Configure EMC SMI-S provider for HPE UCMDB discovery

Recently I was tasked with setting up SMI-S for HPE UCMDB discovery of EMC VMAX devices.

Download and Install Solutions Enabler

Prior to Solutions Enabler 8.0, Solutions Enabler and the EMC SMI-S Provider were two separate downloads. As of version 8.0 and above, the SMI-S provider is included in the same install with SE.

1. In the Setup Type dialog, select Complete to install the full Solutions Enabler product set (along with SMI-S and VSS), or select Custom to install a subset of the options.
2. Click Next when done. In my case, my server was Windows 2012 R2 with complete EMC SE 8.0.2 components already installed.

Configure the EMC SMI-S provider

The EMC provider can be configured through the admin page. Login with default admin account and password.
1. Open https://localhost:5989/ecomconfig
Username: admin
Password: #1Password
2. Change the default password. (Recommended)


3. Click on the Dynamic Settings link from the ECOM Administration Page and locate the setting for SSLClientAuthentication.
4. Select None, check the Persist box, then click on Apply
This avoids a potential problem with SSL negotiations without lowering the security level. You will not need to restart the ECOM service if you modify parameters on this page.

Alt Text

Add LDAP Server

I was given a domain service account to configure for discovery. This meant setting up LDAP. To make this work, you will need to create a bindDn account (or use existing). A bindDn is basically the credential you are using to authenticate against an LDAP.

Alt Text

  1. Click on the LDAP Configuration link from the ECOM Administration Page.
  2. Select Add LDAP Server.

These are the fields I used or modified were as follows:

  • LDAP Authority Name: Domainname
  • Server Type: ldap
  • IP Address: IP of LDAP server
  • Port: 389
  • bindDn: DistinguishedName
  • bindPassword: password
  • userSearchPath: LDAP container (the top-level domain name or organizational unit) to search for potential users
  • groupSearchPath: LDAP container (the top-level domain name or organizational unit) to search for potential groups
  • userIDAttribute: sAMAccountName
  • userNameAttribute: cn
  • groupNameAttribute: cn
  • userObjectClass: user
  • groupObjectClass: group
  • groupMemberAttribute: uniqueMember
  • ldapTimeout: 30000
  • ldapDebugLevel: 0
Add LDAP Server Role Mapping

You can map either a user or a group in your LDAP directory to an ECOM role.

  1. Click on the LDAP Configuration link from the ECOM Administration Page.
  2. Select Add Role Mapping.
  3. Select User or Group.
  4. For LDAP value, enter the user or group name.
  5. For HPE UCMDB, I allowed a monitor ECOM Role.
  6. Click Add Role Map.
Test LDAP Role Mapping

The easiest way to test, of course, is simply logging out as admin, and logging back in with the Domain User you created a Role Mapping for, or a Domain User in a Group you added a Role Mapping for.

Alt Text

IMPORTANT, the syntax is <DOMAIN>/<Username>. If you use an “”, it will not work.

Test SMI Provider

Another test you can perform is running the EMC SMI Provider TestSmiProvider utility.

  1. Run “C:Program FilesEMCECIMECOMbinTestSmiProvider.exe”.
  2. You can use most of the default values here, but you’ll use the User you created a Role Mapping for, or a User in a Group you added a Role Mapping for. Again, the syntax is <DOMAIN>/<Username>. If you use an “”, it will not work.
  3. Once at the ? prompt, type “dv”.
  4. If LDAP authentication is working you will see all the version results, as well as any arrays to which the SMI-S Provider is already connected to.
Troubleshooting

Two good places to look if you run into trouble are the Log file, and the Simple CIM Browser.

Alt Text

The Log File contains ECOM operational and security messages, and the Simple CIM Browser provides a convenient way to browse the root/emc namespace and corresponding classes.

Alt Text