• Manage the System

    PDF

    On this page

    Manage the System

    Configure general system settings

    Configure general settings on the system, including:

    • Enable or disable automatic failback for SP.
    • Manually fail back NAS servers.
    • Perform a check of the overall system health.
    • Change the system name.
    Failover occurs when there is a hardware or software problem with an SP. This failover causes all NAS servers that run on it to fail over to the another SP with minimal disruption to connected hosts. Once the SP is fixed, and automatic failback is enabled, all NAS servers automatically fail back to their original SP.

    The following table lists the general system attributes:

    Table 1. General system attributes
    Attributes
    Description
    System name
    Name of the system.
    UUID base
    Base value used to generate UUIDs in the host environment (such as OVMS hosts).
    Model
    System model.
    System UUID (virtual deployments only)
    System Universally Unique Identifier (UUID) for a virtual system.
    License activation key (virtual deployments only)
    A key that certifies that the system is licensed and the software was obtained legally.
    Product serial number
    System serial number.
    Auto failback (physical deployments only)
    Indication of whether auto failback is enabled for the SP. Valid values are:
    • on
    • off
    Health state
    Health state of the system. The health state code appears in parentheses. Valid values are:
    • Unknown (0) — Status is unknown.
    • OK (5) — Working correctly.
    • OK BUT (7) — Working correctly, but there could be a problem.
    • Degraded/Warning (10) — Working and performing all functions, but the performance may not be optimum.
    • Minor failure (15) — Working and performing all functions but overall performance is degraded. This condition has a minor impact on the system and should be remedied at some point, but does not have to be fixed immediately.
    • Major failure (20) — Failing and some or all functions may be degraded or not working. This condition has a significant impact on the system and should be remedied immediately.
    • Critical failure (25) — Failed and recovery may not be possible. This condition has resulted in data loss and should be remedied immediately.
    • Non-recoverable error (30) — Completely failed and cannot be recovered.
    Health details
    Additional health information. See Appendix A, Reference, for health information details.
    Power (Present) (physical deployments only)
    Present system power consumption.
    Power (Rolling Average) (physical deployments only)
    Average system power consumption (in the past hour with 30-second sampling rate)

    View system settings

    View the current system settings.

    The show action command explains how to change the output format.
    Format
    /sys/general show
    Example 1 (physical deployments only)

    The following command displays the general settings for a physical system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/general show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    
    1:    System name             = demo
          UUID Base               = 0
          Model                   = Unity 300
          Platform type           = EMC Storage System
          System UUID             =
          Product serial number   = demo
          Auto failback           = on
          Health state            = OK (5)
          Health details          = "The system is operating normally."
          Power (Present)         = 572 watts
          Power (Rolling Average) = 573 watts
          Supported SP upgrades   = SP400, SP500, SP600
    
    
                            
    Example 2 (virtual deployments only)

    The following command displays the general settings for a virtual system:

    The UUID Base does not display when the -detail option is not specified.
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/general show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     System name            = Demo
           Model                  = UnityVSA
           System UUID            = 421D3F1B-6D79-52A1-9AC7-67AE794E520E
           License activation key = CQPZQ0DJJQHR0X
           Product serial number  = VIRT14349BPJEP
           Health state           = OK (5)
    
                            

    Change general system settings

    Change the name of the system, or whether automatic failback is enabled or disabled.

    Format
    /sys/general set [-name <value>] [-uuidBase <value>] [–autoFailback {on|off}]
    Action qualifiers
    Qualifier
    Description
    -name
    Type a name for the system.
    -uuidBase
    Type the UUID Base value.
    -autoFailback (physical deployments only)
    Enable or disable automatic failback. Valid values are:
    • on
    • off
    Example

    The following command disables automatic failback:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/general set –autoFailback off
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manually fail back NAS servers (physical deployments only)

    Manually fail back all failed over NAS servers to their original SP. If auto failback is enabled, failback occurs automatically.

    Format
    /sys/general failback
    Example

    The following command fails back all NAS servers that have failed over:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/general failback
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Perform a system health check

    Perform a health check of the entire system. A health check is a series of checks on the state of your system to ensure that no underlying problems exist.

    Before upgrading the system software, a system health check must be performed. All system components must be healthy prior to upgrading the system software. If any of the system components are degraded, the software update will fail.
    Format
    /sys/general healthcheck
    Example

    The following command performs a health check of the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/general healthcheck
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1: Error code = Error: The health check has failed. An internal error is preventing 
    the health check from completing successfully. Record the error code and search the 
    EMC Online Support website for available support options. 
    [Error Code: platform::check_boot_control_status_2]
    
    Operation completed successfully.
    
                            
    • The results of the health check may show errors and warnings, but a message of Operation completed successfully. displays in the output. This is only an indication that the health check action was performed, not that it was successfully completed without errors and warnings. Attempt to resolve all errors and rerun the health check.
    • If errors occur, a system software upgrade is not allowed. If warnings occur, they can be bypassed during the upgrade procedure.

    Configure system information

    Configure system information about the system’s location and user.

    The following table lists the system information attributes:

    Table 2. System information attributes
    Attribute
    Description
    Location name
    Location name
    Address 1
    Contact address for the system
    City
    City name
    State
    State or province name
    Country
    Two-letter country code
    Postal Code
    Postal code
    Contact first name
    First name of the user.
    Contact last name
    Last name of the user.
    Contact mobile phone
    Mobile phone number of the user.
    Contact company
    Company of the user.
    Site ID
    Internal ID for identifying where the system is installed.
    Contact email address
    Contact email address for the system
    Contact phone number
    Contact phone number for the system

    View system information

    View current system information.

    The show action command explains how to change the output format.
    Format
    /sys/info show
    Example

    The following command displays the general setting information for the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/info show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    
    1:     Contact first name    = Zach 
           Contact last name     = Arnold
           Contact company       = EMC
           Contact email address = something@somemail.com
           Contact phone number  = 123456789
    
    
                            

    Change system information

    Change the system information attributes.

    Format
    /sys/info set [-location <value>] [-contactFirstName <value>] [-contactLastName <value>] [-contactEmail <value>] [-contactPhone <value>] [-contactMobilePhone <value>]
    Action qualifiers
    Qualifier
    Description
    -location
    Specify an updated location name.
    -contactEmail
    Specify the new contact email address for the system.
    -contactPhone
    Specify the new contact phone number for the system.
    -contactMobilePhone
    Specify the new contact mobile phone number for the system.
    -contactFirstName
    Specify the new contact first name for the system.
    -contactLastName
    Specify the new contact last name for the system.
    Example

    The following command changes the following system information:

    • Contact first name
    • Contact last name
    • Contact email
    • Contact phone
    • System location
    • Contact mobile phone
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/info set -contactFirstName Zach -contactLastName Arnold -contactEmail something@someemail.com -contactPhone 1233456789 -location here -contactMobilePhone 987654321
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    Operation completed successfully.
    
                            

    Manage software versions

    See details about the system software versions that have been uploaded to the system manually by a user, or that have been automatically pushed down to the system by support.

    Support will not push down any software images to the system without prior user consent.
    Table 3. System software attributes
    Attribute
    Description
    ID
    ID of the system software.
    Type
    System software type. Value is one of the following:
    • installed — Software image that is currently installed on the system
    • candidate — Upgrade candidate uploaded to the system for upgrading the system software
    • downloaded—Software image that was automatically pushed to the system by support.
    Version
    Software version.
    Release date
    Software release date.
    Reboot required
    Indication of whether a reboot is required for this software upgrade package. Values are:
    • yes
    • no
    Pause allowed
    Indication of whether the software upgrade package allows the user to pause the upgrade and choose the desired disruptive upgrade window. Values are:
    • yes
    • no
    Image filename
    Filename of the software image.

    View system software versions

    Display details about the version of the installed system software any upgrade candidates that have been uploaded to the system. Upgrade the system explains how to upgrade the system software.

    Format
    /sys/soft/ver [{-id <value>|-type {installed|candidate|downloaded}}] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the system software.
    -type
    Type the software type. Value is one of the following:
    • installed — View the version of the system software that is installed.
    • candidate — View the version of the system software upgrade candidate that was uploaded to the system.
    • downloaded — Software image that was automatically pushed to the system by support.
    Example

    The following command displays details about the installed system software and an uploaded upgrade candidate:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/soft/ver show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    ID              = INST_1
          Type            = installed
          Version         = 4.3.0.1498853411
          Release date    = 2017-06-30 23:33:44
          Image type      =
          Reboot required =
          Pause allowed   =
          Image filename  =
    
    2:    ID              = CAND_1
          Type            = candidate
          Version         = 4.3.0.1502142551
          Release date    = 2017-08-08 05:19:50
          Image type      = software
          Reboot required = yes
          Pause allowed   = yes
          Image filename  = Unity-c4dev_PIE_471-upgrade-4.3.0.1502142551-4.3.0.1502142551-GNOSIS_DEBUG.tgz.bin
    
    3:    ID              = ASD_1
          Type            = downloaded
          Version         = 4.2.0.9215195
          Release date    = 
          Image type      = software
          Reboot required =
          Pause allowed   =
          Image filename  = Unity-_dev_001-upgrade-4.2.0.9215195.9215195-4.2.0.9215195.9215195-GNOSIS_DEBUG.tgz.bin.gpg
    
    4:    ID              = ASD_2
          Type            = downloaded
          Version         = V2-Dec-19-2016
          Release date    =
          Image type      = firmware
          Reboot required =
          Pause allowed   =
          Image filename  = Unity-Drive-Firmware-V2-Dec-19-2016.tgz.bin.gpg
    
    
                            

    Prepare system software version

    Prepare an automatically downloaded software image for installation.

    Support will not push down any software images to your system without prior user consent.
    Format
    /sys/soft/ver -id <value> prepare
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the automatically downloaded system software.
    Example 1

    The following command prepares automatically downloaded software image "ASD_1" for installation:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/soft/ver -id ASD_1 prepare
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            
    Example 2

    The following command shows the error that is returned when trying to prepare an image that was not an automatically downloaded software candidate:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/soft/ver -id CAND_1 prepare
                              Operation failed. Error code: 0x6000cd5
    The specified image ID is invalid. The current action can only be performed on downloaded images. Obtain the image ID with '/sys/soft/ver -type downloaded show' and try again with correct image ID. (Error Code:0x6000cd5)
    
                            
    Use the /sys/soft/ver show command to obtain the ID of any automatically downloaded software images on the system. The "Type" should be "downloaded" such as in the following example:
                              
          ID              = ASD_1
          Type            = downloaded
          Version         = 4.2.0.9215195
          Release date    = 
          Image type      = software
          Reboot required =
          Pause allowed   =
          Image filename  = Unity-_dev_001-upgrade-4.2.0.9215195.9215195-4.2.0.9215195.9215195-GNOSIS_DEBUG.tgz.bin.gpg
                            

    Upgrade the system

    Create an upgrade session to upgrade the system or view existing upgrade sessions. The upgrade session installs an upgrade candidate file that was uploaded to the system. Download the latest upgrade candidate from the support website. Use the -upload switch to upload it to the system before creating the upgrade session.

    The latest software upgrade candidate contains all available hot fixes. If you have applied hot fixes to your system, the hot fixes will be included in the latest upgrade candidate.

    All system components must be healthy, prior to upgrading the system. If any system components are degraded, the update will fail. Perform a system health check explains how to run a health check on the system.

    The following table lists the attributes for upgrade sessions.

    Table 4. Upgrade session attributes
    Attribute
    Description
    Status
    Current status of the upgrade session. Value is one of the following:
    • running — Session is upgrading the system software.
    • completed — Session has completed upgrading the system software.
    • paused— Upgrade session has paused before rebooting the SPs.
    • failed— Upgrade session has failed.
    Progress
    Current progress of the upgrade session.
    Creation time
    Date and time the upgrade session was created.
    Elapsed time
    Amount of time that the upgrade session has been running.
    Estimated time left
    Estimated time required to complete the upgrade session.
    Percent complete
    Indicates the progress of the upgrade in percent.
    Type
    The type of upgrade being performed: software upgrade or storage processor upgrade. With software upgrade, details can be found with /sys/soft/ver show.
    Additional info
    Additional information about the status of the upgrade.

    Create upgrade sessions

    Creates a new upgrade session. This could be a software or hardware upgrade that is monitored by a session.

    Do not use Unisphere or Unisphere CLI to manage or configure the system during a software upgrade.
    Format
    /sys/upgrade create –type { software [–candId <value>] [-pauseBeforeReboot] | sp -newSPModel <value>} [-offline]} [-pauseBetweenReboots]
    Action qualifiers
    Qualifier
    Description
    -candId
    Type the ID of the uploaded upgrade candidate. View system software versions explains how to view the ID of the uploaded software candidate.
    This argument is optional. If unspecified, the system looks up the upgrade candidate.
    -pauseBeforeReboot
    Specify whether to pause during the upgrade, executing all tasks before the SPs reboot.
    This option is ignored for language packs, hot fix, and ODFU upgrades.
    -newSPModel
    Start a storage processor upgrade with the specified target model. The possible values for this system are identified using /sys/general show.
    -offline
    Optional parameter that will start an offline storage processor upgrade rather than an online (default) storage processor upgrade.
    -pauseBetweenReboots
    Optional parameter for software or online Data-in-place (DIP) upgrades. If specified, the system will pause after the first SP has been upgraded, but before the second SP is upgraded. This will allow you to suspend the upgrade until you manually resume the upgrade using /sys/upgrade resume.
    Example 1

    The following command creates a session to upgrade the system software:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/upgrade create –type software
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            
    All warning messages, if any, appear the first time you run the upgrade process. When a potential issue results in a warning message, the upgrade process stops. Once you review the warning message, run the upgrade command again to continue with the upgrade process. This time the upgrade process will run the checks again, but it will not stop for any warnings. The upgrade process will only stop when an error occurs.
    Example 2

    The following command creates a session to upgrade the storage processor:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/upgrade create –type sp –newSPModel SP500
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            
    Example 3

    The following command initiates an offline DIP upgrade.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/upgrade create -type sp -newSPModel SP500 -offline
                              Storage system address: 10.64.75.201
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            
    Example 4

    The following command initiates a software upgrade that pauses after the first SP reboots.

    uemcli /sys/upgrade create -type software -pauseBetweenReboots
                              Storage system address: 10.64.75.201
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    View upgrade sessions

    View details for an existing upgrade session.

    The show action command explains how to change the output format.
    Format
    /sys/upgrade show
    Example 1

    The following command displays details about the hardware upgrade session:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/upgrade show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Type                = SP
           Status              = Running
           Status message      = 
           Creation time       = 2015-11-09 19:43:08
           Elapsed time        = 01h 3m 08s
           Estimated time left = 01h 70m 00s
           Progress            = Task 2 of 5 (Running health checks)
           Percent complete    = 5%
                            
    Example 2

    The following command displays details about the software upgrade session:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/upgrade show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Type                = Software
           Status              = Failed
           Status message      = Stopping c4 stack on SPA timeout expired
           Creation time       = 2009-11-09 18:04:12
           Elapsed time        = 00h 20m 08s
           Estimated time left = 
           Progress            = Task 5 of 25 (Stopping c4 stack on SPA)
           Percent complete    = 15%
                            
    Example 3

    The following command shows an issue with the pre-upgrade health check in Additional info.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/upgrade show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Type                = Software
           Status              = Failed
           Creation time       = 2009-11-09 18:04:12
           Elapsed time        = 00h 20m 08s
           Estimated time left = 
           Progress            = 
           Percent complete    = 5%
           Additional info     = "Error: The health check has failed. An internal error is preventing the health check from completing successfully. Record the error code and search the EMC Online Support website for available support options. [Error Code: platform::check_boot_control_status_2]","Error: One or more LUNs are in degraded state. Record the error code and contact your service provider. [Error Code: flr::check_if_lun_recovery_is_required_2]"
                            

    Resume upgrade session

    Resume an existing upgrade session that has been paused or has failed.

    Format
    /sys/upgrade resume
    Example

    The following command continues with the upgrade.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/upgrade resume
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    
    Operation completed successfully.
    
                            

    Cancel upgrade session

    Cancel an upgrade session that is failed or paused. If there is a failure with lock (later steps of OS upgrade or storage processor upgrade), the upgrade cannot be canceled and must be "resume" instead.

    Format
    /sys/upgrade cancel
    Example

    The following command cancels the upgrade session.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/upgrade cancel
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Manage security settings

    Manage system security settings.

    The following table lists the system information attributes:

    Table 5. Security settings attributes
    Attributes
    Description
    FIPS 140 mode
    Indicates whether the system is working in FIPS mode. Valid values are:
    • enabled
    • disabled
    Default value is disabled.
    TLS 1.0 mode
    Indicates whether the system has TLS 1.0 enabled. Valid values are:
    • enabled
    • disabled
    Default value is enabled.

    View security settings

    Displays current system security settings.

    Format
    /sys/security show
    Example

    The following command displays the security settings for the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/security show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1: FIPS 140 mode   = enabled
       TLS 1.0 mode    = enabled
    
                            

    Change security settings

    Change the system security settings.

    Format
    /sys/security set {-fips140Enabled {yes | no} | -tls1Enabled {yes | no}}
    Action qualifiers
    Qualifier
    Description
    -fips140Enabled
    Enables or disables FIPS 140 compliance mode. Valid values are:
    • yes
    • no
    -tls1Enabled
    Enables or disables TLS 1.0 protocol. Valid values are:
    • yes
    • no
    Examples

    The following command changes the system security setting for FIPS 140 mode:

    uemcli /sys/security set -fips140Enabled yes
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    The system will reboot one SP at a time for this change to take effect. Do you want to continue?
    yes / no: yes
    
    Operation completed successfully.
    
                            

    The following command changes the system security setting for TLS 1.0 protocol:

    uemcli /sys/security set -tls1Enabled no
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    Please refer to the security configuration guide for backward compatibility. You will need to manually reboot both SPs for this change to take effect. Do you want to continue?
    yes / no: yes
    
    Operation completed successfully.
                            

    Manage system time

    The following table lists the system time attributes:

    Table 6. System time attributes
    Attributes
    Description
    Time
    System time - not including the command processing delay. The difference between the requested time and the resulting time can be up to one minute due to the command processing delay.
    System time is affected by -gmtoff.

    View system time

    Display current system time.

    Format
    /sys/time show
    Example

    The following command displays the system time:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/time show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    
    1: Time     = 2011-01-01 03:00:00
    
                            

    Change system time

    Change the system time.

    Format
    /sys/time set {-clientTime | -utc <value>} [-force {noreboot | allowreboot | allowdu}]
    Action qualifiers
    Qualifier
    Description
    -clientTime
    Indicates that the system time should be synchronized with the time on the system from which the CLI is being run.
    The difference between the client time and the resulting system time can be up to one minute as a result of the command processing delay.
    -utc
    Specify time to set on the system (in UTC format). Format: <YYYY>-<MM>-<DD><hh>:<mm>:<ss>
    The difference between the requested time and the resulting time can be up to one minute due to the command processing delay.
    -force
    Specify whether to accept or decline the system reboot, which may be needed to complete the time change. If the qualifier is not specified, you will be asked to confirm the reboot if it’s needed. Valid values are:
    • noreboot
    • allowreboot
    • allowdu
    allowdu is used if the system is in a degraded state or has one SP (data will be unavailable during its reboot). Otherwise allowreboot is used. In silent mode, system will be rebooted if needed.
    Example

    The following command accepts the system reboot:

    uemcli /sys/time set -utc "2011-05-17 14:26:20" -force allowreboot
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully
    
    
                            

    Manage support configuration

    Manage support configuration settings on the system, including:

    • Name of IP address of proxy server.
    • Port number of the proxy server.
    • Name of the account on the proxy server.
    • Password of the account.
    • Whether the support contracts list is updated automatically on a weekly basis.
    • Whether cloud management is enabled for services like Cloud IQ.

    The following table lists the support configuration attributes:

    Table 7. Support configuration attributes
    Attributes
    Description
    Support proxy server address
    Name or IP address of the support services proxy server.
    Support proxy server port
    Port number of the support services proxy server
    Support proxy server user name
    Name of the account on the support proxy server.
    Support proxy server password
    Password of the account on the support proxy server.
    Automatic support contracts update enabled
    Indicates whether the system automatically updates its service contracts list once a week.
    Cloud management enabled
    Indicates whether cloud management is enabled. Values are:
    • enabled
    • disabled (default)

    View support configuration

    View the current support configuration information.

    Format
    /sys/support/config show
    Example 1

    The following command displays the support configuration:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/config show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Support proxy server enabled = yes
           Support proxy server address = 10.0.0.1
           Support proxy server port    = 1080
    
                            
    Example 2

    The following command displays the support configuration:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/config show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    Support proxy server enabled               = no
          Support proxy server address               =
          Support proxy server port                  = 0
          Support proxy user name                    =
          Support proxy protocol                     = Unknown
          Automatic support contracts update enabled = no
          Cloud management enabled                   = no
    
                            

    Change support configuration

    Change support configuration attributes.

    Format
    /sys/support/config set [-enableSupportProxy {yes | no }] [-supportProxyAddr <value>] [-supportProxyPort <value>] [-supportProxyUser <value> {-supportProxyPasswd <value> |-supportProxyPasswdSecure}] [-supportProxyProtocol {http | socks}] [-autoUpdateContracts {yes | no}] [-enableCloudMgmt {yes | no}]
    Action qualifiers
    Qualifier
    Description
    -enableSupportProxy
    Specifies whether to enable or disable the proxy server. Valid values are:
    • yes
    • no
    -supportProxyAddr
    Specify the name or IP address of the support services proxy server.
    -supportProxyPort
    Specify the port of the support services proxy server.
    -supportProxyUser
    Specify the user name of an account on the support services proxy server.
    -supportProxyPasswd
    Specify the password for the support services proxy server account.
    -supportProxyPasswdSecure
    Specifies the password in secure mode - the user is prompted to input the password.
    -supportProxyProtocol
    Specify the protocol used for communications with the support proxy server. Valid values are:
    • http
    • socks
    Values are case-sensitive.
    -autoUpdateContracts
    Specify whether the system automatically updates its service contracts list once a week. Valid values are:
    • yes
    • no
    Values are case-sensitive.
    -enableCloudMgmt
    Specify whether sending data to CloudIQ is enabled on the system. Valid values are:
    • yes
    • no
    Values are case-sensitive.
    Example

    The following command specifies the support services proxy server parameters:

    uemcli /sys/support/config set -supportProxyAddr 10.0.0.1 -supportProxyPort 8080 -supportProxyUser user1 -supportProxyPasswd password123 –supportProxyProtocol http
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage support contracts

    Manage support contracts on the system.

    The following table lists the support contracts attributes:

    Table 8. Support contracts attributes
    Attributes
    Description
    ID
    Support contract identifier.
    Status
    State of the support contract. Value is one of the following:
    • active
    • about to expire
    • expired
    Service type
    Type of the support contract.
    Start date
    Start date of the support contract.
    Expiration date
    Expiration date of the support contract

    View support contracts

    View the available support contracts.

    Format
    /sys/support/contract [-id <value>] show
    Action qualifiers
    Qualifier
    Description
    -id
    Identifies the support contracts
    Example

    The following command displays the support contracts:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/contract show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1: ID              = contract1
       Status          = active
       Service type    = software
       Expiration date = 2012/12/31
    
                            

    Refresh support contracts

    Refresh or update the list of support contracts from a support server.

    Format
    /sys/support/contract refresh
    Example

    The following command displays the support contracts:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/contract refresh
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage Centralized ESRS

    Centralized ESRS runs on a gateway server. When you select this option, your storage system is added to other storage systems in an ESRS cluster. The cluster resides behind a single common (centralized) secure connection between EMC servers and an off-array ESRS Gateway. The ESRS Gateway is the single point of entry and exit for all IP-based ESRS activities for the storage systems associated with the gateway.

    The ESRS Gateway is a remote support solution application that is installed on one or more customer-supplied dedicated servers. The ESRS Gateway functions as a communication broker between the associated storage systems, Policy Manager and proxy servers (optional), and the EMC enterprise. Connections to the Policy Manager and associated proxy servers are configured through the ESRS Gateway interface along with add (register), modify, delete (unregister), and querying status capabilities that ESRS clients can use to register with the ESRS Gateway.

    To use Centralized ESRS, valid support credentials must be set.

    The following table lists the attributes for Centralized ESRS:

    Table 9. Centralized ESRS attributes
    Attributes
    Description
    Enabled
    Indicates whether the Centralized ESRS service is enabled. Valid values are:
    • yes
    • no
    Address
    Indicates the IP address of the Centralized ESRS server.
    Port
    Indicates the port number of the Centralized ESRS server.

    View Centralized ESRS configuration

    View details about the Centralized ESRS configuration.

    Format
    /sys/support/esrsc show
    Example

    The following command displays the Centralized ESRS configuration:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsc show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Enabled = yes
           Address = 10.10.10.123
           Port    = 9443
    
                            

    Change Centralized ESRS configuration

    Change the Centralized ESRS attributes.

    Action qualifiers
    Qualifier
    Description
    -enable
    Specifies whether to enable or disable Centralized ESRS. Valid values are:
    • yes
    • no
    If ESRS is disabled, other parameters cannot be changed.
    -address
    Specifies the IP address of the Centralized ESRS to which to be connected.
    -port
    Specifies the port number to be used to connect to the centralized ESRS.
    Format
    /sys/support/esrsc set -enable { yes | no } [ -address <value> ] [ -port <value> ]
    Example

    The following command specifies the Centralized ESRS parameters:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsc set -enable yes -address 10.10.22.22
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Check Centralized ESRS network connection

    Check Centralized ESRS network connectivity before configuring ESRS.

    Check the network connectivity from Centralized ESRS to the EMC servers. If there is any failure, Centralized ESRS cannot be enabled.

    Format
    /sys/support/esrsc checkNetwork -address <value> [-port <value>]
    Action qualifier
    Qualifier
    Description
    -address
    Type the IP address of Centralized ESRS VE.
    -port
    Type the port number used for Centralized ESRS VE.
    Example

    This example shows when the network connectivity check for Centralized ESRS fails.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsc checkNetwork -address 10.100.10.7
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation failed. Error code: 0x6400be8
    
    The centralized ESRS network connectivity check failed. Please check your firewall configuration and whether the centralized ESRS server is operating normally. (Error Code:0x6400be8)
                            

    Manage Integrated ESRS (physical deployments only)

    This feature may not be available in your implementation.

    Integrated ESRS runs directly on your storage system. When you configure this option, your storage system sets up a secure connection between itself and the Support Center. You can select one of the following remote service connectivity options for Integrated ESRS:

    • Outbound/Inbound, which is the default, from the storage system to the Support Center and from the Support Center to the storage system for remote access using https.
    • Outbound only from the storage system to the Support Center using https.

    When you select the Outbound/Inbound option, the storage system sets up a secure connection between itself and the Support Center. This option enables remote service connectivity for dial out and dial in capabilities with the storage system. The connection from the storage system to a Policy Manager and any associated proxy servers (optional) must be configured through either Unisphere or the CLI.

    When you select the Outbound only option, the storage system sets up a secure connection between itself and the Support Center. This option enables remote service connectivity for dial out only capabilities with the storage system.

    To use Integrated ESRS, valid support credentials must be set. Integrated ESRS is required to be enabled before you can configure a policy manager and any associated proxy servers.

    The following table lists the attributes for Integrated ESRS:

    Table 10. Integrated ESRS attributes
    Attribute
    Description
    Enabled
    Indicates whether the Integrated ESRS service is enabled. Valid values are:
    • yes
    • no
    EULA accepted
    Indicates whether the ESRS end user license agreement EULA has been accepted. Valid values are:
    • yes
    Site ID
    Indicates the assigned ID number for the location within your organization where the system is located.
    Type
    Specifies the Integrated ESRS type. Valid values are:
    • oneWay
    • twoWay

    View Integrated ESRS configuration

    View details about the Integrated ESRS configuration.

    Format
    /sys/support/esrsi show
    Example

    The following command displays the Integrated ESRS configuration:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsi show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Enabled       = yes
           EULA accepted = yes
           Type          = Two way       
    
                            

    Change Integrated ESRS configuration

    Change the Integrated ESRS attributes.

    Format
    /sys/support/esrsi set {-enable {yes|no}|-acceptEula yes|-type {oneWay|twoWay}}
    Action qualifiers
    Qualifier
    Description
    -enable
    Specifies whether to enable or re-enable, or disable the ESRS. Valid values are:
    • yes
    • no
    If ESRS is disabled, other parameters cannot be changed.
    -acceptEula
    Specifies whether to accept the end user license. Valid value is:
    • yes
    If ESRS EULA is not accepted, nothing can be configured for the Integrated ESRS.
    -type
    Specifies which type of Integrated ESRS to use. Valid values are:
    • oneWay (Outbound only)
    • twoWay (Outbound/Inbound) (default)
    Example

    The following command specifies the Integrated ESRS parameters:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsi set -acceptEula yes
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Check Integrated ESRS network connection

    Check the network connectivity from the Integrated ESRS client to the EMC servers. If there is any failure, the Integrated ESRS cannot be enabled.

    Format
    /sys/support/esrsi checkNetwork
    Example

    The following command displays the network connectivity for Integrated ESRS:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsi checkNetwork
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation failed. Error code: 0x6400bc8
     Remote Support cannot be enabled at this time, because the system cannot contact some required EMC servers: esrghoprd02.emc.com:443/8443,esrghoprd03.emc.com:8443/443. Please refer to online help for this error code to resolve the issue. (Error Code:0x6400bc8) 
    
                            

    Request access code for Integrated ESRS

    Request an access code for Integrated ESRS. This access code will be emailed to the email account user. The access code will only be valid for 30 minutes. This process adds an extra level of authentication and helps to ensure that you are the correct user and authorized to enable ESRS on the storage system.

    Format
    /sys/support/esrsi requestAccessCode
    Example

    The following command sends a request for an access code as part of the email verification process for Integrated ESRS:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsi requestAccessCode
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTPS connection
    
    1:     Recipient email address = sxxxxxxxxxx@mail.com
    
                            

    Validate access code for Integrated ESRS

    Validate the access code for Integrated ESRS that was received by email to the email account user. The received access code will only be valid for 30 minutes.

    Format
    /sys/support/esrsi validateAccessCode -accessCode <value>
    Example

    The following command displays the response to validating the access code part of the email verification process:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsi validateAccessCode -accessCode 76507252
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTPS connection
    
    Operation completed successfully.
    
                            

    Manage Policy Manager

    The Policy Manager is optional and is installed on a customer supplied server or servers. It enables customizable control of remote access to customer devices and maintains an audit log of remote connections. When the ESRS server retrieves a remote access from the EMC Enterprise, the access is controlled by the policies configured on the Policy Manager and are enforced by the ESRS server.

    A proxy server can be configured for the server on which the Policy Manager is installed to connect to the Internet. The proxy server configured for the Policy Manager is called a Policy Manager Proxy.

    Integrated ESRS is required to be enabled before you can configure a Policy Manager and any associated proxy servers.

    The following table lists the attributes for a Policy Manager and proxy server:

    Table 11. Policy Manager and proxy server attributes
    Attribute
    Description
    Enabled
    Indicates whether the policy manager is enabled or not. Valid values are:
    • yes
    • no
    Address
    Policy manager name or IP address
    Port
    Policy manager port number
    Protocol
    Protocol used for communication with the policy manager. Valid values are:
    • http
    • https (default)
    SSL strength
    The ESRS Policy Manager SSL strength (applicable only when protocol is HTTPS). Valid values are:
    • high (default)
    • medium
    • low
    Proxy enabled
    Indicates whether the policy manager proxy is enabled or not. Valid values are:
    • yes
    • no
    Proxy address
    Name or IP address of the proxy server used by the policy manager
    Proxy port
    Port of the proxy server used by the policy manager
    Proxy username
    Name of the account on the policy proxy server
    Proxy password
    Password of the account on the policy proxy server
    Proxy protocol
    Protocol used for communications with the policy proxy server. Valid values are:
    • http
    • socks (default)

    View Policy Manager and proxy server configuration

    View details about the Policy Manager and proxy server configuration.

    Format
    /sys/support/esrsi/policymgr show
    Example

    The following command displays the configuration of the Integrated ESRS policy manager server:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsi/policymgr show -detail
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Enabled         = no
           Address         =
           Port            = 0
           Protocol        =
           SSL strength    = 
           Proxy enabled   = no
           Proxy address   =
           Proxy port      = 0
           Proxy user name =
           Proxy protocol  =
    
                                

    Change Policy Manager and proxy server configuration

    Change the Policy Manager and proxy server attributes.

    Action qualifiers
    Qualifier
    Description
    -enable
    Specifies whether to enable or disable the ESRS policy manager. Valid values are:
    • yes
    • no
    If the ESRS policy Manager is disabled, other policy manager parameters cannot be changed.
    -address
    Specifies the policy manager address to be configured for Integrated ESRS.
    -port
    Specifies the policy manager server port number to be configured for Integrated ESRS.
    -protocol
    Specifies the protocol to be used by the policy manager server.
    -sslStrength
    Specifies the ESRS Policy Manager SSL strength (applicable only when the protocol is HTTPS). Valid values are:
    • high
    • medium
    • low
    -enableProxy
    Specifies to enable the policy manager proxy. Valid values are:
    • yes
    • no
    If the ESRS Policy Manager is disabled, other policy manager proxy server parameters cannot be changed.
    -proxyAddr
    Specifies the policy proxy server address.
    -proxyPort
    Specifies the policy proxy port number.
    -proxyUser
    Specifies the user name of the account on the policy manager proxy server.
    -proxyPasswd
    Specifies the password of the account on the policy manager proxy server.
    -proxyProtocol
    Specifies the protocol to be used by the policy manager proxy server.
    Format
    /sys/support/esrsi/policymgr set [ -enable { yes | no } ] [ -address <value> ] [ -port <value> ] [ -protocol { http | https } ] [ sslStrength { high | medium | low } ] [ -enableProxy { yes | no } ] [ -proxyAddr <value> ] [ -proxyPort <value> ] [ -proxyUser <value> { -proxyPasswd <value> | -proxyPasswdSecure } ] [ -proxyProtocol { http | socks } ]
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/esrsi/policymgr set -enable no
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                                

    Manage Connect Home

    Configure Connect Home to send system information directly to support when critical alerts occur.

    Connect Home uses SMTP (Simple Mail Transport Protocol) to automatically email system information directly to support. These emails contain system event and error histories that can be used by support for diagnosing and troubleshooting issues.

    Table 12. Connect Home attributes
    Attribute
    Description
    Enabled
    Indicates whether Connect Home is enabled. Valid values are:
    • yes
    • no
    SMTP server
    The IP address of the SMTP server configured for Connect Home.
    E-mail from address
    The email address from which Connect Home emails are sent to support.
    E-mail to address
    The destination email address to which Connect Home emails are sent.

    View Connect Home

    This command shows the Connect Home configuration settings.

    View the current Connect Home configuration settings.

    Format
    /sys/support/connecthome show
    Example

    The following command shows the configuration details for Connect Home.

    uemcli -d 10.0.0.1 -u admin -p Password /sys/support/connecthome show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Enabled             = yes
           SMTP server         = 10.10.10.123
           E-mail from address = bs-xxxx@emc.com
           E-mail to address   = emailalertesg@emc.com
                            

    Change the Connect Home configuration settings

    This command changes the configuration settings for Connect Home.

    Change the configuration settings for Connect Home.

    Format
    /sys/support/connecthome set [-enable {yes | no}] [ -smtpServer <value>] [-emailFromAddr <value>]
    Action qualifiers
    Qualifier
    Description
    -enable
    Specify whether to enable Connect Home. Valid values are:
    • yes
    • no
    -smtpServer
    Specify the IP address of the SMTP server that Connect Home will use to send emails.
    -emailFromAddr
    Specify the email address from which Connect Home emails will be sent to support. If not specified, a default value formatted as <arrayname>@emc.com will be used.
    Example

    This example enables Connect Home and specifies that it will use SMTP server 10.10.22.22.

    uemcli -d 10.0.0.1 -u local/joe -p Password /sys/support/connecthome set –enable yes –smtpServer 10.10.22.22
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Test Connect Home

    This command tests a successful Connect Home email alert transmission.

    Test whether Connect Home can successfully send an email alert to support using the specified SMTP server.

    Format
    /sys/support/connecthome test
    Example

    This example shows the results of a test email alert using the specified Connect Home configuration settings.

    uemcli -d 10.0.0.1 -u local/joe -p Password /sys/support/connecthome test
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Manage user roles

    View the supported roles of users on the system, as well as the types of actions each type of user can perform.

    The following table lists the attributes for user roles:

    Table 13. User role attributes
    Attributes
    Description
    Name
    Name of the user role. Value is one of the following:
    • administrator— Administrator role: Can view system data, edit system settings, and perform all major administrator tasks.
    • storageadmin— Storage administrator role: Can view system data and edit settings. Cannot add user accounts or host configurations, perform initial system configuration, modify network settings, create or delete NAS servers, or upgrade system software.
    • operator — Operator role: Can view system and storage status information but cannot change system settings. This role provides view-only permissions.
    • securityadministrator— Security administrator role: Can view system and storage status information but perform only security related tasks. Cannot perform any operations.
    • vmadmin— VMware administrator role: Used only for adding the system as a VASA provider in vCenter.
    Description
    Brief description of the user role.

    View user roles

    View a list of roles to which you can assign users. You can filter on the role name.

    Format
    /user/role [–name <value>] show
    Object qualifier
    Qualifier
    Description
    -name
    Type the name of the user role. Value is one of the following:
    • administrator — Administrator role
    • storageadmin — Storage Administrator role
    • operator — Operator role (view only)
    • securityadministrator — Security Administrator role
    • vmadmin— VMware Administrator (used only to register the system as a VASA provider in vCenter)
    Example

    The following command displays a list of user roles on the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/role show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    
    1:     Name        = administrator
           Description = User is allowed to perform security tasks.
    
    2:     Name        = storageadmin
           Description  = User has access to all administrative and management interfaces and data.
    
    3:     Name        = operator
           Description = User is allowed to see all storage system data but not to perform any storage management operations.
    
    4:     Name        = securityadministrator
           Description = User is allowed only to perform security tasks and is able to see all storage system data, but cannot perform any operations.
    
    5:     Name        = vmadmin
           Description = Can only be used to establish a VASA connection from vCenter to the storage system.
                            

    Manage user accounts

    Control user access to the system and functionality by creating user accounts for each manager or administrator who needs to configure and monitor the system. The accounts combine a unique username and password with a specific role for each identity. When users connect to the system through the CLI or Unisphere UI, the system prompts them to type their username and password to gain access.

    Table 14. User account attributes
    Attributes
    Description
    ID
    Identifier of the specific user account.
    Name
    Account name.
    Role
    The role type of the user account.
    Type
    The account type (scope). Values are:
    • local
    • ldapuser
    • ldapgroup
    Password
    Local account password.
    Password expiration status
    Information about when the account password will expire. Values are:
    • <value> days remaining
    • Expired
    • An empty value, which means the password does not expire for that specific user account. For example, user accounts with the account type of ldapuser or ldapgroup.

    Create user accounts

    Create an account for a user or user group and assign the account to a role. The role specifies the user permissions. Users can be local to the system or authenticated by using LDAP. User groups are only authenticated using LDAP.

    Each user account is identified by an ID.

    Format
    /user/account create -name <value> -type {local {-passwd <value> | -passwdSecure} | ldapuser | ldapgroup} -role <value>
    Action qualifiers
    Qualifier
    Description
    -name

    Type a name for the account. For LDAP users and groups that are required to indicate the domain, use the following format:

    <domain>/<name>

    where:

    • <domain> — LDAP domain.
    • <name> — Account name.
    -type
    Type the type of user or user group. Value is one of the following:
    • local — Local user.
    • ldapuser — User has an LDAP account.
    • ldapgroup — Group has an LDAP account.
    -passwd
    For local users, type the user password. The following are the password requirements for user accounts:
    • Passwords must be 8 to 40 characters in length and cannot contain spaces.
    • Passwords must include mixed case, a number, and a special character from this list: ! , @ # $ % ^ * ? _ ~
    • When changing a password, do not reuse any of the last 3 passwords.
    -passwdSecure
    Specifies the password in secure mode - the user will be prompted to input the password and the password confirmation.
    -role
    Type the name of the role for the account. Value is one of the following:
    • administrator — Administrator
    • storageadmin — Storage Administrator
    • operator — Operator (view only)
    • securityadministrator — Security Administrator
    • vmadmin— VMware Administrator
    The /user/role show -detail command returns a list of all available user roles. Table 13 provides a detailed description of each user role.
    Example

    The following command creates a user account that assigns user1 as local user to the operator role:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account create –name user1 –type local –passwd Password987! –role operator
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = user_user1
    Operation completed successfully.
                            

    View user accounts

    View a list of user accounts. You can filter on the account ID.

    Format
    /user/account [-id <value>] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of a user account.
    Example

    The following command displays a list of all user accounts on the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID   = user_user1
           Name = user1
           Role = administrator
           Type = local 
    
    2:     ID   = ldapuser_ldapdomain.com/ldapUser
           Name = ldapdomain.com/ldapUser
           Role = operator
           Type = ldapuser
    
    3:     ID   = ldapgroup_ldapdomain.com/ldapGroup
           Name = ldapdomain.com/ldapGroup
           Role = storagadmin
           Type = ldapgroup
    
                            

    Change user accounts

    Update a user account with new settings.

    Format
    /user/account -id <value> set [ {-passwd <value> | -passwdSecure} { {-oldpasswd <value> | -oldpasswdSecure} | -force}] [ -role <value>] [-locked {yes | no}]
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the user account to change.
    Action qualifiers
    Qualifier
    Description
    -passwd
    Type a new password for a local user. The following are the password requirements for user accounts:
    • Passwords must be 8 to 40 characters in length and cannot contain spaces.
    • Passwords must include mixed case, a number, and a special character from this list: ! , @ # $ % ^ * ? _ ~
    • When changing a password, do not reuse any of the last 3 passwords.
    -passwdSecure
    Specifies the password in secure mode. The user will be prompted to input the password and the password confirmation.
    -oldpasswd
    Type the old password to set the new password.
    -oldpasswdSecure
    Specifies the password in secure mode. The user will be prompted to input the password.
    -force
    Reset the password.
    You must be an administrator to use this qualifier.
    -role
    Type the name of the role for the account. Value is one of the following:
    • administrator — Administrator
    • storageadmin — Storage Administrator
    • operator — Operator (view only)
    • securityadministrator — Security Administrator
    • vmadmin— VMware Administrator
    The /user/role show -detail command returns a list of all available user roles. Table 13 provides a description of each user role.
    -locked
    Specifies whether to lock or unlock the user account. Valid values are:
    • yes--locks the user account.
    • no--unlocks the user account.
    This option can only be set by users who have either the administrator or security administrator role, and only on STIG-enabled systems.
    Example

    The following command changes the password for user account user_user1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account –id user_user1 set –passwd NewPassword456! –oldpasswd OldPassword456!
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = user_user1
    Operation completed successfully.
    
                            

    Delete user accounts

    Delete a user account.

    Format
    /user/account –id <value> delete
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the user account to delete.
    Example

    The following command deletes user account user_user1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account -id user_user1 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully
    
    
                            

    Manage user account settings

    Manage the detailed account settings for users on the system.

    This command is available only for STIG-enabled systems.
    Table 15. User account settings attributes
    Attributes
    Description
    Enabled
    Indicates whether or not the user account settings feature is enabled. Values are:
    • yes
    • no
    When this value is yes, but the detailed account settings are not specified, the "Default enabled value" for each setting, as specified below, is used.

    When this value is no, the "Disabled value" for each setting is used.

    Password minimum size
    Minimum number of characters for a password. Value range is 8-40. Default values are:
    • Default enabled value: 15
    • Disabled value: 8
    Number of previous passwords
    Indicates the number of past passwords that cannot be reused until the cycle has reset. Value range is 3-12. Default values are:
    • Default enabled value: 5
    • Disabled value: 3
    Password period
    The time period (in days) a password is valid for before it expires. Value range is 1-180 days. An empty value indicates the password does not expire. Default values are:
    • Default enabled value: 60
    • Disabled value: no expiration (empty)
    Maximum failed logins
    The number of consecutive failed login attempts allowed within the failed login period before the account is locked. An empty value indicates that there is no limit. Value range is 1-10. Default values are:
    • Default enabled value: 3
    • Disabled value: no limit (empty)
    Maximum failed logins, Failed login period, and Account lockout period must either be all empty or they must all have a value.
    Failed login period
    The time period (in seconds) during which the failed login attempts are tracked and considered, thus counting toward the maximum failed logins before lockout. Value range is 1-3600 seconds. An empty value indicates that the failed login period is not tracked. Default values are:
    • Default enabled value: 900
    • Disabled value: no failed login period tracking (empty)
    If the maximum failed logins is not met during the Failed login period, the Maximum failed logins count will reset.
    Failed login period, Maximum failed logins, and Account lockout period must either be all empty or they must all have a value.
    Account lockout period
    The time period (in seconds) for which an account will be locked before the user can attempt to login again. Value range is 1-86400 seconds. Default values are:
    • Default enabled value: 3600
    • Disabled value: account never locks (empty).
    Account lockout period, Maximum failed logins, and Failed login period must either be all empty or they must all have a value.
    Session idle timeout
    The time period (in seconds) of idle activity, after which the login session will time out. Value range is: 1-3600 seconds. Default values are:
    • Default enabled value: 600
    • Disabled value: 3600
    An empty value means the session will not timeout due to being idle.
    Default admin lockout enabled
    Indicates whether account lockout is enabled for admin users. Values are:
    • yes
    • no
    Default values are:
    • Default enabled value: no
    • Disabled value: no

    Configure user account settings

    Configure the user account settings for a STIG-enabled system. If the -enabled option is yes, all other subsequent options can be specified. If the subsequent options are not specified when user account settings -enabled is set to yes, the default enabled value specified below will be used. The disabled value for these options when user account settings -enabled is set to no are detailed in the attributes table in Manage user account settings.

    This command is not valid for systems that do not have STIG enabled.
    Format
    /user/account/settings set [-enabled {yes | no}] [-passwdMinSize <value>] [-passwdCount <value>] [{-passwdPeriod <value> | -noPasswdPeriod}] [{-maxFailedLogins <value> | -noMaxFailedLogins}] [{-failedLoginPeriod <value> | -noFailedLoginPeriod}] [{-lockoutPeriod <value> | -noLockoutPeriod | -manualUnlock}] [{-sessionIdleTimeout <value> | -noSessionIdleTimeout}] [-defaultAdminLockoutEnabled {yes | no}]
    Action qualifiers
    Qualifier
    Description
    -enabled
    Specifies whether to enable or disable user account settings. Valid values are:
    • yes
    • no
    -passwdMinSize
    Specifies the minimum number of characters for a password. Value range is 8-40. If not specified, user account setting default enabled value is 15.
    -passwdCount
    Specifies the number of passwords that cannot be reused. Valid range: 3 -12. If not specified, user account setting default enabled value is 5.
    -passwdPeriod
    Specifies the time period (in days) for which a password is valid before it expires. Value range is 1-180 days. If neither this value nor -noPasswdPeriod is specified, user account setting default enabled value is 60.
    This setting is not applicable to local admin user accounts.
    -noPasswdPeriod
    Specifies that the password does not have an expiry period for local user accounts.
    -maxFailedLogins
    Specifies the number of consecutive failed login attempts allowed within the failed login period before the account is locked. Value range is 1-10. If neither this value nor -noMaxFailedLogins is specified, user account setting default value is 3.
    If this option is specified, the -failedLoginPeriod and -lockoutPeriod options must also be specified.
    -noMaxFailedLogins
    Specifies that there is no maximum limit on the number of consecutive failed login attempts.
    If this option is specified, the -noFailedLoginPeriod and -noLockoutPeriod options must also be specified.
    -failedLoginPeriod
    Specifies the time period (in seconds) during which the failed login attempts are tracked and considered, thus counting toward the maximum failed logins before lockout. Value range is 1-3600 seconds. If neither this value, nor -noFailedLoginPeriod is specified, user account setting default enabled value is 900.
    If this option is specified, the -maxFailedLogins and -lockoutPeriod options must also be specified.
    If the maximum failed logins is not met during the Failed login period, the Maximum failed logins count will reset.
    -noFailedLoginPeriod
    Specifies that the number of consecutive failed login attempts within a given time period is not being tracked.
    If this option is specified, the -noMaxFailedLogins and -noLockoutPeriod options must also be specified.
    -lockoutPeriod
    Specifies the time period (in seconds) for which an account will be locked before the user can attempt to login again. Value range is 1-86400 seconds. If neither this value, nor -noLockoutPeriod is specified, the user account settings default enabled value is 3600.
    If this option is specified, the -maxFailedLogins and -failedLoginPeriod options must also be specified.
    -noLockoutPeriod
    Specifies that local user accounts will not be locked due to meeting the number of -maxFailedLogins within the -failedLoginPeriod.
    If this option is specified, the -noMaxFailedLogins and -noFailedLoginPeriod options must also be specified.
    -manualUnlock
    Specifies that the account will remain locked until manually unlocked by an administrator.
    -sessionIdleTimeout
    Specifies the time period (in seconds) of idle activity, after which the login session will time out. Value range is: 1-3600 seconds. If neither this value, nor -noSessionIdleTimeout is specified, the user account settings default enabled value is 600.
    -noSessionIdleTimeout
    Specifies that the session will never time out due to being idle.
    -defaultAdminLockoutEnabled
    Specifies whether account lockout is enabled for admin users. Values are:
    • yes
    • no
    If this value is not specified, the user account settings default enabled value is no.
    Example 1

    The following command enables the user account settings with all default enabled values set when transitioning from a disabled state:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account/settings set -enabled yes
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            
    Example 2

    The following command disables the user account settings, which reverts the account settings back to the original values from before the settings were enabled:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account/settings set -enabled no
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    View user account settings

    View the account setting details of all users on the system.

    Format
    /user/account/settings show
    Example

    Displays the user account settings for all users on the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /user/account/settings show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    Enabled                       = yes
          Password minimum size         = 15
          Number of previous passwords  = 5
          Password period               = 60
          Maximum failed logins         = 3
          Failed login period           = 900
          Account lockout period        = 3600
          Session idle timeout          = 600
          Default admin lockout enabled = no
    
                            

    Manage support credentials

    Manage support credentials settings on the system, including:

    • User name of the user account.
    • Password of the user account.

    The following table lists the support credentials attributes:

    Table 16. Support credentials attributes
    Attributes
    Description
    Support user name
    Name of the user account.
    Support password
    Password of the user account.

    View support credentials

    View the current support credentials.

    Format
    /sys/support/account show
    Example

    The following command displays the support credentials:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/account show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1: 	Support user name = user1
    
                            

    Change support credentials

    Change support credential attributes.

    Format
    /sys/support/account set -user <value> {-passwd <value> | -passwdSecure}
    Action qualifiers
    Qualifier
    Description
    -user
    Specify the user name of the support account.
    -passwd
    Specify the new password of the support account.
    -passwdSecure
    Specifies the password in secure mode - the user will be prompted to input the password.
    Example

    The following command specifies the new password of the support account:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/account set -user user1 -passwd Password123
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Delete support credentials

    Delete support credentials.

    Format
    /sys/support/account delete
    Example

    The following command deletes support credentials:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/support/account delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage system limits

    This CLI command shows limits of the system and various storage resources.

    System limits display the size, capacity, and count limits of various system components or storage resources. Some of these limits are associated with alert thresholds. If this threshold is exceeded, the system will generate an alert. Certain limits are license dependent.

    Table 17. System limit attributes
    Attribute
    Description
    ID
    Limit identifier.
    Name
    Limit name.
    Description
    Limit description.
    Limit value
    Upper boundary of the limit that cannot be exceeded.
    Threshold value
    Threshold of the specified limit above which the system will generate an alert.
    License
    License identifier related to the given limit. Some system limits depend on the type of license installed.

    View system limits

    This command allows you to view system limits, limit thresholds that trigger related alerts, and limits that are based on product feature licenses.

    View details about system limits.

    Format
    /sys/limits [{–id <value> | -license <value>}] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the identifier of the limit.
    -license
    Type a specified license for which to display associated limits.
    Example

    The following command displays a list of all feature licenses on the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/limit show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID              = Limit_Pool_MaxCapacityInTotal
           Name            = Max Storage Capacity
           Description     = The maximum allowed capacity of all storage pools in total.
           Limit value     = 17179869184 (16.0 TB)
           Threshold value = 15032385536 (14.0 TB)
           License         = STORAGE_CAPACITY_LIMIT
    
    2:     ID              = Limit_Pool_MaxCount
           Name            = Max Storage Pool Count
           Description     = The maximum allowed number of storage pools on the system.
           Limit value     = 10
           Threshold value = 8
           License         =
    
    3:     ID              = Limit_VirtualDisk_MinSize
           Name            = Min Virtual Disk Size
           Description     = The minimum allowed size of a virtual disk.
           Limit value     = 10737418240 (10.0 GB)
           Threshold value =
           License         =
                            

    View installed feature licenses

    View details for purchased feature licenses. These licenses were purchased when your system was purchased. You must install licenses on your system before you can use a particular feature or perform tasks, such as creating storage.

    To install a license, use the -upload switch to upload it to the system. View the switches provides details on all available switches. The following table lists and describes the attributes for product licenses.

    Table 18. License attributes
    Attribute
    Description
    ID
    License identifier.
    Name
    Name of the license.
    Description
    Description of the license.
    Installed
    Indication of whether a feature is installed with the license. Value is yes or no.
    Version
    Version of the license.
    Issued
    Date when the license was made available.
    Expires
    Date when the license will expire.
    Health state
    Health state of the license. The health code appears in parentheses. Value is one of the following:
    • OK (5) — License is active.
    • Degraded/Warning (10) — License will soon expire.
    • Major failure (20) — License has expired.
    To update a license that has expired or is about to expire, go to the Manage Licenses page in Unisphere.
    Health details
    Additional health information. See View the switches, for health information details.

    View licenses

    View details about installed licenses.

    The show action command explains how to change the output format.
    Format
    /sys/lic [–id <value>] show
    Object qualifier
    Qualifier
    Description
    -id
    Identify the license.
    Example

    The following command displays a list of all feature licenses on the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/lic show
                              
    1:     ID           = ISCSI
           Name         = Internet Small Computer System Interface (iSCSI)
           Description  = This license enables you to use the iSCSI 
           protocol for block storage.
           Installed    = yes
           Version      = 1.1
           Issued       = 2009-11-09
           Expires      = 2010-11-09
           Health state = OK (5)
    
    2:     ID           = CIFS 
           Name         = Common Internet File System (CIFS)
           Description  = This license enables you to configure and 
           manage file shares that are exposed using the CIFS protocol.
           Installed    = yes
           Version      = 1.1
           Issued       = 2009-01-19
           Expires      = Never
           Health state = OK (5)
    
                            

    View and accept the End User License Agreement

    View the end user license agreement (EULA). You must accept the EULA prior to uploading product licenses or configuring the system.

    View the EULA

    View the EULA as a text file. The output displays a URL for accessing the text file.

    The show action command explains how to change the output format.
    Format
    /sys/eula show
    Example

    The following command displays the agreement status of the EULA and a URL for viewing the EULA as a text file:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/eula show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Agree = yes
           URL   = https:/10.0.0.1/eula.txt
    
                            

    Accept the EULA

    Accept the EULA prior to install product licenses and configure the system.

    Format
    /sys/eula set -agree yes
    Example

    The following command accepts the EULA:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/eula set -agree yes
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage Unisphere Central Management/Monitoring

    Unisphere Central management/monitoring is a centralized approach to monitoring multiple systems at one time.

    The following table lists the Unisphere Central management/monitoring attributes:

    Table 19. Unisphere Central management/monitoring attributes
    Attribute
    Description
    ID
    Unisphere Central management server identifier
    Address
    Unisphere Central management server network address (network name or IP address)
    Certificate
    Unisphere Central management server certificate SHA1 hash
    Challenge phrase
    Passphrase used by the Unisphere Central management server to sign a certificate
    SSO enabled
    Indicates whether the system uses the remote manager as the authentication server. Valid values are:
    • yes
    • no

    Create the remote manager configuration

    Format
    /sys/ur create -addr <value> { -certificate <value> -passphrase <value> | -unsecured }
    Action qualifiers
    Qualifier
    Description
    -addr
    Specifies the Unisphere Central management server name or IP address.
    -certificate
    Specifies the hash of the existing certificate.
    -passphrase
    Specifies the challenge phrase for the Unisphere Central manager to sign the certificate.
    -unsecured
    Skips certificate and challenge phrase.
    Example
    uemcli /sys/ur create -addr 10.10.0.1 -certificate 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 -passphrase password
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = ur_0
    Operation completed successfully.
    
    
                            

    View remote manager configuration

    Displays the remote manager configuration.

    Format
    /sys/ur show
    Example

    The following command displays the Unisphere Central manager configuration:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/ur show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1: ID      = ur_0
       Address = 10.10.0.2
    
    
                            

    Change remote manager configuration

    Update a user account with new settings.

    Format
    /sys/ur [-id <value>] set [-addr <value>] [ {-certificate <value> {-passphrase <value> | -passphraseSecure} | -unsecured} ] [-ssoEnabled {yes | no}]
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the Unisphere Central management server. Optional if there is only one remote manager configured.
    Action qualifiers
    Qualifier
    Description
    -addr
    Specify the Unisphere Central management server name or IP address.
    -certificate
    Specify the hash of existing certificate.
    -passphrase
    Specify the challenge phrase for the remote manager to sign the certificate.
    -passphraseSecure
    Specifies the challenge phrase in secure mode - the user will be prompted to input the challenge phrase.
    -unsecured
    Skip certificate and challenge phrase.
    -ssoEnabled
    Specify whether you want to set the remote manager as the authentication server for the local system. Valid values are yes or no. The default value is set to no, which indicates that the authentication server is the local system.
    Example
    uemcli /sys/ur set -addr 10.10.0.2
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage remote logging

    Log system messages to a remote host. Create a setting for remote logging that specifies the following:

    • The facility that will generate the log messages.
    • The network name or IP address of a remote host that will receive the log data.

    The remote host must be accessible from the system. Security for the log information must be provided through network access controls or the system security at the remote host. You can configure the log transmission method (UDP or TCP) and the host port that the system uses. By default, the system transfers log information on port 515 over the UDP protocol.

    Log files record messages to flat log files. The user-level system messages are recorded in English. However, you can specify a facility to select the type of information contained in the logs, according to the system component that issues it, and the language of any text in the log.

    View event logs and alerts explains viewing details about current logs and alerts on the system.

    The following table lists the attributes for remote system logging.

    Table 20. Remote logging attributes
    Attribute
    Description
    Enabled
    Indication of whether remote logging is currently enabled. Valid values are:
    • yes
    • no
    Host
    IP address or network name of the remote host
    Port
    Port number on the remote host. Default is 515.
    Protocol
    Protocol for transferring the log. Valid values are:
    • tcp
    • udp
    Facility
    Facility that will process the log. Value is one of the following:
    • kern - Kernel messages.
    • user - User-level messages.
    • syslog - Message generated internally by syslogd (default).

    View settings for remote logging

    View remote logging settings.

    Format
    /sys/rlog show
    Example

    The following command displays the settings for remote system logging:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/rlog show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     Enabled  = yes
           Host     = 10.0.0.1
           Port     = 500
           Protocol = UDP
           Facility = KERN
    
                            

    Configure settings for remote logging

    Configure for remote logging.

    Format
    /sys/rlog set [-enabled {yes|no}] [-host <value>] [-port <value>] [-protocol {udp|tcp}] [-facility {KERN | USER | Syslog }]
    Object qualifier
    Qualifier
    Description
    -enabled
    Specify to enable remote system logging. Valid values are:
    • yes
    • no
    If you specify yes, include -host <value>, where value is the IP address of the target remote host that will receive the logs.
    -host
    Type the IP address or network name of the remote host that will receive the log files. Value is one of the following:
    • <IPv4 address>
    • <IPv6 address>
    • <network name>
    -port
    Type the port number on the remote host. Default is 515.
    -protocol
    Type the protocol for transferring the log files. Valid values are:
    • TCP
    • UDP
    -facility
    Type the facility that will process the log files. Value is one of the following:
    • KERN - Kernel messages.
    • USER - User-level messages.
    • Syslog (default) - Message generated internally by syslog.
    Example

    The following command configures remote system logging with these settings:

    • Remote target host is 10.64.74.12
    • Uses host port 500.
    • Uses protocol udp.
    • Uses the KERN facility.
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/rlog set –enabled yes –host 10.64.74.12 –port 500 –protocol UDP -facility KERN
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage system certificates

    Interface to manage certificates for different components on the storage system.

    The following table lists the attributes for certificates:

    Table 21. Certificate attributes
    Attribute
    Description
    ID
    Certificate identifier.
    Type
    Certificate type. Valid certificate types are:
    • CA
    • Server
    • Client
    • TrustedPeer
    Service
    Service with which the certificate is associated. The services supported are:
    • Mgmt_LDAP
    • Mgmt_KMIP
    • VASA_HTTP
    Scope
    Scope of the certificate. The certificate can have local or global scope. If global, there will be no value. If local, value will be the ID of the scope. For example, if the scope of the certificate associated with Mgmt_LDAP service is NAS server nas01, the value of the property would be nas01.
    Trust anchor
    Indicates whether the certificate is trusted as end-of-chain for peer certificate verification. Valid values are:
    • yes
    • no
    Version
    Certificate version.
    Serial number
    Certificate serial number.
    Signature algorithm
    Certificate signature algorithm.
    Issuer name
    Name of the certificate issuer.
    Valid from
    Date and time when the certificate became valid.
    Valid to
    Date and time when the certificate will expire.
    Subject
    Certificate subject.
    Subject alternative name
    Certificate subject alternative name.
    Public key algorithm
    Certificate public key algorithm.
    Key length
    Certificate key length.
    Thumbprint algorithm
    Certificate thumbprint algorithm.
    Thumbprint
    Certificate thumbprint.
    Private key available
    Indicates whether the certificate has an associated private key. Based on availability, valid values are:
    • yes
    • no

    View certificates information

    View details about a certificate.

    Format
    /sys/cert [ -type { CA | Server | Client | TrustedPeer } ] [ -service { Mgmt_LDAP | Mgmt_KMIP | VASA_HTTP } [ -scope <value> ] ] [ -id <value> ] show
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the certificate.
    -type
    Identifies the type of certificate.
    -service
    Identifies the Service. Valid values are:
    • Mgmt_LDAP
    • Mgmt_KMIP
    • VASA_HTTP
    -scope
    Identifies the scope of the certificate.
    Example

    The following command displays a VASA HTTP certificate information:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/cert -id vasa_http-vc1-cacert-1 show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    ID                       = vasa_http-vc1-cacert-1
          Type                     = CA
          Service                  = VASA_HTTP
          Scope                    = 
          Trust anchor             = no
          Version                  = 2
          Serial number            = 04:00:00:00:00:01:21:58:53:08:A2
          Signature algorithm      = SHA256WithRSAEncryption
          Issuer name              = CN = GlobalSign O = GlobalSign OU = GlobalSign Root CA – R3
          Valid from               = 2009-03-18 10:00:00
          Valid to                 = 2029-03-18 10:00:00
          Subject name             = CN = GlobalSign O = GlobalSign OU = GlobalSign Root CA – R3
          Subject alternative name =
          Public key algorithm     = RSA
          Key length               = 2048
          Thumbprint algorithm     = SHA1
          Thumbprint               = d6 9b 56 11 48 f0 1c 77 c5 45 78 c1 09 26 df 5b 85 69 76 ad
          Private key available    = no
    
                            

    Delete system certificate

    Deletes an X509 certificate.

    Format
    /sys/cert -id <value> delete
    Object qualifier
    Object
    Description
    -id
    Identifies the certificate.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/cert -id vasa_http-vc1-servercert-1 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage snapshot protection schedules

    To schedule snapshot creation, you assign a protection schedule to the storage resource of which to take snapshots. Schedules contain one or more task rules that define the time and frequency when snapshots of the storage resource are taken. When you create a task rule you can assign it to an existing schedule or the system will automatically assign it to a new schedule. Manage task rules explains how to set up task rules. Manage snapshots explains how to create snapshots manually and manage existing snapshots.

    Each protection schedule is identified by an ID.

    The following table lists the attributes for protection schedules.

    Table 22. Protection schedule attributes
    Attribute
    Description
    ID
    ID of the schedule
    Name
    Name of the schedule
    Type
    Type of schedule. Value is one of the following:
    • system— Defined by the system
    • user— Defined by a user
    Rules
    List of IDs for each task rule in the schedule. Manage task rules provides details about schedule rules.
    Sync replicated
    The state indicating to the user whether the schedule is synchronously replicated to the remote system. Value is one of the following:
    • no— The schedule is created locally and will not be replicated.
    • yes— The schedule is in sync with the remote system.
    Last modified time
    Last modified time of the schedule.

    View protection schedules

    View details about protection schedules. You can filter on the schedule ID.

    The show action command explains how to change the output format.
    Format
    /sys/task/sched [-id <value>] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of a schedule.
    Example

    The following command displays details about all schedules (user- and system-defined) on the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/sched show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID              = LessProtectionID
           Name            = Less Protection
           Type            = System
           Rules           = RULE_1, RULE2
           Sync replicated = no
    
    2:     ID              = DefaultProtectionID
           Name            = Default Protection
           Type            = System
           Rules           = RULE_3
           Sync replicated = no       
    
    3:     ID              = MySchedID
           Name            = MySched1
           Type            = User
           Rules           = RULE_4
           Sync replicated = yes
                            

    Delete protection schedules

    Delete a user-defined protection schedule. You cannot delete a system-defined schedule or schedules that are associated or assigned to storage resources.

    When you delete a schedule, all rules associated with the schedule are also deleted.
    Format
    /sys/task/sched [-id <value>] delete
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the schedule to delete.
    Example

    The following command deletes schedule MySchedID:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/sched -id MySchedID delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage task rules

    Task rules define the time and frequency when a task, such as snapshot creation, will occur. When you create a task rule, you can assign it to an existing protection schedule or the system automatically assigns it to a new schedule. You then assign the schedule to the storage resource of which to schedule snapshots. Manage snapshot protection schedules explains how to view and delete protection schedules.

    The following table lists the attributes for task rules.

    Table 23. Task rule attributes
    Attribute
    Description
    ID
    ID of the rule.
    Type
    Type of rule, which specifies when a task executes. Valid values are:
    • hoursinterval - Task executes on an interval of the specified number of hours or minutes within an hour.
    • hourslist - Task executes everyday on the specified hours and, optionally, on a specific minute within the specified hour.
    • daysinterval - Task executes on an interval of the specified number of days and, optionally, on a specific hour of each specified day.
    • weekdayslist - Task executes on the specified days of the week or on a specific hour of each specified day.
    • monthdayslist - Task executes each month on a specified day and time.
    Frequency
    Frequency that a task executes.
    Keep for
    For snapshots, the amount of time the system retains a snapshot before deleting it.
    Allow auto-delete
    For snapshots, indicates whether the snapshot can be deleted automatically. Valid values are:
    • yes — The system can delete the snapshot automatically.
    • no — The system cannot delete the snapshot automatically.
    Access
    For snapshots, indicates whether the snapshot created by this schedule is a checkpoint, or is set to read/write. Valid values are:
    • ckpt — The snapshot is a read-only checkpoint
    • share — The snapshot is set to read/write for users to create CIFS (SMB) shares of NFS exports.

    Create task rules

    Create a task rule and add to an existing schedule. If a schedule does not exist, a new one is created.

    Format
    /sys/task/rule create {–schedId <value> | -schedName <value>} -type {hoursinterval -every <value> [-at <value>] | hourslist -hours <value> [-at <value>] | daysinterval -every <value> [-at <value>] | weekdayslist -days <value> [-at <value>] | monthdayslist -days <value> [-at <value>]} [{-keepFor <value> | -allowAutoDelete {yes | no}}] [-access {ckpt | share}] [-syncRep {yes | no}]
    Action qualifiers
    Qualifier
    Description
    -schedId
    Type the ID of an existing protection schedule to which to assign the rule. View protection schedules explains viewing details about existing schedules, including their IDs.
    -schedName
    Type a name for a new protection schedule to which to assign the rule.
    -type
    Specify the type of rule, which indicates how often the task will execute. Valid values are:
    • hoursinterval — Task executes on an interval of the specified number of hours or minutes within an hour.
    • hourslist — Task executes everyday on the specified hours and, optionally, on a specific minute within the specified hour. Supports up to two specified hours.
    • daysinterval — Task executes on an interval of the specified number of days and, optionally, on a specific hour of each specified day.
    • weekdayslist— Task executes on the specified days of the week or on a specific hour of each specified day. Supports up to seven specified values, including all the days in a week.
    • monthdayslist— Task executes each month on a specified day and time. Supports one day value only.
    -every

    (used with -type)

    If the value of -type is hoursinterval or daysinterval, type the time interval when the task will execute. Valid values are:
    • hoursinterval — Number of hours within the range 1 - 24.
    • daysinterval — Number of days within the range 1 - 31.
    -hours

    (used with -type)

    If the value of -type is hourslist, type a comma-separated list of the hours of the day when the task will execute. The range is 0 - 23.
    -at

    (used with -type)

    Type the specific number of minutes of an hour and the minutes of a day when the task will execute based on the value of -type. Valid values are:
    • hoursinterval or hourslist - Type the number of minutes after the hour within the range 0 - 59. Default is 0.
    • daysinterval, weekdayslist, or monthdayslist - Type the time of a day in the following format: <HH>[:MM] where HH is the hour of the day and MM represents the minutes within the specified hour. Value range is 0:00 - 23:59. Default value is 0:00.
    -days

    (used with -type)

    If the value of -type is weekdayslist or monthdayslist, type the days of the week or the day of the month when the task will execute:
    • weekdayslist— Type a comma-separated list of the days of the week. Valid values are:
      • mon — Monday
      • tue — Tuesday
      • wed — Wednesday
      • thu — Thursday
      • fri — Friday
      • sat — Saturday
      • sun — Sunday
    • monthdayslist — Type the day of the month within the range 1 – 31.
    For monthdayslist, you can specify only one day of the month.
    -keepFor
    Type the number of days or hours the system will retain a snapshot before deleting it. Use the following format: < value>[< qualifier>] where:
    • value — Type the number of hours or days. Value is:
      • hours — Number of hours within the range 1 - 24.
      • days — Number of days within the range 1 - 31.
    • qualifier — Type the value qualifier. Value is one of the following:
      • h — Indicates hours.
      • d — Indicates days.
    Default value is 1h (1 hour).
    -allowAutoDelete
    Specify whether the system can automatically delete the snapshot or snapshot set. Valid values are:
    • yes (default)
    • no
    -access
    Specify whether the snapshot is a read-only checkpoint, or read/write for CIFS (SMB) shares or NFS exports. Valid values are:
    • ckpt (default)
    • share
    -syncRep
    Specify whether this schedule is synchronously replicated. All changes done to the replicated schedule on the local system apply to the remote system automatically and conversely. Valid values are:
    • yes
    • no
    If a synchronous remote connection is established, the default value is yes, otherwise it is no.
    Example 1

    The following command creates a task rule with these settings:

    • Assigns the rule to the new protection schedule MyScheduleID.
    • Takes a snapshot every 12 hours and 30 minutes.
    • Keeps the snapshot for 10 hours before deleting it:
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/rule create –schedName MyScheduleID -type hoursinterval -every 12 –at 30 –keepFor 10h
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = RULE_1
    Schedule ID = MyScheduleID
    Operation completed successfully.
                            
    Example 2

    The following command creates a task rule with these settings:

    • Assigns the rule to the existing protection schedule MySchedID.
    • Takes a snapshot everyday at 8:30 a.m., and 8:30 p.m.:
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/rule create –schedId MySchedID -type hourslist –hours “8,20” –at 30
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = RULE_2
    Operation completed successfully.
                            
    Example 3

    The following command creates a task rule with these settings:

    • Assigns the rule to the existing protection schedule MySchedID.
    • Takes a snapshot every 2 days at 1:20 p.m.
    • Keeps the snapshot for 1 week (7 days) before deleting it:
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/rule create –schedId MySchedID -type daysinterval -every 2 –at 13:20 –keepFor 7d
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = RULE_3
    Operation completed successfully.
                            
    Example 4

    The following command creates a task rule with these settings:

    • Assigns the rule to the existing protection schedule MySchedID.
    • Takes a snapshot every Monday, Wednesday, and Friday at 6 a.m.:
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/rule create –schedId MySchedID -type weekdayslist -days “Mon,Wed,Fri” –at 6
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = RULE_4
    Operation completed successfully.
                            
    Example 5

    The following command creates a task rule with these settings:

    • Assigns the rule to the existing protection schedule MySchedID.
    • Takes a snapshot on the first day of every month at 12 p.m.:
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/rule create –schedId MySchedID -type monthdayslist -days 1
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = RULE_5
    Operation completed successfully.
                            

    View task rules

    View details about task rules. You can filter on the ID of a rule or type the ID of a protection schedule to view only the rules assigned to that schedule.

    The show action command explains how to change the output format.
    Format
    /sys/task/rule [{-id <value> | -sched<value>}] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of a rule.
    -sched
    Type the ID of a protection schedule to view the rules associated with it.
    Example

    The following command lists details for all task rules assigned to protection schedule SCHD_3:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/rule –sched SCHD_3 show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID        = RULE_1
           Type      = HoursInterval
           Frequency = Every 12h at 30m after the hour
           Keep for  = 10h
    
    2:     ID        = RULE_2
           Type      = HoursList
           Frequency = Every day at 8:30, 20:30
           Keep for  = 1h
    
    3:     ID        = RULE_3
           Type      = DaysInterval
           Frequency = Every 2d at 13:20
           Keep for  = 7d
    
    4:     ID        = RULE_4
           Type      = WeekDaysList
           Frequency = Every Mon, Wed, Fri at 6:00
           Keep for  = 1h
    
    5:     ID        = RULE_5
           Type      = MonthDaysList
           Frequency = Every 1st, 2nd, 3rd day of month at 0:00
           Keep for  = 1h
    
                            

    Delete task rules

    Delete a task rule.

    You cannot delete a rule that is associated with a system-defined schedule, only a user-defined schedule. Also, when you delete the last rule in a schedule, the schedule is also deleted.
    Format
    /sys/task/rule -id <value> delete
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the rule to delete.
    Example

    The following command deletes rule RULE_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/rule –id RULE_1 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage jobs

    Manage the operations that are running in the background.

    The following table lists the attributes for jobs.

    Table 24. Jobs attributes
    Attribute
    Description
    ID
    Job identifier.
    Type
    Job type. Value is one of the following:
    • Provisioning
    • Snapshot
    • Snapshot schedule
    Title
    Job title.
    State
    Job state. Value is one of the following:
    • Queued
    • Running
    • Suspended
    • Completed
    • Completed with problems
    • Failed
    • Rolling back
    Result desciption
    Describes the result of the step.
    Step
    Current step.
    User
    User who started the job.
    Start time
    Time when the job was started.
    Elapsed time
    Elapsed time for the current job.
    Estimated time left
    Time remaining to complete the current job.
    Percent complete
    Job progress in percent.
    Associated object
    Object or storage resource affected by the job. Only one object is associated with each job. Format is shown as:

    <id> (<object type>)

    View list of jobs

    View the list of existing jobs.

    Format
    /sys/task/job [{-id <value> | -active | -failed | -completed}] show
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the job.
    -active
    Show only unfinished jobs (Queued, Running, Suspended, Rolling back).
    -failed
    Show only failed jobs.
    -completed
    Show only successfully completed and completed with problems jobs.
    Example 1

    The following command displays a list of all jobs:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/job show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    ID                  = N-26
          Type                = Provisioning
          Title               = Create or modify storage resource
          State               = Completed
          Step                = 2 of 2 (Apply iSCSI hosts)
          Percent complete    = 100%
                            
    Example 2

    The following command displays a list of all jobs:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/job show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    ID                   = N-11
          Type                 = Storage resource provisioning
          Title                = Create storage resource
          State                = Completed
          Result description   = Success
          User                 = Local/admin
          Step                 =
          Start time           = 2016-06-17 09:47:36
          Elapsed time         = 1m 26s
          Estimated time left  =
          Percent complete     = 100%
          Associated object    = fs_3 (/stor/prov/fs)
                            

    Resume a job

    Resumes an existing job. Could be applied to the suspended job only.

    Format
    /sys/task/job -id <value> resume
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the job.
    Example

    The following command resumes an existing job.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/job -id N-23564 resume
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Cancel a job

    Cancels an existing job without rolling back. Could be applied to the suspended or queued job only.

    Format
    /sys/task/job -id <value> cancel
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the job.
    Example

    The following command resumes an existing job.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/job -id N-23654 cancel
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Delete jobs

    Deletes a job or a group of jobs. Active jobs cannot be deleted.

    Format
    /sys/task/job {-id <value> | -failed | -completed} delete
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the job.
    -failed
    Identifies jobs that have failed.
    -completed
    Identifies jobs that have completed successfully or completed with problems.
    Example

    The following command deletes an existing job.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /sys/task/job -id N-23654 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Manage job step

    Manage the steps of the specified job.

    The following table lists the attributes for job step.

    Table 25. Job step attributes
    Attribute
    Description
    Title
    Step title.
    Status
    Step status. Value is one of the following:
    • Queued
    • Running
    • Completed
    • Failed
    Execution result code
    The error code of the operation.
    Execution result description
    The error message of the operation.
    Rollback result code
    The error code of the rollback.
    Rollback result description
    The error message of the rollback.
    Details
    Additional information. Format: key: "value", key: "value",...
    Associated object
    Object or storage resource affected by the job. Only one object is associated with each job step. Format is shown as:

    <id> (<object type>)

    View list of steps in a job

    Displays a list of steps of the specified job.

    Format
    /sys/task/job/step -jobId <value> show
    Object qualifier
    Qualifier
    Description
    -jobId
    Identifies the job.
    Example 1

    The following command displays a list of steps of the specified job.

    uemcli /sys/task/job/step -jobId N-23654 show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:  Title                        = Extend storage pool
        Status                       = Completed
        Execution result code        = 0
        Execution result description = 
        Rollback result code         = 0
        Rollback result description  = 
        Details                      = ID: "local_pool_8"; Name: "SASx6_2"
    
    2:  Title                        = Create application
        Status                       = Completed
        Execution result code        = 0
        Execution result description = 
        Rollback result code         = 0
        Rollback result description  = 
        Details                      = ID: "local_pool_8"; Name: "SASx6_2"
    
    3:  Title                        = Create file system
        Status                       = Running
        Execution result code        = 0
        Execution result description = 
        Rollback result code         = 0
        Rollback result description  = 
        Details                      = ID: fs_99; Name: JobTest11
    
    4:  Title                        = Create NFS share
        Status                       = Queued
        Execution result code        = 0
        Execution result description = 
        Rollback result code         = 0
        Rollback result description  = 
        Details                      = ID: nfs_45; Name: JobTest11
    
    5:  Title                        = Finalize allocation
        Status                       = Queued
        Execution result code        = 0
        Execution result description = 
        Rollback result code         = 0
        Rollback result description  = 
        Details                      = ID: local_pool_8; Name: SASx6_2
                            
    Example 2

    The following command displays a detailed list of steps of the specified job.

    uemcli /sys/task/job/step -jobId N-11 show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    Title                        = Create storage resource
          Status                       = Completed
          Execution result code        = 0
          Execution result description =
          Rollback result code         = 0
          Rollback result description  =
          Details                      = ID: "res_3"; Name: "testFS3"
          Associated object            =
    
    2:    Title                        = Create file system
          Status                       = Completed
          Execution result code        = 0
          Execution result description =
          Rollback result code         = 0
          Rollback result description  =
          Details                      = ID: "fs_3"; Name: "testFS3"
          Associated object            = fs_3 (/stor/prov/fs)
    
    3:    Title                        = Add filesystem to storage resource
          Status                       = Completed
          Execution result code        = 0
          Execution result description =
          Rollback result code         = 0
          Rollback result description  =
          Details                      = ID: "res_3, fs_3"
          Associated object            =