 |
» |
|
|
|
To display the full range of data about each virtual machine in VM Manager,
you must have credentials for each virtual machine. A user name and password are required
to collect resource utilization and other data, such as the status of the
installed operating system, available only from a WBEM (Web Based Enterprise
Management) provider on the virtual machine. The WBEM providers are the tools
used to gather data about the virtual machine and the VM Host. The user interface
uses this information to show various kinds of system status. You can set credentials in various ways: You can set an optional, default user name and password combination
for any or all virtual machines. On a case-by-case basis, you can also override the default. If, for a given virtual machine, no user name or password
is specified, the default is used. If a password is specified, but not a user name, the default
user name is used with the password override. This allows a system administrator
to use the same user but different passwords for each virtual machine.
The method for setting WBEM credentials depends on whether you are using
HP SIM or HP SMH. Setting WBEM Credentials in HP SIM | |
WBEM is required on managed nodes to support the visualization and configuration
features of Virtualization Manager and the collection of utilization data
for Capacity Advisor. Managed nodes are systems that the user has instructed
HP SIM to manage. In HP SIM, all virtual machines and their VM Host are managed
nodes. Any virtual machines that are not managed nodes do not have any credentials
available, and VM Manager cannot contact them. Those virtual machines are
still displayed, but information that can be gathered from the virtual machines
is not shown for those virtual machines. In HP SIM, systems become managed nodes by the HP SIM "discovery" mechanism.
Nodes can be discovered by HP SIM in various ways, including automated discovery
or manual addition of the node. The HP SIM Options Discovery menu is one way this can
be done. Credentials in HP SIM can be set by selecting OptionsProtocol SettingsGlobal Protocol Settings... orOptionsProtocol
SettingsSystem Protocol Settings.... VM Manager requires the WBEM settings to be set in those pages.
A valid user name and a password for WBEM must be available. Without WBEM,
only Global Workload Manager (gWLM) is functional. In HP SIM, you set the credentials when you
install VSE Management Software. For more information about setting credentials,
see the VSE Management Software Installation and Update Guide. Setting WBEM Credentials in HP SMH | |
You must set WBEM credentials
for virtual machines in HP SMH. This allows VM Manager to collect utilization
data and operating system information on the virtual machine. The Set WBEM Credentials for Virtual Machines page
appears when you log in, if you have not already set the credentials and saved
them in the file system. When you create a new virtual machine, you must add
credentials for that virtual machine by selecting ModifyWBEM Credentials.... On this page, you can set a default user name and password combination
for any or all virtual machines. You can also choose to save the user name
and password entries in obscured format in the file system. This allows you
to use the same setting each time you enter VM Manager via HP SMH. To save
this information, click OK. If you do not want to gather this additional information for the current
session, click Cancel, and VM Manager continues without collecting
this data. If you do not want to gather this additional data for subsequent
uses of VM Manager and you do not want to be prompted for it on each entry
into VM Manager, ensure there are all blank entries on the page, check the
box to save the credentials to file, and click OK. Empty
credentials are stored and the WBEM credentials page are not displayed on
subsequent entries into VM Manager. To require trusted certificates, check the box next to "Require trusted
certificates." If this box is checked, the valid certificates for the virtual
machine must be stored in a keystore on the VM Host as a way of indicating
that connections to those virtual machines are trusted. If the certificates
are not found, some information are not displayed. For example, utilization
meters are labeled "No Comm." You can set one user name and password combination for all virtual machines,
or you can set them individually. If you set the credentials for individual
systems and do not enter anything for a particular system, this additional
data is not collected. Credentials stored are specific to the user logged
in to HP SMH. Two users logged in with different user names do not share credentials. The basic features of the HP SMH version of VM Manager work without
exposing user credentials or configuration data to the local network. However,
to display all the information about the virtual machines' configuration,
by default the credentials of a connecting user are exposed, along with virtual
machine configuration data. The following steps are required to configure
the additional display of data: Create a nonlogin, nonprivileged account on each virtual machine
to which VM Manager can connect, whose credentials can be intercepted on the
network. Although these credentials are restricted to nonlogin capabilities,
they can also be used to gain access to other data or actions available using
WBEM and other nonlogin services, including those from additional providers
that are registered on the system. Optional, for additional security:
If local policy is to avoid exposure of any account credentials on your network,
or if you do not want to expose the virtual machine configuration data, then
configure an SSH or IPSec tunnel from the VM Host system to each virtual machine
for port 5989 (HP WBEM Services) to avoid the exposure.
The following types of information require credentials for each virtual
machine for which information is to be gathered: Operating System: If VM Manager can contact the virtual machine,
it displays the current operating system. If it cannot contact the virtual
machine, it displays the expected operating system (if it was set in the configuration
for the virtual machine). Utilization: The utilization meters for virtual machine-specific
items are dimmed. The label on the meter displays No Comm. , No
Data, No Permission, or Timed
Out. The virtual-machine-specific meters are listed in the Virtual
Machines tab, meters for the virtual machine itself or virtual
devices in the Network and Storage tabs
(meters for the VM Host and host resources are still available if its utilization
WBEM provider is running), and meters on the Property page
for an individual virtual machine. The utilization information is a 5-minute average that is calculated
and updated on 5-minute boundaries. No Comm.
Indicates that VM Manager is unable to communicate with the WBEM provider
running on a virtual machine. If you hover over the meter with your mouse,
a pop-up pane is displayed that includes an exception error message identifying
the problem. A common reason for the No Comm. label
to be displayed is a problem with trusted certificates. For example, if the
parameter is set but the keystore on the host does not trust the certificate
from the virtual machine, then the certificate is not in the keystore, it
has expired, it does not match the virtual machine name, or it is otherwise
invalid. If the WBEM Provider is unresponsive, you might need to restart it. No Data is displayed in a
utilization meter in the following situations: When the WBEM provider for the data indicates no data is available. No data is available during the first 5 minutes of utilization data
collection, and up to 10 minutes might be required before a utilization meter
begins displaying the average utilization for a resource. When VM Manager does not attempt to retrieve utilization data. This occurs when the virtual machine is not started, when the virtual
machine operating system is not booted, or when the virtual machine cannot
be contacted on the network used by the system on which VM Manager is running. When the VM Host has no WBEM credentials for collecting the
data from the virtual machine.
No Perm. Indicates that the
correct WBEM credentials for the virtual machine were not available, and therefore
permission was denied. This occurs when the VM Host has incorrect WBEM credentials
for collecting the data from the virtual machine. Timed Out Indicates that
VM Manager attempted to retrieve utilization data but received no response
from the WBEM Provider on the virtual machine. This lack of a timely response
can occur in the following situations: When the WBEM Provider for the data is not running, is not
installed, or is disabled on the virtual machine. When network issues prevent a timely response.
Virtual LAN interface I/O utilization on the Network page:
Per virtual LAN interface I/O utilization and per VM aggregate LAN I/O utilization
are displayed for a virtual machine with valid credentials. Invalid credentials
display meters with either No Perm. or No
Data displayed. Without valid credentials, the page will
still display whatever information is available from the VM Host, for example,
the status and the bus, device, and function numbers for the virtual LAN interface. Virtual storage device I/O utilization on the Storage page:
Per virtual storage device I/O utilization and per VM aggregate storage I/O
utilization is displayed for a virtual machine with valid credentials, but
invalid credentials will display meters with either No Perm. or No
Data. Without valid credentials, the page will still display
whatever information is available from the VM Host, for example, the virtual
device type and the bus, device, and target numbers for the virtual storage
device.
To change the WBEM credentials settings for virtual machines, select ModifyWBEM Credentials... to
return to the Set WBEM Credentials for Virtual Machines page.
You do not need to select a virtual machine before setting credentials. After
you enter the data, save it. Otherwise, the data is cleared when the session
ends. Discovering Data When Setting New WBEM CredentialsWhen you set new WBEM credentials from the Modify menu,
after you click OK, the page to which you return updates
using the new credentials. Some of the data might not finish updating before
the page is fully displayed, and the corresponding new data is not seen until
the page refreshes again (the old data is used). Some data might have refresh
by the time the page is fully displayed and this new data is displayed. Persistent WBEM CredentialsWhen using the Firefox or Mozilla browser, if you log in to HP SMH,
then you log out and log back in, certain session information (including WBEM
credentials) persist between sessions and do not need to be re-entered. This
is especially true when you have not saved your WBEM credentials in the file
system. Trusted Certificates | |
If you require the additional security provided by certificate validation
you can turn on certificate validation by checking the "Require trusted certificates"
check box on the WBEM Credentials page in
VM Manager. With this setting turned on, the client Certificate Trust Store
must include the server certificates from the virtual machines for VM Manager
to obtain certain information from the virtual machines. If your environment
does not require the additional security provided by certificate validation,
you can leave certificate validation turned off. To enable SSL certificate validation in VM Manager, you must export
the server certificates from the WBEM services providers on the virtual machines
and import those certificates into the keystore on the VM Host where VM Manager
is running. This keystore is shared between Partition Manager and VM Manager.
Certificates in this keystore are trusted by both Partition Manager and VM
Manager. To get the certificate file from the WBEM services provider, follow
these steps: Locate the WBEM services provider certificate file (cert.pem)
on the virtual machine to which you want to connect. To find the correct file,
open the WBEM services Provider configuration file (In HP-UX, the default
value for PEGASUS_HOME is /var/opt/wbem): For Windows: %PEGASUS_HOME%\cimserver_current.conf |
For HP-UX: $PEGASUS_HOME/cimserver_current.conf |
The location of the server certificate file is configured by the sslCertificateFilePath setting.
If this value is not set in the configuration file, the default value is: For Windows: %%PEGASUS_HOME%\server.pem |
For HP-UX: /etc/opt/hp/sslshare/cert.pem |
Copy the certificate file (cert.pem or server.pem)
to the VM Host where VM Manager is running. | | | |  | NOTE: Copy the certificate file to a temporary directory (not to the sslshare directory)
on the VM Host. Do not overwrite the existing cert.pem or server.pem file
in the sslshare directory on the VM Host. | | | | |
To import the certificate file, enter the following command
on the VM Host: $ JAVA_HOME/bin/keytool -import -alias server_hostname \
-file cert.pem \ -keystore /etc/opt/hp/sslshare/parmgr.keystore |
|
Printable version
