Home » HP Manuals » Storage Devices » HP 3PAR StoreServ 7200 2-node » Manual Viewer

HP 3PAR StoreServ 7200 2-node HP 3PAR CIM API Programming Reference (OS 3.1.2 - Page 11

Security, TCP Ports, Authentication - manual

View all HP 3PAR StoreServ 7200 2-node manuals

Add to My Manuals
Save this manual to your list of manuals

Page 11 highlights

2 Security CAUTION: The CIM API is not part of the evaluated Common Criteria storage system configuration and should not be used when operating in Common Criteria mode. TCP Ports The CIM-API uses dedicated TCP ports for CIM-XML communications and server location information. Two ports are specified by the DMTF and registered with IANA for CIM-XML communications between management clients and any CIM Server. The following table lists the TCP Ports for the CIM-XML communication and service location protocols: Table 2 TCP Ports for CIM-XML Communication Protocol HTTP HTTPS Service Location (SLP) TCP Port 5988 (default value) 5989 (default value) 427 Authentication Authentication verifies the identity of an entity. Management clients accessing the CIM Server are authenticated using a request/challenge mechanism using HTTP Basic authentication. When a request is received from a management client, the CIM Server challenges the client to send a user name and password encoded in the HTTP Authorization header. The user names and passwords used are the same as those used by other management interfaces and are case sensitive. NOTE: CIM does not currently support LDAP user name and password authentication; only local user names and passwords are valid. Please see the HP 3PAR Concepts Guide for more information on local versus LDAP user credentials. The CIM Server uses Open SSL to support HTTPS connections. The server supports SSLv3 and TLSv1 by default and uses the default Open SSL cipher list only. For more about OpenSSL, refer to http:// www.openssl.org/docs. NOTE: Because Basic Authentication means that client user names and passwords are sent over the wire in unencrypted form, it is recommended that the authentication is carried out either over a physically secure private network, or in conjunction with HTTPS. Authorization Authorization determines whether an entity that has already been authenticated is allowed to perform a given operation. The CIM Server allows any authenticated user to retrieve CIM class and instance information. However, to invoke methods on CIM classes or instances, you must either have an Edit , Super, Administrator, or User permission level. Refer to the HP 3PAR Concepts Guide or the HP 3PAR InForm OS CLI Administrators Manual for complete information on authorization levels. NOTE: Access to certain information concerning volumes, CPGs, etc., is controlled by the InForm OS. Therefore, if a user authenticates with the CIM API and only has access to certain domains, only those objects in those domains returned by the InForm OS. In addition, operations on those objects also be constrained at the domain level. TCP Ports 11

Section	Page
HP 3PAR CIM API Programming Reference	1
Contents	3
1 Concepts	10
About SMI-S	10
About the WBEM Initiative	10
2 Security	11
TCP Ports	11
Authentication	11
Authorization	11
3 Configuring and Using the CIM Server	12
CLI Command Overview	12
Enabling and Disabling the CIM Server	12
Enabling the CIM Server	12
Disabling the CIM Server	12
Displaying the CIM Server Status	12
Displaying the CIM Server Version	13
Communicating with the CIM Server	13
Client Software	13
Sending Client Requests	13
CIM Namespaces	14
4 CIM API SMI-S Support	15
Standard Compliance	15
SMI-S Functionality	15
Supported Discovery Service	15
Supported Profiles	15
Supported Array Packages	15
Supported Array Subprofiles	16
Supported Server Subprofile	16
Supported SMI-S Levels by Release	17
Discovery Service	17
Server Profile	18
Server Profile CIM Classes	18
Supported Methods	18
UML Diagram	18
Profile Registration Profile	18
CIM Classes	18
UML Diagram	19
Registered Version	19
SMI-S Profile	19
Array Profile	20
Array Profile CIM Classes	20
Supported Methods	20
Block Services Package	20
Block Services Package CIM Classes	20
Supported Methods	21
StorageCapabilities	21
StorageSetting	22
Creating a DynamicStoragePool (CPG) via SMI-S	26
Relevant Properties of DynamicStoragePool	28
Modifiable StorageSetting Properties for DSP	29
StorageCapabilities of DynamicStoragePool	30
StoragePoolConfigurationCapabilities of DynamicStoragePool	30
Creating a Volume Through SMI-S	31
Supported Method For Creating a Storage Volume	32
Method Signature	32
Creating Data and Snapshot Space from Two Storage Pools	33
Method Signature for CreateOrModifyElementFromStoragePools	33
CreateSetting	35
Creating a Volume with a Default Setting	35
Creating a Volume with a Non-Default Setting	36
Creating a Volume with Disk Pattern Filtering	37
Summary of Different Types of Volumes That Can Be Created	38
Modifiable StorageSetting Properties for StorageVolume	39
Calculating Capacity for StoragePool and StorageVolume	40
Primordial Storage Pool	40
Concrete Storage Pool	40
Dynamic Storage Pool (CPG)	41
Legacy Storage Volume	41
Initial State Example	42
Before Volume Creation	42
After Volume Creation	42
Fully Provisioned Storage Volume	43
Thinly Provisioned Storage Volume	44
Indications	46
Thin Provisioning Indications	46
Lifecycle Indications	48
Copy Services Subprofile	48
CIM Classes	48
TPD_AffectedJobElement	50
TPD_AllocatedFromStoragePool	50
TPD_AssociatedJobMethodResult	50
TPD_CapabilitiesOfStorageConfigurationService	50
TPD_CapabilitiesOfStoragePool	50
TPD_ConcreteJob	50
TPD_ConcreteJobInstModification	50
TPD_DeltaReplicaStoragePool	51
TPD_ElementSettingData	51
TPD_HostedStoragePool	51
TPD_MethodResult	51
TPD_OwningJobElement	51
TPD_ReplicaPoolForStorage	51
TPD_StorageCapabilities	51
TPD_StorageConfigurationCapabilities	51
TPD_StorageConfigurationService	52
TPD_StorageReplicationCapabilities	52
TPD_StorageSetting	55
TPD_StorageSynchronized	56
TPD_SystemVolume	57
TPD_DynamicStoragePool	57
SA/SD Space as StoragePool	57
Goal StorageSetting	57
CreateOrModifyStoragePool	58
Associations	58
TPD_ReplicaPoolForStorage	58
TPD_AllocatedFromStoragePool	58
Capacity Calculations	59
Non-CPVV	59
CPVV	59
UpdateDeltaSnapshotSpace() Method	60
Indications	61
Physical Copy	61
StorageSynchronized	61
StorageReplicationCapabilities	62
Job Control Subprofile Indications	67
Virtual Copy	67
StorageSynchronized	67
StorageReplicationCapabilities	68
Job Control Indications	70
Job Control	70
Overview	70
TPD_ConcreteJob	71
RequestStateChange() Method	71
GetError() Method	71
Mapping Error Code to CIM_Error	72
TPD_OwningJobElement	73
TPD_AffectedJobElement	73
TPD_AssociatedJobMethodResult	73
Indications	73
Location Subprofile	73
Location Subprofile CIM Classes	74
Supported Methods	74
Multiple Computer System Subprofile	74
Multiple Computer System Subprofile CIM Classes	74
Supported Methods	74
Software Subprofile	74
Software Subprofile CIM Classes	75
Supported Methods	75
Masking and Mapping Subprofile	75
Masking and Mapping Subprofile CIM Classes	75
Supported Methods	76
SMI-S View and Paths	76
ProtocolControllerMaskingCapabilities	79
ControllerConfigurationService	80
ExposePaths (Creating VLUNs)	81
HidePaths (Removing VLUNs)	82
ExposeDefaultLUs	84
HideDefaultLUs	84
ExposeLUsToStorageHardwareIDCollection (Creating Host-Sees VLUNs) (3PAR proprietary method)	84
HideLUsFromStorageHardwareIDCollection(Removing Host-Sees VLUNs)	85
StorageHardwareIDManagementService	86
CreateStorageHardwareID (Creating Host and Path)	87
DeleteStorageHardwareID (Removing a Path from a Host)	87
CreateStorageHardwareIDCollection (Creating a Host)	88
AddStorageHardwareIDsToCollection (Adding a Path to a Host)	88
SetISCSICHAP	89
RemoveISCSICHAP	89
StorageHardwareIDCollection.ModifyInstance	89
StorageHardwareIDCollection.DeleteInstance (Deleting a Host)	89
ConcreteDependency	90
SAPAvailableForElement	90
iSCSISAPAvailableForElement	90
SCSIPrococolController	90
iSCSIPrococolController	90
SCSIPrococolEndpoint	90
iSCSIPrococolEndpoint	91
ControllerForUnit	91
iSCSIControllerForUnit	92
StorageClientSettingData	92
StorageHardwareID	92
TPD_StorageHardwareIDCollection	92
Supporting classes	92
AuthorizedPrivilege	92
PrivilegeForStorageHardwareID	93
PrivilegeForStorageHardwareIDCollection	93
AuthorizedSubject	93
AuthorizedTarget	93
ConcreteDependency	93
SystemEndpoint (HostedAccessPoint)	93
ElementCapabilities	93
ElementSettingData	93
MemberOfCollection	93
ProtocolControllerMaskingCapabilities	93
FC Target Ports Subprofile	93
FC Target Ports Subprofile CIM Classes	94
Supported Methods	94
FCoE Target Port	94
Distinctions between FC and FCoE Port	94
FC Initiator Ports Subprofile	94
FC Initiator Ports Subprofile CIM Classes	95
Supported Methods	95
iSCSI Target Ports Subprofile	95
iSCSI Target Ports Subprofile CIM Classes	95
Supported Methods	96
Distinction between iSCSI and iSCSI over CNA Port	96
Disk Drive Lite Subprofile	96
Disk Drive Lite Subprofile CIM Classes	96
Supported Methods	97
Block Server Performance Subprofile	97
Block Server Performance Subprofile CIM Classes	97
TPD_ArrayStatisticalData	97
TPD_NodeStatisticalData	98
TPD_VolumeStatisticalData	100
TPD_PortStatisticalData	100
TPD_DiskStatisticalData	101
TPD_LUNStatisticalData	102
Supported Methods	102
Replication Services Profile	102
CIM Classes	103
TPD_ReplicationGroup	103
TPD_RemoteReplicationGroup	104
TPD_ReplicationService	105
TPD_ReplicationServiceCapabilities	117
TPD_RemoteStorageSynchronized	128
TPD_ReplicationEntity	132
TPD_RemoteReplicationGroup	133
TPD_RemoteGroupSynchronized	133
TPD_OrderedMemberOfRemoteReplicationGroup	135
TPD_ReplicationServiceAffectsRemoteReplicationGroup	135
TPD_HostedRemoteReplicationGroup	135
TPD_SAPAvailableForRemoteReplicaVolume	136
TPD_SAPAvailableForRemoteReplicationGroup	136
Thin Provisioning Profile	136
SAS Initiator Ports Profile	136
Supported Methods	137
5 CIM Indications	138
Lifecycle Indications	138
Storage Volume	138
TPD_StorageVolumeInstCreation	138
TPD_StorageVolumeInstDeletion	138
TPD_StorageVolumeInstModification	138
DynamicStoragePool	138
TPD_DynamicStoragePoolInstCreation	138
TPD_DynamicStoragePoolInstDeletion	139
TPD_DynamicStoragePoolInstModification	139
Fibre Channel Ports	139
Job Control for Copy Services	139
AlertIndication	139
Thin Provisioning	139
Generic AlertIndications	140
State Change Alerts	142
6 CIM-API Extensions	144
Health Management	144
Controller Node Subsystem	144
Controller Node Subsystem CIM Classes	144
Properties for TPD_StorageSystem	144
Properties for TPD_NodeSystem	145
Properties for TPD_PCICard	145
Properties for TPD_NodeCPU	145
Properties for TPD_PhysicalMemory	145
Properties for TPD_IDEDrive	145
Supported Methods	146
UML Diagram	146
Disk Enclosure Subsystem	146
Disk Enclosure Subsystem CIM Classes	146
Properties for TPD_StorageSystem	147
Properties for TPD_DriveCage	147
Properties for TPD_CageInterfaceCard	147
Properties for TPD_Magazine	147
Properties for TPD_DiskDrive	147
Supported Methods	148
UML Diagram	148
Power and Cooling	148
Power and Cooling CIM Classes	148
Properties for TPD_StorageSystem	149
Properties for TPD_NodeSystem	149
Properties for TPD_DriveCage	149
Properties for TPD_PowerSupply	150
Properties for TPD_Battery	150
Properties for TPD_Fan	150
Supported Methods	150
UML Diagram	151
Inventory Management	151
Controller Node Subsystem	151
Controller Node Subsystem CIM Classes	151
Properties for TPD_StorageSystem	152
Properties for TPD_SystemPackage	152
Properties for TPD_NodeSystem	152
Properties for TPD_NodePackage	152
Properties for TPD_PCICard	152
Properties for TPD_NodeCPU	153
Properties for TPD_PhysicalMemory	153
Properties for TPD_IDEDrive	153
Supported Methods	153
UML Diagram	154
Disk Enclosure Subsystem	154
Disk Enclosure Subsystem CIM Classes	154
Properties for TPD_StorageSystem	154
Properties for TPD_DriveCage	155
Properties for TPD_CageInterfaceCard	155
Properties for TPD_Magazine	155
Properties for TPD_DiskDrive	155
Properties for TPD_DiskDrivePackage	156
Properties for TPD_DiskSoftwareIdentity	156
Supported Methods	156
UML Diagram	156
Power and Cooling	156
Power and Cooling CIM Classes	157
Properties for TPD_StorageSystem	157
Properties for TPD_NodeSystem	157
Properties for TPD_DriveCage	157
Properties for TPD_PowerSupply	158
Properties for TPD_Battery	158
Properties for TPD_Fan	158
Supported Methods	158
UML Diagram	159
Domain, User and Licenses	159
Description	159
CIM Classes	159
Properties for TPD_StorageSystem	160
Properties for TPD_StorageDomainGroup	160
Supported Methods	160
Methods for TPD_StorageHardwareIDCollection	160
Thin Provisioning and TPVV Manipulations	160
7 Support and Other Resources	161
Contacting HP	161
HP 3PAR documentation	161
Typographic conventions	164
HP 3PAR branding information	164
8 Documentation feedback	165
A Managed Object Format Files	166
3PAR_InterOp.mof	166
3PAR_TPD.mof	170
3PAR_TPDCage.mof	236
3PAR_TPDCopySvcs.mof	247
3PAR_TPDDisk.mof	248
3PAR_TPDNode.mof	255
3PAR_TPDEnv.mof	263
3PAR_TPDIndication.mof	268
3PAR_TPDLocation.mof	272
3PAR_TPDEthPort.mof	273
3PAR_TPDiSCSI.mof	275
3PAR_TPDJob.mof	283
3PAR_TPDReplicationSvcs.mof	286
3PAR_TPDStats.mof	296

Match case Limit results 1 per page

2 Security

CAUTION:

The CIM API is not part of the evaluated Common Criteria storage system configuration

and should not be used when operating in Common Criteria mode.

TCP Ports

The CIM-API uses dedicated TCP ports for CIM-XML communications and server location information.

Two ports are specified by the DMTF and registered with IANA for CIM-XML communications

between management clients and any CIM Server. The following table lists the TCP Ports for the

CIM-XML communication and service location protocols:

Table 2 TCP Ports for CIM-XML Communication

TCP Port

Protocol

5988 (default value)

HTTP

5989 (default value)

HTTPS

427

Service Location (SLP)

Authentication

Authentication verifies the identity of an entity.

Management clients accessing the CIM Server are authenticated using a request/challenge

mechanism using HTTP Basic authentication. When a request is received from a management

client, the CIM Server challenges the client to send a user name and password encoded in the

HTTP Authorization header. The user names and passwords used are the same as those used by

other management interfaces and are case sensitive.

NOTE:

CIM does not currently support LDAP user name and password authentication; only local

user names and passwords are valid. Please see the

HP 3PAR Concepts Guide

for more information

on local versus LDAP user credentials.

The CIM Server uses Open SSL to support HTTPS connections. The server supports SSLv3 and TLSv1

by default and uses the default Open SSL cipher list only. For more about OpenSSL, refer to

tp://

.ope

g/doc

NOTE:

Because Basic Authentication means that client user names and passwords are sent over

the wire in unencrypted form, it is recommended that the authentication is carried out either over

a physically secure private network, or in conjunction with HTTPS.

Authorization

Authorization determines whether an entity that has already been authenticated is allowed to

perform a given operation.

The CIM Server allows any authenticated user to retrieve CIM class and instance information.

However, to invoke methods on CIM classes or instances, you must either have an Edit , Super,

Administrator, or User permission level. Refer to the

HP 3PAR Concepts Guide

or the

HP 3PAR

InForm OS CLI Administrators Manual

for complete information on authorization levels.

NOTE:

Access to certain information concerning volumes, CPGs, etc., is controlled by the InForm

OS. Therefore, if a user authenticates with the CIM API and only has access to certain domains,

only those objects in those domains returned by the InForm OS. In addition, operations on those

objects also be constrained at the domain level.

TCP Ports