background image

6.

Create a certificate from the CSR that you just created. For example, on system with an
OpenSSL CA:
a.

Using a secure method, such as the

scp

command for network transfer or physical media

(such as a USB drive or CDROM), transfer the tomcat.csr file to the system where the
OpenSSL CA was created.

b.

Create a certificate from the tomcat.csr file.

# openssl x509 -req -days 365 -in /tmp/tomcat.csr -CA cacert.pem -CAkey

private/cakey.pem -set_serial 01 -out /tmp/tomcat.crt

Signature ok

subject=/C=US/ST=CA/L=Fremont/O=3PAR/OU=ST/CN=10.112.10.196

Getting CA Private Key

Enter pass phrase for private/cakey.pem:

Signature ok

subject=/C=US/ST=CA/L=Fremont/O=3PAR/OU=ST/CN=10.112.10.196

Getting CA Private Key

Enter pass phrase for private/cakey.pem:

31

Содержание 3PAR StoreServ 7200 2-node

Страница 1: ... This guide is intended to be used as a reference when installing and configuring HP 3PAR Policy Server It contains administration level information and some user configuration information for the Policy Server HP Part Number QR483 96004 Published December 2012 ...

Страница 2: ...ein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Acknowledgments Intel Itanium Pentium Intel Inside and the Intel Inside logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries Microsoft Windows Windows XP and Windows NT are U S...

Страница 3: ...es 18 Changing Passwords 20 6 Support and other resources 21 Contacting HP 21 Before You Contact HP 21 HP Contact Information 21 Subscription service 21 Related information 21 Customer self repair 22 7 Documentation feedback 23 A Silent Mode Installation and Uninstallation 24 B Starting and Stopping Policy Server Manually 25 Starting Policy Server Components Manually 25 Stopping Policy Server Comp...

Страница 4: ...nents as well as information about editing the configuration files for Policy Server components Complete information for using the Policy Server application is included in the online help for the application Installed with Policy Server help is accessible from each page of the application NOTE The terms asset and device are synonymous You will see both terms used in the user interfaces APIs and do...

Страница 5: ...eate for the machine where Policy Server will run and you should make sure that either port 443 or port 8443 is available for Policy Server During installation you will configure Policy Server to use SSL User Authentication To secure access to the Policy Server application you use an internal directory server the OpenDS directory server When you use this server the installer creates users and user...

Страница 6: ...ectory server Users are the login accounts that you create for people who need access to Policy Server Once you have defined roles and assigned profiles to them you can assign users to the roles Similarly when creating or editing users you can assign one or more roles to them When the user logs in the Policy Server authenticates the User Name and Password with the directory server and then makes a...

Страница 7: ...er An Agent can also upload data or alarms to the Enterprise Server based on a triggering event The association of a triggering event with an upload of data or alarms is referred to as a logger data loggers can upload data and alarm loggers can upload alarms As with Enterprise Server initiated actions an Agent managed by Policy Server consults its policy before performing any Agent initiated actio...

Страница 8: ...y Server it sends a list of supported actions Policy Server responds by sending the policy to the Agent After registration the Agent contacts Policy Server regularly based on a defined rate If an updated policy is available Policy Server sends it If the Agent has requests for actions that require approval the Agent sends those requests as part of its regular contact message NOTE If you delete a de...

Страница 9: ... at the next startup to redo the changes myHP3PS log Data for cached tables For some catalogs this file may not be present myHP3PS data A compressed copy of the last known consistent state of the data file Note that for some catalogs this file may not be present myHP3PS backup You will be directed to install the database using the Policy Server installation program The installation program configu...

Страница 10: ...8443 or 443 for the Policy Server listener The same port must be specified in CPMAINT when you configure the Service Processor SP to use Policy Server Enable the firewall to allow TCP IP connections to this port on the Policy Server server TCP IP port 389 for the LDAP listener Currently only embedded LDAP OpenDS is supported It is part of the installation package TCP IP port 9001 for the database ...

Страница 11: ...u want to install HP 3PAR Policy Server and its supporting components Verify that the machines have enough disk space for the components you plan to install HP recommends that you install to the default directory presented by the installer Database Information Use the default settings presented by the installer Database Initialization If you are installing Policy Server for the first time tell the...

Страница 12: ...ith Policy Server by using the Policy Server Settings dialog box in Agent Builder or the Policy Server settings tab in the Agent Deployment Utility Although the possible SSL encryption levels are 40 128 and 168 Tomcat does not support 40 bit SSL encryption Use 128 bit encryption or if the operating system supports it use 168 bit encryption Decide whether to run the components as services daemons o...

Страница 13: ...bed in Configuration Information page 11 If you have the information click Next 3 In the Choose Install Folder screen keep the default location and then click Next to display the HP 3PAR Policy Server Components screen 4 The HP 3PAR Policy Server installation requires all components to be installed on the same system Make sure that all components are selected for installation and then click Next 5...

Страница 14: ... In the System Error Notification Settings screen three of the four fields have default information you can keep In the E mail To address field type the e mail address of the Policy Server system administrator When the system has problems Tomcat will send an e mail message to this address notifying the individual of the problem Click Next 1 1 In the Use SSL screen keep the default selection of Yes...

Страница 15: ...eystore file will be created when you use the keytool exe command in the Enabling SSL for the Policy Server page 17 section Use the passphrase that you enter here when you use the keytool exe command later 13 Click Next to display the HP 3PAR Policy Server Service screen shown in the following figure 14 In the HP 3PAR Policy Server Service screen ensure that all three components have Yes next to t...

Страница 16: ...r completes the installation it displays the following screen 18 If the Installation Complete screen displays warnings check the HP3PARPolicyServer_Install log log file created by the installer This log file is created during installation whether or not errors occur and is stored in the root installation folder you selected for Policy Server Open this file in your favorite text editor to look for ...

Страница 17: ...that is included with the Java Runtime Environment JRE To do this follow these steps 1 On the Windows server that is running Policy Server open a command prompt 2 Create the directory in which to store the keystore file this is the same path you entered when you installed the Policy Server C mkdir c hp 3par 3 Change to the directory where the keytool command exists C cd C Program Files x86 HP 3PAR...

Страница 18: ...ing the Policy Editor modify the following entries to match what is shown in the following figures NOTE These settings are strongly recommended to allow normal service functions to occur However you can modify certain parameters based on the requirements of your particular installation Figure 3 Set Data Item Values Figure 4 Gateway Provisioning NOTE This policy is new for HP 3PAR Policy Server Fig...

Страница 19: ...lication policy configure to ask for approval Figure 9 Start Remote Terminal Figure 10 Stop Remote Application NOTE This policy is new for HP 3PAR Policy Server Figure 1 1 Modify Ping Update Figure 12 Scripts Figure 13 Emails Updating Policy Server Policies 19 ...

Страница 20: ...nd Alarms Figure 15 Restart Agent Figure 16 Execute Figure 17 Timers Changing Passwords This procedure is optional For more information about how to change user passwords see Changing Default Passwords page 26 20 Post Installation Tasks ...

Страница 21: ...6 This service is available 24 hours a day 7 days a week For continuous quality improvement calls may be recorded or monitored If you have purchased a Care Pack service upgrade call 1 800 633 3600 For more information about Care Packs refer to the HP website http www hp com hps In other locations see the Contact HP worldwide in English webpage http welcome hp com country us en wwcontact html Subsc...

Страница 22: ...ovider replace the part These parts are identified as No in the Illustrated Parts Catalog Based on availability and where geography permits Customer Self Repair parts will be shipped for next business day delivery Same day or four hour delivery may be offered at an additional charge where geography permits If assistance is required you can call the HP Technical Support Center and a technician will...

Страница 23: ...cumentation that meets your needs To help us improve the documentation send any errors suggestions or comments to Documentation Feedback docsfeedback hp com Include the document title and part number version number or the URL when submitting your feedback 23 ...

Страница 24: ...ller in silent mode use a command similar to the following HP3PARPolicyServer exe r c temp response properties NOTE You do not have to use the c temp directory as the location of the response properties file You can use any existing directory The installer will not create a new directory 3 To run the installer in silent mode use a command similar to the following HP3PARPolicyServer exe i silent f ...

Страница 25: ...installation_directory Tomcat6 bin directory where HP3PS_installation_directory is the path to Policy Server directory on the machine c Locate and run the StartHP3PS bat script This script name is case sensitive The StartHP3PS script starts the Tomcat Web server and the HP 3PAR Policy Server When the server starts running the console window for Policy Server appears Stopping Policy Server Componen...

Страница 26: ...e user names and passwords for these users are stored in Policy Server configuration files The Policy Server Administrator account is used by a user to log in to the Policy Server This user and password are stored in the LDAP directory server Changing the Policy Server Administrator Password 1 Log in to the HP 3PAR Policy Server with the current password using the following URL http policy_server ...

Страница 27: ...ul 3 Update the Policy Server configuration file with the new password To do this edit the following file C Program Files x86 HP 3PAR PolicyServer Tomcat6 aps conf server xml In this file update the setting for connectionPassword with the new password that was set in step 2 connectionPassword mySecretPassword 4 Start Policy Server Changing the HP 3PAR Policy Server Database Administrator Password ...

Страница 28: ...5 Start Policy Server 28 Changing Default Passwords ...

Страница 29: ...HP 3PAR Policy Server Only Service Processors that are running SP version 4 1 and later are supported Use the CPMAINT utility to reconfigure the Policy Server 1 From the SP command line log in to CPMAINT 2 In CPMAINT select option 6 3 Enter the IP address and port number 8443 of your Policy Server 29 ...

Страница 30: ...d that is installed with the HP 3PAR Policy Server generate a key for the server as shown in the following example NOTE The keystore file is created when you run the keytool exe command C Program Files x86 HP 3PAR PolicyServer jre bin keytool genkey alias tomcat keyalg RSA keysize 1048 keystore c hp 3par keystore ps Enter keystore password Re enter new password What is your first and last name Unk...

Страница 31: ...e the OpenSSL CA was created b Create a certificate from the tomcat csr file openssl x509 req days 365 in tmp tomcat csr CA cacert pem CAkey private cakey pem set_serial 01 out tmp tomcat crt Signature ok subject C US ST CA L Fremont O 3PAR OU ST CN 10 112 10 196 Getting CA Private Key Enter pass phrase for private cakey pem Signature ok subject C US ST CA L Fremont O 3PAR OU ST CN 10 112 10 196 G...

Страница 32: ...67 33 5E 12 14 07 SHA1 53 55 B0 D8 D3 A4 6B 35 B3 79 DF DF 47 44 09 76 86 BF 65 F1 Signature algorithm name SHA1withRSA Version 3 Extensions 1 ObjectId 2 5 29 14 Criticality false SubjectKeyIdentifier KeyIdentifier 0000 E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1 vm 0010 67 44 14 D6 gD 2 ObjectId 2 5 29 19 Criticality false BasicConstraints CA true PathLen 2147483647 3 ObjectId 2 5 29 35 Criti...

Страница 33: ...8192 79 protocol org apache coyote http11 Http11Protocol maxThreads 200 80 enableLookups false redirectPort 8443 acceptCount 400 81 connectionTimeout 20000 disableUploadTimeout true 82 83 After saving the configuration file changes you can start the Policy Server components Using the Windows Services manager start the HP 3PAR Policy Server components in the following order 1 OpenDS LDAP Server 2 H...

Страница 34: ...user name when accessing the database Change the password 6 When prompted whether to create the new database during installation or after installation keep the default of Create new database during installation by pressing ENTER 7 When prompted for the number of the listening port on this computer for the internal directory server OpenDS press ENTER to accept the default port 389 If you need to us...

Страница 35: ...asks are required before you can start the Policy Server 14 When prompted review the selected installation options Type Y to continue with the installation The installer presents a message when the installation is complete If the installation completed with warnings check the log file created by the installation program The installer creates this log file for successful installations as well as fo...

Отзывы: