Professional Documents
Culture Documents
6
Maintenance & Service Guide
Abstract
This document describes the use of HP Management Integration Framework tools intended for administrators involved in the
installation, operation, management and security of HP P6000 EVA storage systems.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
1.6 — 2012.09.20
Contents
1 Using Management Integration Framework command line tools........................4
Application Manager tool (XfAppMgr.exe)...................................................................................4
Application Manager tool syntax overview...................................................................................4
-ver command ....................................................................................................................4
Delete command.................................................................................................................4
Help command....................................................................................................................5
Register command...............................................................................................................5
Dump Registry tool (DumpRegistry.exe)........................................................................................5
Host manager tool (XfHostMgr.exe).............................................................................................8
Host Manager tool syntax overview........................................................................................9
-ver command ..................................................................................................................10
Active command................................................................................................................10
Add command..................................................................................................................11
Available command...........................................................................................................11
Available_auto command...................................................................................................11
Close command................................................................................................................12
Create command...............................................................................................................12
Delete command...............................................................................................................12
Disable command..............................................................................................................13
Dup command...................................................................................................................13
Enable command...............................................................................................................14
Flush command.................................................................................................................14
Get command...................................................................................................................14
Help command..................................................................................................................15
Join command...................................................................................................................15
List command....................................................................................................................15
Login command.................................................................................................................16
Register command.............................................................................................................18
Status command................................................................................................................19
Unregister command..........................................................................................................20
Host Reset tool (XfHostReset.exe)...............................................................................................20
Security examples...................................................................................................................21
Adding local security..........................................................................................................21
Correcting login after a server name change.........................................................................21
2 Support and other resources......................................................................22
Release history.......................................................................................................................22
Contacting HP........................................................................................................................22
Related information.................................................................................................................22
Customer self repair................................................................................................................23
Glossary....................................................................................................24
Index.........................................................................................................25
Contents 3
1 Using Management Integration Framework command line
tools
Application Manager tool (XfAppMgr.exe)
The Application Manager tool (XfAppMgr.exe) loads security information into the Management
Integration Framework authorization database. It is used primarily by Management Integration
Framework software during installation. It can also be used manually for loading or to delete
owners.
• Owner. There can be only 1 owner in the Management Integration Framework security
configuration file.
• Privileges. These are application defined strings that are associated with the Owner.
• Roles. Each role is named and is associated with a list of privileges.
• Groups. Each role is associated with an OS Security group, either local or domain.
Command Arguments
–ver
delete owner_name
help <command>
register config_file
Option switches
–? ––help= help
xfappmgr —? register
xfappmgr ––help=register
-ver command
Displays the version of Management Integration Framework software.
Syntax
-ver
Delete command
The delete command removes an application API owner from the Management Integration
Framework database.
Syntax
delete owner_name
Register command
The register command registers a Management Integration Framework configuration file
(XFSecurity.cfg) with a Management Integration Framework server.
Syntax
register config_file
In the following example, the three privileges in the Privileges section are relevant only to the
application that registers the file.
The Manage HP Security entry under the first role is a Management Integration Framework
defined privilege which is required to perform security operations.
Thus, when a administrator logs in and is a member of the local group Storage Admins , the
administrator will have 4 privileges: Manage Storage, View Storage, Operate Storage,
and Manage HP Security.
Section Privileges {
privilege Manage Storage
privilege View Storage
privilege Operate Storage
}
Section Roles {
role Storage Manager, Manage Storage, View Storage, Operate
Storage,
Manage HP Security
role Storage User, View Storage
}
Section Groups {
# syntax: group < Security Domain>, < Group Name>, < Role>
# < Security Domain> can be %L, the local host name, or
a domain
name.
# If "%L" is used, then MI will deal
with host
name changes automatically
# < Group Name> is the name of a security group
# < Role> a previously defined role in the "Roles" section
above
group %L, %L\Storage Admins, Storage Manager
group %L, %L\Storage Users, Storage User
}
-----------------------------------------------------------------------------------
| # | URI | SW GROUP | LOCAL | TYPE
|
-----------------------------------------------------------------------------------
| 1 | http://99.999.99.999:2720/xfregistry | ZUUNI_MG | true |
xf.xfd.Registry |
| 2 | https://99.999.99.999:2374/ | ZUUNI_MG | true |
xf.webserver |
| --> USERDATA: security=Security/SecurityGUI.html,
configuration=Conf... |
| 3 | http://99.999.99.999:2721/xfdmanag...| ZUUNI_MG | true |
xf.xfd.Debug |
| 4 | https://99.999.99.999:2727/sclocal | ZUUNI_MG | true |
xf.security.Local |
| 5 | https://99.999.99.999:2730/sclogin | ZUUNI_MG | true |
xf.security.Login |
...
Option switches
• Option switches can be specified two ways. See table with examples.
• -h. The host option specifies a Management Integration Framework aware host (machine)
whose Management Integration Framework registry is to be displayed. If the host option is
not included, the registry of the local Management Integration Framework aware host is
displayed.
• -g. The group option limits the display to a specific Management Group.
Examples scenario
In the following examples, ZUNNI is the local Management Integration Framework aware host
and FINDARA is the remote Management Integration Framework aware host. They are the only
Management Integration Framework aware hosts in the environment.
-----------------------------------------------------------------------------------
| # | URI | SW GROUP | LOCAL | TYPE
|
-----------------------------------------------------------------------------------
| 1 | http://99.999.99.999:2720/xfregistry | ZUUNI_MG | true |
xf.xfd.Registry |
| 2 | https://99.999.99.999:2374/ | ZUUNI_MG | true |
xf.webserver |
| --> USERDATA: security=Security/SecurityGUI.html,
configuration=Conf... |
| 3 | http://99.999.99.999:2721/xfdmanag...| ZUUNI_MG | true |
xf.xfd.Debug |
| 4 | https://99.999.99.999:2727/sclocal | ZUUNI_MG | true |
xf.security.Local |
| 5 | https://99.999.99.999:2730/sclogin | ZUUNI_MG | true |
xf.security.Login |
...
------------------------------------------------------------------------------
| # | URI | SW GROUP | LOCAL | TYPE
|
-----------------------------------------------------------------------------
| 1 | http://99.999.99.999:2396/xfregistry | FINDARA_MG | true |
xf.xfd... |
| 2 | http://99.999.99.999:2397/xfdmana... | FINDARA_MG | true |
xf.xfd... |
| 3 | https://99.999.99.999:2403/sclocal | FINDARA_MG | true |
xf.sec... |
| 4 | http://99.999.99.999:2423/xfcon... | FINDARA_MG | true |
xf.Con... |
| 5 | https://99.999.99.999:2412/scdo... | FINDARA_MG | true |
xf.sec... |
| --> USERDATA: securitydomains=PETS,FINDARA|authenticator
...
Authorization Information:
Generation Number:
1248983230
Owners:
Owner Description
---- -----------
CVEVA Command View EVA
MI immutable default owner
Privileges:
Privilege Owner
--------- -----
Manage HP Security MI
Manage HP Storage CVEVA
Operate HP Storage CVEVA
View HP Storage CVEVA
...
Command Arguments
–ver
active <list of active security domains>
add (owner | privilege | role | group)
available <list of available security domains>
available_auto available_auto directoryUsernmae
directoryPassword
close (session)
create new_group_name
delete (owner | privilege | role | group)
Dup handle
enable
disable
flush [token | credential]
get (token | credential) id
help <command>
join destUserid destPassword
list (members | roles | privileges | groups |
sessions)
login userid password [includeOsGroup]
register providerId type isFile credential
status
unregister providerId
• Arguments in parenthesis are keywords to the command. They are separated by vertical bar
(|) when there is more than one choice.
• Brackets denote optional keywords or options.
• Keywords outside of parenthesis or brackets are values that must be supplied.
Option switches
• Option switches, except for handle, can be specified two ways. See table with examples.
• -h and -g. The host and group options specify an XF aware host (machine) or Management
Group. These options also have default values which are shown in the help output.
–? ––help= help
xfhostmgr —? status
xfhostmgr ––help=status
–p ––password= password
xfhostmgr –p Pas1word
xfhostmgr ––password=Pas1word
–u ––user= user id
xfhostmgr –u RalphQ
xfhostmgr ––user=RalphQ
––handle= handle
xfhostmgr
––handle=4PvlItjiRkKceekv1+FmROtWMERQvjMq
Examples scenario
In the following Host Manager command examples, ZUNNI is the local Management Integration
Framework aware host and FINDARA is the remote Management Integration Framework aware
host. They are the only Management Integration Framework aware hosts in the environment.
-ver command
Displays the version of Management Integration Framework software.
Syntax
-ver
Active command
The active command establishes the list of active OS security domains that can be used as
authenticating domains.
Syntax
active <list of active security domains>
Available command
The available command establishes an administrator defined list of OS security domains that
can be used as authenticating domains.
Syntax
available <list of available security domains>
In the following example the OS security domain ZUNNI is added to the list of available
authenticating domains for the local Management Integration Framework aware machine.
Available_auto command
The available_auto command automatically sets the list of available OS security domains to
the list of groups a domain user account is a member of.
Syntax
available_auto directoryUsername directoryPassword
Close command
The close command invalidates a single security session using the security token handle.
Syntax
close (session)
In the following example note that the security token is no longer valid after the close command
is issued.
C:\dev\cveva\bin\win-32>xfhostmgr
--handle=4iHUuGMKxO8eAlSTkn97TLOWJfkUGODT status
SOAP 1.1 fault: SOAP-ENV:Client [no subcode]
"Unknown security token handle"
Detail:
Unexpected soap fault calling loginUser
Login failed on domain ZUUNI_MG
Create command
The create command creates a new Management Group on the Management Integration
Framework aware machine.
Syntax
create new_group_name
Delete command
The delete command removes items that have been added with the add command.
Syntax
Disable command
The disable command disables a Management Integration Framework aware machine as an
authenticator for the Management Group in which it is a member.
Syntax
disable
Considerations
• You cannot disable the only authenticator in a group.
Dup command
The dup command is used to duplicate a security handle.
This can be useful if a new handle is needed that has a different useful lifetime. For instance, if a
Management Integration Framework GUI login is performed, then the handle the login has will
become invalid when the user logs off the Management Integration Framework GUI. If a background
server process needs to use the handle for a longer period of time, then it can duplicate it and
keep the handle as long as needed.
Syntax
Dup handle
Enable command
The enable command enables a Management Integration Framework aware machine as an
authenticator for the Management Group in which it is a member.
Syntax
enable
In the following example, the server findara is in the Management Group zuuni_mg but is not
an authenticator for the group. After issuing the enable command, findara becomes an
authenticator for the group.
Flush command
The flush command deletes security tokens or registered credentials from the Management
Integration Framework security database.
Syntax
flush [token | credential]
In the following example the Management Integration Framework security database has 7 sessions
active when the flush command is issued. Note that 8 sessions are flushed because the flush
command itself created an 8th session.
Get command
The get command retrieves a token using its handle or credentials using its providerId.
Syntax
get (token | credential) id
Help command
Displays help for the tool or a specific command.
Syntax
help <command>
Join command
The join command joins a Management Integration Framework aware machine to an existing
Management Group.
It is necessary to have the security admin privilege on the local Management Integration Framework
machine and on a Management Integration Framework authenticator in the group that is being
joined.
Syntax
join destGroup destUserid destPassword
List command
The list command shows security entities, such as: group members, roles, privileges, OS groups,
and sessions.
Syntax
list (members | roles | privileges | groups | sessions)
Roles:
Role Owner Privileges
Privileges:
Privilege Owner
--------- -----
Manage HP Security MI
Manage HP Storage CVEVA
Operate HP Storage CVEVA
View HP Storage CVEVA
Login command
The login command performs a log in with the Management Integration Framework aware
machine.
This is useful for determining if a particular user has sufficient privileges to log in, verifying that the
basic security authentication Integration Framework is working, viewing the privileges of a user,
or to get a handle for use in other security operations.
The -login command takes a userid and a password and will perform a login using them. The
userid can be unqualified or qualified with an OS security domain. For example: test (unqualified)
or test@zuuni (qualified). The default security domain is the local machine if it is unqualified. The
password is the normal password used for logging in.
The -h option is ignored for the login command. The login command will use the -g option to
target a particular Management Group for the login.
Syntax
The following example shows an OS security domain (findara) from a Management Integration
Framework aware machine (zuuni). This is possible because authentication was previously enabled
on a Management Integration Framework aware machine named findara.
In this example, the login command uses the optional Boolean parameter includeOsGroup
(true). This includes the list of OS security groups the user is a member of. This can be useful in
debugging a security setup.
This is an example of a bad log in. Note that the login service does not specify what went wrong,
just that the log in failed.
Register command
The register command adds provider security credentials to the Management Integration
Framework security database.
Security credentials have the following attributes:
• providerId . A unique id used to reference the credential.
• Type. An HP storage application defined type.
• isFile. A Boolean indicating whether or not the credential is a file (true or false).
• Credential value. Typically a string or file name. In some cases the value can be a
userid/password that is needed by an API.
Syntax
register providerId type isFile credential
Considerations
• If a credential is added with an id that already exists, the previous value is overwritten. If the
isFile flag is true, then the existence of the file will be verified.
Authorization Information:
Generation Number:
1248983230
Owners:
Owner Description
----- -----------
CVEVA Command View EVA
MG immutable default owner
Privileges:
Privilege Owner
--------- -----
Manage HP Security MI
Manage HP Storage CVEVA
Operate HP Storage CVEVA
View HP Storage CVEVA
Roles:
Role Owner Privileges
---- ----- ----------
CV Storage Manager CVEVA Manage HP Security, Manage
HP Storage,
Operate HP Storage, View HP
Storage
CV Storage User CVEVA View HP Storage
HP Security Admin... MI Manage HP Security
–p ––password= password
xfhostreset –p Pas1word
xfhostreset ––password=Pas1word
C:\dev\cveva\bin\win-32>XfHostReset
Continue(y/n)?y
Enter new domain name: TEST_MG
Enter user id: test
Enter password:
Successfully created the new domain
Security examples
Adding local security
This example shows how to add local security (for HP storage) to a system that was originally
installed with domain security.
Security examples 21
2 Support and other resources
Release history
HP Management Integration Framework releases:
Release Version
2012 (Oct) 1.6
2012 (May) 1.5
2011 (Oct) 1.4
2011 (Mar) 1.3
2010 (Aug) 1.2
2010 (Feb) 1.0
Contacting HP
HP technical support
For worldwide technical support information, see the HP support website:
http://www.hp.com/support
Subscription service
HP recommends that you register your product at the Subscriber's Choice for Business website:
http://www.hp.com/go/wwalerts
After registering, you will receive e-mail notification of product enhancements, new driver versions,
firmware updates, and other product resources.
Documentation feedback
HP welcomes your feedback. To make comments and suggestions about product documentation
you can:
• Send an e-mail to storagedocsFeedback@hp.com.
All submissions become the property of HP.
Related information
To find related documents, browse to the Manuals page of the HP Business Support Center web
site:
http://www.hp.com/support/manuals
Documents
• HP Management Integration Framework Administration Guide
• HP Management Integration Framework Maintenance & Service Guide
• HP P6000 Command View Release Notes
• HP P6000 Command View Installation Guide
• HP P6000 Command View User Guide
• HP P6000 Enterprise Virtual Array Compatibility Reference
Websites
• HP.com
http://www.hp.com
• HP storage
http://www.hp.com/go/storage
• HP manuals
http://www.hp.com/support/manuals
• HP download drivers and software
http://www.hp.com/support/downloads
• HP software depot
http://www.software.hp.com
24 Glossary
Index
flush, 14
Symbols get, 14
-ver (command, application manager), 4 help, 15
-ver (command, host manager), 10 join, 15
list, 15
A login, 16
add (command, host manager), 11 register, 18
application manager status, 19
about, 4 unregister, 20
commands syntax, 9
-ver, 4 host manager (XfHostMgr.exe), 8
delete, 4 host reset (XfHostReset.exe), 20
help, 5
register, 5 J
syntax, 4 join (command, host manager), 15
available_auto (command, host manager), 11
L
C list (command, host manager), 15
close (command, host manager), 12 login (command, host manager), 16
create (command, host manager), 12
R
D register (command, application manager), 5
delete (command, application manager), 4 register (command, host manger), 18
delete (command, host manager), 12
disable (command, host manager), 13 S
documentation status (command, host manager), 19
providing feedback, 22 Subscriber's Choice, HP, 22
related documents, 22 support, HP, 22
dump registry, 5
DumpRegistry.exe, 5 U
dupe (command, host manager), 13 unregister (command, host manager), 20
E W
enable (command, host manager), 14 websites
HP , 23
F HP Subscriber's Choice for Business, 22
flush (command, host manager), 14 product manuals, 22
G X
get (command, host manager), 14 XfAppMgr.exe, 4
XfHostMgr.exe, 8
H XfHostReset.exe), 20
help (command, application manager), 5
help (command, host manager), 15
host manager
commands
-ver, 10
add, 11
available, 11
available_auto, 11
close, 12
create, 12
delete, 12
disable, 13
dupe, 13
enable, 14
25