virtual machine with valid credentials, VM Manager displays I/O utilization data for each virtual storage device and for VM aggregated storage interfaces.
•Virtual LAN (VLAN) interface name and status on the Network tab: This status is displayed for a virtual machine with valid credentials, but invalid credentials will return an unknown LAN status and utilization. It might display whatever information is available, for example, the bus, dev, or the fcn number for the VLAN interface.
To change the WBEM credentials settings for virtual machines, return to the Set WBEM Credentials for Virtual Machines page by selecting Modify→WBEM Credentials.... You do not need to select a virtual machine before setting credentials.
IMPORTANT: After you enter the data, save it by clicking OK. Otherwise, the data is cleared when the session ends.
Trusted certificates
If you require the additional security provided by certificate validation you can turn on SSL certificate validation by selecting the Require trusted certificates check box on the VM Manager Set WBEM Credentials for Virtual Machines page. With this setting turned on, the client Certificate Trust Store must include the server certificates from the virtual machines; otherwise, VM Manager cannot obtain certain information from the virtual machines. If your environment does not require the additional security provided by certificate validation, you can leave certificate validation turned off.
To enable SSL certificate validation in VM Manager, you must export the server certificates from the WBEM services providers on the virtual machines, and import those certificates into the keystore on the VM Host where VM Manager is running. This keystore is shared between Partition Manager and VM Manager. Certificates in this keystore are trusted by both Partition Manager and VM Manager.
To get the certificate file from the WBEM services provider, follow these steps:
1.Locate the WBEM services provider certificate file (cert.pem) on the virtual machine to which you want to connect. To find the correct file, open the WBEM services Provider configuration file, which can be found in the following locations:
•For Windows:
%PEGASUS_HOME%\cimserver_current.conf
•For
$PEGASUS_HOME/cimserver_current.conf
(The default value for PEGASUS_HOME on HP-UX is /var/opt/wbem.)
The location of the server certificate file is configured by the sslCertificateFilePath setting. If this value is not set in the configuration file, the default values are as follows:
•For Windows:
%PEGASUS_HOME%\server.pem
•For
/etc/opt/hp/sslshare/cert.pem
2.Copy the certificate file (cert.pem or server.pem) to the VM Host where VM Manager is running.
NOTE: Copy the certificate file to a temporary directory (not to the sslshare directory) on the VM Host. Do not overwrite the existing cert.pem or server.pem file in the sslshare directory on the VM Host.
Setting security credentials | 19 |