Home » HP Manuals » Storage Devices » HP 3PAR StoreServ 7400 2-node » Manual Viewer

HP 3PAR StoreServ 7400 2-node HP 3PAR Command Line Interface Administrator& - Page 115

Backing up the Authentication Key File, Restoring the Key File, Rekeying the Authentication Key

View all HP 3PAR StoreServ 7400 2-node manuals

Add to My Manuals
Save this manual to your list of manuals

Page 115 highlights

Backing up the Authentication Key File To back up the authentication key file, issue the controlencryption backup command. For example: cli% controlencryption backup backup1 The keystore must be backed up to prevent total loss of data. You will be prompted to twice for the password for the backup file. The same password must be supplied on restore. Restoring the Key File Restoration of a key file is necessary only if there is a catastrophic problem and the key-files on all nodes are destroyed or corrupted. Restore the key-file from an external source to the controller nodes in the StoreServ system. To restore the key file, issue the controlencryption restore command. For example: cli% controlencryption restore backup1 Rekeying the Authentication Key To change the authentication key and back up the authentication key file, issue the controlencryption rekey command. You can rekey the array at any time. You can also save and back up a new copy of the authentication key file at any time. In the event of a recovery action requiring restoration of the key file, the correct key file must be available; otherwise the data will be lost. Showing Data Encryption Status To see the status of data encryption, issue the following command: controlencryption status Optionally, issue the command with the -d option to show disks that are failed or not SED-capable. #$ controlencryption status Licensed Enabled BackupSaved State SeqNum yes yes yes normal 2 #$ controlencryption status -d Licensed Enabled BackupSaved State SeqNum Non-SEDs FailedDisks yes yes yes normal 2 0 0 Data encryption states (as seen under the State column in the foregoing example) are shown in Table 7 (page 115). Table 7 Data Encryption States System Encryption State initializing normal recovery_needed Description The data-encryption service is in the process of starting up. Data encryption is in a normal state Re-run the previous operation after addressing the reason why the previous operation failed (this is most likely to have been a failed drive). in_progress An encryption operation is in progress. A task is generated for the associated operations; the task can be reviewed in Task Manager. Using Self-encrypting Disks 115

Section	Page
HP 3PAR Command Line Interface Administrator’s Manual	1
Contents	3
1 Installing the HP 3PAR Command Line Interface	12
About the HP 3PAR Command Line Interface	12
Supported Platforms	12
System Requirements	12
Disk Space Requirements	12
Installation	12
Before Installation	13
Graphical Installation on Windows	13
Command-Line Installation on Solaris and Linux	13
Setting the Path to the CLI on Solaris and Linux	13
Troubleshooting the Installation	14
Removing the HP 3PAR CLI	14
On Windows	14
On Solaris and Linux	14
Scripting Considerations	14
2 Managing User Accounts and Connections	16
Learning About User Accounts	16
Default User Accounts	17
Authenticating and Authorizing CLI Users	17
Viewing User Roles and Rights	17
Creating Users	18
Viewing Users	19
Removing Users	20
Adding Users to a Domain	20
Removing Users From a Domain	20
Setting a User’s Default Domain	20
Removing a User’s Default Domain	20
Setting a User’s Current Domain	21
Removing a User’s Current Domain	21
Viewing User Connections	21
Removing User Connections	21
Configuring LDAP Connections	21
Active Directory LDAP Configuration with SASL Binding	22
Configuring Connection Parameters	23
Configuring Binding Parameters	24
Configuring Account Location Parameters	24
Configuring Group-to-Role Mapping Parameters	26
Active Directory LDAP Configuration with Simple Binding Over SSL	27
Configuring Connection Parameters	28
Configuring Binding Parameters	29
Configuring the CA Certificate	29
Configuring Account Location Parameters	30
Configuring Group-To-Role Mapping Parameters	32
OpenLDAP Configuration with Simple Binding Over SSL	33
Configuring Connection Parameters	34
Configuring Binding Parameters	34
Configuring Group Location Parameters	35
Configuring Group-To-Role Mapping Parameters	35
Configuring LDAP Connections on Systems Using Domains	38
3 Running the HP 3PAR Command Line Interface	41
Global Options and Environment Variables	41
General Control and Help Commands	43
Commands with Column Help	43
Using SSL	44
Setting the TPDSOCKSSL Environment Variable on Solaris and Linux	44
Setting the TPDSOCKSSL Environment Variable on Windows	44
Using the -sockssl Option	44
Setting the CLI Client Network Port	44
Setting the TPDSYSNAME Environment Variable	45
Setting the TPDSYSNAME Environment Variable on Solaris and Linux	45
Setting the TPDSYSNAME Environment Variable on Windows	45
Using the -sys Option	45
Using the System Name	45
Setting Your Name and Password	46
Using the setpassword Command	46
Setting the TPDPWFILE Environment Variable	46
Using the -pwf Option	46
Using the -password Option	47
Setting a Password for Multiple HP 3PAR Storage Arrays	47
Caching Client Bytecode	47
Setting the TPDCACHEDIR Environment Variable on Solaris and Linux	47
Setting the TPDCACHEDIR Environment Variable on Windows	47
Startup Files	48
Setting the TPDSTARTFILE Environment Variable on Solaris and Linux	48
Setting the TPDSTARTFILE Environment Variable on Windows	48
Comma Separated Values	48
Setting the TPDCSVTABLE Environment Variable on Solaris and Linux	49
Setting the TPDCSVTABLE Environment Variable on Windows	49
Using the -csvtable Option	49
Listing Domains	49
Setting the TPDLISTDOM Environment Variable on Solaris and Linux	50
Setting the TPDLISTDOM Environment Variable on Windows	50
Using the -listdom Option	50
Table Headers and Totals	50
Setting the Environment Variable on Solaris and Linux	50
Setting the Environment Variable on Windows	51
Using the -nohdtot Option	51
Using the -hafter Option	51
Forcing Commands	51
Setting the TPDFORCE Environment Variable on Solaris and Linux	51
Setting the TPDFORCE Environment Variable on Windows	51
Stand-alone Commands	52
SSH	52
Benefits of Using SSH	52
CLI User Name Restrictions Using SSH	53
New Users	53
Existing Users	53
Accessing the CLI Using SSH	53
CLI Scripting Through SSH	54
4 Managing HP 3PAR Virtual Domains	58
Overview	58
Default Domains	58
Creating a Domain	58
Viewing Domains	59
Modifying a Domain	59
Changing a Domain Name	59
Adding Comments to a Domain	59
Removing a Domain	59
Managing Domain Objects	60
Moving Domain Objects to Another Domain	60
Removing the Domain Association from a Domain Object	60
Managing Virtual Domain Autonomic Groups	60
Creating Virtual Domain Sets	61
Adding Virtual Domains to Virtual Domain Sets	61
Modifying Virtual Domain Sets	61
Removing Virtual Domain Sets	61
Viewing Virtual Domain Sets	61
5 Managing Ports and Hosts	63
Overview	63
Modifying Port Parameters	63
FC Port Settings	64
iSCSI Port Settings	65
Port Target, Initiator, and Peer Modes	65
Active and Inactive Hosts	66
Managing Hosts	66
Host Management CLI Commands	66
Creating Hosts	67
Creating a Host with a Fibre Channel Path	67
Creating a Host with an iSCSI Path	67
Creating a Host without Assigning a Path	67
Modifying Hosts	68
Changing a Host Name	68
Adding Fibre Channel Path WWNs	68
Adding iSCSI Path iSCSI Names	68
Removing Fibre Channel Path WWNs	68
Removing iSCSI Path iSCSI Names	69
Configuring iSCSI CHAP Authentication Information	69
Removing iSCSI CHAP Authentication Information	69
Moving, Removing, and Disconnecting Hosts	69
Removing Host Paths	70
Managing Host Autonomic Groups	71
Creating Host Sets	71
Adding Hosts to Host Sets	71
Modifying Host Sets	71
Removing Host Sets	71
Managing Host Personas	72
The Host Explorer Software Agent	73
Hosts and Virtual Domains	73
Creating a Domain-Specific Host	74
Modifying a Domain-Specific Host	74
Changing a Host Domain	74
Using Persistent Ports for Nondisruptive Online Software Upgrades	74
6 Managing CPGs and Virtual Volumes	78
Overview	78
Common Provisioning Groups	78
Growth Increment Considerations for Common Provisioning Groups	78
System Guidelines for Creating Common Provisioning Groups	79
Common Provisioning Group CLI Commands	79
Creating a Common Provisioning Group	80
Modifying a Common Provisioning Group	80
Setting Snapshot Space Usage Warnings	80
Setting a Common Provisioning Group’s Autogrow Size	80
Consolidating Common Provisioning Group Space	81
Removing a Common Provisioning Group	81
Virtual Volume Types	81
Fully Provisioned Virtual Volumes	82
Thinly Provisioned Virtual Volumes	82
Virtual Volume CLI Commands	82
Creating Virtual Volumes	83
Creating Fully Provisioned Virtual Volumes	83
Creating Thinly Provisioned Virtual Volumes	83
Modifying Virtual Volumes	84
Growing Virtual Volumes	84
Converting Virtual Volumes Online	84
Converting Fully Provisioned Virtual Volumes to Thinly Provisioned Virtual Volumes	85
Converting Thinly Provisioned Virtual Volumes to Fully Provisioned Virtual Volumes	85
Reducing Volume Size with HP 3PAR Thin Conversion Software	85
Manually Converting a Fully Provisioned Virtual Volume to a Thinly Provisioned Virtual Volume	86
Reducing Volume Size with HP 3PAR Thin Persistence Software	86
Managing Virtual Volume Autonomic Groups	87
Creating Virtual Volume Sets	87
Adding Virtual Volumes to Virtual Volume Sets	87
Modifying Virtual Volume Sets	87
Removing Virtual Volume Sets	87
Freeing Virtual Volume Snapshot Space	88
Setting Expiration Times for Virtual Volumes	88
Setting Retention Times for Virtual Volumes	88
Removing Virtual Volumes	89
Validating and Repairing Virtual Volumes	90
Exporting Virtual Volumes	90
Creating VLUN Templates	90
Creating a Host Sees or Host Set VLUN Template	90
Creating a Port Presents VLUN Template	91
Creating a Matched Set VLUN Template	91
Unexporting Virtual Volumes	91
Removing a Host Sees or Host Set VLUN Template	91
Removing a Port Presents VLUN Template	92
Removing a Matched Set VLUN Template	92
Virtual Domains, CPGs, and Virtual Volumes	92
Creating a Common Provisioning Group in a Domain	92
Creating Virtual Volumes in a Virtual Domain	93
Modifying Virtual Volumes in Domains	93
Growing Virtual Volumes in Domains	94
Freeing Virtual Volume Snapshot Space in Domains	94
Exporting Virtual Volumes in Domains	94
Creating VLUN Templates in the All Domain	94
Creating VLUN Templates in a Specific Domain	94
Moving a Common Provisioning Group to a Domain	94
7 Managing Virtual Volume Copies	95
Virtual Copies	95
Creating a Virtual Copy	95
Promoting a Virtual Copy	96
Modifying a Virtual Copy	96
Removing a Virtual Copy	97
Creating a Group of Virtual Copies	97
Physical Copies	97
Creating an Offline Physical Copy	98
Creating an Online Physical Copy	98
Creating a Group of Physical Copies	99
Resynchronizing a Physical Copy	99
Resynchronizing a Group of Physical Copies	99
Promoting a Physical Copy	100
Creating an Online Copy	100
Snapshots and Domains	100
Moving Snapshots	101
8 Creating and Applying Templates	102
Overview	102
Creating Templates	102
Applying Templates	102
Creating Virtual Volumes and Logical Disks Using a Template	103
Creating a Common Provisioning Group Using a Template	103
Modifying Templates	103
Viewing Template Parameters	103
Adding and Replacing Template Parameters	103
Removing Template Parameters	104
Removing Templates	104
9 Monitoring System and Physical Disk Capacity	105
Overview	105
System Capacity	105
Determining Total System Capacity	105
Determining System Capacity by Physical Disk Type	106
Physical Disk Capacity	106
Determining Total Physical Disk Capacity	106
Determining Physical Disk Capacity by Disk Type	107
Determining the Capacity of a Specific Physical Disk	107
Spare Chunklets	107
Viewing Spare Chunklets	108
Logical Disks and Chunklet Initialization	109
Recovering Failed RAID Sets	109
Viewing Hardware Inventory	109
10 Data Encryption	111
Supported Configurations	112
Data Encryption Licensing	112
Restrictions	113
Using Self-encrypting Disks	113
Taking Ownership	113
Using the controlencryption command	114
Enabling Encryption	114
Backing up the Authentication Key File	115
Restoring the Key File	115
Rekeying the Authentication Key	115
Showing Data Encryption Status	115
Replacing a Failed Disk Drive	116
Upgrading an SED with New Firmware	116
Dismissing an Existing SED	117
Data Encryption Commands	117
11 Managing Events and Alerts	118
Overview	118
Checking the Status of a System	118
Monitoring and Managing Alerts	118
Viewing Alerts	118
Setting an Alert State	118
Removing an Alert	118
Setting System Alerts	118
Setting the Raw Space Threshold Alert	119
Monitoring and Managing the Event Log	119
Viewing the Event Log	120
Removing the Event Log	120
Stopped Logical Disks and Missing Physical Disks	120
Preserved Data	120
12 Viewing Statistics and Histograms	121
Overview	121
Viewing Statistics	121
Viewing Statistics for Physical Disks	121
Viewing Port Statistics	121
Viewing VLUN Statistics	122
Viewing Virtual Volume Statistics	122
Viewing Statistics for Data Cache Memory	122
Viewing Statistics for CPU Usage	122
Viewing Statistical Reports Using the On-node System Reporter	123
Viewing Statistical Report for Region I/O Density	123
Viewing Statistical Reports for Used Capacity (Space Reports)	123
Viewing Statistical Reports for Performance	123
Viewing Statistical Histogram Reports for Performance	124
Viewing Histograms	124
Viewing Histograms for Chunklets	124
Viewing Histograms for Logical Disks	124
Viewing Histograms for Physical Disks	124
Viewing Histograms for Ports	125
Viewing Histograms for VLUNs	125
Viewing Histograms for Virtual Volumes	125
13 Managing Tasks	126
Overview	126
Task Manager	126
Task IDs	126
Task Manager Commands	126
Starting a Task	127
Displaying Task Information	127
Setting the Priority of a Running Task	128
Waiting for a Task	129
Removing a Task	130
Canceling a Task	130
Task Types	130
background_command	132
compact_cpg	132
compact_lds	132
promote_sv	132
remote_copy_sync	132
scheduled_task	133
snapspace_accounting	133
startao	133
system_task	134
tune_vv	134
tune_vv_restart	134
tunevv_rollback	135
tune_sys	136
tune_sd	136
vv_copy	137
System Scheduler	137
System Scheduler Commands	137
Displaying Scheduled Tasks	138
Scheduling Tasks	138
Modifying a Scheduled Task	139
Suspending and Resuming Scheduled Tasks	139
Removing Scheduled Tasks	139
14 Adaptive Optimization	140
Adaptive Optimization Conversion	141
Creating an Adaptive Optimization Configuration	142
Displaying an Adaptive Optimization Setting	144
Modifying an Adaptive Optimization Configuration	144
Removing an Adaptive Optimization Configuration	146
15 HP Priority Optimization	147
Requirements	147
Virtual Volume Sets	147
Applying Quality of Service Rules	151
Mode of Operation	152
QoS Rule Minimum and Maximum	152
QoS Rule Actions	153
Overlapping QoS rules	153
Minimum QoS Settings	153
QoS on Copied Volumes	153
QoS Metrics	154
Using HP 3PAR Priority Optimization	154
Creating a New QoS Rule	154
Creating a New QoS Rule with the HP 3PAR CLI	154
Creating a New QoS Rule with the HP 3PAR MC	155
Viewing a QoS Rule	158
Modifying a QoS Rule	158
Removing a QoS Rule	159
Managing QoS Rules	160
Assembling VVs into VVsets	160
Determining the Values for IOPS and Bandwidth for a System	160
Handling Tier-1 Applications	161
Implementing the System Rule	161
Overprovisioning the System	161
QoS Influence on the Host Side	161
Maximum Number of QoS Rules per VV	162
QoS on a Subset of VVset Volumes	162
Application Interoperability	162
Databases	162
Microsoft Exchange	162
Virtualization Software	163
Reporting	164
Event Management	166
16 Using the HP 3PAR SNMP Infrastructure	167
Overview	167
The HP 3PAR SNMP Agent	167
Locating the HP 3PAR MIB	167
alertNotify Traps	167
Registering an SNMP Manager	167
Viewing Registered Managers	168
Removing a Manager	168
Agent Community Strings	168
Testing SNMP Managers	168
Creating SNMPv3 Users	168
Viewing SNMPv3 Users	169
Removing SNMPv3 Users	169
Modifying SNMP Versions	169
17 Using mySnapshot	170
Overview	170
About mySnapshot	170
Setting Administrative Rights	170
Replacing Virtual Volume Snapshots	170
Replacing a Read-Only Snapshot	171
Replacing a Read-Write Snapshot	171
18 Performance Tuning	173
Analyzing and Tuning a System	173
Displaying Virtual Volume Space Distribution	174
Tuning and Modifying Virtual Volumes	174
Changing Virtual Volume Layouts	174
Thinly-Provisioned Virtual Volumes	175
Fully-Provisioned Virtual Volumes	175
Changing Virtual Volume RAID Levels	175
Thinly-Provisioned Virtual Volumes	175
Fully-Provisioned Virtual Volumes	175
Changing Virtual Volume Fault-Tolerance Levels	176
Thinly-Provisioned Virtual Volumes	176
Fully-Provisioned Virtual Volumes	176
Changing Virtual Volume Parameters	176
Thinly-Provisioned Virtual Volumes	176
Fully-Provisioned Virtual Volumes	176
Troubleshooting Modifying Virtual Volumes	177
Rolling Back a Volume Modification Task	177
Restarting a Volume Modification Task	177
Tuning Physical Disks	177
Compacting Logical Disks	178
Compacting Common Provisioning Groups	179
19 Support and Other Resources	180
Contacting HP	180
HP 3PAR documentation	180
Typographic conventions	183
HP 3PAR branding information	183
20 Documentation feedback	184
A Mapping Roles and Rights	185
3PAR AO Role	185
3PAR RM Role	185
Basic Edit Role	186
Browse Role	188
Create Role	188
Edit Role	189
Service Role	191
Super Role	192
B Mapping Rights and CLI Commands	197
Mapping Rights and CLI Commands	197

Match case Limit results 1 per page

Backing up the Authentication Key File

To back up the authentication key file, issue the

controlencryption backup

command. For

example:

cli%

controlencryption backup backup1

The keystore must be backed up to prevent total loss of data. You will be prompted to twice for

the password for the backup file. The same password must be supplied on restore.

Restoring the Key File

Restoration of a key file is necessary only if there is a catastrophic problem and the key-files on all

nodes are destroyed or corrupted. Restore the key-file from an external source to the controller

nodes in the StoreServ system.

To restore the key file, issue the

controlencryption restore

command. For example:

cli%

controlencryption restore backup1

Rekeying the Authentication Key

To change the authentication key and back up the authentication key file, issue the

controlencryption rekey

command.

You can rekey the array at any time. You can also save and back up a new copy of the

authentication key file at any time. In the event of a recovery action requiring restoration of the

key file, the correct key file must be available; otherwise the data will be lost.

Showing Data Encryption Status

To see the status of data encryption, issue the following command:

controlencryption status

Optionally, issue the command with the

-d

option to show disks that are failed or not SED-capable.

controlencryption status

Licensed Enabled BackupSaved State

SeqNum

yes

normal

controlencryption status -d

Licensed Enabled BackupSaved State

SeqNum Non-SEDs FailedDisks

yes

normal

Data encryption states (as seen under the

State

column in the foregoing example) are shown in

Table 7 (page 115)

Table 7 Data Encryption States

Description

System Encryption State

The data-encryption service is in the process of starting up.

initializing

Data encryption is in a normal state

normal

Re-run the previous operation after addressing the reason

why the previous operation failed (this is most likely to have

been a failed drive).

recovery_needed

An encryption operation is in progress. A task is generated

for the associated operations; the task can be reviewed in

Task Manager.

in_progress

Using Self-encrypting Disks

115