Transcription
Hitachi Command SuiteAdministrator GuideDocument OrganizationProduct VersionGetting HelpContentsMK-90HC175-23
2014, 2016 Hitachi, Ltd. All rights reserved.No part of this publication may be reproduced or transmitted in any form or by any means,electronic or mechanical, including copying and recording, or stored in a database or retrievalsystem for commercial purposes without the express written permission of Hitachi, Ltd., or HitachiData Systems Corporation (collectively "Hitachi"). Licensee may make copies of the Materialsprovided that any such copy is: (i) created as an essential step in utilization of the Software aslicensed and is used in no other manner; or (ii) used for archival purposes. Licensee may not makeany other copies of the Materials. "Materials" mean text, data, photographs, graphics, audio, videoand documents.Hitachi reserves the right to make changes to this Material at any time without notice and assumesno responsibility for its use. The Materials contain the most current information available at the timeof publication.Some of the features described in the Materials might not be currently available. Refer to the mostrecent product announcement for information about feature and product availability, or contactHitachi Data Systems Corporation at https://support.hds.com/en us/contact-us.html.Notice: Hitachi products and services can be ordered only under the terms and conditions of theapplicable Hitachi agreements. The use of Hitachi products is governed by the terms of youragreements with Hitachi Data Systems Corporation.By using this software, you agree that you are responsible for:1) Acquiring the relevant consents as may be required under local privacy laws or otherwise fromauthorized employees and other individuals to access relevant data; and2) Verifying that data continues to be held, retrieved, deleted, or otherwise processed in accordancewith relevant laws.Notice on Export Controls. The technical data and technology inherent in this Document may besubject to U.S. export control laws, including the U.S. Export Administration Act and its associatedregulations, and may be subject to export or import regulations in other countries. Reader agrees tocomply strictly with all such regulations and acknowledges that Reader has the responsibility toobtain licenses to export, re-export, or import the Document and any Compliant Products.Hitachi is a registered trademark of Hitachi, Ltd., in the United States and other countries.AIX, AS/400e, DB2, Domino, DS6000, DS8000, Enterprise Storage Server, eServer, FICON,FlashCopy, IBM, Lotus, MVS, OS/390, PowerPC, RS/6000, S/390, System z9, System z10, Tivoli,z/OS, z9, z10, z13, z/VM, and z/VSE are registered trademarks or trademarks of InternationalBusiness Machines Corporation.Active Directory, ActiveX, Bing, Excel, Hyper-V, Internet Explorer, the Internet Explorer logo,Microsoft, the Microsoft Corporate Logo, MS-DOS, Outlook, PowerPoint, SharePoint, Silverlight,SmartScreen, SQL Server, Visual Basic, Visual C , Visual Studio, Windows, the Windows logo,Windows Azure, Windows PowerShell, Windows Server, the Windows start button, and WindowsVista are registered trademarks or trademarks of Microsoft Corporation. Microsoft product screenshots are reprinted with permission from Microsoft Corporation.All other trademarks, service marks, and company names in this document or website areproperties of their respective owners.iiHitachi Command Suite Administrator Guide
ContentsPreface. xxiIntended audience. xxiiProduct version.xxiiRelease notes. xxiiDocument organization. xxiiRelated documents.xxiiiDocument conventions. xxivConventions for storage capacity values. xxvAccessing product documentation. xxviGetting help.xxviComments.xxvi1 System configuration and requirements.1-1System configuration. 1-3Network security configuration.1-6Common security risks. 1-6Security configuration recommended for Device Manager. 1-7System requirements for the management server and Host Data Collector computers. 1-8Maximum number of resources that can be managed.1-8Changing the memory heap size. 1-9Changing the JDK of management servers.1-10Changing the Java execution environment used by Host Data Collector. 1-12Hosts that can be managed by Device Manager. 1-13Host management software supported by Device Manager.1-13Prerequisites for normal hosts.1-15Prerequisites for normal hosts .1-16Prerequisites for virtual machines.1-18Prerequisites for virtual machines.1-18Operation workflow for allocating volumes to virtual machines. 1-21Tasks required to change the virtual machine configuration. 1-24Prerequisites for virtualization servers.1-25Prerequisites for virtualization servers. 1-25Operation workflow for managing virtualization servers. 1-26Notes on operating virtualization servers. 1-27Prerequisites for mainframe hosts. 1-27Operation workflow of managing a mainframe host.1-28iiiHitachi Command Suite Administrator Guide
Prerequisites for file servers.1-28Environment settings for Hitachi NAS Platform family. 1-28Environment settings for Hitachi Data Ingestor and Hitachi NAS Platform F.1-30Operation workflow of managing file servers.1-31Notes on operating file servers. 1-31Related products.1-32System requirements for managing copy pairs. 1-33System configuration for managing copy pairs (central management method).1-34System configuration for managing copy pairs (other than the central managementmethod). 1-38System configuration for managing copy pairs at each host. 1-39System configuration for using a virtual command device server configuration tomanage copy pairs.1-43System configuration for using an SVP configuration to manage copy pairs (whencopy pairs are defined in a configuration definition file). 1-48System configuration for using an SVP configuration to manage copy pairs (whencopy pairs are defined as a device group).1-50Storage system requirements for managing copy pairs. 1-53Prerequisite version of the Device Manager agent for managing copy pairs . 1-55Notes on managing copy pairs. 1-58Configuring a high availability system. 1-63Example of a configuration for configuring a high availability system. 1-63Requirements for configuring a high availability system (for VSP G1000). 1-65Requirements for configuring a high availability system (for VSP Gx00 models). 1-68Notes on executing commands.1-722 Network configuration.2-1Ports used by Hitachi Command Suite products.2-2Ports used by Common Component. 2-2Ports used by the Device Manager server. 2-3Ports used by the Tiered Storage Manager server. 2-5Ports used by Host Data Collector. 2-5Ports used by the Device Manager agent.2-7Ports used by storage systems. 2-7Changing ports used by Common Component. 2-11Registering firewall exceptions for Device Manager and Tiered Storage Manager. 2-16Port numbers that must be registered as firewall exceptions for Device Manager andTiered Storage Manager. 2-16Registering firewall exceptions for Device Manager and Tiered Storage Manager inWindows. 2-31Registering firewall exceptions for Device Manager and Tiered Storage Manager inRed Hat Enterprise Linux 5 or Red Hat Enterprise Linux 6. 2-32Registering firewall exceptions for Device Manager and Tiered Storage Manager inRed Hat Enterprise Linux 7. 2-32Registering firewall exceptions for Device Manager and Tiered Storage Manager inSUSE Linux Enterprise Server.2-33Registering firewall exceptions for Host Data Collector (Windows) . 2-34Registering an exception for the Host Data Collector service (for non-SSLcommunication).2-34Registering an exception for the Host Data Collector service (for SSL communication). 2-35Network settings with multiple IP addresses. 2-36ivHitachi Command Suite Administrator Guide
Network settings for using a management server as a bridge .2-36Specifying settings if the Host Data Collector machine has multiple IP addresses.2-37Device Manager settings in IPv6 environments.2-37Settings for migrating Device Manager to an IPv6 environment.2-38Settings for linking with storage systems that support IPv6.2-39Changing the IP address or host name of the management server. 2-40Changing the host name of the management server.2-40Changing the IP address of the management server.2-42Required operations after changing the IP address or host name of the managementserver. 2-43Changing the URL for accessing Hitachi Command Suite products (hcmds64chgurlcommand).2-453 User account management. 3-1About password policies. 3-2Setting password policies. 3-2About account locking. 3-3About account locking policies. 3-4Setting account locking policies. 3-4Settings for automatically locking the System account. 3-5Unlocking accounts.3-64 User management on an external authentication server.4-1About linking to an external authentication server . 4-2About linking to an external authorization server.4-2Operating workflow for user authentication on an external authentication server.4-2Operating workflow for user authentication on an LDAP directory server. 4-2Operating workflow for user authentication on a RADIUS server. 4-4Operation workflow for user authentication on a Kerberos server . 4-6Account conditions for Hitachi Command Suite products. 4-8About the data structures of user entries. 4-9About the BaseDN. 4-9About the hierarchical structure model. 4-9About the flat model. 4-10Registering an external authentication server and an external authorization server. 4-11Setup items in the exauth.properties file for LDAP authentication. 4-13Examples of setting the exauth.properties file for LDAP authentication. 4-19Setup items in the exauth.properties file for RADIUS authentication. 4-20Examples of setting the exauth.properties file for RADIUS authentication.4-27Setup items in the exauth.properties file for Kerberos authentication. 4-28Examples of setting the exauth.properties file for Kerberos authentication. 4-35About a LDAP search user account. 4-36Conditions for LDAP search user account. 4-36Registering an LDAP search user account. 4-37Deleting an LDAP search user account.4-39Checking the LDAP directory server that registered LDAP search user account. 4-40Registering a shared secret.4-40Deleting a shared secret.4-41Checking the RADIUS server that registered a shared secret on the managementserver. 4-41vHitachi Command Suite Administrator Guide
Checking connections to an external authentication server and an external authorizationserver. 4-42Notes on commands for setting up a link to an external authentication server. 4-44Encryption types for Kerberos authentication. 4-455 Communication security settings.5-1Secure communication for Device Manager and Tiered Storage Manager. 5-2Default certificate for Device Manager.5-8Operation workflow for secure communication between a management server and amanagement client (GUI).5-8Operation workflow for secure communication between a management server and amanagement client (Device Manager CLI).5-10Operation workflow for secure communication between a management server and amanagement client (Tiered Storage Manager CLI).5-12Operation workflow for secure communication between an LDAP directory serverand a management server .5-12Operation workflow for secure communication between a Device Manager server andReplication Manager server.5-13Operation workflow for secure communication between a Tuning Manager serverand a Device Manager server.5-15Operation workflow for secure communication between a Host Data Collectormachine and a management server.5-17Operation workflow for secure communication between a virtualization server andHost Data Collector. 5-18Operation workflow for secure communication between a management server andDevice Manager agent.5-20Operation workflow for secure communication between a storage system and amanagement server . 5-22Operation workflow for secure communication between a management server and astorage system (VSP G1000). 5-22Operation workflow for secure communication between a management server and astorage system (VSP Gx00 models or VSP Fx00 models).
Hitachi Command Suite Administrator Guide MK-90HC175-23 Do
