manualshive.com logo in svg

HP 3PAR StoreServ 7200 2-node, Installation And Setup Manual

Share
Download
HP 3PAR StoreServ 7200 2-node Installation And Setup Manual Download Page 6

available: View and Add/Edit. For the Audit Log component, only the View privilege is
available. For the Remote (Sessions) component, the two privileges are View and End.

View provides read-only access to the pages of a component, while Add/Edit provides read,
write, and delete access to the pages and features of the component. For remote sessions, the
End privilege allows the user to end a remote session. For example, Add/Edit for the Pending
Requests component allows users to approve or deny pending requests, while, for the Users
component, it allows users to create, edit, and delete profiles, roles, and users. The set of
privileges is defined in the system and cannot be changed.

Profiles

– From the Users component of the Policy Server application, you can define a set of

privileges to one or more components. This set of privileges is referred to as a profile. You
may want to create a profile for each main component (Policy, Pending Requests, Audit Log,
Assets, Users, and Remote [Sessions]). Alternatively, you may want to create profiles that apply
to the jobs that certain users perform. For example, you want to create profiles for users who
manage Pending Requests and users who need to monitor the Audit Log. In a profile called
PendingRequests, you select View and Add/Edit for the Pending Requests component. In
another profile called AuditLog, you provide View access to the Audit Log component. In a
third profile called PolicyView, you provide View access only to the Policy component.

Roles

– Once you have defined profiles, you can combine them into sets, called roles. You

can then assign roles to each user or assign users to each role. To continue the example from
the Profiles, you create a role called RequestManager and assign it the PendingRequests and
PolicyView profiles. You then assign the user whose job it is to handle incoming requests to
the role. That user will be able to approve and deny pending requests, and as needed, view
the policies for the assets.

Users

– Created either in the Users component of the Policy Server application or in your

directory server, Users are the login accounts that you create for people who need access to
Policy Server. Once you have defined roles and assigned profiles to them, you can assign
users to the roles. Similarly, when creating or editing users, you can assign one or more roles
to them.

When the user logs in, the Policy Server authenticates the User Name and Password with the
directory server and then makes available the features defined by the roles assigned to the
user. If a user has no roles assigned, a message is displayed that the user has no privileges
and the user is logged out. If a user has more than one role assigned and a profile for one
of those roles is deleted, that role becomes inactive. The next time that user logs in, only the
features that are defined by the role that has not changed are available.

For example, a user has one role that provides View and Add/Edit to the Assets component
(through one profile) and a second role that provides the same access to the Policy and Pending
Requests components through two separate profiles. If you remove the profile for the Policy
component, the second role becomes inactive. The next time the user logs in, only the
Dashboard and the Assets component are available. The removal of the Policy profile makes
both the Policy and Pending Requests components unavailable because both profiles (Policy
and Pending Request) are assigned to the same role.

HP 3PAR Policy Server Connections

Within an organization, a single HP 3PAR Policy Server can be configured to manage some or
all Agent assets. For very large organizations or organizations that are geographically widespread,
multiple Policy Servers can be configured to handle multiple sets of assets uniquely. For example,
an organization might use multiple Policy Servers to handle assets located in departments that
have different administration and security needs. All Policy Server settings except proxy server
communications are configured in Agent Builder as part of an Agent’s project configuration. You
must use Agent Deployment Utility to configure proxy servers. The following figure shows an
example of a single Policy Server connected to some assets at a customer site for policy
management.

6

HP 3PAR Policy Server and the HSQL Database

Summary of Contents for 3PAR StoreServ 7200 2-node

Page 1: ... This guide is intended to be used as a reference when installing and configuring HP 3PAR Policy Server It contains administration level information and some user configuration information for the Policy Server HP Part Number QR483 96004 Published December 2012 ...

Page 2: ...ein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Acknowledgments Intel Itanium Pentium Intel Inside and the Intel Inside logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries Microsoft Windows Windows XP and Windows NT are U S...

Page 3: ...es 18 Changing Passwords 20 6 Support and other resources 21 Contacting HP 21 Before You Contact HP 21 HP Contact Information 21 Subscription service 21 Related information 21 Customer self repair 22 7 Documentation feedback 23 A Silent Mode Installation and Uninstallation 24 B Starting and Stopping Policy Server Manually 25 Starting Policy Server Components Manually 25 Stopping Policy Server Comp...

Page 4: ...nents as well as information about editing the configuration files for Policy Server components Complete information for using the Policy Server application is included in the online help for the application Installed with Policy Server help is accessible from each page of the application NOTE The terms asset and device are synonymous You will see both terms used in the user interfaces APIs and do...

Page 5: ...eate for the machine where Policy Server will run and you should make sure that either port 443 or port 8443 is available for Policy Server During installation you will configure Policy Server to use SSL User Authentication To secure access to the Policy Server application you use an internal directory server the OpenDS directory server When you use this server the installer creates users and user...

Page 6: ...ectory server Users are the login accounts that you create for people who need access to Policy Server Once you have defined roles and assigned profiles to them you can assign users to the roles Similarly when creating or editing users you can assign one or more roles to them When the user logs in the Policy Server authenticates the User Name and Password with the directory server and then makes a...

Page 7: ...er An Agent can also upload data or alarms to the Enterprise Server based on a triggering event The association of a triggering event with an upload of data or alarms is referred to as a logger data loggers can upload data and alarm loggers can upload alarms As with Enterprise Server initiated actions an Agent managed by Policy Server consults its policy before performing any Agent initiated actio...

Page 8: ...y Server it sends a list of supported actions Policy Server responds by sending the policy to the Agent After registration the Agent contacts Policy Server regularly based on a defined rate If an updated policy is available Policy Server sends it If the Agent has requests for actions that require approval the Agent sends those requests as part of its regular contact message NOTE If you delete a de...

Page 9: ... at the next startup to redo the changes myHP3PS log Data for cached tables For some catalogs this file may not be present myHP3PS data A compressed copy of the last known consistent state of the data file Note that for some catalogs this file may not be present myHP3PS backup You will be directed to install the database using the Policy Server installation program The installation program configu...

Page 10: ...8443 or 443 for the Policy Server listener The same port must be specified in CPMAINT when you configure the Service Processor SP to use Policy Server Enable the firewall to allow TCP IP connections to this port on the Policy Server server TCP IP port 389 for the LDAP listener Currently only embedded LDAP OpenDS is supported It is part of the installation package TCP IP port 9001 for the database ...

Page 11: ...u want to install HP 3PAR Policy Server and its supporting components Verify that the machines have enough disk space for the components you plan to install HP recommends that you install to the default directory presented by the installer Database Information Use the default settings presented by the installer Database Initialization If you are installing Policy Server for the first time tell the...

Page 12: ...ith Policy Server by using the Policy Server Settings dialog box in Agent Builder or the Policy Server settings tab in the Agent Deployment Utility Although the possible SSL encryption levels are 40 128 and 168 Tomcat does not support 40 bit SSL encryption Use 128 bit encryption or if the operating system supports it use 168 bit encryption Decide whether to run the components as services daemons o...

Page 13: ...bed in Configuration Information page 11 If you have the information click Next 3 In the Choose Install Folder screen keep the default location and then click Next to display the HP 3PAR Policy Server Components screen 4 The HP 3PAR Policy Server installation requires all components to be installed on the same system Make sure that all components are selected for installation and then click Next 5...

Page 14: ... In the System Error Notification Settings screen three of the four fields have default information you can keep In the E mail To address field type the e mail address of the Policy Server system administrator When the system has problems Tomcat will send an e mail message to this address notifying the individual of the problem Click Next 1 1 In the Use SSL screen keep the default selection of Yes...

Page 15: ...eystore file will be created when you use the keytool exe command in the Enabling SSL for the Policy Server page 17 section Use the passphrase that you enter here when you use the keytool exe command later 13 Click Next to display the HP 3PAR Policy Server Service screen shown in the following figure 14 In the HP 3PAR Policy Server Service screen ensure that all three components have Yes next to t...

Page 16: ...r completes the installation it displays the following screen 18 If the Installation Complete screen displays warnings check the HP3PARPolicyServer_Install log log file created by the installer This log file is created during installation whether or not errors occur and is stored in the root installation folder you selected for Policy Server Open this file in your favorite text editor to look for ...

Page 17: ...that is included with the Java Runtime Environment JRE To do this follow these steps 1 On the Windows server that is running Policy Server open a command prompt 2 Create the directory in which to store the keystore file this is the same path you entered when you installed the Policy Server C mkdir c hp 3par 3 Change to the directory where the keytool command exists C cd C Program Files x86 HP 3PAR...

Page 18: ...ing the Policy Editor modify the following entries to match what is shown in the following figures NOTE These settings are strongly recommended to allow normal service functions to occur However you can modify certain parameters based on the requirements of your particular installation Figure 3 Set Data Item Values Figure 4 Gateway Provisioning NOTE This policy is new for HP 3PAR Policy Server Fig...

Page 19: ...lication policy configure to ask for approval Figure 9 Start Remote Terminal Figure 10 Stop Remote Application NOTE This policy is new for HP 3PAR Policy Server Figure 1 1 Modify Ping Update Figure 12 Scripts Figure 13 Emails Updating Policy Server Policies 19 ...

Page 20: ...nd Alarms Figure 15 Restart Agent Figure 16 Execute Figure 17 Timers Changing Passwords This procedure is optional For more information about how to change user passwords see Changing Default Passwords page 26 20 Post Installation Tasks ...

Page 21: ...6 This service is available 24 hours a day 7 days a week For continuous quality improvement calls may be recorded or monitored If you have purchased a Care Pack service upgrade call 1 800 633 3600 For more information about Care Packs refer to the HP website http www hp com hps In other locations see the Contact HP worldwide in English webpage http welcome hp com country us en wwcontact html Subsc...

Page 22: ...ovider replace the part These parts are identified as No in the Illustrated Parts Catalog Based on availability and where geography permits Customer Self Repair parts will be shipped for next business day delivery Same day or four hour delivery may be offered at an additional charge where geography permits If assistance is required you can call the HP Technical Support Center and a technician will...

Page 23: ...cumentation that meets your needs To help us improve the documentation send any errors suggestions or comments to Documentation Feedback docsfeedback hp com Include the document title and part number version number or the URL when submitting your feedback 23 ...

Page 24: ...ller in silent mode use a command similar to the following HP3PARPolicyServer exe r c temp response properties NOTE You do not have to use the c temp directory as the location of the response properties file You can use any existing directory The installer will not create a new directory 3 To run the installer in silent mode use a command similar to the following HP3PARPolicyServer exe i silent f ...

Page 25: ...installation_directory Tomcat6 bin directory where HP3PS_installation_directory is the path to Policy Server directory on the machine c Locate and run the StartHP3PS bat script This script name is case sensitive The StartHP3PS script starts the Tomcat Web server and the HP 3PAR Policy Server When the server starts running the console window for Policy Server appears Stopping Policy Server Componen...

Page 26: ...e user names and passwords for these users are stored in Policy Server configuration files The Policy Server Administrator account is used by a user to log in to the Policy Server This user and password are stored in the LDAP directory server Changing the Policy Server Administrator Password 1 Log in to the HP 3PAR Policy Server with the current password using the following URL http policy_server ...

Page 27: ...ul 3 Update the Policy Server configuration file with the new password To do this edit the following file C Program Files x86 HP 3PAR PolicyServer Tomcat6 aps conf server xml In this file update the setting for connectionPassword with the new password that was set in step 2 connectionPassword mySecretPassword 4 Start Policy Server Changing the HP 3PAR Policy Server Database Administrator Password ...

Page 28: ...5 Start Policy Server 28 Changing Default Passwords ...

Page 29: ...HP 3PAR Policy Server Only Service Processors that are running SP version 4 1 and later are supported Use the CPMAINT utility to reconfigure the Policy Server 1 From the SP command line log in to CPMAINT 2 In CPMAINT select option 6 3 Enter the IP address and port number 8443 of your Policy Server 29 ...

Page 30: ...d that is installed with the HP 3PAR Policy Server generate a key for the server as shown in the following example NOTE The keystore file is created when you run the keytool exe command C Program Files x86 HP 3PAR PolicyServer jre bin keytool genkey alias tomcat keyalg RSA keysize 1048 keystore c hp 3par keystore ps Enter keystore password Re enter new password What is your first and last name Unk...

Page 31: ...e the OpenSSL CA was created b Create a certificate from the tomcat csr file openssl x509 req days 365 in tmp tomcat csr CA cacert pem CAkey private cakey pem set_serial 01 out tmp tomcat crt Signature ok subject C US ST CA L Fremont O 3PAR OU ST CN 10 112 10 196 Getting CA Private Key Enter pass phrase for private cakey pem Signature ok subject C US ST CA L Fremont O 3PAR OU ST CN 10 112 10 196 G...

Page 32: ...67 33 5E 12 14 07 SHA1 53 55 B0 D8 D3 A4 6B 35 B3 79 DF DF 47 44 09 76 86 BF 65 F1 Signature algorithm name SHA1withRSA Version 3 Extensions 1 ObjectId 2 5 29 14 Criticality false SubjectKeyIdentifier KeyIdentifier 0000 E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1 vm 0010 67 44 14 D6 gD 2 ObjectId 2 5 29 19 Criticality false BasicConstraints CA true PathLen 2147483647 3 ObjectId 2 5 29 35 Criti...

Page 33: ...8192 79 protocol org apache coyote http11 Http11Protocol maxThreads 200 80 enableLookups false redirectPort 8443 acceptCount 400 81 connectionTimeout 20000 disableUploadTimeout true 82 83 After saving the configuration file changes you can start the Policy Server components Using the Windows Services manager start the HP 3PAR Policy Server components in the following order 1 OpenDS LDAP Server 2 H...

Page 34: ...user name when accessing the database Change the password 6 When prompted whether to create the new database during installation or after installation keep the default of Create new database during installation by pressing ENTER 7 When prompted for the number of the listening port on this computer for the internal directory server OpenDS press ENTER to accept the default port 389 If you need to us...

Page 35: ...asks are required before you can start the Policy Server 14 When prompted review the selected installation options Type Y to continue with the installation The installer presents a message when the installation is complete If the installation completed with warnings check the log file created by the installation program The installer creates this log file for successful installations as well as fo...

Reviews:

No comments

Brands by name

Popular brands

Load more brands