HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide Part number: T1780-96009 Second edition: October, 2005
Legal and notice information © Copyright 2005 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Contents Revision history Revision tables ..................................................................................................................................................... 12 1 Introduction to Command View XP AE Device Manager 1-1 1-2 1-3 1-4 Overview of Command View XP AE Device Manager .............................................................................. 13 Command View XP AE Device Manager Software Components..............................................................
-4-1 Ports Used by the Command View XP AE Device Manager Server and Common Component .... 70 4-4-2 Changing Common Component Ports............................................................................................ 71 4-5 Setup for Starting a Web Application from Web Client.............................................................................. 73 4-5-1 Using hcmdslink to Register an Application ...................................................................................
7-2-22 server.base.home......................................................................................................................... 120 7-2-23 server.horcmconfigfile.hostname.................................................................................................. 120 7-2-24 server.base.initialsynchro ............................................................................................................. 120 7-2-25 server.cim.support ................................................
A-4-3 The cimom.properties File................................................................................................................... 140 A-5 Setting the Service Discovery Feature......................................................................................................... 140 A-5-1 Setting Up the Service Discovery Feature .......................................................................................... 140 A-5-2 Starting and Stopping the Service Discovery Feature...........
Figures Figure 2-1 Incorrect XP Series Disk Arrays LAN Connection ................................................................................... 18 Figure 2-2 Most Secure Configuration: Separate Management LAN Plus Firewall .................................................. 20 Figure 2-3 Second-most Secure Configuration: Separate Management LAN plus Firewalled Devices ................... 21 Figure 2-4 Third-most Secure Configuration: Dual-Homed Management Servers plus Separate Management LAN ..........
Figure 6-18 Entering New Keystore Password ......................................................................................................... 95 Figure 6-19 Confirming New Keystore Password ..................................................................................................... 96 Figure 6-20 Contents of Device Manager Server Truststore ....................................................................................
Tables Table 1 Document Conventions................................................................................................................................ 10 Table 2 Revisions ..................................................................................................................................................... 12 Table 3-1 status2 Return Codes ...............................................................................................................................
About this guide This guide provides information about: • Installing HP StorageWorks Command View XP Advanced Edition Device Manager server software. • Installing Java™2 Java™ Runtime Environment (JRE). Intended audience This guide is intended for customers and HP authorized service providers who are experienced with the following: • Data processing and direct-access storage device subsystems. • HP StorageWorks XP Series disk array(s).
HP technical support Telephone numbers for worldwide technical support are listed on the HP web site: http://www.hp.com/support/ Collect the following information before calling: • Technical support registration number (if applicable) • Product serial numbers • Product model names and numbers • Applicable error messages • Operating system type and revision level • Detailed, specific questions For continuous quality improvement, calls may be recorded or monitored.
Revision history Revision tables Table 2 Revisions Date Edition Revision July, 2005 First Initial release October, 2005 Second • • • You are now able to add the Device Manager to the Windows Firewall exceptions list during installation. server.cim.http.port has been added to the thread-related properties. The name of the hcmdsgetlogs command has been changed to cvxpaegetlogs.
1 Introduction to Command View XP AE Device Manager This chapter discusses the following topics: • Overview of Command View XP AE Device Manager (see section 1-1 ) • Command View XP AE Device Manager Software Components (see section 1-2 ) • Command View XP AE Suite Common Component (see section 1-3 ) • Related Software Products (see section 1-4 ) 1-1 Overview of Command View XP AE Device Manager Device Manager provides a consistent, easy to use, and easy to configure interface for managing storage p
• Web Client. The Device Manager Web Client is a web-based user interface for monitoring and managing HP StorageWorks XP Series disk arrays. It communicates with and runs as a client of the Device Manager server. For further information on Device Manager Web Client, please refer to the HP StorageWorks Command View XP AE Device Manager Web Client User Guide. • Command Line Interface (CLI). Device Manager CLI enables you to perform client operations by issuing commands from the system command-line prompt.
• If you are using Continuous Access XP or Business Copy XP, see 5 for the requirements. • For more information on installing and configuring program products, see HP StorageWorks Remote Web Console User Guide for the XP12000/XP10000. • For details on the models that support Snapshot XP, see the manual HP StorageWorks Snapshot XP User Guide. XP1024 and XP128 only: • SVP microcode: Minimum = 21-13-02, Recommended = 21-14-02 or later.
1-4-2 Other Products that Interact with Device Manager • Hitachi Dynamic Link Manager(HDLM) manages the storage access paths to and from the host on which it is installed. The HDLM GUI can be displayed from the Device Manager Web Client. For more information on HDLM, please see the following documents: • Hitachi Dynamic Link Manager User’s Guide for AIX® Subsystems. • Hitachi Dynamic Link Manager User’s Guide for Sun™ Solaris™ Subsystems.
• Snapshot XP allows you to internally retain a logical duplicate of the primary volume data, which is used to restore data if a logical error occurs in the primary volume. For more information on Snapshot XP, see the following documents: • HP StorageWorks Snapshot XP User Guide.
2 Command View XP AE Device Manager Network Configuration This chapter describes network configuration as it relates to security, as follows: • Overview of Network Configuration (see section 2-1 ) • Common Security Risks (see section 2-2 ) • Server Network Configurations (see section 2-3 ) 2-1 Overview of Network Configuration HP StorageWorks XP Series disk arrays come equipped with a service processor, which is known as the SVP. The SVP has two Ethernet adapters.
2-2 Common Security Risks System administrators frequently separate production LANs from management LANs. In such cases, management LANs act as a separate network, which isolates management traffic from a production network and reduces the risk of security-related threats. If a management controller such as the SVP coexists on a production LAN, it is left open for any entity on the IP network to access.
Figure 2-2 Most Secure Configuration: Separate Management LAN Plus Firewall 2-3-2 Second-most Secure Configuration: Separate Management LAN plus Firewalled Devices under Management In this configuration, the server hosting the Device Manager server and all other management servers may be single homed, and the actual devices under management are separated from Device Manager by a firewall.
Figure 2-3 Second-most Secure Configuration: Separate Management LAN plus Firewalled Devices 2-3-3 Third-most Secure Configuration: Dual-Homed Management Servers plus Separate Management LAN In this configuration, the management servers themselves act as the intersection point between the management LAN and a production LAN. The server running Device Manager or management applications is dual-homed.
Figure 2-4 Third-most Secure Configuration: Dual-Homed Management Servers plus Separate Management LAN 2-3-4 Least Secure Configuration: Flat Network Here, the management application servers, managed devices, and managed clients all coexist on the same network. This configuration is the least secure, though it is the most flexible. It affords no protection to any of the components required for storage management operations, so management application server hardening is paramount.
3 Windows® Systems Installation This chapter discusses the following topics: • ® Windows System and Media Requirements (see section 3-1 ) • Installing Device Manager in a Windows® Standard Environment (see section 3-2 ) • Installing the Device Manager server in a Microsoft® Cluster Service Environment (see section 3-3 ) • Converting the Database (see section 3-4 ) • Verifying and Troubleshooting the Installation (see section 3-5 ) • Starting and Stopping the Device Manager server (see section 3-6
• Processor: 2.0 GHz Pentium® 4 or better. You may require a faster processor if you are processing several thousand LDEVs, hundreds of logical groups and a larger number of paths associated with logical groups. • Memory: At least 512 MB of available free memory is required, and 1 GB is recommended. You may want to add more memory if several thousand LDEVs or hundreds of logical groups are being managed. You will need at least 1,536 MB for the paging file. • Available hard drive space: 4 GB or more.
Before you begin, you will need to verify the following: • The platform running Device Manager has no other applications using the standard SNMP ports (161 and 162). If another product is using these ports, the installation will end successfully, but you will be unable to start Device Manager. If this occurs, you will need to change the port used for Device Manager SNMP traps. See section 7-5-8 for more information on changing the port used for SNMP traps.
CAUTION: HiRDB Embedded Edition_HD0 must be always running when you are using any Command View XP AE Suite products version 1.0 or later. You can verify that HiRDB is running by checking the ® Windows Services Panel (see Figure 3-24). CAUTION: If you are using another Command View XP AE Suite product, make sure that you back up the databases for that product before you install Device Manager.
NOTE: You may need to wait for the program to load. Do not start a second installation at this point. 4. The Introduction panel (see Figure 3-1) displays. Select Next to continue. 5. The Backup Recommendation panel displays, reminding you that you should have backed up the databases for Common Component and any other Command View XP AE Suite products (see Figure 3-2). If you have not done so, select Cancel to cancel the installation. If you have done so, select Next to continue. 6.
16. If a Windows® Firewall is installed on the system, the Adding to the Windows Firewall exceptions panel displays (see Figure 3-13). Check the contents of the panel, and select Next to continue. 17. The Pre-installation Summary panel displays (see Figure 3-14). The product name, installation folder, information on installation disk capacity, the IP address or host name of the server machine, and the port number to be used are displayed.
Figure 3-3 Command View XP AE Suite Product Is Running Panel Figure 3-4 Command View XP AE Suite Common Component Not Installed Panel Windows® Systems Installation 29
Figure 3-5 License Agreement Panel (first panel) Figure 3-6 SNMP Trap Note Windows® Systems Installation 30
Figure 3-7 Choose Install Folder Panel Figure 3-8 Install Folder Information Panel Windows® Systems Installation 31
Figure 3-9 Install Folder Information Figure 3-10 Choose the Database for Command View XP AE Suite Common Component Panel Windows® Systems Installation 32
Figure 3-11 Choose the Database for Command View XP AE Device Manager Panel Figure 3-12 Installation Server Information Settings Windows® Systems Installation 33
Figure 3-13 Adding to the Windows Firewall exceptions Panel Figure 3-14 Pre-Installation Summary Panel Figure 3-15 Cancellation Warning Message Windows® Systems Installation 34
Figure 3-16 Please Wait Panel Figure 3-17 Device Manager Server Setup Information Panel Figure 3-18 Secure Socket Certificates Note Panel Windows® Systems Installation 35
Figure 3-19 Install Complete Panel Windows® Systems Installation 36
3-2-2 Upgrading or Reinstalling the Device Manager Server and Common Component 3-2-2-1 Notes on Upgrading or Reinstalling Device Manager will be installed in: • c:\Program Files\CVXPAE\DeviceManager Common Component will be installed in: • c:\Program Files\CVXPAE\Base CAUTION: Wait several minutes after the upgrade or re-installation finishes before stopping the service, because the database must be updated with the latest information.
2. Restart Windows. 3. Release the SLP daemon registration. 4. Register the SLP daemon again. 3-2-2-2 Upgrading Device Manager Server and Common Component To upgrade the Device Manager server and Common Component: 1. Log on to the system as an administrator. 2. Stop any other Command View XP AE Suite software that is running. 3. Stop the Device Manager server: -Select Start, Programs, HP Command View XP AE, Device Manager, and then Stop Server (see Figure 3-27).
Figure 3-20 Command View XP AE Device Manager Already Installed Panel Figure 3-21 Command View XP AE Device Manager Upgrade Error Panel (downgrade) 3-2-2-3 Reinstalling the Device Manager Server and Common Component 1. Log on to the system as an administrator. 2. Stop any other Command View XP AE Suite software that is running.
NOTE: Do not stop the Common Component services while another Command View XP AE Suite program is running. 5. Insert the Device Manager server CD. The Command View XP AE Device Manager Already Installed panel (refer to Figure 3-20) displays. Select Next to continue. CAUTION: If you attempt to downgrade Device Manager, the installer will display the Command View XP AE Device Manager Upgrade Error panel (refer to Figure 3-21) and exit.
Figure 3-22 Back Up the Database Panel Figure 3-23 Deleting Backup Directory Panel 3-3 Installing Device Manager in a Microsoft® Cluster Service Environment The Device Manager server can provide higher availability in a cluster environment. This section discusses the requirements and settings for a supported cluster environment.
3-3-2 Setup with other Command View XP AE Suite Products Installed Follow these instructions when you have other Command View XP AE Suite products installed in a cluster configuration. CAUTION: In this procedure, the cluster configuration for other Command View XP AE Suite products is temporarily cancelled. IMPORTANT: When you execute this sequence, it will change the port used by HiRDB to its default (23032). If you are using a port other than the default, you must change it back. 1.
• Register the database to the recreated database system: \bin\hcmdsdbmove /import /datapath CAUTION: When this command is executed, the port designated for HiRDB returns to the default (23032). If you use another port for HiRDB, you must reset the port after this operation. IMPORTANT: You must specify an absolute path to the target directory.
• Leave the settings specifying the location of Common Component and the Device Manager server databases as the default values (refer to Figure 3-10 and Figure 3-11). • For the IP address of the Device Manager server, specify a logical host name (refer to Figure 3-12). IMPORTANT: A logical host name indicates the name of a virtual host allocated to the cluster management IP address. 3. After the Device Manager server is installed on the executing node, enter the license key by using Web Client.
10. Re-create a database system on the shared disk: \bin\hcmdsdbremake /cluster /databasepath CAUTION: The file name for must be no more than 63 bytes, and you must specify an absolute path to it without a path delimiter at the end. CAUTION: On the shared disk, deploy the folder in which the database is to be recreated. CAUTION: When this command is executed, it sets the port for HiRDB at the default (23032).
3-3-3-2 Installing on the Standby Node 1. On the standby node, perform a new installation of the Device Manager server (refer to section 3-2-1 ). IMPORTANT: The following are the specific requirements for installation on the standby node: Specify the same installation path as on the executing node (see Figure 3-7). Leave the settings specifying the location of Common Component and the Device Manager server databases at the default values (see Figure 3-10 and Figure 3-11).
8. Change the setting so that the database on the shared disk is to be used: \bin\hcmdsdbremake /cluster /databasepath CAUTION: Specify the same folder as the folder specified for on the executing node. Do not use a path delimiter at the end of the folder name. CAUTION: When this command is executed, it sets the port for HiRDB at the default (23032).
• 5. Possible Owners: Make sure that the executing and standby nodes have been added. • Dependencies: Register HiRDB. • Generic Service Parameters: 7. • Service Name: HiCommandBase. • Start parameters: None. • Registry Replication: Specify nothing. • Select Finish. Register the Common Web Service as a resource: • Select New, and then Resource. • New Resource: • 6. Resource type: Generic Service. • • Name: Common Web Service (optional). • Resource type: Generic Service.
4. 5. 6. Register the IP address of the Device Manager server to that resource group. If that address has already been used to register another resource group, move the IP address to the resource group created or selected in step 2. To move the IP address, right-click on the left side of the Cluster Administrator window, then select New and then Resource. Specify the following settings: • Resource name: Type the name. • Resource Type: IP Address. • Group: Select the register destination.
9. • Resource type: Generic Service. • Possible Owners: Make sure that the executing and standby nodes have been added. • Dependencies: Name of the shared disk drive. • Generic Service ParametersSpecify nothing. • Registry ReplicationSpecify nothing. • Select Finish. Make sure that the registered resources are online.
• 11. HiCommandServer. Place the group to which the Device Manager service has been registered on standby. In Cluster Administrator, right-click the group to which the Device Manager service has been registered, and then choose Move Group. 3-3-5-2 Upgrading or Re-installing Command View XP AE Device Manager on the Standby Node 1. Re-install the Device Manager server (see section 3-2-2 ). Do NOT back up the database during installation. 2.
NOTE: Do not stop the Common Component services while another Command View XP AE Suite program is running. 5. On the executing node, start HiRDB: \bin\hcmdsdbsrv /start 6. On the executing node, delete or empty the , then back up the database contents: \bin\hcmdsdbmove /import /datapath CAUTION: Be sure to specify the absolute path for the . 7.
CAUTION: Specify the same folder as the folder specified for on the executing node. CAUTION: When this command is executed, the port designated for HiRDB to use returns to the default (23032). If you use another port for HiRDB, you must reset the port after this operation. IMPORTANT: You must specify an absolute path to the target directory. Do not use a path delimiter (\) at the end of the target directory name, or you will get a command error.
3-5 Verifying and Troubleshooting the Device Manager Server and Common Component Installation After you complete the installation, you need to verify that the following services are either running or can be started manually: • HiCommand Suite Single Sign On Service. • HiCommand Suite Common Web Service. • HiCommandServer. If all of these services can be started, the installation was successful.
the requirements have been met (refer to section 3-1 ), and then reinstall Device Manager (refer to section 3-2 for instructions). 3-6 Starting and Stopping the Device Manager Server CAUTION: If a Device Manager client (e.g., Web Client, Device Manager CLI, or the Device Manager agent) is accessing the Device Manager server when that machine is shut down, the Device Manager client processing will terminate.
3-6-1 Starting the Device Manager Server IMPORTANT: Do not use the Windows® Services panel to start and stop Device Manager services. Start the Device Manager server by one of the following methods: • Select Start, Programs, HP Command View XP AE, Device Manager, and then Start Server (see Figure 3-25), or • Enter the following command: C:\Program Files\CVXPAE\DeviceManager\ hdvm.
3-6-2 Stopping the Device Manager Server IMPORTANT: Do not use the Windows® Services panel to start and stop Device Manager services. Stop the Device Manager server by one of the following methods: • Select Start, Programs, HP Command View XP AE, Device Manager, and then Stop Server (see Figure 3-27), or • Enter the following command: C:\Program Files\CVXPAE\DeviceManager\ hdvm.
3-6-3 Verifying the Status of the Device Manager Server To verify the status of the Device Manager server, enter one of the following commands: • C:\Program Files\CVXPAE\DeviceManager\hdvm.bat status, or • C:\Program Files\CVXPAE\DeviceManager\hdvm.bat status2 NOTE: status2 is an interface used by other applications to check the status of the Device Manager server. The result will be a return code, as described in Table 3-1.
NOTE: The backup will be written to the following directories: C:\TMP\backup\base and C:\TMP\backup\database NOTE: This example used the C:\TMP directory as the backup location. In a production environment, you should create a permanent directory for the backup location.
Figure 3-30 Backing Up the Database Figure 3-31 Sample Batch Command Backing Up the Database 3-7-2 Restoring Command View XP AE Suite Products Databases IMPORTANT: Do NOT stop and/or start the Command View XP AE Suite Common Component services ® using the Windows Services Panel. Perform the stop/start commands in the exact order referenced in the procedure. 1. Stop the Device Manager server: Select Start, Programs, HP Command View XP AE, Device Manager, and then Stop Server (see Figure 3-27).
• /restore: Specify the absolute path of the Device Manager server database backup file (backup.hdb). • /type: Specify the name of the Command View XP AE Suite product to be restored. Specify DeviceManager to restore the Device Manager database, or specify ALL (all capital letters) if you want to restore all Command View XP AE databases at once. NOTE: If you specify DeviceManager for the type option, specify true for the server.base. initialsynchro property in the server.properties file.
Figure 3-33 Verifying HiRDB has Stopped Figure 3-34 Restoring the Database Windows® Systems Installation 62
Figure 3-35 Starting HiRDB Figure 3-36 Sample Batch Command Restoring Database 3-7-3 Initializing a Command View XP AE Device Manager Server Database 1. Stop the Device Manager server: Select Start, Programs, HP Command View XP AE, Device Manager, and then Stop Server (see Figure 3-27). CAUTION: Do not use the Windows® Services panel to stop the Device Manager server. 2. Verify that HiRDB is running: C:\Program Files\CVXPAE\Base\bin>hcmdssrv /status (see Figure 3-29). 3.
CAUTION: Do not use the Windows® Services panel to start the server. 8. In the server.properties file, change the server.base.initialsynchro property back to false. See section 7-2-24 for more information. 3-8 Uninstalling Device Manager Components 3-8-1 Uninstalling the Device Manager Server in a Standard Environment CAUTION: Unless you are experiencing problems and need to redo a complete installation, you should not uninstall Device Manager.
6. Select Done to exit. If the Windows® operating system indicates that certain files were not uninstalled, you must manually delete them.
3. Stop the Common Component services: \bin\hcmdssrv /stop NOTE: Do not stop the Common Component services while another Command View XP AE Suite program is running. 4. Place the HiRDB/ClusterService_HD0 offline. 5. If the following resources are not in use by another application, delete them: • HiCommand Single Sign On Service. • HiCommand Common Web Service. • HiCommandServer. • HiRDB/ClusterService_HD0. 6.
4 Command View XP AE Suite Common Component Command View XP AE Suite Common Component provides features that are used by all Command View XP AE Suite products. Each Command View XP AE Suite product will bundle Common Component.
4-2 Starting and Stopping Command View XP AE Suite Common Component 4-2-1 Starting Common Component Ordinarily you should not need to manually start Common Component. ® To start Common Component in a Windows environment: 1. Log in to the system as a user with Administrator privileges. 2. Start the Common Component services: \bin\hcmdssrv /start 3. Verify that Common Component has started: \bin\hcmdssrv /status 4.
4-3 Integrated Logging 4-3-1 Integrated Log Output Common Component provides common log files and a common library for log output for each program product in the Command View XP AE Suite. Device Manager uses this information to show the details for the log files. Table 4-2 Integrated Log Output ® Log Type Log Name Description Location (Windows ) Common trace log file hntr2*.
Figure 4-1 Selecting the Number of Trace Log Files (Windows®) 4-3-2-2 Specifying the Size of Trace Log Files (Windows®) Windows®: The Windows® HNTRLib2 utility is stored on the following path: c:\Program Files\ Hitachi\HNTRLib2\bin\hntr2util.exe To change the size of the trace log files: 1. Ensure you have administrator permissions. 2. Execute hntr2util.exe. The Hitachi Network Objectplaza Trace Utility 2 panel is displayed (refer to Figure 4-1). 3.
Table 4-3 The Device Manager Server and Common Component Ports Component Network Port Description Device Manager agent. 23011/tcp Note: For more information see HP StorageWorks Command View XP AE Device Manager Agent Installation and Configuration Guide. Command View XP AE Suite Common Component. Used for the Device Manager agent HTTP (web) server. You can change the port after installation using the server.http.port property. For details, see section 7-2-3).
4-4-2-1 23015/tcp (Used for Accessing Non-SSL Common Web Service) To change the port used for accessing non-SSL Common Web Service, you must change the port number written in the following file: Windows®: • VirtualHost host name:port number in \httpsd\conf\httpsd.conf, and • Port number coded in the listen directive in \httpsd\conf\httpsd.
4-5 Setup for Starting a Web Application from Web Client 4-5-1 Using hcmdslink to Register an Application When you select Tools in the Web Client menu bar, Device Manager displays a window that allows you to launch other Command View XP AE products. By registering the Web applications that you often use or the information that you want to reference (such as a device installation chart) to this window, you can easily call a desired application from Web Client.
• @NAME: Information used as the key for registration. Specify a unique name. This item is required. The maximum length of the name is 256 bytes. Use alphanumeric characters only. • @URL: The URL of the target of the link from Web Client. The maximum length of the URL is 256 bytes. • @DISPLAYNAME: The name displayed in the window that appears when you select Tools in Web Client. If no information is specified, the name specified in @NAME is displayed. The maximum length of the name is 60 bytes.
Options: • print: Displays a list of URLs and programs that are currently set up. • change: Overwrites the information about the currently registered URL with the information about the new URL. Specify the currently registered URL and the new URL. The specified URL must be a complete URL that contains protocols and port number. Return values: • 1: Argument error. • 2: URL does not exist. • 253: Restoration failure. • 254: Backup failure. • 255: Abnormal termination.
6. • Change the host name specified for the tag to the host name after the change. • Change the value for the ServerName parameter in the tag to the host name after the change. Edit the pdsys file and def_pdsys file. Change the value for the –x option for the pdunit parameter to the host name after the change. NOTE: Specify a virtual host name for a cluster configuration. The following describes the storage destinations for the pdsys file and def_pdsys file: 7.
5 Setup for Managing Copy Pairs This chapter discusses the following setup requirements: • The Device Manager server requirements (see section 5-1 ) • Host requirements (see section 5-2 ) • Disk array requirements (see section 5-3 ) • RAID Manager XP requirements (see section 5-4 ) 5-1 Server Requirements for Managing Copy Pairs • You can use Device Manager to control copy pairs in one of two ways: • Local management, with each host managing the copy pair(s) for the LUs recognized by that host, or
• After the disk array has been configured as required, the disk array must be refreshed. • The disk array serial numbers managed by Device Manager must all be unique. In the case of Continuous Access XP, remote disk arrays that are not managed by Device Manager must also have unique serial numbers. CAUTION: You can use the XP512/XP48 Remote Console, the XP12000/XP10000 and XP1024/XP128 Remote Web Console, the SVP or RAID Manager XP to create or manage a copy pair without using RAID Manager XP.
5-4 Creating Configuration Definition Files for RAID Manager XP You can use Device Manager to create a configuration definition file, which is then used by RAID Manager XP to create copy pairs. Device Manager has the following features when interacting with RAID Manager XP: • You cannot use Device Manager to delete an invalid configuration file, even if you created that file with Device Manager. You must use RAID Manager XP.
6 Command View XP AE Device Manager Server Security 6-1 Overview of Command View XP AE Device Manager Security This section discusses the following server security procedures: • An overview of server security (see section 6-1-1 ) • Enabling SSL/TLS server security (see section 6-2-2 ) • Obtaining a signed and trusted Server Certificate (see section 6-2-3 ) • Displaying the contents of the server keystore (see section 6-2-4 ) • Deleting an entry from the server keystore (see section 6-2-5 ) • Chan
• • Windows®: c:\Program Files\Java Web Start is used to indicate the default Device Manager server installation directory. If your directory is not located in the default directory, adjust commands or paths accordingly.
6-2 Using the HiKeytool Script File to Modify Server Security Properties 6-2-1 Creating a Keypair NOTE: If you make a mistake during this process and need to start over, exit by pressing Ctrl+c and restart HiKeytool. Throughout this section, use the default values presented unless you are either very familiar with the area of cryptography and Java™ security or are otherwise instructed.
expire, users will be unable to establish a secure connection with the Device Manager server via SSL/TLS. • 17. If you elect not to have your server certificate signed, the value that you place in this field will determine the period during which the keypair and associated server certificate will be valid. The default is 365 days. Enter the keystore password (6 characters minimum) [default=passphrase].
Figure 6-2 Creating a Keypair Command View XP AE Device Manager Server Security 84
6-2-2 Enabling TLS/SSL Server Security IMPORTANT: TLS and SSL require Internet Explorer 6.0 or higher. 1. Open a command line or terminal window and launch HiKeytool (refer to section 6-2-1 for instructions). 2. From HiKeytool, type 2 (Set Device Manager Server Security Level). 3.
Figure 6-3 Default Device Manager Server Security Level Figure 6-4 Selecting and Confirming Server Security Level Changes 6-2-3 Creating and Importing a Digitally-signed Certificate This section contains instructions for obtaining a digitally-signed certificate from a well known and trusted Certificate Authority. For instructions on importing the security certificate to a browser, see HP StorageWorks Command View XP AE Device Manager Web Client User Guide.
2. HiKeytool will inform the user where the Certificate Signing Request has been stored on disk (see Figure 6-5), which will be in a file named .csr inside the directory. The contents of your CSR will look similar to the example in Figure 6-6. IMPORTANT: Your CSR will contain extra carriage returns and line feeds which must be included when it is sent to the Certificate Authority, or it will not be processed correctly. 3.
–tnYJU1QAJfrRqTi9eFL4N2Ooo4An8jXYooBjnkno1r+X+V4r –-----END NEW CERTIFICATE REQUEST----– Figure 6-6 Sample Certificate Request 6-2-3-2 Importing a Signed and Trusted Certificate Once you receive your digitally-signed certificate from the Certificate Authority, you can use HiKeytool to import it. Some Certificate Authorities will return your digitally-signed certificate as an attached file with a .cer extension.
Figure 6-8 Entering the Digitally-signed Certificate Location (Windows®) Figure 6-9 Notification of Successful Import of Digitally-signed Certificate Command View XP AE Device Manager Server Security 89
6-2-4 Displaying Contents of Device Manager Keystore 6-2-4-1 Regular Mode 1. Open a command line or terminal window and launch HiKeytool (refer to section 6-2-1 for instructions). 2. From HiKeytool, type 5 (Display Contents of Device Manager Server Keystore), and then press the Enter key. 3.
Figure 6-11 Sample Verbose Contents of Device Manager Server Keystore 6-2-5 Deleting an Entry from Device Manager Server Keystore 1. Open a command line or terminal window and launch HiKeytool (refer to section 6-2-1 for instructions). 2. From HiKeytool, type 7 (Delete an Entry from the Device Manager Server Keystore), and then press the Enter key. 3.
Figure 6-12 Entering the Number of Alias to be Deleted Figure 6-13 Confirming Deletion of an Alias 6-2-6 Changing the Device Manager Server Keypass 1. Open a command line or terminal window and launch HiKeytool (refer to section 6-2-1 for instructions). 2. From HiKeytool, type 8 (Change Device Manager Server Keypair/Self-Signed Certificate Keypass), and then press the Enter key. 3. Type the existing Device Manager server Keystore password, and then press the Enter key (see Figure 6-14). 4.
CAUTION: Make sure to enter only characters (A-Z, a-z), numbers (0-9) or white space, or you can render your keystore unusable. 6. You will be prompted for a confirmation of the new Keypass (see Figure 6-16). Type the new Keypass again, and then press the Enter key. 7. You will need to restart the server for the changes to be effective.
Figure 6-16 Entering and Confirming the New Keypass 6-2-7 Changing the Device Manager Server Keystore Password 1. Open a command line or terminal window and launch HiKeytool (refer to section 6-2-1 for instructions). 2. From HiKeytool, type 9 (Change Device Manager Server Keystore Password), and then press the Enter key. 3. Type the current keystore password, and then press the Enter key (see Figure 6-17). 4. You will be prompted for your new password. (see Figure 6-18).
Figure 6-17 Entering Old Keystore Password Figure 6-18 Entering New Keystore Password Command View XP AE Device Manager Server Security 95
Figure 6-19 Confirming New Keystore Password 6-2-8 Displaying Contents of the Device Manager Server Truststore 1. Open a command line or terminal window and launch HiKeytool (refer to section 6-2-1 for instructions). 2. From HiKeytool, type 10 (Display Contents of Device Manager Server Truststore), and then press the Enter key. 3. The display will include the entry alias, the date the certificate was created, and the MD5 Fingerprints for that entry (see Figure 6-20).
Figure 6-20 Contents of Device Manager Server Truststore 6-2-9 Displaying Verbose Contents of the Device Manager Server Truststore 1. Open a command line or terminal window and launch HiKeytool (refer to section 6-2-1 for instructions). 2. From HiKeytool, type 11 (Display Verbose Contents of Device Manager Server Truststore), and then press the Enter key. 3. This will display the verbose information for each entry in the Device Manager server truststore (see Figure 6-21).
Figure 6-21 Displaying Verbose Information for Device Manager Truststore 6-2-10 Deleting an Entry from the Device Manager Server Truststore 1. Open a command line or terminal window and launch HiKeytool (refer to section 6-2-1 for instructions). 2. From HiKeytool, type 12 (Delete an Entry from the Device Manager Server Truststore), and then press the Enter key. 3. HiKeytool will display a list of all entries in the Device Manager server truststore. 4.
Figure 6-22 Entering the Alias to be Deleted from Truststore Figure 6-23 Confirming the Alias to be Deleted From Truststore Command View XP AE Device Manager Server Security 99
6-2-11 Changing the Device Manager Server Truststore Password 1. Open a command line or terminal window and launch HiKeytool (refer to section 6-2-1 for instructions). 2. Type 13 (Change Device Manager Server Truststore Password), and then press the Enter key. 3. Type the existing truststore password, and then press the Enter key (see Figure 6-24). 4. Type the new truststore password, and then press the Enter key (see Figure 6-25). This password is case sensitive.
Figure 6-25 Entering and Confirming New Truststore Password 6-3 Configuring Common Web Service for SSL Communication The Common Web Service supports versions 2 and 3 of SSL, and version 1 of TLS. This section discusses the following security procedures: • Generating a Private Key (see section 6-3-1 ). • Creating a Certificate Signing Request (CSR) (see 6-3-2 ). • Creating a Self-Signed Certificate (see section 6-3-3 ). • Enabling SSL (see section 6-3-4-1 ). • Disabling SSL (see section 6-3-4-2 ).
This would generate the following output: –1160 semi-random bytes loaded –Generating RSA private key, 1024 bit long modulus –..........+++++ –.........+++++ –e is 65537 (0x10001) Figure 6-26 Output of sslc genrsa -out demoCA\httpsdkey.pem 1024 Command 6-3-2 Creating a Certificate Signing Request (CSR) Use the sslc req utility to create a Certificate Signing Request (CSR), which you will send to a Certificate Authority (CA). The CA will send you a signed certificate.
The prompts appear generally as follows: –You will be prompted to enter information to incorporate into the certificate request. –This information is called a Distinguished Name or a DN. –There are many fields however some can remain blank. –Some fields have default values. –Enter '.', to leave the field blank.
6-3-4 Configuring SSL 6-3-4-1 Enabling SSL To enable SSL: 1. Open the httpsd.conf file. 2. Make the directives for the SSL port and logical host effective by deleting the pound sign (#) at the beginning of the corresponding lines. 3. Specify the full path name of the certificate file received from the Certificate Authority and the full path name of the private key file for the Web server: • 4.
6-3-4-2 Disabling SSL To disable SSL, comment out the directives for the SSL port and logical host in the httpsd.conf file. Figure 6-30 is an example of disabling SSL in Windows®. NOTE: The line that begins with a pound sign (#) is a comment line. –Listen 23015 –SSLDisable – –#Listen 23016 –# –# ServerName www.example.com –# SSLEnable –# SSLRequireSSL –# SSLCertificateFile "c:/Program Files/CVXPAE/Base/httpsd/conf/ssl/server/httpsd.
–#Listen 23016 –#:port-number> –# ServerName –# SSLEnable –# SSLRequireSSL –# SSLCertificateFile –# SSLCertificateKeyFile –# SSLCACertificateFile –# SSLSessionCacheTimeout 3600 –# Figure 6-31 Editing Format of the httpsd.
> java -jar WSIEncryptString.jar keystore-password When the command is executed, the encrypted character string of the keystore password is displayed. This character string is used in a later step. 3. Stop the Device Manager server. Stop the Device Manager server as follows: Select Start, Programs, HP Command View XP AE, Device Manager, and then Stop Server. 4. Modify the MOF file (WBEMSolutions_CIMXMLCPA.mof).
6-4-2-2 Setup Procedure Performed in the Device Manager Server 1. Import the client authentication file into the truststore file. The truststore file (the truststore password is trustssl) is stored in the following location: Device-Manager-installation-folder\HiCommandServer\wsi\server\ jserver\bin\.truststore For details on how to import an authentication file into the truststore file, 6-5 . 2. Perform steps 3 to 6 in 6-4-1 to set ClientAuthenticationEnabled to true.
Specify, in the MOF file, the encrypted keystore password that was obtained in step 4 of this procedure.
keytool -genkey -keystore keystore-filename -storepass keystorepassword-name -alias alias -dname entity-distinguished-name -validity validity-of-certificate -keypass keypass -keyalg RSA NOTE: Specify the same password for -storepass and -keypass. Example of executing the command: > keytool -genkey -keystore .keystore -storepass sanssl -alias san3gssl -dname "CN=san3g, OU=SSL, O=hitachi, L=yokohama, S=kanagawa, C=JP" validity 720 -keypass sanssl -keyalg RSA 2. Check the created keystore file.
7 Command View XP AE Device Manager Server Properties 7-1 Overview of Command View XP AE Device Manager Server Properties In Windows® systems, the default directory for the configuration definition file is: c:\Program Files\CVXPAE\DeviceManager\HiCommandServer\config IMPORTANT: If you make a change to any property file, that change will not take effect until the server is rebooted. If you make changes to any server properties, you will need to restart the Device Manager agent.
c:\CVXPAE\docroot\foo.bar should be entered as c:\\CVXPAE\\docroot\\foo.bar. There is generally no need to backslash-escape any other characters in the property directives. CAUTION: As a general rule, server properties should not need to be modified. Use extreme caution when you are modifying the configuration properties, because you can cause the server to fail or to function incorrectly.
Table 7-1 Summary of Device Manager Property Files Property Description Location server.http.log.reverseDNS Flags whether the Device Manager server performs reverse-DNS (Domain Name Server) lookups for its access logging. Section 7-2-16 server.http.cache.size Sets the upper-limit size of the Device Manager server's internal file cache. Section 7-2-17 server.http.cache.maxFileSize Sets the maximum file size for server-side caching. Section 7-2-18 server.http.fileTypes.
Table 7-1 Summary of Device Manager Property Files Property Description Location Logger Properties Section 7-4 These properties contain a set of directives that configure the Device Manager server's logging module, including the names, locations and verbosity level of operational and error logging of the various log files. logger.loglevel Determines the verbosity level of operational (trace) and error logging. logger.
Table 7-1 Summary of Device Manager Property Files Property Description Location Client Properties These properties affect the configuration of Device Manager Web Client. Section 7-7 client.logger.trace Defines whether or not to output trace log information. Section 7-7-1 client.message.timeout Defines the maximum wait time for the Device Manager server response (timeout of connection) in seconds. Section 7-7-2 client.outputhorcmfunction.
7-2 Server Configuration Properties The server configuration properties are contained in the server.properties file. This is normally located in the HiCommandServer/config directory, under the installation directory. ® The default directory for the configuration properties on Windows systems is: • c:\Program Files\CVXPAE\DeviceManager\HiCommandServer\config 7-2-1 server.http.
7-2-6 server.http.request.timeout This property sets the read-blocking timeout of the HTTP socket connection (in milliseconds). It can be used to enable or disable the SO_TIMEOUT setting for client-connection sockets. Reading from the input stream associated with a socket will block for only this amount of time before the socket expires. Its default value is 5000 (5 seconds). A value of zero is interpreted as an infinite timeout, meaning that SO_TIMEOUT is disabled for client connections.
7-2-11 server.http.socket.linger This Boolean property toggles whether the SO_LINGER socket attribute is enabled for client connections with the Device Manager server. Setting this flag to its default value means a linger-onclose timeout of 60 seconds is applied to socket connections. You should only modify this property if you are an expert System Administrator seeking to fine-tune the server’s performance. Default: true 7-2-12 server.http.socket.
Default: false 7-2-17 server.http.cache.size This property sets the upper-limit size of the Device Manager server’s internal file cache (in bytes). A value of zero turns file caching off, which may adversely affect server performance when delivering complex static files (HTML pages containing images, etc). This setting could be increased on a host machine with sufficient RAM installed.
7-2-22 server.base.home This property contains the installation directory of Common Component, which is set by the Device Manager installer. You should not change this property under normal circumstances. Default: 7-2-23 server.horcmconfigfile.hostname This property allows you to specify whether to use the host name (hostname) or the IP address (ipaddress) when Device Manager edits the configuration definition file.
The database properties configuration file contains the set of directives that pertain to establishing a connection with the Device Manager server’s database. Before the Device Manager server will run you need to correctly enter these settings and start the Database Management System (DBMS). If the server cannot connect to its DBMS, an entry is written to the error log (the default location is in the logs directory). This information can help considerably when you are troubleshooting a new installation.
The Windows® event log is located in the event viewer. 7-4-1 logger.loglevel This property determines the verbosity level of operational (trace) and error logging. The values accepted in this field are (in decreasing order of detail): DEBUG, INFO, WARN, ERROR, and FATAL. The default logging level for production systems is INFO, which means that debugging or informational entries as well as warnings and error messages are written into the trace and error logs. Default: INFO 7-4-2 logger.
7-4-7 logger.hicommandbase.MaxFileSize This property sets the maximum size of each of the rolling backup Device Manager trace log files. The specified size is assumed to be in bytes unless you specify kB for kilobytes, MB for megabytes or GB for gigabytes. Valid values are between 4096 and 2147483647. Even if this directive is not found in the properties file, an internal default value of 1 MB will be used. Default: 1 MB 7-5 Dispatcher Properties Dispatcher properties are contained in the dispatcher.
Default: 2:45 7-5-7 server.dispatcher.endTimeOfIgnoringConnectionAlert This property defines the end time of the interval for stopping SNMP communication alert. If you access a disk array that is in regular reboot, that will cause this alert. Default: 3:15 7-5-8 server.dispatcher.daemon.receiveTrap This property determines whether or not port 162 is used as an SNMP Trap listener. The Device Manager can use SNMP to detect command completion and hardware issues.
NOTE: When the client is accessing the server through a proxy server and the connection timeout of the proxy is shorter than the timeout of this property, the notification message may be lost, because the timeout of the proxy server cuts the connection before the Device Manager server can send the response to Web Client. If this is the case, please set the timeout for this property to a time shorter than the timeout of the proxy Default: 300 seconds 7-7-3 client.outputhorcmfunction.
accepted. You can restrict the Device Manager server access to designated clients and/or to subnets such as a Local Area Network (LAN) or Wide Area Network (WAN), by using asterisks as a wildcard character. For example, a Device Manager server would only accept connections from the host machine itself and other client users on a LAN if this directive was set as: server.http.security.clientIP=127.0.0.1,192.168.*.
viewed via a web browser without separate authentication being required at each step. The default should not require modification under normal circumstances. Default: index.html, HiCommand/*, webstart/*, images/*, style/*, docs/*, favicon/ico 7-8-8 server.https.security.truststore This property assigns the name and location of the truststore file that contains the Server Certificates. The Device Manager server uses the default truststore distributed with the JRE named “cacerts”.
You can customize the log output to log messages based on severity, by modifying the customizedsnmptrap.customizelist property (see section 7-9-2 ). A customization definition for output log consists of five items separated by a colon. You can omit some items, but may not omit the colon delimiter. To specify more than one customization definition, use a comma as a delimiter, but make sure not to enter a comma at the end of the last entry.
7-9-1 customizedsnmptrap.customizedSNMPTrapEnable This property allows you to enable the SNMP trap log output function. Specify true to use the log output function, or false to not to use the function. Default: false 7-9-2 customizedsnmptrap.customizelist This property allows you to specify how to customize the SNMP trap log output. Refer to section 7-9 for details.
8 Linking Device Manager with Other Products 8-1 Linking with External Storage XP IMPORTANT: The External Storage XP function is only available for the XP12000 and XP10000. Device Manager distinguishes between XP12000/XP10000 internal volumes and volumes that have been mapped in external disk arrays, and displays them separately in the XP12000/XP10000 management window. To link Device Manager with External Storage XP: 1. Use Device Manager to map and manage the internal and external disk arrays.
9 Troubleshooting 9-1 Problems and Solutions Table 9-1 lists the common problems and solutions after installing the Device Manager on a Windows® platform. For a listing of Device Manager Error Codes, contact your HP support representative for assistance. Table 9-1 General Troubleshooting Information Problem Solution DESCRIPTION: Inconsistencies in LUNs and Logical Group information. LUNs disappear or logical group information is inconsistent between Device Manager servers.
9-2 Collecting Maintenance Information When an error occurs in a Device Manager server, you can use the cvxpaegetlogs command to obtain the maintenance information required for analyzing the Device Manager server error. 9-2-1 Using the cvxpaegetlogs Command to get Log Files 9-2-1-1 cvxpaegetlogs Command Features The cvxpaegetlogs command had the following features: • When you execute the cvxpaegetlogs command, the content of the directory specified with the dir option must be empty.
• The Device Manager log in window is not displayed when you start Web Client. • The Device Manager main window is not displayed after logging on to Device Manager. To acquire a Java™ VM thread dump in Windows®: 1. In \hwc\containers\HiCommand, create a file called dump. 2. Stop the Common Component services. Refer to section 4-2-2 if you need instructions. 3. The javacorexxx.xxxx.
Appendix A Overview of CIM/WBEM CIM (Common Information Model) allows you to access information about the storage subsystems managed by Device Manager. To collect such information, you can use the standard CIM operations released by DMTF (Distributed Management Task Force). CIM conforms to the SMI-S specifications proposed by SNIA (Storage Network Industry Association). This chapter gives an overview of CIM/WBEM (Web-Based Enterprise Management) provided by Device Manager.
Table A-1 Specifications and Versions Supported by Device Manager Specifications Version supported by Device Manager SMI-S 1.1.0 CIM Specification 2.2 CIM Schema 2.10 For details on CIM, see the information in Common Information Model Specification and CIM Schema on the DMTF website at: http://www.dmtf.org You can obtain information about SMI-S at: http://www.snia.org/smi/home/ You can obtain information about WBEM Service at: http://wbemservices.sourceforge.
Just by specifying the type of service, SLP clients can obtain information (such as URLs) about how to access the available services, and information about service attributes. In Device Manager, the Device Manager server uses the SLP to report information about the WBEM Service. A-3 Preparations for Operating the CIM/WBEM Features CIM/WBEM features are disabled by default in the Device Manager settings.
\Base\httpsd\conf\httpsd.conf Coding that enables SSL: LoadModule proxy_module complete-path-name-for-the-proxy-module Listen port-number-for-SSL-in-CIM/WBEM-features ServerName host-name SSLEnable SSLRequireSSL SSLCertificateFile complete-path-name-for-the-certificate-file-from-CA SSLCertificateKeyFile complete-path-name-for-the-private-key-file ProxyPass / http://127.0.0.
When the port number has been changed, the file created in step 2 is deleted. If the port number has not been deleted, retry the operations to change the port number. NOTE: In the following cases, the property file is deleted even if the port number has not been changed: • • When the specified port number is being used by another program. When a value greater than 65535 is specified for the port number. NOTE: • • The new port number remains effective until you change the port number again.
A-4-1-3 server.cim.https.port To use SSL for the CIM interface, specify the port number of HTTPS. Default: 5989 Delete the hash mark (#) at the beginning of the line corresponding to the server.cim.https.port property, and then specify the port number used for SSL in the CIM/WBEM features. If you want to disable the setting for this property, add a hash mark (#) to the beginning of the line. A-4-2 The jserver.properties File This properties file sets up the operating environment for the WBEM Service.
MMdd: Month (MM) and day (dd) of the execution time HHmm: Hour (HH) and minute (mm) of the execution time N: A value from 1 to 4 is set for each execution performed at the same time (hour and minute). If this value is 5 or greater, the log is not output. A-4-2-5 propdir This property specifies the directory containing the cimom.properties file. Do not change the value of this property.
To automatically start the service when Windows starts, execute the command with the auto option. > slpd -install auto This operation is required only once. Even if you restart the Windows system, you do not need to re-register the daemon. If you execute the command without the auto option, you need to manually start the SLP daemon. When you uninstall Device Manager, you need to delete the SLP daemon from Windows services before you uninstall Device Manager.
Table A-4 Type Table Name Here Administration permission Service method CIM operation Indication Guest (Not usable) Usable (Not usable) Local System Administrator (Not usable) (Not usable) (Not usable) Local Storage Administrator (Not usable) (Not usable) (Not usable) Local Guest (Not usable) (Not usable) (Not usable) Appendix A Overview of CIM/WBEM 142
Acronyms and Abbreviations DASD DKCMAIN direct access storage device The version of microcode running on a StorageWorks XP512/XP48 or XP1024/XP128 disk array.
Index B backing up server database Windows®, 58 C changing truststore password instructions, 100 CIM overview, 134 client properties, 124–25 client.logger.trace, 124 client.message.
SNMP trap properties, 127–29 web configuration properties, 116–20 server.cim.http.port, 120 server.cim.https.port, 120 SNMP trap properties, 127–29 customizedsnmptrap.