Skip to main content
Close
Hitachi Vantara Knowledge

AMS/WMS Account Authentication and Storage Navigator Modular with HDvM

  1. Last updated
  2. Save as PDF

Using AMS/WMS Account Authentication and Storage Navigator Modular (for Web) with HDvM
 

Configurations

HiCommand Device Manager 5.5 or higher

Storage Navigator Modular (for Web) v6.0 or higher

DF700 Microcode Levels:

  • AMS – 0760/A-M or higher
  • WMS – 0760/A-X or higher

           

SNM (for Web) Install and Configuration

Refer to the documentation on this site.

Account Authentication

Account Authentication (AA) is a more sophisticated version of “Password Protect” that is now available for AMS and WMS subsystems. It has its own Program Product Key and requires that Password Protect is disabled.

 

ams1.jpg

When AA is installed, it comes with a predefined “root” account.

ams2.jpg

This “root” account should be used to define at least 3 types of users – and then it probably should not be used again.

  • Administrators. Define one userid per Administrator.
  • HDvM Userid. Define one userid for the exclusive use of HDvM. This userid should be used to “discover” the subsystem.
  • HTnM Userid. Define one userid for the exclusive use of HTnM.

In the above screen shot, 2 test HTnM servers – each running an HTnM RAID AGENT – are accessing the subsystem. In addition, the Administrator “mlevoi” is logged on. Note that this is not Best Practice. In general, a site should only have one HTnM RAID AGENT accessing an AMS/WMS subsystem at any one time.

 

Launch SNM (for Web) from HDvM

  1. Log onto HDvM. If you are logging with an HDvM account other than the default “system” account, make sure that your account has Admin and/or Modify privileges. Select Subsystems.
  1. Select the desired AMS or WMS subsystem.   
  2. Click on Modify Properties. Verify that the account used to add the subsystem is not the Built-in (root) account. If root is used, please change it to a dedicated HDvM Public Account.
  1. Refresh the storage subsystem.
  1. Click on Physical View to launch SNM (for Web). The following screen should appear.

 

ams3.png

 

You are now ready to use SNM (for Web) to manage your DF700 array systems.

 

Best Practice Notes for Using SNM (for Web) with HDvM

Certain features need license keys in order to operate. Make sure the keys are installed and set to Enable, otherwise you will not be able to use these features.

In order to use Account Authentication, Password Protection and NAS must be disabled or uninstalled.

SNM (for Web) and DAMP (for Web) cannot be used at the same time on the same subsystem. In general, SNM is a superset of DAMP, so DAMP (GUI, CLI and Web) can all be de-installed and replaced by SNM GUI, CLI and Web.

If you did not specify the launch settings to link SNM (for Web) to HDvM, clicking on the Physical View button will result in an error message.

If you use the Built-in (root) account to add the subsystem to HDvM, HDvM will use the Built-in (root) account to access the subsystem when it periodically polls the subsystem for information. If you are logged into SNM (for Web) and HDvM initiates a poll, you will lose the Modify privilege since it is automatically transferred to the Built-in (root) account. To prevent loss of modification privileges, use a dedicated HDvM Public Account when adding a subsystem to HDvM.

When adding a subsystem to HDvM using a Public Account, make sure that the Public Account you are using has Account Administration, Storage Administration, and Audit Log Administration View & Modify privileges.

When you click on Physical View to launch SNM (for Web) from Device Manager, the system creates a temporary user account for SNM (for Web) to access the subsystem. The user account created is “HDvM_Mxxxxxxxx”, where xxxxxxxx is the serial number of the subsystem.

User HDvM_Mxxxxxxxx is automatically registered when SNM (for Web) is in use and deleted after you exit SNM (for Web). Therefore, do not manually add user accounts that start with “HDvM_”. This may produce a conflict and will cause your launch to fail.

The screen below shows the temporary userid after Physical View has been launched.

 

ams4.jpg

 

Do not use the Built-in (root) account for any services or applications that connect to the DF700 series. Doing so will result in loss of modification privileges while using SNM (for Web).

Do not set SNM Alert Monitoring using the Built-in (root) account. Doing so will result in loss of modification privileges while using SNM (for Web).

Device Manager will not be able to poll the subsystem while Physical View is open.

You cannot perform a manual refresh of the subsystem while Physical View is open.

If you have enabled the automatic refresh function in the HDvM server properties for the DF700 subsystems, HDvM will execute the automatic refresh only after the Physical View window is closed.

If you are using Physical View and another user logs in with the Built-in (root) account through SNM GUI or CLI, you will lose the Modify privilege and be placed in View Only mode. To regain Modify privilege, you must wait until root has logged off and then close Physical View and log back in.

You cannot launch Physical View if SNM GUI is already opened and is in use on that host. An error message indicating that another management application is changing the subsystem will be received. However, if you launch Physical View first, you can then open SNM GUI second and there will be no conflict. SNM GUI will log on with View Only privileges.

HDvM users must be assigned the All Resources group in order to operate the Physical View for the D700 series.

HDvM users must be given Admin and/or Modify roles for HDvM in order to have Modify privileges when using Physical View. HDvM users with View Only role will not be able to perform any modification operations on the subsystem.

Multiple users with HDvM Admin and/or Modify permissions cannot launch Physical View of the same storage subsystem at the same time. An error message will be displayed.

Concurrent instances of Physical View can be used provided that they are not connected to the same subsystem.

Physical View of the same storage subsystem can be viewed at the same time by multiple users if they have HDvM View Only permissions. When HDvM users with View Only permissions launch Physical View, an HDvM_Vxxxxxxxx user is temporarily created (instead of HDvM_Mxxxxxxxx). HDvM_Vxxxxxxxx has View Only mode and cannot perform modification activities.

The AA Audit log does not track which HDvM user is logged into SNM (for Web). It tracks activities through the account that was used to add the storage subsystem to HDvM and the temporary user that is created when Physical View is in use.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Q & A
    Page Type
    Knowledge Article
  2. Tags
    This page has no tags.