gwlmsslconfig man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

gwlmsslconfig(1M)					     gwlmsslconfig(1M)

NAME
       gwlmsslconfig,	   gwlmexportkey,     gwlmimportkey,	 gwlmlistkeys,
       gwlmdeletekey - secure network communications for Global Workload  Man‐
       ager (gWLM).

SYNOPSIS
       gwlmsslconfig

       gwlmexportkey [ -f file ]

       gwlmimportkey -f file -a alias

       gwlmlistkeys

       gwlmdeletekey -a alias

AVAILABILITY
       These  commands	are  available on both gWLM Central Management Servers
       (systems where you run gwlmcmsd) and managed nodes (systems  where  you
       run  gwlmagent).	  On HP-UX systems, they are in /opt/gwlm/bin/. On Mi‐
       crosoft Windows systems, they are in C:\Program Files\HP\Virtual Server
       Environment\bin\	 by  default.  However, a different path may have been
       selected at installation.

       To run the command, you must be logged in as root on HP-UX or  into  an
       account that is a member of the Administrators group on Windows.

DESCRIPTION
       The  gwlmsslconfig,  gwlmexportkey, and gwlmimportkey commands help you
       enable secure gWLM communications between the central management server
       (CMS)  and  the	managed	 nodes.	 Both the gWLM interface in HP Systems
       Insight Manager and the gWLM command-line interface use the secure com‐
       munications, once enabled.

       The  gwlmlistkeys  and  gwlmdeletekey commands are useful when you have
       alias conflicts.

       NOTE: By default, gWLM's communications are not secure, meaning:

	      + The communications between the CMS and the managed  nodes  are
		not encrypted

	      + The  source  and  destination of gWLM's communications are not
		authenticated

       NOTE: You can also secure Oracle communications. For  information,  see
       the  HP Global Workload Manager User's Guide section "Securing Database
       Communications."

COMMANDS
       The options, if any, for the commands are described below. The  options
       are the same on HP-UX and Microsoft Windows.

   gwlmsslconfig
       Run  gwlmsslconfig  on every system on which you are going to run gWLM.
       (However, you do not need to run the command on your CMS, assuming  you
       have  already  run  vseinitconfig  (with	 no  options)  or  vseinitcon‐
       fig --initconfig there.)

       This command sets values in the gWLM agent properties file so that  the
       keystore	 provided by HP Systems Insight Manager is used, if available.
       Otherwise, the command creates a gWLM-specific keystore	and  sets  the
       gWLM properties file accordingly.

   gwlmexportkey [ -f file ]
       Exports	a  key	from  the local system. You later use gwlmimportkey to
       import this key to the keystores on other systems.

       Systems can initiate secure communications with any system  from	 which
       they have a key imported in their keystores.

				     Option
       -f file
	  Places  the  exported	 key  in file, instead of in the default host‐
	  name.cer.

   gwlmimportkey -f file -a alias
       Imports a key to the local keystore, allowing the local system to  ini‐
       tiate  secure  communications with the system from which the key origi‐
       nated.

				     Options
       -f file	   Imports a key from the specified file.  You can only import
		   one key at a time.

       -a alias	   Associates  the name alias with the key. Given a particular
		   key, gWLM attempts to communicate with the associated  sys‐
		   tem referring to it as alias.

		   The output of the command hostname, run on the system where
		   the key was generated, is often a good  value  to  use  for
		   alias.   However,  you  can use values other than the host‐
		   name, especially if gwlmimportkey fails because  the	 alias
		   already   exists.   You   can  also	use  gwlmlistkeys  and
		   gwlmdeletekey to manage alias conflicts.

   gwlmlistkeys
       Lists all the keys in the local keystore.

   gwlmdeletekey -a alias
       Deletes the key associated with alias in the local keystore.

				     Options
       -a alias	   Specifies the alias associated with the key to be deleted.

HOW TO SECURE COMMUNICATIONS
       You can secure gWLM communications through the  gWLM  interface	in  HP
       Systems	Insight Manager, as described in the online help topic "Secur‐
       ing gWLM Communications." Alternatively, you can secure	communications
       on the command line, as described below.

       NOTE:  The  Windows  path  (C:\Program Files\HP\Virtual Server Environ‐
       ment\) given below is the default. However, a different path  may  have
       been selected at installation.

       To secure gWLM communications on the command line:

       1. Log  in  as root on HP-UX or into an account that is a member of the
	  Administrators group on Windows

       2. Run gwlmsslconfig on every system on which  you  are	going  to  run
	  gWLM:

	  # /opt/gwlm/bin/gwlmsslconfig

	  (On	Windows,   run	 C:\Program Files\HP\Virtual  Server  Environ‐
	  ment\bin\gwlmsslconfig.)

	  However, you do not have to run this command on  CMS	systems	 where
	  you  have already run the command vseinitconfig (with no options) or
	  vseinitconfig --initconfig.

       3. Edit	the  gWLM  agent  properties  file  to	ensure	the   property
	  com.hp.gwlm.security.secureRMI is set to true:

	     com.hp.gwlm.security.secureRMI=true

	  in  the  file /etc/opt/gwlm/conf/gwlmagent.properties on every HP-UX
	  system--including the CMS--on which you are going to run gWLM. (Even
	  with	gwlmagent not running on the CMS, gWLM makes use of the gwlma‐
	  gent.properties file for security purposes.) On Windows, the file is
	  C:\Program Files\HP\Virtual  Server Environment\conf\gwlmagent.prop‐
	  erties.

	  The com.hp.gwlm.security.secureRMI property is added to the  proper‐
	  ties	file  (with a value of 'false') when you run the gwlmsslconfig
	  command.

       4. Export the keys on the  CMS  and  on	each  system  in  each	shared
	  resource domain (SRD)

	  For example, if you have three systems, such as a CMS called system1
	  and an SRD with two managed nodes called system2  and	 system3,  run
	  gwlmexportkey on each system:

	     system1# gwlmexportkey -f system1.cer

	     system2# gwlmexportkey -f system2.cer

	     system3# gwlmexportkey -f system3.cer

	  NOTE: When securing communications, you must do so for every managed
	  node in every SRD managed by a given CMS.

       5. Distribute the exported keys

	  The CMS must have the key from every system it manages.  Also,  each
	  managed  system  must	 have  the key from the CMS as well as the key
	  from every other system managed in the same SRD.

	  Distribute the keys using the secure cp command, scp:

	     system1# scp system1.cer system2:/tmp/keys

	     system1# scp system1.cer system3:/tmp/keys

	     system2# scp system2.cer system1:/tmp/keys

	     system2# scp system2.cer system3:/tmp/keys

	     system3# scp system3.cer system1:/tmp/keys

	     system3# scp system3.cer system2:/tmp/keys

	  NOTE: If scp is not available, you can  exchange  the	 keys  through
	  other secure methods, such as by using physical media.

       6. Import  all  the  keys on the CMS; also, import the key from the CMS
	  and the keys from every other managed system in the same SRD on each
	  managed system:

	     system1# gwlmimportkey -f /tmp/keys/system2.cer -a system2

	     system1# gwlmimportkey -f /tmp/keys/system3.cer -a system3

	     system2# gwlmimportkey -f /tmp/keys/system1.cer -a system1

	     system2# gwlmimportkey -f /tmp/keys/system3.cer -a system3

	     system3# gwlmimportkey -f /tmp/keys/system1.cer -a system1

	     system3# gwlmimportkey -f /tmp/keys/system2.cer \
	     -a system2.CERTIFICATE

	  On system3, system2.cer was imported with the alias system2.CERTIFI‐
	  CATE. This alias was chosen to show that an alias does not  have  to
	  match the hostname of the system where it was generated.

       7. Restart gWLM

	  Restart gWLM--on each system--so that it uses secure communications.

	  NOTE:	 Stopping  gwlmcmsd  disables HP Virtualization Manager and HP
	  Capacity Advisor.

	  On an HP-UX CMS:

	     # /opt/gwlm/bin/gwlmcmsd --stop

	     # /opt/gwlm/bin/gwlmcmsd

	  On a Windows CMS:

	     C:\Program Files\HP\Virtual    Server    Environment\bin\gwlmcmsd
	     --stop

	     C:\Program Files\HP\Virtual Server Environment\bin\gwlmcmsd

	  On each managed node:

	     # /opt/gwlm/bin/gwlmagent --restart

DISABLING SECURE COMMUNICATIONS
       To disable gWLM's use of secure communications:

       NOTE:  The  Windows  path  (C:\Program Files\HP\Virtual Server Environ‐
       ment\) given below is the default. However, a different path  may  have
       been selected at installation.

       1. Edit the gWLM agent properties file

	  Ensure the property com.hp.gwlm.security.secureRMI is set to false:

	     com.hp.gwlm.security.secureRMI=false

	  in  the  file /etc/opt/gwlm/conf/gwlmagent.properties on every HP-UX
	  system--including the CMS. (Even with gwlmagent not running  on  the
	  CMS,	gWLM  makes  use of the gwlmagent.properties file for security
	  purposes.)  On  Windows,  the	 file  is  C:\Program Files\HP\Virtual
	  Server Environment\conf\gwlmagent.properties.

       2. Restart HP Systems Insight Manager and gWLM

	  Restart  the software--on each system--so that it stops using secure
	  communications.

	  NOTE: Stopping gwlmcmsd disables HP Virtualization  Manager  and  HP
	  Capacity Advisor.

	  On an HP-UX CMS:

	     # /opt/mx/bin/mxstop

	     # /opt/mx/bin/mxstart

	     # /opt/gwlm/bin/gwlmcmsd --stop

	     # /opt/gwlm/bin/gwlmcmsd

	  On a Windows CMS:

	     C:\Program Files\HP\Systems Insight Manager\bin\mxstop

	     C:\Program Files\HP\Systems Insight Manager\bin\mxstart

	     C:\Program	  Files\HP\Virtual   Server   Environment\bin\gwlmcmsd
	     --stop

	     C:\Program Files\HP\Virtual Server Environment\bin\gwlmcmsd

	  On each managed node:

	     # /opt/gwlm/bin/gwlmagent --restart

RETURN VALUES
       The return values for these commands are as follows:

	      0	     Success

	      1	     Failure

AUTHOR
       gwlmsslconfig,	gwlmexportkey,	 gwlmimportkey,	  gwlmlistkeys,	   and
       gwlmdeletekey were developed by HP.

FEEDBACK
       If  you	would  like to comment on the current HP gWLM functionality or
       make suggestions for future releases, please send email to:

	      gwlmfeedback@rsn.hp.com

FILES
       /etc/opt/gwlm/conf/gwlmagent.properties
		       Properties file for the gWLM agent

       C:\Program Files\HP\Virtual  Server  Environment\conf\gwlmagent.proper‐
       ties
		       Properties file for the gWLM agent on a Windows CMS

SEE ALSO
       gwlm(5)

							     gwlmsslconfig(1M)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net