Vblock Vcevision 2 5 Admin

VCE Vision Intelligent Operations Version 2.
5 Administration
Guide
Revision history
www.vce.com
VCE Vision Intelligent Operations

Version 2.5
Administration Guide
Document revision 2.1
May 2014
2014 VCE Company, LLC.

All Rights Reserved.
1
2014 VCE Company,
LLC.
Revision history
VCE Vision Intelligent Operations Version 2.5

Revision history
Date
VCE Vision
Intelligent
Operations version
Document revision
Author
Description of
changes
May 2014
2.5
2.1
Megan Grasso
Added section called

"Forwarding syslog
messages to remote
syslog servers."

VCE Vision Intelligent Operations Version 2.5 Administration

Guide
Table of contents
Table of contents
Introduction ................................................................................................................................................. 5
Accessing VCE documentation ................................................................................................................. 6
Referencing third party licenses ............................................................................................................... 7
Managing passwords.................................................................................................................................. 8
Changing the default password for user root ......................................................................................... 8
Changing the CAS password ................................................................................................................. 9
Changing access credentials for components ...................................................................................... 11
Customizing VCE Vision settings ........................................................................................................... 15
Taking snapshots of the VCE Vision virtual machine ........................................................................... 15
Changing VCE Vision virtual machine network properties ................................................................... 18
Configuring Plug-in for vCenter settings ............................................................................................... 21
Changing the interval of the component discovery cycle ..................................................................... 22
Changing the interval of the component health discovery cycle .......................................................... 24
Configuring login banners ..................................................................................................................... 25
Viewing information about your Vblock system .................................................................................... 27
Viewing the Vblock System and its components .................................................................................. 27
Changing the name, location, and contact information for your Vblock System .................................. 28
Assuring your Vblock System is compliant ........................................................................................... 30
Working with the Compliance Checker ................................................................................................ 30
Updating the compliance content ......................................................................................................... 31
Customizing the Compliance Checker to reflect your environment ..................................................... 33
Running a compliance scan ................................................................................................................. 34
Viewing the results of a compliance scan ............................................................................................ 35
Monitoring the health of the Vblock System .......................................................................................... 36
Health Metric ......................................................................................................................................... 36
Components that reflect health ...................................................................................................... 36
Where is the health status exposed? ............................................................................................. 38
How does it work? .......................................................................................................................... 39
Calculated health statuses ............................................................................................................. 41
Monitoring your Vblock System .............................................................................................................. 42
Monitoring and filtering events.............................................................................................................. 42
Overview of VCE Vision logs ................................................................................................................ 44
Viewing the VCE Vision logs ................................................................................................................ 46
Viewing the System Library logs from a centralized directory ....................................................... 47
Table of contents

Exporting logs into a single file ............................................................................................................. 49

Overview of syslog messaging ............................................................................................................. 51
Changing the syslog rotation parameters ............................................................................................. 52
Forwarding syslog messages to remote syslog servers....................................................................... 54
Filters for forwarding syslog messages.......................................................................................... 55
Backing up and restoring VCE Vision .................................................................................................... 57
How does it work? ................................................................................................................................ 57
Changing the VCE Vision backup schedule ......................................................................................... 58
Backing up VCE Vision configuration files on demand ........................................................................ 60
Restoring the VCE Vision configuration files ........................................................................................ 62
Backing up the VCE Vision virtual machine ......................................................................................... 64
Backing up Vblock System configuration files ...................................................................................... 65
How does it work? ................................................................................................................................ 65
Best Practices ....................................................................................................................................... 67
Move the files off site on a daily basis ........................................................................................... 67
Procedure to collect the Vblock System configuration files using the REST resource .................. 67
Protect the VMware files ................................................................................................................ 68
Troubleshooting ........................................................................................................................................ 69
Starting the System Library Agent ........................................................................................................ 69
Stopping the System Library Agent ...................................................................................................... 70
Monitoring VCE Vision services ........................................................................................................... 71
Managing System Library services....................................................................................................... 72
Displaying information about the System Library FM Agent package.................................................. 73
Verifying the Red Hat Package Manager (RPM) packages ................................................................. 74
Appendix .................................................................................................................................................... 76
System Library utilities .......................................................................................................................... 76
VCE Vision TCP and UDP open ports ................................................................................................. 77
TCP ports ....................................................................................................................................... 77
UDP ports ....................................................................................................................................... 78


Guide
Introduction
Introduction
This document provides information to manage a Vblock System using the VCE Vision Intelligent
Operations software.
The target audience for this document includes personnel responsible for administering a Vblock System using
the VCE Vision System Library and the VCE Vision Plug-in for vCenter. It is assumed that the user of this
document has a working knowledge of the VMware vCenter Console.
VCE Vision Intelligent Operations supports the US English keyboard.
The VCE Glossary provides terms, definitions, and acronyms that are related to Vblock Systems. Refer to
Accessing VCE documentation.
To suggest documentation changes and provide feedback on this book, send an e-mail to
docfeedback@vce.com. Include the name of the topic to which your comment applies.

Accessing VCE documentation

Accessing VCE documentation

Select the documentation resource that applies to your role:
Role
Resource
Customer
support.vce.com
A valid username and password are required.
VCE Partner
www.vcepartnerportal.com/resourcelib-vce.asp?loc=331
A valid username and password are required.
Cisco, EMC, VCE, or VMware employee
www.vceportal.com/solutions/68580567.html
VCE employee
www.vceview.com/solutions/products/
or
vblockproductdocs.ent.vce.com


Guide
Referencing third party licenses
Referencing third party licenses

Use this procedure to view the document that contains the third party licenses VCE Vision uses.
Before you begin
Successfully configure and deploy the VCE Vision virtual machine.
Power on the VCE Vision virtual machine.
Procedure
1. Open a Web browser.
2. Type https://<fqdn>:8443/license/vblock-vcevision-2-5-software-license-ref.pdf.
where <fqdn> is the configured fully qualified domain name of the VCE Vision virtual machine.
3. Accept the security certificate.

Managing passwords

Managing passwords
Changing the default password for user root
The VCE Vision virtual machine is delivered as a VMware virtual appliance running on CentOS Linux with a
default password for user root that you can change. You can implement password aging to change the
password for root on a regular basis, for example, every 60 days.
Before you begin
You need the following:
The IP address of the virtual machine.
The default password for root specified during the Vblock System configuration process.
Note:
The default password is V1rtu@1c3!
The new password for root.
The number of days for which the password will be valid if you are implementing password aging.
Procedure
1. Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2. Change the default password for root using the Linux passwd command.
3.
To implement password aging, type chage -M nn, where nn is the number of days for which the
password is valid.


Guide
Managing passwords
Changing the CAS password

The VCE Vision virtual machine supports Central Authentication Service (CAS) for enterprise single sign-on for
web services. CAS has a default password for the admin user that you can change to meet your password
policy requirements. The default username is admin and the default password is 7j@m4Qd+1L.
When the CAS password is changed, the new password is encrypted and updated in the database.
Before you begin
Note the following password restrictions:
Length must be 8 to 20 characters.
Must include one uppercase letter, one digit, and one special character, such as !, @, #, $, %. Do not
use these characters when creating a new password: \, <, or >
Case sensitive.
Procedure
2. Navigate to the /opt/vce/fm/bin directory.
3. To change the CAS password, type ./slibCasChangepw.sh.
4. Enter the admin password for VCE Vision.

Managing passwords

5. Enter the new CAS password for the admin user and then confirm the new password.
What to do next
If you use the "admin" user for authentication to the Plug-in for vCenter, you must update the password
through the Plug-in for vCenter. See the Plug-in for vCenter online help for more information. If you use the
"admin" user for authentication to the Adapter for vCenter Operations Manager, you must update the
password through the Adapter for vCenter Operations Manager. See the VCE Vision Intelligent Operations
Version 2.5 Adapter for vCenter Operations Manager User Guide for more information.
10


Guide
Managing passwords
Changing access credentials for components

When the access credentials for components change, you must modify the vblock.xml file to reflect those
changes.
Note:
In the vblock.xml file, only modify the access credentials (username and password) for a component.
Do not change other configuration information. Contact VCE Support at http://support.vce.com/ if
you require other changes in the vblock.xml file.
Note:
There are no restrictions for the username and password for a component, such as the length and
including special characters.
Before you begin
You need to know the new access credentials for the component.
The name of the configuration file, if different from the default vblock.xml.
Procedure
1. Start an SSH session to the VCE Vision virtual machine.
Note:
Press Ctrl+C and type exit to quit the SSH session and discard your changes at any time.
2. Log in as user root.

Note:
V1rtu@1c3! is the default password.
3. Run the following command to stop the System Library services: stopFMagent
4. Run the following command to start the configuration script: configTool.sh
The script then prompts you to display a list of templates or enter the path to the vblock.xml file, as
follows:
Press Enter to display the list of available templates, or Enter the full path of an existing
vblock.xml file: [/opt/vce/fm/conf/template] :

11
Managing passwords

5. Enter the full path to the vblock.xml file.

Note:
The default path is as follows: /opt/vce/fm/conf/
The script then prompts you to select from a list of files in the path, as in the following example:
Press Enter to display the list of available templates, or Enter the full path of an existing
vblock.xml file: [/opt/vce/fm/conf/template] :/opt/vce/fm/conf/
(1)
configcollector.xml
(2)
configcollector_2.6.0.0.xml
(3)
fmagent.xml
(4)
log4j.xml
(5)
log4j_slib_sec.xml
(6)
vblock-simulator.xml
(7)
vblock.xml
Enter the number that corresponds to the system you are configuring ['0' to specify new file
or directory]:
6. Enter the number that corresponds to the vblock.xml file.

For example, in the preceding prompt from the script, you should enter 7 to modify the vblock.xml file.
After you select the vblock.xml file, the script prompts you to modify the attributes of the various
components. The script then prompts you to modify the component tag, serial number, and model
type attributes for the Vblock System, as follows:
Vblock
null
0
componentTag: 'VB-320',
managementInfrastructure: 'null', serialNumber: 'VB320-975-318-642', type: '320w5300'
(1) componentTag, 'VB-320'
(2) serialNumber, 'VB320-975-318-642'
(3) type, '320w5300'
To change an attribute enter the corresponding number from the list ('0' to continue to next
step):
7. Enter 0 to continue to the next step. You should not modify these attributes.
The script then prompts you to modify the location attributes for the Vblock System, as follows:
VblockLocation
Vblock
1
building: '350 Campus',
floor: '1rd', geo: 'Marlborough, MA', room: 'Eisenhower', row: 'Dev', tile: '2'
(1) building, '350 Campus'
(2) floor, '1rd'
(3) geo, 'Marlborough, MA'
(4) room, 'Eisenhower'
#160;
(5) row, 'Dev'
(6) tile, '2'
step):
8. Enter 0 to continue to the next step. You should not modify these attributes.
The script then prompts you to modify component attributes such as IP addresses and access
credentials.
12


Guide
Managing passwords
9. Do one of the following:
Enter 0 to navigate through the various components to find the access credentials that you need
to change.
Enter the number that corresponds to the access credential you need to change.
10. Enter v to validate changes to the vblock.xml file after you change the access credentials.
The following example explains how to change the password for a Cisco UCS Manager, but this
process is similar for all components.
The script prompts you to change the IP address of the Cisco UCS Manager. You should press 0 to
continue to the next step, as follows:
Server
Compute
3
address:
'http://192.168.101.123/nuova', componentTag: 'VMABO-UCS-1', esxi: 'null', ipaddress:
'192.168.101.123', name: 'sys', type: 'UCS'
(1) ipaddress, '192.168.101.123'
step): 0
The script then prompts you to change the access credentials, which include the SNMP community
string, password, and username. To change the password, you should enter 2, as follows:
Credentials
Server
4
community: 'public',
ipaddress: 'Not Applicable', method: 'xml', password: '1BadDude', username: 'admin', which:
'null'
(1) community, 'public'
(2) password, '1BadDude'
(3) username, 'admin'
Enter selection ('0' to continue to next step, or 'v' to validate ): 2
The script then prompts you to enter a new value for the password. You should enter the new
password as appropriate, as in the following example:
Enter new value for attribute 'password' [1BadDude] ('s' to skip):NewPassw0rd
The script displays the new value for the password. You should verify the change is correct and then
enter v to validate the changes to the vblock.xml file, as follows:
Credentials
Server
4
community: 'public',
ipaddress: 'Not Applicable', method: 'xml', password: 'NewPassw0rd', username: 'admin',
which: 'null'
(1) community, 'public'
(2) password, 'NewPassw0rd'
(3) username, 'admin'
Enter selection ('0' to continue to next step, or 'v' to validate ): v
The script then displays the validation output, as in the following example:
Validating XmlApi connection. Please wait...
Validating XmlApi connection succeeded!

13
Managing passwords

11. Continue navigating through the script prompts until you have made all required changes to the
access credentials.
When you configure all components, the script validates the vblock.xml file. The script displays
validation output, as in the following example:
Validating VCenter connection: url=https://10.3.17.12/sdk, user=Administrator,
password=Vcem0123. Please wait...
Validating VCenter connection succeeded!
Validating XmlApi connection. Please wait...
Validating XmlApi connection succeeded!
Validating SNMP connection. Please wait...
Validating SNNP connection succeeded!
Validating SSH connection. Please wait...
12. Save the vblock.xml file.

The script prompts you with the following:
Enter a filename or Press Enter to save in [/opt/vce/fm/conf/vblock.xml] :
a. Press Enter.
The script prompts you with the following:
File exists would you like to overwrite (y/n)? y
b. Enter y.
The system displays the following message:
Saved to: /opt/vce/fm/conf/vblock.xml
13. Run the following command to stop the System Library services: startFMagent
14


Guide
Customizing VCE Vision settings

Taking snapshots of the VCE Vision virtual machine
Use this procedure to create a snapshot of the VCE Vision virtual machine before you customize VCE Vision
settings. A virtual machine snapshot is a backup to which you can revert if you encounter problems while
making changes to VCE Vision settings.
Note:
As a best practice you should remove virtual machine snapshots after you make the required changes
to VCE Vision settings. Refer to the VMware documentation for more information. Knowledge base
article ID 1025279 provides information on best practices for snapshots in a VMware environment.
Procedure
1. Power down the virtual machine to ensure that you backup applications in a reliable state.
a. Start an SSH session to the VCE Vision virtual machine.
b. Log in as user root.
Note:
c.
V1rtu@1c3! is the default password.
Run the following command:

shutdown -h now
The following message displays when the VCE Vision virtual machine shuts down:
The system is going down for halt NOW!
2. Log in to the VMware vSphere Client using an account with administrative privileges.

15

3. In the Navigation bar, select Home > Inventory > Hosts and Clusters.
The following screen capture shows Hosts and Clusters in the Navigation bar:
The VMware vSphere Client displays the hosts and clusters available in the environment.
4.
Navigate to the VCE Vision virtual machine for which you want to take a snapshot.
5.
Right-click the virtual machine and select Snapshot > Take Snapshot.
The following screen capture shows the Take Snapshot option in the context menu:
16


Guide
The VMware vSphere Client prompts you to specify a name and description for the snapshot:
6. Specify a name and description for the snapshot.

The name and description of the snapshot should be easy to recognize and meaningful to others.
7. Clear the checkboxes to snapshot the virtual machine memory and quiesce the guest file system, if
available.
8. Click OK to take the snapshot of the VCE Vision virtual machine.

17

Changing VCE Vision virtual machine network properties

Use the following procedure to change network properties for the VCE Vision virtual machine. You can change
network properties specified during deployment, including the fully qualified domain name (FQDN) or IP
address of the VCE Vision virtual machine.
Before you begin
After the OVA is successfully deployed, verify the System Library and applications like Postgres, JBoss,
RabbitMQ, and SNMP are configured correctly and behave as expected on first boot. To verify all services are
running, refer to Monitoring VCE Vision services.
You should take a snapshot of the VCE Vision virtual machine for backup purposes before you start change
the network properties. Refer to Taking snapshots of the VCE Vision virtual machine.
Procedure
1. Select the virtual machine from the vSphere Client, right-click, and select Edit Settings.
2.
18
In the Virtual Machine Properties window, select Properties from the Options tab. The Virtual
Machine Properties window appears.


Guide
3. Specify the appropriate network properties for the virtual machine and then click OK.
4.
Power on the virtual machine from the vSphere Client.

19

5. Open the vSphere Client console for the virtual machine.

The following image shows example messages in the console when the FQDN and IP address are
changed successfully:
If any of the preceding steps fail, the console displays the following message:
Failed!
Please check /opt/vmware/var/log/subsequentboot for details.
Check the /opt/vmware/var/log/subsequentboot directory for detailed information to troubleshoot the

issue.
6. To ensure that the FQDN has changed, start an SSH session to the VCE Vision virtual machine and
type hostname.
7.
To ensure that the IP address has changed, start an SSH session to the VCE Vision virtual machine
and type ifconfig.
What to do next
If you have changed the fully qualified domain name of System Library, you must update the hostname in the
administration settings section of the Plug-in for vCenter. Refer to Configuring Plug-in for vCenter settings for
more information.
20


Guide
Configuring Plug-in for vCenter settings

Use this procedure to configure the Plug-in for vCenter to work with a VCE Vision instance. You must enter the
hostname, port number, username and password to connect to the VCE Vision virtual machine and to view the
Vblock System. Connection and authentication credentials can be specified and edited any time after
installation.
You must also update the information in the following situations:
If you changed the CAS password in the VCE Vision virtual machine for the "admin" username,
update the username field.
If you updated the fully qualified domain name in the VCE Vision virtual machine, update the
hostname field.
If you deployed a new VCE Vision virtual machine, update the hostname, port number, and
username fields.
If you want to view a different Vblock System in your data center, update the hostname, port
number, and username fields.
Procedure
1. Launch a Web browser and log on to the vCenter Web Client at https://<IP or FQDN of vCenter
Web Client>:9443/vsphere-client.
2. In the Navigation area on the Home page, click Administration > VCE Vision Plug-in for vCenter >
Settings.
3. Enter the following in the Settings page.
Field
Description
Hostname
The fully qualified domain name of the VCE Vision virtual machine.
Port
8443 is the default port. Only change this if you have defined a different secure port for
VCE Vision.
Username
The user name for the Central Authentication Server (CAS) for VCE Vision
authentication.
Password
The CAS password.
Confirm password
Confirm the CAS password.
4. Click Update Settings.

5. Click the
icon to refresh the page.

21

Changing the interval of the component discovery cycle

The System Library discovers the physical and logical components of the Vblock System and makes that
information available through APIs to the Plug-in for vCenter and REST API and to a network management
system (NMS) using SNMP.
The initial discovery process that occurs at start up extracts the properties of components such as processor
cores, storage capacity, and switch ports. To keep the System Library view of the components current, the
discovery process runs at a specified interval. By default, the discovery interval for components is set to 15
minutes.
Note:
If you find that your discovery cycle takes longer than 15 minutes, modify the discovery interval to
make it longer.
You can modify the interval at which the components are discovered by System Library. The interval cannot
be less than five minutes or greater than 1440 minutes. If you set the interval to less than five minutes, the
system automatically defaults to five minutes. If you set the interval to more than 1440 minutes, the system
automatically defaults to 1440 minutes. VCE recommends that you set the discovery interval for components
to 15 minutes.
Before you begin
You must have:
Super User credentials
Access to the root desktop on the virtual machine through the VMware vSphere Web Client
Procedure
1. Start an SSH session into the VCE Vision virtual machine as root.
2. To stop the System Library FM Agent, type stopFMagent.
3. From the root desktop, navigate to the /opt/vce/fm/conf directory.
4. Open the fmagent.xml file using a text editor, such as Gedit or vi.
22


Guide
5. In the SchedulerConfig section, change the value of the DiscoveryCycle to an interval between 15
and 1440 minutes.
- <FMAgentConfig>
- <SchedulerConfig>
<DiscoveryCycle>15</DiscoveryCycle>
<HealthPollCycle>5</HealthPollCycle>
</SchedulerConfig>
</FMAgentConfig>
6. Save the file.

7. To restart the System Library FM Agent, type startFMagent.

23

Changing the interval of the component health discovery

cycle
The System Library gathers health statistics (operating status) for each of the components. To keep the health
for each component current, the System Library continues to gather health information at a specified interval.
By default, it checks the health status of the components every five minutes.
You can modify the interval at which the System Library checks the health status of the components. The
interval cannot be less than two minutes or greater than 15 minutes. If you set the interval to less than two
minutes, the system automatically defaults to two minutes; if you set the interval to more than 15 minutes, the
system automatically defaults to 15 minutes. VCE recommends that you set the health discovery interval for
components to 5 minutes.
Before you begin
You must have:
Super User credentials
Access to the root desktop on the virtual machine through the VMware vSphere Web Client
Procedure
2. To stop the System Library FM Agent, type stopFMagent.
3. From the root desktop, navigate to the /opt/vce/fm/conf directory.
4. Open the fmagent.xml file using any a text editor, such as Gedit or vi.
5. In the SchedulerConfig section, change the value of the HealthPollCycle to an interval between 2
and 15 minutes.
- <FMAgentConfig>
- <SchedulerConfig>
<DiscoveryCycle>15</DiscoveryCycle>
<HealthPollCycle>5</HealthPollCycle>
</SchedulerConfig>
</FMAgentConfig>
6. Save the file.

7. To restart the System Library FM Agent, type startFMagent.
24


Guide
Configuring login banners

Use this procedure to configure the login banner settings for the VCE Vision virtual machine. Login banners
provide access requirement information to authenticated users that is customized for your environment.
Before you begin
You will need the text for the banner. The text must be approved by your company's IT and legal departments
and should reflect your company's security policies.
Procedure
2. Using an editor such as vi or VIM, open the following files:
/etc/motd
/etc/issue
/etc/issue.net
3. Enter the text that you want to be the login banner to each file and configure these files as your
company requires them to look.
Note:
If there is content already in the /etc/motd file, do not overwrite the existing content.
Here is an example of a login banner.

#
***W A R N I N G***
THIS IS A PRIVATE COMPUTER SYSTEM.
This computer system including all related equipment, network devices,
are provided only for authorized use.
All computer systems may be monitored for all lawful purposes, including
those activities that are authorized for management of the system.
All information including personal information, stored or sent over this
system may be monitored.
Uses of this system, authorized or unauthorized, constitutes consent to
monitoring of this system.
Unauthorized use may subject you to criminal prosecution.
WARNING: Unauthorized access to this system is forbidden and will be
prosecuted by law.
By accessing this system, you agree that your actions may be monitored.
#

25

4. Save each file.

5.
Start a new SSH session to the VCE Vision virtual machine and log on as the root user.
The new login banner with your company text appears after you log in to the VCE Vision virtual
machine.
26


Guide
Viewing information about your Vblock system

Viewing the Vblock System and its components
You can access information about the Vblock System using any of the following methods:
Type of information to display
Action
To display information about a Vblock System like its

location and topology
1.
2.
3.
4.
Log on to the Plug-in for vCenter.

Open a Web browser and provide the URL to the
VMware vSphere Web Client.
On the Home page, click the Vblock System icon.
From here you can view the top level Vblock System
and all its components.
To display information about an entity MIB
From a MIB browser, use the SNMP GETs command.
To display information about the top-level Vblock System
The REST interface resource

https://<FQDN>:8443/fm/vblocks
To get the System Name, System Location and System

Contact for the Vblock System
From the command line, type one of the following

commands.
getmany v2c <ipaddress> <community>
sysName.0
sysLocation.0
sysContact.n
where:
<ipaddress> is the host IP address.
<community> is the name of the SNMP community
already configured using the configureSNMP tool.

27

Changing the name, location, and contact information for

your Vblock System
Use this procedure to modify the name, location, and contact information for your Vblock System.
Before you begin
You need to know:
The name you want to use to identify the Vblock System.
(Optional) The location of the Vblock System.
(Optional) The name of the contact person for the Vblock System.
Procedure
2. Run the following command:
Note:
When using the setSNMPParams command, you need to surround a value with double
quotes if the value includes spaces.
For example, setSNMPParams -n sysName Vblock System 700-23" f.
setSNMPParams [-n sysName <vblock_system_name>] [-l sysLocation <vblock system location>]

[c sysContact <vblock system contact>] [-h] [-v] [-f]
where:
28
-n sysName <vblock_system_name> Specifies the name of the Vblock System. The default is the
hostname.
-l sysLocation <vblock_system_location> Specifies the location of the Vblock System. The default
is an empty string.
-c sysContact <vblock_system_contact> Specifies the contact name in your organization for

Vblock System related matters. The default is an empty string.
-h Displays the usage help.
-v Displays the version.
-f Forces the System Library to reload the changes immediately.


Guide
Note:
If you do not specify the -f option, the changes take effect when you restart the System
Library FM Agent using the service vce-fm-master restart command.

29
Assuring your Vblock System is compliant


Working with the Compliance Checker
The Compliance Checker is a Security Content Automation Protocol (SCAP) based engine that provides
compliance audit functionality for a target Vblock System. The Compliance Checker, which can be accessed
using the Plug-in for vCenter, provides a set of criteria that determines if your Vblock System is compliant with:
The Vblock System Release Certification Matrix (RCM) - (RCM Compliance Validation) This allows
you to identify firmware and software that may need to be updated. VCE produces a new RCM every
month.
VCE security hardening guidelines (Security Compliance Validation - an optional module) - This
allows you to identify security vulnerabilities and risks that may exist on the Vblock System. The scan
uses the VCE security standards described in the VCE Vblock System Security Guide:
Configuration.
The Compliance Checker compares the actual settings found on your Vblock System to the expected values
found within the benchmark and profile you select. The results of the scans are displayed in detailed
compliance reports. When you view the reports, the overall compliance score lets you see at a glance how
close the Vblock System is to being compliant with the requirements of the benchmark and profile you selected
for the scan.
To make sure your Vblock System is compliant with either the RCM or Security Standards, you have to:
1. Select the benchmark and profile to use with the compliance scan
2. Run a compliance scan
3. Review the results of the scan
To make sure the scan is being run with the most current information, you must update the compliance content
(most recent RCM and the most current security standards).
Note:
30
If your Vblock System contains optional components, they are disabled by default and will not be
found in a compliance scan. To ensure the correct score, before you run the first compliance scan,
you must enable these optional components so that they can be included in the scan. Refer to the
Plug-in for vCenter online help for more information.


Guide
Updating the compliance content

When VCE releases new compliance content you will need to update the existing content on your Vblock
System. Updating the compliance content ensures that the Compliance Checker will have the most current
compliance information.
This task involves downloading the updated content file and running a script to install the content in your
environment. Once the compliance content has been successfully installed, it can be used by the Compliance
Checker.
Note:
Depending on the number of compliance modules installed on the Vblock System, there may be more
than one RPM.
Before you begin
Download the Red Hat Package Manager (RPM) file that contains the updated compliance content
you plan to install. To access the RPM files, go to the VCE Download Center which is accessible
when logged into http://support.vce.com. Then go to the VCE Software folder for your Vblock System.
You will need the CAS authentication credentials for Administrator. The default username is admin
and the default password is 7j@m4Qd+1L.
Procedure
1. For each compliance module, do the following:
a. Copy the RPM file to any location in the VCE Vision virtual machine.
b. Change directory to the location that contains the RPM file.
c. Run the following command at the prompt as a user with root privileges:
rpm -Uvh vce-compliance-content-<build_number>.rpm
Where:
o
rpm is the command to run Red Hat Package Manager.
-Uvh is the option to upgrade the RPM file.
vce-compliance-content-<build_number>.rpm is the name of the RPM file.

For example, vce-compliance-content-2.0.0-2013.10.01.x86_64.rpm

31

After you run the command, the RPM file saves the content in the
/opt/vce/compliance/content/subdirectory that corresponds to the compliance content that you
updated.
2. Run the following script: /opt/vce/compliance/content/install_content.sh
3. The update process uses the Compliance API to import content. For this reason, you must
authenticate to the CAS service to update your compliance content. When prompted, enter the CAS
administrative credentials. The default username is admin and the default password is
7j@m4Qd+1L.
After you authenticate, the script imports the updated compliance content for your environment. The following
message indicates that the content for two different modules, security hardening and RCM, has been installed
successfully:
CONTENT INSTALL RESULTS
Successfully imported content:
----------------------------------------------------------Hardening Content for VCE Vblock (TM) System 300 family
Hardening Content for VCE Vblock (TM) System 700 family
RCM Content for VCE Vblock (TM) System 100
32


Guide
Customizing the Compliance Checker to reflect your

environment
VCE provides you with a set of pre-defined benchmarks and profiles. To customize the Compliance Checker
to reflect your environment, use the Profile Tailoring feature.
Profile Tailoring allows you to take an existing compliance policy and tailor it to your environment. The new
policies are saved, evaluated, and reported on as if they were the original policies. Any new compliance policy
must adhere to the existing framework of the VCE Vision Compliance Checker.
A benchmark is a compliance policy that contains information about what to check in the environment. You
can add a new benchmark, save a benchmark, edit a benchmark, or delete it. Any benchmark that is created
by VCE cannot be edited or deleted. A benchmark can have one or more profiles.
A profile is a grouping of rules to audit and the desired target values according to VCE standards. For
example, since SSH is recommended to be enabled on Vblock System components, the target value for the
SSH Enabled check is "true." You can add a new profile to pick the rules that fit your environment. This profile
that you created can be edited, saved, and deleted. You can copy a VCE created profile to make a change for
that profile to fit your environment. Any profile that is created by VCE cannot be edited or deleted. You can
select a profile and run a scan from the Profiles area on the compliance benchmarks page.
You use XCCDF files to specify what you want to check for in your compliance scan. XCCDF is an XML
language for compliance documents that contains information on what rules to check. For more information
about XCCDF, refer to http://scap.nist.gov/specifications.xccdf/. You use OVAL files to specify how to check
against a specific value. OVAL is an XML language that defines specific attributes of a system that will be
checked against a specific value. For more information about OVAL, refer to http://oval.mitre.org/. You create
the XCCDF and OVAL files with the specifications that you want for your environment. If you want to further
customize the XCCDF and OVAL files directly for your environment, create these offline and not through the
Plug-in for vCenter.
If a benchmark or a profile was created by VCE, the VCE icon appears in the Source column. If a benchmark
or profile is not VCE created, the Source column is empty.

33

Running a compliance scan

The Plug-in for vCenter includes a wizard you use to set up and schedule compliance scans. You can run
compliance scans for your Vblock System immediately, or schedule a compliance scan to run at a later time.
Attempting to run concurrent compliance scans could result in an error or inaccurate results. Be sure to allow a
compliance scan to complete before you attempt a subsequent scan.
Note:
For the most complete and accurate results, do not schedule scans without ensuring there is at least
ten minutes between scans.
Refer to the Plug-in for vCenter online help for instructions to run a compliance scan.
34


Guide
Viewing the results of a compliance scan

The results of the scans are displayed in detailed compliance reports. When you view the reports, the overall
compliance score lets you see at a glance how close the Vblock System you scanned is to being compliant
with the requirements of the benchmark and profile you selected for the scan. Within a report, you make
selections to view more detailed information about a selected component, including lists of the rules that were
executed for the selected category. When you select an item from the list of items tested, you can see the
actual values of each item, including any expected values. This enables you to make a quick comparison of
the expected results to actual values achieved.
An important feature on the compliance report is the score for the compliance scan. This score, shown in
colored letters in the badge at the top of the report, is a quick way to determine how close the Vblock System
you scanned is to being compliant with the requirements of the benchmark and profile you selected for the
scan.
The presented score is calculated according to the Default Scoring Model from the XCCDF Specification. This
model determines a final score based on the weights given to a particular rule or group of rules. The final
value is a weighted average on a 0-100 scale. For more information, see Section 7.3.2 of the XCCDF
Specification at http://csrc.nist.gov/publications/nistir/ir7275-rev4/NISTIR-7275r4.pdf.
When you select a report, it opens to a summary of the compliance scan results, which provides the following
information:
Score gives the overall percentage rating, shown in colored letters in the Score field. The number
indicates a weighted score reflecting the overall compliance of the scan. The color of the score
changes as the score improves. The numbers progress from red (less than 50 percent
compliance) to yellow (from 50-74 percent compliance) to green (for 75 percent or better
compliance).
System Information describes the Vblock System that was scanned.
Benchmark Information describes the benchmark information selected for the scan.
The report also provides a graphical representation (pie charts and bar graphs) of the various rules and their
results so you can see at a glance how closely your Vblock System is to being compliant.

35
Monitoring the health of the Vblock System


Health Metric
The health of a Vblock System reflects the ability of each of the following to function as expected:
The Vblock System as a whole.
The compute, network, storage, and management components in a Vblock System.

Note:
The compute, network, storage, and management components are logical groups of physical
components and are not actual physical components themselves.
The sub-components within the compute, network, storage, and management components. For
example, a sub-component can be a chassis, disk array enclosure, fan, storage processor, or data
mover.
Each component and sub-component in the Vblock System reports an operationStatus, or operStatus. VCE
Vision System Library creates a calculatedStatus based on the operationStatus and a set of VCE-defined
best practices. In this way, the calculatedStatus provides an assessment of the impact the operationStatus
has on the overall system health.
Components that reflect health

The following list provides an example of the top-level components that report a health status:
Compute
Cisco C-Series servers
Cisco B-Series servers
Fabric Interconnects
Network
Catalyst switches
Nexus switches
Nexus 1000v
MDS switches
Storage
36
VNX (unified and block-only)


Guide
VNXe
VMAX (including the optional VNX VG2 Gateway and VNX VG8 Gateway)
VPLEX
Management (AMP-2)
Cisco C-Series servers (including local storage)

37

Where is the health status exposed?

If you use the...
Plug-in for vCenter
Health status is available here...

The health of the following components (objects) is displayed in the System Health field:
Vblock
Compute
ComputeServer
FabricInterconnect
FabricModule
FabricPort
ComputeChassis
OperatingSystem
ProcessorUnit
Storage
StorageProcessor
DiskArrayEnclosure
DiskProcessorEnclosure
DataMoverChassis
ControlStationEncl
Disk
NetworkChassis
SwitchChassis
ExpansionModule
FixedSlot
FixedModule
FibreChannelPort
GigabitEthernetPort
StackPort
Note: The Plug-in for vCenter exposes a subset of the objects discovered by the API for
System Library.
API for System Library
In the calculatedStatus element of any physical component exposed by VCE Vision, as

in the following example:
<calculatedStatus>critical</calculatedStatus>
SNMP
In the vceVbhPhysicalHealthTable of the VCE-VBLOCK_HEALTH_MIB
Adapter for vCOPs
The health status is not directly exposed in the Adapter for vCOPs. Rather, the Adapter
for vCOPs uses the health status to provide a health score which ranges from 0 to 100.
For more detailed information, see the VCE Vision Intelligent Operations Version 2.0
Adapter for vCenter Operations User Guide.
38


Guide
How does it work?

VCE Vision determines the overall health of a Vblock System based on the operational status of its
components in combination with the impact the components have on the ability of the Vblock System to
function, as defined by VCE best practices. Each major component, such as a network switch, a compute
server, and a storage array, derives its health from its underlying sub-components.
The health calculation takes into account the design and architecture of the Vblock System, for example, how
the ports are designed to be used or the fact that redundancy is built into the architecture. The calculation
varies depending on the type of component and the role it plays in the operation of the Vblock System.

39

The following methods are used to calculate the health of a Vblock System and its components:
This method...
Is used when...
Processing performed
Example
Percentagebased
There are
homogeneous
components that
serve as a resource
pool.
UCS memory units
Local disks on a
blade server (RAID
0)
1+1
Redundancy
N+1
Redundancy
Weighted
40
If the critical count is equal to or greater

than 50%, set the calculated status to
Critical.
If the critical and major count is equal to

or is greater than 30%, set the calculated
status to Major.
If the critical and major and degraded

count is equal to or greater than
25%, set the calculated status to
Degraded
If the critical and major and degraded

and minor count is greater than 0, set the
calculated status to Minor.
There is a pair
of components
where only one unit
is required to be
functional and the
other is a backup.
If the status of one unit is operable and

the status of the other unit is inoperable.
The calculated status is Degraded.
If both units have a faulty condition, the

calculated status will be assigned the
less severe of the two.
For example, if PSU A is major, and PSU
B is minor, the calculated status will be
Minor.
There are a number

(N) of homogeneous
components that are
designed to function
properly even when
one of the
components is not
functioning properly.
If one unit is inoperable and the rest are

operable, the impact is just loss of
redundancy, hence the calculated status
is Degraded.
If one unit is inoperable and the rest of

the units are not all operable, the
calculated status is the most severe
status applied to the any of the units.
If two or more units are inoperable, the

calculated status is Major.
If no units are inoperable, depending on

the actual condition of the faulty units,
the calculated status is degraded or
lower.
There are different

types of components
that comprise a
component.
Each subcomponent contributes to the health

of the component, but with different weight.
For example, a sensor carries less weight
than a PSU. The calculated status for the
component is the most severe status
assigned to any of the subcomponents.
Implementation of the weighting algorithm
varies across families (network, compute,
storage).
PSUs in Nexus switches
Fan units in a Nexus

7000
A network chassis that

contains modules,
PSUs, fans, and
sensors


Guide
Calculated health statuses

The following table describes the different calculated health statuses:
Health Status
Description
Operable
All components have optimal health.

The Vblock System is operating as expected.
Minor
An issue exists with one or more components.

This status does not represent a significant impact to the overall health of a Vblock
System.
Degraded
One or more components are operating with degraded bandwidth, capacity, or

redundancy.
The Vblock System might be operating with decreased performance.
Major
One or more components has a significant issue.

The Vblock System might be operating with decreased performance and at risk of
failure.
Critical
One or more components has a fatal or otherwise serious issue.

The Vblock System might not be fully operational and is at significant risk of failure.
Inoperable
The Vblock System, or a component of the Vblock System, is not operating by design
or a failure has occurred.
Not Applicable
One or more components does not report health status to System Library.
This status occurs when components are disabled or excluded from health
monitoring. This status does not affect the overall health of the Vblock System.

41
Monitoring your Vblock System


Monitoring and filtering events
System Library monitors events, which are the alerts and notifications generated by the physical and logical
components of a Vblock System, such as switches, compute systems, and storage arrays. System Library
uses standard mechanisms, such as SNMP traps and SMI indications, to monitor the events, which are
protocol-dependent and can come in different types and formats.
The Event Subsystem receives an event through listeners running in the System Library, normalizes it to a
generic event, and publishes the event in the message queue. The Plug-in for vCenter subscribes to the
message queue for events.
By default, the information is sorted with the most recent event on top. A table provides a line item summary of
each event including an ID, date and time received, event name, origin type, and an abbreviated message.
Each summarized line can be expanded to expose more detailed information about the event.
The events can be indications of warnings or of problems. Warnings are not necessarily items you need to
respond to immediately, although notifications of problems are your first indication that you should investigate
further and consider taking action to resolve the issues.
Note:
By default, call-home notifications for EMC VPLEX are disabled. As a result, System Library does not
receive events from EMC VPLEX. Likewise, you do not see any events for EMC VPLEX in the VCE
Vision event monitor page. You must enable call-home notifications to see events from EMC
VPLEX. Refer to EMC VPLEX documentation for instructions.
To see the events that the Vblock System components generate, do the following:
1.
42
Go to the Plug-in for vCenter Home page.


Guide
2. Click the VCE Vision System Library Event icon.

The VCE Vision event monitor page displays as in the following example. Refer to the Plug-in for
vCenter online help for more information.

43

Overview of VCE Vision logs

VCE Vision includes the following logs:
44


Guide
Software
Name of log
Contents
FM Agent
FMAgent.log
Captures messages related to

component discovery and health
generated by the vce-fm-agent
service according to the log levels
you set.
snmpd.log
Master agent log
jsadkagt.log
Agent adapter log
netsnmp.log
Native net SNMP log
syslogs
Syslog messages from all

components and error and fatal
messages from the FMAgent log.
Note: The aggregated syslog
messages for all the Vblock
System components are
contained in the
/var/log/messages-yyyymmdd
file.
server.log
Registered services log
FMEvent.log
Events from the Vblock log
FMServer.log
EJB services log
boot.log
JBoss properties log
compliance-server.log
Compliance Checker log
configcollector
collector.log
Configuration Collector log
Postgres
postgresql-day.log
Postgres server output log
RabbitMQ
rabbit@fm11deploy02-sasl.log
RabbitMQ server output logs
JBoss
rabbit@fm11deploy02.log
shutdown_log
shutdown_err
startup_log
startup_err
CAS
cas
CAS authentication events log
Cisco
firstboot
firstboot log
subsequentboot
subsequentboot logs
vami
VMware vCenter Server output log
VMware

45

Viewing the VCE Vision logs

You can view the VCE Vision logs.
Procedure
2. Use standard Linux commands to read the following log files:
46


Guide
Software
Name of log
Access from this directory
FM Agent
FMAgent.log
/opt/vce/fm/logs
Note: The FMAgent.log file can also
be accessed at
/var/log/slib/fmagent.
snmpd.log
jsadkagt.log
netsnmp.log
JBoss
syslogs
/var/log/messages-yyyymmdd
server.log
/opt/jboss/standalone/log
or
/var/log/slib/jboss
FMEvent.log
FMServer.log
compliance-server.log
boot.log
configcollector
collector.log
/opt/vce/backup
Postgres
postgresql-day.log
/var/log/pg_log
or
/var/log/slib/pg_lg
RabbitMQ
rabbit@fm11deploy02-sasl.log
/var/log/rabbitmq
or
/var/log/slib/rabbitmq
rabbit@fm11deploy02.log
shutdown_log
shutdown_err
startup_log
startup_err
CAS
cas
/opt/jboss/standalone/log
Cisco
VMware
firstboot
/opt/vmware/var/log
or
/var/log/slib/vmware
subsequentboot
vami
Viewing the System Library logs from a centralized directory

The /var/log/slib directory points to the following log file directories. This directory structure is useful for
troubleshooting.
/fmagent
/jboss
/pg_log
/vmware

47
48

/rabbitmq


Guide
Exporting logs into a single file

The export-fm-logs script allows you to export all or selected VCE Vision log files into a single, compressed
tar.gz file. By default, all current log files are exported. However, you can export a subset of the logs that were
generated during a certain time frame, in number of days, hours, or minutes from the current time. This feature
is useful to resolve technical issues on a Vblock System that require attention by VCE Support.
By default, logs for all the following VCE Vision services are exported into the tar.gz file:
adapter
agent
configcollector
dblog
master
rabbitmq
serverlogs
subagent
syslog
vmware
The export-fm-logs script creates a file called hostname-currentdate-currenttime.tar.gz file and exports it to the
/opt/vce/fm/backup directory. You can specify a directory if you do not want to use the default directory.
The script collects the current log files, by default. However, you can collect a subset of the logs that were
generated during a certain time frame, in number of days, hours, or minutes from the current time.
Before you begin
If you do not want to use the default file name, you will need a name for the tar.gz file.
If you are collecting a subset of log files for a certain time frame, for example, from the last three days
or the last five hours, you will need to know the time frame from which the logs should be collected.
The starting point is the current time.

49

Procedure
2. To export the log files into a single file, type export-fm-logs [-f <archive_file_name>][-s <agent,
master, adapter, subagent, syslog, serverlogs, dblog, rabbitmq, vmware, configcollector all>][t <timestamp> [d|D] [h|H] [m|M]
[-h][-v]
where:
-f Specifies the name of the compressed gz file to export. The default is <hostname>-<current_date><current_time>.tar.gz.
-s Specifies the log file to be collected for one or more System Library services. The options are
<agent, master, adapter, subagent, syslog, serverlogs, dblog, rabbitmq, vmware,
configcollector, all>. The default is all. Use a comma to separate multiple options
-t Collects log files created or modified using a specified timestamp.
Timestamp option <timestamp> [d|D - for days][h|H - for hours][m|M - for minutes]
This option collects a subset of log files based on time. The starting point is always the current
time. For example, to collect log files from the last two days, you would specify 2D.
-h Displays the usage help
-v Displays the version
50


Guide
Overview of syslog messaging

The System Library includes a syslog data logging service that sends events as syslog messages to a syslog
server. You can forward syslog messages to a remote syslog server.
The following syslog files are located in the /etc/logrotate.d/syslog directory.
Syslog
Description
/var/log/cron
Information about cron jobs when the cron daemon starts

a cron job.
/var/log/maillog
Log information from the mail server that is running on

the Vblock System.
/var/log/messages
Global system messages.
/var/log/secure
Information related to authentication and authorization

privileges.
/var/log/spooler
Information for news and the UNIX-to-UNIX Copy

Program (UUCP) system.

51

Changing the syslog rotation parameters

To ensure the System Library FM Agent file system does not fill up, the System Library provides a standard
Linux log rotation tool. Use this procedure to modify the parameters that control the rotation of syslog
messages.
Before you begin
Consider the following topics for managing the rotation of syslogs:
By default, the log file is rotated when the file size reaches 10 MB.
By default, the log file is rotated daily, but this can be changed to weekly or monthly.
By default, the log file is compressed.
By default, four rotate log files are kept, but this can be changed to reflect your needs.
Procedure
2. Open the /etc/logrotate.d/syslog file:
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/opt/vce/fm/logs/snmpd.log
/opt/vce/fm/logs/jsadkagt.log
/opt/vce/fm/logs/netsnmp.log
{
missingok
notifempty
# Rotate the log file when file size reaches 10M
size 10M
# Rotate the log file daily
daily
# Compress the rotated log file
compress
# Dont compress until the next time the log is rotated.
# Should be used along with compress option
delaycompress
# limit the number of log file rotation
rotate 4
sharedscripts
postrotate
52


Guide
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true

endscript
}
3. Modify the following parameters to reflect your environment:
Size at which the log file is rotated. The default is 10 MB.
Frequency of the rotation. The default is daily.
Whether or not the log file will be compressed the next time it is rotated.
The number of rotated log files to maintain. The default number is four.
4. Save your changes. Type logrotate -f /etc/logrotate.d/syslog.

53

Forwarding syslog messages to remote syslog servers

VCE Vision uses the syslog protocol to store logs and syslog messages on the Vblock System. The internal
storage space for storing logs and syslog messages is limited on a Vblock System. To overcome this
limitation, you can configure the forwarding of syslog messages to remote syslog servers, and apply filters to
forward syslog messages by facility type and severity level. The default is *.* which forwards all syslog
messages to the remote syslog server.
Before you begin
You will need the IP address of the syslog server and the port where the syslog server is accepting syslog
messages.
Procedure
1. Start an SSH session into the VCE Vision virtual machine.
2. Log on using root credentials.
3.
Configure the forwarding of syslog messages to a syslog server. Type:

configureSyslogForward [-h|-help|--help] [-l <host-ip [port]>] [-d <host-ip [port]>] [-a <host-ip [port]
[options]> -u <host-ip [port] [options]
where:
[-h|-help|--help] Displays the usage help
-l host-ip [port] Lists the configured syslog forwarding entries. Specifying the host-ip [port] lists the
specific entry for the IP address of the syslog server and the port where the syslog server is
accepting syslog messages. If no option is specified, all entries that are configured will be listed.
-d host-ip [port] Deletes an entry for forwarding syslog messages to a syslog server.
-a host-ip [port] [options] Adds an entry for forwarding syslog messages to a syslog server. The
values for the options keyword are:
o
WorkDirectory= <location> The location for spool files. The default location is
/var/rsyslog/work.
ActionQueueFileName= <name> A unique prefix name for spool files. The default is the IP
address and port of the syslog server.
ActionQueueType=[FixedArray|LinkedList|Direct|Disk]
FixedArray - Uses a fixed, pre-allocated array that holds pointers to queue elements.
LinkedList - Uses asynchronous processing. This is the default.
54


Guide
Direct - A non-queuing queue.

Disk - Uses disk drives for buffering.
o
ActionQueueMaxDiskSpace=<number> Specifies the maximum amount of disk space a

queue can use. The default is 1g.
ActionResumeRetryCount=<n> The number of infinite retries on an insert failure. The

default is -1 which means eternal.
ActionQueueSaveOnShutdown=[on|off] Saves in-memory data if the syslog server shuts

down. The default is on.
Protocol=[UDP|TCP] The network protocol to transfer syslog messages. The default is TCP.
MessagePattern=[(facility).(severity)]. Specifies the syslog messages to forward to the

syslog server by facility type and severity level.
Note:
See Filters for forwarding syslog messages for the facility type and severity
level values.
-u host-ip [port] [options] Updates an entry for forwarding syslog messages to a syslog server.
The values for the options keyword are listed in the -a parameter description.
Filters for forwarding syslog messages

The following table lists the facility type and severity level values you can use to filter the syslog messages that
VCE Vision forwards to a syslog server.
Note:
Use a comma to separate multiple values for a filter.

55
Filter
Value
Description
Facility type
auth
Security and authorization messages
authpriv
Security and authorization messages

with restricted permissions
daemon
Clock daemon
cron
System daemons
ftp
FTP daemon
lpr
Line printer spooling subsystem
kern
Kernel messages
mail
Mail system
news
Network news subsystem
syslog
Services messages
user
Messages generated internally by

syslogd
uucp
UNIX-to-UNIX Copy Program

(UUCP) system
local0
Local use 0 (local0)
...
Indicates a different facility
local7
Local use 7 (local7)
Log messages of all facilities
emerg
System is not usable, and this

condition may impact multiple
applications and servers
alert
Alert condition that requires

immediate attention
crit
Critical condition that indicates

failure in a primary system and
requires immediate action
err
Non-urgent failures that you should

resolve within a given time
warn
Warning condition that indicates an

error will occur if action is not taken
notice
Events that are unusual but are not

error conditions and do not require
immediate attention
info
Normal operational messages
debug
Debug-level messages that are

useful for debugging an application
none
No priority of the given severity level
Log messages of all severity levels
Severity level
56



Guide
Backing up and restoring VCE Vision

How does it work?
As with any product, certain information must be backed up and available in the unlikely event that a restore is
required. To facilitate that process, VCE backs up the following information as part of the manufacturing
process and stores it in a single tar.gz file in the /opt/vce/backup directory on the VCE Vision virtual machine
so it is available when the Vblock System is delivered to your site:
System Library configuration files in the /opt/vce/fm/conf directory as well as
/etc/snmp/snmpd.conf
/etc/logrotate.d/syslog
/etc/srconf/agt/snmpd.cnf
JBoss configuration files, including keystore files
System Library administrative, configuration, and model database schemas and data files
In addition, after the Vblock System is up and running at your site, VCE Vision automatically backs up that
information daily at 12:00 AM and creates a single tar.gz file that includes backups of the files listed above.
You can change the time the back up runs and you can also run a back up on demand. For more information,
see Changing the VCE Vision backup schedule and Backing up the VCE Vision configuration files on demand.
By default, a maximum of the last seven backup snapshots are stored in a single tar.gz file in on the VCE
Vision virtual machine. You can move a copy of the backup files to a remote site for compliance and disaster
recovery.

57

Changing the VCE Vision backup schedule

By default, a back up of the VCE Vision configuration files occurs daily at 12:00 AM, as described in Backing
up the VCE Vision configuration files. Use this procedure to change the time of the back up.
Crontab commands are used to schedule back ups of the VCE Vision configuration files at regular intervals. To
submit a cron job, use the crontab -e command. This starts an editing session that allows you to create a
crontab file. The default text editor is vi.
The crontab file entry format includes the following fields:
Field
Description
Minute of the hour
Set to a number between 0-59 for the corresponding

minute of the hour or * for every minute.
Hour of the day

hour of the day or * for every hour.
Day of the month
Set to a number between 1-31 for the corresponding day

of the month or * for every day.
Month of the year

month of the year or * for every month. You can also use
the name of the month of the year (Jan, Feb, Mar, etc.).
Day of the week
Set to a number between 0-7 for the corresponding day

of the week. Sunday is 0 or 7. You can also use the
name of the day of the week ( Sun, Mon, Tues, etc.).
Path to the script
The path to the script to run.
Procedure
Use the following procedure to change a scheduled backup of the System Library configuration files:
1. To view the current System Library configurations backup information, type crontab -l in the /var
partition.
[root@slib-auto-test4 var]# crontab -l
00 00 * * * /opt/vce/fm/install/backupConfig.sh > /dev/null 2>&1
2. Using the default vi text editor, type crontab -e and edit the cron job.
Note:
58
The cron job defaults to daily if you do not indicate a parameter for the day of the week,
month of the year, and day of the month fields.


Guide
The following example schedules a daily backup at 6 AM.

00 06 * * * /opt/vce/fm/install/backupConfig.sh > /dev/null 2>&1
3. Save the file.

59

Backing up VCE Vision configuration files on demand

By default the VCE Vision configuration files are automatically backed up on a daily basis, as described in
Backing up the VCE Vision configuration files. Use this procedure if you want to run a backup immediately.
Procedure
2. Navigate to the /opt/vce/fm/install directory.
3. To perform the on-demand backup, type sh backupConfig.sh [-d <backup location>] [-h] [-p <prefix
of dir name>] [-n <number of backups>]
where:
-d <backup location> Specifies the root location for the backup file.
Note:
The default location for the backup files is /opt/vce/fm/backup/snapshots.
-p <prefix of dir name> Specifies the prefix of the backup directory name. For example, if the
prefix is slib, the directory name of the backup is:
/opt/vce/fm/backup/snapshots/slib2013_01_02_00_00.
-n <number of backups> Specifies the number of backups to keep. By default, a maximum of the
last 7 backups are kept in /opt/vce/fm/backup/snapshots.
The following example shows output after executing the sh backupConfig.sh command.
[root@slib-auto-test4 install]# sh backupConfig.sh -n 5
initialize /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
======================================================
backup slib configurations: /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup
-------------------------------------------------------------------------------| Backup jboss configuration
-------------------------------------------------------------------------------backup Jboss /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
Vault Key Store needs to be done
backup Jboss /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup done
-------------------------------------------------------------------------------| Backup FMAgent
-------------------------------------------------------------------------------backup FMAgent /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
========================================
Exported following Vblock (TM) Monitor config files
========================================
/opt/vce/fm/conf/vblock.xml
/opt/vce/fm/conf/vblock-vantageVB300.xml
60
...


Guide
.
.
.
4. To view the backup file information, check the backup.log file in /opt/vce/fm/backup/snapshots. The
following example shows initial sample output.
[root@slib-auto-test4 snapshots]# cd /opt/vce/fm/backup/snapshots/2012_12_31_15_24
[root@slib-auto-test4 2012_12_31_15_24]# ls
backup.log backup.tar.gz backup.tar.gz.md5
[root@slib-auto-test4 2012_12_31_15_24]# cat backup.log
===============================================================
backup slib configurations: /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
-------------------------------------------------------------------------------| Backup jboss configuration
-------------------------------------------------------------------------------backup Jboss /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
backup Jboss /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup done
-------------------------------------------------------------------------------| Backup FMAgent
-------------------------------------------------------------------------------backup FMAgent /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
backup FMAgent /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup done
.
.
.

61

Restoring the VCE Vision configuration files

When you back up the VCE Vision configuration files, the system creates a single backup snapshot .gz file. If
necessary, you can restore the configuration files in a backup snapshot using the restoreConfig script.
Restoring VCE Vision configuration files overwrites the current VCE Vision configuration files.
Before you start the restore process, VCE recommends that you make a backup of the current VCE
Vision configuration files. For more information, refer to Backing up the VCE Vision configuration files.
Procedure
Use the following procedure to restore VCE Vision configuration files from a snapshot file:
Note:
The restore process stops the VCE Vision FM Agent and JBoss services.
1.
Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2.
Navigate to the /opt/vce/fm/install directory.
3. To restore the System Library configurations, type:

sh restoreConfig.sh [-f <snapshot_to_import>] [-h]
where:
-f <snapshot_to_import> Specifies the name of the snapshot file to import.
Note:
If you do not specify a snapshot to import, the console displays a list of available snapshot
files. Enter the number associated with the snapshot file that you want to import.
[root@slib-auto-test4 install]# sh restoreConfig.sh
-----------------------------------------------------------------------------choose the snapshot to restore
1) 2012_12_28_16_54 3) 2012_12_28_16_29 5) quit
2) 2012_12_28_16_31 4) 2012_12_28_00_00
#? 1
62


Guide
4. The console displays package information and a warning message similar to the following output.
Enter 1 to proceed or 2 to cancel the restore process.
Note:
Proceeding with the restore process automatically restarts the System Library FM Agent and
JBoss services.
---------------------------------------------------------------------------| WARNING!!
---------------------------------------------------------------------------This restoration will shut down Jboss and FMAgent applications
and overwrite current configurations
---------------------------------------------------------------------------Do you really want to restore
/opt/vce/fm/backup/snapshots/2012_12_21_05_00/backup.tar.gz?
1) Yes
2) No
#?1
5. To view information for the restored System Library configuration files, navigate to the
opt/vce/fm/backup/restore_logs/restore <snapshot_file name>.log file.

63

Backing up the VCE Vision virtual machine

To maintain a low recovery time objective (RTO), it is critical that you back up the VCE Vision virtual machine
at the virtual machine level. Failure to backup this environment will lead to a slower recovery and limited
visibility into the management plane of the Vblock System.
VCE recommends that you:
Perform daily backups of all virtual machines at 7 AM and 7 AM.
Perform daily backups of the VMware vCenter SQL Server database every four hours. This coincides
with server daily backups at 3, 7,11 AM and 3,7,11 PM.
Set the retention value to 35 days.
For more detailed information, see the Administration Guide for the Vblock System you are managing.
64


Guide
Backing up Vblock System configuration files

How does it work?
Every Vblock System is deployed with backups of the Vblock System components configuration files. To
ensure your ability to recover from the loss of a single component or an entire Vblock System, the
components configuration files must be backed up daily. To facilitate this process, VCE Vision software
includes the Vblock System configuration collector tool. The tool automatically gathers up every configuration
file within a Vblock System that is needed to restore the system from the loss of a single component or an
entire system.
The Vblock System configuration collector collects and stores the files in a standardized location on the VCE
Vision virtual machine. As a result, as a customer, you are required to do only the following:
On a daily basis, move the backups of the files to an off-site location.
On a daily basis, back up the VMware vCenter SQL server.
The Vblock System configuration collector creates a copy of the configuration files for the following
components and stores the files in the collector.log file in the following directories:
/opt/vce/backup/compute
/opt/vce/backup/network
/opt/vce/backup/storage
/opt/vce/backup/amp2/compute
Vblock System
Component
Vblock System 100
Cisco Catalyst 3750-X Switch

CIMC
Management server
Vblock System 200
Cisco Nexus 5000 Switch

Cisco Nexus 1000V Switch
CIMC
EMC VNX
Management server
Vblock System 300 Family
Cisco MDS 9000

Cisco Nexus 5000
Cisco Nexus 1000V
Cisco UCS fabric interconnect
EMC VNX
Management server(s)
Vblock System 700 Family

Cisco MDS 9000
65
Vblock System

Component
Cisco Nexus 5000
Cisco Nexus 1000V
Cisco UCS fabric interconnect
EMC Symmetrix VMAX
Management server(s)
Note:
Due to storage array limitations, the Vblock System configuration collector does not backup the
configuration files on a VNXe. For detailed instructions on how to backup the configuration files of a
Vblock System 100, refer to the VCE Vblock System 100 Gen 2.1 Administration Guide.
Note:
The Vblock System configuration collector tool does not back up the configuration files for the VMware
components. For information on how to protect the VMware components, see Best Practices. (Insert
link to section below)
By default, the Vblock System configuration collector runs automatically at 1:30 AM and 1:30 PM. The
retention period range is 3 to 30 days with the default set at seven days. If necessary, you can modify the
retention period using the collectConfig.sh command in the /opt/vce/fm/bin directory.
66


Guide
Best Practices
Move the files off site on a daily basis
The Vblock System configuration collector tool creates copies of the configuration files, but it is the
responsibility of the customer to move the files to an off site location on a daily basis. This procedure can be
done using the standard operating procedures for the data center.
To simplify this process, VCE Vision provides a REST resource that gathers every configuration file within a
Vblock System that is needed to restore the system. The resource produces a single ZIP file that contains all
the files under /opt/vce/backup. The ZIP file preserves the directory structure from the /backup directory.
Procedure to collect the Vblock System configuration files using the REST
resource
1. Open a Web browser.
2. In the address line, enter the following URL:
https://{sLib-host}:8443/fm/configcollector
Where sLib-host is the FM Agent host name (Vision server). The host name is case sensitive.
3.
When asked for login credentials, enter the username and password for CAS authentication on the
System Library.
4. The resource produces a single ZIP file that contains all the files under /opt/vce/backup. The backup
ZIP file contains the following files:
Compute configuration files under the /opt/vce/backup/compute directory
Network configuration files under the /opt/vce/backup/network directory
Storage configuration files under the /opt/vce/backup/storage directory
5. You can save the ZIP file to any device.

67

Protect the VMware files

As previously stated, the Vblock System configuration collector does not backup the VMware configuration
files. It is the responsibility of the customer to backup those files on a daily basis. Detailed instructions for
backing up those files can be found in the Backing up the VMware vCenter SQL server database section of
the administration guide for the Vblock System you are administering.
68


Guide
Troubleshooting
Troubleshooting
Starting the System Library Agent
Use this procedure to start the System Library FM Agent services.
Procedure
2. To start the System Library FM Agent services, type startFMagent. The console displays the
following output when the System Library FM Agent services are started successfully.
[root@vcops-38 ~]# startFMagent
Enabling FMagent services to start automatically...
Waiting for the FMagent services to start......................................
vce-fm-master is running (pid=8937 )
vce-fm-adapter is running (pid=9526 )
vce-fm-agent is running (pid=9822 )
vce-fm-net-snmpd (pid=9237 ) is running
vce-fm-naaagent is running (pid=10151 )
Note:
For information about interpreting and resolving possible error messages after starting the
System Library FM Agent services, refer to the VCE Vision Intelligent Operations Version
2.5 Release Notes.

69
Troubleshooting

Stopping the System Library Agent

Use this procedure to stop the System Library FM Agent services.
Procedure
2. To stop the System Library FM Agent services, type stopFMagent. The console displays the
following output when the System Library FM Agent services are stopped successfully.
[root@vcops-38 ~]# stopFMagent
Disabling FMagent services from starting automatically...
Waiting for the FMagent services to stop.
vce-fm-master is not running
vce-fm-adapter is not running
vce-fm-agent is not running
vce-fm-net-snmpd is not running
vce-fm-naaagent is not running
70


Guide
Troubleshooting
Monitoring VCE Vision services

System Library uses Puppet Open Source software to monitor services on the Vblock System. For more
information about the Puppet Open Source software, refer to https://puppetlabs.com/.
Puppet monitors the following VCE Vision services:
JBoss
PostgreSQL 9.1
RabbitMQ Server
rsyslog
vce-fm-master
vce-fm-adapter
vce-fm-agent
vce-fm-net-snmpd- is this correct?
vce-fm-naaagent
Note:
For information about PostgreSQL 9.1 and RabbitMQ, refer to http://www.postgresql.org/ and
http://www.rabbitmq.com/.
Procedure
1. To view the current running status of a VCE Vision service, type service <service_name> status.
The following sample output shows that the rsyslog and JBoss services are running.
root@slib-auto-test1 fm]# service rsyslog status
rsyslogd (pid 11689) is running...
[root@slib-auto-test1 fm]# service jboss status
jboss-as is running (pid 11992)
2. To view the current running status of all System Library services, type service --status-all.

71
Troubleshooting

Managing System Library services

The Puppet Open Source software includes the following commands to manage the System Library services.
These commands are executed in the puppet /etc/puppet/manifests/<puppet_manifest_file> directory.
Command
Description
vce-puppet-disable.pp
Disables Puppet monitoring. This is recommended when

Vblock System maintenance is required and the System
Library services should not be automatically started.
vce-puppet-enable.pp
Enables Puppet monitoring.
vce-puppet-stop.pp
Removes the cron job associated with Puppet and stops

all System Library services.
vce-puppet-start.pp
Recreates the cron job associated with Puppet and starts

all System Library services.
72


Guide
Troubleshooting
Displaying information about the System Library FM Agent

package
Use this procedure to display information about the System Library FM Agent package that is currently
installed on the virtual machine.
Procedure
1. Start an SSH session to the VCE Vision virtual machine.
2. From the command line of the host, type getFMagentInfo.
Note:
You can use either the getFMagentInfo or rpm -qi FMagent command to display the
information. The getFMagentInfo command was used to get the results in the following
example.
Name
: FMagent
Relocations: (not relocatable)
Version
: 2.5
Vendor: VCE
Release
: 6100
Build Date: Fri Feb 1 11:26:45 2013
Install Date: Fri Feb 1 12:19:41 2013
Build Host: fmdev08.iaas.lab
Group
: VCE Applications/System
Source RPM: FMagent-Cannes.0-6100.src.rpm
Size
: 47184355
License: Commercial
Signature
: (none)
URL
: http://www.vce.com
Summary
: VCE FMagent
Description :
VCE FMagent for System Library Integration

73
Troubleshooting

Verifying the Red Hat Package Manager (RPM) packages

All of the Red Hat Package Manager (RPM) packages provided with the VCE Vision software are signed with
a GNU Privacy Guard (GPG) key. During the deployment process, these RPM packages are verified to ensure
their integrity. After deployment, you can repeat the verification by running a set of RPM commands.
This section provides details on how to run these commands.
Procedure
1. To verify that all the RPM packages are signed with the same key, type rpm -q --qf
'%{RSAHEADER:pgpsig} %{vendor} %{name}-%{version}-%{release}\n' jboss flyway FMagent
VblockVision vce-compliance-api vce-compliance-content vce-puppetmodules kernel:
[root@slib-auto-test16 ~]# rpm -q --qf '%{RSAHEADER:pgpsig} %{vendor} %{name}-%{version}%{release}\n' jboss flyway FMagent VblockVision vce-compliance-api vce-compliance-content
vce-puppetmodules kernel
RSA/SHA1, Thu Jan 9 06:38:10 2014, Key ID e01792e3d99b5d06 VCE jboss-7.1.1.Final-6
RSA/SHA1, Thu Jan 9 06:38:33 2014, Key ID e01792e3d99b5d06 VCE flyway-2.1.1-313
RSA/SHA1, Thu Jan 9 06:23:30 2014, Key ID e01792e3d99b5d06 VCE FMagent-2.5.0.0-10968
RSA/SHA1, Thu Jan 9 06:22:59 2014, Key ID e01792e3d99b5d06 VCE VblockVision-2.5.0.0-10968
RSA/SHA1, Thu Jan 9 06:37:11 2014, Key ID e01792e3d99b5d06 VCE vce-compliance-api-2.5.0.01888
RSA/SHA1, Thu Jan 9 06:37:42 2014, Key ID e01792e3d99b5d06 VCE vce-compliance-content2.5.0.0-2014.01.00
RSA/SHA1, Thu Jan 9 06:37:42 2014, Key ID e01792e3d99b5d06 VCE vce-puppetmodules-2.5.0.0-312
RSA/SHA1, Sun Jun 24 22:19:16 2012, Key ID 0946fca2c105b9de CentOS kernel-2.6.32-279.el6
RSA/SHA1, Sat Jan 4 12:55:27 2014, Key ID 0946fca2c105b9de CentOS kernel-2.6.32-431.3.1.el6
[root@slib-auto-test16 ~]#
2. To see the public key that was used when signing the RPM packages, type rpm qi gpg-pubkeyd99b5d06-52c5ba0e:
[root@slib-auto-test16 ~]# rpm qi gpg-pubkey-d99b5d06-52c5ba0e
Distribution: (none)
Name
: gpg-pubkey
Relocations: (not relocatable)
Version
: d99b5d06
Vendor: (none)
Release
: 52c5ba0e
Build Date: Tue 07 Jan 2014 03:51:05 PM EST
Install Date: Tue 07 Jan 2014 03:51:05 PM EST
Build Host: localhost
Group
: Public Keys
Source RPM: (none)
Size
: 0
License: pubkey
Signature
: (none)
Summary
: gpg(VCE PE Build Release <pebuildrelease@vce.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK----Version: rpm-4.4.2.3 (beecrypt-4.1.2)
mQENBFLFug4BCACzBLZKvsMD6Rm7e6bz+i7uu8U+6qCMjqBsHfwdHVBeW4h9CE2BMOh3A74l
rTgMVbJmii6w3D9qWw6rpzGQznycn4+CKClJTyfhzNa/YGtAwF41a7b0mmcnkPOA17woudEO
k31Z7UCMFO0NsYhSBh88AsjNbVztNwZBW8T+t4eGAnp1q15ohj07Gi3+KoICLDUv/n4RQRS8
alBpYNH13+dTFYZzA7X+uQb49SK7Qnsf6bU97JXPj/OaMXgKy2jeoD9jF4f3PGDGV+uypoUL
MU9STARI7sSMTCK5zT+JHdBtyYnlD2ZtPYptJmPgH3c78uoqQJN1FLnmY6lqNVLnwbefABEB
AAG0LVZDRSBQRSBCdWlsZCBSZWxlYXNlIDxwZWJ1aWxkcmVsZWFzZUB2Y2UuY29tPokBOAQT
AQIAIgUCUsW6DgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ4BeS49mbXQacUgf/
Ry5M+OZLzK2Jaqe6HV322pnNYwyKGhTftkSiD9RL2n/eSm3Fn79Srz4w/GtQ3c16r+ER0wIR
74


Guide
Troubleshooting
ZGnfKjP8hcge8nrI3c6+fdwkCMb9lp8QK7CMZ4pKHZAPG2M/1fMpKQERu+pPRH76Eh6f8hAv
E2lGgFyLp7KIgbHAGB5RcELgaOGsrAgz8bbHbSPtg+yAJG2GoxfqlIeKYQ+rAhQcdntfiCPj
IhVJ2dnN6rySUfKnADJ/Pu2CFYIXYJjK7a3BRE0uZEo8oQvLr2yoW1JKLSvSb3QJ15Xs4S5+
8PQtoGI0xcIV68p4Q43A6RJiUZz+ebYBRIgbn3ylVmB/CPSdasC+QrkBDQRSxboOAQgAnMmn
BOFkrPXDgHk2R2+w2F/SXpEgfXecsgUOet2/otUx9nCcENw2Zzia720Aeyyh5VO7TXjaoZ/l
oB3CoqhA7/Golzu2GW60tRCi3RHOpR4jqkVqZ9jHRY0LFAi4xroulv/HT+TfQCbIhxvhyeKt
GnGAY2Ivm8ZX6vgZN0MhHAz0OZQ8Ra2kgKjzQmREb3W3z3SJ/OZn+qr9x34o3JJiWuBz+Fsy
fQzvlZzrUWQcKELemKA5J+rrJxx2/KNL8WqzFObcv0ZefbZIsA4RMmaGzar2sm6FazSnmv0j
j958AUn6xePFlx2RRGxgMk96I/IYBMQwifa6wF0x96VBHDj0HQARAQABiQEfBBgBAgAJBQJS
xboOAhsMAAoJEOAXkuPZm10GFhYH/21ub91DARtf56CA4oEmzRmitl/kguVVI2FY+WpK/OPo
UrHeiXrpN3oniZ6kft1zHFbSgKntJTQtg5CuvIAtiVYIOwIa4L5MgOyPudPiuPhPR3DHvDOQ
fx8dqC6pTJV5xVEUOx+F8L2KzikakYkqjoi3VG8y5EF82DkvHLUjkmPlGA2fLryIWLYACRrE
xBdwHHYvWGE7gEQJT6Mm+19/VgVfcy9w7m8wEoF3hiuLZINb4/If6xuUcj/C0VtXengA1RxG
MDh2ueU6grAwjeP2AU99e26vYqNaaktj/fNBWJxNQi0bGs0st3PCRaco+Dcxms6LOKJBoLrZ
YtUDmrsLx/U=
=xvPp
-----END PGP PUBLIC KEY BLOCK-----

75
Appendix

Appendix
System Library utilities
This following list of utilities can help you manage the System Library.
Utility name
Function
More details
configureSNMP
Tool to configure SNMP users,

communities, and traps.
VCE VisionIntelligent Operations

Version 2.5.0 System Library
Integration Guide for SNMP
Logrotate
Tool to set the parameters for

handling the rotation of syslog
messages.
Changing the syslog rotation

parameters
Puppet
Tool that monitors the System

Library services.
Monitoring VCE Vision services
setSNMPParams
Script that modifies the name,

location, and contact information for
the Vblock System, and updates the
snmpd.cnf file.
Displaying information about a

Vblock System
export-fm-logs
Script that exports log files for the

System Library and Vblock System
configuration files into a zip file.
Exporting System Library logs into a

single file
getFMagentInfo
Script that retrieves information

about the installed System Library
FM Agent package such as version
number, release number, build and
install dates, and OVA version.
Displaying information about the

System Library FM Agent
startFMagent
stopFMagent
Scripts that start and stop the

System Library FM Agent services.
Starting the System Library Agent

Stopping the System Library Agent
export-fm-sh
import-sh-config.sh
Scripts that export and import the

System Library FM Agent
configuration.
Backing up the System Library

configuration files and Restoring the
VCE Vision configuration files
76


Guide
Appendix
VCE Vision TCP and UDP open ports

The System Library uses the following internet socket port numbers for the Transmission Control Protocol
(TCP) and User Datagram Protocol (UDP) ports to establish host-to-host communications.
TCP ports
ssh
SNMP
port 161
port 162
RabbitMQ
port 4369
port 5672
SMI
port 22
port 5999
Jboss
port 8443

77
Appendix

UDP ports
SNMP
port 161
port 162
syslog
78
port 514


Guide
Appendix
ABOUT VCE
VCE, formed by Cisco and EMC with investments from VMware and Intel, accelerates the adoption of converged infrastructure and
cloud-based computing models that dramatically reduce the cost of IT while improving time to market for our customers. VCE,
through Vblock Systems, delivers the industry's only fully integrated and fully virtualized cloud infrastructure system. VCE solutions
are available through an extensive partner network, and cover horizontal applications, vertical industry offerings, and application
development environments, allowing customers to focus on business innovation instead of integrating, validating, and managing IT
infrastructure.
For more information, go to www.vce.com.
2014 VCE Company, LLC. All rights reserved. VCE, VCE Vision, Vblock, and the VCE logo are registered trademarks or trademarks of VCE Company, LLC, and/or
its affiliates in the United States or other countries. All other trademarks used herein are the property of their respective owners.

80

Vblock Vcevision 2 5 Admin

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vblock Vcevision 2 5 Admin

Uploaded by

Copyright:

Available Formats

VCE Vision Intelligent Operations Version 2.

VCE Vision Intelligent Operations

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5

Added section called

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5 Administration

VCE Vision Intelligent Operations Version 2.5

Exporting logs into a single file ............................................................................................................. 49

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5 Administration

2014 VCE Company, LLC.

Accessing VCE documentation

VCE Vision Intelligent Operations Version 2.5

Accessing VCE documentation

Cisco, EMC, VCE, or VMware employee

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5 Administration

Referencing third party licenses

Referencing third party licenses

Successfully configure and deploy the VCE Vision virtual machine.

Power on the VCE Vision virtual machine.

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5

The IP address of the virtual machine.

The default password is V1rtu@1c3!

The new password for root.

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5 Administration

Changing the CAS password

Length must be 8 to 20 characters.

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5 Administration

Changing access credentials for components

Before you begin

2. Log in as user root.

V1rtu@1c3! is the default password.

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5

5. Enter the full path to the vblock.xml file.

The default path is as follows: /opt/vce/fm/conf/

6. Enter the number that corresponds to the vblock.xml file.

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5 Administration

9. Do one of the following:

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5

12. Save the vblock.xml file.

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5 Administration

Customizing VCE Vision settings

Customizing VCE Vision settings

V1rtu@1c3! is the default password.

Run the following command:

2014 VCE Company, LLC.

Customizing VCE Vision settings

VCE Vision Intelligent Operations Version 2.5

2014 VCE Company, LLC.

VCE Vision Intelligent Operations Version 2.5 Administration

Customizing VCE Vision settings

6. Specify a name and description for the snapshot.