HP MIF Maintenance-ServiceGuide

HP Management Integration Framework 1.
6
Maintenance & Service Guide
Abstract
This document describes the use of HP Management Integration Framework tools intended for administrators involved in the
installation, operation, management and security of HP P6000 EVA storage systems.
HP Part Number: T5494-96540

Published: October 2012
Edition: 6
© Copyright 2010, 2012 Hewlett-Packard Development Company, L.P
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
Adobe and Acrobat are trademarks of Adobe Systems Incorporated.
1.6 — 2012.09.20
Contents
1 Using Management Integration Framework command line tools........................4
Application Manager tool (XfAppMgr.exe)...................................................................................4
Application Manager tool syntax overview...................................................................................4
-ver command ....................................................................................................................4
Delete command.................................................................................................................4
Help command....................................................................................................................5
Register command...............................................................................................................5
Dump Registry tool (DumpRegistry.exe)........................................................................................5
Host manager tool (XfHostMgr.exe).............................................................................................8
Host Manager tool syntax overview........................................................................................9
-ver command ..................................................................................................................10
Active command................................................................................................................10
Add command..................................................................................................................11
Available command...........................................................................................................11
Available_auto command...................................................................................................11
Close command................................................................................................................12
Create command...............................................................................................................12
Delete command...............................................................................................................12
Disable command..............................................................................................................13
Dup command...................................................................................................................13
Enable command...............................................................................................................14
Flush command.................................................................................................................14
Get command...................................................................................................................14
Help command..................................................................................................................15
Join command...................................................................................................................15
List command....................................................................................................................15
Login command.................................................................................................................16
Register command.............................................................................................................18
Status command................................................................................................................19
Unregister command..........................................................................................................20
Host Reset tool (XfHostReset.exe)...............................................................................................20
Security examples...................................................................................................................21
Adding local security..........................................................................................................21
Correcting login after a server name change.........................................................................21
2 Support and other resources......................................................................22
Release history.......................................................................................................................22
Contacting HP........................................................................................................................22
Related information.................................................................................................................22
Customer self repair................................................................................................................23
Glossary....................................................................................................24
Index.........................................................................................................25
Contents 3
1 Using Management Integration Framework command line
tools
Application Manager tool (XfAppMgr.exe)
The Application Manager tool (XfAppMgr.exe) loads security information into the Management
Integration Framework authorization database. It is used primarily by Management Integration
Framework software during installation. It can also be used manually for loading or to delete
owners.
• Owner. There can be only 1 owner in the Management Integration Framework security
configuration file.
• Privileges. These are application defined strings that are associated with the Owner.
• Roles. Each role is named and is associated with a list of privileges.
• Groups. Each role is associated with an OS Security group, either local or domain.
Application Manager tool syntax overview

Syntax
xfappmgr command [arguments] [options]
where a command is one of the following:
Command Arguments
–ver
delete owner_name
help <command>
register config_file
Option switches
Option Option Description / Examples

(short form) (long form)
–? ––help= help
xfappmgr —? register
xfappmgr ––help=register
-ver command
Displays the version of Management Integration Framework software.
Syntax
-ver
Delete command
The delete command removes an application API owner from the Management Integration
Framework database.
Syntax
delete owner_name
4 Using Management Integration Framework command line tools

Help command
Displays help for the tool or a specific command.
Syntax
help <command>
Register command
The register command registers a Management Integration Framework configuration file
(XFSecurity.cfg) with a Management Integration Framework server.
Syntax
register config_file
In the following example, the three privileges in the Privileges section are relevant only to the
application that registers the file.
The Manage HP Security entry under the first role is a Management Integration Framework
defined privilege which is required to perform security operations.
Thus, when a administrator logs in and is a member of the local group Storage Admins , the
administrator will have 4 privileges: Manage Storage, View Storage, Operate Storage,
and Manage HP Security.
Example — Security configuration file

Section Owner {
owner anOwner
description Test test test
}
Section Privileges {
privilege Manage Storage
privilege View Storage
privilege Operate Storage
}
Section Roles {
role Storage Manager, Manage Storage, View Storage, Operate
Storage,
Manage HP Security
role Storage User, View Storage
}
Section Groups {
# syntax: group < Security Domain>, < Group Name>, < Role>
# < Security Domain> can be %L, the local host name, or
a domain
name.
# If "%L" is used, then MI will deal
with host
name changes automatically
# < Group Name> is the name of a security group
# < Role> a previously defined role in the "Roles" section
above
group %L, %L\Storage Admins, Storage Manager
group %L, %L\Storage Users, Storage User
}
Dump Registry tool (DumpRegistry.exe)

The Dump Registry tool (DumpRegistry.exe) shows the registry contents for the local Management
Integration Framework aware host, or a remote Management Integration Framework aware host.
Dump Registry tool (DumpRegistry.exe) 5

This tool is helpful to:
• Debug when one instance of Management Integration Framework software cannot see another
instance.
• See the port that a particular web service is listening on.
• Determine if a service is working correctly. In the case of Management Integration Framework
web services, adding ?wsdl to the end of the URI enables the wsdl file to be loaded into a
browser.
The output includes the following fields:
• URI. The URI that a Management Integration Framework service is listening on.
• Management Group. The Management Group that the Management Integration Framework
aware host is a member of.
• Local. The value is true for any entry that was registered on the local Management Integration
Framework aware host.
• Type. The API type that is registered. For instance, xf.security.Login is the API registered
by Management Integration Framework for login requests.
Example — Dump Registry tool

C:\dev\stsd\bin\win-32>DumpRegistry.exe
Number of registry entries: 16
-----------------------------------------------------------------------------------
| # | URI | SW GROUP | LOCAL | TYPE
|
-----------------------------------------------------------------------------------
| 1 | http://99.999.99.999:2720/xfregistry | ZUUNI_MG | true |
xf.xfd.Registry |
| 2 | https://99.999.99.999:2374/ | ZUUNI_MG | true |
xf.webserver |
| --> USERDATA: security=Security/SecurityGUI.html,
configuration=Conf... |
| 3 | http://99.999.99.999:2721/xfdmanag...| ZUUNI_MG | true |
xf.xfd.Debug |
| 4 | https://99.999.99.999:2727/sclocal | ZUUNI_MG | true |
xf.security.Local |
| 5 | https://99.999.99.999:2730/sclogin | ZUUNI_MG | true |
xf.security.Login |
...
Option switches
• Option switches can be specified two ways. See table with examples.
• -h. The host option specifies a Management Integration Framework aware host (machine)
whose Management Integration Framework registry is to be displayed. If the host option is
not included, the registry of the local Management Integration Framework aware host is
displayed.
• -g. The group option limits the display to a specific Management Group.

–? ––help Displays help

dumpregistry –?
dumpregistry ––help
–g ––group= Limits the display of Management Integration Framework

registry entries to the specified Management Group.
dumpregistry –g ZUUNI\HP Security Admins

dumpregistry ––group=ZUUNI\HP Security Admins
–h ––host= Specifies the Management Integration Framework aware host

(machine) whose Management Integration Framework registry
is to be displayed (when not the local machine).
dumpregistry –h ZUNNI
dumpregistry ––host=ZUNNI
–v ––ver Displays the Management Integration Framework software

version.
dumpregistry –v
dumpregistry ––ver
Examples scenario
In the following examples, ZUNNI is the local Management Integration Framework aware host
and FINDARA is the remote Management Integration Framework aware host. They are the only
Management Integration Framework aware hosts in the environment.
Example — Dump Registry tool with no options

C:\dev\stsd\bin\win-32>DumpRegistry.exe
-----------------------------------------------------------------------------------
|
-----------------------------------------------------------------------------------
| 1 | http://99.999.99.999:2720/xfregistry | ZUUNI_MG | true |
xf.xfd.Registry |
| 2 | https://99.999.99.999:2374/ | ZUUNI_MG | true |
xf.webserver |
| --> USERDATA: security=Security/SecurityGUI.html,
configuration=Conf... |
| 3 | http://99.999.99.999:2721/xfdmanag...| ZUUNI_MG | true |
xf.xfd.Debug |
| 4 | https://99.999.99.999:2727/sclocal | ZUUNI_MG | true |
xf.security.Local |
| 5 | https://99.999.99.999:2730/sclogin | ZUUNI_MG | true |
xf.security.Login |
...
Example — Dump Registry tool with host option

C:\dev\stsd\bin\win-32>DumpRegistry.exe --host=findara
------------------------------------------------------------------------------
|
-----------------------------------------------------------------------------
| 1 | http://99.999.99.999:2396/xfregistry | FINDARA_MG | true |
xf.xfd... |
| 2 | http://99.999.99.999:2397/xfdmana... | FINDARA_MG | true |
xf.xfd... |
| 3 | https://99.999.99.999:2403/sclocal | FINDARA_MG | true |
xf.sec... |
| 4 | http://99.999.99.999:2423/xfcon... | FINDARA_MG | true |
xf.Con... |
| 5 | https://99.999.99.999:2412/scdo... | FINDARA_MG | true |
xf.sec... |
| --> USERDATA: securitydomains=PETS,FINDARA|authenticator
...
Example — Dump Registry tool with host and group options

C:\dev\stsd\bin\win-32>DumpRegistry.exe --host=findara --group=zuuni_mg
Number of registry entries in Management Group ZUNNI_MG: 8
Dump Registry tool (DumpRegistry.exe) 7

Example — Dump Registry tool with host and group options
------------------------------------------------------------------------------
|
-----------------------------------------------------------------------------
| 1 | http://99.999.99.999:2720/xfregistry | ZUUNI_MG | false |
xf.xfd... |
| 2 | http://99.999.99.999:2721/xfdmana... | ZUUNI_MG | false |
xf.xfd... |
| 3 | http://99.999.99.999:2748/xfcon... | ZUUNI_MG | false |
xf.Con... |
| 4 | https://99.999.99.999:2727/sclocal | ZUUNI_MG | false |
xf.sec... |
| 5 | https://99.999.99.999:2730/sclogin | ZUUNI_MG | false |
xf.sec... |
| --> USERDATA: securitydomains=PETS,ZUUNI|authenticator
...
Host manager tool (XfHostMgr.exe)

The Host Manager tool (XfHostMgr.exe) provides a command line interface and facilitates
scripting of Management Integration Framework security functions.
It is useful in a variety of situations, such as:
• Setting up a security environment when access to the Management Integration Framework
security GUI is not available.
• Debugging to isolate problems to the server-side or the Management Integration Framework
security GUI.
• Viewing the contents of the Management Integration Framework security authorization
database.
• Modifying the Management Integration Framework security authorization database.
• Registering security credentials for an API.
Example — Host Manager tool

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p PasswordStuff! status
Information for MI Host ZUUNI
Machine Name: ZUUNI

Domain: ZUUNI_MG
Is Authenticator: true
Available Security Domains: PETS, ZUUNI
Active Security Domains: PETS, ZUUNI
Authorization Information:
Generation Number:
1248983230
Owners:
Owner Description
---- -----------
CVEVA Command View EVA
MI immutable default owner
Privileges:
Privilege Owner
--------- -----
Manage HP Security MI
Manage HP Storage CVEVA
Operate HP Storage CVEVA
View HP Storage CVEVA
...

Considerations
• All commands (except status) require credentials (userid/password) for a member of the
Manage HP Security group.
• The status command requires only a valid login.
• A valid login is possible several ways, for example with credentials for a member of the HP
Security Admins OS security group.
Host Manager tool syntax overview

xfhostmgr command [arguments] [options]
where a command is one of the following:
Command Arguments
–ver
active <list of active security domains>
add (owner | privilege | role | group)
available <list of available security domains>
available_auto available_auto directoryUsernmae
directoryPassword
close (session)
create new_group_name
delete (owner | privilege | role | group)
Dup handle
enable
disable
flush [token | credential]
get (token | credential) id
help <command>
join destUserid destPassword
list (members | roles | privileges | groups |
sessions)
login userid password [includeOsGroup]
register providerId type isFile credential
status
unregister providerId
• Arguments in parenthesis are keywords to the command. They are separated by vertical bar
(|) when there is more than one choice.
• Brackets denote optional keywords or options.
• Keywords outside of parenthesis or brackets are values that must be supplied.
Option switches
• Option switches, except for handle, can be specified two ways. See table with examples.
• -h and -g. The host and group options specify an XF aware host (machine) or Management
Group. These options also have default values which are shown in the help output.
Host manager tool (XfHostMgr.exe) 9

• -u and -p. The user id and password options are used to provide security credentials when
the command is issued.
• ––handle. The handle option is used to provide a handle for authentication, instead of
userid/password credentials.

–? ––help= help
xfhostmgr —? status
xfhostmgr ––help=status
–g ––group= Management Group

xfhostmgr –g ZUUNI\HP Security Admins
xfhostmgr ––group=ZUUNI\HP Security Admins
–h ––host= Management Integration Framework aware host (machine)

xfhostmgr –h ZUNNI
xfhostmgr ––host=ZUNNI
–p ––password= password
xfhostmgr –p Pas1word
xfhostmgr ––password=Pas1word
–u ––user= user id
xfhostmgr –u RalphQ
xfhostmgr ––user=RalphQ
––handle= handle
xfhostmgr
––handle=4PvlItjiRkKceekv1+FmROtWMERQvjMq
Examples scenario
In the following Host Manager command examples, ZUNNI is the local Management Integration
Framework aware host and FINDARA is the remote Management Integration Framework aware
host. They are the only Management Integration Framework aware hosts in the environment.
-ver command
Displays the version of Management Integration Framework software.
Syntax
-ver
Active command
The active command establishes the list of active OS security domains that can be used as
authenticating domains.
Syntax
active <list of active security domains>
Example — Active command

C:\dev\cveva\bin\win-32>xfhostmgr -u test@zuuni -p Pas1word!
active ZUUNI
Successfully set active security domains

Add command
The add command adds mappings to the Management Integration Framework security authorization
database.
Syntax
add (owner | privilege | role | group)
Syntax detail
add owner owner_name description
add privilege privilege_name owner
add role role_name owner (list of privileges)
add group security_domain security_group
The following example adds an owner, then adds privileges, role and group.
Example — Add command

First, a new owner is added.
C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! add owner ME "A
test owner"
Successfully added owner
Next, two privileges are added for the new owner.

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! add privilege
PRIV_A ME
Successfully added privilege
C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! add privilege

PRIV_B ME
Successfully added privilege
Available command
The available command establishes an administrator defined list of OS security domains that
can be used as authenticating domains.
Syntax
available <list of available security domains>
In the following example the OS security domain ZUNNI is added to the list of available
authenticating domains for the local Management Integration Framework aware machine.
Example — Available command

available ZUUNI
Successfully set available security domains
Available_auto command
The available_auto command automatically sets the list of available OS security domains to
the list of groups a domain user account is a member of.
Syntax
available_auto directoryUsername directoryPassword

Considerations
• A domain account must be specified in this command. Do not specify a local user account.
Example — Available_auto command

C:\dev\cveva\bin\win-32>xfhostmgr available_auto petsdomain\cat99
Pas1word
Successfully set available security domains using directory
service
Close command
The close command invalidates a single security session using the security token handle.
Syntax
close (session)
In the following example note that the security token is no longer valid after the close command
is issued.
Example — Close command

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! list sessions
Handle Username
------ --------
4iHUuGMKxO8eAlSTkn97TLOWJfkUGODT test@ZUUNI
aQOfatIVuyFsO/uUdZhvn9yh3AixnI6q test@ZUUNI
duHTxJlKzLP0hxXet05G6U9q1zB0ZGzb test@ZUUNI
fJexS0g+b0VrzdtsD4nBlbA8Nex7VVOi test@ZUUNI
gW7MQ1mbeGLffw8fuhrHDjT/ASXS6hEh test@ZUUNI
lf8JUbSLSR2DYg1Qg2lXQd4bnpQoaL67 test@ZUUNI
o/hjWyWkLYzc+tEWWm99avaX0FhaOQCX test@ZUUNI
ss0/+biSgc+foSnDkD+GkFaXDrKrFoJp test@ZUUNI
uU0R0duGrS/0e/HPzhc3Hr3MSaf/eYP2 test@ZUUNI
C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! close session

4iHUuGM...
Successfully closed user session 4iHUuGMKxO8eAlSTkn97TLOWJfkUGODT
C:\dev\cveva\bin\win-32>xfhostmgr
--handle=4iHUuGMKxO8eAlSTkn97TLOWJfkUGODT status
SOAP 1.1 fault: SOAP-ENV:Client [no subcode]
"Unknown security token handle"
Detail:
Unexpected soap fault calling loginUser
Login failed on domain ZUUNI_MG
Create command
The create command creates a new Management Group on the Management Integration
Framework aware machine.
Syntax
create new_group_name
Example — Create command

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! create
FOOBAR
Successfully create domain FOOBAR
Delete command
The delete command removes items that have been added with the add command.
Syntax

delete (owner | privilege | role | group)
Syntax detail
delete owner_name
delete privilege_name
delete role_name
delete security_domain [security_group] (list of roles)
The following example deletes an owner. Note that deleting the owner deletes the related privileges,
roles, and groups.
Example — Delete command, owner

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! delete
owner ME
Successfully deleted owner
Disable command
The disable command disables a Management Integration Framework aware machine as an
authenticator for the Management Group in which it is a member.
Syntax
disable
Considerations
• You cannot disable the only authenticator in a group.
Example — Disable command

C:\dev\cveva\bin\win-32>xfhostmgr -u test@findara -p Pas1word!
disable
Successfully disabled authentication
Dup command
The dup command is used to duplicate a security handle.
This can be useful if a new handle is needed that has a different useful lifetime. For instance, if a
Management Integration Framework GUI login is performed, then the handle the login has will
become invalid when the user logs off the Management Integration Framework GUI. If a background
server process needs to use the handle for a longer period of time, then it can duplicate it and
keep the handle as long as needed.
Syntax
Dup handle
Example — Dup command

C:\dev\cveva\bin\win-32>xfhostmgr login test@zuuni Pas1word!
Login succeeded
Handle: Fxs5Rrjlx7y2encCGOtcniCz/JEBLSgo
Principle: test@ZUUNI
Account: test
OS Realm: ZUUNI
Signed Locally: false
XF Domain: ZUUNI_MG
Time Issued: Thu Jul 30 14:06:49 2009
Privileges: Manage HP Security
Manage HP Storage
Operate HP Storage
View HP Storage
C:\dev\cveva\bin\win-32>xfhostmgr -u test@zuuni -p Pas1word! dup

Fxs5Rrjlx7y2...

Example — Dup command
New security token handle = woVOylZ2IZiHL+eYBPoyym7EU4BQlMuT
Enable command
The enable command enables a Management Integration Framework aware machine as an
authenticator for the Management Group in which it is a member.
Syntax
enable
In the following example, the server findara is in the Management Group zuuni_mg but is not
an authenticator for the group. After issuing the enable command, findara becomes an
authenticator for the group.
Example — Enable command

enable
Successfully enabled authentication
Flush command
The flush command deletes security tokens or registered credentials from the Management
Integration Framework security database.
Syntax
flush [token | credential]
In the following example the Management Integration Framework security database has 7 sessions
active when the flush command is issued. Note that 8 sessions are flushed because the flush
command itself created an 8th session.
Example — Flush command, token

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! flush token
Flushed 8 entries in the security token cache
Get command
The get command retrieves a token using its handle or credentials using its providerId.
Syntax
get (token | credential) id
Example — Get command, token

C:\... xfhostmgr -u test -p Pas1word! get token 5OmUzZiIgMC1o7ebH...
Got security token (5OmUzZiIgMC1o7ebHHVdMJl2POoVRYHr)
Handle: 5OmUzZiIgMC1o7ebHHVdMJl2POoVRYHr
Account: test
OS Realm: ZUUNI
XF Domain: ZUUNI_MG
Privileges: Manage HP Security, Manage HP Storage, Operate HP Storage,
View HP S...
Security Token XML:

< SecurityToken>
< Handle type="string">5OmUzZiIgMC1o7ebHHVdMJl2POoVRYHr< /Handle>
< Principle type="string">test@ZUUNI< /Principle>
< XFDomain type="string">ZUUNI_MG< /XFDomain>
< SignedLocally type="string">false< /SignedLocally>
< OSHandles>
< Handle instanceId="" type="Primary" value="">< /Handle>

Example — Get command, token
< /OSHandles>
< Roles>
< Role type="string">CV Storage Manager< /Role>
< Role type="string">CV Storage User< /Role>
< /Roles>
< Privileges>
< Privilege type="string">Manage HP Security< /Privilege>
< Privilege type="string">Manage HP Storage< /Privilege>
< Privilege type="string">Operate HP Storage< /Privilege>
< Privilege type="string">View HP Storage< /Privilege>
< /Privileges>
< Signature type="string">W1EuQIY994L5Kzv2DntO5zKLzskk1q+tV2skv2h...=<
/Signature>
< TimeIssued type="string">Thu Jul 30 14:39:49 2009< /TimeIssued>
< /SecurityToken>
Help command
Displays help for the tool or a specific command.
Syntax
help <command>
Join command
The join command joins a Management Integration Framework aware machine to an existing
Management Group.
It is necessary to have the security admin privilege on the local Management Integration Framework
machine and on a Management Integration Framework authenticator in the group that is being
joined.
Syntax
join destGroup destUserid destPassword
Example — Join command

C:\dev\cveva\bin\win-32>xfhostmgr -u test@findara -p Pas1word!
join zuuni_mg test@zuuni Pas2word!
Successfully joined domain zuuni_mg
List command
The list command shows security entities, such as: group members, roles, privileges, OS groups,
and sessions.
Syntax
list (members | roles | privileges | groups | sessions)
Example — List command, members

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! list members
Name IP Domain Authenticator ? Manageable
By User?
---- -- ------ --------------- -----------
FINDARA 99.999.99.999 ZUUNI_MG no yes
ZUUNI 99.999.99.999 ZUUNI_MG yes yes
Example — List command, roles

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! list roles
Generation Number:
1248983230
Roles:
Role Owner Privileges

Example — List command, roles
---- ----- ----------
CV Storage Manager CVEVA Manage HP Security, Manage HP
Storage,
Operate HP Storage, View HP Storage
CV Storage User CVEVA View HP Storage

HP Security Administrator MI Manage HP Security
Example — List command, privileges

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! list
privileges
Generation Number:
1248983230
Privileges:
Privilege Owner
--------- -----
Example — List groups

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! list groups
Generation Number:
1248983230
Group to Role Mappings:

Security Domain Group Roles
--------------- ----- -----
PETS PETS\HP Security Admins HP Security
Administrator
PETS ZUUNI\HP Security Admins HP Security
Administrator
ZUUNI ZUUNI\HP Security Admins HP Security
Administrator
ZUUNI ZUUNI\HP Storage Admins CV Storage
Manager
ZUUNI ZUUNI\HP Storage Users CV Storage
User
Login command
The login command performs a log in with the Management Integration Framework aware
machine.
This is useful for determining if a particular user has sufficient privileges to log in, verifying that the
basic security authentication Integration Framework is working, viewing the privileges of a user,
or to get a handle for use in other security operations.
The -login command takes a userid and a password and will perform a login using them. The
userid can be unqualified or qualified with an OS security domain. For example: test (unqualified)
or test@zuuni (qualified). The default security domain is the local machine if it is unqualified. The
password is the normal password used for logging in.
The -h option is ignored for the login command. The login command will use the -g option to
target a particular Management Group for the login.
Syntax

login userid password [includeOsGroup]
Example — Login command, qualified user id

C:\dev\cveva\bin\win-32>xfhostmgr login test@zuuni Pas1word!
Login succeeded
Handle: K39rfGlDth4Lo+4SIICsj30yvsoItCSj
Account: test
OS Realm: ZUUNI
MI Domain: ZUUNI_MG
View...
Example — Login command, unqualified user id

C:\dev\cveva\bin\win-32>xfhostmgr login test Pas1word!
Login succeeded
Handle: 6TEkkIDCeATKOyh9f+9Rxvqu0U13pfHw
Principle: miftest@ZUUNI
Account: test
OS Realm: ZUUNI
MI Domain: ZUUNI_MG
View...
The following example shows an OS security domain (findara) from a Management Integration
Framework aware machine (zuuni). This is possible because authentication was previously enabled
on a Management Integration Framework aware machine named findara.
Example — Login command, OS security domain

C:\dev\cveva\bin\win-32>xfhostmgr login test@findara Pas1word!
Login succeeded
Handle: sBNJD+Cp0kdm6OgGwOjyJXslRvLJRVhq
Principle: test@FINDARA
Account: test
OS Realm: FINDARA
MI Domain: ZUUNI_MG
View...
In this example, the login command uses the optional Boolean parameter includeOsGroup
(true). This includes the list of OS security groups the user is a member of. This can be useful in
debugging a security setup.
Example — Login command, includeOsGroup

C:\dev\cveva\bin\win-32>xfhostmgr login test Pas1word! true
Login succeeded
Handle: WiYrd588ssqE1g/I8gDlCTRwWCwg5Aa2
Account: test
OS Realm: ZUUNI
MI Domain: ZUUNI_MG
Privileges: Manage HP Security
Manage HP Storage
Operate HP Storage
PRIV_A
PRIV_B
View HP Storage
Os Groups: ZUUNI\None

Example — Login command, includeOsGroup
\Everyone
ZUUNI\HP Storage Admins
ZUUNI\HP Storage Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
NT AUTHORITY\NONE_MAPPED
\LOCAL
This is an example of a bad log in. Note that the login service does not specify what went wrong,
just that the log in failed.
Example — Login command, error result

C:\dev\cveva\bin\win-32>xfhostmgr login soupy somepassword
SOAP 1.1 fault: SOAP-ENV:Client [no subcode]
"Login failed"
Detail:
Unexpected soap fault calling loginUser
Login failed on domain ZUUNI_MG
Register command
The register command adds provider security credentials to the Management Integration
Framework security database.
Security credentials have the following attributes:
• providerId . A unique id used to reference the credential.
• Type. An HP storage application defined type.
• isFile. A Boolean indicating whether or not the credential is a file (true or false).
• Credential value. Typically a string or file name. In some cases the value can be a
userid/password that is needed by an API.
Syntax
register providerId type isFile credential
Considerations
• If a credential is added with an id that already exists, the previous value is overwritten. If the
isFile flag is true, then the existence of the file will be verified.
Example — Register command, providerId

C:\dev\cveva\bin\win-32>xfhostmgr -u test@zuuni -p Pas1word register id1
aType
false 1234
Successfully registered credential
Example — Register command, fileType

C:\dev\cveva\bin\win-32>xfhostmgr -u test@zuuni -p Pas1word! register
id2 fileType
true ..\..\credentials.txt
Successfully registered credential

Status command
The status command returns security authorization information for the Management Integration
Framework aware machine, including:
• Available OS security domains
• Active OS security domains
• If the Management Integration Framework aware machine is an authenticator for the
Management Group
• Mappings of owners, privileges, roles, and OS groups
• Registered credentials
Syntax
status
Example — Status command

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! status
Information for MI Host ZUUNI
Machine Name: ZUUNI

Domain: ZUUNI_MG
Is Authenticator: true
Available Security Domains: PETS, ZUUNI
Active Security Domains: PETS, ZUUNI
Generation Number:
1248983230
Owners:
Owner Description
----- -----------
CVEVA Command View EVA
MG immutable default owner
Privileges:
Privilege Owner
--------- -----
Roles:
Role Owner Privileges
---- ----- ----------
CV Storage Manager CVEVA Manage HP Security, Manage
HP Storage,
Operate HP Storage, View HP
Storage
CV Storage User CVEVA View HP Storage
HP Security Admin... MI Manage HP Security
Group to Role Mappings:

Security Domain Group Roles
--------------- ----- -----
PETS PETS\HP Security Admins HP Security
Admini...
PETS ZUUNI\HP Security Admins HP Security
Admini...
ZUUNI ZUUNI\HP Security Admins HP Security
Admini...
ZUUNI ZUUNI\HP Storage Admins CV Storage
Manager
ZUUNI ZUUNI\HP Storage Users CV Storage
User
Currently registered credentials:

providerId, owningInstanceId, type, is file, credential, is local
-----------------------------------------------------------------

Unregister command
The unregister command removes provider security credentials from the XF security database.
Syntax
unregister providerId
Example — Unregister command

unregister id1
Successfully unregistered credential
Host Reset tool (XfHostReset.exe)

The Host Reset tool (XfHostReset.exe) restores a Management Integration Framework aware
machine to its default Management Integration Framework configuration.
This is useful if a Management Integration Framework aware machine gets into a corrupt state and
can no longer be managed. The tool terminates all existing Management Group memberships and
creates a new Management Group.
Considerations
• The tool user must be a member of the Manage HP Security group.

–? ––help Displays help

xfhostreset –?
xfhostreset ––help
–g ––group= Management Group

xfhostreset –g ZUUNI\HP Security Admins
xfhostreset ––group=ZUUNI\HP Security Admins
–p ––password= password
xfhostreset –p Pas1word
xfhostreset ––password=Pas1word
–q ––quiet= Run in quiet mode

xfhostreset –q
xfhostreset ––quiet
–u ––user= user (administrator)

xfhostreset –u RalphQ
xfhostreset ––user=RalphQ
–v ––ver Displays the Management Integration Framework software

version.
xfhostreset –v
xfhostreset ––ver
Example — Host Reset tool

In this example ZUNNI is the local Management Integration Framework aware host.
C:\dev\cveva\bin\win-32>XfHostReset
MI Host Reset Utility

---------------------
This utility may be used to reset the Management Group (MG)

configuration of an OFFLINE host. Any existing MG membership

will be terminated and a new MG will be created on the host.
The user account supplied must be a member of the local
security group:
Use 'HP Security Admins'
Continue(y/n)?y
Enter new domain name: TEST_MG
Enter user id: test
Enter password:
Successfully created the new domain
C:\dev\cveva\bin\win-32>XfHostMgr list members
Name IP Domain Authenticator? Manageable

By User?
---- ------------- -------- --------------
-------------------
ZUUNI 99.999.99.999 TEST_MG yes yes
Security examples
Adding local security
This example shows how to add local security (for HP storage) to a system that was originally
installed with domain security.
xfhostmgr -u intelsan\administrator -p password add group

"Intelw3k1"
"INTELW3K1\HP Storage Admins" "CV Storage Manager"
xfhostmgr -u intelsan\administrator -p password add group

"Intelw3k1"
"INTELW3K1\HP Storage Users" "CV Storage Manager"
xfhostmgr -u administrator -p password status
Correcting login after a server name change

After renaming a server, and attempting to log in to HP P6000 Command View, a message
regarding insufficient privileges may be displayed. If the message is due entirely to the server
renaming, you can correct it by running the following Application Manager Tool command:
XfAppMgr register XFSecurity.cfg
Security examples 21
2 Support and other resources
Release history
HP Management Integration Framework releases:
Release Version
2012 (Oct) 1.6
2012 (May) 1.5
2011 (Oct) 1.4
2011 (Mar) 1.3
2010 (Aug) 1.2
2010 (Feb) 1.0
Contacting HP
HP technical support
For worldwide technical support information, see the HP support website:
http://www.hp.com/support
Before contacting HP, collect the following information:

• Product model names and numbers
• Technical support registration number (if applicable)
• Product serial numbers
• Error messages
• Operating system type and revision level
• Detailed questions
Subscription service
HP recommends that you register your product at the Subscriber's Choice for Business website:
http://www.hp.com/go/wwalerts
After registering, you will receive e-mail notification of product enhancements, new driver versions,
firmware updates, and other product resources.
Documentation feedback
HP welcomes your feedback. To make comments and suggestions about product documentation
you can:
• Send an e-mail to storagedocsFeedback@hp.com.
All submissions become the property of HP.
Related information
To find related documents, browse to the Manuals page of the HP Business Support Center web
site:
http://www.hp.com/support/manuals
22 Support and other resources

For most related documentation, navigate to the Storage section, select a storage category (Storage
Software > Storage Device Management Software) and product.
Documents
• HP Management Integration Framework Administration Guide
• HP Management Integration Framework Maintenance & Service Guide
• HP P6000 Command View Release Notes
• HP P6000 Command View Installation Guide
• HP P6000 Command View User Guide
• HP P6000 Enterprise Virtual Array Compatibility Reference
Websites
• HP.com
http://www.hp.com
• HP storage
http://www.hp.com/go/storage
• HP manuals
http://www.hp.com/support/manuals
• HP download drivers and software
http://www.hp.com/support/downloads
• HP software depot
http://www.software.hp.com
Customer self repair

HP CSR programs allow you to repair your HP storage product. If a CSR part needs replacing, HP
ships the part directly to you so that you can install it at your convenience. Some parts do not
qualify for CSR. Your HP-authorized service provider will determine whether a repair can be
accomplished by CSR.
For more information about CSR, contact your local service provider. For North America, see the
CSR website:
http://www.hp.com/go/selfrepair
This product has no customer-replaceable components.
Customer self repair 23

Glossary
API Application Programming Interface.
MIF HP Management Integration Framework. software.
URI Universal Resource Identifier. Identifies a resource on the Internet.
Example: hp.com
XF Extension Framework. Internal name for HP MIF software.
24 Glossary
Index
flush, 14
Symbols get, 14
-ver (command, application manager), 4 help, 15
-ver (command, host manager), 10 join, 15
list, 15
A login, 16
add (command, host manager), 11 register, 18
application manager status, 19
about, 4 unregister, 20
commands syntax, 9
-ver, 4 host manager (XfHostMgr.exe), 8
delete, 4 host reset (XfHostReset.exe), 20
help, 5
register, 5 J
syntax, 4 join (command, host manager), 15
available_auto (command, host manager), 11
L
C list (command, host manager), 15
close (command, host manager), 12 login (command, host manager), 16
create (command, host manager), 12
R
D register (command, application manager), 5
delete (command, application manager), 4 register (command, host manger), 18
delete (command, host manager), 12
disable (command, host manager), 13 S
documentation status (command, host manager), 19
providing feedback, 22 Subscriber's Choice, HP, 22
related documents, 22 support, HP, 22
dump registry, 5
DumpRegistry.exe, 5 U
dupe (command, host manager), 13 unregister (command, host manager), 20
E W
enable (command, host manager), 14 websites
HP , 23
F HP Subscriber's Choice for Business, 22
flush (command, host manager), 14 product manuals, 22
G X
get (command, host manager), 14 XfAppMgr.exe, 4
XfHostMgr.exe, 8
H XfHostReset.exe), 20
help (command, application manager), 5
help (command, host manager), 15
host manager
commands
-ver, 10
add, 11
available, 11
available_auto, 11
close, 12
create, 12
delete, 12
disable, 13
dupe, 13
enable, 14
25

HP MIF Maintenance-ServiceGuide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HP MIF Maintenance-ServiceGuide

Uploaded by

Copyright:

Available Formats

HP Management Integration Framework 1.

HP Part Number: T5494-96540

Adobe and Acrobat are trademarks of Adobe Systems Incorporated.

Application Manager tool syntax overview

Option Option Description / Examples

4 Using Management Integration Framework command line tools

Example — Security configuration file

Dump Registry tool (DumpRegistry.exe)

Dump Registry tool (DumpRegistry.exe) 5

Example — Dump Registry tool

Number of registry entries: 16

Option Option Description / Examples

–? ––help Displays help

–g ––group= Limits the display of Management Integration Framework

6 Using Management Integration Framework command line tools

–h ––host= Specifies the Management Integration Framework aware host

–v ––ver Displays the Management Integration Framework software

Example — Dump Registry tool with no options

Number of registry entries: 16

Example — Dump Registry tool with host option

Number of registry entries: 16

Example — Dump Registry tool with host and group options

Number of registry entries in Management Group ZUNNI_MG: 8

Dump Registry tool (DumpRegistry.exe) 7

Host manager tool (XfHostMgr.exe)

Example — Host Manager tool

Information for MI Host ZUUNI

Machine Name: ZUUNI

8 Using Management Integration Framework command line tools

Host Manager tool syntax overview

Host manager tool (XfHostMgr.exe) 9

Option Option Description / Examples

–g ––group= Management Group

–h ––host= Management Integration Framework aware host (machine)

Example — Active command

10 Using Management Integration Framework command line tools

Example — Add command

Next, two privileges are added for the new owner.

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! add privilege

Example — Available command

Host manager tool (XfHostMgr.exe) 11

Example — Available_auto command

Example — Close command

C:\dev\cveva\bin\win-32>xfhostmgr -u test -p Pas1word! close session

Example — Create command

12 Using Management Integration Framework command line tools

Example — Delete command, owner

Example — Disable command

Example — Dup command

C:\dev\cveva\bin\win-32>xfhostmgr -u test@zuuni -p Pas1word! dup

Host manager tool (XfHostMgr.exe) 13

New security token handle = woVOylZ2IZiHL+eYBPoyym7EU4BQlMuT

Example — Enable command

Example — Flush command, token

Example — Get command, token

Security Token XML:

14 Using Management Integration Framework command line tools

Example — Join command

Example — List command, members

Example — List command, roles

Host manager tool (XfHostMgr.exe) 15

CV Storage User CVEVA View HP Storage

Example — List command, privileges