• Introduction

    PDF

    Introduction

    Overview

    The Unisphere CLI enables you to run commands on a system through a prompt from a Microsoft Windows or UNIX/Linux host. Use Unisphere® for managing a system. The Unisphere CLI is intended for advanced users who want to use commands in scripts for automating routine tasks.

    Use the Unisphere CLI to manage a system. Tasks include:

    • Configuring and monitoring the system
    • Managing users
    • Provisioning storage
    • Protecting data
    • Controlling host access to storage

    Storage types

    Unisphere CLI supports provisioning and management of network block and file-based storage, including:

    • File system storage, which contains one or more shares. Allows clients to store data and easily access file systems and shares that integrate seamlessly into:
      • Windows environments that use the SMB protocol for file sharing, Microsoft Active Directory for authentication, and Windows directory access for folder permissions.
      • Linux/UNIX environments that use the NFS protocol for file sharing and POSIX access control lists for folder permissions.
    • LUN storage, over Fibre Channel (FC) or iSCSI protocol. You can have an individual LUN or a LUN group which can contains one or more LUNs. Provides block-level storage to hosts and applications that use the FC or iSCSI protocol to access storage in the form of LUNs.
    • Storage for VMware virtual machines through NFS, VMFS, and Virtual Volume (VVol) datastores.

    Use Unisphere CLI in scripts

    Use scripts with Unisphere CLI to automate routine tasks, such as provisioning storage or scheduling snapshots to protect stored data. For example, create a script to create a snapshot of an iSCSI LUN and delete the older snapshots created before it. Customer Support does not provide sample scripts or support for custom scripting.

    Set up the Unisphere CLI client

    You can install and launch the Unisphere CLI client on a Microsoft Windows or UNIX/Linux computer. Unisphere CLI sends commands to the system through the secure HTTPS protocol.

    Install the Unisphere CLI client

    To install the Unisphere CLI client:
    Procedure
    1. Go to your support website.
    2. Download the Unisphere CLI client for your operating system.
    3. Perform the following based on your operating system:
      • On Windows, double-click the installer executable and follow the prompts. The default installation location is: C:\Program Files\EMC&#xnisphere CLI
        The installation directory is added to the PATH system variable.
      • On UNIX/Linux, type: rpm -ihv <filename>,

        where filename is the name of the installer executable. The default installation location is:/opt/emc/uemcli-<version>/bin/,

        where version is the version of the client installed.

    Launch the Unisphere CLI client

    After installing the Unisphere CLI client, you can launch the client on a Microsoft Windows or UNIX/Linux computer.

    To launch the Unisphere CLI client, perform the following in a command prompt based on your operating system:

    Procedure
    1. If you have a Windows operating system, type:
      uemcli.exe
    2. If you have a UNIX/Linux operating system, type:
      /usr/bin/uemcli

    Certificate verification

    In order to establish a secure connection between UEM CLI and its backend server, a Public Key infrastructure (PKI) is used. An important component of PKI, is certificate verification. Certificate verification provides a way for a user to verify the backend server being contacted.

    When UEM CLI connects to a server requesting a secure connection, the server sends its identification in the form of a digital certificate. The certificate usually contains the following:

    • Server name
    • Trusted certificate authority (CA)
    • Server's public encryption key.

    The UEM CLI client may contact the server that issued the certificate (the trusted CA) and confirm the validity of the certificate before proceeding. When the certificate is verified, UEM CLI and its backend server will establish the connection and begin to exchange data.

    Certificate verification level

    The setlevel.sh script is used to set the certificate verification level to low or medium after the RPM package has been installed:

    low
    The certificate verification process will not be used to access the array.
    medium (default)
    The certificate verification process will be used to access the array.

    Run the following command:

    /opt/emc/uemcli-VERSION/bin/setlevel.sh (low|medium|l|m)

    Then follow the prompts. The tool will guide you through the steps to set the security level.

    For more information, see the section Manage SSL certificates.

    Unisphere CLI syntax

    Following is the syntax of an example command line:

    uemcli [<switches>] <object path> [<object qualifier>] <action> [<action qualifiers>]

    Executable

    All command lines begin with the executable uemcli. If you do not start each command line with uemcli, the command fails and you must rerun the command. If you run only uemcli, without any switches or commands, the list of switches and their descriptions appears.

    Switches

    Use local switches to configure Unisphere CLI and connect to a system. Type switches immediately after uemcli. When typing more than one switch on the same line, separate each switch with a space. All switches start with a hyphen (-).

    View the switches provides details on all available switches.

    Objects

    Objects identify the type of object on which to perform an action, such as a user, host, LDAP setting, or the system you are managing. All objects are categorized into types and are nested, as parent/child, to form a path to the actual object on which to perform an action, similar to locating a file in a file system. An object type can be a parent or a child of a parent. Not all parent object types contain child objects.

    All actions require the fully qualified path to the object. The one exception is the –help switch, which applies to an object at any level in a path. Get help explains how to use the -help switch.

    The actual object on which you perform an action is identified by an ID called an object qualifier, as explained in Object qualifiers.

    Example 1

    In the following example for creating a user account, the two object types are user and account:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account create –name user1 –type local –passwd Password789! –role operator

    Example 2

    In the following example for viewing all user accounts on the system, the object types are user and account. An object ID is not specified, so the show action is performed on account, which displays a list of all user accounts:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account show

    Object qualifiers

    Object qualifiers are unique identifiers for objects on the system. The format is:

    -<identifier> <value>

    where:

    • identifier — Type of object qualifier. The most common is -id.
    • value — Actual object qualifier.

    When you create an object, such as a user or network interface, it receives an ID, which is the object qualifier for that object. When performing actions such as viewing, changing, or deleting an object, you specify its object qualifier. The most common identifier is the -id parameter. The uniqueness of the qualifier is only guaranteed in the scope of the specified object type. All object qualifiers start with a hyphen (-).

    Example

    In the following example for changing the password of a user account, the object qualifier is local_user:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account –id local_user set –passwd NewPassword456! –oldpasswd password123

    Actions

    Actions are the operations performed on an object or object type, including creating, changing, viewing, and deleting. Actions are always required. Action commands provides details on each of the action commands.

    Example

    In the following example for changing the password of a user account, the action is set:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account –id local_user set –passwd NewPassword456! –oldpasswd password123

    Action qualifiers

    Action qualifiers are parameters specific to actions, such as attributes or settings to modify when changing an object. All action qualifiers start with a hyphen (-).

    Example

    In the following example for changing a role and password for a user account, the action qualifiers are -passwd, -oldpasswd, and -role:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account –id local_user set –passwd newpassword –oldpasswd password123 -role administrator

    Size qualifiers

    Use size qualifiers to indicate a specific capacity-size value. To specify a fraction, use a period. For example, type 2.4T for 2.4 terabytes. The output for a size value displays the exact number of bytes and the specified size value:

    Size = 1209462790557 (1.1TB)

    The following table lists the size qualifiers. The qualifiers are case-sensitive.

    Table 1. Size qualifiers
    Qualifier
    Measurement
    K
    Kilobyte
    M
    Megabyte
    G
    Gigabyte
    T
    Terabyte
    P
    Petabyte

    Speed qualifiers

    The following qualifiers are defined for the speed values.The qualifiers are case-insensitive.

    Table 2. Speed qualifiers
    Qualifier
    Measurement
    Kbps, Kb/s
    1,000 bits per second
    Mbps, Mb/s
    1,000,000 bits per second
    Gbps, Gb/s
    1,000,000,000 bits per second
    KBps, KB/s
    1,000 bytes per second
    MBps, MB/s
    1,000,000 bytes per second
    GBps, GB/s
    1,000,000,000 bytes per second

    Action commands

    When using Unisphere CLI, there are four primary action commands that you can perform on object types or objects, including creating, changing/configuring, viewing, and deleting. This section explains each of these four action commands. Unisphere CLI syntax explains the relationship between action commands, object types, and objects.

    The create action command

    The create action command creates an object on the system based on the specified path to the object. If the command is successful, the new object receives an object qualifier, or ID, that identifies the object on the system.

    Format
    <object> create [<action qualifiers>]
    Example

    The following example uses the create action command to create a local user account. The new user account receives the ID local_user:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account create –name local_user –type local –passwd Password789! –role operator
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = local_user
    Operation completed successfully.
                            

    The set action command

    The set action command modifies, or changes, an object type or object based on the specified path and object qualifier. Some options for certain objects cannot be configured when creating the object, but can be configured after the object is creating using the set command. This guide often refers to those actions as configure actions. If the object identified by the object qualifier does not exist, an error message appears.

    Format
    <object path> set <object qualifier> [<action qualifiers>]
    Example

    The following example uses the set action command to change the password for a user account. The path /user/account specifies that the object type is a user account. The -id object qualifier identifies local_user as the user account to change:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account –id local_user set –passwd NewPassword456! –oldpasswd OldPassword456!
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = local_user
    Operation completed successfully.
                            

    The show action command

    The show action command displays a list of objects that exist on the system and the attributes of those objects. You can specify an object qualifier to view the attributes for a single object. The show action command provides qualifiers for changing the display of the output, including the format and the attributes to include. The available output formats are name-value pair (NVP), table, and comma-separated values (CSV).

    Format
    uemcli [<switches>] <object> [<object qualifier>] show [{-detail | -brief | -filter <value>] [-output {nvp | table [-wrap] | csv}]
    Action qualifier
    Qualifier
    Description
    -output|-o
    Specify the output format. Value is one of the following:
    • nvp — The name-value pair (NVP) format displays output as name=value. Name-value pair format provides an example of the NVP format.
    • table — The table format displays output as a table, with column headers and rows. By default, values that are too long to fit in a column are cut off. Add -wrap after the table qualifier, separated by a space, so that the values wrap. Table format provides an example of the table format.
    • csv — The comma-separated values (CSV) format is similar to the table format, but the names and values are separated by commas. Comma-separated values format provides an example of the CSV format.
    -detail
    Display all attributes.
    -brief
    Display only the basic attributes (default).
    -filter
    Comma-separated list of attributes which are included into the command output.
    Name-value pair format
                              1:     ID                 = la0_SPA
           SP                 = SPA
           Ports              = eth0_SPA,eth1_SPA
           Health state       = OK (5)
    
    2:     ID                 = la0_SPB
           SP                 = SPB
           Ports              = eth0_SPB,eth1_SPB
           Health state       = OK (5)
    
                            
    Table format
                              ID      | SP  | Ports             | Health state
    --------+-----+-------------------+--------------
    la0_SPA | SPA | eth0_SPA,eth1_SPA | OK (5)
    la0_SPB | SPB | eth0_SPB,eth1_SPB | OK (5)
                            
    Comma-separated values format
                              ID,SP,Ports,Health state
    la0_SPA,SPA,”eth0_SPA,eth1_SPA”,OK (5)
    la0_SPB,SPB,”eth0_SPB,eth1_SPB”,OK (5)
                            
    Example

    The following command modifies the set of attributes in the show action output. For example, if you add -filter "ID,ID,ID,ID" to the command, in the output you will see four lines with the "ID" attribute for each listed instance:

                              1:  ID = la_0
        ID = la_0
        ID = la_0
        ID = la_0
                            
    uemcli /net/nas/server show -filter “ID, SP, Health state, ID, Name”
    Filter format
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID           = nas_1
           SP           = SPA
           Health state = OK (5)
           ID           = nas_1
           Name         = Mynas1
    
    2:     ID           = nas_2
           SP           = SPA
           Health state = OK (5)
           ID           = nas_2
           Name         = Mynas2
                            

    The delete action command

    The delete action command removes an object from the system based on the specified object and object qualifier.

    Format
    <object path> <object qualifier> delete
    Example

    The following command deletes user account local_user1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account –id local_user1 delete

    Get help

    For help with using the CLI, use the -help, -h, or -? switch for information about the syntax, an object type, or a specific object or action command.

    Help on the Unisphere CLI client

    For help on the client, including the use cases, switches, and system requests, type only uemcli or include the -help|-? switch. View the switches provides details on all available switches.

    Example

    The following command displays information about the syntax and switches:

    uemcli -?
                              [Get help on client options]
    uemcli –help
    	{CMDHELP|CMD|-upload|-download|-version|-saveUser|-removeUser|-removeAllUsers|-default|-certList|-certClear|-certDel|-certImport}
    
    [Get help on objects or actions]
    uemcli [-d <address>] [-port <number>] [-u <user_name>] [-p <password>] [-sslPolicy {interactive|reject|accept|store}] [-t <seconds>] [-silent] [-noHeader] [-cmdTime] <object> [<action>] –help
    
    [Perform an action on an object on the destination system]
    uemcli [-d <address>] [-port <number>] [-u <user_name>] [-p <password>] [-sslPolicy {interactive|reject|accept|store}] [-s <name>[:<version>]] [-gmtoff [-|+]<HH>[:<MM>]] [-t <seconds>] [-silent] [-noHeader] [-cmdTime] <object> [<qualifiers>] <action> [<qualifiers>]
    
    [Upload a file to the destination system]
    uemcli [-d <address>] [-port <number>] [-u <user_name>] [-p <password>] 
    	[-sslPolicy {interactive|reject|accept|store}] [-t <seconds>] [-silent] [-noHeader] -upload -f <file_path> <type> [-<parameter> <value> ...] [<action>]
    
    [Download a file from the destination system]
    uemcli [-d <address>] [-port <number>] [-u <user_name>] [-p <password>] [-sslPolicy {interactive|reject|accept|store}] [-t <seconds>] [-silent] [ noHeader] -download {-d <directory>|-f <file_path>} <type> [-<parameter> <value> ...] [<action>]
    
    [Display the version of this client]
    uemcli -version
    
    [Save access credentials for the destination system locally]
    uemcli [-d <address>] [-port <number>] -u <user_name> -p <password> [-silent]  -saveUser
    
    [Remove access credentials for the destination system from this client]
    uemcli [-d <address>] [-port <number>] [-silent] -removeUser
    
    [Remove all stored access credentials from this client]
    uemcli [-silent] -removeAllUsers
    
    [Save the destination address as the default for this client]
    uemcli -d <address> -port <number> [-silent] -default
    [List certificates saved for this client]
    uemcli [-silent] -certList
    
    [Delete a certificate from this client]
    uemcli [-silent] -certDel <certificate_id>
    
    [Delete all certificates from this client]
    uemcli [-silent] -certClear
    
    [Import an SSL certificate from a file]
    uemcli [-silent] -certImport <file>
                            

    Help on parent object types

    For help on parent objects types, which typically contain child object types, type the object type followed by the -help switch to view the object types it contains.

    Example

    The following command displays a list of DNS object types: /net /dns is the parent object type and [config] and [domain] are the child object types. In the output, the items in brackets are the objects on which you perform actions, such as creating and changing.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/dns –help
                              +- /net/dns/
               +- [config]
               +- [domain]
                            
    To get help on all object types, type only a forward slash (/). For example, / -help.

    Help on child object types

    For help on child object types, which are children of parent object types, type the object type followed by the -help switch to view a list of supported action commands.

    Example

    The following command displays the action commands to set (change) and show a DNS server setting: /net /dns is the parent object type and [config] is the child object type. In the output, the items in brackets are the actions, such as creating and changing, you can perform on the specified object types:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/dns/config –?
                              Configure system DNS client settings.
    Actions:
     [Set]
     /net/dns/config set -nameServer <value>
    
     [Show]
     /net/dns/config show [-output {nvp|csv|table[-wrap]}] [{-brief|-detail}]
                            

    Help on actions

    For help on an action command, type the fully qualified object parameter and action command, followed by the -help action qualifier.

    Example

    The following command displays the list of interface attributes that you can change:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/if set –?
                              Storage system address: 127.0.0.1 
    Storage system port: 443 
    HTTPS connection 
    
    /net/if -id <value> set [ -vlanId <value> ] [ -addr <value> ] [ -netmask <value> ] [ -gateway <value> ] 
    Modify an existing interface. 
    
    Where: 
    -id <value> 
    Specify the ID of an interface (eg. if_0, if_3) 
    
    [Optional] -vlanId <value> 
    Specify the virtual LAN (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1 to 4095. If the value is empty string, VLAN tagging will be disabled. 
    [Optional] -addr <value> 
    Specify the IP address for the interface. 
    
    [Optional] -netmask <value> 
    Specify the subnet mask for the IPv6 interface. 
    
    [Optional] -gateway <value> 
    Specify the gateway for the interface.
                            

    Manage SSL certificates

    When logging in to the system through Unisphere CLI, the system uses Secure Socket Layer (SSL) certificates to secure communications between the CLI client and the system. You can manage these certificates and configure a policy for the Unisphere CLI to use when receiving unknown certificates. All downloaded certificates are stored in the secure, local lockbox on the client system. Save Unisphere CLI settings explains how settings are saved.

    Configure a certificate policy

    Set up a certificate policy to specify how Unisphere CLI will automatically respond to unknown SSL certificates downloaded from the system.

    Format
    -sslPolicy <value>
    Switch
    Switch
    Description
    -sslPolicy
    Value is one of the following:
    • interactive — Client prompts the user to take action (default).
    • reject — Client automatically rejects the certificates.
    • accept — Client automatically accepts the certificates.
    • store — Client automatically accepts and stores the certificates in the lockbox.

    View certificates

    View a list of all SSL certificates stored in the lockbox.

    The show action command explains how to change the output format.
    Format
    -certList

    Delete certificates

    Delete one or more SSL certificates from the lockbox.

    Format
    -certDel <certificate IDs>
    Switch
    Switch
    Description
    -certDel
    Type a comma-separated list of certificate IDs to delete.
    Use –certList to view a list of stored certificates with their IDs.

    Clear all certificates

    Delete all SSL certificates from the lockbox.

    Format
    -certClear

    Import certificates

    Import a SSL certificate from a file.

    Format
    -certImport <file>
    Switch
    Switch
    Description
    -certImport
    Type the path and name for the file to import. Supported formats are:
    • Privacy Enhanced Mail (PEM)
    • Distinguished Encoding Rules (DER)
    • Cryptographic Message Syntax (PKCS #7)

    View the switches

    The Unisphere CLI switches apply only to your installed Unisphere CLI client. Use the switches to access a system, upload files to the system, and manage security certificates.

    Format
    uemcli [{-help|-h|-?}]

    The following table describes each of the switches:

    Table 3. Switches
    Switch
    Description
    -destination|-d
    IP (IPv4 or IPv6) address or network name of the destination system. If you do not include this switch, the client uses the addresses specified for -default. If no default address exists, the client uses the localhost address 127.0.0.1.
    -port
    Port number on the system.
    -user|-u
    Username for logging in to the system.
    -password|-p
    Password for logging in to the system.
    -securePassword
    Specifies the password in secure mode - the user will be prompted to input the password.
    -timeout|-t
    Timeout (in seconds) after which you are automatically logged out of the system due to user inactivity or a system problem. The default value is 600 seconds (10 minutes).
    -sslPolicy
    Policy for handling unknown SSL certificates downloaded from the system. Valid values are:
    • interactive (default) — Prompt the user to accept the certificates for the current session.
    • reject — Automatically reject the certificates.
    • accept — Automatically accept the certificates.
    • store — Automatically accept and store the certificates.
    -certList
    List of all certificates stored locally in the lockbox.
    -certClear
    Delete all certificates stored locally in the lockbox.
    -certDel
    Delete one or more certificates from the lockbox. Type a comma-separated list of certificate IDs.
    Use -certlist to view a list of stored certificates with their IDs.
    -certImport
    Import a certificate from a file. Supported formats are:
    • Privacy Enhanced Mail (PEM)
    • Distinguished Encoding Rules (DER)
    • Cryptographic Message Syntax (PKCS #7)
    -syntax|-s
    Syntax name and version (optional) to use in the client. Separate the name and version with a colon. For example, the following switch applies the UEM version 1.5 syntax: -syntax uem:1.5
    -upload

    Upload a file to the system. Type the file type and location in the following format:

    {-help|<type> -help|{-f|-file} <file> <type> [<parameter>=<value>...]}

    where:

    • -help — Display a list of file types you can upload to the system.
    • type -help — Display information about a file type. Value is one of the following:
      • license — A license file. During upload the license is installed on the system.
      • upgrade — A system software upgrade candidate file. When you upload an upgrade candidate file onto your system, it replaces the previous version. There can be only one upgrade candidate on the system at a time.
      • /net/nas/ldap — A custom LDAP schema or a Certification Authority (CA) certificate for the NAS server identified by a mandatory -server parameter. Uploading a valid LDAP schema changes the LDAP configuration. This will result in changes to the file systems access on the specific NAS server.
      • /net/nas/server — A custom user mapping rules file for the specific NAS server identified by a mandatory -id parameter. The mandatory -type parameter specifies the corresponding type of uploaded configuration file. Valid values are:
        • userMapping
        • passwd
        • group
        • hosts
        • netgroup
        • homedir
      • /net/nas/cava — An antivirus configuration file with parameters of the CAVA service.
      • /net/nas/kerberos — A Kerberos Key Table (keytab) file, which is required for secure NFS with a custom UNIX or Linux Kerberos KDC. It contains service principal names (SPNs), encryption methods, and keys for the secure NFS service.
      • /sys/cert — A certificate file of a particular type for the specific service identified by mandatory -type and -service parameters.
    • -f|-file file type — For file, type the path and filename of the file to upload. For type, type the file type to upload.
    • parameter = value — Optional parameter=value pairs for including specific parameters during the upload.
    For a list of supported file types, type -upload -help
    -download

    Download a file from the system. Type the file type and location in the following format:

    {-help | <type> -help | {-d <folder> | -f <file>} <type> [-<parameter> <value> ...]}

    where:

    • -help — Display a list of file types you can download from the system.
    • type -help — Display information about a file type. Value is one of the following:
      • serviceInfo — Save service information about your system to a .tar file. Your service provider can use the collected information to analyze your system. This action should be executed with service user credentials. To download service information you should collect it at first using the uemcli /service/system collect -serviceInfo command.
        Contact your service provider to determine if it is necessary to collect this information and to establish a process for sending the file to customer support.
      • config — Save details about the configuration settings on the storage system to a file. Service personnel can use this file to assist you with reconfiguring your system after a major system failure or a system reinitialization. This action should be executed with service user credentials. The file only contains details about your system configuration. You cannot restore your system from this file. This action should be executed with service user credentials.
        It is recommended that you save the file to a remote location after every major system configuration change, to ensure that you always have a current copy of the file available.
      • /net/nas/ldap — A custom LDAP schema for the NAS server identified by a mandatory -server parameter. Once you configure LDAP settings for a NAS server, you can download the automatically generated LDAP schema file to make additional changes.
      • /net/nas/server — A custom user mapping rules file for the specific NAS server identified by a mandatory -id parameter. The mandatory -type parameter specifies the corresponding type of uploaded configuration file. Valid values are:
        • userMapping
        • passwd
        • group
        • hosts
        • netgroup
        • homedir
      • /net/nas/cava — A CAVA configuration file.
      • /net/nas/kerberos — Kerberos Key Table (keytab) file, which is required for secure NFS with custom UNIX or Linux Kerberos KDC. It contains service principal names (SPNs), encryption methods, and keys for secure NFS service.
      • /import/session/nas — A detailed file import status report that may contain error information for a VDM to NAS import session identified by the mandatory -id parameter.
      • /sys/cert — A certificate file present on the storage system identified by the mandatory -id parameter.
      • encryption — Three types of data at rest encryption (D@RE) files are available for downloading using the mandatory -type parameter. Valid values are:
        • backupKeys - When a copy of the keystore is requested, no additional parameters are required. It is recommended that a copy of the keystore be downloaded and saved whenever the provisioned or hardware configuration on the storage system changes.
        • auditLog - When a copy of the auditlog is requested, the mandatory -entries parameter must be supplied, where there are two options: all or YYYY-MM. All entries can be requested or a specific year and month of entries. The downloaded file has a maximum size of 100MB. If all the entries will not fit into this file size, the head of the storage system's auditlog will be returned. The remainder of the auditlog can be retrieved using the year and month option.
          When the auditlog is requested, its checksum file will be downloaded with it as well.
        • cksum - Requests a regenerated checksum file for a previously downloaded auditlog file. In this case the mandatory -logName <auditlog filename> parameter must be supplied.
          This must be the exact filename of a previously downloaded auditlog file.
      • /service/system/dump — Core dump files are generated after an SP failure. Download these files to send to your service provider to help troubleshoot and resolve system issues. Service account credentials are required.
    • {-d <folder> | -f <file>} <type> — Destination directory or path to the destination file. For <type>, enter the type of file to download.
    • [-<parameter> <value>...] [<action>] — Download a file from the storage system.
    • <type> — File type.
    • [-<parameter> <value> ...] — Optional key-value pairs that are passed to the storage system via URL encoded parameters separated by spaces.
    • [<action>] — Optional action indicating what shall be executed on the file downloaded.
    -gmtoff
    Greenwich Mean Time (GMT) offset for converting the time on the system to the time on the client system. Type auto to send the offset of the current client system. Type the following to specify the offset:

    [-|+]<HH>[:<MM>]

    where:

    • -|+ — Type the sign of the GMT offset. If the offset is ahead of GMT, you can omit the plus sign.
    • HH — Type the hours for the offset.
    • MM — Type the minutes for the offset (optional). Separate the minutes from the hours with a colon.
    -help|-h|-?
    Display information about the syntax and switches.
    -saveUser
    Save the access credentials specified for the -user and -password switches to a local security file in the lockbox. With the access credentials saved, Unisphere CLI automatically applies them to the specified system destination and port pair each time you run a command.
    -removeUser
    Remove the specified user account from the lockbox.
    -default
    Save the destination and port pair as the default system to access. When you run a command, Unisphere CLI will run the command on the default system. Unisphere CLI saves the specified destination and port pair to a local security file in the lockbox. Each time you include the -default switch, Unisphere CLI overwrites the previous saved destination and port pair with the current destination and port pair. If you include the -port switch, the specified port value is paired with the -destination value and saved to the local security file.
    -silent
    Allow a command to complete by suppressing the output and not requiring user confirmation. This is useful when there are commands in scripts.
    -noHeader
    Hide the header message (system IP address, port number, and so on) that appears above the command output.
    -v|-version
    Display the version of your Unisphere CLI.
    -cmdTime
    Display the current time on the destination system.

    Access the system

    To access and run commands on a system through Unisphere CLI, specify the network name or management IP address of the system, your username, and your password.

    Unisphere CLI does not provide a session mode in which you log in to the system once and run commands. You must type the destination system, your username, and your password each time you run a command. Doing so logs in to the system, runs the command, and then logs out. To avoid having to type the access credentials each time you run a command, include the -saveUser switch to save the username and password for the specified destination system and port pair.
    Format
    [{-d|-destination} <value>] [{-u|-user} <user_name>] [{-p|-password} <password>]
    Switches
    Qualifier
    Description
    -destination|-d
    IP address or network name of the destination system. If you do not include this switch, the client uses the addresses specified for -default. If no default address exists, the client uses the localhost address 127.0.0.1.
    -user|-u
    Domain and username for logging in to the system. For example, Local/joe.
    -password|-p
    Password for logging in to the system.
    -securePassword
    Specifies the password in secure mode - the user will be prompted to input the password.
    -port
    Specify the port number through which to access the system.
    If you do not include the -port switch, Unisphere CLI accesses the system through default port 443.
    -default
    Save the destination and port pair as the default system to access. When you run a command, Unisphere CLI runs the command on the default system. Unisphere CLI saves the specified system and port pair to a local file. Each time you include the -default switch, Unisphere CLI overwrites the previously saved destination and port pair with the current destination and port pair.
    If you include the -port switch, the specified port value is paired with the -destination value and saved to the local file. Hide header information explains saving user account credentials on the local client system.
    -saveUser
    Save the access credentials specified for the -user and -password switches to a local file. With the access credentials saved, Unisphere CLI automatically applies them to the specified destination and port pair each time you run a command. Hide header information explains saving user account credentials on the local client system.
    -removeUser
    Remove saved access credentials for the specified destination and port pair.
    Example 1

    The following example accesses the destination system 10.0.0.1 as user Local/joe with password 12345:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456!
    Example 2

    The following example saves the access credentials for the specified user:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! -saveUser
    Example 3

    The following example sets the destination system as the default:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! -default
    Example 4

    The following example accesses the default system:

    uemcli -u Local/joe -p MyPassword456!
    Example 5

    The following example removes the saved access credentials from destination system 10.0.0.1:

    uemcli -d 10.0.0.1 -removeUser

    Upload an upgrade candidate

    To upgrade the system software, upload an upgrade candidate file that you download from the support website and use the -upload qualifier. Once you upload the candidate file to the system, use an upgrade session to start the upgrade process. Create upgrade sessions explains configuring upgrade sessions.

    Prerequisites

    Download the latest system software upgrade candidate from the support website.

    Format
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! -upload -f <file> upgrade
    Options
    Qualifier
    Description
    -f
    Type the path and file name of the upgrade candidate file to upload. Wrap the path and file name in quotes.
    Example

    The following example upload a upgrade candidate file to the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! -upload -f “upgrade-2.0.0.12190-MAGNUM-RETAIL.tgz.bin” upgrade
                          Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                        

    Hide header information

    Each time you run a switch or command, the header message appears. The header displays the destination system, system port number, the syntax, and communication protocol used (HTTPS). For example:

                          Storage system address: 127.0.0.1
    Storage system port: 443
    HTTPS connection
    
                        

    To hide the header, include the -noHeader switch:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! -noHeader /sys/general show
                          1:    System name           = Vorpal
          Model                 = EMC Storage Systems 12GB RAM WM PHTM
          Platform type         = EMC Storage System
          Product serial number = FNM00102000154
          Auto failback         = on
          Health state          = Degraded/Warning (10)
    
                        

    Save Unisphere CLI settings

    You can save the following settings on the host on which you run Unisphere CLI:

    • User access credentials, including your username and password, for each system you access. For more information, see the -saveUser switch in View the switches.
    • SSL certificates imported from the system. For more information on SSL certificates, see Manage SSL certificates.
    • Information about default system to access through Unisphere CLI, including the system name or IP address and the system port number. For more information, see the -default switch in View the switches.

    Unisphere CLI saves the settings to a secure lockbox that resides locally on the host on which Unisphere CLI is installed. The stored data is only available on the host where it was saved and to the user who saved it. The lockbox resides in the following locations:

    • On Windows XP: C:\Documents and Settings\<account_name>\Local Settings\Application Data\EMCM CLI\
    • On Windows 7: C:&#xsers\${user_name}\AppData\Local\.EMCMCLI
    • On UNIX/Linux: <home_directory>/EMC/UEM CLI

    The cps.clb and csp.clb.FCD files are lockbox-related. If you uninstall Unisphere CLI, these directories and files are not deleted, giving you the option of retaining them. However, for security reasons, you may want to delete these files.