StorageGuard collects configuration data for Hitachi VSP storage systems by either running read-only API on the Ops Center server, or directly on the SVP if Ops Center is not used. It is recommended to also enable OS level access for complementary configuration collection.
In this article:
- Option 1: Preparation for Scanning Hitachi VSP storage systems through Ops Center
- Option 2: Preparation for Scanning Hitachi VSP storage systems directly
Preparation for Scanning Hitachi VSP storage systems through Ops Center
The following table lists the requirements for scanning Hitachi VSP storage arrays:
| # | Description |
| 1 | Ensure that the Ops Center API Configuration Manager software is installed, and that storage arrays have been registered to it. |
| 2 | Provide the name or IP address of an Ops Center host. |
| 3 | Provide an Ops Center application user and password assigned to the opscenter-security-administrator role. |
| 4 |
Ensure that the same user account is also defined on the storage system, and assigned to the Security Administrator (View Only) group. According to Hitachi, "For REST API user authentication, use a user account registered in the storage system, or use a user account managed by the external authentication servers or approved external servers that are connected to the storage system." |
| 5 |
Ensure that the user can access:
API Examples:
|
| 6 | Make sure that IP connectivity through HTTPS is available between the StorageGuard server and each Ops Center server (ports 443, 23451, 23450). |
| 7 | Optional: Provide an Ops Center OS user account for the Ops Center host as described under Preparation for Scanning Storage Management hosts. |
Creating a User Account for Scanning Hitachi VSP storage systems through Ops Center
The following suggested method can be used to create a user account with appropriate privileges:
On the Ops Center Portal:
- Log in to the Ops Center portal with an administrative user account.
- From the navigation bar, click Manage users and select Users from the Asset type list.
- In the Users window, click +.
- Provide the account information and then click Submit.
- Enter a password, confirm it, and then click Submit
- Assign the user with the built-in opscenter-security-administrator role.
On the VSP:
- Login to the SVP user interface with an administrative account.
- If a local user is used, create the same user account on the SVP by navigating to Administration > Users and Permissions > Create New User.
- Assign the user with the Security Administrator (View Only) group.
To verify that the user has been provisioned successfully:
- You will need the curl command available.
- First obtain an authorization token.
- Open command line (CMD).
- Execute the following command (fill in the user name, password and IP): curl -k -v -u "[user]:[password]" -X POST -s https://[Server IP]:443/portal/auth/v1/providers/builtin/token
- Copy the authorization line
- Example: Authorization: Basic U1BVlJBTpzZFV6c3B3Kzdz==
- Now we can execute a REST API command: curl -k -v -H "Accept:application/json" -X GET [API CMD] -H [token]
- Example: curl -k -v -H "Accept:application/json" -X GET https://[Server]:23451/ConfigurationManager/configuration/version -H "Authorization: Basic U1BVlJBTpzZFV6c3B3Kzdz=="
- You should receive a valid json output.
For additional information on configuring Hitachi Ops Center, Configuration Manager and REST API, review the following references:
- Registering a local storage system to an Ops Center API Configuration Manager connection • Ops Center Automator User Guide • Reader • Hitachi Vantara Documentation Portal
- Registering storage systems to an Ops Center API Configuration Manager REST API connection • Nondisruptive Migration with Ops Center • Reader • Hitachi Vantara Documentation Portal
- How to access Hitachi Configuration Manager to register storage devices | Hitachi Ops Center
Preparation for Scanning Hitachi VSP storage systems directly
The following table lists the requirements for scanning Hitachi VSP storage arrays:
| # | Description |
| 1 | Provide the SVP IP address. |
| 2 | Provide a user and password assigned to a Security Administrator (View Only) group. |
| 3 |
Ensure that the user can access https://[SVP IP]:443/ConfigurationManager API Examples:
|
| 4 | Make sure that IP connectivity through HTTPS is available between the StorageGuard server and each SVP IP (port 443). |
| 5 | Optional: Provide an SVP OS user account for the svp host as described under Preparation for Scanning Storage Management hosts. |
Creating a User Account for Scanning Hitachi VSP storage systems directly
The following suggested method can be used to create a user account with appropriate privileges:
- Login to the SVP user interface with an administrative account.
- Access the Administration tab, click Users and Permissions.
- Click New User
- Assign the user with the built-in Security Administrator (View Only) group - which includes the Security Administrator (View Only), Audit Log Administrator (View Only) and Storage Administrator (View Only) roles.
Note: The option of direct REST API is not available on older Hitachi VSP models.
Comments
0 comments
Please sign in to leave a comment.