manualshive.com logo in svg

Brocade Communications Systems 53-1001778-01, User Manual

Looking for a free User Manual for Brocade Communications Systems 53-1001778-01? You can easily download it from manualshive.com. Get all the information you need to properly operate and troubleshoot your device with this comprehensive manual. Don't miss out on this valuable resource!

Share
Download
background image

Brocade SMI Agent User’s Guide

49

53-1001778-01

Client configuration to use client certificates

4

.client.ind.truststore

clientind.cer

There are three ways to configure a WBEM client to use a client certificate with the SMI-A:

using a property file

using system property values when invoking the WBEM client

using a WBEM client listener program (mutual authentication for indications only)

Configuring a client to use client certificates using a property file

1. Create a 

WbemClient.properties

 file, which contains information for the configuration of the 

client keystore and truststore.

For example, if the SMI-A is installed under 

D:\smiagent

, the contents of the 

WbemClient.properties

 file should be as follows.

Mutual authentication for clients:

javax.net.ssl.keyStore=D:/smiagent/agent/client/.client.keystore
javax.net.ssl.keyStorePassword=SSLclient
javax.net.ssl.trustStore=D:/smiagent/agent/client/.client.truststore
javax.net.ssl.trustStorePassword=trustSSLclient

Mutual authentication for indications:

wbem.indications.keyStore=D:/smiagent/agent/client/.client.ind.keystore
wbem.indications.keyStorePassword=SSLindication
wbem.indications.trustStore=D:/smiagent/agent/client/.client.ind.truststore
wbem.indications.trustStorePassword=trustSSLindication

Note that both the javax.net.* properties and the wbem.indications.* properties can be 
specified in the same 

WbemClient.properties

 file.

2. Modify the CLASSPATH environment variable to reference this file. 

The CLASSPATH should contain only the path to the directory where the file is present and not 
the path to the file itself. For example, if the 

WbemClient.properties

 file is located at 

C:\SMIAgent\agent

, then the CLASSPATH environment variable should be:

C:\SMIAgent\agent

Configuring a client to use client certificates using system property 
values

Pass the required system properties as jvm parameters on the command line, using the -D 
option as follows.

Mutual authentication for clients:

java -classpath <SMIAgent>/agent/lib/wbem.jar
-Djavax.net.ssl.keyStore=<SMIAgent>/agent/client/.client.keystore
-Djavax.net.ssl.keyStorePassword=SSLclient
-Djavax.net.ssl.trustStore=<SMIAgent>/agent/client/.client.truststore
-Djavax.net.ssl.trustStorePassword=trustSSLclient
clientprogram

Summary of Contents for 53-1001778-01

Page 1: ...53 1001778 01 30 March 2010 Brocade SMI Agent User s Guide Supporting SMI Agent 120 11 0...

Page 2: ...the open source software and obtain a copy of the programming source code please visit http www brocade com support oscd Brocade Communications Systems Incorporated Document History Corporate and Lat...

Page 3: ...o support Fabric OS 6 1 2_cee and SMI A 120 9 0 March 2009 Brocade SMI Agent User s Guide 53 1001263 02 Updated the procedure for adding proxy connections April 2009 Brocade SMI Agent User s Guide 53...

Page 4: ...iv Brocade SMI Agent User s Guide 53 1001778 01...

Page 5: ...i Brocade resources xiii Other industry resources xiii Getting technical help xiv Brocade SMI Agent support xv Document feedback xvi Chapter 1 Overview In this chapter 1 Common Information Model CIM 1...

Page 6: ...ovider xml on fabric segmentation 16 Including multiple switch connection entries from the same fabric in the provider xml 16 Adding proxy connections 16 Removing proxy connections 17 Login failure st...

Page 7: ...7 Mutual authentication for clients 47 Enabling mutual authentication for clients 48 Mutual authentication for indications 48 Enabling mutual authentication for indications 48 Client configuration to...

Page 8: ...Attributions In this chapter 57 Open source software used in SMI A 57 Sun Industry Standards Source License 58 IBM Common Public License 62 OpenSLP License 65 Bouncy Castle 66 GNU Library General Publ...

Page 9: ...t contains the following components Chapter 1 Overview provides an overview of the CIM the Brocade SMI S initiative and the Brocade SMI Agent Chapter 2 Brocade SMI Agent explains how to start and stop...

Page 10: ...atforms are supported by this release of Brocade SMI Agent 120 11 0 Brocade 200E switch Brocade 300 switch Brocade 3000 switch Brocade 3014 switch Brocade 3016 switch Brocade 3200 switch Brocade 3250...

Page 11: ...on the Brocade DCX and DCX 4S Port blades FC8 16 FC8 32 FC8 48 FC8 64 FC4 port blades FC10 6 FC4 16IP FC4 48C FCoE10 24 FA4 18 FR4 18i FS8 18 FX8 24 What s new in this document New hardware platform...

Page 12: ...guidance or advice emphasizes important information or provides a reference to related information ATTENTION An Attention statement indicates potential damage to hardware or data Key terms For defini...

Page 13: ...e on the My Brocade web site and are also bundled with the Fabric OS firmware Other industry resources For information about the Distributed Management Task Force DMTF including information about CIM...

Page 14: ...and the results Serial console and Telnet session logs syslog message logs 2 Switch Serial Number The switch serial number and corresponding bar code are provided on the serial number label as illust...

Page 15: ...ving the Brocade logo plate at the top of the nonport side of the chassis For the Brocade Multiprotocol Router Model AP7420 Provide the switch WWN Use the switchShow command to display the switch WWN...

Page 16: ...s of this document However if you find an error or an omission or you think that a topic needs further development we want to hear from you Forward your feedback to documentation brocade com Provide t...

Page 17: ...s The CIM Schema provides the actual model descriptions The CIM Schema supplies a set of classes with properties and associations that provide a well understood conceptual framework within which it is...

Page 18: ...h the data path to an application running on a host The standard promises to remove much of the vendor specific issues associated with managing storage storage networks hosts and applications by provi...

Page 19: ...ic profile Switch profile Extender profile discovery only FC HBA profile The Brocade SMI Agent Developer s Guide has additional information about the supported profiles and subprofiles Additional supp...

Page 20: ...ric events Basic support for non Brocade switches switches ports topology information and so on HTTP and HTTPS protocols HTTP and HTTPS port configuration Mutual authentication for clients and indicat...

Page 21: ...d removal on page 31 The following procedures describe how to start the SMI A without security and with security enabled By default security is disabled on all platforms In this case security is the a...

Page 22: ...emon was started stop the daemon using the procedures described in Service Location Protocol SLP support on page 7 NOTE On Linux Solaris or AIX if security is enabled for the agent then the stop_serve...

Page 23: ...s SMIAgent agent server jserver bin stop_agent_service bat On Windows you can also click Start Programs SMIAgent Stop SMI Agent Service Service Location Protocol SLP support The Brocade SMI Agent supp...

Page 24: ...be different it should produce output similar to the following service service agent 127 0 0 1 65535 slptool findsrvs service wbem This command verifies that the SMI A SLP service is properly adverti...

Page 25: ...ons that do not dynamically register themselves with SLP using SLPAPIs can instead register statically by modifying the following file SMIAgent agent cfg slp reg For more information about these files...

Page 26: ...The specified service already exists 0x431 Starting SLP on Windows 1 Install the SLP service as described in Installing SLP on Windows 2 Open a command prompt via Start Programs Accessories Command P...

Page 27: ...e SMI A Configuration Tool see Configuring HTTP access on page 24 Use the command line scripts packaged by the SMI A installer The SMI A installer packages the scripts DeleteXMLProtocolAdapter to perm...

Page 28: ...found at server jserver bin with the following entry host address xxx xxx xxx xxx For example xml version 1 0 encoding ISO 8859 1 DOCTYPE agent_config SYSTEM SMIAgentConfig dtd agent_config dbserver...

Page 29: ...options This tool is installed during SMI A installation and can be used after installation is complete You must install the Brocade SMI Agent before you can use the Configuration Tool The Configurat...

Page 30: ...s disabled if the server is not running the Stop Server button is disabled Action buttons Apply Applies the changes you have made in the content pane without closing the window Cancel Cancels the chan...

Page 31: ...inux Solaris and AIX 1 Navigate to the directory where the tool is located SMIAgent agent server jserver bin where SMIAgent is the directory where the Brocade SMI Agent is installed 2 Execute the foll...

Page 32: ...ords are stored in encrypted format in the provider xml file Duplicate proxy IP addresses are not allowed The provider xml file is located in the SMIAgent agent server jserver bin directory Reloading...

Page 33: ...the Brocade SMI Agent Configuration Tool if the status is Login Failed Removing proxy connections 1 Launch the Brocade SMI Agent Configuration Tool 2 Click Proxies in the menu tree see Figure 4 on pag...

Page 34: ...dmin level access and give all the other SMI A users user level access in the Default User Mapping section TABLE 1 Login failure status messages LoginAsUser Return Code Status message in Proxies panel...

Page 35: ...g This button is unavailable if the server is already stopped 4 Click Add 5 Fill out the User Mapping Configuration dialog box and click OK The Proxy IP SMIA User name and Switch User name fields are...

Page 36: ...fabric 1 Launch the Brocade SMI Agent Configuration Tool 2 Click Default User Mapping in the menu tree see Figure 8 FIGURE 8 Default user mapping 3 Click the Stop Server to stop the SMI A if it is ru...

Page 37: ...d in User mapping and Default User mapping configurations should have access to at least one of the logical fabrics configured in the VF enabled chassis The SMI Agent does not restrict access based on...

Page 38: ...certificate to the SMI A TrustStore and export the server certificate to a file where the client can access it If you enable mutual authentication you may choose to disable the CIM XML client protoco...

Page 39: ...ge 24 The content pane displays the current setting which is selected and dimmed 3 To enable mutual authentication for indications click the Enable Indication Authentication radio button If this optio...

Page 40: ...ck HTTP Access in the menu tree see Figure 11 The content pane displays the current setting which is selected and unavailable If the SMI A server is not running the Configuration Tool cannot determine...

Page 41: ...is enabled NOTE You can import only certificates generated using Java Keytool or OpenSSL If mutual authentication is enabled and if you do not provide a security certificate then the Brocade provided...

Page 42: ...porting server certificates If you enable mutual authentication for clients or mutual authentication for indications you can export the corresponding SMI A server certificate to a file so the client c...

Page 43: ...icate used for mutual authentication for indications 5 Click Apply The changes take effect when you restart the server Click Start Server to restart the server Viewing or deleting client certificates...

Page 44: ...ation You must have Administrator privileges Windows or root admin privileges Unix to configure user authentication This option is disabled if you do not have the appropriate privilege The SMI A serve...

Page 45: ...ted to provide local user credentials This option is available only if you clicked Enable User Authentication or if user authentication is already enabled 5 Click Apply If you enabled user authenticat...

Page 46: ...encoding setting click the button of the available option If encoding is already enabled the Disable Proxy Connection Details Encoding option is available If user authentication is already disabled t...

Page 47: ...see Figure 17 The content pane displays the current setting which is selected and dimmed 3 To change the setting click the button of the available option If the SMI Agent is installed as a service th...

Page 48: ...u must configure each SMI A to use different ports Refer to your operating system documentation for more information on whether a CIM agent is running When you choose values for the HTTP and HTTPS por...

Page 49: ...ric will fail ARR and eventing ports are optional If you do not configure them or if you configure them with a value of 0 the SMI Agent dynamically allocates a port during server startup When you choo...

Page 50: ...ting Brocade Fabric Manager server If your management application does not make use of historical port statistics you do not need to configure a connection to the Fabric Manager database The Fabric Ma...

Page 51: ...database user Default DSN user name is dba Password Password for the database user Default DSN password is sql 4 Click Apply The changes take effect when you restart the server Click Start Server to r...

Page 52: ...name and password with which to log in to the host File Path Type either the absolute or relative path to the software file Firmware Type Select either FOS or SAS from the drop down list FIGURE 22 Sof...

Page 53: ...trace For example jserverlog_1017_1655 trace is the trace file for 4 55 p m on October 17 Whenever the CIMOM server is restarted a new trace file is generated with the timestamp of when the server st...

Page 54: ...bug properties file If you update dynamically your changes are effective immediately but are not saved If you update the debug properties file your changes are saved but are not reflected until the se...

Page 55: ...e Enable Debugging option check the debug options you want to log You can set the following debug options Exception Operation Event Configuration Switch Data Switch XML Data Threadlock d If you checke...

Page 56: ...Update the changes take effect when you restart the server FIGURE 24 Configure debugging options for provider Logging options for the provider You can enable or disable console and file logging When y...

Page 57: ...r the Enable File logging check box 5 Click Apply The changes take effect when you restart the server Click Start Server to restart the server FIGURE 25 Configure logging options Log file examples The...

Page 58: ...an be logged connection cache configuration zoning cache The following procedure is the equivalent of the extrinsic method Brocade_Agent LogCacheData Capturing information from the provider cache 1 La...

Page 59: ...s procedure to collect all support information in one file The required information is collected and zipped in a file named SMISupportFiles zip You can specify a location for this file or use the defa...

Page 60: ...lasses that have a provider support within all the namespaces in the SMI A Classes that represent indications that have the Indication qualifier are not included The output is in CIM XML format This p...

Page 61: ...e SMI Agent Configuration Tool 2 Click Server Configuration in the menu tree see Figure 29 on page 46 You must enable the stack before the SMI Agent can communicate using the IPv4 or IPv6 address 3 Cl...

Page 62: ...gfiledir com wbemsolutions jserver log maxfilesize 5000000 com wbemsolutions jserver log numfiles 3 Replace mylogfiledir with the complete path of the log file directory Replace 5000000 with the maxim...

Page 63: ...thentication are only private certificates that are generated by Brocade and are not verified by any certificate authority Clients cannot add their own certificates to the server trust stores NOTE Mut...

Page 64: ...lient listener When mutual authentication for indications is enabled then only those clients whose certificates have been added to the SMI A Indications TrustStore can use SSL to receive indications f...

Page 65: ...indications keyStore D smiagent agent client client ind keystore wbem indications keyStorePassword SSLindication wbem indications trustStore D smiagent agent client client ind truststore wbem indicat...

Page 66: ...stem setProperty clientlistener TSPWD trustSSLindication Client configuration to use client certificates for default SSL indications When mutual authentication for indications is not enabled you can c...

Page 67: ...ions using client listener program Set the required system properties within the client listener program For example public class clientlistener private static final String KS indication keyStore priv...

Page 68: ...ore information on the client In this scenario the following error is issued on the client side XMLERROR enumerateInstances java net ConnectException javax net ssl SSLHandshakeException Received fatal...

Page 69: ...stop_server scripts work if the agent is set to run as a daemon on Linux and Solaris Do these scripts work if the agent running as a service on Windows or do you have to use the Services window In us...

Page 70: ...n portmapper port 111 All other calls to the switch are through RPC on ports 897 non secure and 898 secure The ARR and Eventing ports that you select are those on the Brocade SMI Agent host If there i...

Page 71: ...ation Yes the SMI Agent supports HTTPS the combination of a normal HTTP interaction over an encrypted secure socket layer SSL or transport layer security TLS transport mechanism between the CIMClient...

Page 72: ...Brocade SMI Agent hangs how do I capture the thread dump On Linux Type the following command kill 3 pid where pid is the process ID of the Brocade SMI Agent On Solaris Press CTRL key backslash key On...

Page 73: ...from the WBEM Services open source project The license for WBEM Services is the Sun Industry Standards Source License SISSL section 13 1 For more information on WBEM Services see http wbemservices so...

Page 74: ...ion from the substance or structure of either the Original Code or any previous Modifications A Modification is A Any addition to or deletion from the contents of a file containing Original Code or pr...

Page 75: ...te must comply with all requirements set out by the Standards body in effect one hundred twenty 120 days before You ship the Contributor Version In the event that the Modifications do not meet such re...

Page 76: ...a comply with the terms of this License to the maximum extent possible and b describe the limitations and the code they affect Such description must be included in the LEGAL file described in Section...

Page 77: ...S GOVERNMENT END USERS U S Government If this Software is being acquired by or on behalf of the U S Government or by a U S Government prime contractor or subcontractor at any tier then the Government...

Page 78: ...Common Public License v 1 0 THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON PUBLIC LICENSE AGREEMENT ANY USE REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT S ACC...

Page 79: ...or otherwise As a condition to exercising the rights and licenses granted hereunder each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed if any For...

Page 80: ...ntributor then makes performance claims or offers warranties related to Product X those performance claims and warranties are such Commercial Contributor s responsibility alone Under this section the...

Page 81: ...assign the responsibility to serve as the Agreement Steward to a suitable separate entity Each new version of the Agreement will be given a distinguishing version number The Program including Contribu...

Page 82: ...subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOU...

Page 83: ...Platform Standard Edition J2SETM platform platform on Java enabled general purpose desktop computers and servers 2 LICENSE TO USE Subject to the terms and conditions of this Agreement including but no...

Page 84: ...onditions for installation If additional terms and conditions are not presented on installation the Software Updates will be considered part of the Software and subject to the terms and conditions of...

Page 85: ...party SUPPLEMENTAL LICENSE TERMS These Supplemental License Terms add to or modify the terms of the Binary Code License Agreement Capitalized terms not defined in these Supplemental Terms shall have...

Page 86: ...y naming convention designation E Distribution by Publishers This section pertains to your distribution of the Software with your printed book or magazine as those terms are commonly used in the indus...

Page 87: ...cle M S USCA12 110 Santa Clara California 95054 U S A Attention Contracts Administration F Source Code Software may contain source code that unless expressly licensed for other purposes is provided so...

Page 88: ...72 Brocade SMI Agent User s Guide 53 1001778 01 Sun Binary Code License Agreement A...

Page 89: ...ion entries 30 default user mapping 20 disabling HTTP 11 HTTP access 24 user authentication 28 Distributed Management Task Force DMTF xiii E enabling HTTP access 24 multi homed support 12 mutual authe...

Page 90: ...roxy connections configuring 16 S security configuring 21 server configuring 45 SLP daemon starting 7 stopping 6 SLP service 8 slptool using 8 SMI A defined 2 features 3 starting 5 stopping 6 starting...

Reviews:

No comments

Related manuals for 53-1001778-01

Q-See QSNDVR9M Remote Surveillance Manual preview
QSNDVR9M
Brand: Q-See Pages: 33
Generic Media gMovie v1.4 Operating Instructions Manual preview
gMovie v1.4
Brand: Generic Media Pages: 17
On-Q/Legrand DA7559 User Manual preview
DA7559
Brand: On-Q/Legrand Pages: 14
Tascam Portastudio iPad Application User Manual preview
Portastudio iPad Application
Brand: Tascam Pages: 5
Snom Configuring snom phones for Mass Deployment Frequently Asked Questions Manual preview
Configuring snom phones for Mass Deployment
Brand: Snom Pages: 22
altiris eXpress Altris eXpress Helpdesk Solution 5.6 SP1 User Manual preview
eXpress Altris eXpress Helpdesk Solution 5.6 SP1
Brand: altiris Pages: 143
MacroSystem Digital Video DVD-Arabesk 2 User Manual preview
DVD-Arabesk 2
Brand: MacroSystem Digital Video Pages: 28
Qlogic SANbox-8 User Manual preview
SANbox-8
Brand: Qlogic Pages: 180
FARONICS DEVICE FILTER MAC Manual preview
DEVICE FILTER MAC
Brand: FARONICS Pages: 30
Philips SpeechExec Dictation Recorder 1.6.0.0 User Manual preview
SpeechExec Dictation Recorder 1.6.0.0
Brand: Philips Pages: 42
Philips RWDV1610B/00 User Manual preview
RWDV1610B/00
Brand: Philips Pages: 56
Philips SPEECHEXEC 4.3 Quick Reference Manual preview
SPEECHEXEC 4.3
Brand: Philips Pages: 184
Garmin GPSMAP GPSMAP 196 Specifications preview
GPSMAP GPSMAP 196
Brand: Garmin Pages: 2
Garmin MapSource User Manual preview
MapSource
Brand: Garmin Pages: 32
ARRI Ramp Preview Controller Operation Manual preview
Ramp Preview Controller
Brand: ARRI Pages: 46
EVGA PCoIP Technology User Manual preview
PCoIP Technology
Brand: EVGA Pages: 27
M-Audio Torq 1.5 User Manual preview
Torq 1.5
Brand: M-Audio Pages: 99
Gallo Studio Devil User Manual preview
Studio Devil
Brand: Gallo Pages: 9

Brands by name

Popular brands

Load more brands