4

Chapter 4: Using the Emulex HBA Manager Application

To properly view the Emulex HBA Manager application, make sure that your system meets the following display requirements:

n The display resolution must be set to 1024 × 768 or higher. For Windows systems, use the default font size.

n The display must run in 256-color mode or higher. The Emulex HBA Manager application icons use 256 colors. If the display is set for 16-color mode, the Emulex HBA Manager application icons are not displayed.

4.1 Window Element Definitions in the Emulex HBA Manager Application

The Emulex HBA Manager application window (Figure 2) contains five basic components: the menu bar, the toolbar, the discovery-tree, the property tabs, and the status bar.

Figure 2: Emulex HBA Manager Application Window

elements1

NOTE: The element that you select in the discovery-tree determines whether a menu item or toolbar button is active. For example, if you select the local host or other system host, the Reset Port item on the Adapter menu is unavailable. The Reset Port toolbar button is unavailable as well.

ATTENTION: The Emulex HBA Manager application cannot retrieve data from an offline adapter or port and will display incorrect information for that adapter or port. Adapters and ports must be online for the application to display accurate information.

The capabilities displayed by your local interface match those of the remote server. When accessing a remote server running an older version of the Emulex HBA Manager application, capabilities that are not supported by the server’s older version of the Emulex HBA Manager application are unavailable.

In some instances, the type of information displayed and the available functionality are determined by the operating system in use.

4.1.1 Menu Bar

The menu bar contains commands that enable you to perform a variety of tasks, such as exiting the Emulex HBA Manager application, resetting adapters, and sorting items in the discovery-tree view. Many of the menu bar commands are also available from the toolbar.

4.1.2 Toolbar

The toolbar (Figure 3) contains buttons that enable you to refresh the discovery-tree, reset the selected adapter, and choose how you want to view discovered SAN elements in the discovery-tree. Many of the toolbar functions are also available from the menu bar.

Figure 3: Toolbar

toolbar

The toolbar is visible by default. Use the Toolbar option in the View menu to hide the toolbar. If the option is checked, the toolbar is visible.

4.1.2.1 Toolbar Buttons

The toolbar buttons perform the following tasks.

	Discovery Refresh button n Initiates a discovery refresh cycle.
	Reset Port button n Resets the selected adapter port. ATTENTION: The Emulex HBA Manager application cannot retrieve data from an offline adapter or port and will display incorrect information for that adapter or port. Adapters and ports must be online for the application to display accurate information.
NOTE: The three view buttons on the toolbar enable you to view SAN elements from the host, fabric, virtual ports, or local or remote adapter perspective. By default, both local and remote adapters are displayed in the host view. The Emulex HBA Manager application displays elements in ascending order.
	Host View button (default) n Displays the host system.
	NOTE: You cannot change host names using the Emulex HBA Manager application; names must be changed locally on that system.
	n Displays the installed adapters within each host system. n Displays the adapter ports and the port numbers, if available. n Displays adapters by the WWNN if multiple adapters have the same model number. n Displays the WWPN if targets are present. Multiple adapters can refer to the same target. n Displays the LUN number if LUNs are present.
	Fabric View button n Displays the fabrics in the SAN with their fabric IDs. n Displays the ports under each switch. n If targets are present, displays each WWPN. Multiple adapters can refer to the same target. n If LUNs are present, displays each LUN number. n If the fabric ID is all zeros, no fabric is attached.
	Virtual Ports View button n Displays virtual ports in the SAN.
	Local HBAs Only button n Displays only local adapters.
	Show Host Groups button and menu n Displays hosts by their associated groups. n Displays available host groups.
	Find Host button and search field n Enables you to search by host name for a particular host in the discovery-tree.
	Refresh LUNS button n Initiates a LUN discovery refresh cycle.
	Help button n Displays the Emulex HBA Manager application online help. n Displays the About Emulex HBA Manager dialog. The dialog displays version information including RMAPI, Discovery, DFClib, and Remote Management Agent version (Windows). It also enables you to contact Broadcom® Technical Support.

4.1.3 Discovery-Tree

The discovery-tree (Figure 4) has icons that represent discovered hosts, adapters, ports, virtual ports, fabrics, targets, and LUNs.

Figure 4: Discovery-Tree

discovery_tree

4.1.3.1 Discovery-Tree Icons

Discovery-tree icons represent the following:

	The local host.
	Other hosts connected to the system.
	A green Adapter icon with black descriptive text represents an online adapter. Blue text represents an adapter port that was previously discovered, but is not currently seen by the discovery engine (service). The adapter is removed from the discovery-tree if it is still not seen after the undiscovered adapter expiration time has elapsed (default is 1800 seconds, or 30 minutes). If the adapter is discovered again before the expiration time has elapsed, it reverts back to normal black text. See Section 5.2, Configuring Discovery and Default CIM Credentials, for more information about discovery settings.
	The Port icon represents an adapter port. A Port icon with a red X indicates that the link is down.
	NOTE: Multiport adapters are represented in the discovery-tree with separate port icons for each port, with the port number displayed next to the icon.
	The ASIC Node icon, only displayed for dual ASIC adapters, represents each ASIC on the adapter. Each ASIC is managed independently. The ASIC node format ASIC bus#-subadapter# represents the PCI bus number and the subadapter number, which is a concatenation of the discovered port numbers for the ASIC. For example, in ASIC 64-12, 64 represents PCI bus number 64, and 12 represents ports 1 and 2. If there were no discovered functions for a port on that ASIC, the label would be ASIC 64-2 (port 1 is missing).
	The Virtual Port icon represents a virtual port.
	The Target icon represents connections to individual storage devices.
	The LUN icon represents connections to individual disk LUNs.
	The Masked LUN icon represents a LUN not presented to the host.
	The ExpressLane LUN icon represents a LUN with ExpressLane™ priority queuing enabled.
	The Media Exchanger icon represents connections to individual media exchangers. A media exchanger is a jukebox-type device that is capable of swapping various media device instances (such as records or CDs).
	The Tape LUN icon represents LUNs that are tape devices.
	The Target Controller LUN icon represents LUNs that are storage controllers.
	The Switch icon represents connections to the switch.

4.1.3.2 Expanding or Collapsing the Discovery-Tree View

You can use the expand/collapse capability on the View menu to change the way discovered elements are displayed. By selecting one of the five levels, the discovery-tree (Figure 4) is expanded or collapsed to that level. You can choose hosts/fabrics (depending on the view), adapters, ports, PCI functions, and targets.

4.1.4 Property Tabs

The property tabs display configuration, statistical, and status information for network elements (Figure 2). The set of available tabs is context-sensitive, depending on the type of network element or adapter port currently selected in the discovery-tree (Figure 4).

4.1.5 Status Bar

The status bar is located near the bottom of the Emulex HBA Manager application window (Figure 2). The status bar displays messages about the Emulex HBA Manager application functions, such as Discovery in progress or the progress when performing an Export SAN Info operation.

The status bar is visible by default. Use the Status Bar item in the View menu to hide the status bar. If checked, the status bar is visible.

4.2 Using Emulex HBA Manager Application Secure Management

Emulex HBA Manager application Secure Management gives system administrators the ability to further enhance the active management security of their networks. Using Secure Management, administrators can define each user's privileges for managing both local and remote adapters. When running in Secure Management mode, users must log on with their user name and password to run the Emulex HBA Manager application. If users are authenticated, they can perform only the functions allowed by the Emulex HBA Manager application user group to which they belong. If the systems are running in an LDAP or Active Directory domain, the Emulex HBA Manager application authenticates users with those defined for LDAP or Active Directory domains. For Linux systems, authentication is accomplished using PAM.

NOTE: Emulex HBA Manager application Secure Management is not supported on VMware hosts.

Administrators set up user accounts such that users belong to one of the Emulex HBA Manager application user groups. The user groups define the management capabilities for each user.

Table 1 defines the Emulex HBA Manager application user groups and each group's management capabilities.

Table 1: Secure Management User Privileges
Group Name	Emulex HBA Manager Application Capability
ocmadmin	Allows full active management of local and remote adapters.
ocmlocaladmin	Permits full active management of local adapters only.
ocmuser	Permits read-only access of local and remote adapters.
ocmlocaluser	Permits read-only access of local adapters only.

On Linux systems, the UNIX getent group utility can be run on the target host system’s command shell to verify the correct configuration of the groups. The groups and the users within the groups appear in the output of this command.

NOTE: Although users might belong to the administrator group or be root users, they do not have full privileges to run the Emulex HBA Manager application unless they are also members of the ocmadmin group. Otherwise, if Secure Management is enabled, root users or administrators can manage only local adapters (similar to ocmlocaladmin users).

Remote management operations between two machines are allowed or denied depending on the Emulex HBA Manager application Secure Management status of the machines, and depending on the domains to which the machines belong. The following tables list the behavior (assuming that appropriate user credentials are used).

Table 2: Active Commands: Machines on the Same Domain
Client	Remote Server (Secure)	Remote Server (Not Secure)
Secure	Allowed	Denied ^a
Not Secure	Denied	Allowed

a.To inform you of an unsecured server that you might want to secure.

Table 3: Active Commands: Machines on a Different Domain
Client	Remote Server (Secure)	Remote Server (Not Secure)
Secure	Denied ^a	Denied ^b
Not Secure	Denied	Allowed

a.Allowed if the user name and password are the same on both domains.

b.To inform you of an unsecured server that you might want to secure.

Table 4: Passive Commands: Machines on Any Domain
Client	Remote Server (Secure)	Remote Server (Not Secure)
Secure	Allowed	Allowed
Not Secure	Allowed	Allowed

4.2.1 Configuration Requirements for Emulex HBA Manager Application Secure Management

For systems to run Emulex HBA Manager application Secure Management, they must be configured to provide the following two capabilities:

n Authentication – On Linux systems, authentication is accomplished using the PAM interface and must be configured by placing the correct setting in the auth section of the /etc/pam.d/password file equivalent.

n User group membership – From the host machine, Emulex HBA Manager application Secure Management must be able to access the Emulex HBA Manager application group to which the user belongs. For Linux systems, it uses the getgrnam and getgrid C-library API calls. The equivalent to the API calls can be obtained by typing getent group from the shell command line. If the four Emulex HBA Manager application group names are listed with their member users, the machine is ready to use Emulex HBA Manager application Secure Management.

4.3 Changing Management and Read-Only Mode

NOTE: This functionality is available only to root users and administrators even when running in Secure Management mode.

During installation, a management mode and a read-only mode are selected. If you chose a Secure Management or Full Management option, you can change the management mode after installation.

The following options are available:

n Secure Management – This setting enables roles-based security. See Section 4.2, Using Emulex HBA Manager Application Secure Management, for details.

n Strictly Local Management – This setting allows management of adapters on this host. Management of adapters on this host from other hosts is not allowed.

n Local Management Plus – This setting allows management of adapters on this host only, but management of adapters on this host from another host is possible.

n Full Management – This setting allows you to manage adapters on this host and other hosts that allow it.

n Management Host – This setting allows this host to manage other hosts, but prevents this host from being managed by other hosts.

n Strictly Local Management with Daemons Disabled – This setting is the same as Strictly Local Management. In addition, Emulex HBA Manager daemons are disabled.

NOTE: Changing the mode to Strictly Local Management with Daemons Disabled does not stop the remote management daemon if it is already running. You must run the stop_ocmanager script after exiting the Emulex HBA Manager application.

For more information about disabling daemons, see Step 10 in Section 2.1.2.1, Attended Installation in Linux.

n Enable TCP/IP Management (of or from the remote host) – This setting enables you to manage remote hosts or to manage this host remotely. If this setting is enabled, you must supply the port number (between 1024 and 65535). The default port number is 23333. If the port number or the Enable TCP/IP Management check box is changed, a set of warning messages might appear before the change is made. Click Yes to continue with the change.

If the IP port number is changed, the utility restarts the Emulex HBA Manager application discovery server and management agent to use the new settings. If the servers cannot be stopped and restarted, you are prompted to reboot the host for the new TCP/IP management settings to take effect.

CAUTION! The IP port number must be the same for all hosts that are to be managed. Setting an IP port number for one host to a different value than the other hosts makes the host unable to manage other hosts over TCP/IP using a different port. It also makes the host unmanageable over TCP/IP from other hosts using a different port.

n Register this host with a specific management host – This setting enables you to register this host with a specific host for management. If this setting is enabled, you must supply the IP address or host name of the management host. You can also choose to prevent management of this host from any other host but the management host. See Section 4.3.1, Management Host, for more information.

If Local Management Plus or Full Management mode is selected, you can also set read-only mode.

n Read-only operation – This setting prevents some operations from being performed, such as resetting adapters, updating the adapter firmware image, and changing adapter settings and driver properties. User interface controls that pertain to these tasks are completely hidden or disabled.

4.3.1 Management Host

The Emulex HBA Manager application management host provides enhanced discovery and security by enabling a managed host to register with a management host. The management host receives these registrations when the remote host is started and updates its hosts file so the discovery server discovers the remotely managed host. You do not need to manually add remote hosts to be managed.

If you choose to exclude management from all hosts except the management host, the managed host responds to requests from the management host only. All requests from other hosts are rejected. This TCP/IP management security solution allows only the management host to manage the remote host.

To change the management mode and read-only type, perform the following steps:

NOTE: After making changes, you must restart the Emulex HBA Manager application to see the new management mode settings.

n In Windows:

a. From the File menu, select Management Mode. The Management Mode dialog appears (Figure 1).

b. Choose the management type and read-only mode that you want.

c. Click OK.

n In Linux:

a. Stop the Emulex HBA Manager application.

b. Run the following script:

/usr/sbin/ocmanager/set_operating_mode

c. Choose the management type and read-only mode that you want.

4.4 Using CIM (Windows Only)

VMware uses CIM as the only standard mechanism for device management. The Emulex HBA Manager application uses the standard CIM interfaces to manage the adapters in the Visor environment and supports CIM-based devices and HBA management.

To manage the adapters on a VMware host using the Emulex HBA Manager application, you must install the Emulex CIM Provider on the VMware host. Refer to the Emulex CIM Provider Installation Guide for additional information.

NOTE: The Emulex CIM Provider is not supported on ESXi 7.0 U3 and later operating systems.

For more information about the VMware patch management activities, refer to the VMware website.

NOTE: For VMware hosts, if advanced adapter management capabilities are required (for example, port disable), use the Emulex HBA Manager application for VMware vCenter. For more details, refer to the Emulex HBA Manager Application for VMware vCenter User Guide.