Tag Archive : StoreServ

/ StoreServ

Primera Web GUI

HPE has released its latest storage array Primera. As announced, it is a storage solution that is ready-to-use in 10 minutes. In this article, we will go through the steps on how to implement the enterprise signed certificates on the Primera UI. Primera (and 3Par StoreServ) uses the unified-server service to establish and maintain communication. It uses the same certificate for CIM, CLI and WSAPI services.

Read the HPE Primera OS 4.0 Command Line Interface Reference Guide for the detailed information about Primera OS.

Certificate Signing Request for Primera UI

We will start by creating a certificate signing request which then accordingly will be signed by our CA authority.

  1. Open Command Prompt and navigate to CLI directory. It should be under C:\Program Files (x86)\Hewlett-Packard\HP 3PAR CLI\bin
  2. Launch CLI.exe and log in to your Primera / 3PAR array.
  3. In this case, I start off from removing all existing certificates on the array. Type showcert to show the available certificates
  4. Stop WSAPI service: stopwsapi
  5. Use the following commands to remove all certificates. Repeat them until all certificate records have disappeared
    removecert
    
    removecert unified-server
  6. Additionally, use the following command to create your certificate signing request file:
    createcert unified-server -csr -keysize 2048 -C BE -ST Belgium -L Brussels -O "STORCOM" -OU "IT" -CN primera.storcom.com -SAN DNS:primera,IP:192.168.100.1 primera.txt

    The file will be consequently saved on the same directory as where the CLI.exe resides in.

  7. Finally copy this text file primera.txt and have it signed by your Certificate Authority.

Importing CA certificates

Next to the Primera UI certificate, your Certificate Authority will also provide you with the root and the intermediate certificate. You will need them in order for your array to recognize the valid chain. Place all your certificate files into the CLI.exe directory.

  1. If you signed certificate is in any other format than .pem, use OpenSSL to convert it to .pem file format.
    openssl.exe x509 -in c:\temp\primera.storcom.com.cer -out c:\temp\primera.pem
  2. In the first place, import the root certificate of the company
    importcert unified-server -ca RootCA_B64.pem
  3. In addition, if you have received an intermediate certificate file, import it using the same command
    importcert unified-server -ca IssuingCA.pem
  4. Finally, import the array’s certificate
    importcert unified-server primera.pem
  5. Now if you run showcert command you will notice the new certificates populated.
  6. Start WSAPI service and you’re good to go.
    startwsapi

Primera / Storeserv array certificates on SSMC

When your array’s certificates are altered, a new connection needs to be established on SSMC. If you navigate to your SSMC and try to accept the Primera UI certificate it might not succeed if your enterprise certificates (root and intermediate) are not imported.

  1. Log in to your SSMC GUI as Administrator (ssmcadmin)
  2. If you have already imported your root and intermediate certificate, you will notice a message “Acceptance certificate needed”.
  3. Accept the array’s certificate and you’re good to go.
  4. If your CA certificates are not imported, click on Actions and select Manage Certificates
  5. Click on Add certificate and paste the plain text of your root certificate into this field. The certificate text should start BEGIN CERTIFICATE and end by END CERTIFICATE. Validate and click OK to continue.
  6. Click on Add certificate and paste the plain text of you intermediate certificate into this field. The certificate text should start BEGIN CERTIFICATE and end by END CERTIFICATE. Validate and click OK to continue.
  7. Now when you go back to the overview of arrays, you will notice that accepting the array’s certificate won’t be a matter anymore.

If you are using an older version of SSMC than 3.6, you can easily upgrade it by following the steps as explained on Upgrading StoreServ Management Console to 3.6

Any suggestion or question? Leave a reply below, or contact us. Make sure to also subscribe to our mailing list. No spam. Promised!

HPE recently released a new version of its management tool 3PAR arrays, called StoreServ Management Console 3.6. The latest version is visually not much different compared to previous versions but its engine to process data has been improved.

  • For an extended list of new features, the Release Notes document of SSMC 3.6 is available here.
  • The Administrator Guide for SSMC 3.6 can also be downloaded here.
  • Please note that when upgrading from 3.x to 3.6 the GUI Admin User is removed and instead the same userid is used as when logging into the SSMC appliance through CLI “ssmcadmin”.

Upgrading to StoreServ Management Console 3.6 is very simple and straight forward. All we need to do is download the executables, an upgrade .star file which is provided together with the SSMC package. In my case, I’m running SSMC version 3.4.1

  1. Navigate to HPE’s Software Depot and locate SSMC URL or click here.
  2. Log in with your HPE Passport and download the package.
  3. After extracting the downloaded package, take note of a file called HPESSMC-3.6.0.0.269-Appliance_Upgrade.star. This is the upgrade file we are going to use in the next steps.
  4. Navigate to your SSMC homepage and login with your SSMC administrator credentials (Don’t forget to select the Administrator Console below the login box).
  5. Once you’re logged in as an administrator, head over to the right side on the top and click on Actions then Upgrade.
  6. Browse and select the upgrade file we located in Step 3 and click Upload.
  7. Once the upload has finished, click on Yes, Upgrade to confirm.
  8. The upgrade will start and depending on your appliance’s configuration, it might take a while.
  9. At a certain point, you’ll lose the connection with the webserver and any CLI session.

     

  10. In my case, it took me 6 minutes for the webserver to come up. I am using the recommended VM configuration for the SSMC appliance.
  11. Once the SSMC is up and running, you will notice the new version.

Any suggestion or question? Leave a reply below, or feel free to contact us. Make sure to subscribe to our mailing list to get the latest.

Having a web-based app running over unsecured protocols like HTTP, might not only be unsafe but also unprofessional. Therefore, most of the enterprises opt for secure traffic over HTTPS. In this article, we will implement Service Processor SSL Certificates signed by CA. 3PAR StoreServ Service Processors run by default over unsecured HTTP protocol. Installing an SSL Certificate is something every administrator should consider.

A technical whitepaper of Best Practices for Implementing HPE 3PAR Service Processor can be found here.

How to?

Creating a Certificate File Request

  1. Navigate to your Service Processor webpage https://<sp_name>
  2. Log in with you customer credentials
  3. On the left pane, click on Support > SP Certificate
  4. On this page, click on Generate CSR
  5. Enter your information, including certificate’s Common Name and SAN (Subject Alternate Names)

    Adding a SAN record is very important as recent web browsers still give errors when a certificate does not contain this information.
  6. Click on Generate CSR and return to the previous window.
  7. On the next step click on Export CSR
  8. After exporting the file, click on Download File and save it locally

    Signing and importing the Service Processor SSL Certificates

    At this point, we have created a request file which will be signed by our Certificate Authority. In large enterprises, certificate handling is done by a separate department. You could also give a try by yourself. Here is a good article about signing certificates with Microsoft CA.
    Once you have signed your certificate, you will get a file with .cer as an extension.

  1. Navigate to your service processor’s webpage and select Import Certificate
  2. On the first step we’re going to load the Service Processor SSL certificates we have just signed in the previous step.
    (Bear in mind the sequence)
  3. Browse the certificate’s location and click on Load Certificate
  4. On the following screen, we are going to load the intermediate certificate of the CA or the Issuing Certificate.
  5. Finally, we will upload the Root Certificate. Browse the file and click on Import Certificate.
  6. Once the 3rd certificate (the certificate from the previous step) the Web Service of the Service Processor will restart.
  7. Make sure to close any active browser before navigating again to the service processor
  8. Next time you navigate to the array’s SP the SSL certificate should be valid.

 

Any suggestion or question? Leave a reply below, or feel free to contact us. Make sure to subscribe to our mailing list to get the latest.

In this article, we will cover the way to merge or promote a 3PAR StoreServ snapshot into a base virtual volume. The execution of this procedure is done offline so this might bring downtime to your workloads. Before going into details, we assume you are already familiar with the following technologies:

Definition snapshot: Snapshot is a common industry term denoting the ability to record the state of a storage device at any given moment and preserve that snapshot as a guide for restoring the storage device in the event that it fails. A snapshot primarily creates a point-in-time copy of the data.

Basically, what we’re going to do is restore a snapshot (taken at a certain time) into a virtual volume.

    1. Open 3PAR Management Console or SSMC and find the primary virtual volume.
    2. Expand the list and locate the desired snapshot that needs to be promoted

      – Volume and array names are obfuscated for privacy purposes.
      – Latest snapshot can be verified if you click on it and expand the Virtual Volume Details-tab.

 

  1. Take note of the snapshot that you’re going to promote to the base volume
  2. Stop the corresponding RC Group
  3. Unexport Virtual Volume (Remove Virtual Volume from the Virtual Volume Set or unexport your VVOL if you’re not using VVOL Sets)
  4. Use CLI to promote the snapshot to a base volume
    promotesv -rcp <snapshot name>

  5. You can check the status of the activity using the following command
    showtask -d <task ID>
  6. Once the operation is completed, export the virtual volume to the host (or add the VVOL to the Virtual Volume Set)
  7. Restart the RC Group
  8. You’re done!

Any suggestion or question? Leave a reply below, or feel free to contact us. Make sure to subscribe to our mailing list to get the latest.