HP Policy Manager Software User Manual

HP 3PAR Policy Manager Software User Guide

Abstract

This guide is intended to be used as a reference when installing, configuring, and maintaining HP 3PAR Policy Manager (Policy
Manager). It contains administration-level information and some user configuration information for the Policy Manager.

HP Part Number: QL226-96117
Published: August 2011

© Copyright 2011, 2011 Hewlett-Packard Development Company, L.P.

Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.

The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.

Acknowledgments

Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries

in the United States and other countries.

Microsoft®, Windows®, Windows® XP, and Windows NT® are U.S. registered trademarks of Microsoft Corporation.

Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Java and Oracle are registered trademarks of Oracle and/or its affiliates.

UNIX® is a registered trademark of The Open Group.

Warranty

WARRANTY STATEMENT: To obtain a copy of the warranty for this product, see the warranty information website:

http://www.hp.com/go/storagewarranty

Documentation

For the latest version of this document, go to http://www.hp.com/go/3par/, navigate to your product page, click Support for your product, and
then click Manuals.

Contents

1 Introduction...............................................................................................5

Related Documentation..............................................................................................................5

Typographical Conventions........................................................................................................5

Advisories................................................................................................................................5

2 Overview..................................................................................................6

What is the HP 3PAR Policy Manager?........................................................................................6

User Authentications.................................................................................................................6

HP 3PAR Policy Manager Connections........................................................................................6

How It All Works......................................................................................................................7

Policies...............................................................................................................................7

3 Installing the HP 3PAR Policy Manager..........................................................9

Hardware Requirements..........................................................................................................11

Software Requirements..............................................................................................................9

Installation and Setup................................................................................................................9

Reinstalling HP 3PAR Policy Manager...................................................................................10

4 Configuring Users.....................................................................................11

Overview..............................................................................................................................11

Configuring Users...................................................................................................................11

5 Starting the HP 3PAR Policy Manager.........................................................14

Starting HP 3PAR Policy Manager.............................................................................................14

Starting the Policy Manager User Interface............................................................................14

Default Login Information................................................................................................14

Stopping HP 3PAR Policy Manager...........................................................................................15

6 Understanding the User Interface................................................................16

Overview of the User Interface.................................................................................................16

Home Tab.............................................................................................................................17

Policy Tab..............................................................................................................................18

Sorting Policy Columns.......................................................................................................20

Pending Requests Tab..............................................................................................................20

Sorting Pending Requests....................................................................................................21

Audit Log Tab........................................................................................................................21

Configuration Tab...................................................................................................................22

7 Using HP 3PAR Policy Manager.................................................................24

Policy Inheritance and Hierarchy...............................................................................................24

Working in the Policy Tab........................................................................................................24

Base Installation Actions.....................................................................................................25

Viewing Policies by Group...................................................................................................26

Editing Permissions.............................................................................................................27

Adding New Parameters................................................................................................27

Removing Permission Parameters.....................................................................................29

Considerations when Creating Permissions.......................................................................29

Assigning Access Rights......................................................................................................30

Software Management Package Access Rights..................................................................30

Locking Permissions............................................................................................................31

Removing Policy Overrides..................................................................................................31

Setting Access Rights for All Policy Permissions.......................................................................32

Working in the Configuration Tab.............................................................................................32

Creating New Groups........................................................................................................32

Contents 3

Editing Existing Group Configurations...................................................................................33

Configuring Group Notification Settings................................................................................34

Deleting Existing Groups.....................................................................................................35

Finding and Removing Missing Devices.................................................................................36

Working in the Pending Requests Tab........................................................................................37

Accepting and Denying Requests.........................................................................................38

Viewing Action Details and Specifying a Timeout...................................................................38

Container Actions..............................................................................................................38

Working in the Audit Log Tab...................................................................................................39

Viewing Audit Logs............................................................................................................40

Viewing Audit Log Entries by Group or Device..................................................................40

Audit Log Entries Online and in Log Files..............................................................................40

Audited Operations and Activity..........................................................................................40

Agent Audit Log Persistence.................................................................................................41

8 Troubleshooting and Maintenance..............................................................42

Troubleshooting......................................................................................................................42

Maintaining the Server and Database.......................................................................................42

4 Contents

1 Introduction

Related Documentation

The following document provides information related to HP 3PAR Secure Service Architecture:

Read the…For information about…

Configuring the Secure Service Custodian

Typographical Conventions

This guide uses the following typographical conventions :

ABCDabcd

ABCDabcd

ABCDabcd

<ABCDabcd>

HP 3PAR Secure Service Custodian Configuration Utility
Reference

Used for dialog elements such as titles,
button labels, and other screen
elements.

output.

screen output.

Used for variables in filenames, paths,
and screen output.

Used for variables in user input.<ABCDabcd>

ExampleMeaningTypeface

When prompted, click Finish to
complete the installation.

Open the fileUsed for paths, filenames, and screen

\gui\windows\setup.exe

# cd \opt\3par\guiUsed to differentiate user input from

Modify the content string by adding the

-P<x> option after -jar
inform.jar

# .\java -jar inform.jar

-P<x>

Advisories

To avoid injury to people or damage to data and equipment, be sure to observe the cautions and
warnings in this guide. Always be careful when handling any electrical equipment.

WARNING! Warnings alert you to actions that can cause injury to people or irreversible damage

to data or the operating system.

CAUTION: Cautions alert you to actions that can cause damage to equipment, software, or data.

NOTE: Notes are reminders, tips, or suggestions that supplement the procedures included in this

guide.

NOTE: The InServ Storage Server has been rebranded as HP 3PAR Storage System. There are

instances in this document where menu items and command output refer to the HP 3PAR Storage
System as InServ or InServ Storage Server.

Related Documentation 5

2 Overview

What is the HP 3PAR Policy Manager?

The HP 3PAR Policy Manager (Policy Manager) is a server-based software application that enables
customers to control and monitor communications between the HP 3PAR Secure Service Custodian
(Custodian) and the HP 3PAR Secure Service Collector Server (Collector Server). This server-based
application resides on a customer's network and sets and controls all Secure Service Architecture
permissions for the Custodians on that network. Policy Manager can be installed to enable only
authorized access and use of the managed Custodians.

The Policy Manager manages all operations the Collector Server requests to perform on Custodians,
and a subset of actions a Custodian will perform based on its own configuration. The list of managed
operations includes Custodian-specific actions, remote access connections to the Custodian, file
uploads, script and package registration and execution, and more.

Custodian policies and permissions are configured through the Policy Manager’s browser-based
user application pages. Through the application pages, authenticated users can set up and manage
Custodian-specific permissions and audit Policy Manager operations and use. Users log in to the
Policy Manager through Microsoft® Internet Explorer™, version 6.

You can host Policy Manager on Microsoft Windows NT™ (SP4), Windows 2000™ (SP3), Windows
2003™, or Windows XP™ operating systems. Hypersonic SQL provides a standalone, open
source, Java-based database to store and manage the Policy Manager configurations. Apache
Tomcat provides the Web application and file realm component for the Policy Manager.

User Authentications

Apache Tomcat provides the Web application and file realm component for the Policy Manager.
Tomcat's file realm implementation is used to manage user access to the Policy Manager. Tomcat
provides for two authentication levels or roles:

• One level of user authentication controls who can configure, manage, and administer the

Policy Manager and the Policy Manager users.

• A second level of user authentication specifies who can log in to the Policy Manager to manage

Custodian policies and permissions and view and accept pending requests.

These roles specify the Policy Manager administrators and users. A Policy Manager user has full
access to all functionality available through the Policy Manager application pages.

HP 3PAR Policy Manager Connections

Within a customer's organization, a single Policy Manager can be configured to manage some
or all Custodians, or multiple Policy Managers can be configured to handle multiple sets of
Custodians uniquely; for example, Custodians located in different departments and with separate
administration and security needs.

6 Overview

Figure 1 HP 3PAR Policy Manager Configured to Mange Custodian Policies

How It All Works

The Secure Service Collector Server communicates with the Secure Service Custodian by posting
requests for the Custodian and receiving its responses. These can be requests to perform actions,
including uploading files, running applications, restarting, executing packages, setting data values
on the Custodians, and so forth. These requests are discovered by the Custodian Custodians upon
subsequent pings. If a Custodian is managed by the Policy Manager, the Custodian will first
reference its policy to determine whether or not it can perform the action.

Each Custodian is also configured with its own actions. These actions may be configured to execute
based on an internal schedule set in the Custodian, or based on triggering events. If Policy Manager
is in use, some of the Custodian’s own actions will be defined in the related policy.

Policies

When a Custodian connected to and managed by Policy Manager is presented with a request to
perform an action, it first refers to its policy, as defined by the Policy Manager. A policy is comprised
of a list of actions a Custodian can perform and permissions and rights to perform each action. A
Custodian’s policy determines how the Custodian will handle an action request and, based on the
defined policy, the Custodian will do one of three things:

• Accept and perform the action.

• Deny the action.

• Ask the Policy Manager for permission to perform the action.

The Custodian enforces the policy as set in the Policy Manager and reports its policy-related
activities to the Policy Manager and the Collector Server for auditing reasons.

If a Custodian requests permission to perform an action, per its policy, the Policy Manager sends
an email notification to specified Policy Manager user(s). Based on the email information, the

How It All Works 7

recipients are informed of the requested action. They need to then accept or deny the action within
a defined timeout period.

• If the action is accepted, the Policy Manager notifies the Custodian that the action is accepted.

If applicable, the Custodian notifies the Collector Server that the action as approved, and then
it performs the action as requested.

• If the user denies the action, the Policy Manager sends the action back to the Custodian as

denied. The Custodian notifies the Collector Server that the action was denied.

All communications between the Policy Manager and its managed Custodians are initiated by the
Custodians. When a Custodian contacts the Policy Manager, either when it registers or based on
its defined ping rate, that Custodian receives any current or updated policy settings or accepted
or denied requests. At the same time, the Custodian sends the Policy Manager its action requests
and its list of supported actions.

8 Overview

3 Installing the HP 3PAR Policy Manager

The HP 3PAR Policy Manager installation includes all necessary components needed to manage
polices on Custodians. The Policy Manager can be hosted from a computer running supported
Windows operating system and connected to Custodians via a network connection.

NOTE: The Secure Service Custodian is configured to connect to the Policy Manager at a specified

IP address or host name. If you change the network location of the Policy Manager after deployment,
the configuration of each managed Custodian will need to change in kind.

Hardware Requirements

The following are the minimum requirements for the Policy Manager, database, and Web server:

• i386

• 750 MHz processor

• 256 MB of memory

• 100 MB of disk space for the installation with additional space available for log files

NOTE: As you use the Policy Manager and audit log files are created, your disk space

requirements will grow substantially. Keep track of the disk space usage and consider archiving
log files as possible.

• 100 MB LAN connection

• Network connection between the Policy Manager and connected Custodians

Software Requirements

The following are not included, but required for installation:

• Windows NT, 2000, 2003, or XP

For Windows NT 4.0 apply Service Pack 4◦

◦ For Windows 2000 apply Service Pack 3

• HP 3PAR Policy Managerapplication pages are optimized for Microsoft Internet Explorer,

version 6.

The following are included in installation:

• HP 3PAR Policy Manager, version 1.0

• Apache Tomcat, version 5.0.18

• Hypersonic SQL version 1.7.1

• JDK 1.4.x Java VM (Virtual Machine)

Installation and Setup

To install and set up HP 3PAR Policy Manager, perform the following:

1. Insert the Policy Manager installation CD in the CD-ROM drive of the computer on which you
want to install the Policy Manager, or another networked computer to which the Custodians
can connect via LAN or WAN connections.

2. Browse to the CD in your computer's file manager or explorer application.

3. Locate and run install3PARSSPM_x_x_x_x.exe.
The Policy Manager installation program starts installing the server, Web applications, and

database, and prompts you for installation information.

Hardware Requirements 9

4. After clicking Next at the Introduction, provide the following information when prompted:

• Installation directory for all of the installed software components.

• Port number (listening port) of the computer through which the Policy Manager

communicates with Custodians. The default port is 8080.

• Your organization’s email server and email domain name.

• The sender’s email address. The source address is 3PAR_SSPM@3par.com.

• The administrator’s email address.

• The frequency that email is to be retrieved.

• The number of days of audit log messages you wish to be made available via the View

Audit Log Entries page in the Policy Manager application user interface.

5. Review the information you entered at step 4 and click Install to begin the installation.

6. When installation is complete, click Done.

Reinstalling HP 3PAR Policy Manager

If you need to reinstall Policy Manager, perform the following:

1. Remove or uninstall the existing Policy Manager files installed on your computer from the
previous installation.

2. Reinstall Policy Manager by following the instructions described in “Installation and Setup”

(page 9).

10 Installing the HP 3PAR Policy Manager

4 Configuring Users

Overview

After installing the server, you need to configure the users and groups with privileges for the HP
3PAR Policy Manager, and modify the Policy Manager configuration settings for your specific use
of the server.

User configuration is performed through the Apache Tomcat file realm. To manage the user
configuration, you need to start the server and then log into the Tomcat server.

NOTE: One other Policy Manager configuration file, log4j.properties, contains diagnostic

settings you may want to modify if troubleshooting server errors. This file is located in
..\Tomcat5\shared\classes. You should change the settings only if you have experience
with database and server administration and database debugging.

This chapter explains the following configuration settings available for the Policy Manager system:

• Configuring users for server administration and Policy Manager login.

• Configuring Policy Manager server properties and functionality.

Configuring Users

The Tomcat file realm controls who has access to administering the server and who can log in to
and use the Policy Manager application pages.

To configure the Tomcat file realm for HP 3PAR Policy Manager, you need to specify users for the
two user groups, APMAdmin and APMUsers, as follows:

• APMAdmin group - individuals defined in this group will be able to log into Tomcat and

configure server settings, additional APMusers, and so forth.

• APMUsers group - individuals defined in this group will be able to log into the application

pages, set permissions for all policies and groups defined in Policy Manager, view all audit
log messages, add, configure, and delete groups, and so forth.

You configure users for Tomcat and Policy Manager pages in the Tomcat Administration application.
The user information you specify in this application is saved to the tomcat-users.xml file.

To configure users:

Overview 11

1. Start the server on your local machine.
a. Start your Web browser.
b. Enter the local host IP address/listening port in the browser’s address bar, and then

/admin (for example, 123.456.789.111/8080/admin), and press ENTER.
The HP 3PAR Tomcat Server Administration Tool appears (Figure 2 (page 12)).

Figure 2 HP 3PAR Tomcat Server Administration Tool

2. Type your Tomcat5 user name and password and click Login.
The Administration Tool page appears (Figure 3 (page 12)), with the following navigation

window:

Figure 3 Administration Tool Page

12 Configuring Users

3. Under User Definition, click Users.

The Users List pane appears.

4. From the User Actions list, select Create New User.

NOTE: User names and passwords are case-sensitive.

Figure 4 Creating a User

5. Enter the user name, password, and full name of the user for logging into the application.

6. Select the groups and roles in which this user is to be defined. Each use can be defined in
multiple groups and roles. For example, you may want to add this user to two roles: one that
administers Tomcat5 and one that has access to the Policy Manager application pages.

7. Select the groups and roles in which this user is to be defined. Each use can be defined in
multiple groups and roles. For example, you may want to add this user to two roles: one that
administers Tomcat5 and one that has access to the Policy Manager application pages.

8. Click Save.

9. Repeat steps 4 through 7 to add all users you want to add to the system.

Configuring Users 13