HP P9000 Command View Advanced Edition Suite Software 7.4.0-00 Administrator Guide (web) (TB581-96325, December 2012)
Table Of Contents
- Administrator Guide (Web Version)
- Table of Contents
- Preface
- 1 System configuration and requirements
- System configuration
- Network security configuration
- Common security risks
- Level 1 security: Setting up a firewall and creating a separate management LAN
- Level 2 security: Placing managed devices behind the firewall and creating a separate management LAN
- Level 3 security: Dual-homed management servers and creating a separate management LAN
- Level 4 security: A flat network
- Management server requirements
- Host requirements
- Related products
- System requirements for managing copy pairs
- Storage systems that can use Device Manager to manage copy pairs
- System configuration for managing copy pairs
- System configuration for using the local management method to manage copy pairs
- System configuration for using the central management method to manage copy pairs
- System configuration for using a virtual command device server configuration to manage copy pairs
- System configuration for using an SVP configuration to manage copy pairs (when copy pairs are defined in a configuration definition file)
- System configuration for using an SVP configuration to manage copy pairs (when copy pairs are defined as a device group)
- Storage system requirements for managing copy pairs
- Prerequisite version of the Device Manager agent for managing copy pairs
- Notes on using RAID Manager
- 2 Network configuration
- Port settings
- Network settings for management servers with multiple NICs
- Device Manager settings in IPv6 environments
- Changing the IP address or host name of the management server
- Changing the URL for accessing P9000 Command View AE Suite products
- 3 User account management
- 4 Security
- 5 Configuring Device Manager for use with related products
- 6 Setting up logs and alerts
- 7 Configuring Device Manager for CIM/WBEM
- Device Manager and CIM/WBEM
- CIM/WBEM functions in Device Manager
- Enabling CIM/WBEM functions
- Properties related to CIM/WBEM functions
- Configuring service discovery
- Configuring performance information acquisition
- User account settings for using the CIM/WBEM functions
- 8 Setting up a cluster environment
- Verifying the management server environment
- Setting up a cluster environment
- Installing P9000 Command View AE Suite on cluster management servers (new installation)
- Installing P9000 Command View AE Suite on cluster management servers (upgrade or overwrite)
- Changing the management server environment from a non-cluster environment to a cluster environment
- Removing P9000 Command View AE Suite from a cluster
- 9 Starting and stopping services
- 10 Managing the database
- Managing databases
- Backing up databases
- Restoring databases
- Migrating databases
- 11 Using and maintaining the Device Manager agent
- Before using the Device Manager agent
- When to restart the Device Manager agent service
- Specifying the IP address of the Device Manager agent network adapter
- Applying storage system configuration changes to Device Manager server
- Reinstalling the Device Manager agent after a host OS upgrade
- Device Manager agent in a Windows host environment
- Device Manager agent in an AIX host environment
- Device Manager agent in a Linux host environment
- Setting up the Device Manager agent
- Setting Device Manager server information in Device Manager agent
- Automatically reporting host information to the Device Manager server
- Managing copy pairs
- Changing the Java execution environment
- Changing the user who executes the Device Manager agent service
- Property settings for hosts that manage 100 or more LUs
- Device Manager agent operations
- Configuration definition file for managing copy pairs
- Prerequisite environment for using the configuration definition file
- Editing the configuration definition file
- Configuration definition file parameters supported Device Manager
- Description conventions for the configuration definition file
- HORCM_MON parameter description format
- HORCM_CMD parameter description format
- HORCM_DEV parameter description format
- HORCM_LDEV parameter description format
- HORCM_INST parameter description format
- HORCM_LDEVG parameter description format
- HORCM_ALLOW_INST parameter description format
- Notes on using the configuration definition file
- Device Manager agent commands
- Before using the Device Manager agent
- 12 Setting up Host Data Collector
- Installing Host Data Collector
- Prerequisites for installing Host Data Collector (Windows)
- Installing Host Data Collector (Windows)
- Prerequisites for installing Host Data Collector (Solaris or Linux)
- Installing Host Data Collector (Solaris or Linux)
- Notes on using Host Data Collector computers in a cluster configuration
- Registering a Host Data Collector computer on the management server
- Specifying the Host Data Collector environment settings
- Removing Host Data Collector
- Installing Host Data Collector
- 13 Troubleshooting
- Common problems and solutions
- Maintenance information that must be collected if a failure occurs
- Acquiring maintenance information on the management server
- About acquiring maintenance information on a Host Data Collector computer
- Acquiring maintenance information on a host (for a host managed by Host Data Collector)
- Acquiring maintenance information on a host (for a host managed by Device Manager agent)
- Acquiring a thread dump of the HBase Storage Mgmt Common Service (Windows)
- Acquiring a thread dump of the HCS Device Manager Web Service (Windows)
- Acquiring a thread dump of the HBase Storage Mgmt Common Service (Linux)
- Acquiring a thread dump of the HCS Device Manager Web Service (Linux)
- Checking audit log data
- 14 Support and other resources
- A Device Manager server properties
- Device Manager server property files
- Device Manager server configuration properties (server.properties file)
- server.http.host
- server.http.port
- server.https.port
- server.rmi.port
- server.http.entity.maxLength
- server.base.home
- server.horcmconfigfile.hostname
- server.base.initialsynchro
- server.cim.agent
- server.cim.support
- server.cim.support.job
- server.cim.support.protocol
- server.cim.http.port
- server.cim.https.port
- server.configchange.enabled
- server.logicalview.initialsynchro
- server.mail.enabled
- server.mail.from
- server.mail.smtp.host
- server.mail.smtp.port
- server.mail.smtp.auth
- server.mail.errorsTo
- server.eventNotification.mail.to
- server.mail.alert.type
- server.mail.alert.status
- server.subsystem.ssid.availableValues
- server.smisclient.indication.port
- server.agent.differentialrefresh.manual.enabled
- server.agent.differentialrefresh.periodical.enabled
- Device Manager database properties (database.properties file)
- Device Manager log output properties (logger.properties file)
- Device Manager dispatcher properties (dispatcher.properties file)
- server.dispatcher.message.timeout
- server.dispatcher.message.timeout.in.processing
- server.dispatcher.daemon.pollingPeriod
- server.dispatcher.traps.purgePeriod
- server.dispatcher.daemon.receiveTrap
- server.dispatcher.daemon.configUpdate.detection.interval
- server.dispatcher.daemon.autoSynchro.doRefresh
- server.dispatcher.daemon.autoSynchro.type
- server.dispatcher.daemon.autoSynchro.dayOfWeek
- server.dispatcher.daemon.autoSynchro.startTime
- server.dispatcher.daemon.autoSynchro.interval
- server.dispatcher.daemon.configUpdate.detection.variable.enabled
- server.dispatcher.daemon.autoSynchro.performance.doRefresh
- server.dispatcher.daemon.autoSynchro.performance.startTime
- server.dispatcher.daemon.autoSynchro.logicalGroup.doRefresh
- Device Manager MIME type properties (mime.properties file)
- Device Manager client properties (client.properties file)
- Device Manager security properties
- Device Manager SNMP trap log output properties (customizedsnmptrap.properties file)
- Properties for communicating with the host (host.properties file)
- Properties for connecting to Host Data Collector (hostdatacollectors.properties file)
- Properties for migrations (migration.properties file)
- Properties for connecting to PA (hppa.properties file)
- Properties for the CIM/WBEM functions (jserver.properties file)
- B Tiered Storage Manager server properties
- Tiered Storage Manager server property files
- Tiered Storage Manager server operations properties (server.properties file)
- server.rmi.secure
- server.rmi.port
- server.rmi.security.port
- server.base.initialsynchro
- server.mail.smtp.host
- server.mail.from
- server.mail.errorsTo
- server.mail.smtp.port
- server.mail.smtp.auth
- server.eventNotification.mail.to
- server.eventMonitoringIntervalInMinute
- server.migration.multiExecution
- server.checkOutVolumeRange
- server.migration.dataErase.defaultValue
- server.migrationPlan.candidateVolumeCountLimit
- server.migrationPlan.candidateCapacityGroupDisplayMaxCount
- server.migration.maxRetryCount
- server.migration.waitForPairDeleteInMinute
- server.migration.remainTimeForDeletePairInMinute
- Tiered Storage Manager GUI properties (client.properties file)
- Tiered Storage Manager database properties (database.properties file)
- Tiered Storage Manager properties for accessing Device Manager server (devicemanager.properties file)
- Tiered Storage Manager log output properties (logger.properties file)
- Tiered Storage Manager security properties
- C Host Data Collector properties
- Host Data Collector property files
- Properties related to Host Data Collector operation (hdcbase.properties file)
- Host Data Collector logger properties (logger.properties file)
- Properties related to the Host Data Collector's Java environment (javaconfig.properties file )
- Host Data Collector configuration properties (alps.properties file)
- Host Data Collector product properties (about.properties file)
- Host Data Collector logger properties (log4jconfig.properties file)
- D Device Manager agent properties
- Device Manager agent property files
- Device Manager agent properties for connecting to the Replication Manager server (agent.properties file)
- Device Manager agent properties for hldutil command operations (hldutil.properties file)
- Device Manager agent log output properties (logger.properties file)
- Device Manager agent properties for program information (programproductinfo.properties file)
- Device Manager agent operations properties (server.properties file)
- server.agent.port
- server.http.localPort
- server.http.port
- server.http.host
- server.http.socket.agentAddress
- server.http.socket.bindAddress
- server.agent.maxMemorySize
- server.agent.shutDownTime
- server.agent.JRE.location
- server.http.entity.maxLength
- server.http.security.clientIP
- server.server.authorization
- server.server.serverIPAddress
- server.server.serverPort
- server.agent.rm.centralizePairConfiguration
- server.agent.rm.cuLdevForm
- server.agent.rm.exclusion.instance
- server.agent.rm.location
- server.agent.rm.optimization.userHorcmFile
- server.agent.rm.horcm.poll
- server.agent.rm.temporaryInstance
- server.agent.rm.temporaryPort
- server.agent.rm.pairDefinitionForm
- server.agent.rm.moduleTimeOut
- server.http.server.timeOut
- server.util.processTimeOut
- server.agent.evtwait.timeout
- server.agent.rm.ignorePairStatus
- E Commands executed by Host Data Collector
- Acronyms and abbreviations
- Index
DescriptionItem
Specifies whether the password can be the same as the user ID.
Specify true or false. If true is specified, passwords cannot
be the same as the corresponding user ID. If false is specified,
passwords can be the same as the corresponding user ID.
Default: false
password.check.userID
When you change a setting in the security.conf file, the change takes effect immediately. The
password conditions that you set in the security.conf file are applied when a user account is
created or when a password is changed, and are not applied to passwords of existing user accounts.
As a result, even if an existing password does not satisfy the password conditions, a user can continue
to use the password to log in to the system.
CAUTION:
• Password conditions can also be set from the GUI. However, if the system is in a cluster configur-
ation, the settings from the GUI are applied only to the executing node. To apply the settings to
the standby node, switch the nodes, and then specify the same settings.
• If P9000 Command View AE Suite product versions 5.1 or later are installed, password conditions
can be set. The password conditions are applied to all users registered in P9000 Command View
AE Suite products. Therefore, if you are unable to change a password or add a user account
while using P9000 Command View AE Suite product versions 5.0 or earlier, the reason might be
that the specified character string does not satisfy the password conditions. Follow the output
message and specify an appropriate password.
• If an external authentication server is used to authenticate users, passwords are checked by using
a combination of character types specified on the external authentication server. However, if you
register a password for a P9000 Command View AE Suite product user, you need to use character
types specified in the P9000 Command View AE Suite products.
Locking user accounts
This section describes the settings related to locking user accounts.
Settings for automatically locking user accounts
P9000 Command View AE Suite products make it possible to automatically lock user accounts after
repeated unsuccessful attempts to log in using the GUI. Such automatic locking reduces the risk of
unauthorized access to the GUI.
The settings related to automatic locking are set using the account.lock.num property in the
security.conf file, which is stored in the following locations:
• In Windows:
installation-folder-for-Common-Component\conf\sec\security.conf
• In Linux:
installation-directory-for-Common-Component/conf/sec/security.conf
Specify a value from 0 to 10 (default: 0). If a user makes the specified number of unsuccessful logon
attempts, his or her user account will be locked. If you specify 0, any number of unsuccessful logon
User account management104