Recently I was tasked with setting up SMI-S for HPE UCMDB discovery of EMC VMAX devices.
Download and Install Solutions Enabler
Prior to Solutions Enabler 8.0, Solutions Enabler and the EMC SMI-S Provider were two separate downloads. As of version 8.0 and above, the SMI-S provider is included in the same install with SE.
1. In the Setup Type dialog, select Complete to install the full Solutions Enabler product set (along with SMI-S and VSS), or select Custom to install a subset of the options.
2. Click Next when done. In my case, my server was Windows 2012 R2 with complete EMC SE 8.0.2 components already installed.
Configure the EMC SMI-S provider
The EMC provider can be configured through the admin page. Login with default admin account and password.
1. Open https://localhost:5989/ecomconfig
Username: admin
Password: #1Password
2. Change the default password. (Recommended)
3. Click on the Dynamic Settings link from the ECOM Administration Page and locate the setting for SSLClientAuthentication.
4. Select None, check the Persist box, then click on Apply
This avoids a potential problem with SSL negotiations without lowering the security level. You will not need to restart the ECOM service if you modify parameters on this page.
Add LDAP Server
I was given a domain service account to configure for discovery. This meant setting up LDAP. To make this work, you will need to create a bindDn account (or use existing). A bindDn is basically the credential you are using to authenticate against an LDAP.
- Click on the LDAP Configuration link from the ECOM Administration Page.
- Select Add LDAP Server.
These are the fields I used or modified were as follows:
- LDAP Authority Name: Domainname
- Server Type: ldap
- IP Address: IP of LDAP server
- Port: 389
- bindDn: DistinguishedName
- bindPassword: password
- userSearchPath: LDAP container (the top-level domain name or organizational unit) to search for potential users
- groupSearchPath: LDAP container (the top-level domain name or organizational unit) to search for potential groups
- userIDAttribute: sAMAccountName
- userNameAttribute: cn
- groupNameAttribute: cn
- userObjectClass: user
- groupObjectClass: group
- groupMemberAttribute: uniqueMember
- ldapTimeout: 30000
- ldapDebugLevel: 0
Add LDAP Server Role Mapping
You can map either a user or a group in your LDAP directory to an ECOM role.
- Click on the LDAP Configuration link from the ECOM Administration Page.
- Select Add Role Mapping.
- Select User or Group.
- For LDAP value, enter the user or group name.
- For HPE UCMDB, I allowed a monitor ECOM Role.
- Click Add Role Map.
Test LDAP Role Mapping
The easiest way to test, of course, is simply logging out as admin, and logging back in with the Domain User you created a Role Mapping for, or a Domain User in a Group you added a Role Mapping for.
IMPORTANT, the syntax is <DOMAIN>/<Username>. If you use an “”, it will not work.
Test SMI Provider
Another test you can perform is running the EMC SMI Provider TestSmiProvider utility.
- Run “C:Program FilesEMCECIMECOMbinTestSmiProvider.exe”.
- You can use most of the default values here, but you’ll use the User you created a Role Mapping for, or a User in a Group you added a Role Mapping for. Again, the syntax is
<DOMAIN>/<Username>. If you use an “”, it will not work. - Once at the ? prompt, type “dv”.
- If LDAP authentication is working you will see all the version results, as well as any arrays to which the SMI-S Provider is already connected to.
Troubleshooting
Two good places to look if you run into trouble are the Log file, and the Simple CIM Browser.
The Log File contains ECOM operational and security messages, and the Simple CIM Browser provides a convenient way to browse the root/emc namespace and corresponding classes.
