Veritas InfoScale™ Operations Manager 8.0.2 Installation and Configuration Guide

Last Published:
Product(s): InfoScale & Storage Foundation (8.0.2)
Platform: AIX,HP-UX,Linux,Solaris,VMware ESX,Windows
  1. Section I. Installing and configuring Veritas InfoScale Operations Manager
    1. Planning your Veritas InfoScale Operations Manager installation
      1.  
        About Veritas InfoScale Operations Manager
      2. Downloading Veritas InfoScale Operations Manager 8.0.2
        1.  
          Downloading Management Server files
        2.  
          Downloading managed host files
      3.  
        Using the product documentation
      4.  
        Host considerations for installing Veritas InfoScale Operations Manager
      5. Typical Veritas InfoScale Operations Manager deployment configuration
        1.  
          Centralized management of Storage Foundation High Availability hosts
      6.  
        Veritas InfoScale Operations Manager 8.0.2 installation overview
      7.  
        Choosing a Management Server host
      8.  
        Choosing the managed hosts
    2. System requirements
      1.  
        Operating system requirements
      2.  
        Cloud (AWS, Azure, Google) deployment requirements
      3. Third-party required libraries
        1.  
          32-bit SNIA Common HBA API required on Windows hosts
      4. System resource requirements
        1.  
          About space estimation for data logs
        2.  
          About the frequency of managed host, enclosure and switch information discovery
      5.  
        Supported hardware
      6.  
        Web browser requirements
      7. Network and firewall requirements
        1.  
          Internet Protocol version requirements
      8.  
        Proxy server requirements
    3. Installing, upgrading, and uninstalling Veritas InfoScale Operations Manager
      1.  
        Packages included in Veritas InfoScale Operations Manager
      2. About installing Management Server
        1.  
          Installing Management Server on Linux (on premises and cloud)
        2.  
          Installing Management Server on Windows (on premises and cloud)
      3.  
        Verifying Management Server installation on Linux
      4.  
        Verifying Management Server installation on Windows
      5.  
        Configuring Veritas InfoScale Operations Manager on Linux and Windows
      6.  
        Implementing US Executive Order (EO) requirements
      7.  
        Configuring Veritas InfoScale Operations Manager Management Server and Agents in FIPS mode on Linux
      8.  
        Configuring Service groups using CLI script
      9.  
        Configuring Veritas InfoScale Operations Manager Management Server on Linux using CLI
      10.  
        Importing third-party certificates for xprtld
      11. About installing managed host
        1.  
          Installing managed host on UNIX/Linux
        2.  
          Installing managed host on Windows
        3.  
          Installing managed host through Solaris JumpStart
        4.  
          About cloning virtual machines
        5.  
          About migrating virtual machines
      12.  
        Verifying managed host installation on UNIX
      13.  
        Verifying managed host installation on Windows
      14. About upgrading Management Server
        1.  
          Upgrading Management Server on Linux
        2.  
          Upgrading Management Server on Windows
        3.  
          Migrating the managed hosts to 2048-bit certificate
      15. About backing up and restoring Veritas InfoScale Operations Manager data
        1.  
          Taking regular backups of Veritas InfoScale Operations Manager data on Linux
        2.  
          Backing up Veritas InfoScale Operations Manager data on Linux before upgrading to version 8.0.2
        3.  
          Restoring backed up data on Linux
        4.  
          Taking regular backups of Veritas InfoScale Operations Manager data on Windows
        5.  
          Backing up Veritas InfoScale Operations Manager data on Windows before upgrading to version 8.0.2
        6.  
          Restoring backed up data on Windows
      16. About upgrading managed hosts to Veritas InfoScale Operations Manager 8.0.2
        1.  
          Upgrading managed host using the console
        2.  
          Upgrading managed host on UNIX/Linux using operating system commands
        3.  
          Upgrading managed host on Windows using the installer package
      17.  
        Verifying the version of Management Server in the console
      18.  
        Verifying the version of a managed host in the console
      19.  
        Uninstalling Management Server on Linux
      20.  
        Uninstalling Management Server on Windows
      21.  
        Uninstalling managed host on UNIX
      22.  
        Uninstalling managed host on Windows
    4. Configuring Veritas InfoScale Operations Manager in a high availability and disaster recovery environment
      1. Configuring the high availability feature in Veritas InfoScale Operations Manager
        1. Configuring a new Veritas InfoScale Operations Manager installation in high availability environment
          1.  
            Prerequisites for configuring a new Management Server in high availability environment
          2.  
            Performing initial configuration of Management Server in HA environment
          3.  
            Creating the base service groups for HA configuration
          4.  
            Creating the base service groups for CFS HA configuration
          5.  
            Completing the configuration of a Management Server installation in HA environment
        2. Configuring an existing Veritas InfoScale Operations Manager installation in high availability environment
          1.  
            Prerequisites for configuring an existing Management Server in high availability environment
          2.  
            Modifying the default IP address and host name of the existing Management Server
      2.  
        Configuring CMS HA on Linux using Command Line (CLI)
      3. Configuring Management Server in one-to-one DR environment
        1.  
          Prerequisites for configuring a Management Server in DR environment
        2.  
          Performing initial configuration of Management Server installation in DR environment
        3.  
          Creating the base service groups for DR configuration
        4.  
          Enabling DR configuration
      4. Configuring Veritas InfoScale Operations Manager in high availability and disaster recovery environment
        1.  
          Prerequisites for configuring a Management Server in HA-DR environment
        2.  
          Performing initial configuration of Management Server installation in DR environment
        3.  
          Creating the base service groups for DR configuration
        4.  
          Enabling DR configuration
      5. About upgrading the high availability configurations
        1.  
          Upgrading Management Server in high availability environment
      6. About upgrading the high availability and disaster recovery configurations
        1.  
          Upgrading Management Server in high availability and disaster recovery environment
      7.  
        Removing the high availability configuration
    5. Installing and uninstalling Veritas InfoScale Operations Manager add-ons
      1.  
        About deploying Veritas InfoScale Operations Manager add-ons
      2.  
        Downloading a Veritas InfoScale Operations Manager add-on
      3. Uploading a Veritas InfoScale Operations Manager add-on to the repository
        1.  
          Upload Solutions to Repository panel options
      4. Installing a Veritas InfoScale Operations Manager add-on
        1.  
          Install - Download Add-on panel options
        2.  
          Install - Select hosts panel options for add-ons
      5. Uninstalling a Veritas InfoScale Operations Manager add-on
        1.  
          Uninstall panel options
      6. Removing a Veritas InfoScale Operations Manager add-on from the repository
        1.  
          Remove panel options
      7. Canceling deployment request for a Veritas InfoScale Operations Manager add-on
        1.  
          Cancel Deployment Request panel options
      8. Installing a Veritas InfoScale Operations Manager add-on on a specific managed host
        1.  
          Install panel options
      9. Uninstalling a Veritas InfoScale Operations Manager add-on from a specific managed host
        1.  
          Uninstall panel options
      10.  
        Enabling a Veritas InfoScale Operations Manager add-on on a specific managed host
      11.  
        Disabling a Veritas InfoScale Operations Manager add-on from a specific managed host
      12.  
        Refreshing the repository
      13.  
        Restarting the web server
  2. Section II. Setting up the Management Server environment
    1. Basic Veritas InfoScale Operations Manager tasks
      1.  
        About the communication between the managed hosts and Management Server
      2.  
        Connecting to Veritas InfoScale Operations Manager Management Server
      3.  
        Stopping and starting the Web application
      4.  
        About the Management Server perspective
    2. Adding and managing hosts
      1. Overview of host discovery
        1.  
          How Veritas InfoScale Operations Manager discovers hosts
        2.  
          Supported features for host discovery options
      2. Overview of agentless discovery
        1.  
          About agentless discovery using the Control Host
        2.  
          About agentless discovery of remote hosts
        3.  
          Prerequisites for agentless configuration
        4.  
          How agentless discovery of a UNIX or Linux host works
        5.  
          How agentless discovery of a Windows host works
        6.  
          Requirements for agentless discovery of UNIX hosts
        7.  
          Requirements for agentless discovery of Windows hosts
        8.  
          Requirements for deep array discovery for agentless hosts
        9.  
          Commands that require the root access for agentless discovery of UNIX hosts
        10.  
          Using the privilege control software with agentless discovery of UNIX hosts
        11.  
          SSH configuration requirements for agentless discovery
        12. About installing OpenSSH on a UNIX host
          1.  
            Installing OpenSSH on AIX
          2.  
            Installing OpenSSH on Linux
      3. Adding the managed hosts to Management Server using an agent configuration
        1.  
          Add agent hosts panel options
      4. Adding the managed hosts to Management Server using an agentless configuration
        1.  
          Add agentless hosts panel options
      5. Adding Agentless hosts to the Management Server using Profile
        1.  
          Add agentless hosts panel options using Profile
      6.  
        Adding managed hosts to Management Server using the Auto Configure (gendeploy.pl) script
      7. Editing the agentless host configuration
        1.  
          Edit agentless host panel options
      8.  
        Refreshing the details of the managed host
      9.  
        Removing managed hosts from the Management Server domain
    3. Setting up user access
      1.  
        About managing authentication brokers and authentication domains in the Veritas InfoScale Operations Manager domain
      2. Adding Lightweight Directory Access Protocol or Active Directory-based authentication on Management Server
        1.  
          Add LDAP/AD panel options
        2.  
          Add LDAP/AD panel options to specify the domain name
      3.  
        Unconfiguring Lightweight Directory Access Protocol or Active Directory configuration from the authentication broker
      4. Configuring LDAP using CLI
        1.  
          Configuring an LDAP domain
        2.  
          Assigning permissions to a user group
        3.  
          Unconfiguring an existing LDAP configuration
        4.  
          Changing the password for a bind user
      5.  
        Configuring Single Sign-On in Veritas InfoScale Operations Manager
      6.  
        Enabling the authentication domain
      7.  
        Disabling the authentication domain
      8.  
        About predefined roles in Veritas InfoScale Operations Manager
      9.  
        About Organizations, objects, and roles in Veritas InfoScale Operations Manager
      10.  
        Assigning permissions to user groups for a perspective
      11.  
        Modifying permissions assigned to user groups for a perspective
      12.  
        Deleting permissions assigned to user groups on a perspective
      13.  
        Restricting users or user groups from accessing the Veritas InfoScale Operations Manager console
      14.  
        Example: Managing user access in Veritas InfoScale Operations Manager using Organizations and existing user groups
    4. Setting up fault monitoring
      1.  
        About alerts and rules
      2. Creating rules in the Management Server perspective
        1.  
          Create Rule - Select the type of fault conditions to trigger this rule panel options
        2.  
          Create Rule - Select one or more fault topics which will trigger this rule panel options
        3.  
          Create Rule - Setup notifications panel options
        4.  
          Create Rule - Enter name and description panel options
      3. Editing rules in the Management Server perspective
        1.  
          Edit Rule - Select the type of fault condition to trigger this rule panel options
        2.  
          Edit Rule - Select one or more fault topics which will trigger this rule panel options
        3.  
          Edit Rule - Setup notifications panel options
        4.  
          Edit Rule - Enter name and description panel options
      4. Deleting rules in the Management Server perspective
        1.  
          Delete Rule panel options
      5. Enabling rules in the Management Server perspective
        1.  
          Enable Rule panel options
      6. Disabling rules in the Management Server perspective
        1.  
          Disable Rule panel options
      7.  
        About faults and risks
      8. Suppressing faults in the Management Server perspective
        1.  
          Suppress Faults panel options
      9.  
        Restoring a suppressed fault in the Management Server perspective
      10. Suppressing a fault definition in the Management Server perspective
        1.  
          Suppress the fault definition panel options
      11.  
        Restoring a suppressed fault definition in the Management Server perspective
    5. Setting up virtualization environment discovery
      1.  
        About the virtualization technologies supported
      2.  
        About Control Hosts in Veritas InfoScale Operations Manager
      3.  
        Requirements for discovering vCenter and ESX servers using Veritas InfoScale Operations Manager
      4.  
        About near real-time discovery of VMware events
      5. Setting up near real-time discovery of VMware events
        1.  
          Configuring the VMware vCenter Server to generate SNMP traps
      6.  
        Configuration settings for VMware vCenter discovery
      7. Requirements for discovering the Solaris zones
        1.  
          Requirements for the zlogin utility on non-Global Zones
        2.  
          Requirements for devices exported to non-Global Zones
        3.  
          Requirements for file systems exported to non-Global Zones
      8.  
        Requirements for discovering Solaris Logical domains
      9.  
        Requirements for discovering logical partitions
      10.  
        Requirements for Microsoft Hyper-V virtualization discovery
      11.  
        Requirements for Kernel-based Virtual Machine (KVM) virtualization discovery
      12. Adding a virtualization server
        1.  
          Add Virtualization Server panel options
        2.  
          Add Virtualization Server panel options
      13. Editing a virtualization discovery configuration
        1.  
          Edit Configuration panel options
        2.  
          Edit Configuration panel options for method selection
      14. Refreshing a virtualization discovery configuration
        1.  
          Refreshing an ESX Server discovery
      15.  
        Removing a virtualization discovery configuration
      16.  
        Configuring performance metering for a VMware vCenter server
      17.  
        Disable performance metering for a VMware vCenter server
    6. Deploying hot fixes, packages, and patches
      1.  
        About deploying Veritas InfoScale Operations Manager hot fixes
      2.  
        About deploying maintenance release packages and patches
      3.  
        About deploying base release packages
      4.  
        Downloading a hot fix, package, or patch
      5.  
        Uploading a Veritas InfoScale Operations Manager hot fix or package to the repository
      6. Installing a Veritas InfoScale Operations Manager hot fix, package, or patch
        1.  
          Install - Download hot fix, package, or patch panel options
        2.  
          Install - Select hosts panel options
      7.  
        Removing a hot fix, package, or patch from the repository
      8.  
        Canceling deployment request for a hot fix, package, or patch
      9.  
        Installing a Veritas InfoScale Operations Manager hot fix on a specific managed host
    7. Configuring Management Server settings
      1.  
        Configuring the Management Server settings
      2.  
        Configuring SMTP settings for email notifications
      3. Configuring SNMP trap settings for alert notifications
        1.  
          Configuring SNMPv3 settings
      4.  
        Configuring the proxy server settings
      5.  
        Configuring two-factor authentication (2FA)
      6.  
        Setting the period for retaining the alert and the task logs in the database
      7.  
        Configuring Web server settings
      8.  
        Setting the generation time for subscribed reports
      9.  
        Configuring advance authorization settings
      10.  
        Enabling or disabling policy signatures for the data center
      11.  
        Forwarding audit logs
    8. Setting up extended attributes
      1.  
        About using extended attributes
      2.  
        Adding an extended attribute
      3.  
        Modifying an extended attribute
      4.  
        Deleting an extended attribute
    9. Viewing information on the Management Server environment
      1.  
        Viewing the details of an add-on, hot fix, package, or patch on SORT website
      2.  
        Viewing the hosts configured in the Management Server domain
      3.  
        Viewing the details of the authentication broker and the domains associated with the broker
      4.  
        Viewing faults in the Management Server perspective
      5.  
        Viewing the faults definitions
      6.  
        Viewing details of alert logs
      7.  
        Viewing the details of rules
      8.  
        Viewing the details of active users logged in to Management Server
      9.  
        Viewing the Management Server settings
      10.  
        Viewing the list of extended attributes
      11.  
        Viewing audit information for Management Server
      12.  
        Viewing task information for the data center
      13.  
        Viewing or exporting a list of available policy signatures
  3. Appendix A. Troubleshooting
    1. Management Server (MS)
      1.  
        Veritas InfoScale Operations Manager processes running on Management Server for Linux
      2.  
        Veritas InfoScale Operations Manager services running on Management Server for Windows
      3.  
        Commands to start and stop the Veritas InfoScale Operations Manager processes on Management Server on Linux
      4.  
        Commands to start and stop the Veritas InfoScale Operations Manager processes on Management Server on Windows
      5.  
        Management Server log file locations on Linux
      6.  
        Management Server log file locations on Windows
    2. Managed host (MH)
      1.  
        Veritas InfoScale Operations Manager processes running on managed host on Unix/Linux
      2.  
        Veritas InfoScale Operations Manager services running on managed host on Windows
      3.  
        Commands to start and stop Veritas InfoScale Operations Manager processes on managed host on UNIX/Linux
      4.  
        Managed host log files
      5.  
        Agentless driver log files
      6.  
        Gathering information for troubleshooting
  4.  
    Index

Configuring Veritas InfoScale Operations Manager Management Server and Agents in FIPS mode on Linux

The Federal Information Processing Standards (FIPS) 140-2 standard (commonly referred as FIPS mode) specifies the security requirements for cryptographic modules. The U.S. federal government has set an encryption standard for its non-military agencies, contractors, and service providers who work with the U.S. government must also follow FIPS. Hence, it is mandatory to configure and enable the FIPS 140-2 standard.

You can configure and enable FIPS mode for Veritas InfoScale Operations Manager Management Server and Agents. By default, FIPS-compliant mode is turned off when the Veritas InfoScale Operations Manager Management Server platform is installed. However, you can turn on FIPS mode for one or more nodes in your deployment. Configuration of Veritas InfoScale Operations Manager to run in FIPS mode includes the following sequence of process:

  • Enabling the FIPS mode on Veritas InfoScale Operations Manager Management Server (installed on Linux)

  • Enabling the FIPS mode on the third-party components that are used in Veritas InfoScale Operations Manager (Tomcat, Java)

  • Enabling the FIPS mode on Veritas InfoScale Operations Manager Agents (Linux, Solaris, and AIX)

Prerequisites to configure Veritas InfoScale Operations Manager in FIPS mode

  • FIPS mode can be enabled only with a fresh installation of Veritas InfoScale Operations Manager Server on a Linux system. Configuration of an existing Veritas InfoScale Operations Manager to run in FIPS mode is not supported in this release.

  • FIPS mode can be enabled only on Agents running on Linux, Solaris, or AIX. In this release, agents that are running on other operating systems cannot be configured in FIPS mode.

  • To verify if OpenSSL is installed, run the /usr/bin/openssl version command.

To enable FIPS mode on fresh installation of Veritas InfoScale Operations Manager Management Server on Linux

  1. Perform a fresh installation of Veritas InfoScale Operations Manager Management Server on Linux.
  2. Open the VRTSatlocal.conf configuration file that is located at /opt/VRTSsfmcs/sec/bin/.
  3. Under the Security\Authentication\Client section, enable the FIPS mode as follows:

    [Security\Authentication\Client] "FipsMode"=dword:00000001 "ConnectTimeout"=dword:00000014

  4. Open a browser and configure Veritas InfoScale Operations Manager Management Server.
  5. Once the Veritas InfoScale Operations Manager Management Server configuration is successful, you may open the VRTSatlocal.conf configuration file that is located at/var/opt/VRTSsfmcs/sec/root/.VRTSat/profile/and verify if the "FipsMode"=dword:00000001 is set.

To enable FIPS mode on Tomcat and Java components used in Veritas InfoScale Operations Manager

  1. Create a trusted Java KeyStore (JKS) for the Tomcat web server with imported certificates provided by a trusted Certificate Authority. For more information, see https://www.veritas.com/support/en_US/article.100026835
  2. Back up the following files:

    • /opt/VRTSsfmcs/webgui/jre/conf/security/java.security

    • /opt/VRTSsfmcs/webgui/tomcat/conf/server.xml

  3. Copy and overwrite the following files as follows:

    • cp /opt/VRTSsfmcs/webgui/jre/conf/security/java.security.fips /opt/VRTSsfmcs/webgui/jre/conf/security/java.security

    • cp/opt/VRTSsfmcs/webgui/tomcat/conf/server.xml.fips /opt/VRTSsfmcs/webgui/tomcat/conf/server.xml

    • cp /opt/VRTSsfmcs/webgui/tomcat/bin/setenv.sh.fips /opt/VRTSsfmcs/webgui/tomcat/bin/setenv.sh

  4. Edit the server.xml that is located at /opt/VRTSsfmcs/webgui/tomcat/conf/ and add the CMS hostname (FQDN) in the Connector tag and Connector > SSLHostConfig tag respectively as follows:

    • defaultSSLHostConfigName="<FQDN>"

    • hostName="<FQDN>"

  5. Convert the Java KeyStore (JKS) to the BC FIPS Keystore (BCFKS) format using the following command:

    /opt/VRTSsfmcs/webgui/jre/bin/keytool -importkeystore -srckeystore .keystore -srcstoretype pkcs12 -deststoretype BCFKS -destkeystore .keystore -srcstorepass changeit -deststorepass changeit -providerclass com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -J--module-path=/opt/VRTSsfmcs/webgui/jre/lib/ccj-3.0.1.jar -J--add-modules=ccj -J--add-exports=java.base/sun.security.provider=ccj -J--add-exports=java.base/sun.security.internal.spec=ccj

    Note:

    To verify the conversion of JKS to BCFKS use the following command: /opt/VRTSsfmcs/webgui/jre/bin/keytool -list -keystore /opt/VRTSsfmcs/webgui/tomcat/cert/.keystore -storepass changeit -storetype BCFKS -providername CCJ -providerpath "/opt/VRTSsfmcs/webgui/jre/lib/ext/ccj-3.0.1.jar" -providerclass com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider

  6. Restart VIOM web server using the following command:/opt/VRTSsfmcs/bin/vomsc --restart web

To enable FIPS mode on Veritas InfoScale Operations Manager Agents running on Linux, Solaris, AIX

  1. Open Veritas InfoScale Operations Manager Management Server in a browser.
  2. Add Linux, Solaris, or AIX Agents having Veritas InfoScale Operations Manager version 8.0, 8.0.2 to Veritas InfoScale Operations Manager Management Server.

The FIPS mode can be enabled only on Agents running on Linux, Solaris, or AIX having Veritas InfoScale Operations Manager version 8.0 and 8.0.2

Note:

In this release, agents that are running on other operating systems cannot be configured in FIPS mode.