Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Using the SMI-S function with a Device Manager - Storage Navigator user account

The storage systems support the SMI-S function developed by SNIA. Storage administrators can use the SMI-S function by using SMI-S compliant management software.

Using the SMI-S function

To use the SMI-S function, create a Device Manager - Storage Navigator user account and specify a storage system as the access destination from the management software.

Procedure

  1. Create a Device Manager - Storage Navigator user account in the management software. The user account must belong to one of the following built-in user groups:

    • Storage Administrator (View & Modify) User Group: Users have full permissions to access the SMI-S function from the management software.
    • Storage Administrator (View Only) User Group: Users have read- only permissions to access the SMI-S function from the management software.
  2. In the management software program, enter the following storage system information:

    • IP Address of the storage system
    • Protocol: specify HTTPS
    • Port: 5989
    • Namespace:root/hitachi/smis or interop
    Note

    If you cannot access to the storage system, see "An error (20121-107097) occurs and the Device Manager - Storage Navigator login fails." in GUID-BEF095A6-7AD5-4433-8CC4-58742F235A1C#GUID-BEF095A6-7AD5-4433-8CC4-58742F235A1C.

    If this problem occurs again, verify the network environment and the access destination. If you still cannot access to the storage system after taking actions, contact customer support.

Uploading a signed certificate to the SMI-S provider

To use certificates in SSL communication with the SMI-S provider, you must update and upload the private key and the signed server certificate (public key) to the SMI-S provider to update the certificate. Use the following procedure to upload and update certificates using a certificate update tool.

Before you begin

Ensure that the following items have been completed:

  • You must have the Storage Administrator (View & Modify) role to perform this task.
  • A private key (.key file) has been created. Change the file name to server.key unless the file is already named that. See Creating a private key using the OpenSSL command.
  • The passphrase for the private key (server.key file) is released.
  • A signed public key certificate (.crt file) has been acquired. Change the file name to server.crt unless the file is already named that. See Creating a public key using the OpenSSL command.
  • When using TLS1.2, you must set the cipher suites corresponding to the key type of the certificate that is uploaded to the SVP or the SMI-S provider.

    Verify the settings of the cipher suites on the TLS Security Settings dialog box using the Tool Panel dialog box:

    • If the key type is RSA, select a cipher suite whose name contains “RSA”.
    • If the key type is ECDSA, select a cipher suite whose name contains “ECDSA”.

    If the cipher suites corresponding to the key type of the certificate are not set, you cannot connect the storage system using the management software.

  • You must be an external authentication user whose external user group mapping is disabled, or a local authentication user.
  • If the public key of the certificate to be uploaded is RSA, the key length must not be less than the key length that is set for Minimum Key Length (Key Exchange) in the TLS Security Settings dialog box.
  • If the public key of the certificate to be uploaded is ECDSA, the public key parameter must be any of the following:

    • ECDSA_P256 (secp256r1)
    • ECDSA_P384 (secp384r1)
    • ECDSA_P521 (secp521r1)
  • The signature hash algorithm of the certificate to be uploaded must be SHA-256, SHA-384, or SHA-512.

  • The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
    • subjectAltName
    • CRLDistributionPoint
    • AuthorityInfoAccess
    • BasicConstraints
    • KeyUsage
    • SubjectKeyIdentifier

    Enter the host name or the IP address of the SVP in subjectAltName or CommonName of the certificate to be uploaded.

  • When you perform a certificate revocation check by using CRL, set the CRL repository URI for the cRLDistributionPoint (CRL distribution point) of the intermediate certificate and server certificate.
  • When you perform a certificate revocation check by using OCSP, set the OCSP responder URI for authorityInfoAccess (Authority Information Access) of the intermediate certificate and server certificate.

  • When you perform a certificate revocation check on the management client, the CRL repository or the OCSP responder must be on the network that can be accessed by the management client so that they can be accessed by the management client. If the management client cannot communicate with the CRL repository or the OCSP responder, the connection to Device Manager - Storage Navigator is established without certificate revocation check.
  • If an intermediate certificate exists, prepare a signed public key certificate file (server.crt) that has a certificate chain that includes the intermediate certificate.
  • The number of tiers of the certificate chain for the certificate to be uploaded must be 20 tiers or less including the root CA certificate.

Procedure

  1. Close all Device Manager - Storage Navigator sessions on the SVP.

  2. On the Device Manager - Storage Navigator computer, open a web browser and enter the following URL to open the Tool Panel dialog box.

    http://IP-address-or-host-name-of-SVP/cgi-bin/utility/toolpanel.cgi
  3. In the Tool Panel dialog box, click Update Certificate Files for SMI-S. The login dialog box for Update Certificate Files for SMI-S opens.

    If SSL communication has been established, the Security Alert dialog box opens before the login dialog box. In the Security Alert dialog box, click OK.
  4. In the login dialog box for Update Certificate Files for SMI-S, enter the administrator's user ID and password, and click Login. The upload dialog box for Update Certificate Files for SMI-S opens.

  5. In the upload dialog box for Update Certificate Files for SMI-S, enter both the public key certificate file name in the Certificate file (server.crt file) box and the Private Key file (server.key file) box. You can enter the file names directly or by clicking Browse.

  6. Click Upload. The execution confirmation dialog box for Update Certificate Files for SMI-S opens.

  7. Click OK to update the certificate. Update of the certificate starts.

    Upon completion of the certificate update, the SMI-S provider restarts to reflect the update.

    Upon completion of the restart of the SMI-S provider, the update completion dialog box for Update Certificate Files for SMI-S opens

  8. In the update completion dialog box for Update Certificate Files for SMI-S, click OK. The display returns to the login dialog box.

    NoteIf an error occurs during update of the certificate, an error message displays. Resolve the problem and then run the procedure again, starting with logging in, to upload configuration files for SMI-S.
    NoteIf the Security Alert dialog box for the certificate opens at other times, click View Certificate to confirm that the certificate is correct and then click Yes.

Returning an SMI-S provider certificate to default

You can return a certificate updated in Uploading a signed certificate to the SMI-S provider to default.

Before you begin

  • You must have the Storage Administrator (View & Modify) role to perform this task.

Procedure

  1. Close all Device Manager - Storage Navigator sessions on the SMI-S provider.

  2. On the Device Manager - Storage Navigator computer, open a web browser and enter the following URL to open the Tool Panel dialog box.

    http://IP-address-or-host-name-of-SVP/cgi-bin/utility/toolpanel.cgi
  3. In the Tool Panel dialog box, click Upload Configuration Files for SMI-S. The Upload Configuration Files Login dialog box opens.

    If SSL communication has been established, the Security Alert dialog box opens before the login dialog box. In the Security Alert dialog box, click OK.
  4. In the Login dialog box, enter the administrator's user ID and password, and click Login. The upload dialog box for Update Certificate Files for SMI-S opens.

  5. In the upload dialog box for Update Certificate Files for SMI-S, click Return to the default configuration. The execution confirmation dialog box for Update Certificate Files for SMI-S opens.

  6. Click OK to update the certificate. Update of the certificate starts.

    Upon completion of the certificate update, the SMI-S provider restarts to reflect the update. Upon completion of the restart of the SMI-S provider, the update completion dialog box for Update Certificate Files for SMI-S opens.
  7. In the update completion dialog box for Update Certificate Files for SMI-S, click OK. The display returns to the login dialog box.

    NoteIf an error occurs during update of the certificate, an error message displays. Resolve the problem and then run the procedure again, starting with logging in, to update certificate files for SMI-S.
    NoteIf the Security Alert dialog box for the certificate opens at other times, click View Certificate to confirm that the certificate is correct and then click Yes.

Uploading an SMI-S provider configuration file

You can control the SMI-S function using the SMI-S provider configuration file that you create.

Before you begin

  • Ensure that the SMI-S provider configuration file has already been created. If the configuration is not already named array-setting-01.properties, rename it to that name.
  • You must have the Storage Administrator (View & Modify) role to perform this task.

Procedure

  1. Close all Device Manager - Storage Navigator sessions on the SMI-S provider.

  2. On the Device Manager - Storage Navigator computer, open a web browser and enter the following URL to open the Tool Panel dialog box.

    http://IP-address-or-host-name-of-SVP/cgi-bin/utility/toolpanel.cgi
  3. In the Tool Panel dialog box, click Upload Configuration Files for SMI-S. The Login dialog box opens.

    If SSL communication has been established, the Security Alert dialog box opens before the Login dialog box. In the Security Alert dialog box, click OK to confirm and open the Login dialog box.
  4. In the Login dialog box, enter the administrator user ID and password, and click Login. The Upload dialog box opens.

  5. In the Upload dialog box, enter the SMI-S provider configuration file (array-setting-01.properties).

    Enter a file name in Configuration file or click Browse and then select a file in the displayed dialog box.
  6. Click Upload. The execution confirmation dialog box opens.

  7. Click OK to update the configuration file. Update of the configuration file starts.

    Upon completion of the configuration file update, the SMI-S provider restarts to reflect the update. Upon completion of the restart of the SMI-S provider, the update completion dialog box for Upload Configuration Files for SMI-S opens.
  8. In the Upload Configuration Files for SMI-S dialog box, click OK. The display returns to the login dialog box.

    NoteIf an error occurs during update of the certificate, an error message displays. Resolve the problem and then run the procedure again, starting with logging in, to upload configuration files for SMI-S.
    NoteIf the Security Alert dialog box for the certificate opens at other times, click View Certificate to confirm that the certificate is correct and then click Yes.

Returning an SMI-S provider configuration file to default

You can return a configuration file updated in Uploading an SMI-S provider configuration file.

Before you begin

  • You must have the Storage Administrator (View & Modify) role to perform this task.

Procedure

  1. Close all Device Manager - Storage Navigator sessions on the SMI-S provider.

  2. On the Device Manager - Storage Navigator computer, open a web browser and enter the following URL to open the Tool Panel dialog box.

    http://IP-address-or-host-name-of-SVP/cgi-bin/utility/toolpanel.cgi
  3. In the Tool Panel dialog box, click Upload Configuration Files for SMI-S. The Login dialog box opens.

    If SSL communication has been established, the Security Alert dialog box opens before the Login dialog box. In the Security Alert dialog box, click OK to confirm and open the Login dialog box.
  4. In the Login dialog box, enter the administrator user ID and password, and click Login. The Upload dialog box opens.

  5. In the Upload dialog box, click Return to the default configuration. A confirmation dialog box opens.

  6. In the confirmation dialog box, click OK to update the configuration file. The update process starts.

    When the file has been updated, the SMI-S provider restarts to include the update. When the SMI-S provider restarts, the update completion dialog box opens.
  7. In the update completion dialog box, click OK to confirm and return to the Login dialog box.

    NoteIf an error occurs during update of the SMI-S provider configuration file, an error message appears. Resolve the problem described in the error message and then run the procedure again, starting with Step 4.
    NoteIf the Security Alert dialog box for the certificate opens at other times, click View Certificate to confirm that the certificate is correct and then click Yes.

Sending SMI-S artificial indication

You can send an SMI-S artificial indication to determine whether the communication between the listeners and the SMI-S provider succeeds or fails.

Before you begin

  • SMI-S Provider software application must be installed.
  • The network environment is configured so that the computer on which the listener application operates is connected to the SVP.
  • The listeners are subscribed to the SMI-S provider.
  • You must have the Storage Administrator (View & Modify) role to perform this task.

Procedure

  1. Close all Device Manager - Storage Navigator sessions connected to the related SMI-S provider.

  2. On the Device Manager - Storage Navigator computer, open a web browser and enter the following URL to open the Tool Panel dialog box.

    http://IP-address-or-host-name-of-SVP/cgi-bin/utility/toolpanel.cgi
  3. In the Tool Panel dialog box, click SMI-S Artificial Indication. The SMI-S Artificial Indication dialog box opens.

  4. In the SMI-S Artificial Indication dialog box, enter the user ID and password, and click Test. The testing begins.

  5. When the test communication is completed, SMI-S Artificial Indication Result window opens. In the SMI-S Artificial Indication Result window, click OK.

    The dialog box closes and the display returns to the SMI-S Artificial Indication dialog box.

    NoteIf the SMI-S artificial indication fails, an error message and a code display. Resolve the problem described in the error message.

Troubleshooting the SMI-S function

If you cannot access the SMI-S function, check the network environment and access destination. If access cannot be made even though there is no problem with the network environment and access destination, contact customer support.

The SMI-S certificate might have expired when you receive a storage system. If so, you must upload a new signed certificate to the SMI-S provider. Follow the procedure on Uploading a signed certificate to the SMI-S provider.

SMI-S artificial indication errors

The following table lists SMI-S artificial indication errors:

Error condition

Probable cause / Recommended action

The user ID or the password is not valid. (00190 77302)

User ID or password is invalid. Enter the correct user ID or password, and then retry the operation.

An error occurred during the listener information acquisition. (00190 77303)

An error occurred during the listener information acquisition. Collect Device Manager - Storage Navigator normal dump file to the media using the dump tool.

No listeners are subscribed to the provider. (00190 77304)

The listeners are not subscribed to the SMI-S provider. Have the listeners subscribe to the provider, and retry.

The artificial indication cannot be sent to some listeners. (00190 77305)

The artificial indication cannot be sent to some listeners. Use the dump tool to collect and save Device Manager - Storage Navigator normal dump files. Then contact the customer support.

A time-out error occurred. (00190 77306)

Send the artificial indication again. If this problem persists, use the dump tool to collect Device Manager - Storage Navigator normal dump files to some recording media and then contact the customer support.

An internal error occurred. (00190 77307)

Use the dump tool to collect Device Manager - Storage Navigator normal dump files to some recording media and then contact the customer support.