Sun Microsystems WDR Guide

WDR Developer’s Guide

Creating WBEM-Based System Management

Applications

Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054 U.S.A.

Part No. 816-1984-11
September 2002

Send comments about this document to: docfeedback@sun.com

Copyright 2002Sun Microsystems, Inc.,4150 NetworkCircle, SantaClara, CA95054 U.S.A.All rightsreserved.
This product ordocument isdistributed underlicenses restrictingits use,copying, distribution,and decompilation.No partof thisproduct or

document may be reproduced inany formby anymeans withoutprior writtenauthorization ofSun andits licensors,if any.Third-party
software,including fonttechnology,is copyrighted and licensed from Sun suppliers.

Parts of the product maybe derivedfrom BerkeleyBSD systems,licensed fromthe University of California. UNIX is a registered trademarkin
the U.S. and other countries, exclusively licensed through X/OpenCompany,Ltd.

Sun, Sun Microsystems,the Sunlogo, AnswerBook2,docs.sun.com, SunFire, Sun4U,SunSwift, Java,JDK, andSolaris aretrademarks,
registeredtrademarks, orservice marksof SunMicrosystems, Inc. in the U.S. and other countries. All SPARC trademarks areused underlicense
and are trademarksor registeredtrademarks of SPARCInternational, Inc. in the U.S. and other countries. Productsbearing SPARCtrademarks
arebased uponan architecturedeveloped by Sun Microsystems, Inc.

The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems,Inc. forits usersand licensees.Sun acknowledges
the pioneering effortsof Xeroxin researchingand developing the concept of visual or graphical user interfaces for the computer industry.Sun
holds a non-exclusive license fromXerox tothe XeroxGraphical User Interface, which license also covers Sun’s licensees who implement OPEN
LOOK GUIs and otherwise comply with Sun’s written license agreements.

Federal Acquisitions: CommercialSoftware—Government UsersSubject toStandard License Termsand Conditions.
DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,

INCLUDING ANY IMPLIED WARRANTYOF MERCHANTABILITY,FITNESS FOR A PARTICULARPURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Copyright 2002 Sun Microsystems, Inc.,4150 NetworkCircle, SantaClara, CA95054 Etats-Unis.Tousdroits réservés.
Ce produit oudocument estdistribué avecdes licencesqui enrestreignent l’utilisation, la copie, la distribution, et la décompilation. Aucune

partie de ce produit oudocument nepeut êtrereproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et
écrite de Sun et de ses bailleurs de licence, s’il y en a. Le logiciel détenu par des tiers, et qui comprend latechnologie relativeaux policesde
caractères,est protégépar uncopyright etlicencié pardes fournisseursde Sun.

Des parties de ce produitpourront êtredérivées des systèmes Berkeley BSD licenciés par l’Université de Californie. UNIX est une marque
déposée aux Etats-Unis et dans d’autres payset licenciéeexclusivement parX/Open Company,Ltd.

Sun, Sun Microsystems,le logoSun, AnswerBook2,docs.sun.com, SunFire, Sun4U,SunSwift, Java,JDK, etSolaris sontdes marquesde
fabrique ou des marques déposées,ou marquesde service,de SunMicrosystems, Inc. aux Etats-Unis et dans d’autres pays. Toutes les marques
SPARC sont utilisées sous licence et sont des marquesde fabriqueou desmarques déposéesde SPARCInternational, Inc.aux Etats-Uniset dans
d’autrespays. Lesproduits portantles marquesSPARCsont basés sur une architecturedéveloppée parSun Microsystems,Inc.

L’interfaced’utilisation graphique OPEN LOOK et Sun™ a été développée par Sun Microsystems, Inc.pour sesutilisateurs etlicenciés. Sun
reconnaîtles effortsde pionniersde Xeroxpour la rechercheet ledéveloppement duconcept desinterfaces d’utilisationvisuelle ougraphique
pour l’industrie de l’informatique. Sun détient une licence non exclusive de Xerox surl’interface d’utilisationgraphique Xerox,cette licence
couvrant également les licenciés de Sun qui mettent en place l’interface d’utilisation graphique OPEN LOOK et qui en outrese conformentaux
licences écrites de Sun.

Achats fédéraux : logiciel commercial- Lesutilisateurs gouvernementauxdoivent respecterles conditionsdu contratde licencestandard.
LA DOCUMENTATIONEST FOURNIE “ENL’ETAT” ET TOUTES AUTRESCONDITIONS, DECLARATIONSETGARANTIES EXPRESSES

OU TACITESSONT FORMELLEMENTEXCLUES, DANSLA MESUREAUTORISEE PARLA LOIAPPLICABLE, YCOMPRIS NOTAMMENT
TOUTEGARANTIE IMPLICITERELATIVEA LAQUALITE MARCHANDE,A L’APTITUDE A UNE UTILISATION PARTICULIEREOU A
L’ABSENCEDE CONTREFAÇON.

Please
Recycle

Contents

Preface xiii

Before You Read This Book xiii
How This Book Is Organized xiv
Using UNIX Commands xiv
Typographic Conventions xv
Shell Prompts xv
Related Documentation xvi
Accessing Sun Documentation Online xvi
Sun Welcomes Your Comments xvi

1. Introduction to WDR 1

Hardware Required for WDR 1

Hardware Required for MSP on Sun Fire 6800/4810/4800/3800 Systems 1

Software Required for WDR 2

Software Required for Sun Fire 15K/12K Systems 2

Software Required for Sun Fire 6800/4810/4800/3800 Systems 2
About Web-Based Enterprise Management (WBEM) 2
Common Information Model (CIM) 3

Platform-Specific and Common MOF Files 4
Operations that WDR Performs 4

iii

Administrator Security Models 5

WDR Security 5

Sun Fire 6800/4810/4800/3800 System Groups 5

Sun Fire 15K and 12K System Groups 6
Solaris WBEM Services 7
CIM Object Manager (CIMOM) 8
WBEM Providers 8
Solaris WBEM Software Development Kit (SDK) 9

2. Using Solaris WBEM Services in WDR 11

Overview of Solaris WBEM Services 11

Layers of Solaris WBEM Services 12

Solaris WBEM Services Application Layer 12

Sun WBEM User Manager and SMC Users Tool 12
Solaris Management Console (SMC) WBEM Log Viewer 13
Managed Object Format (MOF) Compiler 13

The mofcomp Command 13

Compiling a MOF File 15

▼ How to Compile a MOF File 15

The mofcomp Password Security Advisory 16
Solaris WBEM Services Management Layer 16

About the CIM Object Manager 16
Manually Starting and Stopping the CIM Object Manager 17

▼ To Start the CIM Object Manager 17
▼ To Stop the CIM Object Manager 18

Solaris WBEM Services Provider Layer 18

Solaris Providers 18

WBEM Security Services 19

Authentication 19

iv WDR Developer’s Guide • September 2002

Authorization 19
Replay Protection 19
Digital Signatures 20
Implementing Security 20

WBEM Access Control Lists 20

Using the Sun WBEM User Manager 21

▼ To Start the Sun WBEM User Manager 21
▼ To Grant Default Access Rights to a User 22
▼ To Change a User’s Access Rights 22
▼ To Remove a User’s Access Rights 22
▼ To Set Access Rights for a Namespace 23
▼ To Remove Access Rights for a Namespace 23

Using APIs to Set Access Control 23

The Solaris_UserAcl Class 24

▼ To Set Access Control on a User 25

The Solaris_NamespaceAcl Class 26

▼ To Set Access Control on a Namespace 26

Starting Solaris Management Console (SMC) Users Tool 27

▼ To Start SMC Users Tool 27

Solaris WBEM Logging Services 28
Solaris WBEM Services Log Files 29

Solaris WBEM Services Log File Rules 29
Solaris WBEM Services Log File Format 30

Solaris WBEM Log Classes 30

Solaris_LogRecord Class 31
Solaris_LogService Class 31

Using the APIs to Enable Solaris WBEM Logging 32

Writing Data to a Solaris WBEM Log File 32

Contents v

▼ To Create an Instance of Solaris_LogRecord to Write Data 32

Reading Data from a Solaris WBEM Log File 35

▼ To Get an Instance of the Solaris_LogRecord Class and Read Data 35

Setting Solaris WBEM Logging Properties 38

▼ To Set Solaris WBEM Logging Properties 38

Solaris WBEM Log Viewer 39

▼ To Start SMC and Solaris Log Viewer 39

3. Using Process Indications 41

The CIM Event Model 41
How Indications are Generated 42
How Subscriptions Are Created 43
Adding a CIM Listener 44

▼ To Add a CIM Listener 44

Creating an Event Filter 44

▼ To Create an Event Filter 46

Creating an Event Handler 46

▼ To Create a CIM Event Handler 48

Binding an Event Filter to an Event Handler 48

▼ To Bind an Event Filter to an Event Handler 48

4. Classes, Domains, Associations, and Indications in WDR 51

WDR CIM Class Hierarchy Diagram 52
CIM Attachment Point Classes 53

CIM Solaris_WDRAttachmentPoint Class 53

Position in the Class Hierarchy 53

Description 53

Direct Known Subclasses 54

CIM Solaris_WDRAttachmentPoint Class Properties 54

vi WDR Developer’s Guide • September 2002

CIM Solaris_WDRAttachmentPoint Class Methods 55

CIM Solaris_CHSystemBoard Class 58

Position in the Class Hierarchy 58
Description 58
Direct Known Subclasses 58
CIM Solaris_CHSystemBoard Class Properties 59
CIM Solaris_CHSystemBoard Class Methods 59

CIM Solaris_CHCPU Class 61

Position in the Class Hierarchy 62
Description 62
Direct Known Subclasses 62
CIM Solaris_CHCPU Class Properties 62
CIM Solaris_CHCPU Class Methods 62

CIM Solaris_CHMemory Class 63

Position in the Class Hierarchy 63
Description 63
Direct Known Subclasses 63
CIM Solaris_CHMemory Properties 64
CIM Solaris_CHMemory Class Methods 64

CIM Solaris_CHController Class 65

Position in the Class Hierarchy 65
Description 65
Direct Known Subclasses 65
CIM Solaris_CHController Class Properties 65
CIM Solaris_CHController Class Methods 65

CIM Slot Classes 66

CIM Solaris_WDRSlot Class 66

Position in the Class Hierarchy 66

Contents vii

Description 66

Direct Known Subclasses 66

CIM Solaris_WDRSlot Properties 67

CIM Solaris_WDRSlot Methods 67

CIM Solaris_XCSlot Class 69

Position in the Class Hierarchy 69

Description 69

Direct Known Subclasses 70

CIM Solaris_XCSlot Properties 71

CIM Solaris_XCSlot Methods 71

CIM Solaris_SGSlot Class 72

Position in the Class Hierarchy 72

Description 72

Direct Known Subclasses 72

CIM Solaris_SGSlot Properties 73

CIM Solaris_SGSlot Methods 74
CIM Solaris_WDRDomain Classes 74

CIM Solaris_WDRDomain Class 74

Position in the Class Hierarchy 74

Description 74

Direct Known CIM Subclasses 75

CIM Solaris_WDRDomain Class Properties 75

CIM Solaris_XCDomain Class 75

Position in the Class Hierarchy 75

Description 75

Direct Known CIM Subclasses 76

CIM Solaris_XCDomain Class Properties 77

CIM Solaris_SGDomain Class 79

viii WDR Developer’s Guide • September 2002

Position in the Class Hierarchy 79
Description 79
Direct Known CIM Subclasses 79
CIM Solaris_SGDomain Class Properties 80

WDR Schema Associations and Aggregations 81

CIM Solaris_DomainHasAttachmentPoints Aggregation 81

Description 81
CIM Solaris_DomainHasAttachmentPoints Aggregation Properties 82

CIM Solaris_DomainHasSlots Aggregation 82

Description 82
CIM Solaris_DomainHasSlots Aggregation Properties 83

Solaris_SlotHasSystemBoard Association 83

Description 83
CIM Solaris_SlotHasSystemBoard Association Properties 83

Solaris_SystemBoardHasProcessors Aggregation 84

Description 84
CIM Solaris_SystemBoardHasProcessors Aggregation Properties 84

Solaris_SystemBoardHasMemory Aggregation 84

Description 84
CIM Solaris_SystemBoardHasMemory Aggregation Properties 85

Solaris_SystemBoardHasControllers Aggregation 85

Description 85

CIM Solaris_SystemBoardHasControllers Aggregation Properties 86
CIM Process Indication Classes 86
The WDR Indication Class Hierarchy Diagram 87

Solaris_WDRIndication Class 87
Solaris_SGBoardPresenceChange Indication 88

Description 88

Contents ix

Solaris_SGBoardPresenceChange Properties 88

Solaris_SGDomainACLChange Indication 88

Description 88
Solaris_SGDomainACLChange Properties 89

Solaris_SGDomainStateChange Indication 89

Description 89
Solaris_SGDomainStateChange Properties 90

Solaris_SGSlotAssignmentChange Indication 90

Description 90
Solaris_SGSlotAssignmentChange Properties 91

Solaris_SGBoardStateChange Indication 91

Description 91
Solaris_SGBoardStateChange Properties 92

Solaris_SGSlotAvailabilityChange Indication 92

Description 92
Solaris_SGSlotAvailabilityChange Properties 93

Solaris_XCSystemBoardConfigChange Indication 93

Description 93
Solaris_XCSystemBoardConfigChange Properties 94

Solaris_XCEnvironmentalIndication Indication 94

Description 94

Solaris_XCEnvironmentalIndication Properties 94
Solaris_XCComponentRemove Indication 94
Solaris_XCComponentInsert Indication 95
Solaris_XCBoardPowerOn Indication 95
Solaris_XCBoardPowerOff Indication 95
Solaris_XCDomainIndication Indication 95

Description 95

x WDR Developer’s Guide • September 2002

Solaris_XCDomainIndication Properties 96
Solaris_XCDomainConfigChange Indication 96
Solaris_XCDomainUp Indication 96
Solaris_XCDomainDown Indication 96
Solaris_XCDomainStop Indication 97
Solaris_XCDomainStateChange Indication 97

Description 97

Solaris_XCDomainStateChange Properties 97

5. Programming Techniques in WDR 99

Caching System State Information 99
Working with an EventProvider 100

▼ To Subscribe to and Read WDR Indications 100
▼ To Implement an Event Listener 102
▼ To Bind an Event Filter to an Event Handler 102

Working with an InstanceProvider 107
Working with an AssociatorProvider 108
Working with a MethodProvider 109

A. MOF Files 111

WDR_Core1.0.mof File 111
WDR_SG1.0.mof File 122
WDR_XC1.0.mof File 130

Index 139

Contents xi

xii WDR Developer’s Guide • September 2002

Preface

This WDR Developer’s Guide is intended for use by systems administrators who want
to develop applications that perform DR operations remotely using WBEM, which is
an industry standard for Web-based enterprise management.

Developers can write WDR client applications in languages such as Java™, using
software development kits (SDKs) such as the Sun WBEM SDK.

Before You Read This Book

This book is intended for the Sun Fire™ 15K, 12K, 6800, 4810, 4800, and 3800 system
platform administrator who has a working knowledge of UNIX® systems,
particularly those based on the Solaris™ operating environment. If you do not have
such knowledge, first read the Solaris user and system administrator books provided
with this system, and consider UNIX system administration training.

xiii

How This Book Is Organized

Chapter 1, “Introduction to DR,” provides an overview of WDR, and describes the
kind of tasks that WDR enables you to perform.

Chapter 2, “Using Solaris WBEM Services in WDR,” describes the different layers in
Solaris WBEM Services, which are included in the Solaris operating environment.

Chapter 3, “Using Process Indications,” describes process indications, which are
notifications of system events to which each WDR client can subscribe.

Chapter 4, “Classes, Domains, Associations, Indications in WDR” introduces all the
classes, indications (of system events), and associations that WDR provides to the
developer. All methods and properties that the developer needs to use are described
in this chapter.

Chapter 5, “Programming Techniques in WDR” presents programming techniques
that the developer may find useful in creating WDR applications that simplify and
automate systems administration on Sun Fire 15K/12K and 6800/4810/4800/3800
systems.

Using UNIX Commands

This document does not contain information on basic UNIX®commands and
procedures such as shutting down the system, booting the system, and configuring
devices.

See one or more of the following for this information:

■ Solaris Handbook for Sun Peripherals

■ Online documentation for the Solaris™ operating environment

■ Other software documentation that you received with your system

xiv WDR Developer’s Guide • September 2002

Typographic Conventions

TABLEP-1

Typeface Meaning Examples

AaBbCc123 The names of commands, files,

and directories; on-screen
computer output

AaBbCc123

AaBbCc123 Book titles, new words or terms,

What you type, when
contrasted with on-screen
computer output

words to be emphasized

Edit your .login file.
Use ls -a to list all files.

% You have mail.
% su

Password:

Read Chapter 6 in the User’s Guide.
These are called class options.
You must be superuser to do this.

Command-line variable; replace
with a real name or value

To delete a file, type rm filename.

Shell Prompts

TABLEP-2

Shell Prompt

C shell machine_name%
C shell superuser machine_name#
Bourne shell and Korn shell $
Bourne shell and Korn shell superuser #

Preface xv

Related Documentation

TABLEP-3

Application Title Part Number

WDR Installation WDR Installation Guide 816-4820
DR on Sun Fire 6800,

4810, 4800, and 3800
systems

DR on Sun Fire 15K and
12K systems

System-level security on
Sun Fire 15K and 12K
systems

System-level security on
Sun Fire
6800/4810/4800/3800
systems

Solaris WBEM Services Solaris WBEM Services Administrator ’s

Sun Fire 6800, 4810, 4800, and 3800
Systems Dynamic Reconfiguration User
Guide

Sun Fire 15K/12K Dynamic
Reconfiguration User Guide

System Management Services (SMS) 1.2
Administrator Guide for Sun Fire 15K/12K
Systems

Sun Fire 6800/4810/4800/3800 Systems
Platform Administration Manual

Guide

806-6783

816-5075

816-5259

805-7373

806-6468

Accessing Sun Documentation Online

You can view, print, or purchase a broad selection of Sun documentation, including
localized versions, at:

http://www.sun.com/documentation

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and
suggestions. You can email your comments to Sun at:

xvi WDR Developer’s Guide • September 2002

docfeedback@sun.com

Please include the part number (816-1984-11) of your document in the subject line of
your email.

Preface xvii

xviii WDR Developer’s Guide • September 2002

CHAPTER

1

Introduction to WDR

WDR (WBEM dynamic reconfiguration) provides an application program interface
(API) that software applications can use to perform dynamic reconfiguration (DR)
operations remotely on the following systems:

■ Sun Fire 15K

■ Sun Fire 12K

■ Sun Fire 6800

■ Sun Fire 4810

■ Sun Fire 4800

■ Sun Fire 3800

Software developers and systems administrators can use the WDR API to create
custom applications that remotely perform crucial system management functions
such as load balancing. WDR provides an alternative to the current, conventional
method of performing DR operations, which are achieved either on the Sun Fire
System Controller (SC) or on the Solaris domain (using the cfgadm system library).

Hardware Required for WDR

On Sun Fire 6800/4810/4800/3800 systems, WDR runs on an external host that is
referred to as the Midframe Service Processor (MSP). On Sun Fire 15K and 12K
systems, WDR runs on the System Controller (SC).

Hardware Required for MSP on Sun Fire 6800/4810/4800/3800 Systems

The minimum hardware requirements for an MSP are:

■ Sun4U™ architecture

1

■ 8 GB disk space

■ 128 MB RAM

■ CD-ROM drive

■ SunSwift™ card or, ideally, a QuadFast Ethernet card

Software Required for WDR

WDR can be used on Sun Fire 6800/4810/4800/3800 and Sun Fire 15K/12K system
domains that run the Solaris 8 2/02 and Solaris 9 software. WDR is not bundled with
other software, such as the Solaris operating environment

Software Required for Sun Fire 15K/12K Systems

To enable WDR, both the WDR software and Solaris WBEM Services software must
be installed on the SC. Further, the System Management Services (SMS) version 1.2
software must be installed on the SC.

Software Required for Sun Fire 6800/4810/4800/3800 Systems

To enable WDR, both the WDR software and Solaris WBEM Services software must
be installed on the MSP.

About Web-Based Enterprise Management (WBEM)

The WDR interface is based on the Web-based Enterprise Management (WBEM)
industry standard, which enables Web-based management of systems, networks, and
devices on a variety of platforms. WBEM was developed by members of the
Distributed Management Task Force (DMTF), who represent many industry leaders.

WBEM is comprised of three principal components:

2 WDR Developer’s Guide • September 2002

■ A method of modeling managed objects. WBEM uses the Common Information

Model (CIM) to create classes that represent managed objects. These classes have
properties that represent the attributes and states of managed objects; and
methods that represent operations that can be performed on managed objects.

■ A means of encoding CIM information so that it can be sent over the wire. WBEM

uses Extensible Markup Language (XML), a powerful and extensible subset of
SGML, to encode CIM classes.

■ A way of encapsulating XML operations for transmission over the wire. WBEM

uses XML/HTTP or RMI for sending operations that get information from, set the
properties of, and perform operations on, managed objects

To summarize: in WBEM, managed objects are represented as CIM classes,
properties, and methods; CIM operations are represented as either XML/HTTP or
RMI messages; and those messages are sent over the wire.

A comprehensive description of the WBEM standard is beyond the scope of this
document. However, complete information about WBEM is available from a variety
of sources, including the DMTF Web site at www.dmtf.org.

Common Information Model (CIM)

WDR is a Sun Fire system-specific extension of the CIM schema that is used to
represent:

■ Resources on Sun Fire systems that can be managed using DR,

■ Events that relate to DR or affect the state of the WDR model,

■ DR platform resources such as attachment points, which are represented by the

AttachmentPoint class and its subclasses,

■ The containers of DR platform resources, such as domains and slots,

■ Events that affect the existence and/or state of objects in the WDR schema,

■ Associations between objects in the WDR schema, and

■ DR operations themselves.

The architecture of the Sun Fire 6800/4810/4800/3800 systems differs significantly
from that of the Sun Fire 15K and 12K systems. WDR includes CIM schema that
reflect the architectures of all the different Sun Fire systems on which it is used.

Some of the objects in the CIM schema are common to all Sun Fire systems; other
objects are used only on the Sun Fire 6800/4810/4800/3800 systems; while other
objects are used only on the Sun Fire 15K and 12K systems.

The commonalities between the system architectures are captured in platform­independent superclasses; the differences are captured in platform-specific subclasses
of those platform-independent superclasses.

Chapter 1 Introduction to WDR 3

Platform-Specific and Common MOF Files

The CIM schema used by WDR is expressed in three Managed Object Format (MOF)
files, which are ASCII text files that define all the objects that represent managed
resources on Sun Fire systems.

■ WDR_core1.0.mof defines the common elements of Sun Fire 15K/12K, and

6800/4810/4800/3800 systems.

■ WDR_XC1.0.mof defines elements specific to Sun Fire 15K/12K systems.

■ WDR_SG1.0.mof defines elements specific to Sun Fire 6800/4810/4800/3800

systems.

In addition to providing a schema, the MOF file also provides the software
developer or systems administrator with a formal definition of the objects that
comprise the WDR CIM schema.

Note – For a formal definition of CIM, see Common Information Model, Implementing

the Object Model for Enterprise Management, Winston Bumpus et al., Wiley Computer

Publishing, copyright 2000, New York, ISBN 0-471-35342-6.

Operations that WDR Performs

WDR can perform the following dynamic reconfiguration operations remotely:

■ Add a system board (a CPU/memory board) to a domain that is running the

Solaris software. DR first connects the board electrically to the system, putting it
into a connected state. DR then configures the system board so that it is fully
available to all applications running in the domain; the board is put into the
configured state.

■ Move a system board from one domain to another domain, via an unconfigure

operation followed by a configure operation.

■ Remove a system board from a domain and make it available for use by other

domains.

■ List all attachment points that are currently available to domains on the system.

■ Display information about the current state of a s pecified system board, such as

its power status, availability, and domain assignment.

■ Retrieve the memory configuration of a configured system board.

■ Retrieve information about the impact on memory, such as memory drain

information, that is associated with detaching a configured system board.

4 WDR Developer’s Guide • September 2002

The functionality of WDR is the same as the underlying functionality of DR itself;
WDR adds no additional operations to DR. However, WDR does enhance DR by
providing information about domains and slots; associations between classes; and
event notification.

WDR is designed to perform DR operations efficiently, without any noticeable
degradation of performance.

Administrator Security Models

WDR enforces the administrator security models on Sun Fire 15K/12K and
6800/4810/4800/3800 systems.

For complete information about implementing security at the Sun Fire
6800/4810/4800/3800 system level, see the Sun Fire 6800/4810/4800/3800 Systems
Platform Administration Manual (part number 805-7373).

For complete information about implementing security at the Sun Fire 15K/12K
system level, see the System Management Services (SMS) 1.2 Administrator Guide for
Sun Fire 15K/12K Systems (part number 816-5259).

In addition, security that is available through Solaris WBEM Services is described in
Chapter 2 “Using Solaris WBEM Services in WDR.”

WDR Security

The /etc/group file shows the groups to which the currently logged in user is
subscribed.

Sun Fire 6800/4810/4800/3800 System Groups

The /etc/group file, which shows group membership on a Sun Fire
6800/4810/4800/3800 system, can be edited manually.

Chapter 1 Introduction to WDR 5

The following table shows all the operations that users can perform based on their
group membership:

TABLE1-1 Permitted Tasks Based on Group - Sun Fire 6800/4810/4800/3800

Group Tasks that the User Can Perform

None (all users) Enumerate domains and slots

spltadm Assign and unassign boards
spltop No special privileges
sdxadm Where x represent a domain, can:

• Enumerate attachment points in domain x.

• Enumerate all attachment points if the user is in the sdxadm
group in all domains.

• Change an attachment point state, assign, unassign, power-on,
and power-off a board that is in domain x’s available component
list.

sdxop Where x represent a domain, can:

• Enumerate attachment points in domain x.

• Enumerate all attachment points if the user is in the sdxop group
in all domains.

Sun Fire 15K and 12K System Groups

To modify the /etc/group file, which shows group membership on a Sun Fire15K
or 12K system, you run the /opt/SUNWSMS/bin/smsconfig script with
arguments. See the System Management Services (SMS) 1.2 Administrator Guide for Sun
Fire 15K/12K Systems for more information.

6 WDR Developer’s Guide • September 2002

The following table shows all the operations that users can perform based on their
group membership:

TABLE1-2 Permitted Tasks Based on Group - Sun Fire 15K and 12K

Group Tasks that the User Can Perform

platadmn Assign, unassign, power-on, and power-off boards
platoper No special privileges
dmnxadm Where x represent a domain, can:

• Enumerate attachment points in domain x.

• Enumerate all attachment points if the user is in the dmnxadm
group in all domains.

• Change an attachment point state, assign, unassign, power-on,
and power-off a board that is in domain x’s available component
list.

dmnxrcfg Where x represent a domain, can:

• Enumerate attachment points in domain x.

• Enumerate all attachment points if the user is in the dmnxrcfg
group in all domains.

• Change an attachment point state, assign, unassign, power-on,
and power-off a board that is in domain x’s available component
list.

Solaris WBEM Services

WDR is an extension of the Solaris WBEM Services software, which is included in
the Solaris 8 2/02 and Solaris 9 operating environments. Solaris WBEM Services
software provides secure access and manipulation of management data, and enables
software developers to create client applications that manage system resources in the
Solaris environment.

Solaris WBEM Services software consists of components that function at three levels:

■ The Application Layer, where WBEM clients process and display data from

managed resources. Application Layer services includes the WBEM Workshop;
the WBEM User Manager, which allows administrators to add and remove
authorized WBEM users and set their access privileges; and the MOF compiler.

■ The Management Layer, where the CIM API (which forms the boundary between

the Application and Management Layers) enables the administrator to perform
operations such as viewing and creating classes and instances of managed
resources from the CIMOM. The CIMOM, the CIM Repository, and the Provider
interface all reside at the Management Layer.

Chapter 1 Introduction to WDR 7

■ The Provider Layer. At this layer resides the Solaris Provider, which provides the

CIMOM instances of managed resources in the Solaris operating environment,
and gets and sets information about managed resources. The Solaris Provider
forms the interface between CIMOM and managed system resources.

Solaris WBEM Services components interact with the Solaris software and with the
system hardware. For more information about the Solaris WBEM Services software,
visit the Solaris WBEM Web site at www.sun.com/software/solaris/wbem.

Developers of load balancing and other system management applications can use
Solaris WBEM Services software to obtain information about the current level of
resource utilization on a Sun Fire system domain. WDR itself does not provide
system performance data.

CIM Object Manager (CIMOM)

The CIMOM manages CIM objects on a WBEM system. The CIMOM transfers
information between WBEM clients, the CIMOM Repository, and to managed
resources via providers. The CIMOM accepts connections from management
applications using the RMI protocol, and provides the following services to
connected clients:

■ Management services. The CIMOM checks the semantics and syntax of CIM data,

and distributes data between applications, the CIM Repository, and managed
resources.

■ Security services that enable administrators to control user access to CIM

information.

■ Logging services that consist of classes that developers can use to create

applications that dynamically record CIMOM event data to, and retrieve it from,
alogrecord.

■ XML services that convert XML data into CIM classes, which enables XML-based

WBEM clients to communicate with the CIMOM.

WBEM Providers

WDR contains several provider classes, which are expressed in the MOF files.
WBEM providers are classes that act as intermediaries between the CIMOM and
managed objects on a system. WBEM providers get information from, set
information on, and may perform operations on, managed devices. WBEM providers
forward retrieved information to the CIMOM, which is a part of the Solaris WBEM
Services software, for delivery to the requesting clients.

8 WDR Developer’s Guide • September 2002

When the CIMOM receives a request for information that is not available in the
CIMOM Repository, it forwards the request to a provider. The provider receives
requests for information, and returns the information, using APIs.

Solaris WBEM Software Development Kit (SDK)

Developers of WDR applications can use the Solaris WBEM SDK. However, there is
no requirement to use the Solaris WBEM SDK because WDR uses a standard set of
protocols. For more information about the Solaris WBEM SDK visit the Sun
Developer Connection at:

www.sun.com/solaris/wbem

Chapter 1 Introduction to WDR 9

10 WDR Developer’s Guide • September 2002

CHAPTER

2

Using Solaris WBEM Services in WDR

Overview of Solaris WBEM Services

Solaris WBEM Services provide the WDR application developer with a variety of
WBEM services on domains that are running either the Solaris 8 2/02 or Solaris 9
operating environment. Solaris WBEM Services, which are included with the Solaris
software, make it easier for developers to create applications that use WBEM to
manage systems running Solaris software.

This developer’s guide provides information about only those Solaris WBEM
Services with which a WDR application developer needs to become familiar.
Complete information about Solaris WBEM Services is available at the following
Web site:

http://www.sun.com/solaris/wbem

Solaris WBEM Services provide secure access to information about managed
resources, which in turn enable applications that use WDR to get information about,
and manage, system resources. A built-in Solaris Provider allows access to
information about managed resources such as hardware and software state
information, performance metrics, and other data that are needed by management
applications to perform load balancing and to respond to device failovers.

Solaris WBEM Services uses the Common Information Model (CIM) to create a
schema that represents managed objects in a system running Solaris software. CIM
objects are specified in a Managed Object Format (MOF) file, which is provided with
WDR and compiled when WDR is installed.

11

Layers of Solaris WBEM Services

Solaris WBEM Services is a software package that resides at three layers. At each
layer reside software components that are important to WDR application developers:

■ Application Layer

■ Management Layer

■ Provider Layer

Solaris WBEM Services Application Layer

The following Solaris WBEM Services Application Layer software programs, which
are especially useful to WDR application developers, are described in detail in this
chapter:

■ Solaris Management Console (SMC) WBEM Log Viewer on page 13

■ Managed Object Format (MOF) Compiler on page 13

■ Using the Sun WBEM User Manager on page 21

■ Starting Solaris Management Console (SMC) Users Tool on page 27

Sun WBEM User Manager and SMC Users Tool

The Sun WBEM User Manager and SMC Users Tool applications enable systems
administrators to add and remove authorized users and to set their access privileges
to managed resources.

There are two separate mechanisms for administering security with domains
running the Solaris software: WBEM access control list (ACL) and Solaris role-based
access control (RBAC).

You use the WBEM User Manager to add users to existing ACLs and to grant them
either read or read-write access privileges.

You use the Users Tool in the Solaris Management Console (SMC) to add users, and
to grant user roles and privileges, using RBAC.

See the section “WBEM Security Services” on page 19 for more information about
administering WBEM security, including details of ACL- and RBAC-based system
security.

12 WDR Developer’s Guide • September 2002