on the databases, product types, versions, and user information of P9000 Command View AE Suite products on the migration source and destination servers. Notes on databases, product types, and versions of P9000 Command View AE Suite products: • If Replication Monitor 5.x or earlier is already installed on the migration source server, before exporting the database, upgrade the product to version 6.
PAGE 336
Exporting databases from the migration-source server To export the databases of P9000 Command View AE Suite products, a directory for temporarily storing the database data and a directory for storing archive files are required. For each directory, ensure that a comparable capacity to the total size of the following directories is available.
PAGE 337
Exporting databases in a cluster configuration This section explains how to export the databases on the migration destination server when the OS of the management server is in a cluster configuration. CAUTION: Use the executing node (a machine that has online set for mode in the cluster.conffile) to export databases. To export databases using Microsoft Cluster Service or Windows Server Failover Clustering: 1. Log on to the management server as a user with Administrator permissions. 2.
PAGE 338
7. Execute the hcmdsdbtrans command to export the databases. installation-folder-for-Common-Component\bin\hcmdsdbtrans /export / workpath working-folder /file archive-file workpath Specify the absolute path to the working folder where you want to temporarily store database data. Specify a folder on your local disk. Make sure that no files or subfolders are in the folder specified for the workpath option. file 8. Using an absolute path, specify the name of the archive file to be output.
PAGE 339
To import databases into the migration-destination server in a non-cluster configuration: 1. Log on to the management server as a user with Administrator permissions or root permissions. 2. If you specified a value other than the default value for a property on the migration source management server, check and review the property value set on the migration destination server as required. The property file will not be migrated to the migration destination server even if the database is imported.
PAGE 340
3. Execute the hcmdsdbtrans command to import the databases.
PAGE 341
Product Value Other products Refer to the manual for each product. #1: When importing databases that were exported from an environment of version 7.0 or later, regardless of whether you have registered a Tiered Storage Manager license, import both the Device Manager and Tiered Storage Manager databases at the same time. #2: To import the Replication Manager database, you must also import the Device Manager database at the same time. auto 4.
PAGE 342
Importing databases in a cluster configuration This section explains how to import the databases on the migration destination server when the OS of the management server is in a cluster configuration. CAUTION: Use the executing node (a machine that has online set for mode in the cluster.conf file) to import databases. To import databases using Microsoft Cluster Service or Windows Server Failover Clustering: 1. Log on to the management server as a user with Administrator permissions. 2.
PAGE 343
7. Start HiRDB. installation-folder-of-Common-Component\bin\hcmdsdbsrv /start 8. Execute the hcmdsdbtrans command to import the databases. installation-folder-for-Common-Component\bin\hcmdsdbtrans /import / workpath working-folder [/file archive-file] /type {ALL|P9000-Command-View-AE-Suite-products-whose-databases-will-be-migrated} workpath When using the archive file for the import: Specify the absolute path to the folder used to extract the archive file. Specify a folder on your local disk.
PAGE 344
9. On the executing node and standby node, specify true for the server.base.initialsynchro property of the Device Manager server. Because, other than user information, the hcmdsdbtrans command does not migrate the Common Component repository, you need to synchronize the repository information with the imported Device Manager database data. 10. On the executing node and standby node, specify true for the server.base.initialsynchro of the Tiered Storage Manager server. 11.
PAGE 345
18. Back up the databases. After resuming operations, you cannot import the archive file that was exported in version 6.4 or earlier. In preparation for a failure, HP recommends that you back up the databases immediately after importing them.
PAGE 346
Managing the database
PAGE 347
11 Using the Device Manager agent This chapter explains the settings that must be specified to run the Device Manager agent. This chapter also explains Device Manager agent operations. Prerequisites for running the Device Manager agent This section provides the prerequisites for running the Device Manager agent. This section also provides notes on using the Device Manager agent.
PAGE 348
• If you have installed the Device Manager agent and then upgraded the host OS under any of the following conditions, perform an overwrite installation of the Device Manager agent: • Upgrading Solaris from a version earlier than 9 to version 9 or later • Upgrading AIX from a version earlier than 5.2 to version 5.
PAGE 349
• Settings for managing copy pairs You must specify these settings if you use Device Manager or Replication Manager to manage copy pairs. • Settings required when 100 or more LUs are managed for a host You must specify these settings if a host recognizes 100 or more LUs that are managed by Device Manager.
PAGE 350
• new Specify this argument to select the latest version of the Java execution environment from Oracle JDK and Oracle JRE installed on the host. If the versions of the installed JDK and JRE are the same, the JDK takes precedence. • bundle Specify this argument to select the Java execution environment bundled with the Device Manager agent. • Java-execution-environment-installation-path If you want to use a specific Java execution environment, specify the absolute path of the installation path.
PAGE 351
Command format firewall_setup {-set|-unset} Location of the command installation-folder-for-Device-Manager-agent\bin Options -set Adds firewall exceptions. -unset Removes firewall exceptions. Related topics • server.agent.port, page 536 • server.http.localPort, page 536 • server.http.
PAGE 352
2. Execute the following command to ensure that the Java process to be used by the Device Manager agent has been registered as an SED exception: # sedmgr -d Java-execution-environment-installation-path/bin/java If the Java process has been registered as an SED exception, the following information will be displayed: Java-execution-environment-installation-path/bin/java : exempt 3. Restart the host. Related topics • server.agent.JRE.
PAGE 353
CAUTION: If you want to check the latest copy pair information by using the GUI or CLI, take either of the following actions depending on the copy pair management method. If local management is used: Refresh the storage systems. If central management is used: Refresh the pair management server. • To use an SVP as a virtual command device to manage copy pairs defined as a device group: When P-VOLs and S-VOLs are assigned to the management server, the following property must be set: server.agent.rm.
PAGE 354
• agent.rm.TimeOut property in the agent.properties file of the Device Manager agent Adjust this value as necessary, while running Replication Manager and checking for timeouts during processing. • server.agent.maxMemorySize property in the server.properties file of the Device Manager agent Specify a value based on the number of pairs managed by a host (pair management server). By default, the heap runs in a 64 MB memory area.
PAGE 355
NOTE: • Depending on the environment, this issue might not be solved by setting the guide values. Make sure that you adjust the values to suit your environment. • In the following cases, set a value two to three times larger than the guide value. When executing the HiScan command shortly after restarting the Device Manager agent. When executing the hldutil command and HiScan command at the same time. When executing multiple HiScan commands at the same time.
PAGE 356
Recommended property values to be set for a host that will manage 100 or more LUs (when the host is using a volume manager) The following tables list the recommended property values for hosts that use a volume manager. Table 93 to Table 97 list, for each host OS, the general setting values when using a volume manager. These tables also list the setting values when the execution of the HiScan command finishes within an hour.
PAGE 357
Number of LUs and logical volumes managed by Device Manager and recognized by the host server. http.entity. maxLength (units: bytes) 1,000/1,000 72,000,000 or more server.http. server.timeOut (units: seconds) 1,200 server.util. processTimeOut (units: milliseconds) server.agent.
PAGE 358
Number of LUs and logical volumes managed by Device Manager and recognized by the host server. http.entity. maxLength (units: bytes) server.http. server.timeOut (units: seconds) server.util. processTimeOut (units: milliseconds) server.agent.
PAGE 359
The following describes the resident processes of the Device Manager agent. Table 98 Resident processes of the Device Manager agent (Windows) Process name Service name Function hbsa_service.exe HBsA Service Device Manager agent service Table 99 Resident processes of the Device Manager agent (UNIX) Process name Function hbsa_service Device Manager agent service Immediately after Device Manager agent installation is completed, the Device Manager agent service is enabled.
PAGE 360
Specify this option to start the Device Manager agent service. stop Specify this option to stop the Device Manager agent service. If the -f option is also specified, the command forces the Device Manager agent service to stop. In such a case, all processing is forced to terminate, thus ongoing processing of jobs is not guaranteed. status Specify this option to check the operating status of the Device Manager agent service.
PAGE 361
Device Manager agent operations This section explains Device Manager agent operations. Checking the available agent functions (hbsa_modinfo command) Use the hbsa_modinfo command to display the names and versions of available add-on modules. The names and versions of add-on modules are displayed in V.R1.R2-MM format (V: version number, R1 and R2: revision number, MM: modification version number).
PAGE 362
• Replication Manager agent Monitors the status of storage system replication. • Replication Manager Application agent Centrally manages backup operations on a unit basis using the high-speed copy function of the storage system. Deleting the Device Manager agent's registry entries and files (hbsa_util command) If the OS of the host is Windows, you can use the hbsa_util command to delete the Device Manager agent's registry entries and files.
PAGE 363
In AIX: /usr/HDVM/HBaseAgent/bin Setting the Device Manager server's information, HiScan command's execution period, and RAID Manager's information (hdvmagt_setting command) Use the hdvmagt_setting command to set the Device Manager server's information, the HiScan command's automatic execution period, and the information necessary for using RAID Manager. This command lets you interactively set the items listed in the following table.
PAGE 364
Information to collect in advance • IP address or host name of the Device Manager server • Port number of the Device Manager server You can check this value by using the server.http.port property in the server.properties file for the Device Manager server. • User ID and password for the Device Manager agent The relevant user account must belong to the Device Manager PeerGroup.
PAGE 365
Operations to complete in advance Log in as a user with Administrator permissions (for Windows) or as a root user (for UNIX). Information to collect in advance • IP address or host name of the Device Manager server • Port number of the Device Manager server • User ID and password for the Device Manager agent If you want to use another account with the Device Manager agent, you must register the user ID in the PeerGroup user group in advance.
PAGE 366
Specifies the interval (in seconds) at which host information is sent to the Device Manager server. Host information is continuously sent to the Device Manager server at the specified interval, until a forced termination occurs. Values of less than ten seconds are recognized as invalid. Specify a value in the range from 10 to 2147483647. -t Specify this option if you want to output the host information that was sent to the Device Manager server to an XML file. The file is output to the current directory.
PAGE 367
Location of the command In Windows: installation-folder-for-Device-Manager-agent\util\bin In Solaris, Linux, or HP-UX: /opt/HDVM/HBaseAgent/util/bin In AIX: /usr/HDVM/HBaseAgent/util/bin Options -d Specify this option to display information about the LDEV specified as an argument of this option. (The argument is either a drive number (in Windows) or device special file name (in UNIX).) If the argument is omitted, the command displays information about all LDEVs that are currently recognized.
PAGE 368
LDEV information using the file system name that is included in each logical device and assigned the lowest ASCII code. If you do not specify the -s option, the command outputs LDEV information in the order in which it has processed the information. -serdec Specify this option to display the serial number of the storage system in decimal format. -k Specify this option to send the contents of the latest execution log file to the standard output. This processing involves no hardware access.
PAGE 369
Information displayed by the hldutil command The following table lists and describes the information output when you execute the hldutil command. The information items are output in the order shown in the table. The items displayed differ depending on the OS and the specified options.
PAGE 370
Storage system models corresponding to RaidID values displayed by the hldutil command The RaidID values displayed by the hldutil command are strings that indicate storage system models. The following table shows the correspondence between RaidID values and storage system models.
PAGE 371
Sort key Descriptions tid Target ID vend Vendor name wwnn Node WWN name wwnp Port WWN name Configuration definition file for managing copy pairs In Device Manager, you can use a user-created RAID Manager configuration definition file to manage copy pairs. Prerequisite environment for using the configuration definition file To use the configuration definition file, you need to set up the environment as follows on the host on which RAID Manager is installed.
PAGE 372
3. Use the Device Manager GUI or CLI to refresh the storage system that contains the copy pair volumes for which the configuration definition file was created. NOTE: • If a parameter not supported by Device Manager is used, the configuration definition file is assumed to be invalid and the system does not execute normal processing. Even though a parameter is supported, Device Manager might not support certain description formats.
PAGE 373
# These parameters are supported by Device Manager agent version 6.2 or later. Note that when you create or use a copy pair, even if HORCM_CTQM information is defined in the configuration definition file, the Device Manager agent will operate while ignoring the definition. The Device Manager agent does not add the HORCM_CTQM definitions to the configuration definition file, nor does it add a pair group to the existing definitions.
PAGE 374
HORCM_MON parameter description format Use the HORCM_MON parameter to specify the machine information for the local host and the interval for monitoring errors in copy pair volumes. • ip_address Specify the IP address (the Device Manager agent whose version is 5.9 or later supports the IPv6 protocol), host name, NONE, or NONE6.
PAGE 375
Specify the port name or port number. • Specify the port name using 1 to 15 single-byte characters. The environment must support the conversion of port names to port numbers. • Specify the port number as a numeric value from 0 to 65535. • poll Specify a value (in ten millisecond units) or -1. • timeout Specify the timeout period in ten millisecond units. Table 105 Support status of HORCM_MON parameter description format Item Version ip_address service poll timeout 6.1 or later Yes Yes Yes Yes 5.
PAGE 376
GUID format \\.\Volume{GUID} CMD format \\.\CMD-serial-number[-logical-device-number[-port-name[-host-groupnumber]]] You must use base-10 numbers to specify the serial number and logical device number. For the host group number, if the version of the Device Manager agent is 5.6 or later, specify a value from 0 to 254. If the version of the Device Manager agent is 5.5 or earlier, specify a value from 0 to 127. In UNIX, you can specify a command device in IPCMD or CMD format, or in a special file.
PAGE 377
Yes: Supports all description formats. Related topics • Editing the configuration definition file, page 371 • Description conventions for the configuration definition file, page 373 • Notes on using the configuration definition file, page 384 HORCM_DEV parameter description format Use the HORCM_DEV parameter to specify information about the storage system that contains volumes to be used as copy pairs. • dev_group Specify the group name.
PAGE 378
If no value is specified or 0 is specified, multi-target configuration pairs cannot be created with Continuous Access. When the version of the Device Manager agent is from 6.0 to 7.3.1: Business Copy: 0 to 2 Snapshot: 0 to 63 Continuous Access: Not specified Continuous Access Journal: Not specified#, 0#, h1, h2, or h3 #: If no value is specified or 0 is specified, multi-target configuration pairs cannot be created with Continuous Access. When the version of the Device Manager agent is 5.
PAGE 379
• Specify no more than 31 single-byte characters. A hyphen (-) cannot be specified at the beginning of the character string. • Serial# Specify the system number of the storage system using the decimal number or serial-number:journal-ID format. • CU:LDEV(LDEV#) Specify the LDEV number using the decimal number, hexadecimal number, or CU:LDEV format.
PAGE 380
Continuous Access Journal: h1, h2, or h3 Table 108 Support status of HORCM_LDEV parameter description format Item Version dev_group 6.2 or later Yes dev_name Serial# Yes CU:LDEV(LDEV#) MU# Yes Yes Yes Yes No 6.1 to 05-60 Yes Yes Yes Supports description formats other than the serial-number:journal-ID format. Earlier than 05-50 No No No No Legend: Yes: Supports all description formats. No: Does not support any description formats.
PAGE 381
• The table below lists the values that can be specified for ip_address. Note that some formats cannot be specified for ip_address because they cannot identify a host. Table 109 Values that can be specified for the ip_address of HORCM_INST parameter Device Manager agent version Value 05-80 or later 05-70 or earlier IP address Yes Yes Host name Yes Yes Loopback IP addresses (127.0.0.1 to 127.255.255.
PAGE 382
• HORCM_DEV parameter description format, page 377 • HORCM_LDEV parameter description format, page 378 • Notes on using the configuration definition file, page 384 HORCM_INSTP parameter description format Use the HORCM_INSTP parameter to specify the machine information and path group ID of the remote host. • dev_group Specify the contents specified for dev_group of the HORCM_DEV parameter or HORCM_LDEV parameter. • You cannot specify ip_address more than once for the same host for a single dev_group.
PAGE 383
• Specify the port name using 1 to 15 single-byte characters. The environment must support the conversion of port names to port numbers. • Specify the port number as a numeric value from 0 to 65535. • pathID Specify the path group ID as a decimal number from 1 to 255. • You cannot specify multiple path group IDs for a single copy group. • If you omit path group ID specification (that is, if you select CU Free), use the HORCM_INST parameter instead of the HORCM_INSTP parameter.
PAGE 384
3. Change the storage location of the configuration definition file. 4. Specify the new storage location that was changed in step 3 in the server.agent.rm.horcmSource property of the server.properties file of the Device Manager agent. 5. Execute the hbsasrv command to start the Device Manager agent service. Related topics • Starting and stopping the Device Manager agent service, and checking the operating status of the service (hbsasrv command), page 359 • server.agent.rm.
PAGE 385
If you do not want the configuration definition file to be deleted, back up of the configuration definition file before you delete the copy pairs. Related topics • Editing the configuration definition file, page 371 • server.agent.rm.optimization.
PAGE 386
Using the Device Manager agent
PAGE 387
12 Setting up Host Data Collector This chapter explains how to set up Host Data Collector. Installing Host Data Collector This section explains how to install Host Data Collector on a computer other than the management server. Prerequisites for installing Host Data Collector The items that you can specify during installation of Host Data Collector, such as the installation path and port number, have default values. HP recommends using the default values, when possible.
PAGE 388
Item Port number Description Port number of RMI registry The non-SSL communication port number of the RMI registry. Port number for RMI server The non-SSL communication port number of the RMI server. Port number for class loader The non-SSL communication port number of the class loader.
PAGE 389
TIP: • You can also download the Host Data Collector installer from the Device Manager GUI. • If version 7.4.1 or earlier of Host Data Collector is installed on a drive other than the system drive, if you upgrade install to version 7.5.0 or later, a temp folder is created directly under the Host Data Collector installation drive. If you do not need this folder, delete it.
PAGE 390
2. Move to the directory that contains the installer (setup.sh). The installer is located in the following location: DVD-drive/AGENTS/HHDC/platform-name/ 3. Execute the following command: # ./setup.sh 4. Follow the instructions in the displayed messages. When the installation is successful, the following message appears: Host Data Collector installation completed successfully. TIP: You can also download the Host Data Collector installer from the Device Manager GUI.
PAGE 391
Registering a Host Data Collector computer on the management server If Host Data Collector is installed on a computer other than the management server, you need to add the information for that computer to the properties in the hostdatacollectors.properties file on the Device Manager server. When the information for the Host Data Collector computer is registered on the management server, you can register hosts and check the volume usage on each host.
PAGE 392
• • • • • • hdc.common.rmi.registryPort, page 520 hdc.common.rmi.serverPort, page 521 hdc.common.http.serverPort, page 521 hdc.common.rmi.ssl.registryPort, page 522 hdc.common.rmi.ssl.serverPort, page 522 hdc.common.https.serverPort, page 523 Specifying the Host Data Collector environment settings This section explains how to specify Host Data Collector environment settings.
PAGE 393
NOTE: In a cluster configuration, while the Host Data Collector service on the executing node is running, the Host Data Collector service on the standby node must also be active. Related topics • “Resident processes of P9000 Command View AE Suite” on page 315 Starting the Host Data Collector service Use the controlservice command to start the Host Data Collector service. Operations to complete in advance Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux).
PAGE 394
Related topics • Resident processes of the Host Data Collector, page 392 • Starting the Host Data Collector service, page 393 • Checking the operating status of the Host Data Collector service, page 394 Checking the operating status of the Host Data Collector service Use the controlservice command to check the operating status of the Host Data Collector service. Operations to complete in advance Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux).
PAGE 395
Location of the command installation-folder-for-Host-Data-Collector\HDC\Base\bin Options add Adds firewall exceptions. del Removes firewall exceptions. Related topics • • • • Registering an exception for the Host Data Collector service (for SSL communication), page 395 hdc.common.rmi.registryPort, page 520 hdc.common.rmi.serverPort, page 521 hdc.common.http.
PAGE 396
TIP: To check the registered information, execute the following commands: In Windows Server 2003 or Windows Server 2003 R2: netsh firewall show portopening In Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012: netsh advfirewall firewall show rule name=all Related topics • • • • • • Starting the Host Data Collector service, page 393 Stopping the Host Data Collector service, page 393 Registering an exception for the Host Data Collector service (for non-SSL communication), page 394 hdc.
PAGE 397
Specifying settings if the Host Data Collector machine has multiple IP addresses If the Host Data Collector machine has multiple IP addresses, you must specify the IP address to be used for communication with the Device Manager server for the hdc.service.rmi.registryIPAddress property in the hdcbase.properties file for Host Data Collector. Related topics • hdc.service.rmi.
PAGE 398
TIP: If you remove an instance of Host Data Collector of version 7.4.1 or earlier that is installed on a drive other than the system drive, the temp folder might remain in the root folder of the drive where Host Data Collector was installed. If you do not need this folder, delete it. Removing Host Data Collector (Linux) You can remove Host Data Collector if it is no longer needed for host management. Execute the .unsetup.sh command to remove Host Data Collector.
PAGE 399
13 Troubleshooting This chapter describes how to resolve problems that occur during Device Manager and Tiered Storage Manager operation, and how to read log files. Common problems and solutions This section describes problems that might occur while setting the environments of or operating Device Manager and Tiered Storage Manager, and the causes of and solutions to these problems.
PAGE 400
Countermeasure Edit the registry to change the area of the desktop heap.
PAGE 401
Countermeasure If Device Manager or Common Component has not started: Start Device Manager and Common Component. If the user who attempted the operation does not have administrator permissions: Perform the operation again as a user who has administrator permissions for the OS. If the property file is invalid: Revise the property file in accordance with the command logs or the message logs.
PAGE 402
3. If a migration task that is being executed has failed, refresh the storage system again. After that, take action as described below according to the task status. If the task status is DATA ERASURE FAILURE: The migration is complete, and the LDEV numbers of the migration source and destination have been reversed. Check the status of the source volume that has the destination volume LDEV number, and then take the appropriate action depending on the status.
PAGE 403
Countermeasure Restore a backed up database. Related topics: • Restoring databases, page 325 How to troubleshoot problems on a host This section describes how to troubleshoot problems that occur due to Device Manager agent. The HiScan command cannot add host information to the Device Manager server If the HiScan command fails to add host information to the Device Manager server and causes an error message to be output, take the action appropriate for the cause.
PAGE 404
Countermeasure Wait a few minutes, and then retry the operation. Two copies of HBase Agent are displayed in the Programs and Features window In a Windows environment, two instances of HBase Agent are sometimes displayed in the Programs and Features windows on machines where the Device Manager agent or Hitachi Dynamic Link Manager is installed. If two instances of HBase Agent are displayed, execute the hbsa_util command to delete the registry entries and files for the Device Manager agent.
PAGE 405
Cause • This problem might occur if a host recognizes 100 or more LUs that are managed by Device Manager. • This problem might occur due to high load on the Device Manager server. If so, the following error message will have been output to the log file specified by the -t option of the HiScan command or to the HiScan.
PAGE 406
Countermeasure To check the correspondence between the file system and LUN, use VxVM version 4.0 or later. Changes to the storage system configuration are not applied to the Device Manager server If changes to the storage system configuration are not applied to the Device Manager server, use the hldutil command or the HiScan command to apply the latest information to the Device Manager server.
PAGE 407
• The rpm -V command executed in a Linux environment fails. Maintenance information that must be collected if a failure occurs If you cannot identify the cause of a failure or recover from a failure, collect the maintenance information, and then contact our support center.
PAGE 408
Operations to complete in advance Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux). Command format In Windows: installation-folder-for-Common-Component\bin\cvxpaegetlogs /dir foldername [/types P9000-Command-View-AE-Suite-product-name[ P9000-CommandView-AE-Suite-product-name ...]] [/arc archive-file-name] [/logtypes log-file-type[ log-file-type ...
PAGE 409
When specifying this option, also specify the log file type log for the logtypes option. If this option is not specified, the maintenance information for all P9000 Command View AE Suite products installed on the same management server is collected. arc Specify the name of the archive files to be created. If you do not specify this option, the default file name is cvxpae_logs. For the file name, you can specify any printable ASCII character excluding certain special characters.
PAGE 410
Use the absolute path or a relative path from the current directory to specify the output destination for the maintenance information. You can specify any printable ASCII character other than the following special characters: \ / : , ; * ? " < > | $ % & ' ` ^ However, you can specify backslashes (\), colons (:), and forward slashes (/) in Windows, or forward slashes (/) in Linux as a path delimiter.
PAGE 411
• f Use this option to forcibly overwrite the directory if the directory specified by the o option already exists. Maintenance information is output to the following location: In Windows: folder-specified-for-the-o-option\target_hdcResult In UNIX: directory-specified-for-the-o-option/target_hdcResult Acquiring maintenance information on the Device Manager agent (TIC command) Execute the TIC command to acquire maintenance information on a normal host or virtual machine managed by the Device Manager agent.
PAGE 412
Specify the following abbreviations for add-on modules whose error information you wish to remove from the acquisition target: hrpmap: Replication Manager Application agent If the name of the add-on module is omitted, the error information for the Replication Manager Application agent is not acquired.
PAGE 413
installation-folder-for-Common-Component\CC\web\containers\ DeviceManagerWebService If you are using the Oracle JDK, the DeviceManagerWebService.log file is overwritten each time it is output. HP recommends saving the file by using a different name after the file is output. Acquiring a thread dump of the HBase Storage Mgmt Common Service (Linux) To acquire a thread dump of HBase Storage Mgmt Common Service, execute the kill command, and then restart the P9000 Command View AE Suite product services.
PAGE 414
2. Stop the P9000 Command View AE Suite product services. 3. Start the P9000 Command View AE Suite product services. installation-directory-for-Common-Component/bin/hcmdssrv -start The javacorexxx.xxxx.txt file is output to installation-directory-for-Common-Component/CC/web/containers/ DeviceManagerWebService.
PAGE 415
uniform-identifier,unified-specification-revision-number, serial-number,message-ID,date-and-time,detected-entity,detected-location, audit-event-type,audit-event-result, audit-event-result-subject-identification-information, hardware-identification-information,location-information, location-identification-information,FQDN, redundancy-identification-information,agent-information, request-source-host,request-source-port-number,request-destination-host, request-destination-port-number,batch-operation-identifier
PAGE 416
Item#1 Description request-source-port-number Port number of the request sender. request-destination-host Host name of the request destination. request-destination-portnumber Port number of the request destination. batch-operation-identifier#2 Serial number of operations through the program. log-data-type-information Fixed to BasicLog or DetailLog. application-identificationinformation Program identification information. reserved-area Not output. This is a reserved space.
PAGE 417
CELFSS,1.1,10,KAIC51000-I,2006-03-17T12:45:00.0+09:00,DvM_Srv, TestServer, ConfigurationAccess,Success,uid=system,,,,,,,from=12.228.23.124,,,,, BasicLog,DvM_GUI,,"123456789 ModPort" Message text in audit log data The format of message text in output audit log data varies from one audit event to another. This section describes the format of the message text for each audit event.
PAGE 418
unique-ID error-message-ID Table 118 Information in message text when the Device Manager server receives a request or sends a response (for server processing) Item Description unique-ID A unique request identifier. For response transmission, the unique ID of the request is output. For processing via the SVP, this ID is also output as audit log data on the SVP. message-details Detailed information on the request. For details, see “Message details for Device Manager server requests” on page 430.
PAGE 419
Message text output when related products are started When the Device Manager server receives a request to launch a related product or sends a response for a request, message text about the request or response is output as audit log data. The following explains the format of, and information in, the message text.
PAGE 420
The table below indicates the relationship between the presence of a launch session ID and the information contained in the launch target identifier for each type of the application to be launched.
PAGE 421
Format of message text output when the Device Manager server sends a response (if an error occurred or if no error occurred): unique-ID return-code output-parameter Format of message text output when the Device Manager server sends a response (if a job is created through asynchronous processing): unique-ID return=4096 object-path CAUTION: If a job is created through asynchronous processing, no completion notification is output as audit log data.
PAGE 422
"123456789 GetSupportedSizeRange inParams={ElementType=3,Goal=// 192.168.0.1/root/smis/current:HITACHI_StorageSetting.InstanceID='RAID5'} objectPath=/root/smis/current:HITACHI_StoragePool.InstanceID='AMS500.
PAGE 423
Item operation-target (Res) Description Output format Type of resource for the operation: Res=(ResId,ResName) 1. Resource ID(ResId) 2. Resource name(ResName) For details about ResId and ResName, see Table 126. Table 123 Items output to the audit log message text (additional information) Item Description Output format failure-cause (RC) Error code indicating the cause of a failure event RC=KATSppmmm-Z When a single item exists: storage-domain-information (SD) 1. Storage domain ID (id) 2.
PAGE 424
Item Description Output format When a single item exists: storage-tier-information (ST) 1. Storage tier ID (id) 2. Storage tier name (name) When multiple items exist: 1. Number of elements (n) 2. Storage tier ID (id) 3. Storage tier name (name) ST=(id,name) NumST=n, Start STs ST[1]=(id-1,name-1) ...
PAGE 425
Item Description Output format When multiple items exist: 1. Number of elements (n) 2. Controller logical device number of the migration source volume (sdevnum) NumVP=n, Start VPs 3. Object ID of the migration source LDEV (sid) ... 4. Controller logical device number of the migration target volume (tdevnum) (sdevnum-n,sid-n,tdevnum-n,tid-n) 5.
PAGE 426
Item Description Output format For a locking task: 1. Task ID (id) 2. Task type (type) = 2 3. Lock status (mode) TK=(id,2,mode,days) ReadOnly: Read only Protect: Protected 4. Lock period (days) For an unlocking task: 1. Task ID (id) 2. Task type (type) = 3 TK=(id,3) For a shredding task: 1. Task ID (id) 2. Task type (type) = 4 3. Shredding method (method) TK=(id,4,method) 0: Zero once 1: DOD For multiple types of task information: 1. Number of tasks NumTK=n, Start TKs 2.
PAGE 427
Item Description Output format When changing a task: 1. Task status after the change (status) 0x01020600: Executing a task 0x02030000: Erased 0x02040000: Stopped 0x02050000: Stopping mid-task 2.
PAGE 428
Message (Specific application information) Message ID Description If the audit log data contains multiple lines, this message appears immediately following the KATS90000-I message. Outputs the subsequent lines of the KATS90000-I message. KATS90020-I This message occurs when, due to successful access to the resources managed by Tiered Storage Manager, an audit event for the Configuration Access type occurred.
PAGE 429
OpId OpName Meaning 20 Create Create 30 Delete Delete 40 Modify Update 50 Add Add 60 Remove Remove 70 Change Change status 80 Execute Execute 90 Refresh Refresh 100 Cancel Cancel 110 Stop Stop 120 Choose Select 130 Check Check Table 126 Meanings of the operation targets (Res) output to the audit log ResId ResName Formal name Meaning 10 LC License License information 20 SD Storage Domain Storage domain 21 RS Refresh Status Storage refresh status 30 MG
PAGE 430
ResId ResName Formal name Meaning 150 FSR Free Space Range Free space range to be searched for 160 EXM External Mapping External connection settings 170 PG Path Group Path group 180 EM Emulation Emulation The following are examples of audit log data output: TSMgr[00000974]:CELFSS,1.1,1,KATS90000-I,2006-11-09T19:58:45.4+09:00, TSM_Srv, Hostname1,ConfigurationAccess,Success,uid=user01,,,,,,,,,,,, BasicLog,,,"The operation requested by the client has completed.
PAGE 431
Commands in message details The table below lists the commands that can be output in message details.
PAGE 432
Output character string Full name Operation HostRef HostRefresh HostInfo update HostScan HostScan Automatic host setup HostVol HostVolume Host volume information notification to the Device Manager server HSD HostStorageDomain Host group and iSCSI target configuration change ISCSIForHSD ISCSINameForHostStorageDomain Change of iSCSI names that belong to iSCSI targets JrnlPool JournalPool Pool configuration change LDEVForVolMig LDEVForVolumeMigration LDEV VolumeMigration attribute settin
PAGE 433
Output character string Full name Operation Subscrbr Subscriber Event listener addition or deletion TrngPlcy TieringPolicy Tiering policy change URLLink URLLink URL Link information configuration change User User User setting or reference VolFmtPrgrss VolumeFormatProgress Acquisition of the progress of normal formatting of volumes VolMig VolumeMigration Migration plan setting or information acquisition VolShred VolumeShredding Shredding function execution requests or information acqui
PAGE 434
Output character string Operation • If the target is StorageArray Also acquires information on an SMI-S enabled storage system. • If the target is URLLink all Also acquires the URL of the management server for an SMI-S enabled storage system. assign Associates a THP/Smart pool with a THP/Smart volume. bulk Creates the specified number of volumes or multiple volumes of the specified size. changerank Changes the tier rank of an external volume.
PAGE 435
Output character string Operation merge Merges the WWNs or iSCSI names assigned to multiple hosts into one host. • If the target is JournalPool Does not apply the THP/Smart pool name to storage systems. nameSync:false • If the target is ObjectLabel Does not apply the volume label to storage systems. • If the target is JournalPool Applies the THP/Smart pool name to storage systems. nameSync:true • If the target is ObjectLabel Applies the volume label to storage systems.
PAGE 436
Output character string Operation • If the target is ObjectName Makes the name of the SMI-S enabled storage system the target. • If the target is StorageArray smi-s Makes only the SMI-S enabled storage system the target. • If the target is URLLink Makes only the URL of the management server for the SMI-S enabled storage system the target. split Splits the pair. suspend Creates a 3DC pair by using Continuous Access Journal.
PAGE 437
The following table describes the parameter information output in message details: Table 131 Parameter information output in message details Item Description element A character string that indicates the element name. For information on the elements that are output and their meanings, see Table 132. However, Table 132 might not contain some displayed characters. Format: info='...' Attribute values specified for the element are output.
PAGE 438
Output character string Full name and content Sequence in which attribute values are output#1 ArrayValue Value specified in ArrayValue (Element for specifying a value if the type of the parameter specified in Param is array) ArrV value ChangedItem ChangedItem (Information about the data changed in Device Manager) ChangeInfo ChangeI CIMIvk (Version information of the storage system configuration) -- LDEV information version, port information version, LU information version, LUSE information ver
PAGE 439
Output character string Full name and content Condition Cond (Limits the results of the Get command by using the Filter elements at the same time) Sequence in which attribute values are output#1 LU type, element identifier of an LDEV, LDEV type, host storage status, alert source, host type, CLPR number of a journal volume, element identifier of a host, journal pool identifier, THP/Smart pool volume ID, volume accessible from the specified WWN or iSCSI name, type of LDEV, object ID of a target storage sy
PAGE 440
Output character string Full name and content ErrorInfo (Information about the error that occurred in the storage system) ErrI ErrList Sequence in which attribute values are output#1 error code of the error detected in the storage system, date and time of the error detected errorCode, date ErrorList number of ErrorInfo elements (A list including the ErrorInfo elements) errorCount ExternalDevice ExternalDevice (External volume information) ExternalPathInfo ExtPathI (Access information of the exte
PAGE 441
Output character string Full name and content Sequence in which attribute values are output#1 deviceFileName, mountPoint, type, size, , percentUsed, , , deletable, expandable, , , , , , , , , Host Host (Host information used by the logical volume) HostInfo HostI (Information about accesses between the LU and host) , host name, host IP address, host IP address for IPv6, host type, operation target host name, host OS type , name, ipAddress, ipv6Address, hostType, targetName, osType
PAGE 442
Output character string Full name and content HostStorageDomain (Information about a host group or an iSCSI target) HSD Sequence in which attribute values are output#1 , port ID, domain ID, new host connection mode for host group or iSCSI target, list of new host connection modes, host connection mode options, host group name or iSCSI target name, nickname of host group or iSCSI target, name of the host group or iSCSI target to be operated on, port ID
PAGE 443
Output character string Full name and content Sequence in which attribute values are output#1 , name, poolFunction, poolID, threshold, threshold2, threshold2mode, inflowControl, dataOverflowWatch, unitOfPathWatchTime, pathWatchTime, forwardPathWatchTime, useOfCache, speedOfLine, deltaResyncFailure, raidLevel, overProvisioningWarning, overProvisioningLimit, volumeThresholdFlag, tierControl, autoMigration, migrationInterval, monitorStartTime, monitorEndTime, moni
PAGE 444
Output character string Full name and content LogicalUnit (Information that represents the LU) LU Sequence in which attribute values are output#1 , number of LDEV contained in a logical unit#4, volume size, emulation mode, default number of port controllers, whether the LU is used as a command device, whether command device security is set, whether user authentication mode is set when the LU is used as a command device, THP/Smart pool volume ID, TH
PAGE 445
Output character string ObjLabel Full name and content Sequence in which attribute values are output#1 ObjectLabel Object ID, label to give to the object (Sets the object label of the Device Manager server) targetID, label , name Caution: and indicate the element name and element identifier other than those specified for the ObjectName attribute.
PAGE 446
Output character string Full name and content Path (Information about the path between the host and host group ) Path Sequence in which attribute values are output#1 , name, port ID, domain ID of host group or iSCSI target, name of the host group or iSCSI target to be operated on, SCSI ID, LUN assigned to the path between the host and host group , device number for logical unit identification#4, port ID of the host group or iSCS
PAGE 447
Output character string RepCon Full name and content Sequence in which attribute values are output#1 ReplicationConnection MCU-side port name, RCU-side port name (Information about communication between the MCU and RCU) ReplicationControllerPair RepCtrlPair (Information about MCU and RCU) ReplicationGroup RepGrp (Information about the HORCM instance group) masterPortDisplayName, remotePortDisplayName
PAGE 448
Output character string Full name and content Sequence in which attribute values are output#1 , pairName, pvolArrayType#2, pvolSerialNumber, pvolDevNum#4, pvolPortID, pvolPoolID, svolArrayType#2, svolSerialNumber, svolDevNum#4, svolPortID, svolPoolID, replicationFunction#6, muNumber, fenceLevel, copyTrackSize, pvolMngAreaPoolID, svolMngAreaPoolID, snapshotGroupID ReqStatus RequestStatus message ID (Returns the status of the preceding req
PAGE 449
Output character string SmrtFldr Full name and content Sequence in which attribute values are output#1 SmartFolder , logical group path (Information about a logical group) , logicalPath SortCondition SortCond (Element for which SortItems were collected) SortItem SortItem (Sorting conditions within SearchCondition) -- column name used as sort key, sort order, sort priority key, order, priority SearchCondition SrchCond SrcHost (Search conditions for acquiring ListVie
PAGE 450
Output character string Full name and content Sequence in which attribute values are output#1 Timestamp Timestamp Topic (Time when the message was created in the Device Manager server) Topic report information (Name of the message topic) name TieringPolicy TrngPlcy (Tiering policy information for Smart volume#5) URLLink URLLink (Links between a P9000 Command View AE Suite object and an application) User (Account information of a single user of Device Manager) User --
PAGE 451
Output character string Full name and content Sequence in which attribute values are output#1 VM VM VolCon#3 (Virtual machine information) - VolumeConnection (Information about the assigned LDEV and the corresponding external LU) VolumeFormatProgress VolFmtPrgrss (Progress of normal formatting of the volume) VolumeGroup VolGrp (Volume gr
PAGE 452
Output character string WWN Full name and content Sequence in which attribute values are output#1 WorldWideName WorldWideName, nickname, operation target host group name, WorldWideName (Host HBA information) wwn, nickname, targetNickname, wwnString Legend: --: No attribute value is output <...>: An element identifier that represents an attribute. If the contents include multiple elements, they are concatenated by a hyphen (-).
PAGE 453
Common output name Applicable product Remote Copy (Sync) Continuous Access Synchronous SnapShot Snapshot SnapShot (Fast) Fast Snap Correlation between user operations and Tiered Storage Manager audit log data This section describes what audit log data is output as a result of operations that a user performs in Tiered Storage Manager.
PAGE 454
2. To determine the GUI operation used, compare the details of the audit log data with the contents of Table 135 and look for a matching pattern. Among the output audit log data, there will be evidence of many calls to Get-type operations. These are frequently called to refresh the screen and cannot be attributed completely to user actions. However, information that corresponds to operations such as creating, updating, and deleting various resources in Tiered Storage Manager also exists in the audit log.
PAGE 455
GUI operation Key OpName# ResName# Additional information# Note Deleting a migration group M Delete MG MG -- Displaying a migration group list M Get MG SD, NumMG -- Displaying migration group detailed information M Get MG SD, MG -- MG, VL Information about the added volumes is output. Adding volumes to a migration group M Add VL M Remove VL MG, VL Information about the deleted volumes is output.
PAGE 456
# For details, see Table 122 through Table 126. CLI operations and the corresponding audit log data To estimate the user-performed CLI commands by examining the output audit log data: 1. Extract the audit log data output by Tiered Storage Manager (data where the program name is TSMgr). Audit log data created by executing CLI commands is output by Tiered Storage Manager and has the TSM_CLI application identifier information.
PAGE 457
2. To determine the CLI command used, compare the details of the output audit log data with the contents of Table 136 and look for a matching pattern. Except for commands starting with Get, you can identify user-executed commands by examining the audit log data that has an M in the key column.
PAGE 458
CLI command CreateStorageDomain OpName ResName Additional information#2 -- Get TK TK M Create SD SD, SS -- -- Get SD SD -- M Create ST SD, ST -- M Create TK TK, SD, MG, NumVL, VLs TK=(id,3,...
PAGE 459
CLI command GetMigrationGroups GetPools #1 Key #2 OpName #2 ResName Note M Get FS SS, NumFS Only acquires the number of storage systems specified in the subsystemname parameter M Get MG SD, NumMG, [MGs] -- -- Get_num PO NumPO -- -- Get SD SD -- M Get PO SD, NumPO -- M Get SD NumSD, [SDs] -- -- Get RS NumSD, SDs -- M Get ST SD, NumST, [STs] -- -- Get SD SD -- M Get TK {TK | NumTK} -- -- Get_num VL NumVL -- GetStorageDomains GetStorageTiers Ge
PAGE 460
CLI command OpName ResName Additional information#2 M Modify ST SD, ST -- -- Get TK TK -- M Modify TK TK -- Key #1 #2 #2 Note ModifyTask -- Get_summary SD NumSD M Refresh SD SD -- -- Get_summary SD SD -- -- Get MG SD, MG -- -- Get VL SD, NumVL -- M Remove VL SD, MG, VL -- Refresh RemoveVolumeFromMigrationGroup StopTask M Change TK Legend: M: Main key --: Not applicable #1 Indicates key audit log data for determining the command.
PAGE 461
14 Support and other resources Numerous support options are available. Contacting HP HP technical support For worldwide technical support information, see the HP support website: http://www.hp.
PAGE 462
Conventions This guide follows the conventions shown in Table 137 to refer to HP P9000 products.
PAGE 463
Product reference Full name or meaning This abbreviation is used when it is not necessary to distinguish the following products: RAID Manager • RAID Manager • RAID Manager XP • XP RAID Manager This abbreviation is used when it is not necessary to distinguish the following products: • P9000 Snapshot Snapshot • Snapshot • Snapshot XP • XP Snapshot Administrator Guide 463
PAGE 464
Support and other resources
PAGE 465
A Device Manager server properties This section describes the property files of a Device Manager server. Device Manager server property files Device Manager server property files include property files related to Device Manager configuration information and the Device Manager database. The following table describes the contents of property files of a Device Manager server.
PAGE 466
Property file Description hppa.properties file This property file is related to the connection to PA. • jserver.properties file • cimxmlcpa.properties file This property file is related to the CIM/WBEM functions. • cimxmlscpa.properties file CAUTION: • For ordinary use, you do not need to change the values set in the property files of a Device Manager server. Use extreme caution when you are modifying the values, because you can cause the server to fail or to function incorrectly.
PAGE 467
• The backslash (\) is reserved as an escape character. Since absolute path names in Windows include backslashes, you must add an escape character before every backslash in a Windows path name. For example, the path name of the file C:\CVXPAE\docroot\foo.bar should be entered as C:\\CVXPAE\\docroot\\foo.bar. When you specify properties, there is no need to precede other characters with the escape character \.
PAGE 468
server.http.port Specify the port to be used for non-SSL communication by the Device Manager server. The conventional port number used for a standard web server is 80, but there might already be an intranet server running on this port. Moreover, you should avoid low-numbered ports because these could conflict with other services installed on the server. As a general rule, you can pick any port between 1024 and 49151.
PAGE 469
CAUTION: If you change the value of this property, you also need to change the following settings: • The port number for the Device Manager server of the information source registered in Replication Manager (for SSL communication with the Device Manager server) • The pop-up blocker settings of the management client, when using Internet Explorer 6 • The hdvmcli.serverurl property of the hdvmcli.
PAGE 470
server.base.home This property contains the installation directory of Common Component, which is set by the Device Manager installer. Under normal conditions, you do not need to change the default value of this property. Default: Value set by the installer server.horcmconfigfile.hostname Specify whether to use the IP address (ipaddress) or the host name (hostname) when Device Manager edits the configuration definition file.
PAGE 471
server.cim.support Specify whether CIM support is enabled. If you want to execute CIM, you must set this property to true. Default: true server.cim.support.job Specify whether a method for creating or deleting a volume, setting or releasing a LUN path, setting or canceling security for a LUN, or creating or deleting a LUSE volume is executed asynchronously or synchronously. If you set this property to true, the method is executed asynchronously.
PAGE 472
Related topics • server.cim.support.protocol, page 471 • HTTPPort, page 501 server.cim.https.port Specify the port for SSL transmission, for the CIM function. Default: 5989 CAUTION: If you change the value of this property, also change the HTTPSPort property of the Device Manager server to the same value. Related topics • server.cim.support.protocol, page 471 • HTTPSPort, page 501 server.cim.request.queue.
PAGE 473
If you specify true for this property, the database is automatically refreshed immediately after the configuration change. If you specify false, it is not automatically refreshed. Default: true server.logicalview.initialsynchro Specify whether to forcibly synchronize the storage system information in the database with the information displayed in the GUI or CIM/WBEM functions when Device Manager server is started. If you specify true, the information will be synchronized.
PAGE 474
CAUTION: If you set this property, specify true for the server.mail.enabled property. Related topics • server.mail.enabled, page 473 server.mail.smtp.port Specify the port number of the SMTP server. To send alerts and events to users by email, you must specify this property. Specifiable range: 0 to 65535. Default: 25 server.mail.smtp.auth Specify whether to use SMTP authentication to send alerts and events to users by email. To use SMTP authentication, set this property to true.
PAGE 475
The following values can be specified: • Trap: Reports only the alerts detected by SNMP traps. • Server: Reports only the alerts detected by the regular monitoring that Device Manager conducts. • All: Reports the alerts detected by both SNMP traps and the regular monitoring that Device Manager conducts. Alerts are reported from both SNMP traps and Device Manager even if these alerts refer to the same error information. Default: Trap server.mail.alert.
PAGE 476
This property is valid only for P9500 storage systems. If you specify true for this property, refresh processing is more efficient because database updates are skipped for resources whose configuration has not changed since the last refresh. Specify false to update all storage system resource information in the database regardless of whether the configuration has changed. Default: true server.agent.differentialrefresh.periodical.
PAGE 477
The specifiable values are from 0 to 100. Under normal conditions, you do not need to change the default value of this property. Default: 18 dbm.startingCheck.retryPeriod Specify the interval (in seconds) that the Device Manager server (at startup) retries checking of whether the DBMS has started. The specifiable values are from 0 to 60 (seconds). Under normal conditions, you do not need to change the default value of this property. Default: 10 (seconds) Device Manager log output properties (logger.
PAGE 478
Default: 10 Related topics • logger.MaxFileSize, page 478 logger.MaxFileSize Specify the maximum size for the access.log, cim_access.log, error.log, service.log, stdout.log, stderr.log, statuscheck.log, trace.log, CIMOMTrace.log, and SMISClientTrace.log. If the maximum size is exceeded, a new log file is created. Unless KB is specified for kilobytes or MB for megabytes, the specified size is interpreted to mean bytes. Specifiable range: from 512 KB to 32 MB Default: 1 MB logger.hbase.
PAGE 479
Default: 10 Related topics • logger.hbase.MaxFileSize, page 479 logger.hbase.MaxFileSize Specify the maximum size of each operation (trace) log file and error log file that is written by Common Component. The log files are HDvMtracen.log, HDvMGuiTracen.log, and HDvMGuiMessagen.log (the n in the file name indicates the backup generation number of the file). The specified size is assumed to be in bytes unless you specify KB for kilobytes, MB for megabytes or GB for gigabytes.
PAGE 480
server.dispatcher.daemon.pollingPeriod Specify the polling interval (in minutes) for the background threads responsible for checking component status and the configuration version. A value of 0 will disable these pollings. Default: 5 (minutes) server.dispatcher.traps.purgePeriod Specify the purging interval for stale SNMP traps or alerts (in minutes). A value of 0 will disable the purging of traps from the server. Default: 5 (minutes) server.dispatcher.daemon.
PAGE 481
CAUTION: • If the GUI displays a warning message, manually refresh the corresponding storage system information. You can also specify the settings so that information in the database is automatically updated in case a user forgets to perform a manual refresh after changing the storage system configuration. To do so, set up the following properties: server.dispatcher.daemon.autoSynchro.doRefresh property server.dispatcher.daemon.autoSynchro.
PAGE 482
CAUTION: If you specify true, only the information about the P9500 or XP24000/XP20000 is updated in the database. The information in the configuration file of a host that recognizes the command device of P9500 or XP24000/XP20000 is not updated in the database. Related topics • server.dispatcher.daemon.autoSynchro.type, page 482 server.dispatcher.daemon.autoSynchro.
PAGE 483
server.dispatcher.daemon.autoSynchro.startTime Specify the time at which storage system information is automatically refreshed (updated) in the database starts in the format hh:mm. Specify a value from 00 to 23 for hh, and 00 to 59 for mm. This property is enabled only if the server.dispatcher.daemon.autoSynchro.type property is set to D or W. In addition, storage system information is automatically refreshed (updated) according to the time zone setting for the management server.
PAGE 484
• A • • • • change in the maximum reservation amount of the following volumes: THP pool Smart pool Data pool of Snapshot Data pool of Fast Snap • A change in the monitoring mode for the Smart pool • A change in the settings regarding performance monitoring and hierarchical relocation of the Smart pool • A change in the settings regarding tiering policy for the Smart volume. The Smart volume is a virtual volume created from the Smart pool (associated with the Smart pool).
PAGE 485
Default:00:10 Related topics • server.dispatcher.daemon.autoSynchro.performance.doRefresh, page 484 server.dispatcher.daemon.autoSynchro.logicalGroup.doRefresh Specify whether to automatically update logical group information when any of the operations below occur. If this property is set to true, logical group information is automatically updated each time one of the events below occurs.
PAGE 486
Device Manager client properties (client.properties file) The client.properties file contains the client properties. • In Windows: installation-folder-for-the-Device-Manager-server\Server\config\client.properties • In Linux: installation-directory-for-the-Device-Manager-server/Server/config/ client.properties This property file contains the settings related to display and operation of Device Manager GUI. client.rmi.port Specify the port number for the Device Manager RMI server.
PAGE 487
CAUTION: If this property is set to false, any migration tasks created via migration groups cannot be referenced or operated on from Tasks under the Task & Alerts tab. As such, make sure that there are no incomplete migration tasks when changing the value of this property from true to false. If there are any incomplete tasks, end the tasks via one of the following methods: • Execute the tasks immediately.
PAGE 488
• In Linux: installation-directory-for-the-Device-Manager-server/Server/wsi/ server/jserver/bin/cimxmlscpa.properties server.http.security.clientIP Specify IP addresses, in IPv4 format, that can be used to connect to the Device Manager server. The server.http.security.clientIP property is in the server.properties file. This setting limits the IP addresses permitted for connection, thus preventing denial-of-service attacks or other attacks that intend to overflow buffers.
PAGE 489
CAUTION: • You do not need to specify the IP address (the local loopback address) of the computer on which the Device Manager server is installed. In this property, it is assumed that the Device Manager server can always be connected to using the local loopback address. • You also need to register the IP addresses to the environment definition file httpsd.conf for Common Component. Related topics • Registering IP addresses in the environment definition file httpsd.
PAGE 490
server.https.security.truststore Specify the truststore file of the Device Manager server. The server.https.security.truststore property is in the server.properties file. Default: dvmcacerts NOTE: This property cannot be modified with HiKeytool. If you want to change the value, you must do so by editing the value in the server.properties file. server.https.enabledCipherSuites Specify the cipher suites to be used for the following SSL/TLS communication by using commas (,) to separate them.
PAGE 491
CAUTION: The cimxmlscpa.properties file is deleted when the service for the Device Manager server starts. For this reason, HP recommends noting down the specified values elsewhere. Device Manager SNMP trap log output properties (customizedsnmptrap.properties file) The customizedsnmptrap.properties file contains the SNMP trap log output properties. • In Windows: installation-folder-for-the-Device-Manager-server\Server\config\customizedsnmptrap.
PAGE 492
customizedsnmptrap.customizelist = \ enterprise-ID-1:generic-trap-number-1:specific-trap-number-1: severity-1:content-to-be-output-1, \ enterprise-ID-2:generic-trap-number-2:specific-trap-number-2: severity-2:content-to-be-output-2, \ ... enterprise-ID-n:generic-trap-number-n:specific-trap-number-n: severity-n:content-to-be-output-n Table 139 Items specified in the customizedsnmptrap.customizelist property Item Format Remarks enterpriseID Specify by using dots (for example, .1.3.6.1.4.116.3.11.1.
PAGE 493
The following shows an example of specifying the customizedsnmptrap.customizelist property: customizedsnmptrap.customizelist = \ .1.2.3:6:1:Information:$a$e$g$s$1$2, \ .1.3.6.1.4.1.2854:6:1:Warning:$e$a$s$3$2$1$g, \ .1.3.6.1.4.1.116.3.11.4.1.1:6:1:Error:$a$s, \ .1.3.6.1.4.1.116.3.11.4.1.1:6:100:Information:$a$s Default: None CAUTION: If you do not specify this property, the SNMP trap data will not be output to the log even if you specify true for the customizedsnmptrap.customizedSNMPTrapEnable property.
PAGE 494
launchapp.elementmanager.usehostname Specify whether to display a host name in the Element Manager URL when launching Element Manager to connect to an enterprise-class storage system. If you specify true, when you register a storage system in Device Manager by specifying a host name, the host name is displayed in the Element Manager URL. If you specify false, an IP address is displayed in the Element Manager URL. Default: true Properties for communicating with the host (host.properties file) The host.
PAGE 495
installation-directory-for-the-Device-Manager-server/Server/config/ hostdatacollectors.properties hdc.request.timeout Specify the timeout value for request processing from the Device Manager server to Host Data Collector (in milliseconds). You can specify a value from 1000 to 86400000. If the Device Manager server communicates with multiple Host Data Collectors, the timeout value will be applied to communication with all the Host Data Collectors. Default: 1800000 hdc.
PAGE 496
hdc.rmiserver Specify the IP address or host name of the computer where Host Data Collector is installed and the port number of the RMI server in the following format: IP-address-or-host-name:[port-number],IP-address-or-host-name:[port-number],... For the IP address, you can use either an IPv4 address or IPv6 address. If you use an IPv6 address, you must enclose the IP address with square brackets ([ and ]). The port number must match the value specified for the property hdc.common.rmi.serverPort or hdc.
PAGE 497
If there are multiple computers with Host Data Collector installed, you must specify the Host Data Collector information for all the computers. Default: If the management server OS is a prerequisite OS for Host Data Collector: 127.0.0.1:22100 If the management server OS is not a prerequisite OS for Host Data Collector: None CAUTION: The IP address or host name of the computer where Host Data Collector is installed must be the same for the properties hdc.rmiregistry, hdc.rmiserver, and hdc.classloader.
PAGE 498
Storage systems refresh themselves after a migration on them finishes. Specify this value to make sure that a migration pair is not split on a storage system while that storage system is refreshing. You can specify a value from 0 to 1,440. Default: 3 migration.remainTimeForDeletePairInMinute Specify during a migration of multiple volumes, the number of minutes to wait after an individual migration finishes until the storage system splits that migration pair.
PAGE 499
CAUTION: • If you specify a volume with a larger capacity than the migration source volume for the migration target volume, the migration target volume is deleted prior to migration, and then created again with the same capacity as the migration source volume. Therefore, the migration task will require more time than when migrating to a volume of the same capacity.
PAGE 500
hppa.option Specify whether to acquire performance information by linking with PA. Specify a Boolean value for this property. Specify true to acquire the performance information. Specify false if you do not want to acquire this information. Default: false hppa.CLIClientPath Specify the installation directory of the PA CLI by using an absolute path. Use forward slash (/) as the delimiter. Note that the delimiter / cannot be used at the end of the path.
PAGE 501
Specify this property in the jserver.properties file. The com.wbemsolutions.jserver.bindto property does not exist by default, so specify the property in the following format: com.wbemsolutions.jserver.bindto=IP-address HTTPPort In the case of non-SSL communication, specify the port number to be used by the CIM/WBEM functionality. Specify this property in the cimxmlcpa.properties file. The cimxmlcpa.
PAGE 502
Device Manager server properties
PAGE 503
B Tiered Storage Manager server properties This section describes the property files of the Tiered Storage Manager server. Tiered Storage Manager server property files There is a Tiered Storage Manager server property file for Tiered Storage Manager server operations and another property file for accessing the Device Manager server. These property files apply only to operations (processes) from the Tiered Storage Manager CLI or from the Tiered Storage Manager GUI in Legacy mode.
PAGE 504
Operations to complete in advance Log in as a user with Administrator permissions (for Windows) or as a root user (for Linux). To change Tiered Storage Manager server properties: 1. Stop the services of P9000 Command View AE Suite product. 2. Use a text editor to set appropriate values in the Tiered Storage Manager server property files. 3. Start the services of P9000 Command View AE Suite product.
PAGE 505
Tiered Storage Manager server operations properties (server.properties file) The server.properties file contains properties related to Tiered Storage Manager server operations. • In Windows: installation-folder-for-the-Tiered-Storage-Manager-server\conf\server.properties • In Linux: installation-directory-for-the-Tiered-Storage-Manager-server/conf/ server.properties server.rmi.secure Specify whether to use SSL for communications between the Tiered Storage Manager server and the CLI client.
PAGE 506
Related topics • Enabling SSL/TLS for the Tiered Storage Manager CLI computer, page 215 • server.rmi.secure, page 505 server.rmi.security.port For configurations using SSL communication, specify the RMI port number used by Tiered Storage Manager to accept processing requests. The range of specifiable values is from 1 to 65535. This property takes effect when 2, 3, or 4 is specified for the server.rmi.secure property.
PAGE 507
Depending on the operating environment, users might not receive email from an address that does not include a domain name. In this case, change the value of this property or the SMTP server environment settings. Default: htsmserver server.mail.errorsTo Specify the address to which an undeliverable notification email will be sent when an event notification email cannot be delivered. If this property is not specified, the undeliverable notification email is sent to the email address specified in server.mail.
PAGE 508
server.migration.multiExecution Specify the number of migration pairs that can be simultaneously executed in a storage system. The range for specifiable values is from 1 to 64. Default: 8 server.checkOutVolumeRange Specify whether filter conditions used for searching volumes or defining storage tiers have their values checked for validity. Specify a Boolean value for this property. If you specify true, values will be checked. If you specify false, values will not be checked.
PAGE 509
Default: true server.migrationPlan.candidateCapacityGroupDisplayMaxCount Specify how many volumes with a larger capacity than the migration source volume to display in addition to the volumes with the same capacity as the migration source volume when creating a migration plan. You can specify a value from 0 to 10. Specify 0 to display only volumes with the same capacity as the migration source volume.
PAGE 510
When migration finishes, Tiered Storage Manager requests that the storage system splits the source volume and migration target volume pair. While the storage system is splitting the pair, if another migration in the same task finishes and the storage system begins an internal refresh, the pair will not split properly. Therefore, there must be enough time from when the pair split is requested until the pair split can finish.
PAGE 511
client.launch.HPPA.report.host Specify the host name or IP address included in the PA URL when launching the PA GUI from the Tiered Storage Manager GUI in Legacy mode. Default: None client.launch.HPPA.report.port Specify the port number included in the PA URL when launching the PA GUI from the Tiered Storage Manager GUI in Legacy mode. Default: None Tiered Storage Manager database properties (database.properties file) The database.properties file contains properties related to databases.
PAGE 512
hdvm.protocol Specify the protocol to be used when accessing the Device Manager server. Default: http hdvm.port Specify the port number of the Device Manager server you are accessing. You must specify the same value as the one specified for the server.http.port property of the Device Manager server. Default: 2001 Related topics • server.http.port, page 468 hdvm.timeout Specify the timeout period (in milliseconds) for communications with the Device Manager server you are accessing.
PAGE 513
The following figure shows the relationship between the threshold value of the output levels and the output messages. Figure 46 Relationship between the threshold value of the output levels and the output messages logger.messagelogLevel Specify a threshold output level for the messages logged by Tiered Storage Manager. This property applies to the Tiered Storage Manager server message log (HTSMServerMessagen.log) and the GUI message log (HTSMGuiMessagen.log).
PAGE 514
Specify a value from 0 to 30. HP recommends that the default value be used. Default: 20 Table 142 Output level of trace log data Type of message Output level Message descriptions 0 An error occurred that affects the operation of the management server or Java servlet. 10 An execution error occurred due to a reason such as an operational mistake. 20 An error occurred, but execution can continue with limitations.
PAGE 515
logger.serverTraceFileCount Specify the number of trace log files used by the Tiered Storage Manager server. The range of specifiable values is from 2 to 16. When a log file reaches the maximum size specified in the logger.serverTraceMaxFileSize property, the file is renamed by adding a counter to the file name (for example, HTSMServerTrace2.log). The log files are used and written to in the order of the counter.
PAGE 516
Related topics • logger.guiTraceMaxFileSize, page 516 logger.serverMessageMaxFileSize Specify the maximum size of message log files used by the Tiered Storage Manager server (HTSMServerMessagen.log). The range of specifiable values is from 32,768 bytes (32 KB) to 2,147,483,647 bytes (2,048 MB). When specifying this property, use KB to represent the size in kilobytes, and MB to represent the size in megabytes. If a unit is not specified, it is assumed that the value is specified in bytes.
PAGE 517
installation-directory-for-the-Tiered-Storage-Manager-server/conf/ server.properties server.rmi.security.enabledCipherSuites To use SSL/TLS communication between the Tiered Storage Manager server and Tiered Storage Manager CLI in advanced security mode, specify cipher suites by using commas (,) to separate them. This property takes effect only when the server.rmi.secure property in the server.properties file is set to 4.
PAGE 518
Tiered Storage Manager server properties
PAGE 519
C Host Data Collector properties This section describes the Host Data Collector property file. Host Data Collector property files The Host Data Collector property files include a property file related to Host Data Collector operation and a property file related to log output. The following table describes the Host Data Collector property files . Table 143 Host Data Collector property files Property file Description hdcbase.properties file This property file is related to Host Data Collector operation.
PAGE 520
Properties related to Host Data Collector operation (hdcbase.properties file) The hdcbase.properties file contains properties related to Host Data Collector operation. • In Windows: installation-folder-for-Host-Data-Collector\HDC\Base\config\hdcbase.properties • In Linux: installation-directory-for-Host-Data-Collector/HDC/Base/config/hdcbase.properties hdc.service.
PAGE 521
NOTE: If you changed the value of this property, the following settings must be performed: • Use the firewall_setup command to reset the firewall exemptions (when the value of the hdc.ssl.secure property is 1 or 2). • Set the same value as the hdc.rmiregistry property of the Device Manager server (when non-SSL communication is used by Host Data Collector and the Device Manager server). Related topics • Registering an exception for the Host Data Collector service (for non-SSL communication), page 394 • hdc.
PAGE 522
NOTE: If you changed the value of this property, the following settings must be performed: • Use the firewall_setup command to reset the firewall exemptions (when the value of the hdc.ssl.secure property is 1 or 2). • Set the same value as the hdc.classloader property of the Device Manager server (when non-SSL communication is used by Host Data Collector and the Device Manager server). Related topics • Registering an exception for the Host Data Collector service (for non-SSL communication), page 394 • hdc.
PAGE 523
NOTE: If you changed the value of this property, the following settings must be performed: • Use the netsh command to reset the firewall exemptions (when the value of the hdc.ssl.secure property is 2 or 3). • Set the same value as the hdc.rmiserver property of the Device Manager server (when SSL communication is used by Host Data Collector and the Device Manager server). Related topics • Registering an exception for the Host Data Collector service (for SSL communication), page 395 • hdc.
PAGE 524
Default: None# #: If you do not specify an IP address, the IP address acquired by Host Data Collector will be used. Related topics: • hdc.rmiregistry, page 495 • hdc.rmiserver, page 496 • hdc.classloader, page 496 hdc.service.fileCleanup.startTime Specify the time at which host information files that Host Data Collector collected from managed hosts are deleted, in the format hhmm. Specify a value from 00 to 23 for hh, and 00 to 59 for mm. Default: 2300 hdc.adapter.esx.
PAGE 525
hdc.ssl.secure property value 3 Port numbers to be opened (Default) RMI server 22099/tcp, 22105/tcp Class loader 22100/tcp, 22106/tcp RMI registry 22098/tcp, 22104/tcp RMI server 22105/tcp Class loader 22106/tcp # The non-SSL communication port for the RMI registry (22098/tcp by default) is always open because it is also used for internal communication by Host Data Collector. Default: 1 Related topics • • • • • • hdc.common.rmi.registryPort, page 520 hdc.common.rmi.serverPort, page 521 hdc.
PAGE 526
Message type Output level Description INFO 30 information - 40 debug You can specify 0, 10, 30, or 40. Default: 30 logger.trace.maxFileSize Specify the maximum size of the Host Data Collector trace log. The specified size is assumed to be in bytes unless you specify KB for kilobytes, MB for megabytes or GB for gigabytes. Specifiable range: 4096 to 2147483647. Default: 5242880 logger.trace.numOfFiles Specify the maximum number of backup files for the Host Data Collector log.
PAGE 527
generated. After the specified number of backup log files is created, each time a new backup file is created, the oldest backup file is deleted. Specifiable range: 2 to 16. Default: 10 Related topics • logger.iotrace.maxFileSize, page 526 Properties related to the Host Data Collector's Java environment (javaconfig.properties file ) The javaconfig.properties file contains properties related to the Java environment of the Host Data Collector.
PAGE 528
Host Data Collector properties
PAGE 529
D Device Manager agent properties This section describes the property files of a Device Manager agent. Device Manager agent property files There is a Device Manager agent property file for Device Manager agent operations and a property file for settings related to the connection between the Device Manager agent and the Replication Manager server. The following table describes the Device Manager agent property files. Table 146 Device Manager agent property files Property file Description agent.
PAGE 530
2. Use a text editor to set appropriate values in the Device Manager agent property files. 3. Execute the hbsasrv command to start the Device Manager agent service. Related topics • Starting and stopping the Device Manager agent service, and checking the operating status of the service (hbsasrv command), page 359 Device Manager agent properties for connecting to the Replication Manager server (agent.properties file) The agent.
PAGE 531
Normally, the values set for these parameters do not need to be changed. To change their values, you need expert knowledge of the Device Manager agent. agent.rm.shutdownWait Specify the wait time when stopping the HORCM instance for monitoring (in seconds). Specify a value from 1 to 60. Default: 5 agent.rm.horcmInstance Specify the instance number of the HORCM file for monitoring. Specify a value from 0 to 4,094.
PAGE 532
agent.logger.loglevel Specify the output level of the log file for the Replication Manager agent functionality. Log data that has a level equal to or higher than the specified value is output. Specify one of the following values (listed in ascending order of importance): DEBUG, INFO, WARN, ERROR, FATAL Default: INFO agent.logger.MaxBackupIndex Specify the maximum number of log files for the Replication Manager agent functionality. Specify a value from 1 to 20.
PAGE 533
Device Manager agent properties for hldutil command operations (hldutil.properties file) The hldutil.properties file contains properties related to hldutil command operations. • In Windows: installation-folder-for-Device-Manager-agent\util\bin\hldutil.properties • In Solaris, Linux, or HP-UX: /opt/HDVM/HBaseAgent/util/bin/hldutil.properties • In AIX: /usr/HDVM/HBaseAgent/util/bin/hldutil.properties agent.util.hpux.
PAGE 534
NOTE: The files access.log, error.log, service.log, and trace.log are output to the following locations: In Windows: installation-folder-for-the-Device-Manager-agent\agent\logs\ In Solaris, Linux, or HP-UX: /opt/HDVM/HBaseAgent/agent/logs/ In AIX: /usr/HDVM/HBaseAgent/agent/logs/ logger.loglevel Specify the minimum level of log data that the Device Manager agent outputs to the files error.log and trace.log.
PAGE 535
logger.MaxFileSize Specify the maximum size of the files access.log, error.log, service.log, and trace.log. If a log file becomes larger than this value, the Device Manager agent creates a new file and writes log data to it. Unless KB is specified for kilobytes or MB for megabytes, the specified size is interpreted to mean bytes. Specify a value from 512 KB to 32 MB. Default: 5 MB The size of an output log file depends on the number of copy pairs managed by Replication Manager.
PAGE 536
/opt/HDVM/HBaseAgent/agent/config/server.properties • In AIX: /usr/HDVM/HBaseAgent/agent/config/server.properties server.agent.port Specify the port number for the Device Manager agent's daemon process (or service). Avoid specifying small port numbers because such numbers might conflict with other applications. The normal range is 1024 to 49151. If a version of Hitachi Dynamic Link Manager earlier than 5.8 is installed, specify 23013.
PAGE 537
For operation in an IPv6 environment, specify a global address. If you specify a site-local address or link-local address, the IPv4 address will be used. It is necessary to match the IP address version to the one specified in server.http.socket.bindAddress. The IP address that you specified in this property can also be used when creating or editing the RAID Manager configuration definition file.
PAGE 538
Related topics • For details on the required memory size for Device Manager: “Settings required for a host to manage 100 or more LUs” on page 354 • For details on the required memory size for Replication Manager:“Managing copy pairs” on page 352 server.agent.shutDownTime Specify the period to shutdown the Device Manager agent's Web server after it receives or sends the last HTTP/XML message (in milliseconds). Specify a value from 1 to 9223372036854775807.
PAGE 539
This setting limits the IP addresses permitted for connection, thus preventing denial-of-service attacks or other attacks that intend to overflow buffers. You can use an asterisk (*) as a wildcard character when you use IPv4 addresses. To specify multiple IP addresses, separate them with commas (,). In the following example, the specification permits the address 191.0.0.2 and addresses from 192.168.0.0 to 192.168.255.255 to connect to the Device Manager agent: server.http.security.clientIP=191.0.0.2, 192.
PAGE 540
server.agent.rm.centralizePairConfiguration Specify whether to manage copy pairs for each host or to centrally manage all copy pairs on a single host. disable Specify this value to manage copy pairs for each host when the system uses the local management method. To use the local management method, you need to install the Device Manager agent and RAID Manager on each host.
PAGE 541
commas (,). From the Device Manager agent, you cannot operate a RAID Manager whose instance number is specified in this property. Default: None server.agent.rm.location Specify the RAID Manager installation directory if RAID Manager is installed in a location other than the default or if the host OS is Windows and the RAID Manager installation drive is different from the Device Manager agent installation drive. For Windows, use a forward slash (/) as the path delimiter.
PAGE 542
#: In a newly created configuration definition file, poll is set to 1000. When a pair is added to an existing configuration definition file or when a configuration definition file is optimized, the existing settings are used. server.agent.rm.temporaryInstance Specify the instance number of the configuration definition file that the Device Manager agent temporarily uses to acquire copy pair information. Specify a value from 0 to 3997.
PAGE 543
The following table describes the conditions under which the Device Manager agent decides whether to use the HORCM_DEV or HORCM_LDEV format in the configuration definition file. Table 147 Conditions on which the Device Manager agent decides which format should be used in the configuration definition file Which format is used in the existing configuration definition file Pair operation Format to be used in the configuration definition file If a format is specified in the property: No format is used.
PAGE 544
CAUTION: Before you specify HORCM_LDEV, make sure that RAID Manager 01-17-03/04 (or later) has been installed. If you specify HORCM_LDEV when RAID Manager is a version earlier than 01-17-03/04, volume pair creation will fail. If this happens, the following error message will be displayed: An attempt to create a pair has failed. Error detail, host "host-name" : "error-detail" server.agent.rm.userAuthentication Specify whether to check that the authentication mode for command devices is enabled.
PAGE 545
#: If you do not specify a path, the path for the following default storage location is used: In Windows: System folder (represented by the environment variable %windir%) In UNIX: /etc directory Related topics • Changing the storage location of the configuration definition file, page 383 server.agent.rm.moduleTimeOut Specify a timeout value for receiving command execution results when the Device Manager agent executes a RAID Manager command (in seconds).
PAGE 546
Device Manager agent properties
PAGE 547
Acronyms and abbreviations The following acronyms and abbreviations might be used in this guide.
PAGE 548
DoS Denial of Services FC Fibre Channel FC-SP Fibre Channel - Security Protocol FCoE Fibre Channel over Ethernet FQDN Fully Qualified Domain Name FTP File Transfer Protocol GUI Graphical User Interface HBA Host Bus Adapter HTTP HyperText Transfer Protocol HTTPS HyperText Transfer Protocol Secure I/O Input/Output ID IDentifier IETF Internet Engineering Task Force IOPS Input Output Per Second IP Internet Protocol IPF Itanium Processor Family IPv4 Internet Protocol Version 4 I
PAGE 549
MU Multiple Unit NAS Network Attached Storage NAT Network Address Translation NIC Network Interface Card NPIV N Port ID Virtualization NTP Network Time Protocol OS Operating System P-VOL Primary VOLume PAP Password Authentication Protocol PDEV Physical Device PEM Privacy Enhanced Mail PID Process ID PP Program Product RADIUS Remote Authentication Dial-In User Service RAID Redundant Array of Independent Disks RCU Remote Control Unit RDN Relative Distinguished Name RFC Reque
PAGE 550
SNMP Simple network management Protocol SP Service Pack SRV SeRVice SSH Secure SHell SSID Storage Subsystem ID SSL Secure Sockets Layer SSO Single Sign - On SVP Service Processor TCP Transmission Control Protocol TLS Transport Layer Security UDP User Datagram Protocol URL Uniform Resource Locator V-VOL Virtual VOLume WAN Wide Area Network WBEM Web - Based Enterprise Management WWN Worldwide name XML eXtensible Markup Language 550 Acronyms and abbreviations
PAGE 551
Index Symbols .truststore, 181 A account conditions, 123 account.lock.num, 114 acquiring maintenance information on management server, 407 advanced security mode, 179 Web browsers, 180 agent.logger.loglevel, 532 agent.logger.MaxBackupIndex, 532 agent.logger.MaxFileSize, 532 agent.properties file, 530 agent.rm.everytimeShutdown, 530 agent.rm.horcmInstance, 531 agent.rm.horcmService, 531 agent.rm.shutdownWait, 531 agent.rm.TimeOut, 530 agent.util.hpux.
PAGE 552
client certificate exporting for CIM client, 234 exporting for event indications, 229 importing for object operations, 226 importing into CIM client, 234 client.launch.HPPA.report.host, 487 client.launch.HPPA.report.host (Tiered Storage Manager GUI in Legacy mode), 511 client.launch.HPPA.report.port, 487 client.launch.HPPA.report.port (Tiered Storage Manager GUI in Legacy mode), 511 client.launch.HPPA.report.protocol, 487 client.launch.HPPA.report.
PAGE 553
downloading Device Manager server truststore file, 210 Tiered Storage Manager server truststore file, 214 dvmcacerts, 181 E email alerts customizing templates, 265 receiving, 262 registering recipients, 263 setting up SMTP server, 263 enabling SSL/TLS for Common Component, 185 TLS/SSL for Device Manager server, 195 two-way authentication for event indications, 229 two-way authentication for object operations, 225 enabling SSL/TLS Device Manager CLI computer, 213 Tiered Storage Manager CLI computer, 215 enc
PAGE 554
HORCM_INST, 380 HORCM_INSTP, 382 HORCM_LDEV, 378 HORCM_MON, 374 host, 30 that can be managed by Device Manager, 41 Host Data Collector, 30 acquiring maintenance information, 409 acquiring maintenance information [host], 410 checking version, 397 environment settings, 392 firewall, 394 installing, 387 installing (Linux), 389 installing (Windows), 388 ports, 82 prerequisites for installing, 387 property files, 519 registering on management server, 391 removing, 397 removing (Linux), 398 removing (Windows), 39
PAGE 555
key pair changing password of Device Manager server, 201 creating for CIM client, 233 creating for Device Manager server, 191 creating for Host Data Collector, 207 deleting from Device Manager server keystore, 200 viewing in normal mode (Device Manager server), 199 viewing in verbose mode (Device Manager server), 200 keystore changing password of Device Manager server, 202 Importing a Host Data Collector server certificate, 209 keystore file creating for event indications, 226 creating for object operations
PAGE 556
MOF file editing for event indications, 227 editing for object operations, 223 N namespace, 278 network bridge between networks, 100 new installation P9000 Command View AE Suite, 292 NIC network settings on management server with multiple NICs, 100 normal host, 41 prerequisites (Device Manager agent), 44 prerequisites (Host Data Collector), 43 npivmapping.
PAGE 557
registering firewall exceptions in Linux environments, 89 firewall exceptions in Windows environments, 89 recipients of email alerts, 263 related products audit log data, 419 removing Host Data Collector, 397 Host Data Collector (Linux), 398 Host Data Collector (Windows), 397 Replication Manager, 60 Replication Manager server, 30 resident process, 315 Device Manager agent, 358 Host Data Collector, 392 restoring database, 325 S SCVMM 2012 available storage administration functions, 241 Notes on using the st
PAGE 558
server.cim.support.job, 471 server.cim.support.protocol, 471 server.configchange.enabled, 472 server.dispatcher.daemon.autoSynchro.dayOfWeek, 482 server.dispatcher.daemon.autoSynchro.doRefresh, 481 server.dispatcher.daemon.autoSynchro.interval, 483 server.dispatcher.daemon.autoSynchro.logicalGroup.doRefresh, 485 server.dispatcher.daemon.autoSynchro.performance.doRefresh, 484 server.dispatcher.daemon.autoSynchro.performance.startTime, 484 server.dispatcher.daemon.autoSynchro.startTime, 483 server.dispatcher.
PAGE 559
storage system, 30 acquiring performance information (by using CIM/WBEM functions), 282 changing, 221 copy pair, 60 refreshing, 220 requirements for managing copy pairs, 74 storage systems ports, 84 SVP, 31 System account automatically lock, 114 system configuration, 29 central management method, 65 for acquiring performance information, 282 local management method, 62 managing copy pairs, 61 SVP configuration, 70, 72 virtual command device server configuration, 67 system requirements management server, 36
PAGE 560