Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Getting Started with HP Integrity Virtual Machines Manager > Chapter 2 Installing VM Manager

Setting Credentials
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

To display the full range of data about each virtual machine in VM Manager, you must have credentials for each virtual machine. A user name and password are required to collect resource utilization and other data, such as the status of the installed operating system, available only from a WBEM (Web Based Enterprise Management) provider on the virtual machine. The WBEM providers are the tools used to gather that data about the virtual machine and the VM Host. The user interface uses this information to show various kinds of system status.

You can set credentials in various ways:

  • You can set an optional, default user name and password combination for any or all virtual machines.

  • On a case-by-case basis, you can also override the default.

  • If, for a given virtual machine, no user name or password is specified, the default is used.

  • If a password is specified, but not a user name, the default user name is used with the password override. This allows a system administrator to use the same user but different passwords for each virtual machine.

The method for setting WBEM credentials depends on whether you are using HP Systems Insight Manager (SIM) or HP System Management Homepage (SMH).

Setting WBEM Credentials in SIM

WBEM is required on managed nodes to support the visualization and configuration features of Virtualization Manager and the collection of utilization data for Capacity Advisor. Managed nodes are systems that the user has instructed SIM to be aware of and manage. In SIM, all virtual machines and their VM Host are managed nodes. Any virtual machines that are not managed nodes will not have any credentials available, and VM Manager will not be able to contact them. Those virtual machines will still be displayed, but information that can be gathered from the virtual machines will not be shown for those virtual machines.

In SIM, systems become managed nodes by SIM's "Discovery" mechanism. Nodes can be discovered by SIM in various ways, including automated discovery or by manually adding the node. SIM's Options->Discovery menu is one way this can be done. Credentials in SIM can be set through their Options->Protocol SettingsGlobal Protocol Settings... and Options->Protocol SettingsSystem Protocol Settings... menus. Particularly, VM Manager requires the WBEM settings to be set in those pages. A valid user name and a password for WBEM must be available.

Without WBEM, only gWLM (Global Workload Manager) will be functional.

In SIM, you set the credentials when you install VSE Management Software. For specifics on setting credentials, see the VSE Management Software Installation and Update Guide.

Setting WBEM Credentials in SMH

You must set WBEM credentials for virtual machines in SMH. This allows VM Manager to collect utilization data and operating system information on the virtual machine.

The "Set WBEM Credentials for Virtual Machines" page appears when you log in, if you have not already set the credentials and saved them in the file system. When you create a new virtual machine, you must add credentials for that new virtual machine by selecting Modify->WBEM Credentials....

On this page, you can set a default user name and password combination for any or all virtual machines. You can also choose to save the user name and password entries in obscured format in the file system. This allows you to use the same setting each time you enter VM Manager via SMH. To save this information, click OK.

If you do not want to gather this additional information for the current session, click Cancel, and VM Manager continues without collecting this data. If you do not want to gather this additional data for subsequent uses of VM Manager and do not want to be prompted for it on each entry into VM Manager, ensure there are all blank entries on the page, check the box to save the credentials to file, and click OK. Empty credentials will be stored and the WBEM credentials page will not be displayed on subsequent entries into VM Manager.

To require trusted certificates, check the box next to "Require trusted certificates." If this box is checked, the valid certificates for the virtual machine must be stored in a keystore on the VM Host as a way of indicating that connections to those virtual machines are trusted. If the certificates are not found, some information will not be displayed. For example, utilization meters are labeled "No Cert."

You can set one user name and password combination for all virtual machines, or you can set them individually. If you set the credentials for individual systems and do not enter anything for a particular system, this additional data is not collected. Credentials are stored specific to the user logged in to SMH. Two users logged in with different user names will not share credentials.

The basic features of the SMH version of VM Manager work without exposing user credentials or configuration data to the local network. However, to display all the information about the virtual machines' configuration, by default, the credentials of a connecting user will be exposed, along with virtual machine configuration data. There are two steps to configure the additional-data display:

  1. Create a non-login, non-privileged account on each virtual machine to which VM Manager can connect, whose credentials could be intercepted on the network. Although these credentials may be restricted to non-login capabilities, they may also be used to gain access to other data or actions available using WBEM and other non-login services, including from additional providers that are registered on the system.

  2. Optional, for additional security: If local policy is to avoid exposure of any account credentials on your network, and/or you do not want to expose the virtual machine configuration data, then configure an SSH or IPSec tunnel from the VM Host system to each virtual machine for port 5989 (HP WBEM Services), to avoid the exposure.

The following types of information require credentials for each virtual machine for which information is to be gathered:

  • Operating System: If VM Manager can contact the virtual machine, it displays the current operating system. If it cannot contact the virtual machine, it displays the expected operating system (if it was set in the configuration for the virtual machine).

  • Utilization: The utilization meters for virtual machine-specific items are grayed out. The label on the meter displays No Data, No Permission, or Timed Out. The virtual-machine-specific meters are listed in the Virtual Machines tab, meters for the virtual machine itself or virtual devices in the Network and Storage tabs (meters for the VM Host and host resources are still available if its utilization WBEM provider is running), and meters on the Property page for an individual virtual machine.

    The utilization information is a five-minute average that is calculated and updated on five-minute boundaries.

    • No Data is displayed in a utilization meter in the following situations:

      • When the WBEM provider for the data indicates no data is available.

        No data is available while the first five minutes of utilization data is collected, and up to 10 minutes might be required before a utilization meter begins displaying the average utilization for a resource.

      • When VM Manager does not attempt to retrieve utilization data.

        This occurs when the virtual machine is not started, when the virtual machine operating system is not booted, or when the virtual machine cannot be contacted on the network used by the system on which VM Manager is running.

      • When the VM Host has no WBEM credentials for collecting the data from the virtual machine.

    • No Perm. (No Permission) is displayed in a utilization meter to indicate that the correct WBEM credentials for the virtual machine were not available and thus permission was denied. This occurs when the VM Host has incorrect WBEM credentials for collecting the data from the virtual machine.

    • Timed Out is displayed in a utilization meter to indicate that VM Manager attempted to retrieve utilization data but received no response from the WBEM provider on the virtual machine. This lack of a timely response can occur in the following situations:

      • When the WBEM provider for the data is not running, is not installed, or is disabled on the virtual machine.

      • When network issues prevent a timely response.

  • Virtual LAN interface I/O utilization on the Network page: Per virtual LAN interface I/O utilization and per VM aggregate LAN I/O utilization is displayed for a virtual machine with valid credentials, but invalid credentials will display meters with either No Perm. or No Data. Without valid credentials, the page will still display whatever information is available from the VM Host, for example, the status and the bus, device, and function numbers for the virtual LAN interface.

  • Virtual storage device I/O utilization on the Storage page: Per virtual storage device I/O utilization and per VM aggregate storage I/O utilization is displayed for a virtual machine with valid credentials, but invalid credentials will display meters with either No Perm. or No Data. Without valid credentials, the page will still display whatever information is available from the VM Host, for example, the virtual device type and the bus, device, and target numbers for the virtual storage device.

To change the WBEM credentials settings for virtual machines, select Modify->WBEM Credentials... to return to the "Set WBEM Credentials for Virtual Machines" page. You do not need to select a virtual machine before setting credentials. After you enter the data, save it. Otherwise, the data is cleared when the session ends.

Discovering Data When Setting New WBEM Credentials

When you set new WBEM credentials from the Modify menu, after you click OK, the page to which you return will update using the new credentials. Some of the data may not finish updating before the page draws, and the corresponding new data will not be seen until the page refreshes again (the old data is used). Some data may have refreshed by the time the page draws and this new data will be displayed.

Persistent WBEM Credentials

When using the Firefox or Mozilla browser, if you log in to SMH, then log out and log back in, certain session information (including WBEM credentials) will persist between sessions and will not need to be re-entered. You will notice this especially when you have not saved your WBEM credentials in the file system.

Trusted Certificates

If you require the additional security provided by certificate validation you can turn on certificate validation by checking the checkbox "Require trusted certificates" in the "WBEM Credentials" page in the VM Manager. With this setting turned on, the client Certificate Trust Store must include the server certificates from the virtual machines for the VM Manager to obtain certain information from the virtual machines. If your environment does not require the additional security provided by certificate validation, you can leave certificate validation turned off.

To enable SSL certificate validation in the VM Manager, you must export the server certificates from the WBEM services providers on the virtual machines and import those certificates into the keystore on the VM Host where the VM Manager is running. This keystore is shared between the Partition Manager and the VM Manager. Certificates in this keystore are trusted by both the Partition Manager and the VM Manager.

To get the certificate file from the WBEM services provider, follow these steps:

  1. Locate the WBEM services provider certificate file (cert.pem) on the virtual machine that you want to connect to. To find the correct file, open the WBEM services provider configuration file:

    • For Windows:

      %PEGASUS_HOME%\cimserver_current.conf

    • For HP-UX:

      $PEGASUS_HOME/cimserver_current.conf

    The location of the server certificate file is configured by the sslCertificateFilePath setting. Normally, this will be set to:

    • For Windows:

      %%PEGASUS_HOME%\server.pem

    • For HP-UX:

      $PEGASUS_HOME/server.pem

  2. Copy the certificate file (cert.pem or server.pem) to the VM Host where the VM Manager is running.

    NOTE: Copy the certificate file to a temporary directory (not the sslshare directory) on the VM Host. Do not overwrite the existing cert.pem or server.pem file in the sslshare directory on the VM Host.

  3. To import the certificate file, enter the following command on the VM Host:

    $ JAVA_HOME/bin/keytool -import -alias server_hostname \
-file cert.pem \ -keystore /etc/opt/hp/sslshare/parmgr.keystore


Licensing Requirements
  		 


Chapter 3 Using VM Manager  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2006 Hewlett-Packard Development Company, L.P.