EMC Unisphere for VMAX

VERSION 1.6

Installation Guide
REV 02

Copyright 2012 - 2013 EMC Corporation. All rights reserved. Published in the USA. Published May, 2013 EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC2 , EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. For the most up-to-date regulatory document for your product line, go to EMC Online Support (https://support.emc.com).

Installation Guide

CONTENTS

Preface Chapter 1: Pre-installation considerations

Before-you-begin Initial Setup User Local and remote installation options Unisphere for VMAX licensing Unisphere for VMAX Virtual Appliance Mainframe considerations Red Hat 6 64-bit Virtual Machine consideration Environment and system requirements Solutions Enabler EMC ControlCenter Symmetrix Enginuity Concurrent users VMware and Hyper-V guests Client requirements Server requirements Other Requirements

11 15
16 16 16 17 17 17 18 19 19 19 19 19 19 20 21 22

Chapter 2: Installing Unisphere for VMAX

Installing Unisphere for VMAX Completing the installation Configuring language and regional settings Installing a Unisphere license Excluding the data and temp directories from virus scans Starting and stopping the Performance database Starting and stopping the SMAS service Launching Unisphere Upgrading to Unisphere for VMAX with Performance Upgrading Unisphere for VMAX using the wizard Upgrading Unisphere for VMAX from the command line Adding the Performance option (at a later time) Uninstalling Unisphere for VMAX

23
24 27 27 27 27 27 28 29 30 30 31 32 33
3

Before you begin Uninstalling from Windows Uninstalling from Linux

33 33 34

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Introduction Before you begin Installing the virtual appliance directly on the ESX Server Installing the virtual appliance through a vCenter Server Installing the virtual appliance using OVFTOOL Using OVFTOOL Launching Unisphere or the vApp Manager Launching Unisphere Launching the vApp Manager Connecting to the API server Registering the VASA Provider with vSphere Upgrading the Unisphere for VMAX Virtual Appliance Upgrading the Unisphere for VMAX Virtual Appliance using an ISO image Re-configuring the virtual appliance IP address Deleting the Unisphere for VMAX Virtual Appliance Backing up and restoring the Performance database Backing up Performance database files to another host Restoring Performance database files from another host Installing licenses Installing Symmetrix-based licenses Installing host-based licenses

35
36 38 39 42 44 44 46 46 46 46 47 48 53 55 56 57 57 57 59 59 59

Appendix A: Security features

Authentication Authorization

61
62 63

Appendix B: Replacing the server certificate

Replacing the certificate

67
68

Appendix C: Configuring SMAS to work in z/OS

Configuring SMAS to work in z/OS

71
72

Installation Guide

Appendix D: Third-party copyright notices

GNU LESSER GENERAL PUBLIC LICENSE MySQL OpenSSL copyright information Apache Axis 1.2 and Apache Multipart parser MIT XML Parser JBoss, Home of Professional Open Source Parsley 2.4 GraniteDS 2.3 PurePDF

73
74 75 76 77 78 79 80 81 82

Installation Guide

FIGURES
Figure Figure 1: Local installation: Unisphere for VMAX Figure 2: Remote installation: Unisphere for VMAX on server connected to a remote SYMAPI server Page 16 17

Installation Guide

TABLES
Table Table 1: Unisphere client requirements Table 2: Server requirements and limitations Table 3: Unisphere for VMAX Virtual Appliance VMware ESX Server requirements Table 4: VMAX 1.6 Virtual Appliance update paths Page 20 21 38 48

10

Installation Guide

Preface
As part of an effort to improve its product lines, EMC periodically releases revisions of its software and hardware. Therefore, some functions described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information on product features. Contact your EMC representative if a product does not function properly or does not function as described in this document. This document was accurate at publication time. New versions of this document might be released on the EMC Online Support website. Check the EMC Online Support site http://support.EMC.com to ensure that you are using the latest version of this document.

Purpose
This document describes how to configure and use EMC Unisphere for VMAX.

Audience
This document is intended for the host system administrator, storage administrator, system programmer, or operator involved in managing Symmetrix systems.

Related documentation
The following related documents are available on the EMC Online Support Site at https://support.EMC.com EMC Unisphere for VMAX Release Notes EMC Unisphere for VMAX Online Help EMC Unisphere for VMAX Performance Viewer Installation Guide EMC Unisphere for VMAX - vApp Manager Online Help EMC Solutions Enabler Installation Guide EMC Symmetrix Performance Analyzer Release Notes EMC Symmetrix Performance Analyzer Online Help EMC Solutions Enabler Release Notes EMC Solutions Enabler Symmetrix Array Controls CLI Product Guide EMC Solutions Enabler Symmetrix Array Management CLI Product Guide EMC Solutions Enabler Symmetrix Migration CLI Product Guide EMC Solutions Enabler Symmetrix SRDF Family CLI Product Guide EMC Solutions Enabler Symmetrix SRDF /Star CLI Product Guide EMC Solutions Enabler Symmetrix SRM CLI Product Guide EMC Solutions Enabler Symmetrix CLI Command Reference
Preface 11

Preface

EMC Solutions Enabler Symmetrix TimeFinder Family CLI Product Guide EMC Symmetrix Security Configuration Guide

Conventions used in this document

EMC uses the following conventions for special notices: Caution, used with the safety alert symbol, indicates a hazardous situation which, if not avoided, could result in minor or moderate injury. Notice is used to address practices not related to personal injury. A Note presents information that is important, but not hazard-related. WARNING indicates a hazardous situation which, if not avoided, could result in death or serious injury. Style Normal Where used Used in running (nonprocedural) text for: Names of interface elements, such as names of windows, dialog boxes, buttons, fields, and menus Names of resources, attributes, pools, Boolean expressions, buttons, DQL statements, keywords, clauses, environment variables, functions, and utilities URLs, pathnames, filenames, directory names, computer names, links, groups, service keys, file systems, and notifications

Bold

Used in running (nonprocedural) text for names of commands, daemons, options, programs, processes, services, applications, utilities, kernels, notifications, system calls, and man pages Used in procedures for: Names of interface elements, such as names of windows, dialog boxes, buttons, fields, and menus What the user specifically selects, clicks, presses, or types

Italic

Used in all text (including procedures) for: Full titles of publications referenced in text Emphasis, for example, a new term Variables

Courier

Used for: System output, such as an error message or script

12

Installation Guide

Preface

Style

Where used URLs, complete paths, filenames, prompts, and syntax when shown outside of running text

Courier bold Courier italic <> [] | {} ...

Used for specific user input, such as commands Used in procedures for: Variables on the command line User input variables Angle brackets enclose parameter or variable values supplied by the user Square brackets enclose optional values Vertical bar indicates alternate selections the bar means or Braces enclose content that the user must specify, such as x or y or z Ellipses indicate nonessential information omitted from the example

Where to get help

EMC support, product, and licensing information can be obtained on the EMC Online Support site as described next. To open a service request through the EMC Online Support site, you must have a valid support agreement. Contact your EMC sales representative for details about obtaining a valid support agreement or to answer any questions about your account.

Product information
For documentation, release notes, software updates, or for information about EMC products, licensing, and service, refer to EMC online support at: https://support.EMC.com.

Technical support
EMC offers a variety of support options. Support by Product EMC offers consolidated, product-specific information on the Web at: https://support.EMC.com/products. The Support by Product web pages offer quick links to Documentation, White Papers, Advisories (such as frequently used Knowledgebase articles), and Downloads, as well as more dynamic content, such as presentations, discussion, relevant Customer Support Forum entries, and a link to EMC Live Chat. EMC Live Chat Open a Chat or instant message session with an EMC Support Engineer.

eLicensing support
To activate your entitlements and obtain your Symmetrix license files, visit the Service Center on https://support.EMC.com, as directed on your License Authorization Code (LAC) letter emailed to you.

Preface

13

Preface

For help with missing or incorrect entitlements after activation (that is, expected functionality remains unavailable because it is not licensed), contact your EMC Account Representative or Authorized Reseller. For help with any errors applying license files through Solutions Enabler, contact the EMC Customer Support Center. If you are missing a LAC letter, or require further instructions on activating your licenses through the Online Support site, contact EMC's worldwide Licensing team at [email protected] or call: North America, Latin America, APJK, Australia, New Zealand: SVC4EMC (800-782-4362) and follow the voice prompts. EMEA: +353 (0) 21 4879862 and follow the voice prompts.

14

Installation Guide

CHAPTER 1 Pre-installation considerations

The following sections contain steps and information you need to take and consider before the actual installation happens. Before-you-begin Environment and system requirements 16 19

Chapter 1: Pre-installation considerations

15

Chapter 1: Pre-installation considerations

Before-you-begin
The following sections contain steps and information you need to take and consider before the actual installation happens.

Initial Setup User

While installing the software, you are prompted to specify an Initial Setup User. You can either specify the user ID you currently use to access the Symmetrix system (if User Authorization is enabled), or you can use the default user ID smc. If you plan on using the default ID, there must be no user IDs listed in the User Authorization database. If there are user IDs in the database (regardless of whether user authorization is enabled), then you must use SYMCLI to add the default user ID (smc) to the database. The initial setup user's role is to install and set up the Unisphere environment (create users and add roles). It is intended to be a temporary role as it allows you only to access and perform administrative tasks on Symmetrix systems that do not have defined user roles (authorization rules). After an Administrator or SecurityAdmin is assigned to a Symmetrix system, the initial setup user can no longer access or even see the system from the Unisphere console. Therefore, it is recommended that users not operate in this role for too long. Security features on page 61 contains more information on users and roles.

Local and remote installation options

Unisphere for VMAX can be installed in local or remote configurations. In a local configuration, install the Unisphere software on a server running Solutions Enabler attached to Symmetrix systems (see the Unisphere server in Figure 1). In a remote configuration, install the Unisphere software on a server connected to the SYMAPI server (see the Unisphere server in Figure 2 on the facing page).
Unisphere Server

RDF
Unisphere Clients

Figure 1: Local installation: Unisphere for VMAX

16

Installation Guide: Before-you-begin

Chapter 1: Pre-installation considerations

Figure 2: Remote installation: Unisphere for VMAX on server connected to a remote SYMAPI server

Unisphere for VMAX licensing

Unisphere for VMAX uses Symmetrix-based eLicensing. As a result, you can only manage a Symmetrix VMAX Family system from a Unisphere host, if the Symmetrix system contains a Unisphere for VMAX (SMC) eLicense. However, you can use Unisphere for VMAX to obtain and install the proper eLicense on the Symmetrix system. Symmetrix systems running Enginuity 5875.198.148 or lower do not require a license key. After a Symmetrix VMAX Family system that has been managed by SMC is upgraded to Enginuity 5876 or higher, Unisphere will operate with the Symmetrix system even if the proper eLicense is not present. The Unisphere for VMAX (SMC) eLicense is noted as In Use in Unisphere's eLicensing report. This designation means that the required eLicense is missing, but access to the system is still allowed to avoid service disruption. To clear this designation, you musts obtain and apply the proper eLicense. With the incorporation of Symmetrix Performance Analyzer into Unisphere for VMAX (as the performance option), the former Symmetrix Performance Analyzer host-based eLicense is no longer required. For more information on eLicensing, refer to the EMC Solutions Enabler Installation Guide.

Unisphere for VMAX Virtual Appliance

There are two versions of Unisphere for VMAX virtual appliances available for ESX V4.0 (and higher) Servers in a VMware environment: Unisphere for VMAX Unisphere for VMAX with Performance

For more information and instructions on installing the appliance, refer to Installing the Unisphere for VMAX Virtual Appliance on page 35.

Mainframe considerations
For installations where Unisphere for VMAX will be managing mainframe storage, review Configuring SMAS to work in z/OS, prior to installing Unisphere for VMAX.

Installation Guide: Before-you-begin

17

Chapter 1: Pre-installation considerations

Red Hat 6 64-bit Virtual Machine consideration

Prior to installing Unisphere for VMAX, you should verify that the host is in a properly configured IP network and that it can resolve IP addresses and hostnames.

18

Installation Guide: Before-you-begin

Chapter 1: Pre-installation considerations

Environment and system requirements

Unispheres web server is supported on the platforms listed in Table 2 on page 21. Unisphere can be used in remote client/server mode to communicate with SYMAPI servers on other systems, including supported versions of AIX, Linux, Solaris, HP-UX, z/OS, and Windows.

Solutions Enabler
Solutions Enabler 64 bit V7.6.0 is the minimum supported version, in local or client/server mode. In client/server mode, the Solutions Enabler version running on the server must be greater than or equal to the version running on the client. In addition, the storsrvd daemon must be running on the server.

EMC ControlCenter
If you plan to install Unisphere on the same host as EMC ControlCenter, refer to the EMC ControlCenter Performance and Scalability Guidelines for compatibility guidelines.

Symmetrix Enginuity
Unisphere supports the following Symmetrix Enginuity versions: Symmetrix VMAX 10K/20K/VMAX Series systems running Enginuity 5875 or higher Symmetrix VMAX 40K Series systems running Enginuity 5876 or higher Symmetrix DMX systems running Enginuity 5671 or higher The Performance option requires Enginuity 5773; or 5874 or higher.

Concurrent users
Unisphere for VMAX supports up to five concurrent users, with performance degradation occurring with more than three users.

VMware and Hyper-V guests

Unisphere is supported on a guest operating system on the following platforms, provided the guest is listed in the EMC Support Matrix and in VMware/Hyper-V support documentation, and Unisphere supports the platform. Note that the guest must provide the same CPU, memory, disk, gatekeeper, and other requirements as if it were installed on a physical machine: VMware ESX/ESXi Server versions 4.0, 4.1, 5.0, and 5.1 (and all updates of each version) Windows Server 2008 R2 (Standard and Enterprise)

Virtual machines must not be running on shared memory/resources.

Installation Guide: Environment and system requirements

19

Chapter 1: Pre-installation considerations

Client requirements
The Unisphere client is browser-based and does not use dynamic ports, so it will function with most VPN solutions. Table 1 defines the client requirements for Unisphere. Table 1: Unisphere client requirements Browser Internet Explorer Firefox Chrome Version 7.0 through 10.0 (Desktop only) 10.0.7 and 15.0 21.0.1180 Memorya Platform

600 MB

Windows

a . Required for the browser as it runs on the machine from which the Console was launched (Flash Player 11.2 or a later release is required).

The minimum client screen resolution is 1024 x 768.

20

Installation Guide: Environment and system requirements

Chapter 1: Pre-installation considerations

Server requirements
Unisphere must not be installed on the same host as the EMC ControlCenter infrastructure components. Table 2 defines the server requirements and limitations. Table 2: Server requirements and limitations Available Disk Spaced Operating System Windowsc Unisphere with Performance Available Memory Unisphere with Performance

Version Server 2008 SP2 (64-bit) Server 2008 R2 SP1 (64-bit) Server 2012 (64bit)

Hardwarea

Unisphere

Unisphere

Volumesb

Linux

Red Hat AS/ES 5.8 through 6.2 (64-bit)e SUSE Linux 10 (all SPs) and 11 (SP1 and SP2) (64bit)

1.8 GHz

1 GB

100 GB

4 GB

8 GBd

80,000

a. b. c. d.

e.

Requires a minimum of one dual-core processor or two CPUs. Consult the EMC E-Lab Interoperability Navigator for supported hardware. Up to 80,000 volumes or up to 10 Symmetrix systems, whichever limit occurs first. Unisphere for VMAX is not supported on Windows Core. This is the minimum amount of memory required to successfully run Unisphere with the performance option on the server; it is not the total amount of memory on the server. If a server has a total of 8 GB of physical memory installed and there is only 6 GB available before installing Unisphere with the performance option, you may experience performance issues with the application. If running on a Virtual Machine, this amount must be dedicated memory, not shared memory. Before attempting to install Unisphere on Red Hat Linux 6.0 or a later release, verify that the following packages are installed. Not all installer packages include these libraries by default, so it is important to verify their presence before running the installation program. Do NOT attempt to run the installation process without them. The packages are: libstdc++-devel-4.4.4-13.el6.i686.rpm libstdc++-4.4.4-13.el6.i686.rpm libaio-0.3.107-10.el6.i686.rpm ncurses-libs-5.7-3.20090208.el6.i686.rpm WARNING: Without these items, the product will fail to install and will not function properly.

Installation Guide: Environment and system requirements

21

Chapter 1: Pre-installation considerations

Other Requirements
Unisphere for VMAX can be installed on the same system as the SYMAPI server, or on a system connected to the SYMAPI server. Refer to Figure 1 on page 16 and Figure 2 on page 17, respectively. If you are changing your SYMAPI connection type, such as changing from a local connection to a client/server configuration, you must perform a fresh installation. If upgrading from SPA V2.2.1 or higher to Unisphere V1.6, back up the SPA database using the SPA DB Backup utility for Unisphere. This utility is available on the EMC online support website (look for SPADBUpgradeBackupSMAStoUniVMAX). For instructions on how to use the utility, refer to the accompanying README file. After the installation of Unisphere, use the Restore option. The SPA online help provides instructions on backing up and restoring the SPA database. If upgrading from a version lower than SPA 2.2.1, first upgrade to SPA 2.2.1, then upgrade to Unisphere as outlined in the previous bullets in this section. Linux installations: Before starting a new installation of Unisphere with the Performance option on Linux, the mysql user and mysql group must be present. In addition, the mysql user password must be mysql and the user must be a member of the mysql group. An example of the MySQL instructions follows: shell> groupadd mysql shell> useradd -m -g mysql -p mysql mysql

22

Installation Guide: Environment and system requirements

CHAPTER 2 Installing Unisphere for VMAX

This chapter explains how to install Unisphere for VMAX: Installing Unisphere for VMAX Completing the installation Launching Unisphere Upgrading to Unisphere for VMAX with Performance Uninstalling Unisphere for VMAX 24 27 29 30 33

Chapter 2: Installing Unisphere for VMAX

23

Chapter 2: Installing Unisphere for VMAX

Installing Unisphere for VMAX

This section describes how to access and install the Unisphere for VMAX software.

Step 1: Accessing the software

Unisphere for VMAX is distributed as a platform-specific kit that can be downloaded from the EMC Online Support site at: https://support.EMC.com The following kits are available: For Windows 64-bit: UNIVMAX_V1.6.0.x_WINDOWS_X86_64.exe For Linux 64-bit: UNIVMAX_V1.6.0.x_LINUX_X86_64.bin In the file names above, the x in 1.6.0.x represents the software build number. That number will vary based on when the software was built. To access the software from online support: 1. 2. Save all files and exit all applications. On the EMC Online Support site: a. b. c. 3. Click Support By Product in the main navigation bar. In the Find a Product box, type Unisphere for VMAX and click the arrow. Locate the appropriate kit and download it to a directory on the hosts drive.

Continue with Step 2: Installing the software, next.

Step 2: Installing the software

You can install Unisphere using an installation wizard, as described in Step 2A: Installing Unisphere for VMAX using the wizard in the next section, or from the command line, as described in See Step 2B: Installing Unisphere for VMAX from the command line on the facing page.). To install Unisphere using the wizard in Linux, the display manager must be enabled; otherwise, the installer defaults to console mode.

Step 2A: Installing Unisphere for VMAX using the wizard

To install Unisphere for VMAX using the wizard: 1. 2. 3. 4. Change directory to the location of the kit and run the appropriate executable for your operating system. In the Introduction page, review the recommendations and click Next. In the Choose Install Folder page, click Next to accept the default directory, or click Choose to select another directory. In the Choose Install Set page, click Unisphere for VMAX to install Unisphere or Unisphere for VMAX with Performance Analyzer to install Unisphere with the Performance option, and then click Next. In the SYMAPI Connection Type page:

5.

24

Installation Guide: Installing Unisphere for VMAX

Chapter 2: Installing Unisphere for VMAX

a.

Specify an Initial Setup User name (default is smc). You can either accept the default or use your Windows username if you have authorization enabled on the Unisphere server host. See Initial Setup User on page 16. explains the role of the Initial Setup User. Specify a Connection Type for the initial login based on the following: Local On a host with Solutions Enabler installed and attached to Symmetrix systems. Remote On a remote server connected to a SYMAPI server; you must specify the SYMAPI server Node Name and Net Port. The default net port for SYMAPI is 2707. See Local and remote installation options on page 16. provides more information on each of the connection types.

b.

c. 6.

Click Next.

In the Ports Configuration page, specify the ports to use/enable when connecting to the Unisphere server. The default ports of the Unisphere server and Performance database (if installing Unisphere with the Performance option) are shown. If you want to use the default ports, verify that they are available, and click Next to accept and enable them. Otherwise, you can specify and enable different ports, and click Next.

7.

In the Pre-Installation Summary page, verify the summary information, and click Install to continue the installation.

8. In the Install Complete page, click Done.

Step 2B: Installing Unisphere for VMAX from the command line
To install Unisphere for VMAX from the command line: 1. 2. 3. Save all files and exit all applications. Change directory to the location of the kit. Run the following command if you are installing Unisphere on Windows: KitName -i console Or the following command if you are installing Unisphere on Linux: chmod +x KitName ./KitName Where KitName is one of the following operating system-specific kit names: For Windows 64-bit: UNIVMAX_V1.6.0.x_WINDOWS_X86_64.exe For Linux 64-bit: UNIVMAX_V1.6.0.x_LINUX_X86_64.bin In the file names above, the x in 1.6.0.x represents the software build number. That number will vary based on when the software was built. 4. 5. 6. 7. In the Introduction panel, review the recommendations and press Enter . In the Choose Install Folder panel, press Enter to accept the default directory, or specify a different directory and press Enter . In the Choose Install Set panel, press Enter to install Unisphere for VMAX or type 2 and press Enter to install Unisphere for VMAX with Performance Analyzer . In the SYMAPI Connection Type page:

Installation Guide: Installing Unisphere for VMAX

25

Chapter 2: Installing Unisphere for VMAX

a.

Specify an Initial Setup User name (default is smc). You can either accept the default or use your Windows username if you have authorization enabled on the Unisphere server host. See Initial Setup User on page 16. explains the role of the Initial Setup User. Specify a Connection Type for the initial login based on the following: Local On a host with Solutions Enabler installed and attached to Symmetrix systems. Remote On a remote server connected to a SYMAPI server; you must specify the SYMAPI server Node Name and Net Port. The default net port for SYMAPI is 2707. See Local and remote installation options on page 16. provides more information on each of the connection types.

b.

8.

In the Ports Configuration panel, specify the ports to use or enable when connecting to the Unisphere server. The default ports of the Unisphere web server are shown. If you want to use the default ports, verify that they are available and press Enter to accept and enable them. Otherwise, you can specify and enable different ports, and press Enter .

9.

In the Pre-Installation Summary panel, verify the summary information, and then press Enter to continue the installation.

10. In the Install Complete panel, press Enter . 11. Refer to Completing the installation in the next section for instructions on completing the installation.

26

Installation Guide: Installing Unisphere for VMAX

Chapter 2: Installing Unisphere for VMAX

Completing the installation

This section describes the tasks to perform after the installation has been completed.

Configuring language and regional settings

For Windows users outside the United States, you must configure your regional and language settings to English (United States) if you plan on using the graph feature of the Quality of Service (QoS) and Replication Monitors. To configure your settings: 1. 2. 3. 4. 5. Stop the EMC SMAS service (if it is running). Starting and stopping the SMAS service on next page provides instructions. In the Windows Control Panel, double-click Regional and Language Options. On the Regional Options tab, set the Standards and formats to English (United States). On the Advanced tab, set the Language for non-Unicode programs to English (United States) and select Apply all setting to the current user account and to the default user profile. Restart the service.

Installing a Unisphere license

Before you can manage a Symmetrix system running Enginuity 5876 or higher, you must install a Unisphere for VMAX (SMC) eLicense on the Symmetrix system. For instructions on installing licenses, refer to Installing Licenses in the Unisphere online help.

Excluding the data and temp directories from virus scans

This section applies only to Unisphere for VMAX with the Performance option. MySQL advises that you exclude the following directories from any virus scan: The data directory and all its subdirectories (<InstallDirectory>\EMC\SMAS\jboss\standalone\data\msq\data) The temp directory (<InstallDirectory>\EMC\SMAS\jboss\standalone\data\msq\temp) Not following this advice may lead to data corruption in the Performance database.

Starting and stopping the Performance database

This section applies only to Unisphere for VMAX with the Performance option.

Linux
To start/stop the Performance database (MySQL) in Linux, change to this directory: <InstallDirectory>/SMAS/jboss/standalone/data/msq and use the following commands:

Installation Guide: Completing the installation

27

Chapter 2: Installing Unisphere for VMAX

Action Start (Always start the Performance DB before starting the SMAS service.) Stop (Always stop the SMAS service before stopping the Performance DB.)

Command ./smas_mysql_unix_helper.sh -S ./smas_mysql_unix_helper.sh -k

Windows
To start/stop the EMC_smasdb service in Windows, use the Control Panel (Administrative Tools, Services). Alternatively, you can use the following commands to start/stop the Windows services using CLI: net net net net start "EMC Symmetrix Management Application Server" stop "EMC Symmetrix Management Application Server" start "EMC_smasdb" stop "EMC_smasdb"

Starting and stopping the SMAS service

Take the necessary precautions before starting/stopping the service.

Linux
To start/stop the SMAS service in Linux, change to this directory: /etc/init.d and use the following commands: Action Start server (Always start the Performance DB before starting the SMAS service.) Stop server (Always stop the SMAS service before stopping the Performance DB.) Command ./smas start ./smas stop

Windows
To start/stop the EMC Symmetrix Management Application Server in Windows, use the Services panel (Control Panel, Administrative Tools, Services).

28

Installation Guide: Completing the installation

Chapter 2: Installing Unisphere for VMAX

Launching Unisphere
To launch Unisphere: 1. Type the following URL in a browser: https://<Host_IP>:8443 For your browser to access the Unisphere for VMAX console, Flash Player 11.2 or a later release is required. Flash Player is available from the Adobe website. 2. On the login window, type smc for both the ID and Password, and then click Login.

Installation Guide: Launching Unisphere

29

Chapter 2: Installing Unisphere for VMAX

Upgrading to Unisphere for VMAX with Performance

The following upgrade paths are supported with this release of Unisphere for VMAX: Unisphere for VMAX V1.0 or higher Symmetrix Management Console version 7.3.3 / Symmetrix Performance Analyzer version 2.3.3 Direct upgrade from 32 bit SMC is not supported. To upgrade in this scenario, upgrade to Unisphere for VMAX V1.0 first, and then to Unisphere for VMAX V1.6. The installation program automatically upgrades your installation according to the settings used in the previous installation, including port, connection type, and whether the Performance option is installed. The following Unisphere for VMAX settings from your previous installation are maintained through the upgrade process: Users Alert Policies and Threshold Settings Email Settings: Mailing List and SMTP Config Performance dashboard settings Queries

Before upgrading Unisphere for VMAX with the Performance option

Before upgrading please check the size of the performance database folder under \EMC\SMAS\jboss\standalone\data\msq. An upgrade requires at least the same amount of available disk space. As a safeguard, follow these steps: Refer to the Unisphere for VMAX online help to perform these tasks. 1. 2. 3. Backup the Performance database. Record the Symmetrix system registrations, including the settings for data collection and diagnostic interval. Export the Performance settings (metric and alert definitions and user templates). This operation requires setting a password to use when you import the saved settings to the new system.

Upgrading Unisphere for VMAX using the wizard

To upgrade to Unisphere, or Unisphere with the Performance option for Windows: 1. 2. 3. 4. Access the software, as described in Step 1: Accessing the software on page 24. Navigate to the location of the kit and run the appropriate executable for your operating system. In the instance detected message window, click Upgrade Installed Features. In the Introduction Upgrade Feature page, click Next.

30

Installation Guide: Upgrading to Unisphere for VMAX with Performance

Chapter 2: Installing Unisphere for VMAX

5.

In the Pre-Installation Summary page, click Install. The upgrade process completes.

Upgrading Unisphere for VMAX from the command line

To upgrade to Unisphere, or Unisphere with the Performance option for Linux: 1. 1. 2. 3. Stop the SMAS service, as described in Starting and stopping the SMAS service on page 28. Access the software, as described in Step 1: Accessing the software on page 24. Navigate to the location of the kit and run the appropriate executable for your operating system. The screen message displays: An instance of Unisphere for VMAX with Performance was detected on this host. Would you like to upgrade the currently installed Unisphere for VMAX with Performance Analyzer 1.6.0 or exit the install. Choose 2 (Upgrade Installed Features). 4. 5. 6. 7. The installation script displays the current Unisphere version and the version to which you will upgrade. Press Enter . The installation script informs you that it is stopping the database. Press Enter to continue. InstallAnywhere will guide you through the upgrade installation of Unisphere for VMAX with the Performance option. Press Enter through each option in the installation process. The upgrade process completes.

After upgrading the Unisphere for VMAX with the Performance option
After completing the upgrade to Unisphere for VMAX, follow these steps: 1. If you were using Link and Launch client registrations to launch Unisphere from ControlCenter, ProSphere, or vSphere VSI clients, you must re-register your host with Unisphere. The Adding Link & Launch client registrations section in the Unisphere help provides instructions. If upgrading from SMC V7.3.x to Unisphere for VMAX on a system configured for LDAP, the Initial Setup User must re-enter the bind password in the Configure Authentication box; otherwise, LDAP users cannot log in. The Configuring Authentication section in the Unisphere help provides instructions.

2.

Verify your Performance data:

3. 4. 5. Verify your Symmetrix system registrations, data collection, and diagnostic intervals. (Compare to the registration settings you recorded prior to the upgrade.) Verify your database. If necessary, restore your database from the Unisphere for VMAX console. Verify the Performance settings (metric and alert definitions and user templates). If you need to import the performance settings, use the password you set when you exported the settings. Refer to the Unisphere for VMAX online help to perform these tasks.

Installation Guide: Upgrading to Unisphere for VMAX with Performance

31

Chapter 2: Installing Unisphere for VMAX

Adding the Performance option (at a later time)

If you need to add the Performance option to an existing Unisphere for VMAX V1.6 configuration, follow these steps:

Using the Wizard (for Windows)

1. 2. 3. 4. 5. 6. Access the software, as described in Step 1: Accessing the software on page 24. Change directory to the location of the kit and run the appropriate executable for your operating system. In the UNIVMAX Instance detected box, click Add New Feature. In the Introduction Add Feature page, click Next. In the Ports Configuration page, the default port displays. You can specify the port to use or enable when connecting to the Performance database. In the Pre-Installation Summary page, click Install.

Using the command line (for Linux)

1. 2. 3. 4. Stop the SMAS service, as described in Starting and stopping the SMAS service on page 28. Access the software, as described in Step 1: Accessing the software on page 24. Change directory to the location of the kit and run the appropriate executable for your operating system. The screen message displays: An instance of Unisphere for VMAX with Performance was detected on this host. Would you like to upgrade the currently installed Unisphere for VMAX with Performance Analyzer 1.6.0 or exit the install. Choose 2 (Upgrade Installed Features). 5. 6. 7. 8. In the Introduction Add Feature line, press Enter to continue. In the Create the 'mysql' group and 'mysql' user before continuing, press Enter . In the Ports Configuration line, the default port displays. Press Enter to accept the default port, or specify the port to use and press Enter . In the Pre-Installation Summary section, press Enter to continue.

32

Installation Guide: Upgrading to Unisphere for VMAX with Performance

Chapter 2: Installing Unisphere for VMAX

Uninstalling Unisphere for VMAX

This section describes how to uninstall Unisphere for VMAX.

Before you begin

Before you begin uninstalling Unisphere for VMAX, review the following: Uninstalling Unisphere with the Performance option removes the Performance database. The Unisphere online help provides instructions on backing up/restoring the Performance database should you want to reuse it at a later time. During an uninstallation, the installation program prompts you to export your customized performance settings (metrics and threshold settings only) to file that can be imported to another Unisphere environment. The Unisphere online help provides instructions on exporting/importing your customized performance settings. Uninstalling Unisphere terminates all client sessions to the SMAS server and any SYMAPI operations in progress.

Uninstalling from Windows

You can uninstall Unisphere for VMAX from a Windows host using either the Windows Add/Remove Programs box, the command line, or Windows Explorer.

Using Windows Add/Remove Programs

To uninstall Unisphere for VMAX from the Windows Add/Remove Programs box: 1. 2. 3. 4. From the Windows Start menu, select Settings, Control Panel, Add/Remove Programs. In the Add/Remove Programs dialog, select EMC UNIVMAX and click Change/Remove. In the Uninstall EMC UNIVMAX wizard, click Uninstall. Complete the remaining steps in the wizard.

Using the command line

To uninstall Unisphere for VMAX using the command line: 1. 2. 3. Change directory location to: <InstallDirectory>\EMC\SMAS\_EMC_SMAS_installation Type the following to launch the uninstallation wizard: Uninstall_EMC_SMAS_Installation -i console Complete the steps in the wizard. A few files remain after the uninstallation operation. To remove them you can delete the SMAS folder.

Using Windows Explorer

To uninstall Unisphere for VMAX using Windows Explorer: 1. Double-click the following to launch the uninstallation wizard:

Installation Guide: Uninstalling Unisphere for VMAX

33

Chapter 2: Installing Unisphere for VMAX

<InstallDirectory>\EMC\SMAS\_EMC_SMAS_installation\ Uninstall_EMC_SMAS_Installation.exe 2. Complete the steps in the wizard. A few files remain after the uninstallation operation. To remove them you can delete the SMAS folder.

Uninstalling from Linux

You can uninstall Unisphere for VMAX from a Linux host using the command line: 1. 2. 3. Navigate to the following directory: <InstallDirectory>/EMC/SMAS/_EMC_SMAS_installation Type the following to launch the uninstallation wizard: ./Uninstall_EMC_SMAS_Installation.exe -i console Complete the steps in the wizard. A few files remain after the uninstallation operation. To remove them you can delete the SMAS directory.

34

Installation Guide: Uninstalling Unisphere for VMAX

CHAPTER 3 Installing the Unisphere for VMAX Virtual Appliance

This chapter describes how to install the Unisphere for VMAX Virtual Appliance in a VMware infrastructure environment: Introduction Before you begin Installing the virtual appliance directly on the ESX Server Installing the virtual appliance through a vCenter Server Installing the virtual appliance using OVFTOOL Launching Unisphere or the vApp Manager Registering the VASA Provider with vSphere Upgrading the Unisphere for VMAX Virtual Appliance Upgrading the Unisphere for VMAX Virtual Appliance using an ISO image Re-configuring the virtual appliance IP address Deleting the Unisphere for VMAX Virtual Appliance Backing up and restoring the Performance database Installing licenses 36 38 39 42 44 46 47 48 53 55 56 57 59

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

35

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Introduction
The Unisphere for VMAX Virtual Appliance and the Unisphere for VMAX with Performance Virtual Appliance are VMware ESX Server virtual machines that provide all of the components you need to manage your Symmetrix environment using the storsrvd daemon and Solutions Enabler network client access. These include: EMC Unisphere for VMAX V1.6 (standalone or with the Performance option) EMC Solutions Enabler V7.6.0 (solely intended as a SYMAPI server for Solutions Enabler client access) Linux OS (SUSE 11 64-bit SP2) Root login is not supported on SUSE 11 SP2 virtual machines. SMI-S Provider V4.6.0

In addition, the appliances include a browser-based console to configure your storage environment. The following consoles enable you to perform configuration tasks not available in the appliances directly: EMC vApp Manager for Unisphere for VMAX - Management EMC vApp Manager for Unisphere for VMAX - Management & Performance

Using these consoles, you can perform the following tasks: Launch Unisphere Monitor the application status Start and stop selected daemons Import and export persistent data Configure the nethost file (required for client access) Discover storage systems Modify options and daemon options Add host-based license keys Run a limited set of Solutions Enabler CLI commands Configure ESX host and gatekeeper volumes Load Symmetrix-based eLicenses Configure LDAP Configure iSCSI initiator and map iSCSI gatekeeper volumes Configure additional NIC card (optional) Download SYMAPI debug logs Import CA signed certificate for web browser

36

Installation Guide: Introduction

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Import custom certificate for storsrvd daemon Check disk usage Restart appliance Configure symavoid entries Load Symmetrix-based eLicenses Enable SSH Manage users Reset hostname Update etc/hosts For information on using the vApp Manager console, refer to its online help.

Installation Guide: Introduction

37

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Before you begin

Before you begin to install either Unisphere for VMAX Virtual Appliance or Unisphere for VMAX Virtual Appliance with the Performance option, be sure to complete the tasks listed in this section. Verify that you are installing the latest version of the appliance by checking EMC online support for updates. Verify that the client is running: VMware vSphere Client Either of the following browsers with cookies and javascript enabled: Internet Explorer 7.0 through 10.0 (Desktop only) Firefox 10.0.7 and 15.0 Chrome 21.0.1180

Browsers should have Flash Player 11.2 or a later release installed. If your browser has an outdated version of Flash Player, you are prompted to download the latest version when you start the web console. Verify that the virtual machine is not running shared memory/resources. Verify that the VMware ESX Server has a dual CPU and meets the minimum requirements listed in Table 3: Unisphere for VMAX 4.0 or higher 16 GB 2 GB Unisphere for VMAXwith Performance 4.0 or higher 91 GB 8 GB

Table 3: Unisphere for VMAX Virtual Appliance VMware ESX Server requirements Requirement ESXServer version Disk space Memory

38

Installation Guide: Before you begin

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Installing the virtual appliance directly on the ESX Server

This section describes how to install the Unisphere for VMAX Virtual Appliance (with or without Performance Analyzer) directly on the ESX Server.

Step 1: Installing the virtual appliance

To install the virtual appliance: 1. On the EMC Online Support site: a. b. c. Click Support By Product in the main navigation bar. In the Find a Product box, type Unisphere for VMAX and click the arrow. Locate the appropriate kit and download the OVF archive file (*.ova) containing the installation program to a temporary directory: Unisphere for VMAX Virtual Appliance file name: univmax160_x_suse11_x86_64_vapp_OVF10.ova Unisphere for VMAX with Performance Virtual Appliance file name: univmaxpa160_x_suse11_x86_64_vapp_OVF10.ova

In the file names above, the x in 160_x represents the build number. That number will vary based on when the software was built. 2. 3. 4. 5. 6. 7. 8. 9. Start the vSphere Client and log in to the ESX Server on which you want to install the appliance. Click Ignore in the security warning message. From the File menu, select Deploy OVF Template. Browse to the OVF archive file, located in the temporary directory you created earlier. Select the OVF archive file with the suffix *vapp_OVF10.ova. Click Next. On the OVF Template Details page, verify the details about the appliance and click Next. On the End User License Agreement page, select Accept and click Next. On the Name and Location page, specify a name for the appliance and click Next.

10. On the Disk Format page, select the format in which to store the virtual machines virtual disks and click Next. 11. On the Network Mapping page, select the network you want the virtual appliance to use and click Next. 12. On the Ready to Complete page, verify the information and click Finish . 13. In the Completed Successfully message, click Close.

Step 2: Powering on and configuring the virtual appliance

To power on and configure the virtual appliance: 1. 2. 3. On the Summary page of the Virtual Infrastructure Client, click Power On. Click the Console tab and watch as the appliance starts up. At the following prompt, type y and press Enter to configure static IP address: Do you want to configure static IP address? [y]/n:
Installation Guide: Installing the virtual appliance directly on the ESX Server 39

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

A [y]es response produces the following series of prompts that enable you to configure your network: IP Address [ ]: Type the address assigned to the appliance and press Enter . The virtual appliance uses this IP address to query the DNS Server and get its hostname. Therefore, you must ensure that the IP address has a hostname mapping in the DNS Server. Netmask [ ]: Type the mask of the network on which the appliance is located and press Enter . Gateway [ ]: Type the gateway address to the network on which the appliance is located and press Enter . Is a proxy server necessary to reach the internet? y/n [n]: A [y]es response enables you to specify the IP address of the proxy server and the port. A [n]o response continues the configuration.

The network is configured at this point. 4. At the following prompt, specify whether you want to set the time zone: Do you want to set the time zone? y/[n] : A [n]o response continues the configuration. If you select this option, you can use the appliance console to specify the time zone at a later time. A [y]es response produces the following series of prompts that enable you to set the time zone: Please select a continent or ocean Type the number that corresponds to the time zone location and press Enter. Please select a country Type the number that corresponds to the country-specific time zone you want to set and press Enter. Please select one of the following time zone regions Type the number that corresponds to regional time zone you want to set and press Enter. Is the above information OK? A [y]es response accepts your answers. A [n]o response enables you to go back and change your responses. 5. At the following prompt, specify whether you want to enter the host ESX Server information: Do you want to set the host ESX Server y/[n]? : A n response continues the configuration. If you select this option, you can use the virtual appliance console to enter the host ESX Server details at a later time. For instructions, refer to the vApp Managers online help.

40

Installation Guide: Installing the virtual appliance directly on the ESX Server

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

A y response prompts you for the ESX Server hostname, in which case you should type the fully qualified hostname of the ESX Server and press Enter.

A Welcome screen opens. You have now finished installing the Unisphere Virtual Appliance. 6. Continue with Installing the Unisphere for VMAX Virtual Appliance, next.

Step 3: Adding gatekeepers

Solution Enabler manages Symmetrix systems through gatekeeper volumes mapped to the virtual appliance as RDM pass-through volumes. The management is done through EMC proprietary commands using SCSI 3B/3C WRITE/READ commands. For every call, a WRITE command is issued to send the request, and then a READ command to get the results. Unisphere for VMAX requires gatekeepers. For specific recommendations on the number of gatekeepers required for all Symmetrix configurations, refer to EMC Knowledgebase solution emc255976 available on the EMC Online Support site. 1. Use either of the following methods to add gatekeeper volumes: Add them through the vApp Manager. For instructions, refer to the vApp Manager online help. After adding gatekeepers through the vApp Manager, you must also restart the SMC daemon through the vApp Manager. 2. Present them as raw device mapping (RDM) volumes through the vSphere client. For instructions, refer to the appropriate VMware documentation.

Continue with Launching Unisphere or the vApp Manager on page 46.

Installation Guide: Installing the virtual appliance directly on the ESX Server

41

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Installing the virtual appliance through a vCenter Server

This section describes how to install the virtual appliance through a vCenter Server 4.0 and higher.

Step 1: Configuring the virtual appliance

To configure the virtual appliance: 1. On the EMC Online Support site: a. b. c. Click Support By Product in the main navigation bar. In the Find a Product box, type Unisphere for VMAX and click the arrow. Locate the appropriate kit and download the OVF archive file (*.ova) containing the installation program to a temporary directory: Unisphere for VMAX Virtual Appliance file name: univmax160_x_suse11_x86_64_vapp_OVF10.ova Unisphere for VMAX with Performance file name: univmaxpa160_x_suse11_x86_64_vapp_OVF10.ova

In the file names above, the x in 160_x represents the build number. That number will vary based on when the software was built. 2. 3. 4. 5. 6. 7. 8. 9. Start the vSphere Client and log in to the vCenter Infrastructure Server through which you want to install the virtual appliance. Click Ignore in the security warning message. From the navigation tree, select the ESX Server on which you want to install the virtual appliance. From the File menu, select Deploy OVF Template. Browse to the OVF archive file, located in the temporary directory you created earlier. Select the OVF archive file with the suffix *vapp_OVF10.ova. Click Next. On the OVF Template Details page, verify the details about the appliance and click Next. On the End User License Agreement page, select Accept and click Next.

10. On the Name and Location page, specify a name for the appliance and click Next. 11. Select the host/cluster on which to run the virtual appliance. 12. If the resource pool is available, select it; otherwise, continue with this procedure. 13. If more than one datastore is attached to the ESX Server, select the datastore for your appliance; otherwise, continue with this procedure. 14. On the Network Mapping page, select the network you want the virtual appliance to use and click Next. 15. On the IP Address Allocation page, set the IP allocation policy for the virtual appliance to Static: 16. Use the drop-down list to choose an IP protocol (IPv4) to use and click Next. 17. Customize the software solution for this installation by doing the following: a. Provide valid values for the following OVF properties:
42

IP Address Netmask

Installation Guide: Installing the virtual appliance through a vCenter Server

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

b.

Gateway DNS Server 1 DNS Server 2

Optionally, provide/select valid values for the following OVF properties: Ignore the Network Properties section that appears in vSphere V5.0 and higher. Time zone: Select the appropriate time zone. Proxy Server: Enter the IP address of the proxy server and port. For example: ProxyServer-IP:Port ESX Server Name: Enter the fully qualified ESX Server hostname. ESX Server Password: Enter the ESX Server password in base64 encryption format. Default Gateway DNS Network 1 IP Address Network 1 Netmask Network 2 IP Address Network 2 Netmask

18. On the Ready to Complete page, verify the information and click Finish . 19. In the Completed Successfully message, click Close.

Step 2: Powering on the virtual appliance

To power on the virtual appliance: 1. 2. 3. On the Summary page of the Virtual Infrastructure Client, click Power On. Click the Console tab and watch as the appliance starts up. A Welcome screen opens. You have now finished installing the Virtual Appliance. Continue with Step 3: Selecting gatekeepers, next.

Step 3: Selecting gatekeepers

Select gatekeepers as described in Step 3: Adding gatekeepers on page 41.

Installation Guide: Installing the virtual appliance through a vCenter Server

43

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Installing the virtual appliance using OVFTOOL

You can install the virtual appliance through the command line from any Windows or Linux host. This section explains how to install the virtual appliance using OVFTOOL. To install the virtual appliance using OVFTOOL, the following are required: vCenter Server 4.0 or a later release. ESX Server 4.0 or a later release managed by vCenter Server 4.x. VMware OVFTOOL 1.0 or a later release. Refer to the appropriate documentation for installing vCenter Server and VMware OVFTOOL. Here is a brief description of the steps on how to install the virtual appliance using OVFTOOL: 1. 2. 3. 4. 5. Install and set up the vCenter Server. Add the ESX Server to the vCenter Server datacenter. Install VMware OVFTOOL on a Windows or Linux host. Move the Unisphere for VMAX Virtual Appliance kit to the same Linux host. Run the ovftool command with necessary command line switches. For more information on using the command, refer to Using OVFTOOL. Unisphere for VMAX Virtual Appliance is installed and powered on automatically. 6. 7. Add Gatekeeper(s). Continue with Launching Unisphere or the vApp Manager on page 46.

Using OVFTOOL
OVFTOOL has the following syntax: /usr/bin/ovftool --acceptAllEulas --overwrite --powerOffTarget -powerOn --prop:ipAddress=<IP-ADDRESS> --prop:netmask=<NETMASK> -prop:gateway=<GATEWAY> --prop:dns1=<DNS1> --prop:dns2=<DNS2> -prop:timezone=<TIMEZONE> --prop:esxServer=<ESX-SERVER> --prop:encr yRootPasswd=<ROOT-PASSWORD> --name=<VM-DISPLAYNAME> -datastore=<DATASTORE> --net:Network\ 1=<VM Network Port Group> -net:Network\ 2=<VM Network Port Group> <OVA-FILE> vi://Administrator:<vCenter-admin-passwd>@<vCenterServer>/<DataCenter-Name>/host/<esx-server-name> Parameter <IP-ADDRESS> <NETMASK> <GATEWAY> <DNS1> <DNS2> Description IP Address of the Virtual Appliance Netmask of the Virtual Appliance Gateway IP address of DNS Server1 IP address of DNS Server2

44

Installation Guide: Installing the virtual appliance using OVFTOOL

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Parameter <TIMEZONE> <ESX-SERVER> <ROOT-PASSWORD>

Description Time Zone setting. (Optional) Fully qualified hostname of ESX server. (Optional) Root password of ESX Server in base64 encrypted format. (Optional) VM Displayname To automatically add gatekeeper volumes during virtual appliance boot, VM Displayname must be the same as the fully qualified hostname of the Virtual Appliance. Name of the datastore attached to ESX Server Required only if more than one datastore is attached to ESX Server VM network port group. If both NIC cards need to be in different networks, the VM Network port group needs to be different. Absolute path of ova file Name of the vCenter vCenter Server's Administrator password ESX Server name as displayed in the vCenter Server

<VM-DISPLAYNAME>

<DATASTORE>

<VM Network Port Group>

<OVA-FILE> <vCenter-Server> <vCenter-admin-passwd> <esx-server-name>

Installation Guide: Installing the virtual appliance using OVFTOOL

45

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Launching Unisphere or the vApp Manager

After you have finished installing the appliance, you can either launch Unisphere or the vApp Manager, and/or connect to the API server through the Solutions Enabler client.

Launching Unisphere
To launch Unisphere: 1. Type one of the following URLs in a browser: https://<appliance_IP>:8443 or https://<appliance_host_name>:8443 For your browser to access the Unisphere for VMAX console, Flash Player 11.2 or a later release is required. Flash Player is available from the Adobe website. 2. On the login window, type smc for both the ID and Password, and then click Login.

Launching the vApp Manager

To launch the vApp Manager: 1. Type one of the following URLs in a browser: https://<appliance_IP>:5480 or https://<appliance_host_name>:5480 For either of the URLs above, the browser is redirected as shown in the next table. Original URL https://<appliance_IP>:5480 https://<appliance_host_name>:5480 2. Redirected URL https://<appliance_IP>:8443/SE https://<appliance_IP>:8443/SE

On the log in panel, type seconfig for both the User and Password, and then click Login. It is recommended that you change the password from the vApp Manager on first login. The vApp Manager can also be configured to use LDAP for user authentication. For more information, refer to the vApp Manager online help. The vApp Manager appears. For information on using the vApp Manager, refer to its online help.

Connecting to the API server

For instructions on connecting to the API server, refer to the EMC Solutions Enabler Installation Guide.

46

Installation Guide: Launching Unisphere or the vApp Manager

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Registering the VASA Provider with vSphere

VMware VASA (VMware APIs for Storage Awareness) Provider improves VMware vSphere's ability to monitor and automate storage-related operations. VASA Provider reports information about storage topology, capabilities, and status, as well as storage events and alerts to VMware. It is a standard vSphere management plug-in that is installed on each vCenter server, and it interacts with VMware APIs for Storage Awareness. To register the VASA Provider with vSphere: 1. 2. 3. 4. Connect to the VMware vCenter Server 5.0 or a later release using vSphere Client. In the Virtual Data Center, navigate to Home > Administration > Storage Providers, and click Storage Providers in the navigator bar. In the Vendor Providers pane, select Add. Add the vendor provider properties (name, url, and login information). For ECOM login credentials, refer to SMI-S provider documentation. For the url, use https://<vapp-ip>:5989/vasa/services/vasaService When the VASA Provider is connected, the VI Client displays the SSL certificate. 5. 6. Click Yes to complete the registration. Verify registration with vSphere: a. b. Navigate to Home > Administration > Storage Providers > Vendor Providers. Verify that the VASA Provider is listed and displays the list of managed storage systems.

Installation Guide: Registering the VASA Provider with vSphere

47

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Upgrading the Unisphere for VMAX Virtual Appliance

Periodically, EMC releases virtual appliances with security patches and hotfixes for the virtual appliance. These are available on the EMC online support website as *ova files. The steps to update your virtual appliance depend on your update path: Table 4: VMAX 1.6 Virtual Appliance update paths From: Unisphere V1.0 or a later release with the Performance option To: Unisphere V1.6 with the Performance option Complete: 1. Step 1: Backing up persistent data below. 2. Step 2B: Updating Unisphere for VMAX with the Performance option from V1.0 to V1.6 on page 50 3. Step 3: Restoring persistent data on page 51. 4. See "Step 4: Completing the upgrade" on page 51. Unisphere V1.0 or a later release without the Performance option Unisphere V1.6 1. Step 1: Backing up persistent data below. 2. Installing the virtual appliance directly on the ESX Server on page 39 or Installing the virtual appliance through a vCenter Server on page 42 3. Step 3: Restoring persistent data on page 51. 4. Step 4: Completing the upgrade on page 51. Symmetrix Management Console V7.3.3 with Symmetrix Performance Analyzer Unisphere V1.6 with the Performance option Unisphere V1.6 1. Step 1: Backing up persistent data below. 2. Step 2A: Updating the SPA Virtual Appliance V7.3.3.x to Unisphere for VMAX with the Performance option on the facing page. 3. Step 3: Restoring persistent data on page 51. 1. Step 1: Backing up persistent data below. 2. Installing the virtual appliance directly on the ESX Server on page 39 or Installing the virtual appliance through a vCenter Server on page 42, depending on your environment. 3. Step 3: Restoring persistent data on page 51.

Symmetrix Management Console V7.3.3 without Symmetrix Performance Analyzer

Step 1: Backing up persistent data

Before backing up your persistent data, note the following: Local directory authentication must be enabled through the Unisphere for VMAX GUI. For instructions, refer to Configuring Authentication Authorities in the Unisphere online help. The IP address and hostname must be the same. Do the following to back up the persistent data: 1. Log in to the web console of the existing appliance.

48

Installation Guide: Upgrading the Unisphere for VMAX Virtual Appliance

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

2. 3.

Click Export Persistent Data to download a zip file containing Solutions Enabler persistent data to your desktop. Extract the zip file to your machine. Note the location of the file encrypt_se_export_ persistent_<data_time-stamp>.zip.gpg. You will need this file later to complete this procedure. Power off the old appliance. Continue with Step 2: Updating the software, in the next section. This process may take a few minutes to complete. During this time, the Solutions Enabler daemons are shut down in the background.

4. 5.

Step 2: Updating the software Step 2A: Updating the SPA Virtual Appliance V7.3.3.x to Unisphere for VMAX with the Performance option
1. Back up the SPA database to another host: a. b. c. d. e. f. g. h. Enter the appliance console through the vSphere client. Simultaneously press the Alt and F2 keys to display the system login prompt. Log into the system using the vappadmin user account. If you are logging in for the first time, use the default password vappadmin. After you have logged in, change the password by running the passwd command. Use the following command to back up the SPA database: # manage_spa_db_backup.sh -dbbackup Use the following command to view the backup files in the staging location: # manage_spa_db_backup.sh -list -staging Transfer the backup file copies out of the appliance to the backup host. Use the following sftp command to access the backup host and then transfer any files ending in .dat. # sftp <user-name>@<fully-qualified-host-name> 2. Import and install the new appliance in your ESX server. For instructions, refer to Installing the virtual appliance directly on the ESX Server on page 39 or Installing the virtual appliance through a vCenter Server on page 42, depending on your environment. From the system console, do the following to restore the backed up SPA database files: a. b. c. d. e. f. Enter the appliance console through the vSphere client. Simultaneously press the Alt and F2 keys to display the system login prompt. Log in to the system using the vappadmin user account. If you are logging in for the first time, use the default password vappadmin. After you have logged in, change the password by running the passwd command. Check for available disk space using the following command: # df -h Transfer the SPA database from the backup host to the appliance. Use the following sftp command to access the appliance and then transfer any files ending in .dat. # sftp <user-name>@<fully-qualified-host-name>
Installation Guide: Upgrading the Unisphere for VMAX Virtual Appliance 49

3.

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

g. h. i. j.

Use the following command to view the backup files in the staging location: # manage_spa_db_backup.sh -list -staging Move the backup files from the staging location to the backup location: # manage_spa_db_backup.sh -restore Log in to Unisphere (https://<host-name>:8443/) and start the database restoration process as described in the Unisphere for VMAX online help. After the restoration has been completed and backup files are no longer needed, run the following command to clean the backup and staging locations: # manage_spa_db_backup.sh -clean -all

4.

Continue with Step 3: Restoring persistent data on the facing page.

Step 2B: Updating Unisphere for VMAX with the Performance option from V1.0 to V1.6
1. From the system console, do the following to backup the SPA database to another host: a. b. c. d. e. f. g. Log in to Unisphere (https://<HostName>:8443/) and start the database backup process, as described in the online help. Enter the appliance console through the vSphere client. Simultaneously press the Alt and F2 keys to display the system login prompt. Log in to the system using the vappadmin user account. If you are logging in for the first time, use the default password vappadmin. After you have logged in, change the password by running the passwd command. View the backup files in the backup location by entering the following command: # manage_spa_db_backup.sh -list -backup Move the backup files from the backup location to the staging location by entering the following command: # manage_spa_db_backup.sh -stage This operation moves the files from the backup area to the staging area (the home directory of the vappadmin user account). h. i. Use the following command to view the backup files in the staging location: # manage_spa_db_backup.sh -list -staging Transfer the backup file copies out of the appliance to the backup host. Use the following sftp command to access the backup host and then transfer any files ending in .dat. # sftp <user-name>@<fully-qualified-host-name> 2. Import and install the new appliance in your ESX server. For instructions, refer to Installing the virtual appliance directly on the ESX Server on page 39 or Installing the virtual appliance through a vCenter Server on page 42, depending on your environment. If you are upgrading from Unisphere for VMAX V1.1.0, be sure to install the appliance using the same IP address and the same gatekeeper(s). 3. From the system console, do the following to restore the backed up SPA database files: a. b. Enter the appliance console through the vSphere client. Simultaneously press the Alt and F2 keys to display the system login prompt.

50

Installation Guide: Upgrading the Unisphere for VMAX Virtual Appliance

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

c.

Log in to the system using the vappadmin user account. If you are logging in for the first time, use the default password vappadmin. After you have logged in, change the password by running the passwd command.

d. e.

Check for available disk space using the following command: # df -h Transfer the SPA database from the backup host to the appliance. Use the following sftp command to access the appliance and then transfer any files ending in .dat. # sftp <user-name>@<fully-qualified-host-name> Use the following command to view the backup files in the staging location: # manage_spa_db_backup.sh -list -staging Move the backup files from the staging location to the backup location: # manage_spa_db_backup.sh -restore Log in to the vApp Manager (https://<host-name>:8443/) and start the database restore process as described in the Unisphere for VMAX online help. After the restoration has been completed and backup files are no longer needed, run the following command to clean the backup and staging locations: # manage_spa_db_backup.sh -clean all

f. g. h. i.

4.

Continue with Step 3: Restoring persistent data in the next section.

Step 3: Restoring persistent data

Do the following to restore the exported persistent data: 1. 2. 3. Log in to the new appliances vApp Manager. Click Import Persistent Data and browse to the location of the gpg file you extracted earlier in this procedure. Click Import. When the message Persistent data stored appears, close the dialog. The update has been completed. 4. 5. Restart the virtual appliance. Continue with Step 4: Completing the upgrade in the next section. After completing the import process, custom login passwords are reset to the default username/password (seconfig/seconfig). You can reset them the next time you log in.

Step 4: Completing the upgrade

Do the following to complete the upgrade: 1. If upgrading from Unisphere for VMAX V1.1.0 and using LDAP authentication, you must complete the following so that LDAP users can log in to both the vApp Manager and the Unisphere for VMAX GUI: a. In the vApp Manager, add the LDAP users. For instructions, see Adding and removing users in the vApp Manager help.

Installation Guide: Upgrading the Unisphere for VMAX Virtual Appliance

51

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

b. 2.

In the Unisphere for VMAX GUI, disable local directory authentication. For instructions, see Configuring authentication authorities in the online help.

In the vApp Manager, restart the SMC daemon. This enables the vApp Manager to see the attached Symmetrix volumes. For instructions, see Starting or stopping a daemon in the online help.

52

Installation Guide: Upgrading the Unisphere for VMAX Virtual Appliance

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Upgrading the Unisphere for VMAX Virtual Appliance using an ISO image
Periodically, EMC releases virtual appliances with security patches and hotfixes for the virtual appliance. These are available on the EMC online support website as *iso files. If you are running Unisphere for VMAX 1.5.x, you can download and use an ISO upgrade file. From: Unisphere V1.5.0 or V1.5.1 with the Performance option To: Unisphere V1.6 with the Performance option Complete: 1. Step 1: Backing up persistent data on page 48 Step 1: Downloading the ISO upgrade file below. 3. Step 2: Uploading the ISO upgrade file to the datastore below 4. Step 3: Mounting the ISO image on next page. 5. Step 4: Completing the upgrade on page 51. 6. See "Step 3: Restoring persistent data" on page 51

Step 1: Downloading the ISO upgrade file

1. 2. In a browser, navigate to the EMC Online Support site at: https://support.EMC.com Locate and download the following file: UNIVMAX160_x_se760_x_vapp_upgrade_x86_64.iso In the file name above, the x in 160_x and the x in 760_x represent software build numbers. Those numbers will vary based on when the software was built.

Step 2: Uploading the ISO upgrade file to the datastore

After the download has been completed, upload the ISO file to the ESC server using the VI client. 1. 2. 3. 4. 5. 6. 7. 8. Using the VI client, log in to the ES server. In the left pane, select the ESX server. In the right pane, select the Configuration tab. To list the datastores connected to the ESX server, select Hardware, Storage. Right-click the datastore and select Browse Datastore. In the Datastore Browser window that appears, click Upload files. The Upload Items box opens. Navigate to where you saved the ISO upgrade file, select the file, and click Open. In the Upload/Download Operation box that appears, click Yes to accept the warning.

Installation Guide: Upgrading the Unisphere for VMAX Virtual Appliance using an ISO image

53

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Step 3: Mounting the ISO image

1. 2. 3. 4. 5. Right-click the virtual appliance and select Edit Settings. On the Hardware tab, select CD/DVD Drive 1. In the right pane, select Datastore ISO File and click Browse. Browse to the location of the ISO file on the datastore and select the file. Verify that under Device Status, the Connect at power on box is selected and click OK.

Step 4: Completing the upgrade

1. 2. 3. 4. Restart the Guest by selecting Power On Guest. On the Console tab, go to the virtual appliance console. In the lower section of the screen, select Appliance Update from the list of options. Press the Enter key to start the upgrade. After the upgrade has been completed, the console screen reappears.

54

Installation Guide: Upgrading the Unisphere for VMAX Virtual Appliance using an ISO image

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Re-configuring the virtual appliance IP address

This procedure explains how to re-configure the virtual appliance IP address. 1. 2. 3. Log in to the vSphere client and go to the virtual appliance console. Use the Move Up/Move Down keys to select Configure IP and press Enter . At the following prompt, type y and press Enter to configure the static IP address: Do you want to configure static IP address? [y]/n: A [y] response produces the following series of prompts that enable you to reconfigure your network: IP Address [ ]: Type a valid IP address and press Enter. The virtual appliance uses this IP address to query the DNS Server and get its hostname. Therefore, you must ensure that the IP address has hostname mapping in the DNS Server. Netmask [ ]: Type the mask of the network on which the appliance is located and press Enter. Gateway [ ]: Type the gateway address to the network on which the appliance is located and press Enter . DNS1 [ ]: Type the first DNS server address and press Enter . DNS2 [ ]: Type the second DNS server address and press Enter . Is a proxy server necessary to reach the internet? y/[n]: A [y] response enables you to specify the IP address of the proxy server and the port. Are the above mentioned parameters correct? [y]/n: A [y] response re-configures the virtual appliance IP address and returns to the console. A [n] response enables you to go back and change your responses.

Installation Guide: Re-configuring the virtual appliance IP address

55

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Deleting the Unisphere for VMAX Virtual Appliance

To delete the Unisphere for VMAX Virtual Appliance: 1. Optional: If you plan to restore Unisphere and Solutions Enabler persistent data, you should back up the persistent data in the Unisphere for VMAX Virtual Appliance console. Optional: If you plan to restore the Performance database, you should backup the database according to Backing up and restoring the Performance database in the next section. 2. 3. 4. In the VMware management interface, power down the appliance. Right-click on the appliance and select Delete From Disk. Click Yes in the confirmation message.

56

Installation Guide: Deleting the Unisphere for VMAX Virtual Appliance

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Backing up and restoring the Performance database

You can transfer Performance database files between the appliance and another host for file backup and restoration. There is no facility in the appliance user interface to perform this process. However, when you are logged in to the system with the vappadmin user account, you can transfer these files. The vappadmin user account is limited to performing the following commands for transferring database files: # passwd Changes the login password # sftp Transfers database backup files into the appliance from another host, or out of the appliance to another host # df Checks disk usage # manage_spa_db_backup.sh Moves files between the backup location and staging location, and lists and cleans backup and staging locations

Backing up Performance database files to another host

From the system console, perform the following steps: 1. 2. Log in to the vApp Manager (https://<host-name>:8443/) and start the database backup process as described in the Unisphere help. Log in to the system using the vappadmin user account. The first time that you log in, use the default password vappadmin. After you are logged in, change the password by running the passwd command, which prompts for the old and new passwords. View the backup files in the backup location by entering the following command: # manage_spa_db_backup.sh -list -backup 4. Move the backup files from the backup location to the staging location by entering the following command: # manage_spa_db_backup.sh -stage This operation moves the files from the backup area to the staging area (the home directory for the vappadmin user account). 5. 6. View the backup files in the staging location by entering the following command: # manage_spa_db_backup.sh -list -staging Transfer the backup file copies out of the appliance to the backup host. Use the following sftp command to access the backup host and then transfer any files ending in .dat. # sftp <user-name>@<fully-qualified-host-name>

3.

Restoring Performance database files from another host

From the system console perform the following steps: 1. Log in to the system using the vappadmin user account. The first time that you log in, use the default password vappadmin. After you have logged in, change the password by running the passwd command which prompts for the old and new passwords. Check for available disk space by entering the following command: # df -h
Installation Guide: Backing up and restoring the Performance database 57

2.

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

3.

Transfer the backup file copies from the backup host to the appliance. Use the following sftp command to access the backup host and then transfer any files ending in .dat. # sftp <user-name>@<fully-qualified-host-name> View the backup files in the staging location by entering the following command: # manage_spa_db_backup.sh -list -staging Move the backup files from the staging location to the backup location by entering the following command: # manage_spa_db_backup.sh -restore Log in to Unisphere (https://<host-name>:8443/) and start the database restore process as described in the Unisphere help. After the restoration has been completed and backup files are no longer needed, run the following command to clean the backup and staging locations: # manage_spa_db_backup.sh -clean -all

4. 5.

6. 7.

58

Installation Guide: Backing up and restoring the Performance database

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

Installing licenses
This section describes how to install Symmetrix-based and host-based licenses, using the virtual appliance. For more information on licensing, refer to the EMC Solutions Enabler Installation Guide.

Installing Symmetrix-based licenses

Symmetrix-based licenses are used to license features on Symmetrix systems running Enginuity 5875 or higher. These licenses are stored on the Symmetrix system. Before starting this procedure, verify that the gatekeepers have been added and that the symcfg discover command has been run from the Command Execution tab. To install Symmetrix-based licenses: 1. 2. 3. 4. 5. 6. Open the vApp Manager. Select License Validation. In the eLicensing panel, click Add License File to open the Add eLicensing License box. In the Upload License panel, click Upload License File. In the file browser screen, navigate to the license file and click Open. A copy of the license file is transferred to the appliance. In the Add Symmetrix License panel, select the Symmetrix system on which to install the license file, and click Install License.

Installing host-based licenses

Host-based licenses are used mainly to license features on Symmetrix systems running Enginuity versions lower than 5875. The one exception is the TimeFinder license, which is a host-based license, regardless of Enginuity level. To install host-based licenses: 1. 2. 3. Open the vApp Manager. Select License Validation. Type the license key (requires four characters per input box) and click Validate.

Installation Guide: Installing licenses

59

Chapter 3: Installing the Unisphere for VMAX Virtual Appliance

60

Installation Guide: Installing licenses

APPENDIX A Security features

This appendix provides a brief overview of the security features used to secure access to Unisphere for VMAX and Symmetrix systems. The Unisphere help system contains specific configuration procedures required to enable these features. References to those procedures are provided where appropriate. Authentication Authorization 62 63

Appendix A: Security features

61

Appendix A: Security features

Authentication
Unisphere for VMAX supports the following types of authentication: Windows (local and domain-based): Users log in by specifying the Windows domain, username and password (if they have a Windows account on the SMAS server). LDAP: Users login with their LDAP-SSL username and password (if they have a user account stored on a LDAP-SSL server). To use this method, an Unisphere Administrator or SecurityAdmin must set up LDAP-SSL authentication in Unisphere. Configuring authentication in the Unisphere online help contains instructions. Local Unisphere users: Users login with their Unisphere username and password (if they have a local Unisphere user account). To use this method, an Unisphere Initial Setup User, Administrator, or SecurityAdmin must create a local Unisphere user account for the user. Local user accounts are stored locally on the SMAS server host and work in much the same way as the other methods to validate user credentials. Creating local directory users in the Unisphere online help contains instructions.

62

Installation Guide: Authentication

Appendix A: Security features

Authorization
User authorization is a tool for restricting the management operations that users can perform on a Symmetrix system. By default, authorization rules on a Symmetrix system are enabled for Unisphere users, regardless of whether authorization has been enabled on the Symmetrix system. When configuring user authorization, an Administrator or SecurityAdmin maps individual users or groups of users to specific roles, which determine the operations the users can perform. The state of authorizations on a Symmetrix system determines the privileges an Initial Setup User will have on the system. The following details the relationship between the Initial Setup User and Symmetrix authorizations: If Symmetrix authorization is enabled, authorization rules are always enforced (meaning, the Initial Setup User could theoretically be locked out if no authorization rule exists for the user). If Symmetrix authorization is disabled and there are no authorization rules on the Symmetrix system, the Initial Setup User is granted Admin privileges. If Symmetrix authorization is disabled and there are no Admin or Security authorization rules on the Symmetrix system, the Initial Setup User is granted Admin privileges other rules are enforced as defined. If Symmetrix authorization is disabled and Admin or Security Admin authorization rules are defined on the Symmetrix system, if the Initial Setup User does NOT have an authorization rule explicitly defined, the Initial Setup User will have NO permissions all other rules are enforced as defined.

User roles
The following introduces the available roles. Roles and their associated permissions in the Unisphere online help provides more details on the permissions associated with each role. None Provides no permissions. Monitor Performs read-only (passive) operations on a Symmetrix system excluding the ability to read the audit log or Access Control definitions. StorageAdmin Performs all management (active or control) operations on a Symmetrix system in addition to all Monitor operations. This role does not allow users to perform security operations. Administrator Performs all operations on a Symmetrix system, including security operations in addition to all StorageAdmin and Monitor operations. SecurityAdmin Performs security operations on a Symmetrix system in addition to all Monitor operations. Auditor Grants the ability to view, but not modify, security settings for a Symmetrix system (including reading the audit log, symacl list, and symauth) in addition to all Monitor operations. This is the minimum role required to view the Symmetrix audit log. Perf Monitor Performs the same operations as a monitor, with the addition of being able to set performance alerts and thresholds.

In addition to the above user roles, Unisphere includes an administrative role:

Installation Guide: Authorization

63

Appendix A: Security features

Unisphere Initial Setup User Defined during installation, this temporary role provides administrator-like permissions for the purpose of adding local users and roles to Unisphere. For more information on the Initial Setup User, see See Initial Setup User on page 16. or the online help.

Individual and group roles

Users gain access to a Symmetrix system or component either directly through a role assignment and/or indirectly through membership in a user group that has a role assignment. User groups enable administrators to assign roles to multiple users simultaneously. User groups are created on the SMAS server according to its operating system and assigned roles with Unisphere. If a user has two different role assignments (one as an individual and one as a member of a group), the permissions assigned to the user are combined. For example, if a user is assigned a Monitor role and a StorageAdmin role through a group, the user is granted Monitor and StorageAdmin rights.

User IDs
The following information details the SYMAPI format for user/role creation. This format appears in the footer bar of the Unisphere GUI, but not in the User/Role list view or creation wizard. Users and user groups are mapped to their respective roles by IDs. These IDs consist of a three-part string in the form: Type:Domain\Name Where: Type Specifies the type of security authority used to authenticate the user or group. Possible types are: L Indicates a user or group authenticated by LDAP. In this case, Domain specifies the fully qualified name of the domain controller on the LDAP server. For example: L:danube.com\Finance Indicates that user group Finance logs in through domain controller danube.com. After they have been configured, individual LDAP users and groups can log in to Unisphere using a simple username or simple group name respectively. An example is Finance. C Indicates a user or group is authenticated by the SMAS server. C:Boston\Legal Indicates that user group Legal logs in through Unisphere server Boston. H Indicates a user or group is authenticated by logging in to a local account on a Windows host. In this case, Domain specifies the hostname. For example, the following indicates that user mason logs in on host jupiter . H:jupiter\mason

64

Installation Guide: Authorization

Appendix A: Security features

Indicates a user or group authenticated by a Windows domain. In this case, Domain specifies either the simple domain name (for individual users) or the fully qualified domain name (for groups). For example the following indicates user putman logs in through Windows domain sales. D:sales\putman After they have been configured individual Windows domain users can log in to Unisphere using a simple username. An example is putman. Group Windows domain users can log in to Unisphere using either a simple domain name and group name or a fully qualified domain name and group name.

Indicates a user or group authenticated by a virtualization domain. In this case, Domain specifies the virtualization domain name.

Name

Specifies the username relative to that authority. It cannot be longer than 32 characters and spaces are allowed if the username is delimited with quotes. Usernames can be for individual users or user groups.

Within role definitions, IDs can be either fully qualified (as above), partially qualified, or unqualified. When the Domain portion of the ID string is an asterisk (*), the asterisk is treated as a wildcard, meaning any host or domain. When configuring group access, the Domain portion of the ID must be fully qualified. Examples: D:ENG\jones Fully qualified path with a domain and username (for individual domain users). Fully qualified domain name and group name (for domain groups). Partially qualified that matches username jones with any domain. Fully qualified path with a hostname and username. Partially qualified that matches username jones within any host. Unqualified username that matches any jones in any domain on any host.

D:ENG.xyz.com\ExampleGroup

D:*\jones

H:HOST\jones H:*\jones

jones

If a user is matched by more than one mapping, the user authorization mechanism uses the more specific mapping: If an exact match (for example, D:sales\putman) is found, that is used.

Installation Guide: Authorization

65

Appendix A: Security features

If a partial match (for example, D:*\putman) is found, that is used. If an unqualified match (for example, putman) is found, that is used. Otherwise, the user is assigned a role of None.

66

Installation Guide: Authorization

APPENDIX B Replacing the server certificate

This appendix explains how to replace the Unisphere self-signed certificate with a Certificate Authority signed (CA-signed) certificate. Replacing the certificate 68

Appendix B: Replacing the server certificate

67

Appendix B: Replacing the server certificate

Replacing the certificate

This procedure explains how to replace the Unisphere self-signed certificate with a CA-signed certificate in Windows and Linux environments.

Before you begin

Before starting this procedure, verify that you have the keystore password. The Unisphere installation program generates the password during the installation process in the following file:

Windows:
<InstallDirectory>\SMAS\jboss\standalone\configuration\standalonefull.xml

Linux:
<InstallDirectory>/SMAS/jboss/standalone/configuration/standalonefull.xml Within the file, the password has the KeystorePass property, is not commented out, and has the following entry: Windows: keystoreFile=${jboss.server.home.dir}\conf\keystore Linux: keystoreFile=${jboss.server.home.dir}/conf/keystore

Step 1: Generating a certificate request

To generate a certificate request: 1. For Windows, enter the following: -

cd <InstallDirectory>\jboss\standalone\configuration <InstallDirectory>\jre\bin\keytool -certreq -alias tomcat -file tomcatcert.csr keystore Keystore For Linux: cd <InstallDirectory>/jboss/standalone/configuration <InstallDirectory>/jre/bin/keytool -certreq -alias tomcat -file tomcatcert.csr keystore Keystore 2. 3. When prompted, enter the keystore password.

Send the generated certificate request file, tomcatcert.csr , to your CA for validation. After the request file has been validated, you should receive a signed certificate back from CA.

Step 2: Importing a trusted certificate into the keystore (optional)

The keystore comes with a default set of trusted CAs. If your CA is not in the keystores default trust chain, you must import a trusted certificate into the keystore to serve as the root for the trust chain. To import a trusted certificate in Windows, enter the following command: cd <InstallDirectory>\jboss\standalone\configuration <InstallDirectory>\jre\bin\keytool -import -alias root -file Trusted_CA_cert_file -keystore keystore -trustcacerts For Linux:
68 Installation Guide: Replacing the certificate

Appendix B: Replacing the server certificate

cd <InstallDirectory>\jboss\standalone\configuration <InstallDirectory>\jre\bin\keytool -import -alias root -file Trusted_CA_cert_file -keystore keystore -trustcacerts If your CA is not in the keystores default trust chain, and you complete Step 3: Importing the CA-signed certificate into the keystore in the next section without performing this optional step, the following error message appears: Failed to establish chain from reply YOU SHOULD BE VERY CAREFUL BEFORE IMPORTING A NEW TRUSTED CERTIFICATE. If you see this error message, complete this step and repeat step 3.

Step 3: Importing the CA-signed certificate into the keystore

To import the CA-signed certificate into the keystore: 1. 2. Stop the SMAS server. For instructions, refer to See Starting and stopping the SMAS service on page 28.. For Windows, enter the following command:< signed_

cd <InstallDirectory>\jboss\standalone\configuration <InstallDirectory>\jre\bin\keytool -import -alias tomcat -file certificate_file -keystore keystore -trustcacerts For Linux: cd <InstallDirectory>/jboss/standalone/configuration <InstallDirectory>/jre/bin/keytool -import -alias tomcat -file certificate_file -keystore keystore -trustcacerts 3. 4. When prompted, enter the keystore password. Start the SMAS server.

signed_

Installation Guide: Replacing the certificate

69

Appendix B: Replacing the server certificate

70

Installation Guide: Replacing the certificate

APPENDIX C Configuring SMAS to work in z/OS

This appendix describes how to configure the Symmetrix Management Application Server to work in a z/OS environment. Configuring SMAS to work in z/OS 72

Appendix C: Configuring SMAS to work in z/OS

71

Appendix C: Configuring SMAS to work in z/OS

Configuring SMAS to work in z/OS

These instructions apply to VMAX 20K or VMAX 40K Family systems running Enginuity 5876 or higher. Unisphere must be running on a qualified open system server that points to an API server that is running on a mainframe logical partition (LPAR). To configure SMAS to work in a z/OS environment: 1. 2. Shut down the services as described in Starting and stopping the SMAS service on page 28. Do the following on the mainframe side: a. b. 3. a. Install Solutions Enabler 7.5 or a later release on your LPAR. Refer to the EMC Solutions Enabler Installation Guide for instructions. Start the API server on the LPAR. Make the following changes in the file called daemon_option, which is located under /var/symapi/config on Linux or UNIVMAX_HOME\EMC\symapi\config on Windows: Enable the DMN_REMOTE_MODE parameter. Set the DMN_REMOTE_ADDRESS parameter to the mainframe IP address. b. c. Start the STP daemon (storstpd). Modify the ejb-jar.xml file section shown below. The ejb-jar.xml file is found in these locations: For Linux: /opt/emc/SMAS/jboss/standalone/deployments/spa.ear/spa-ejb.jar/META-INF/ For Windows: C:\Program Files\EMC\SMAS\jboss\standalone\deployments\spa.ear\spa-ejb.jar\META-INF

Do the following on the qualified open system server:

<!-- added the multiple IPs from the remote API/Stpd server --> <!-- STPD_IP_ADDRESSES= ip1 ip2 ip3 or STPD_IP_ADDRESSES= ip1, ip2, ip3 -->

<env-entry-name>STPD_IP_ADDRESSES</env-entry-name> <env-entry-type>java.lang.String</env-entry-type> <env-entry-value /> 1. 2. Restart the services as described in Starting and stopping the SMAS service on page 28. Launch the Unisphere for VMAX console using a secure port. For example: https://xxxx:8443/ where xxxx is the IP address or name of the qualified host.

72

Installation Guide: Configuring SMAS to work in z/OS

APPENDIX D Third-party copyright notices

This appendix contains third-party copyright notices. GNU LESSER GENERAL PUBLIC LICENSE MySQL OpenSSL copyright information Apache Axis 1.2 and Apache Multipart parser MIT XML Parser JBoss, Home of Professional Open Source Parsley 2.4 GraniteDS 2.3 PurePDF 74 75 76 77 78 79 80 81 82

Appendix D: Third-party copyright notices

73

Appendix D: Third-party copyright notices

GNU LESSER GENERAL PUBLIC LICENSE

Version 2.1 February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA You may obtain a copy of the License at: http://www.gnu.org/licenses/lgpl-2.1.html

74

Installation Guide: GNU LESSER GENERAL PUBLIC LICENSE

Appendix D: Third-party copyright notices

MySQL
MySQL is a registered trademark of Oracle in the United States, the European Union, and other countries.

Installation Guide: MySQL

75

Appendix D: Third-party copyright notices

OpenSSL copyright information

Copyright 1998-2001 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgment: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/) 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, contact [email protected] Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. Redistributions of any form whatsoever must retain the following acknowledgment: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]).

3.

5. 6.

76

Installation Guide: OpenSSL copyright information

Appendix D: Third-party copyright notices

Apache Axis 1.2 and Apache Multipart parser

Software from the Apache Software Foundation is included, which comprises certain Apache software including Apache Axis 1.2 and Apache Multipart Parser. Copyright 1999-2006 The Apache Software Foundation. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Installation Guide: Apache Axis 1.2 and Apache Multipart parser

77

Appendix D: Third-party copyright notices

MIT XML Parser

MIT XML Parser software is included. This software includes Copyright 2002,2003, Stefan Haustein, Oberhausen, Rhld., Germany. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

78

Installation Guide: MIT XML Parser

Appendix D: Third-party copyright notices

JBoss, Home of Professional Open Source

Copyright 2006, Red Hat Middleware LLC, and individual contributors as indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual contributors. This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 021101301 USA, or see the FSF site: http://www.fsf.org.

Installation Guide: JBoss, Home of Professional Open Source

79

Appendix D: Third-party copyright notices

Parsley 2.4
The Parsley 2.4 software from SpiceFactory (http://www.spicefactory.org/) is licensed under the Apache 2.0. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

80

Installation Guide: Parsley 2.4

Appendix D: Third-party copyright notices

GraniteDS 2.3
GraniteDS a comprehensive development and integration solution for building Flex / JavaEE RIA applications. The entire framework is open-source and released under the LGPL v2 license found here: http://www.gnu.org/licenses/lgpl-2.1.html

Installation Guide: GraniteDS 2.3

81

Appendix D: Third-party copyright notices

PurePDF
purePDF version 0.77.20110126 available under the MIT license Copyright (c) 2010-2012 Alessandro Crugnola Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

82

Installation Guide: PurePDF