HP EVA服务手册

ManagementIntegrationFramework1.2

Maintenance&ServiceGuide

ThisdocumentdescribestheuseofHPStorageWorksManagementIntegrationFrameworktoolsintendedforadministratorsinvolvedintheinstallation,operation,managementandsecurityofHPEVAstoragesystemsandHPSANVirtualizationServicesPlatform.

PartNumber:T5494-96394Secondedition:August2010

Legal and notice information

©Copyright2010Hewlett-PackardDevelopmentCompany,L.P

Confidentialcomputersoftware.ValidlicensefromHPrequiredforpossession,useorcopying.ConsistentwithFAR12.211and12.212,CommercialComputerSoftware,ComputerSoftwareDocumentation,andTechnicalDataforCommercialItemsarelicensedtotheU.S.Governmentundervendor'sstandardcommerciallicense.

Theinformationcontainedhereinissubjecttochangewithoutnotice.TheonlywarrantiesforHPproductsandservicesaresetforthintheexpresswarrantystatementsaccompanyingsuchproductsandservices.Nothinghereinshouldbeconstruedasconstitutinganadditionalwarranty.HPshallnotbeliablefortechnicaloreditorialerrorsoromissionscontainedherein.AdobeandAcrobataretrademarksofAdobeSystemsIncorporated.1.2—06.04.2010

Contents

1UsingManagementIntegrationFrameworkcommandlinetools...............4

ApplicationManagertool............................................................................................................4ApplicationManagertoolsyntaxoverview.....................................................................................4

-vercommand.....................................................................................................................5Deletecommand..................................................................................................................5Helpcommand....................................................................................................................5Registercommand................................................................................................................5DumpRegistrytool......................................................................................................................6Hostmanagertool......................................................................................................................8

HostManagertoolsyntaxoverview........................................................................................9-vercommand...................................................................................................................11Activecommand................................................................................................................11Addcommand...................................................................................................................12Availablecommand...........................................................................................................12Available_autocommand....................................................................................................12Closecommand.................................................................................................................13Createcommand...............................................................................................................13Deletecommand................................................................................................................14Disablecommand..............................................................................................................14Dupcommand...................................................................................................................14Enablecommand...............................................................................................................15Flushcommand..................................................................................................................15Getcommand...................................................................................................................16Helpcommand..................................................................................................................16Joincommand...................................................................................................................17Listcommand.....................................................................................................................17Logincommand.................................................................................................................18Registercommand..............................................................................................................20Statuscommand................................................................................................................21Unregistercommand..........................................................................................................22HostResettool..........................................................................................................................23

2Supportandotherresources..............................................................25

Releasehistory.........................................................................................................................ContactingHP..........................................................................................................................Relatedinformation...................................................................................................................Typographicconventions...........................................................................................................Customerselfrepair..................................................................................................................

2525262627

Glossary............................................................................................29Index.................................................................................................31

ManagementIntegrationFramework1.23

1 Using Management IntegrationFramework command line tools

Application Manager tool

TheApplicationManagertool(XfAppMgr.exe)loadssecurityinformationintotheManagementIntegrationFrameworkauthorizationdatabase.ItisusedprimarilybyManagementIntegration

Frameworksoftwareduringinstallation.Itcanalsobeusedmanuallyforloadingortodeleteowners.•Owner.Therecanbeonly1ownerintheManagementIntegrationFrameworksecurityconfigur-ationfile.

•Privileges.TheseareapplicationdefinedstringsthatareassociatedwiththeOwner.•Roles.Eachroleisnamedandisassociatedwithalistofprivileges.

•Groups.EachroleisassociatedwithanOSSecuritygroup,eitherlocalordomain.

Application Manager tool syntax overview

Syntax

xfappmgrcommand[arguments][options]whereacommandisoneofthefollowing:

Command–verdeletehelpregister

owner_nameconfig_fileArguments

Option switches

Option(shortform)–?

Option(longform)––help=

Description / Exampleshelp

xfappmgr—?registerxfappmgr––help=register

4UsingManagementIntegrationFrameworkcommandlinetools

-ver command

DisplaystheversionofManagementIntegrationFrameworksoftware.Syntax-ver

Delete command

ThedeletecommandremovesanapplicationAPIownerfromtheManagementIntegrationFrameworkdatabase.Syntax

deleteowner_name

Help command

Displayshelpforthetooloraspecificcommand.Syntax

help

Register command

TheregistercommandregistersaManagementIntegrationFrameworkconfigurationfile(XFSecurity.cfg)withaManagementIntegrationFrameworkserver.Syntax

registerconfig_file

Inthefollowingexample,thethreeprivilegesinthePrivilegessectionarerelevantonlytotheapplicationthatregistersthefile.

TheManageHPSecurityentryunderthefirstroleisaManagementIntegrationFrameworkdefinedprivilegewhichisrequiredtoperformsecurityoperations.

Thus,whenaadministratorlogsinandisamemberofthelocalgroupStorageAdmins,theadministratorwillhave4privileges:ManageStorage,ViewStorage,OperateStorage,andManageHPSecurity.

ManagementIntegrationFramework1.25

Example — Security configuration file

SectionOwner{

owneranOwner

descriptionTesttesttest}

SectionPrivileges{

privilegeManageStorageprivilegeViewStorageprivilegeOperateStorage}

SectionRoles{

roleStorageManager,ManageStorage,ViewStorage,OperateStorage,ManageHPSecurity

roleStorageUser,ViewStorage}

SectionGroups{

#syntax:group,,#canbe%L,thelocalhostname,oradomain

name.

#If\"%L\"isused,thenMIwilldealwithhost

namechangesautomatically

#isthenameofasecuritygroup#apreviouslydefinedroleinthe\"Roles\"sectionabove

group%L,%L\\StorageAdmins,StorageManagergroup%L,%L\\StorageUsers,StorageUser}

Dump Registry tool

TheDumpRegistrytool(DumpRegistry.exe)showstheregistrycontentsforthelocalManagementIntegrationFrameworkawarehost,oraremoteManagementIntegrationFrameworkawarehost.Thistoolishelpfulto:

•DebugwhenoneinstanceofManagementIntegrationFrameworksoftwarecannotseeanotherinstance.

•Seetheportthataparticularwebserviceislisteningon.

•Determineifaserviceisworkingcorrectly.InthecaseofManagementIntegrationFrameworkwebservices,adding?wsdltotheendoftheURIenablesthewsdlfiletobeloadedintoabrowser.Theoutputincludesthefollowingfields:

•URI.TheURIthataManagementIntegrationFrameworkserviceislisteningon.

•ManagementGroup.TheManagementGroupthattheManagementIntegrationFrameworkawarehostisamemberof.

•Local.ThevalueistrueforanyentrythatwasregisteredonthelocalManagementIntegrationFrameworkawarehost.

•Type.TheAPItypethatisregistered.Forinstance,xf.security.LoginistheAPIregisteredbyManagementIntegrationFrameworkforloginrequests.

6UsingManagementIntegrationFrameworkcommandlinetools

Example — Dump Registry tool

C:\\dev\\stsd\\bin\\win-32>DumpRegistry.exeNumberofregistryentries:16

-----------------------------------------------------------------------------------|#|URI|SWGROUP|LOCAL|TYPE|-----------------------------------------------------------------------------------|1|http://99.999.99.999:2720/xfregistry|ZUUNI_MG|true|xf.xfd.Registry||2|https://99.999.99.999:2374/|ZUUNI_MG|true|xf.webserver||-->USERDATA:security=Security/SecurityGUI.html,configuration=Conf...||3|http://99.999.99.999:2721/xfdmanag...|ZUUNI_MG|true|xf.xfd.Debug||4|https://99.999.99.999:2727/sclocal|ZUUNI_MG|true|xf.security.Local||5|https://99.999.99.999:2730/sclogin|ZUUNI_MG|true|xf.security.Login|...

Option switches

•Optionswitchescanbespecifiedtwoways.Seetablewithexamples.

•-h.ThehostoptionspecifiesaManagementIntegrationFrameworkawarehost(machine)whoseManagementIntegrationFrameworkregistryistobedisplayed.Ifthehostoptionisnotincluded,theregistryofthelocalManagementIntegrationFrameworkawarehostisdisplayed.•-g.ThegroupoptionlimitsthedisplaytoaspecificManagementGroup.

Option(shortform)–?

Option(longform)––help

Description / ExamplesDisplayshelpdumpregistry–?dumpregistry––help

–g

––group=

LimitsthedisplayofManagementIntegrationFrameworkregistryentriestothespecifiedManagementGroup.

dumpregistry–gZUUNI\\HPSecurityAdminsdumpregistry––group=ZUUNI\\HPSecurityAdmins

–h

––host=

SpecifiestheManagementIntegrationFrameworkawarehost(machine)whoseManagementIntegrationFrameworkregistryistobedisplayed(whennotthelocalmachine).

dumpregistry–hZUNNIdumpregistry––host=ZUNNI

–v

––ver

DisplaystheManagementIntegrationFrameworksoftwareversion.dumpregistry–vdumpregistry––ver

Examples scenario

Inthefollowingexamples,ZUNNIisthelocalManagementIntegrationFrameworkawarehostandFINDARAistheremoteManagementIntegrationFrameworkawarehost.TheyaretheonlyManagementIntegrationFrameworkawarehostsintheenvironment.

ManagementIntegrationFramework1.27

Example — Dump Registry tool with no options

C:\\dev\\stsd\\bin\\win-32>DumpRegistry.exeNumberofregistryentries:16

-----------------------------------------------------------------------------------|#|URI|SWGROUP|LOCAL|TYPE|-----------------------------------------------------------------------------------|1|http://99.999.99.999:2720/xfregistry|ZUUNI_MG|true|xf.xfd.Registry||2|https://99.999.99.999:2374/|ZUUNI_MG|true|xf.webserver||-->USERDATA:security=Security/SecurityGUI.html,configuration=Conf...||3|http://99.999.99.999:2721/xfdmanag...|ZUUNI_MG|true|xf.xfd.Debug||4|https://99.999.99.999:2727/sclocal|ZUUNI_MG|true|xf.security.Local||5|https://99.999.99.999:2730/sclogin|ZUUNI_MG|true|xf.security.Login|...

Example — Dump Registry tool with host option

C:\\dev\\stsd\\bin\\win-32>DumpRegistry.exe--host=findaraNumberofregistryentries:16

------------------------------------------------------------------------------|#|URI|SWGROUP|LOCAL|TYPE|-----------------------------------------------------------------------------|1|http://99.999.99.999:2396/xfregistry|FINDARA_MG|true|xf.xfd...||2|http://99.999.99.999:2397/xfdmana...|FINDARA_MG|true|xf.xfd...||3|https://99.999.99.999:2403/sclocal|FINDARA_MG|true|xf.sec...||4|http://99.999.99.999:2423/xfcon...|FINDARA_MG|true|xf.Con...||5|https://99.999.99.999:2412/scdo...|FINDARA_MG|true|xf.sec...||-->USERDATA:securitydomains=PETS,FINDARA|authenticator...

Example — Dump Registry tool with host and group options

C:\\dev\\stsd\\bin\\win-32>DumpRegistry.exe--host=findara--group=zuuni_mgNumberofregistryentriesinManagementGroupZUNNI_MG:8

------------------------------------------------------------------------------|#|URI|SWGROUP|LOCAL|TYPE|-----------------------------------------------------------------------------|1|http://99.999.99.999:2720/xfregistry|ZUUNI_MG|false|xf.xfd...||2|http://99.999.99.999:2721/xfdmana...|ZUUNI_MG|false|xf.xfd...||3|http://99.999.99.999:2748/xfcon...|ZUUNI_MG|false|xf.Con...||4|https://99.999.99.999:2727/sclocal|ZUUNI_MG|false|xf.sec...||5|https://99.999.99.999:2730/sclogin|ZUUNI_MG|false|xf.sec...||-->USERDATA:securitydomains=PETS,ZUUNI|authenticator...

Host manager tool

TheHostManagertool(XfHostMgr.exe)providesacommandlineinterfaceandfacilitatesscriptingofManagementIntegrationFrameworksecurityfunctions.Itisusefulinavarietyofsituations,suchas:

8UsingManagementIntegrationFrameworkcommandlinetools

•SettingupasecurityenvironmentwhenaccesstotheManagementIntegrationFrameworksecurityGUIisnotavailable.

•Debuggingtoisolateproblemstotheserver-sideortheManagementIntegrationFrameworksecurityGUI.

•ViewingthecontentsoftheManagementIntegrationFrameworksecurityauthorizationdatabase.•ModifyingtheManagementIntegrationFrameworksecurityauthorizationdatabase.•RegisteringsecuritycredentialsforanAPI.Example — Host Manager tool

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPasswordStuff!statusInformationforMIHostZUUNIMachineName:Domain:

IsAuthenticator:

AvailableSecurityDomains:ActiveSecurityDomains:AuthorizationInformation:GenerationNumber:

12483230Owners:

Owner----CVEVAMI

Privileges:

Privilege---------ManageHPSecurityManageHPStorageOperateHPStorageViewHPStorage...

ZUUNIZUUNI_MGtrue

PETS,ZUUNIPETS,ZUUNI

Description-----------CommandViewEVA

immutabledefaultowner

Owner-----MICVEVACVEVACVEVA

Considerations

•Allcommands(exceptstatus)requirecredentials(userid/password)foramemberoftheManageHPSecuritygroup.•Thestatuscommandrequiresonlyavalidlogin.

•Avalidloginispossibleseveralways,forexamplewithcredentialsforamemberoftheHPSe-curityAdminsOSsecuritygroup.

Host Manager tool syntax overview

xfhostmgrcommand[arguments][options]whereacommandisoneofthefollowing:

Command–ver

Arguments

ManagementIntegrationFramework1.29

activeaddavailableavailable_autoclosecreatedeleteDupenabledisableflushgethelpjoinlistloginregisterstatusunregister

(owner|privilege|role|group)

available_autodirectoryUsernmaedirectoryPassword(session)new_group_name

(owner|privilege|role|group)handle

[token|credential](token|credential)id

destUseriddestPassword

(members|roles|privileges|groups|sessions)useridpassword[includeOsGroup]providerIdtypeisFilecredential

providerId

•Argumentsinparenthesisarekeywordstothecommand.Theyareseparatedbyverticalbar(|)whenthereismorethanonechoice.

•Bracketsdenoteoptionalkeywordsoroptions.

•Keywordsoutsideofparenthesisorbracketsarevaluesthatmustbesupplied.Option switches

•Optionswitches,exceptforhandle,canbespecifiedtwoways.Seetablewithexamples.•-hand-g.ThehostandgroupoptionsspecifyaManagementIntegrationFrameworkawarehost(machine)orManagementGroup.Theseoptionsalsohavedefaultvalueswhichareshowninthehelpoutput.

•-uand-p.Theuseridandpasswordoptionsareusedtoprovidesecuritycredentialswhenthecommandisissued.

•––handle.Thehandleoptionisusedtoprovideahandleforauthentication,insteadofuserid/passwordcredentials.

Option(shortform)

Option(longform)

Description / Examples

10UsingManagementIntegrationFrameworkcommandlinetools

–?––help=help

xfhostmgr—?statusxfhostmgr––help=status

–g––group=ManagementGroup

xfhostmgr–gZUUNI\\HPSecurityAdminsxfhostmgr––group=ZUUNI\\HPSecurityAdmins

–h––host=ManagementIntegrationFrameworkawarehost(machine)xfhostmgr–hZUNNIxfhostmgr––host=ZUNNI

–p––password=password

xfhostmgr–pPas1word

xfhostmgr––password=Pas1word

–u––user=userid

xfhostmgr–uRalphQxfhostmgr––user=RalphQ

––handle=handle

xfhostmgr––handle=4PvlItjiRkKceekv1+FmROtWMERQvjMq

Examples scenario

InthefollowingHostManagercommandexamples,ZUNNIisthelocalManagementIntegrationFrameworkawarehostandFINDARAistheremoteManagementIntegrationFrameworkawarehost.TheyaretheonlyManagementIntegrationFrameworkawarehostsintheenvironment.

-ver command

DisplaystheversionofManagementIntegrationFrameworksoftware.Syntax-ver

Active command

TheactivecommandestablishesthelistofactiveOSsecuritydomainsthatcanbeusedasauthenticatingdomains.Syntax

activeExample — Active command

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest@zuuni-pPas1word!activeZUUNISuccessfullysetactivesecuritydomains

ManagementIntegrationFramework1.211

Add command

TheaddcommandaddsmappingstotheManagementIntegrationFrameworksecurityauthorizationdatabase.Syntax

add(owner|privilege|role|group)Syntaxdetail

addownerowner_namedescriptionaddprivilegeprivilege_nameowner

addrolerole_nameowner(listofprivileges)addgroupsecurity_domainsecurity_group

Thefollowingexampleaddsanowner,thenaddsprivileges,roleandgroup.Example — Add command

First,anewownerisadded.

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!addownerME\"Atestowner\"Successfullyaddedowner

Next,twoprivilegesareaddedforthenewowner.

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!addprivilegePRIV_AMESuccessfullyaddedprivilege

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!addprivilegePRIV_BMESuccessfullyaddedprivilege

Available command

TheavailablecommandestablishesanadministratordefinedlistofOSsecuritydomainsthatcanbeusedasauthenticatingdomains.Syntax

available

InthefollowingexampletheOSsecuritydomainZUNNIisaddedtothelistofavailableauthenticatingdomainsforthelocalManagementIntegrationFrameworkawaremachine.Example — Available command

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest@zuuni-pPas1word!availableZUUNISuccessfullysetavailablesecuritydomains

Available_auto command

Theavailable_autocommandautomaticallysetsthelistofavailableOSsecuritydomainstothelistofgroupsadomainuseraccountisamemberof.

12UsingManagementIntegrationFrameworkcommandlinetools

Syntax

available_autodirectoryUsernamedirectoryPasswordConsiderations

•Adomainaccountmustbespecifiedinthiscommand.Donotspecifyalocaluseraccount.Example — Available_auto command

C:\\dev\\cveva\\bin\\win-32>xfhostmgravailable_autopetsdomain\\cat99Pas1wordSuccessfullysetavailablesecuritydomainsusingdirectoryservice

Close command

Theclosecommandinvalidatesasinglesecuritysessionusingthesecuritytokenhandle.Syntax

close(session)

Inthefollowingexamplenotethatthesecuritytokenisnolongervalidaftertheclosecommandisissued.

Example — Close command

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!listsessionsHandleUsername--------------4iHUuGMKxO8eAlSTkn97TLOWJfkUGODTtest@ZUUNIaQOfatIVuyFsO/uUdZhvn9yh3AixnI6qtest@ZUUNIduHTxJlKzLP0hxXet05G6U9q1zB0ZGzbtest@ZUUNIfJexS0g+b0VrzdtsD4nBlbA8Nex7VVOitest@ZUUNIgW7MQ1mbeGLffw8fuhrHDjT/ASXS6hEhtest@ZUUNIlf8JUbSLSR2DYg1Qg2lXQd4bnpQoaL67test@ZUUNIo/hjWyWkLYzc+tEWWm99avaX0FhaOQCXtest@ZUUNIss0/+biSgc+foSnDkD+GkFaXDrKrFoJptest@ZUUNIuU0R0duGrS/0e/HPzhc3Hr3MSaf/eYP2test@ZUUNI

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!closesession4iHUuGM...Successfullyclosedusersession4iHUuGMKxO8eAlSTkn97TLOWJfkUGODT

C:\\dev\\cveva\\bin\\win-32>xfhostmgr--handle=4iHUuGMKxO8eAlSTkn97TLOWJfkUGODTstatusSOAP1.1fault:SOAP-ENV:Client[nosubcode]\"Unknownsecuritytokenhandle\"Detail:

UnexpectedsoapfaultcallingloginUserLoginfailedondomainZUUNI_MG

Create command

ThecreatecommandcreatesanewManagementGroupontheManagementIntegrationFrameworkawaremachine.Syntax

createnew_group_name

ManagementIntegrationFramework1.213

Example — Create command

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!createFOOBARSuccessfullycreatedomainFOOBAR

Delete command

Thedeletecommandremovesitemsthathavebeenaddedwiththeaddcommand.Syntax

delete(owner|privilege|role|group)Syntaxdetail

deleteowner_namedeleteprivilege_namedeleterole_name

deletesecurity_domain[security_group](listofroles)

Thefollowingexampledeletesanowner.Notethatdeletingtheownerdeletestherelatedprivileges,roles,andgroups.

Example — Delete command, owner

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!deleteownerMESuccessfullydeletedowner

Disable command

ThedisablecommanddisablesaManagementIntegrationFrameworkawaremachineasanauthenticatorfortheManagementGroupinwhichitisamember.SyntaxdisableConsiderations

•Youcannotdisabletheonlyauthenticatorinagroup.Example — Disable command

C:\\dev\\svsp\\bin\\win-32>xfhostmgr-utest@findara-pPas1word!disableSuccessfullydisabledauthentication

Dup command

Thedupcommandisusedtoduplicateasecurityhandle.

Thiscanbeusefulifanewhandleisneededthathasadifferentusefullifetime.Forinstance,ifaManagementIntegrationFrameworkGUIloginisperformed,thenthehandletheloginhaswillbecomeinvalidwhentheuserlogsofftheManagementIntegrationFrameworkGUI.Ifabackgroundserver

14UsingManagementIntegrationFrameworkcommandlinetools

processneedstousethehandleforalongerperiodoftime,thenitcanduplicateitandkeepthehandleaslongasneeded.SyntaxDuphandle

Example — Dup command

C:\\dev\\cveva\\bin\\win-32>xfhostmgrlogintest@zuuniPas1word!LoginsucceededHandle:Fxs5Rrjlx7y2encCGOtcniCz/JEBLSgoPrinciple:test@ZUUNIAccount:testOSRealm:ZUUNISignedLocally:falseXFDomain:ZUUNI_MGTimeIssued:ThuJul3014:06:492009Privileges:ManageHPSecurity

ManageHPStorageOperateHPStorageViewHPStorage

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest@zuuni-pPas1word!dupFxs5Rrjlx7y2...Newsecuritytokenhandle=woVOylZ2IZiHL+eYBPoyym7EU4BQlMuT

Enable command

TheenablecommandenablesaManagementIntegrationFrameworkawaremachineasanauthenticatorfortheManagementGroupinwhichitisamember.Syntaxenable

Inthefollowingexample,theserverfindaraisintheManagementGroupzuuni_mgbutisnotanauthenticatorforthegroup.Afterissuingtheenablecommand,findarabecomesanauthenticatorforthegroup.

Example — Enable command

C:\\dev\\svsp\\bin\\win-32>xfhostmgr-utest@zuuni-pPas1word!enableSuccessfullyenabledauthentication

Flush command

TheflushcommanddeletessecuritytokensorregisteredcredentialsfromtheManagementIntegrationFrameworksecuritydatabase.Syntax

flush[token|credential]

InthefollowingexampletheManagementIntegrationFrameworksecuritydatabasehas7sessionsactivewhentheflushcommandisissued.Notethat8sessionsareflushedbecausetheflushcommanditselfcreatedan8thsession.

ManagementIntegrationFramework1.215

Example — Flush command, token

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!flushtokenFlushed8entriesinthesecuritytokencache

Get command

ThegetcommandretrievesatokenusingitshandleorcredentialsusingitsproviderId.Syntax

get(token|credential)idExample — Get command, token

C:\\...xfhostmgr-utest-pPas1word!gettoken5OmUzZiIgMC1o7ebH...Gotsecuritytoken(5OmUzZiIgMC1o7ebHHVdMJl2POoVRYHr)Handle:5OmUzZiIgMC1o7ebHHVdMJl2POoVRYHrPrinciple:test@ZUUNIAccount:testOSRealm:ZUUNIXFDomain:ZUUNI_MG

TimeIssued:ThuJul3014:39:492009

Privileges:ManageHPSecurity,ManageHPStorage,OperateHPStorage,ViewHPS...SecurityTokenXML:

5OmUzZiIgMC1o7ebHHVdMJl2POoVRYHrtest@ZUUNIZUUNI_MG

false

CVStorageManagerCVStorageUser

ManageHPSecurityManageHPStorageOperateHPStorageViewHPStorage

W1EuQIY994L5Kzv2DntO5zKLzskk1q+tV2skv2h...=ThuJul3014:39:492009

Help command

Displayshelpforthetooloraspecificcommand.Syntax

help

16UsingManagementIntegrationFrameworkcommandlinetools

Join command

ThejoincommandjoinsaManagementIntegrationFrameworkawaremachinetoanexistingManagementGroup.

ItisnecessarytohavethesecurityadminprivilegeonthelocalManagementIntegrationFrameworkmachineandonaManagementIntegrationFrameworkauthenticatorinthegroupthatisbeingjoined.Syntax

joindestGroupdestUseriddestPasswordExample — Join command

C:\\dev\\svsp\\bin\\win-32>xfhostmgr-utest@findara-pPas1word!joinzuuni_mgtest@zuuniPas2word!Successfullyjoineddomainzuuni_mg

List command

Thelistcommandshowssecurityentities,suchas:groupmembers,roles,privileges,OSgroups,andsessions.Syntax

list(members|roles|privileges|groups|sessions)Example — List command, members

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!listmembersNameIPDomainAuthenticator?ManageableByUser?--------------------------------------FINDARA99.999.99.999ZUUNI_MGnoyesZUUNI99.999.99.999ZUUNI_MGyesyes

Example — List command, roles

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!listrolesAuthorizationInformation:GenerationNumber:

12483230Roles:Role----CVStorageManager

CVStorageUser

HPSecurityAdministrator

Owner-----CVEVACVEVAMIPrivileges----------ManageHPSecurity,ManageHPStorage,OperateHPStorage,ViewHPStorageViewHPStorageManageHPSecurity

ManagementIntegrationFramework1.217

Example — List command, privileges

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!listprivilegesAuthorizationInformation:GenerationNumber:

12483230Privileges:

Privilege---------ManageHPSecurityManageHPStorageOperateHPStorageViewHPStorage

Owner-----MICVEVACVEVACVEVA

Example — List groups

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!listgroupsAuthorizationInformation:GenerationNumber:

12483230GrouptoRoleMappings:

SecurityDomain---------------PETSPETSZUUNIZUUNIZUUNI

Group-----PETS\\HPSecurityAdminsZUUNI\\HPSecurityAdminsZUUNI\\HPSecurityAdminsZUUNI\\HPStorageAdminsZUUNI\\HPStorageUsersRoles-----HPSecurityAdministratorHPSecurityAdministratorHPSecurityAdministratorCVStorageManagerCVStorageUser

Login command

ThelogincommandperformsaloginwiththeManagementIntegrationFrameworkawaremachine.Thisisusefulfordeterminingifaparticularuserhassufficientprivilegestologin,verifyingthatthebasicsecurityauthenticationIntegrationFrameworkisworking,viewingtheprivilegesofauser,ortogetahandleforuseinothersecurityoperations.

The-logincommandtakesauseridandapasswordandwillperformaloginusingthem.TheuseridcanbeunqualifiedorqualifiedwithanOSsecuritydomain.Forexample:test(unqualified)or

test@zuuni(qualified).Thedefaultsecuritydomainisthelocalmachineifitisunqualified.Thepasswordisthenormalpasswordusedforloggingin.

The-hoptionisignoredforthelogincommand.Thelogincommandwillusethe-goptiontotargetaparticularManagementGroupforthelogin.Syntax

loginuseridpassword[includeOsGroup]

18UsingManagementIntegrationFrameworkcommandlinetools

Example — Login command, qualified user id

C:\\dev\\cveva\\bin\\win-32>xfhostmgrlogintest@zuuniPas1word!LoginsucceededHandle:K39rfGlDth4Lo+4SIICsj30yvsoItCSjPrinciple:test@ZUUNIAccount:testOSRealm:ZUUNISignedLocally:falseMIDomain:ZUUNI_MGTimeIssued:ThuJul2315:27:532009Privileges:ManageHPSecurity,ManageHPStorage,OperateHPStorage,View...

Example — Login command, unqualified user id

C:\\dev\\cveva\\bin\\win-32>xfhostmgrlogintestPas1word!LoginsucceededHandle:6TEkkIDCeATKOyh9f+9Rxvqu0U13pfHwPrinciple:miftest@ZUUNIAccount:testOSRealm:ZUUNISignedLocally:falseMIDomain:ZUUNI_MGTimeIssued:ThuJul2315:28:582009Privileges:ManageHPSecurity,ManageHPStorage,OperateHPStorage,View...

ThefollowingexampleshowsanOSsecuritydomain(findara)fromaManagementIntegrationFrameworkawaremachine(zuuni).ThisispossiblebecauseauthenticationwaspreviouslyenabledonaManagementIntegrationFrameworkawaremachinenamedfindara.Example — Login command, OS security domain

C:\\dev\\cveva\\bin\\win-32>xfhostmgrlogintest@findaraPas1word!LoginsucceededHandle:sBNJD+Cp0kdm6OgGwOjyJXslRvLJRVhqPrinciple:test@FINDARAAccount:testOSRealm:FINDARASignedLocally:falseMIDomain:ZUUNI_MGTimeIssued:ThuJul2315:30:062009Privileges:ManageHPSecurity,ManageHPStorage,OperateHPStorage,View...

Inthisexample,thelogincommandusestheoptionalBooleanparameterincludeOsGroup(true).ThisincludesthelistofOSsecuritygroupstheuserisamemberof.Thiscanbeusefulindebuggingasecuritysetup.

ManagementIntegrationFramework1.219

Example — Login command, includeOsGroup

C:\\dev\\cveva\\bin\\win-32>xfhostmgrlogintestPas1word!trueLoginsucceededHandle:WiYrd588ssqE1g/I8gDlCTRwWCwg5Aa2Principle:test@ZUUNIAccount:testOSRealm:ZUUNISignedLocally:falseMIDomain:ZUUNI_MGTimeIssued:ThuJul3015:08:452009Privileges:ManageHPSecurity

ManageHPStorageOperateHPStoragePRIV_APRIV_B

ViewHPStorage

OsGroups:ZUUNI\\None

\\Everyone

ZUUNI\\HPStorageAdminsZUUNI\\HPStorageUsersBUILTIN\\Users

NTAUTHORITY\\NETWORK

NTAUTHORITY\\AuthenticatedUsersNTAUTHORITY\\NONE_MAPPED\\LOCAL

Thisisanexampleofabadlogin.Notethattheloginservicedoesnotspecifywhatwentwrong,justthattheloginfailed.

Example — Login command, error result

C:\\dev\\cveva\\bin\\win-32>xfhostmgrloginsoupysomepasswordSOAP1.1fault:SOAP-ENV:Client[nosubcode]\"Loginfailed\"Detail:

UnexpectedsoapfaultcallingloginUserLoginfailedondomainZUUNI_MG

Register command

TheregistercommandaddsprovidersecuritycredentialstotheManagementIntegrationFrameworksecuritydatabase.

Securitycredentialshavethefollowingattributes:

•providerId.Auniqueidusedtoreferencethecredential.

•Type.AnHPStorageWorksapplicationdefinedtype

•isFile.ABooleanindicatingwhetherornotthecredentialisafile(trueorfalse).

•Credentialvalue.Typicallyastringorfilename.Insomecasesthevaluecanbeauserid/passwordthatisneededbyanAPI.Syntax

registerproviderIdtypeisFilecredentialConsiderations

20UsingManagementIntegrationFrameworkcommandlinetools

•Ifacredentialisaddedwithanidthatalreadyexists,thepreviousvalueisoverwritten.Iftheis-Fileflagistrue,thentheexistenceofthefilewillbeverified.Example — Register command, providerId

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest@zuuni-pPas1wordregisterid1aTypefalse1234

Successfullyregisteredcredential

Example — Register command, fileType

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest@zuuni-pPas1word!registerid2fileTypetrue..\\..\\credentials.txt

Successfullyregisteredcredential

Status command

ThestatuscommandreturnssecurityauthorizationinformationfortheManagementIntegrationFrameworkawaremachine,including:

•AvailableOSsecuritydomains•ActiveOSsecuritydomains

•IftheManagementIntegrationFrameworkawaremachineisanauthenticatorfortheManagementGroup

•Mappingsofowners,privileges,roles,andOSgroups•RegisteredcredentialsSyntaxstatus

ManagementIntegrationFramework1.221

Example — Status command

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest-pPas1word!statusInformationforMIHostZUUNIMachineName:Domain:

IsAuthenticator:

AvailableSecurityDomains:ActiveSecurityDomains:AuthorizationInformation:GenerationNumber:

12483230Owners:

Owner-----CVEVAMG

Privileges:

Privilege---------ManageHPSecurityManageHPStorageOperateHPStorageViewHPStorageRoles:

Role----CVStorageManager

CVStorageUser

HPSecurityAdmin...GrouptoRoleMappings:

SecurityDomain---------------PETSPETSZUUNIZUUNIZUUNI

ZUUNIZUUNI_MGtrue

PETS,ZUUNIPETS,ZUUNI

Description-----------CommandViewEVA

immutabledefaultowner

Owner-----MICVEVACVEVACVEVA

Owner-----CVEVACVEVAMIPrivileges----------ManageHPSecurity,ManageHPStorage,OperateHPStorage,ViewHPStorageViewHPStorageManageHPSecurity

Group-----PETS\\HPSecurityAdminsZUUNI\\HPSecurityAdminsZUUNI\\HPSecurityAdminsZUUNI\\HPStorageAdminsZUUNI\\HPStorageUsersRoles-----HPSecurityAdmini...HPSecurityAdmini...HPSecurityAdmini...CVStorageManagerCVStorageUser

Currentlyregisteredcredentials:

providerId,owningInstanceId,type,isfile,credential,islocal-----------------------------------------------------------------

Unregister command

TheunregistercommandremovesprovidersecuritycredentialsfromtheManagementIntegrationFrameworksecuritydatabase.Syntax

unregisterproviderId

22UsingManagementIntegrationFrameworkcommandlinetools

Example — Unregister command

C:\\dev\\cveva\\bin\\win-32>xfhostmgr-utest@zuuni-pPas1word!unregisterid1Successfullyunregisteredcredential

Host Reset tool

TheHostResettool(XfHostReset.exe)restoresaManagementIntegrationFrameworkawaremachinetoitsdefaultManagementIntegrationFrameworkconfiguration.

ThisisusefulifaManagementIntegrationFrameworkawaremachinegetsintoacorruptstateandcannolongerbemanaged.ThetoolterminatesallexistingManagementGroupmembershipsandcreatesanewManagementGroup.Considerations

•ThetoolusermustbeamemberoftheManageHPSecuritygroup.

Option(shortform)–?

Option(longform)––help

Description / ExamplesDisplayshelpxfhostreset–?xfhostreset––helpManagementGroup

–g

––group=

xfhostreset–gZUUNI\\HPSecurityAdminsxfhostreset––group=ZUUNI\\HPSecurityAdminspassword

–p

––password=

xfhostreset–pPas1word

xfhostreset––password=Pas1word

–q

––quiet=

Runinquietmodexfhostreset–qxfhostreset––quietuser(administrator)

–u

––user=

xfhostreset–uRalphQxfhostreset––user=RalphQ

–v

––ver

DisplaystheManagementIntegrationFrameworksoftwareversion.xfhostreset–vxfhostreset––ver

Example — Host Reset tool

InthisexampleZUNNIisthelocalManagementIntegrationFrameworkawarehost.

ManagementIntegrationFramework1.223

C:\\dev\\cveva\\bin\\win-32>XfHostResetMIHostResetUtility---------------------ThisutilitymaybeusedtoresettheManagementGroup(MG)configurationofanOFFLINEhost.AnyexistingMGmembershipwillbeterminatedandanewMGwillbecreatedonthehost.Theuseraccountsuppliedmustbeamemberofthelocalsecuritygroup:

Use'HPSecurityAdmins'Continue(y/n)?y

Enternewdomainname:TEST_MGEnteruserid:testEnterpassword:

Successfullycreatedthenewdomain

C:\\dev\\cveva\\bin\\win-32>XfHostMgrlistmembersName----ZUUNI

IP

-------------99.999.99.999

Domain--------TEST_MG

Authenticator?--------------yes

ManageableByUser?-------------------yes

24UsingManagementIntegrationFrameworkcommandlinetools

2 Support and other resources

Release history

HPManagementIntegrationFrameworkreleases:Release

2010(Aug)2010(Feb)

Version

1.21.0

Contacting HP

HP technical support

Forworldwidetechnicalsupportinformation,seetheHPsupportwebsite:http://www.hp.com/supportBeforecontactingHP,collectthefollowinginformation:••••••

Productmodelnamesandnumbers

Technicalsupportregistrationnumber(ifapplicable)ProductserialnumbersErrormessages

OperatingsystemtypeandrevisionlevelDetailedquestions

Subscription service

HPrecommendsthatyouregisteryourproductattheSubscriber'sChoiceforBusinesswebsite:http://www.hp.com/go/wwalertsAfterregistering,youwillreceivee-mailnotificationofproductenhancements,newdriverversions,firmwareupdates,andotherproductresources.

Documentation feedback

HPwelcomesyourfeedback.Tomakecommentsandsuggestionsaboutproductdocumentationyoucan:

•Sendane-mailtostoragedocsFeedback@hp.com.

•Completeabriefsurveyathttp://www.hp.com/support/storagedocsurvey.AllsubmissionsbecomethepropertyofHP.

ManagementIntegrationFramework1.225

Related information

Tofindrelateddocuments,browsetotheManualspageoftheHPBusinessSupportCenterwebsite:http://www.hp.com/support/manualsFormostrelateddocumentation,navigatetotheStoragesection,selectastoragecategory(StorageSoftware>StorageDeviceManagementSoftware)andproduct.

Documents

•HPStorageWorksManagementIntegrationFrameworkAdministrationGuide

•HPStorageWorksManagementIntegrationFrameworkMaintenance&ServiceGuide••••HPHPHPHP

StorageWorksStorageWorksStorageWorksStorageWorks

CommandViewEVAReleaseNotesCommandViewEVAInstallationGuideCommandViewEVAUserGuide

EnterpriseVirtualArrayCompatibilityReference

•HPStorageWorksSANVirtualizationServicesPlatformReleaseNotes

•HPStorageWorksSANVirtualizationServicesPlatformAdministratorGuide•HPStorageWorksSANVirtualizationServicesPlatformManagerUserGuide

Websites

•HP.com

http://www.hp.com•HPstorage

http://www.hp.com/go/storage•HPmanuals

http://www.hp.com/support/manuals•HPdownloaddriversandsoftware

http://www.hp.com/support/downloads•HPsoftwaredepot

http://www.software.hp.comTypographic conventions

ConventionBluetext:typographicconventionsBlue,underlinedtext:http://www.hp.comUsesCross-referencelinksande-mailaddressesWebsiteaddresses•KeysthatarepressedBoldtext•TexttypedintoaGUIelement,suchasabox•GUIelementsthatareclickedorselected,suchasmenuandlistitems,buttons,tabs,andcheckboxes26Supportandotherresources

Convention

Italictext

Uses

Textemphasis

•Fileanddirectorynames

Monospacetext

•Systemoutput•Code

•Commands,theirarguments,andargumentvalues

Monospace,italictextMonospace,boldtext...

•Codevariables•CommandvariablesEmphasizedmonospacetext

Indicationthattheexamplecontinues.

Analertthatcallsattentiontoimportantinformationthatifnotun-derstoodorfollowedcanresultinpersonalinjury.

Analertthatcallsattentiontoimportantinformationthatifnotun-derstoodorfollowedcanresultindataloss,datacorruption,ordamagetohardwareorsoftware.

Analertthatcallsattentiontoessentialinformation.

Analertthatcallsattentiontoadditionalorsupplementaryinform-ation.

Analertthatcallsattentiontohelpfulhintsandshortcuts.

WARNING!

CAUTION:IMPORTANT:NOTE:TIP:

Customer self repair

HPCSRprogramsallowyoutorepairyourStorageWorksproduct.IfaCSRpartneedsreplacing,HPshipsthepartdirectlytoyousothatyoucaninstallitatyourconvenience.SomepartsdonotqualifyforCSR.YourHP-authorizedserviceproviderwilldeterminewhetherarepaircanbeaccomplishedbyCSR.

FormoreinformationaboutCSR,contactyourlocalserviceprovider.ForNorthAmerica,seetheCSRwebsite:

http://www.hp.com/go/selfrepairThisproducthasnocustomer-replaceablecomponents.

ManagementIntegrationFramework1.227

28Supportandotherresources

Glossary

URI

ManagementUniversalResourceIdentifier.IdentifiesaresourceontheInternet.Example:hp.com

HPStorageWorksManagementIntegrationFrameworksoftware.

IntegrationFramework

ManagementIntegrationFramework1.229

30Glossary

Index

D

documentation

providingfeedback,25relateddocuments,26

S

Subscriber'sChoice,HP,25support,HP,25

W

websitesHP,

HPSubscriber'sChoiceforBusiness,25productmanuals,26

ManagementIntegrationFramework1.231

32