hp wbem services for hp-ux services admin guide

HP WBEM Services for HP-UX SystemAdministrators Guide

Manufacturing Part Number: B8465-90001

E0902

U.S.A.

© Copyright 2002 Hewlett-Packard Company. All rights reserved.

Legal NoticesThe information in this document is subject to change without notice.

Hewlett-Packard makes no warranty of any kind with regard to this manual, including, butnot limited to, the implied warranties of merchantability and fitness for a particular purpose.Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect,special, incidental or consequential damages in connection with the furnishing, performance,or use of this material.

Warranty. A copy of the specific warranty terms applicable to your Hewlett-Packard productand replacement parts can be obtained from your local Sales and Service Office.

Restricted Rights Legend. Use, duplication or disclosure by the U.S. Government is subjectto restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data andComputer Software clause at DFARS 252.227-7013 for DOD agencies, and subparagraphs (c)(1) and (c) (2) of the Commercial Computer Software Restricted Rights clause at FAR52.227-19 for other agencies.

HEWLETT-PACKARD COMPANY3000 Hanover StreetPalo Alto, California 94304U.S.A.

Use of this manual and flexible disk(s) or tape cartridge(s) supplied for this pack is restrictedto this product only. Additional copies of the programs may be made for security and back-uppurposes only. Resale of the programs in their present form or with alterations, is expresslyprohibited.

Copyright Notices. ©copyright 2002 Hewlett-Packard Company, all rights reserved.

Reproduction, adaptation, or translation of this document without prior written permission isprohibited, except as allowed under the copyright laws.

©copyright 1979, 1980, 1983, 1985-93 Regents of the University of California

This software is based in part on the Fourth Berkeley Software Distribution under licensefrom the Regents of the University of California.

2

©copyright 1980, 1984, 1986 Novell, Inc.©copyright 1986-1992 Sun Microsystems, Inc.©copyright 1985-86, 1988 Massachusetts Institute of Technology.©copyright 1989-93 The Open Software Foundation, Inc.©copyright 1986 Digital Equipment Corporation.©copyright 1990 Motorola, Inc.©copyright 1990, 1991, 1992 Cornell University©copyright 1989-1991 The University of Maryland©copyright 1988 Carnegie Mellon University

This product includes software developed by The Open Group Pegasus Project(http://www.opengroup.org/pegasus ). The Open Group Pegasus Project Copyright (c)2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM, The Open Group, TivoliSystems.

This product includes software developed by the OpenSSL Project for use in the OpenSSLToolkit (http://www.openssl.org ). OpenSSL Copyright (c) 1998-2002 The OpenSSL Project.All rights reserved.

This product includes cryptographic software written by Eric Young ([email protected]). Thisproduct includes software written by Tim Hudson ([email protected]). This package is an SSLimplementation written by Eric Young ([email protected]), written so as to conform withNetscape’s SSL. Original SSLeay License: Copyright (C) 1995-1998 Eric Young([email protected]) All rights reserved.

3

Contents

1. Overview of WBEM ServicesWBEM Services Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12WBEM Services Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2. How Does WBEM Services Work?Who Uses WBEM Services?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

WBEM Services Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Client Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

How WBEM Services Processes Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21WBEM Services Executables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3. Example of a Client RequestExample Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Example Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

4. Installing and Setting up WBEM ServicesBefore Starting WBEM Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Providers Included with WBEM Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Clients Included with WBEM Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Starting and Stopping WBEM Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42The cimserver Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42cimserverd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Maintaining the Repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44CIM Server Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46The cimconfig Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5. Security ConsiderationsUser Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Local User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Remote User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50HTTPS and HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Namespace Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

6. TroubleshootingChecklist for Troubleshooting WBEM Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

7

Contents

WBEM Services Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Standard CIM Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58WBEM Services Command Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

A. How Resources are Represented (CIM Schema)

B. WBEM Services CIM OperationsThe InvokeMethod Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Operations Implemented by Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Operations on Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Class Manipulation Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Qualifier Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

8

HP WBEM Services for HP-UX SystemAdministrator’s Guide

PrefaceThis guide describes how a system administrator uses HP WBEMServices for HP-UX on HP 9000 servers running the HP-UX operatingsystem. The contents are as follows:

• Chapter 1, Overview of WBEM Services, introduces WBEM Services:what it is, where it comes from, and how you can learn more about it.

• Chapter 2, How Does WBEM Services Work?, gives you an idea ofhow providers and clients work.

The WBEM Services commands are summarized in Chapter 2.

• Chapter 3, “Example of a Client Request,” shows a client request andthe response received, both encoded in XML.

• Chapter 4, Installing and Setting up WBEM Services,” describeswhat system administrators should do before they actually useWBEM Services for HP-UX. It tells how to prepare the system forinstallation, and how to start WBEM Services. It lists the WBEMServices configuration properties that can be set.

• Chapter 5, “Security Considerations,” describes WBEM Servicessecurity, and describes WBEM Services authentication,authorization, and encryption.

• Chapter 6, “Troubleshooting,” lists some suggestions to try if youhave trouble. It also lists the messages generated by WBEMServices.

• Appendix A gives you some background into CIM terms used byclients and providers to represent resources in the repository.

• Appendix B lists the operations implemented in WBEM Services.

9

• The Glossary defines terms you may encounter when using WBEMServices.

The last printing date and part number indicate the current edition,which applies to the 1.0 version of HP WBEM Services for HP-UX.

The printing date changes when a new edition is printed. (Minorcorrections and updates which are incorporated at reprint do not causethe date to change.) The part number is revised when extensive technicalchanges are incorporated.

New editions of this manual will incorporate all material updated sincethe previous edition.

HP Printing Division:

Infrastructure Solutions Division

Hewlett-Packard Co.19111 Pruneridge Ave.Cupertino, CA 95014

Table 1 Printing History

Printing Date Part Number Edition

September, 2002 B8463-90001 First

10

Overview of WBEM Services

1 Overview of WBEM Services

This chapter introduces HP WBEM Services for HP-UX: what it is,where it comes from, and how you can learn more about it.

WBEM Services acts as an information broker; it is a way that providersand clients can communicate.

A provider is developed to offer access to a resource. The provider definesthe resource and tells WBEM Services what information they willprovide to clients, and what actions they will perform for clients.

Clients send requests to WBEM to get information about, and access to,the registered resources.

HP WBEM Services for HP-UX runs on HP-UX computers. However,communication is not limited to HP-UX. The information is stored andexchanged using widely accepted WBEM standards developed by theDistributed Management Task Force, Inc. (see http://www.dmtf.org ).WBEM Services is based on The Open Group’s Pegasus Open SourceSoftware (OSS) Project (see http://www.opengroup.org/pegasus ).

Because information is formatted for the web, the exchange is notplatform-dependent. WBEM-standard products can provide informationabout resources on several operating systems and platforms.

To understand more about WBEM standards and design, go tohttp://www.dmtf.org/education/index.php and begin the tutorialfor CIM (Common Interface Model).

The CIM operations that WBEM Services supports are listed inAppendix B.

Chapter 1 11

Overview of WBEM ServicesWBEM Services Standards

WBEM Services StandardsWBEM Services implements DMTF WBEM standards. The three corestandards used by WBEM Services are:

• A data model, CIM, the Common Information Model standard

The CIM specification is the language and methodology fordescribing management data. CIM is a conceptual information modelfor describing resources. It is not bound to a particularimplementation, so WBEM Services can accept requests from otherplatforms.

WBEM Services keeps information about its managed resources inthe WBEM Services repository, following the Common InformationModel.

For an overview of data representation, see Appendix A. For moreinformation, see Common Information Model (CIM) Specification,Version 2.0 (fromhttp://www.dmtf.org/standards/cim_spec_v20/index.php).

• An encoding specification, CIM-XML

xmlCIM is the specification for representing CIM in XML.

Requests come from clients to WBEM Services as CIM operationsencoded in XML. WBEM Services sends the responses to the clientsin XML.

For an overview of XML, see http://www.w3.org/XML for the W3CArchitecture domain’s Extensible Markup Language (XML)

For more information about XML, see DMTF’s Representation of CIMin XML (fromhttp://www.dmtf.org/standards/published_documents.php).

Chapter 3 has an example of an xml-encoded request and response.

• A transport mechanism, CIM Operations over HTTP

CIM Operations over HTTP Specification (fromhttp://www.dmtf.org/standards/ published_documents.php)specifies the way HTTP (HyperText Transfer Protocol) is used to

Chapter 112

Overview of WBEM ServicesWBEM Services Standards

transport the CIM information. This document defines a mapping ofCIM operations onto HTTP that allows implementations of CIM tointeroperate in an open, standardized manner.

For more information about the WBEM Services HTTP Server, theports reserved for WBEM Services, and other transport issues, seeChapter 5 “Security Considerations.”

For more information about DMTF’s WBEM standards, seehttp://www.dmtf.org.

Chapter 1 13

Overview of WBEM ServicesWBEM Services Architecture

WBEM Services ArchitectureThe four main components of WBEM Services are:

• CIM server, the Common Information Model server

CIM server interacts with providers. CIM server receives requestsfrom management clients. It contacts the provider of thatinformation, and waits for the provider’s response. It sends thatresponse back to the client.

• CIM repository

The repository keeps definitions of the data about all the managedobjects and their providers. When a valid request is received, WBEMServices will go to the repository and look up the managed resource.The resource owners register their provider with WBEM Services,telling what information or methods they will provide and howWBEM Services can invoke the appropriate action.

WBEM Services defines several operations to query or manipulatethe repository. Information can be entered as MOF files, using thecimmof command. Information can be entered as XML files, usingthe wbemexec command.

For information about maintaining and restoring the repository, seeMaintaining the Repository section of Chapter 4, and the checklist inChapter 6, Troubleshooting.

• MOF Compiler (Managed Object Format)

The compiler reads MOF files and loads their information into therepository. A MOF file is a text representation of CIM classes.MOF standards are defined by the DMTF, and are explained in theirtutorial section Specifying Schema athttp://www.dmtf.org/education/cimtutorial .

For more information, see the cimmof man page.

• HTTP Server (HyperText Transfer Protocol)

The server handles communication between WBEM Services andclients.

Chapter 114


WBEM Services product includes an embedded HTTP server. This isnot a web servers. It will receive only valid CIM messages, and rejectany other HTTP request.

For more information, see Chapter 5, Security Considerations.

Chapter 1 15


Chapter 116

How Does WBEM Services Work?

2 How Does WBEM ServicesWork?

This chapter gives you an idea of how WBEM Services for HP-UXprovides a management infrastructure so clients and providers cancommunicate.

It outlines how providers register their resources’ properties (attributesor characteristics) and methods (capabilities, operations, or actions) withWBEM Services.

It gives an overview of how clients use WBEM to make a request about aresource and receive a response. Chapter 3 has an example of an actualrequest sent by a client, and the response it received.

WBEM Services can receive requests from clients on many differentkinds of systems and platforms, as long as the requests conform to theDMTF CIM-XML standard. WBEM Services processes the clients’requests, and passes it to the appropriate providers. When providersreceive requests, they pass information back to WBEM Services. ThenWBEM Service sends a response back to the client.

Chapter 2 17

How Does WBEM Services Work?Who Uses WBEM Services?

Who Uses WBEM Services?Providers use WBEM Services to help their users manage particularthings about their resource.

Clients use WBEM Services to manage resources. Following informationin provider documentation, developers write a software client to sendrequests to WBEM Services.

WBEM Services conveys the request to the appropriate registeredprovider. The providers send information back to WBEM Services.WBEM Services sends that information back to the client in a response.One response is sent for each request, even when the information comesfrom several providers.

See Appendix A for some of the common terms and concepts used byproviders to represent resources.

WBEM Services Providers

To manage a resource, a developer writes software called a CIM provider.When you install a provider on your system, it registers itself withWBEM Services.

When a Provider Installs

When a provider registers with WBEM Services, it supplies thisinformation:

• The definition of the resource. See Appendix A, How Resources areRepresented.

Resources are defined largely by characteristics inherited from themost general classes and passed to the more specific subclasses. Forexample, there could be a schema, Creature, that contained a classHuman. Human could, in turn, have a subclass Female. ClassFemale could, in turn, have several more subclasses until we get tothe specific instance of MyMother.

Resources can also be grouped in namespaces. WBEM Servicesinstalls with four namespaces, listed in Appendix A.

• What information the resource provider will expose (make available)about the resource. These are the properties and methods.

Chapter 218


For example, One property of MyMother would be her unique Nameand SocialSecurityNumber. Other properties might includeBirthdate and PhoneNumber.

• A shared library to invoke the actions that are offered to manage theresource.

For example, It would be handy if the method callMother wouldremind me of her PhoneNumber when her Birthdate approaches.

• Information about the provider itself: its version, its type, adescription of itself, how to invoke it, and the name of its sharedlibraries.

Providers are enabled automatically when they registered. After that,you can disabled them with the cimprovider command. Once disabled,they can only be re-enabled with the cimprovide r command.

Provider Responsibilities

Developers of a WBEM resource provider are responsible for informingtheir users (clients) about their provider: how to specify the provider’sresources in CIM schema, and what properties and methods it offers.

After a resource has been registered, the provider’s developers canreplace it with a newer version to add, remove, and modify informationabout the resource, including new classes, properties, and methods.

Client Requests

Management clients make requests to WBEM Services.

A client request must include:

• A properly formed HTTP header. A remote request must beaddressed to the WBEM Services’ HTTP server on wbem-http port orwbem-https port. Requests must be written in XML. For informationabout XML coding for CIM, see Specification for the Representation ofCIM in XML, Version 2.0 July 20th, 1999 at http://www.dmtf.org/download/spec/xmls/CIM_XML_Mapping20.php

• The operation desired and its required parameters. For example, theGetClass operation requires a class name. The osinfo request inChapter 3 uses the EnumerateInstances operation; its onlyrequirement is the class name.

Chapter 2 19


• The namespace. For example, the osinfo request in Chapter 3specifies the PG_OperatingSystem class in the root/cimv2namespace.

It is the responsibility of the resource’s provider to document the name ofthe resource and its properties and methods. Client developers can usethe documentation to write client software. System Administrators usethe documentation to decide whether to install the provider.

A client can use CIM operations, such as the EnumerateInstancesoperation used in the example in Chapter 3. The client developer usesstandard CIM operations like GetClass and GetProperty to gatherresource information. The CIM operations supported by WBEM Servicesare listed in Appendix B.

Chapter 220

How Does WBEM Services Work?How WBEM Services Processes Requests

How WBEM Services Processes RequestsThe client request is a CIM operation sent by HTTP to WBEM Services.The request is encoded in XML (eXtensible Markup Language). WBEMService’s HTTP server listens for CIM messages on the wbem-http or thewbem-https port.

1. First, the client connects to WBEM Services’ HTTP server. A remoteclient sends a valid system login (name and password) to a systemwith WBEM Services that has the appropriate provider installed.For information about login permissions, see Chapter 5, SecurityConsiderations.

2. WBEM Services CIM Server uses its XML decoder to parse the XMLin the request. If there is an error, it returns an error message andstops processing the request. Only a valid CIM operation is accepted.A request could be rejected by the HTTP Server if it had badlyformed HTTP headers or badly formed XML.

For information about XML coding for CIM, see Specification for theRepresentation of CIM in XML, Version 2.0 July 20th, 1999 athttp://dmtf.org/download/spec/xmls/CIM_XML_Mapping20.php

3. If the request is valid, the CIM Server consults the CIM repositoryand checks the following things:

• Does this namespace exist? If not, an error is returned andWBEM Services stops processing the request. For example, theosinfo request used in Chapter 3 has this namespaceinformation:

<LOCALNAMESPACEPATH><NAMESPACE NAME =”root”/> <NAMESPACE NAME=”cimv2”/></LOCALNAMESPACEPATH>

• Does this user have permission in this namespace? If the WBEMServices property enableNamespaceAuthorization is set totrue, WBEM Services will also check to be sure the user isallowed access to this namespace. (See Chapter 5, SecurityConsiderations, for more about authorization.)

• Does this class exist? WBEM Services looks up the classnamegiven in the request.

Chapter 2 21

How Does WBEM Services Work?How WBEM Services Processes Requests

For example, the osinfo request used in Chapter 3 has this classinformation:

<IPARAMVALUE NAME=”ClassName”><CLASSNAME NAME=”PG_OperatingSystem”/></IPARAMVALUE>

• Does this resource have a registered provider? If there is noprovider registered for this resource, WBEM Services returns anerror to the client. For example, the provider for the osinfoclient request is the Operating System Provider.

4. When WBEM Services finds the registered provider, it also finds theprovider’s instructions about how to reach its appropriate sharedlibrary.

WBEM Services uses this to invokes the appropriate method, andtell the provider which user is making the request. After receivingthe request, the provider’s developers are responsible for anyadditional user authorization it requires, for performing the action,and for returning a response to WBEM Services.

5. WBEM Services’ CIM Server waits for a response from the provider,and conveys the response back to the client. Each request gets oneresponse, even if it contains information from more than oneprovider. For example, a client may ask WBEM Services for a list ofall the printers available to a system. Several providers mayrespond, one for each type of printer. WBEM Services waits till allthe providers respond and combines the information in one responseto the client.

If no provider can be reached, or none respond, WBEM Servicesreturns an error (CIM_ERR_NOT_SUPPORTED) to the client.

For a list of the standard CIM errors and other messages, see Chapter 6,Troubleshooting.

Chapter 222

How Does WBEM Services Work?WBEM Services Executables

WBEM Services ExecutablesThis section lists WBEM Services’ eight commands, one executablescript, and one daemon process. The eight commands have man pageswith more information. The daemon also has a man page.

The eight commands are:

• cimauth - authorize users for a specified namespace

You can add, modify, or remove authorization per user, pernamespace. Assign Read or Write permissions. (Write does notautomatically include Read.) You can also list all authorizations.

This command is only relevant if the propertyenableNamespaceAuthorization is set to true , which is not thedefault. (Set the enableNamespaceAuthorization property with thecimconfig command.)

You can also list the authorizations configured on the CIM Server.

You must have root permission to use cimauth. You can use cimauthonly when CIM Server is running.

• cimconfig - set, unset, or get CIM Server properties. An operationusing the “current” option changes the value immediately; anoperation using the “planned” option takes effect the next time theCIM Server is started with the cimserver command.

WBEM Services properties are listed in Chapter 4.

You must have root permission to use cimconfig. For current values,CIM Server must be running. For planned values CIM Server can berunning or not.

• cimmof - used by WBEM Services to compile .mof (Managed ObjectFormat) files and put the information into the repository. MOFformatted files can be used for resource and/or provider information.

MOF files must follow the DMTF standard format. The cimmof manpage has rules for specifying locations where the files are loaded.

Use the -h option for help with cimmof syntax.

Chapter 2 23


You must have root permission to use cimmof . Forschema can only be loaded as local root, regardless of anyauthorizations done through cimauth . If namespace authorization isenabled, the user must also have Write authorization in thenamespace. You can use cimmof only when CIM Server is running.

• cimprovider - disable, enable, or remove registered CIM providersor CIM provider modules. An option lists the providers, modules, andmodule status.

The list option can be executed by any user. You must have local rootpermission to use the other options. You can use cimprovider onlywhen CIM Server is running.

• cimserver - start or gracefully stop WBEM Services. Afterinstallation, you must start CIM Server with this command the firsttime. If the system is rebooted after that, CIM Server is intended toautomatically restart. However, there are three times that the CIMServer can only be started by an operator command:

— The first time after WBEM Services installs

— If the server was stopped by an operator’s command

— If an operator disables both the HTTPS and HTTP connections inthe planned configuration. For a planned configuration to taketake effect, an operator stops and restarts CIM Server. However,it cannot restart with both ports disabled. Therefore, when youenter the command to restart, it must include an option to enableone (and only one) of the connections.

Use the -v option to see the version number of the CIM Server. Usethe -h option for help with command syntax.

At shutdown, you can specify a value for the shutdown property onthe cimserver command line. This value will be used only for thisshutdown. For example, if the system is stressed, you may want toallow this shutdown an unusually long time.

At startup, you can specify several property and value pairs on thecimserver command line. These values will be used for the currentprocess.

Chapter 224


After a restart, the values will return to their previous settings. SeeChapter 5 for the cimconfig command and a list of settableproperties. For example, if the system is stressed, you can stop theCIM Server and specify a temporary shutdown timeout, longer thanthe usual.

If you try to start CIM Server when it is already running, no action istaken. You will see this message: Error: Bind failed. Failed to bind tosocket.

You must have root permissions to use cimserver to stop or start.You can stop or get a version number with cimserver only when CIMServer is running. You start only when CIM Server is not running.

• openssl - generate and manage x509 certificates. Use openssl tomanage various cryptography functions of OpenSSL’s crypto libraryfrom the shell.

WBEM Services includes a limited version of the full OpenSSLtoolkit. OpenSSL is a cryptography toolkit implementing the SecureSockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)network protocols and related cryptography standards required bythem. For more about OpenSSL, go tohttp://www.openssl.org/docs .

The openssl man page on your system may have a description of allthe OpenSSL options. However, WBEM Services only supports thefollowing options:

— ca - a minimal CA application.

— ciphers - SSL cipher display and cipher list tool

— gendsa - generates a DSA private key from a set of parameters

— rsautl - RSA utility to sign, verify, encrypt and decrypt datausing the RSA algorithm

— dsa - processes DSA keys

— genrsa - generates an RSA private key

— req - PKCS#10 certificate and certificate generating utility

— verify - utility to verify certificates

— x509 - certificate display and signing utility

— dsaparam - DSA parameter manipulation and generation

Chapter 2 25


— rsa - processes RSA keys

— version - prints OpenSSL version information

You must have root permission to use openssl. You can use opensslwhether CIM Server is running or not.

• osinfo - run a WBEM Services client that gathers information aboutthe operating system where the command is issued. The commanduses the Operating System Provider, which is bundled with WBEMServices for HP-UX.

The response lists some properties of the class, including thehostname, operating system type, version, user license, OS capability(32- or 64-bit), last boot time, local date time, and system uptime.

By default, the information is formatted for display in English withuptime displayed in days, hours, minutes, and seconds. You canchoose to get the information in CIM format.

You can use the command for troubleshooting, to see if WBEMServices can return a simple request about its own system.

Any user can execute the osinfo command; root permission is notrequired. You can use it only when CIM Server is running.

• wbemexec - submit a CIM Operation Request to a CIM Server. Therequest must be encoded in XML. The CIM response is also encodedin XML.You will get a message if the request does not pass thesyntax checks of the CIM Server’s HTTP server or the XML decoder.

If you do not specify an input file, wbemexec will assume allinformation is coming from stdin.

By default, the operation is executed on the local host, but thecommand allows specifying a different hostname.

If no port number is specified, wbemexec first attempts to connect tothe CIM Server on the default port for wbem-http service; if thatfails, it tries the default port for wbem-https.

By default, the request is sent as an HTTP/1.1 request, using theHTTP M-POST method. You can choose to specify a method (eitherPOST or M-POST) and the HTTP version (1.0 or 1.1).

You can specify that SSL (Secured Socket Layer) protocol be usedbetween wbemexec and the CIM Server. Be sure to use this option ifyou specify a host name and port number that expects clients toconnect using HTTPS.

Chapter 226


If you have specified a host name or a port number, you can specifythe username and password to be used for the connection to the CIMServer.

By default, wbemexec has a 20 second timeout. You can specify adifferent timeout.

You do not need root permission to use wbemexec. You can usewbemexec only when CIM Server is running.

The cimserverd daemon has a man page, with instructions on changingits polling interval.

• cimserverd - WBEM Services’ way to automatically restart itself incase of failure. cimserverd is not intended to be used by operators. Itis designed for WBEM Services itself.

Users can, however set the interval for cimserverd . To see how to dothat, read the cimserverd man page.

Users start (and halt) CIM Server with the cimserver command. Ifthe CIM Server was halted by an operator with the cimservercommand, cimserverd cannot automatically restart it.

The WBEM Services script is:

• init_repository - used by WBEM Services and providers, thisscript initializes the repository.

If the repository is moved or corrupted, you should first try to restoreit from backup. If that does not work, you use the init_repositoryscript to restore it to the state it was in at installation. You will loseeverything that was entered after install, so you will need tore-install any providers you added.

You do not need root permission to use init_repository . You canuse it only when CIM Server is running.

Chapter 2 27


Chapter 228

Example of a Client Request

3 Example of a Client Request

This chapter gives an example of a client request and the response.

The request is for the EnumerateInstances operation on thePG_OperatingSystem class.

Requests and responses are encoded in XML. For more informationabout XML, see Specification for the Representation of CIM in XML,Version 2.0 July 20th, 1999, at:http://www.dmtf.org/download/spec/xmls/CIM_XML_Mapping20.php

The following information is in a table format. The first column has linenumbers for the actual request and response. The middle column maygroup several related lines. The right-hand column is a comment on thecorresponding middle column.

The request is first; it is 16 lines long. Next is the response; it is actually172 lines long, but lines 81 to 170 were cut for brevity.

Chapter 3 29

Example of a Client RequestExample Request

Example Request

• Lines 1-3: This is checked when the request comes to the HTTPServer. At this point, several things have to happen to continue:

Table 3-1 EnumerateInstances Request for PG_OperatingSystem Class

1 <?xml version=”1.0” ?> Begin specifying thatthis is anXML-encoded CIMmessage. (See end atline 15 and 16)

2 <CIM CIMVERSION=”2.0” DTDVERSION=”2.0”>

3 <MESSAGE ID=”51000” PROTOCOLVERSION=”1.0”>

4 <SIMPLEREQ> This is a simplerequest for theoperation: methodEnumerateInstances

5 <IMETHODCALL NAME=”EnumerateInstances”>

6 <LOCALNAMESPACEPATH>

Line 6 begins (and 9ends) specifying the/root/cimv2namespace for theCIM operation

7 <NAMESPACE NAME=”root”/>

8 <NAMESPACE NAME=”cimv2”/>

9 </LOCALNAMESPACEPATH>

10 <IPARAMVALUE NAME=”ClassName”> Line 10 begins (and12 ends) specifyingthe class name(required) forEnumerateInstances:PG_OperatingSystem

11 <CLASSNAMENAME=”PG_OperatingSystem”/>

12 </IPARAMVALUE>

13 </IMETHODCALL> Ending of the methodcall and simplerequest.14 </SIMPLEREQ>

15 </MESSAGE> Ending of the CIMoperation requestmessage.16 </CIM>

Chapter 330

Example of a Client RequestExample Request

— The client must be able to connect to the system on theauthorized port.

— CIM Server must be running.

— The user/password pair must pass authorization.

— The request must have a properly formed header.

— When the request is parsed, it must not contain xml errors.

• Lines 4 and 5: At this point, WBEM Services considers the operationthat is requested. If it is a supported operation, the processcontinues.

• Lines 6 - 9: Two criteria must be met to continue:

— This namespace must be valid.

— If enableNamespaceAuthorization property is enabled, thisuser must be authorized to access this namespace

• Lines 10 - 12: The classname must exist, and it must have a providerregistered. The provider must respond to the request. Here, the OSProvider is registered for the PG_OperatingSystem class. Checkingthe provider documentation, you can see that it supports theEnumerateInstances method.

Now it is up to the provider to process the request and send a response. Ifthe resource does not respond, WBEM Services will send a message tothe client. If the resource sends its own error, WBEM Services will passthis on to the client in its response. Often, these messages will beappended to a standard CIM error.

Chapter 3 31

Example of a Client RequestExample Response

1

2

3

4

5

6

7

8

9

10

11

12

13

Example ResponseThe table shows the response to the request to EnumerateInstances forPG_Operating System .

The return value is a named instance. Named instances include bothINSTANCENAME (the instance with its key properties) and INSTANCE(all the properties). Because this instance has so many properties, someof them have been cut from the example text.

Table 3-2 EnumerateInstances Response for PG_OperatingSystem Class

<?xml version =”1.0” encoding=”utf-8”?> Lines 1 - 3indicate this isan XML-encodedmessage. (Seeend at lines 171and 172.)

<CIM CIMVERSION=”2.0” DTDVERSION=”2.0”>

<MESSAGE ID=”51000” PROTOCOLVERSION=”1.0”

<SIMPLERSP> This is simpleresponse toEnumerateInstancesmethod

<IMETHODRESPONSE NAME=”EnumerateInstances”>

<IRETURNVALUE> Return value isnamed instance(all properties)<VALUE.NAMEDINSTANCE>

<INSTANCENAME CLASSNAME=”PG_OperatingSystem”> Begin keys ofclass name

<KEYBINDING NAME=”CreationClassName”

One key for thisinstance. It isCreationClassName, a string,and its value is“CIM_OperatingSystem”

<KEYVALUE VALUETYPE=”string”>

CIM_OperatingSystem

</KEYVALUE>

</KEYBINDING>

Chapter 332


14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

<KEYBINDING NAME=”CSCreationClassName”

Next key isCSCreationClassName, a string,with value“CIM_UnitaryComputerSystem”


CIM_UnitaryComputerSystem

</KEYVALUE>

</KEYBINDING>

<KEYBINDING NAME=”CSName”>

The next key isCSName, also astring, withvalue“mycomputer.hp.com”


mycomputer.hp.com

</KEYVALUE>

</KEYBINDING>

<KEYBINDING NAME=”Name”>

The next key isName, also astring, with thevalue of“HP-UX”

<KEYVALUE VALUETYPE=”string”

HP-UX

</KEYVALUE>

</KEYBINDING>

</INSTANCENAME> End of keys forinstance

<INSTANCE CLASSNAME=“PG_OperatingSystem”> Begin allproperties ofinstance


Chapter 3 33


31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

<PROPERTY NAME=”CSCreationClassName” TYPE=”string”>

First keyproperty isCSCreationClassName, a string,with value =“CIM_UnitaryComputerSystem”

<VALUE>

CIM_UnitaryComputerSystem

</VALUE>

</PROPERTY>

<PROPERTY NAME=”CSName” TYPE=”string”>

Next keyproperty

<VALUE>

mycomputer.hp.com

</VALUE>

</PROPERTY>

<PROPERTY NAME=”CreationClassName” TYPE=”string”>

Next keyproperty

<VALUE>

CIM_OperatingSystem

</VALUE>

</PROPERTY>

<PROPERTY NAME=”Name” TYPE=”string”>

Next keyproperty

<VALUE>

HP-UX

</VALUE>

</PROPERTY>

<PROPERTY NAME=”Caption” TYPE=”string”>

<VALUE> Next property


Chapter 334


53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

The current Operating System

</VALUE>

</PROPERTY>

<PROPERTY NAME=”Description” TYPE=”string”>

<VALUE>

This instance reflects the Operating System on whichthe CIMOM is executing (as distinguished frominstances of other installed operating systems thatcould be run). Next property

</VALUE>

</PROPERTY>

<PROPERTY NAME=”Status” TYPE=”string”>

Next property

<VALUE>

Unknown

</VALUE>

</PROPERTY>

<PROPERTY NAME=”OSType” TYPE=”unint16”>

Next property(unsignedinteger, 16 bit)(DMTF specifiesthat 8 = HP-UX)

<VALUE>

8

</VALUE>

</PROPERTY>


Chapter 3 35


71

72

73

74

75

76

77

78

79

80

171

172

173

174

175

171

172

<PROPERTY NAME=”LastBootUpTime” TYPE=”datetime”>

Next property

(datetime datatype)

<VALUE>

2010924091618.000000-420

</VALUE>

</PROPERTY>

<PROPERTY NAME=”CurrentTimeZone” TYPE=”sint16”>

Next property

(signed integer,16 bit)

<VALUE>

-420

</VALUE>

</PROPERTY>

...

Several properties of the instance were removed from this example.

...

</INSTANCE> End of thisinstance’sproperties

</VALUE.NAMEDINSTANCE> End of namedinstance

</IRETURNVALUE> End returnvalue

</IMETHODRESPONSE> End methodresponse

</SIMPLERSP> End simpleresponse

</MESSAGE> End message

</CIM> End CIM XMLmessage


Chapter 336

Installing and Setting up WBEM Services

4 Installing and Setting up WBEMServices

This chapter describes what system administrators should do before theyactually use WBEM Services for HP-UX.

NOTE Do not move or change any WBEM Services file locations! All directoriesare pre-determined. Provider and client developers need a stable filesystem. The files need to stay where they expect to see them.

This chapter lists the prerequisites you need before you can use WBEMServices.

Full instructions for installing are in the WBEM Services for HP-UXRelease Notes. (You can view, print, and download a copy of the ReleaseNotes from http://www.docs.hp.com .) Installation is mostly automatic;you do not have configuration options. Be sure you enter swverifyB8465BA at the end of install.

After install, you must start WBEM Services for the first time, with thecimserver. Enter: cimserver (no options).

After installing, you can set some options, the properties of WBEMServices itself.

Once WBEM Services is running with the properties you want, back upthe files listed below. The first two files are the SSL certificates files. Thenext four are the directories for the repository files.

• /var/opt/wbem/server.pem

• /var/opt/wbem/client.pem

• /var/opt/wbem/repository/root/

• /var/opt/wbem/repository/root#PG_InterOp/

• /var/opt/wbem/repository/root#PG_Internal/

• /var/opt/wbem/repository/root#cimv2/

Chapter 4 37

Installing and Setting up WBEM Services

Continue to back up these files regularly. If these files are deleted,moved, or corrupted, you need to back up thevar/opt/wbem/repository directory.

If you don’t have a backup file for the SSL certificates files, you will needto re-install WBEM Services or re-create certificates using OpenSSLtoolkit. See http://www.openssl.org/docs/ for information on addingback the certificates you used since the last time you installed.

If you do not have backup files for the repository, you can only return tothe state of the last install. You will lose everything that was added sincethe last time you installed. You will have to reinstall any providers youadded. Any data will be lost.

Chapter 438

Installing and Setting up WBEM ServicesBefore Starting WBEM Services

Before Starting WBEM ServicesFor WBEM Services to work, these things must be present:

• Configured ports:

WBEM Services for HP-UX supports only ports 5988 (wbem_http)and 5989 (wbem_https). These two ports are specified by theDistributed Management Task Force and are registered with IANA(Internet Assigned Numbers Authority at http://www.iana.org).

NOTE Hewlett-Packard supports only these two port configurations: HTTPon port 5988, and HTTPS on port 5989.

By default, WBEM Services HTTP server listens for SSL (SecureSockets Layer) encrypted communications on the HTTPS (secure)port, 5989. If you are sure your environment is secure, you could setthe configuration so the server will listen at the HTTP (not SSL)port, 5988. See Chapter 5, Security Considerations.

When WBEM Services receives an HTTP request over the configuredport, it checks user authentication, parses the request, looks up theresource, and contacts the registered provider if applicable. Theprovider sends a response to WBEM Services, and WBEM Servicessends it back to the client through this port.

• WBEM Services infrastructure:

Install (swinstall ) and verify (swverify ) the software productbundle B8465BA.

See the Release Notes for specific information about installing yourversion of WBEM Services for HP-UX. The release notes can beviewed or printed from http://www.docs.hp.com -> network andsystem management .

Chapter 4 39


NOTE If you already have WBEM Services installed, check your releasenotes before uninstalling it or re-installing it. You could remove allthe files associated with WBEM Services and make all yourproviders unavailable.

NOTE Do not move or change WBEM Services files. Their locations arepredetermined.

Providers Included with WBEM Services

Three providers are shipped with WBEM Services for HP-UX. Theseproviders are installed automatically with WBEM Services. They are:

• The Computer System Provider

ComputerSystem provider gives basic computer system information,like the computer name and status.

• The Operating System Provider

OperatingSystem provider gives basic identify information about themanaged system where it is running. It is a generic operating systemprovider.

• The Process Provider

The Process Provider supplies basic UNIX process information, suchas the name of the executable image, process ID, priority, executionstate, and various process resource utilization statistics.

To see a list of provider modules on your system, use the cimprovider-l command. To see a provider in a particular module, use cimprovider-l -m <modulename> .

Clients Included with WBEM Services

The WBEM Services product includes a simple client you can use toexercise the infrastructure. After installing the infrastructure and thebundled providers, you can run it to check that things are runningsmoothly.

Chapter 440


The osinfo command invokes a client request to the included OperatingSystem Provider. If all is well, you will receive a formatted text reply thatlooks something like the following:

Name: HP-UXOperatingSystem InformationHost: MySystem.comVersion: B.11.00UserLicense: Unlimited user licenseOSCapability: 32 bitLastBootTime: Jul 17, 2002 16:18:35 (-0700)LocalDateTime: Aug 9, 2002 15:57:47 (-0700)SystemUpTime: 1985952 seconds = 22 days, 23 hrs, 39 mins, 12 secs

See Chapter 3 of this book for the request sent by osinfo , and theunformatted response.

Chapter 4 41

Installing and Setting up WBEM ServicesStarting and Stopping WBEM Services

Starting and Stopping WBEM ServicesYou must start CIM Server with the cimserver command when it firstinstalls. After that, it is designed to be always running and ready toserve CIM requests, unless a user command stops it.

To see if the CIM Server is running, enter ps -ef|grep -v cimserverd|grep cimserver

cimserver is a WBEM Services daemon process; it is designed to restartautomatically when the operating system reboots, and stay running aslong as the operating system is running. If cimserver should fail, anotherdaemon (cimserverd) automatically restarts it.

However, cimserver will not be automatically restarted in two cases. Inboth cases, you need to start it with the cimserver command:

• If a user deliberately stopped the CIM Server with the cimserver -scommand, and then never restarted it

• If a user disabled both the HTTP and the HTTPS connections. This isdone with the cimconfig command, setting bothenableHttpConnection and enableHttpsConnection to false.When you restart CIM Server, you can specify the type of connectionon the cimserver command line to get started. Once the CIM Serveris running, use cimconfig to enable one type of connection type inthe properties file.

The cimserver Command

Use the cimserver command to start WBEM Services after you firstinstall it.

If you stop the CIM Server, restart it with the cimserver command. IfCIM Server was stopped by a user command, the cimserverd daemoncannot automatically restart it, and CIM Server will not beautomatically started on reboot.

Entering cimserver with no options starts the CIM Server on thesystem where the command is issued. Use the -s option to stop the CIMServer, the -v option to see the version number of the CIM Server, andthe -h option for help on the command’s syntax.

Chapter 442

Installing and Setting up WBEM ServicesStarting and Stopping WBEM Services

On startup, you have the option of including parameters to specifyconfiguration property values, but these settings will last only as long asthe current process. Use the format <propertyName >=<value >. For amore lasting value, change the shutdown timeout property value withcimconfig .

For a list of properties and their default value, see the man page for thecimconfig command.

One configuration value, shutdownTimeout , is only valid withcimserver -s , the shutdown form. (And it is the only property that thestop form can use.) That timeout value is only used for that particularshutdown. Specify the amount of time for a graceful shutdown; aftertimeout passes, CIM Server will kill all processes, finished or not.

You must be a privileged user (have root permissions on the local system)to use the cimserver command.

cimserverd

The cimserverd daemon automatically restarts the cimserver processif it fails. However, it will not restart cimserver if it was stopped by auser command.

cimserverd is intended for WBEM Services, not for users. Users startthe CIM Server with the cimserver command.

Privileged users can reset the timing, however. By default, cimserverdchecks the status of the cimserver process every 30 seconds. To adjustthe time between checks, edit the value in the/etc/opt/wbem/cimserver_retry.conf file. After editing the file, youmust kill the process to force cimserverd to read the file:

1. Find the cimserverd PID (process identification number), using ps- ef |grep cimserverd

2. Kill the process, using kill -9 < pid_number >

3. cimserverd will automatically respawn, because it has an entry in/etc/inittab

Chapter 4 43

Installing and Setting up WBEM ServicesMaintaining the Repository

Maintaining the RepositoryWBEM Services keeps definitions of the data about managed objects andtheir providers in its repository.

The repository files (in /var/opt/wbem/repository/ ) are created as aby-product of the WBEM Services installation. They should never bedeleted or moved.

Four namespaces install with WBEM Services. Others may be added byclients and providers. The four that are automatically installed are:

• root: The root namespace exists to conforms to the DMTFspecifications.

• root/cimv2: The standard CIM schemas go here. Also, the schemasfor the bundled providers.

• root/PG_Interop: This is for provider registration. This space isreserved exclusively for providers, and all providers must registerhere. (See cimprovider man page.)

• root/PG_Internal: This space is reserved for use by WBEM Servicesonly.

It is important to schedule frequent backups of the repository directoriesand files. If the repository is moved or lost or it becomes corrupted,restore the files you backed up.

If you cannot restore the files, the init_repository script will restorethe files to the way they were when you first installed WBEM Services.The three providers that installed with WBEM Services will be intact.However, any managed objects, providers, or namespaces that you addedsince you first installed WBEM Services will be gone. You will need tore-register (perhaps reinstall) all the added providers.

To run the script, enter the following commands:

1. cimserver -s

(Shut down the CIM Server.)

2. mv /var/opt/wbem/repository /var/opt/wbem/repository.bak

(Move the /var/opt/wbem/repository directory.)

3. cimserve r

Chapter 444

Installing and Setting up WBEM ServicesMaintaining the Repository

(Start the CIM Server.)

4. /opt/wbem/sbin/init_repository

(Run the init_repository script.)

Chapter 4 45

Installing and Setting up WBEM ServicesCIM Server Properties

CIM Server PropertiesAfter WBEM Services for HP-UX is installed, you can configure theseproperties, using the cimconfig command. You must have privilegeduser (root) capabilities to modify properties.

It is good practice to regularly backup the two property configurationfiles:

• /var/opt/wbem/cimserver_current.conf contains the currentvalues

• /var/opt/wbem/cimserver_planned.conf contains plannedvalues, not yet in effect

NOTE Do not edit configuration files directly! Use the cimconfig command tochange the property values in the files.

At startup, you can temporarily modify property values, by entering apropertyname =value pair on the cimserver command line, However,these modifications last only as long as that execution of the CIM Server.

At shutdown, you can temporarily modify just one property value,shutdownTimeout, by entering a value on the cimserver shutdowncommand line.

The timeout value can be changed dynamically. The others cannot. Forall the other properties, you must use the -p parameter to indicate yourchange, then you must stop and restart CIM Server. The -p parameter isexplained in the cimconfig command summary below.

• enableHttpConnection - Set to true or false. The default is false,which means that WBEM Services will listen at port 5989 HTTPSconnection. Setting it to true allows user access through port 5988,using HTTP TCP/IP communication. Use HTTP connections only ifyou are certain your environment is secure. For more information,see Chapter 5, Security Considerations.

Chapter 446

Installing and Setting up WBEM ServicesCIM Server Properties

There are two ways to connect: HTTPS and HTTP. WBEM Servicescannot listen on both ports simultaneously. If both properties are setto true, only HTTPS connections will be allowed. If both are set tofalse, neither method will be allowed, and the CIM Server will beshut down and disabled from automatically re-starting.

• enableHttpsConnection - Set to true or false. The default, true,allows user access through port 5989, using HTTPS TCP/IPcommunication. HTTPS connection has better security than HTTP.For more information, see Chapter 5, “Security Considerations.”

There are two ways to connect: HTTPS and HTTP. WBEM Servicescannot listen on both ports simultaneously. If both properties are setto true, only HTTPS connections will be allowed. If both are set tofalse, neither method will be allowed, and the CIM Server will beshut down and disabled from automatically re-starting.

• enableNamespaceAuthorization Set to true or false. The default,false, means that users are authorized across all namespaces. IfenableNamespaceAuthorization is set to true, you must authorizeeach user, namespace by namespace, with the cimauth command.

You can use namespace authorization if you need the extra securityof restricting access to certain namespaces. Users with rootpermission on the local system are always privileged users. Aprivileged user can grant namespace authorizations to others. Formore information, see Chapter 5, Security Considerations.

• enableRemotePrivilegedUserAccess - Set to true or false. Thedefault, false, means that no remote privileged users can access theCIM Server. A remote priviledged user is a user from another systemwho has been authorized as root on this system (see the cimauthcommand.) If privileged access is set to true, a remote privileged usercan access the CIM Server. For more information, about userauthorization, see Chapter 5, Security Considerations.

• shutdownTimeout - Set to a number of seconds. When a cimserver-s shutdown command is issued, the timeout is the maximumnumber of seconds allowed for the CIM Server to completeoutstanding CIM operation requests before shutting down. If thespecified timeout period expires, the CIM Server will shut down,even if there are still CIM operations in progress.

Minimum value is 2 seconds. Default value is 10 seconds.

Chapter 4 47

Installing and Setting up WBEM ServicesThe cimconfig Command

The cimconfig CommandThe cimconfig command manages CIM Server configuration properties.The operations are executed on the CIM Server running on the localhost.

Use the cimconfig command to get, set, or unset CIM Server propertyvalues. Use the -l (list) option to see all properties and their values.

An operation on a current property (cimconfig with -c option) takeseffect immediately.

An operation on a planned property (cimconfig with a -p option) takesaffect the next time the CIM Server is started with the cimservercommand.

Dynamic properties can be set with either current or planned.Non-dynamic properties must be set using the planned option.

Modifications made by cimconfig remain in effect until they arechanged by another cimconfig command. WBEM Services must be upand running to issue the cimconfig command.

You can temporarily modify property values when WBEM Services isdown, by entering options at startup in the cimserver command line,However, these modifications last only as long as that execution of theCIM Server.

Chapter 448

Security Considerations

5 Security Considerations

This chapter describes WBEM Services security.

Security is checked first at the communication path. WBEM Services hasthree pathways:

• Local users with requests: If the user is on the same system as theWBEM Services, WBEM accepts the authentication already done bythe system itself. See Local Authentication, below.

• Remote users with requests: If the user is coming from a remotesystem, he enters through the WBEM Services HTTP Server. Theembedded HTTP server receives only valid CIM Messages; all otherrequests are rejected. User information is included in theXML-encoded HTTP message header. The CIM Server checks theuser-password information. See Remote Authentication, below.

• Providers: WBEM interacts with its registered providers throughshared libraries.

NOTE CIM providers run as privileged users. Be very careful installing aprovider that does not come from a trusted source.

After WBEM passes on a request to a provider, the provider isresponsible for checking its own security. The provider sets the rulesabout which requests it considers, and the conditions for granting orrefusing them. If a provider requires authorization beyond that checkedby WBEM Services, the provider supplier is responsible for documentingits own rules.

WBEM Services uses dedicated ports for CIM-XML traffic. Two ports arespecified by DMT and registered with IANA for CIM-XMLcommunications between remote clients and the CIM Server:

• HTTP TCP/IP communication on port 5988 (wbem_http)

• HTTPS TCP/IP communication on port 5989 (wbem_https)

Hewlett-Packard supports only these two port configurations.

Chapter 5 49

Security ConsiderationsUser Authentication

User AuthenticationWhen a user request comes through HTTP (HyperText TransportProtocol) or HTTPS (HTTP Secure), the CIM Server determines whetherthis is a legitimate user on the system. If the request does not passauthentication, the request is rejected without processing.

Local users are users on a system sending requests to WBEM Serviceson the same system.

Remote users are users on a system sending requests to WBEMServices on another system.

Local User Authentication

For local users, the CIM Server uses a local authentication mechanism.The CIM Server uses the existing file system security to authenticate theuser. WBEM accepts the authentication already done by the systemitself, so local requests include only the users’ login names, not theirpasswords.

Remote User Authentication

Remote users accessing CIM Server are authenticated with arequest/challenge mechanism using HTTP Basic authentication.

A request is received from a management client. The CIM Serverchallenges the client to send a Base64 encoded username and passwordin the HTTP Authorization header.

To verify that the encoded user-password pair are authorized on thesystem, WBEM Services calls PAM (Pluggable Authentication Module).For information about PAM, see the PAM man page and go tohttp://docs.hp.com . Click on your operating system (for exampleHP-UX 11.0). Next, click System Adminstration. View, download, orprint the manual Managing Systems and Workgroups: A Guide forHP-UX System Administrators.

Chapter 550


When WBEM Services installs, the CIM Server will be configured with arandomly-generated, self-signed certificate. If a self-signed servercertificate does not give a sufficient level of trust, the systemadministrator can use a central Certificate Authority to issuecertificates.

HTTPS and HTTP

WBEM Services listens on one port at a time, either the HTTPS or theHTTP port. By default, enableHttpsConnection is set to true, andWBEM Services listens on port 5989. You can set the HTTPS connectionto false, and set the property enableHttpConnection to true.

Use the cimconfig command to reset the property file. To changeproperties temporarily, for just one session, start CIM Server with thecimserver command and use the command-line properties option.

If you try to set both HTTPS and HTTP to true (enabled), WBEMServices will listen only at the HTTPS port.

If you set both to false (disabled), WBEM Services cannot function.When you restart to make the change effective, the CIM Server will notbe able to restart. You will have to use the cimserver command withonly one of the options, either enableHttpsConnection=true orenableHttpConnection=true . This sets the property temporarily andstarts WBEM Services. Once CIM server is running, use cimconfig toset a connection in the properties file.

By default, WBEM Services uses SSL (Secured Socket Layer) for allcommunications, with server-side certificates that are trusted by themanagement application. This gives both spoof protection andconfidentiality.

There is an option to disable SSL, but change it with caution.

NOTE Basic Authentication requires the client to pass both the user name andpassword, both in Base64 encoding. This encoding is not secure. SSLshould only be disabled in a highly secure environment, where passingclear text passwords is not an issue.

Chapter 5 51


WBEM Services uses OpenSSL to support HTTPS connections. OpenSSLis a cryptography toolkit that implements the network protocols andrelated cryptography standards of SSL v2/v3 and TLS (Transport LayerSecurity). For more about OpenSSL, go tohttp://www.openssl.org/docs .

On the HTTPS port, CIM clients are required to use SSL (Secure SocketLayer) to establish connections with the CIM Server and to send orreceive CIM requests.

Chapter 552

Security ConsiderationsNamespace Authorization

Namespace AuthorizationCIM Services gives authenticated users controlled access to the entireCIM schema. It does not check security for specific resources, likeindividual classes and instances.

However, you can choose to control each user’s access by requiringauthorization for each user on each namespace. A user with rootpermission (uid 0) on the local system can use the cimconfig commandto set the WBEM Services enableNamespaceAuthorization property totrue, then use the cimauth command to set each user’s accessauthorization on each namespace.

NOTE A user with root permission on the local system (uid 0) always has allpermissions on all namespaces.

When namespace authorization is set to true, and a user submits arequest for a namespace that he isn’t authorized on, this user error isdisplayed: “Not authorized to run <requesting operation> in thenamespace <requesting namespace> .”

For more information about authorization, see the man pages for thecimauth and cimconfig commands.

Authorizations are: Read, Write, or Read and Write. (Notice that Writedoes not automatically include Read.)

The following CIM operations require Write authorization:

CreateClassCreateInstanceDeleteClassDeleteInstanceDeleteQualiferInvokeMethodModifyClassModifyInstanceSetPropertySetQualifier

The following CIM operations require Read authorization:

EnumerateClasses

Chapter 5 53

Security ConsiderationsNamespace Authorization

EnumerateClassNamesEnumerateInstancesEnnumerateInstanceNamesEnumerateQualifiersGetClassGetInstanceGetPropertyGetQualifier

A summary of the operations is in Appendix B.

Chapter 554

Troubleshooting

6 Troubleshooting

This chapter is for people who are having trouble while trying to useWBEM Services.

There is a short checklist of things to check before calling support.

The WBEM Services messages are listed here.

Chapter 6 55

TroubleshootingChecklist for Troubleshooting WBEM Services

Checklist for Troubleshooting WBEM ServicesIf you are having trouble with WBEM Services, try this checklist beforecalling Support:

• Is CIM Server is running? Enter ps -ef|grep -v cimserverd |grepcimserver. If it isn’t running, enter cimserver (no options).

• Is WBEM services installed correctly? Enter: swverify B8465BA

• Do you have the essential files? These directories and files arecreated as a by-product of the WBEM Services installation. Theyshould never be moved. The first two files are the SSL certificatesfiles. The next four are the directories for the repository files.

— /var/opt/wbem/server.pem

— /var/opt/wbem/client.pem

— /var/opt/wbem/repository/root

— /var/opt/wbem/repository/root#PG_InterOp

— /var/opt/wbem/repository/root#PG_Internal

— /var/opt/wbem/repository/root#cim2

If any of these files are missing, restore all the repository directoriesand files from your backup.

If you cannot restore the respository directories, you will have tore-initialize the repository. This will return it to the state it was inwhen you installed WBEM Services, and you will lose any changesmade since then. See Maintaining the Repository in Chapter 4.

• Are you trying to process a request when the provider is notregistered? Enter cimprovider -l -s to list the name and status ofthe registered provider modules and cimprovider -l -m<modulename> to see the individual providers in that module.

• Exercise the path that requests follow: enter osinfo . This invokes asimple request. It should process and display a response to show youit completed.

• Check the syslog files. WBEM Services messages are listed below.

Chapter 656

TroubleshootingWBEM Services Messages

WBEM Services MessagesThe WBEM Services messages are listed in four groups: syslog messages,standard CIM messages, and command messages, and SSL errors.

Syslog Messages

WBEM Services puts the following messages in syslog:

• When CIM Server starts up, it logs a message, for example:

Jun 17 11:47:31 mysystem cimserver[5863]: Started HP WBEMServices for HP-UX B8465BA version A.01.00 on port 5989.

• When CIM Server shuts down, it logs a message, for example:

Jun 17 11:47:50 mysystem cimserver[5863]: CIM Serverstopped.

• If CIM Server gets a request to enable both HTTP and HTTPSconnections, it logs a message, for example:

Jun 17 13:58:11 mysystem cimserver[9618]: Enabling bothHTTP and HTTPS connections is unsupported. Only the HTTPSconnection is enabled.

• When CIM Server gets a request to disable both HTTP and HTTPSconnections, it logs a message, for example:

Jun 17 13:58:42 mysystem cimserver[9624]: Neither HTTPnor HTTPS connection is enabled. CIMServer will not bestarted.

It is possible to disable both connections in the plannedconfiguration, using cimconfig . However, WBEM Services cannotfunction without a connection. Enable one of the connections now;default is HTTPS.

You need to restart the CIM Server for the planned configuration totake effect. If you leave both ports disabled, the CIM Server will notrestart unless you specify a connection type on the command line ofthe cimserver command. (For example, enter: cimserverenableHttpsConnection=TRUE .) Once started, use cimconfig to seta port type in a more lasting way.

Chapter 6 57


• When cimserverd detects that cimserver is not running (but it wasnot shut down by the cimserver -s command) it logs a message, forexample:

Jun 17 20:55:18 mysystem cimserverd[6991]: cimserver notrunning, attempting restart

Standard CIM Messages

Each CIM exception has a message string. There can be (and often is)additional message content after this standard code and format, but thatvaries.

CIM Status Codes are defined by DMTF.

In addition to these error codes, a text description of the error is returned

Two lists of error messages follow. This first list is ordered by errornumber. The second list has the same messages, but they are orderedalphabetically.

Following the lists, there are two examples of a return with a CIM error.

• 0 = CIM_ERR_SUCCESS

The operation completed without error.

• 1 = CIM_ERR_FAILED

A general error occurred that is not covered by a more specific errorcode.

• 2 = CIM_ERR_ACCESS_DENIED

Access to a CIM resource was not available to the client.

• 3 = CIM_ERR_INVALID_NAMESPACE

The target namespace does not exist.

• 4 = CIM_ERR_INVALID_PARAMETER

One or more parameter values passed to the method were invalid.

• 5 = CIM_ERR_INVALID_CLASS

The specified class does not exist.

• 6 = CIM_ERR_NOT_FOUND

Chapter 658


The requested object could not be found.

• 7 = CIM_ERR_NOT_SUPPORTED

The requested operation is not supported.

• 8 = CIM_ERR_CLASS_HAS_CHILDREN

Operation cannot be carried out on this class because it hassubclasses.

• 9 = CIM_ERR_CLASS_HAS_INSTANCES

Operation cannot be carried out on this class because it hasinstances.

• 10 = CIM_ERR_INVALID_SUPERCLASS

Operation cannot be carried out because the specified superclassdoes not exist.

• 11 = CIM_ERR_ALREADY_EXISTS

Operation cannot be carried out because an object already exists.

• 12 = CIM_ERR_NO_SUCH_PROPERTY

The specified property does not exist:

• 13 = CIM_ERR_TYPE_MISMATCH

The value supplied is not compatible with the type.

• 14 = CIM_ERR_QUERY_LANGUAGE_NOT_SUPPORTED

The query language is not recognized or supported.

• 15 = CIM_ERR_INVALID_QUERY

The query is not valid for the specified query language.

• 16 = CIM_ERR_METHOD_NOT_AVAILABLE

The extrinsic method could not be executed.

• 17 = CIM_ERR_METHOD_NOT_FOUND

The specified extrinsic method does not exist.

This list has the same messages as above; however, it is orderedalphabetically, and without the error number:

• CIM_ERR_ACCESS_DENIED

Access to a CIM resource was not available to the client

Chapter 6 59


• CIM_ERR_ALREADY_EXISTS

Operation cannot be carried out because an object already exists

• CIM_ERR_CLASS_HAS_CHILDREN

Operation cannot be carried out on this class because it hassubclasses

• CIM_ERR_CLASS_HAS_INSTANCES

Operation cannot be carried out on this class because it hasinstances

• CIM_ERR_FAILED

A general error occurred that is not covered by a more specific errorcode

• CIM_ERR_INVALID_CLASS

The specified class does not exist

• CIM_ERR_INVALID_NAMESPACE:

The target namespace does not exist

• CIM_ERR_INVALID_PARAMETER

One or more parameter values passed to the method were invalid

• CIM_ERR_METHOD_NOT_AVAILABLE

The extrinsic method could not be executed.

• CIM_ERR_METHOD_NOT_FOUND

The specified extrinsic method does not exist.

• CIM_ERR_INVALID_QUERY

The query is not valid for the specified query language.

• CIM_ERR_INVALID_SUPERCLASS

Operation cannot be carried out because the specified superclassdoes not exist.

• CIM_ERR_NO_SUCH_PROPERTY

The specified property does not exist.

• CIM_ERR_TYPE_MISMATCH

The value supplied is incompatible with the type.

Chapter 660


• CIM_ERR_NOT_FOUND

The requested object could not be found.

• CIM_ERR_NOT_SUPPORTED

The requested operation is not supported.

Examples of CIM Responses

For example, consider a client requesting a createInstance operation onthe PG_OperatingSystem class, when this operation is not supported bythe Operating System provider. The requestor will receive the followingresponse (shown below encoded in XML)

<?xml version=”1.0” encoding=”utf-8”?>


<MESSAGE ID=”53000” PROTOCOLVERSION=”1.0”> <SIMPLERSP>

<IMETHODRESPONSE NAME=”CreateInstance”>

<ERROR CODE=”7” DESCRIPTION=”CIM_ERR_NOT_SUPPORTED:The requested operation is not supported: “OperatingSystemProviderdoes not support createInstance”/>

</IMETHODRESPONSE>

</SIMPLERSP>

</MESSAGE>

</CIM>

In the above example, you see these four components of the response:

1. CIM error code of 7

2. Translation to CIM_ERR_NOT_SUPPORTED

3. Expanded text message The requested operation is notsupported

4. The non-standard additional message OperatingSystem Providerdoes not support createInstance

As a second example, consider a client that mistakenly provides too fewor too many keys to a GetInstance operation on thePG_OperatingSystem class. The following response is sent (shown belowencoded in XML):

Chapter 6 61


<?xml version=”1.0” encoding=”utf-8”?>


<MESSAGE ID=”35002” PROTOCOLVERSION=”1.0”> <SIMPLERSP>

<IMETHODRESPONSE NAME=”GetInstance”>

<ERROR CODE=”4”DESCRIPTION=”CIM_ERR_INVALID_PARAMETER: One or moreparameter values passed to the method were invalid: “Wrong number ofkeys”/>

</IMETHODRESPONSE>

</SIMPLERSP>

</MESSAGE>

</CIM>

In the above example, you see these four components of the response:

1. CIM error code of 4

2. Translation to CIM_ERR_INVALID_PARAMETER

3. Expanded text message: One or more parameter values passedto the method were invalid

4. The non-standard additional message: Wrong number of keys

WBEM Services Command Messages

These messages come from the WBEM Services commands. They arewritten to stdout.

cimauth Command Messages

• Message: You must have superuser privilege to run thiscommand.

If you do not have root permissions (uid=0) on the local system, get alogon that does, or have such a privileged user to give youpermission. (See Chapter 5; see the cimauth man page.)

• Message: Failed to add authorizations. Please make surethat the authorization schema is loaded on the CIMOM.

Chapter 662


Essential information is missing from the repository. SeeMaintaining the Repository in Chapter 4.

• Message: Failed to add authorizations. Specified userauthorization already exists.

If you want the authorization added, you do not need to do anything;it is there. To modify, use the -m option. To remove, use the -r option.

• Message: Failed to modify authorizations. Specified userauthorizations were not found.

Enter cimauth -l to list all the authorizations. See if the one youwant to modify is in the list, and if you are spelling it right. If it’s notin the list, you need to add it with the -a option. Then re-issue thecommand.

• Message: Failed to remove authorizations. Specified userauthorizations were not found.

Enter cimauth -l to list all the authorizations. See if the one youwant to remove is in the list, and if you are spelling it right. If it’s notin the list, you need to add it with the -a option. Then re-issue thecommand.

• Message: CIM Server may not be running.

To see if cimserver is running, enter: ps -ef|grep -v cimserverd|grep cimserver

Perhaps an operator stopped it by command, but did not restart it. Tostart it, enter: cimserver

cimconfig Command Messages

• Message: Current value of properties can not be listedbecause the CIM Server is not running

Check for cimserver using ps -ef|grep -v cimserverd |grepcimserver . Perhaps it was never started at install, or someone mayhave stopped it with cimserver -s . To start it again, entercimserver .

• Message: Failed to get property. Please make sure that theconfig schema is loaded in the CIM Server.


Chapter 6 63


• Message: Failed to set the config property. Please makesure that the config schema is loaded in the CIM Server.


• Message: Failed to unset the config property. Please makesure that the config schema is loaded in the CIM Server.


• Message: Failed to list the config properties. Please makesure that the config schema is loaded in the CIM Server.


• Message: Specified property name was not found.

Check the spelling of the property name. Re-issue the commandspecifying a valid config property. For a list of properties, enter:cimconfig -l

• Message: Specified property value is not valid.

See the cimconfig man page for the range of allowed values for theproperty, and reissue the command with a valid value.

• Message: Specified property cannot be modified.

You are trying to modify a property that is not dynamic. Dynamicproperties can be changed immediately, while CIM Server is running.

To modify a non-dynamic property you must modify the plannedvalue, then stop and start CIM Server (with cimserver command).For more information, see the cimconfig man page.

• Message: Current value can not be determined because theCIM Server is not running.

To see if cimserver is running, enter: ps -ef|grep -v cimserverd |grepcimserver


• Message: Planned value can not be determined because theCIM Server is not running.

Chapter 664




• Message: CIM Server may not be running.



cimmof Command Messages

• Message: Warning: class already in repository (OK toignore)

The same class is already loaded, so you do not need to do it again. Ifyou really want to replace this class, first delete it, then load yournew MOF file.

Message: Cannot connect to: mysystem: 5989 . Command failed.

CIM Server is not running. You tried to send a request to systemmysystem , through port number 5989 . An operator may have stoppedthe CIM Server. To restart it, enter cimserver . Then re-issue thecimmof command.

• Message: Can’t open file < filename >.

Check the MOF file that you specified. It could not be opened; it maynot exist, the pathname may be incomplete, or there may be a typingerror. Re-issue the command specifying a valid MOF file.

• Message: Could not open include file < filename >.

Check the MOF include file that you specified. It could not be opened;it may not exist, the pathname may be incomplete, or there may be atyping error. Re-issue the command specifying a valid MOF file.

• Message: <filename >:<lineNumber >: parse error before ‘string’

There is a parsing error before ‘string.’ If it is your own file, edit the itto correct invalid syntax, and then reissue the command. If you gotthe file from a provider, contact the provider’s support team.

Chapter 6 65


• Message: Error adding class <classname> to the repository:CIM_ERR_INVALID_SUPERCLASS: Operation cannot be carriedout since the specified superclass does not exist.

The file you specified contains schema definition for a class with asuperclass, but its superclass is not in the CIM Repository now. Youmust load the superclass before you load its subclasses.

If it is your own MOF file, edit it to check the spelling of the class andsuperclass, and the path and spelling of the MOF file in yourcommand. If you got the MOF file from a provider, contact theprovider’s support team.

• Message: Could not find declaration for Qualifier named<qualifier_name>

WBEM Services cannot find the qualifier name in the MOF file in theCIM repository.

If it is your own MOF file, check the qualifier name in the MOF fileyou specified. If it is misspelled, correct it. To see all qualifiers, go to/var/opt/wbem/repository/<namespace >/qualifiers. If the qualifierdoes not exist in the CIM Repository, add it, and then re-issue thecommand.

If you got the MOF file from a provider, contact the provider’sSupport team.

cimprovider Command Messages

• Message: Required arguments missing .

Change the syntax of your command; perhaps check spelling.cimprovider does not recognize the options you entered. Entercimprovider, with no options, to see correct usage. Also seecimprovider man page.

• Message: Missing required value for flag

Check your syntax for a flag that is missing its value. Entercimprovider , with no options, to see correct usage. Also seecimprovider man page.

• Message: The CIM Server may not be running


Chapter 666



• Message: Provider module already disabled

You cannot disable a provider that is already disabled. Usecimprovider -l -m <modulename> to see status of all the providersin the specified module.

• Message: You must have superuser privilege to unregisterproviders.


• Message: You must have superuser privilege to disable orenable providers


• Message: Provider module can not be enabled since it isdisabling

You cannot enable a provider while another client is disabling themodule. Enable it later.

• Message: Specified provider was not registered

You are trying to manage an unregistered provider. (To confirm, usethe cimprovider -l command.) Register the provider.

cimserver Command Messages

• Message: Error: Bind failed. Failed to bind to socket.

You tried to start CIM Server, but it is already running.

• Message: Unrecognized command line option

Re-issue the command specifying a valid option. For help withoptions, type cimserver -h or see the man page.

• Message: Duplicate shutdown option specified

The -s option was specified more than once. Re-issue the commandwith a valid option. For help with options, enter cimserver -h or seethe man page.

Chapter 6 67


• Message: Unrecognized config property: <configProperty>

Check the spelling of the property. Re-issue the command specifyinga valid config property. For a list of properties, enter cimconfig -l.

• Message: Invalid property value: shutdownTimeout=<value>

Specify a shutdownTimeout value that is a valid integer, 2 or greater.

• Message: Unable to connect to CIM Server. CIM Server maynot be running


Perhaps an operator stopped it by command, but did not restart it. ITo start it in that case, enter: cimserver

Perhaps someone has disabled both types of connection (HTTPS andHTTP). To start it in that case, enter either:

cimserver enableHttpsConnection=true (default)cimserver enableHttpConnection=true

• Message: Failed to shut down server:CIM_ERR_INVALID_NAMESPACE: The target namespace does notexist “root/PG_Internal”

The cimserver command cannot stop the CIM Server. The only wayto stop the CIM Server is to kill the CIM Server process:

1) Find the process ID (PID) of cimserver . Enter ps -ef|grep -vcimserverd |grep cimserver2) Kill the process: kill -9 <PID>

The most likely cause is that the CIM repository was moved ordeleted, or that it is empty or corrupted. Try replacing all thedirectories and files in /var/opt/wbem/repository/ with yourbackup copy.

If you cannot replace the repository directories, you can use theinit_repository script to restore your repository to what it waswhen you first installed WBEM Services. You will need to re-installany providers you added since you installed WBEM Services. (You donot need to re-install the three providers that are bundled withWBEM Services.)

Chapter 668


openssl and SSL-Related Messages

• Server-side SSL (Secure Socket Layer) Errors

— Could not get certificate and/or private key

The present file is missing, empty, or not readable. Restore thecertificate file (/var/opt/wbem/server.pem ) from backup, thenstop and restart the CIM Server.

• Client-side SSL (Secure Socket Layer) Errors

— RAND_load_file - failed

Check the random seed file (ll /var/opt/wbem/ssl.rnd ). If itexists, set permissions so it has read permission for all.

If the file does not exist, or its size is zero, restore it from backup.

— RAND_seed - Not enough seed data

Check the random seed file (ll /var/opt/wbem/ssl.rnd ). If itdoes not exist, or if its size is zero, restore it from backup. If itexists and has some content, try doubling the size of the file: copythe existing content and paste it onto the end of the file.

— Could not get certificate and/or private key

The present file is missing, empty, or not readable. Restore thecertificate file (/var/opt/wbem/client.pem ) from backup, thenreissue the client request.

— Random seed file required

Clients must pass a random seed file in the OperationContext,and this one did not.

osinfo Command Messages

• Message: Cannot get info from OS provider

Verify that the provider in your request is listed. Enter cimprovider-l -m OperatingSystemModule.

• Message: Cannot connect to CIM Server

See if cimserver process is running. Enter ps -ef|grep -vcimserverd |grep cimserver . Start the process with thecimserver command (no options).

Chapter 6 69


wbemexec Command Messages

• Message: Invalid input: expected XML request.

Check the coding of the request. The input must be a valid CIMrequest encoded in XML according to the DMTF Specification for theRepresentation of CIM in XML.

• Message: Invalid XML request

Correct the XML request, and re-issue the command. Refer to thetext following the message for more specific information about theinvalid XML request. For more information about XML, see theDMTF Specification for the Representation of CIM in XML V. 1.0.(http://www.dmtf.org/download/spec/xmls/ CIM_HTTP_Mapping10.php)

• Message: Timed out waiting for response

You can change the timeout value with a wbemexec command option.The request may require more processing time than allowed by thespecified or default timeout period. Specify a timeout value longerthan the value previously specified or longer than the default.

Check syslog for possible errors or problems with the CIM Server orproviders. An error may have occurred in the CIM Server, preventingthe CIM Server from responding to requests. (A list of syslogmessages is in this chapter.)

If necessary, stop and re-start the CIM Server. Re-issue the wbemexeccommand.

• Message: wbemexec: Failed to connect to CIM Server

First, read the text that follows this message, for more informationabout the problem.

— Enter ps -ef|grep -v cimserverd |grep cimserver. If the cimserverprocess is not running, enter cimserver (no options) to start it.After this, the log file should record an attempt to start cimserverand a confirmation that cimserver started.

— On the CIM Server host, enter uname -a to be sure you havespecified the appropriate host name.

Chapter 670


Enter cimconfig -l -c to list current values of properties. Seeif the enabled connection is port HTTP or HTTPS. Now see ifyour request specified the corresponding port. By default,HTTPS (default type) enters port 5989; HTTP enters Port 5988.

— You may not be authorized to connect to the CIM Server. SeeChapter 5.

• Message: wbemexec: M-POST method invalid with HTTP version1.0

Modify the command line. Either specify HTTP version 1.1 with theM-POST or POST method, or specify HTTP version 1.0 with thePOST method.

The M_POST method is only valid for HTTP versions 1.1 and later.

• Message: wbemexec: No input

Be sure that you did not specify an empty file, or redirect input froman empty file.

• Message: wbemexec: Unable to use requested input file:file cannot be opened .

Check to be sure there is sufficient memory to open a file, and thatyou have not reach the open-file limit. wbemexec can find the file,and the permissions allow the file to be read, but the file cannot beopened for some other reason.

• Message: wbemexec: Unable to use requested input file:file does not exist .

Check the pathname and spelling of the input file you specified.

• Message: wbemexec: Unable to use requested input file:file is not readable .

Check the permission settings on the specified input file and itsdirectories, modify if necessary, and re-issue the command.

Chapter 6 71


Chapter 672

How Resources are Represented (CIM Schema)

A How Resources are Represented(CIM Schema)

The WBEM Services repository stores information about the managedresources.

To register with WBEM Services, a provider must define its resource bythe classes and subclasses that define it. Then the provider mustdescribe the properties that it will expose, and the methods that it willsupport.

The properties describe what a class is, the methods describe what it cando. Properties are attributes or characteristics of the resource. Methodsare its actions, capabilities, or behaviors.

To made a request, the client must first identify, by its classes andsubclasses, the resource it wants to manage.

The resource descriptions are done using object-oriented modeling.Object- oriented modeling represents real things in an abstract schema.Objects are arranged from most general to most specific. Many attributesof the more general parent are inherited by their more specific children.

Like object-oriented programming languages, the subclasses inherit thedefinitions of properties and methods from the parent class. Unlike someobject-oriented programming, they do not inherit the implementations.

This section briefly defines basic concepts about object representation. Assystem administrator, you do not need to understand this to installWBEM Services or maintain it. However, it is the language that is usedto explain resources. These are the terms that are used to describe whatproviders and clients do, and how resources can be managed.

For more information about object representation, visit the tutorial at:http://www.dmtf.org/education/cimtutorial.php

The schema is the most general abstraction that represents real thingsin the WBEM standard. A schema is a collection of classes. Each class ina schema can only belong to that schema. Each class name must beunique within a schema; a schema cannot have two classes with thesame name.

Appendix A 73


The class is the basic modeling unit. It is a collection or set of objectsthat have similar properties and purposes. Each class defines a certaintype of managed object, for example operating systems or systemmemory. Objects in the class contain properties (describing what it is)and methods (what it can do). A class can contain other classes (itssubclasses). It can also contain instances.

Subclasses are grouped by similarities. Subclasses inherit propertiesand methods from their parent (their superclass), and can also add theirown local properties and methods. Subclasses are themselves classes,and they can have their own subclasses.

CIM_SoftwareElement, for example, is a class. It has several subclasses,like HPUX_SoftwareElement, Win32_SoftwareElementLinux_RPM_SoftwareElement, Linux_Debian_SoftwareElement.

An instance can be a discrete occurrence of any object, like yourcomputer’s hard drive or the printer on your desk. It is the most specificmember of the hierarchy. An instance cannot have any subclasses. Allinstances in a class share the same properties and methods. Each has aunique name (see key properties, below).

Methods are the behaviors of the class, for example, theOperatingSystem class has a Reboot method and a printer has anEnableDevice method to put it online. Not all classes have methods.

An intrinsic method models a CIM operation. Standard intrinsicmethods (such as enumerateInstances, getInstance, modifyInstance) arerelevant to all classes.

An extrinsic method is defined on a CIM Class in some Schema that isunique to that class.

Properties are the attributes of a class. For example, there is aParticipatingCS association between a CIM_ComputerSystem and aCIM_Cluster. This association has two properties, RoleOfNode andStateOfNode, to describe attributes of the ComputerSystem as a nodewithin the Cluster.

Key properties (one or more properties defined with a “key” qualifier)are identifiers. Keys in classes and subclasses provide a way to uniquelyidentify the instance that inherits them. All instances inherit a key, or aset of keys, from their superclass. The value that the instance gives thesekeys is its own identification. It is the only instance in its namespacethat is allowed to have that “name.” More than one key property is acompound key.

Appendix A74


Consider how to uniquely identify a user account on a Unix system. Youcould use two key properties: the value of the user account’s Nameproperty and the value of the system’s Name property. Consider also theidentifying pair used to route your email to you:user-name@domain-name.

Classes are either concrete or abstract. A concrete class (likeCIM_Operating System) has real instances, particular computersystems. A concrete class must have at least one key property. Anabstract class like CIM_ManagedElement can not have any instances,and it is not required to have key properties. Its subclasses can have keysas they get more specific.

Associations can be defined between classes. For example, there is aParticipatingCS association between CIM_ComputerSystem (the entirecomputer system) CIM_Operating System (the OS software that existson that system).

The association itself is a class, so it can have properties and methods.For example, two properties of ParticipatingCS are RoleOfNode andStateOfNode.

Namespaces can give you a logical way to group things, in order tocontrol their scope and visibility. A namespace is not a physical location;it is more like a logical database containing specific classes andinstances. Namespace grouping can be used to separate instances andmake sure there are no collisions with others of the same name.Namespaces also can be used to limit access.

HP WBEM Services for HP-UX installs with four pre-definednamespaces.

• root (in /root directory): The root namespace exists to conforms to theDMTF specifications.

• root#cimv2 (in /root/cimv2): The standard CIM schemas go here.Also, the schemas for the bundled providers.

• root#PG_Interop (in /root/PG_Interop): This is for providerregistration. This space is reserved exclusively for providers, and allproviders must register here. (See cimprovider man page.)

• root#PG_Internal (in /root/PG_Internal): This is a private space, foruse by WBEM Services only.

Appendix A 75


Appendix A76

WBEM Services CIM Operations

B WBEM Services CIM Operations

HP WBEM Services for HP-UX supports a subset of the DMTF-definedCIM operations. If you are installing a client or provider, be sure theseare sufficient operations.

Appendix B 77

WBEM Services CIM OperationsThe InvokeMethod Operation

The InvokeMethod OperationThe following operation is a way to invoking the class of methods calledextrinsic methods. (This is the way WBEM Services supports extrinsicmethods.) If a provider has registered with WBEM Services as a methodprovider, it will support the use of InvokeMethod.

• InvokeMethod (Write)

Takes a method name with input and output parameters, and aninstance. The instance is specified by its namespace, classname, andkey properties and values. Invokes the specified method on thespecified instance.

Appendix B78

WBEM Services CIM OperationsOperations Implemented by Providers

Operations Implemented by ProvidersThe following CIM operations are implemented by instance providers forthe classes they support. The methods are intrinsic. If the provider doesnot support a particular method, the implementation returnsCIM_ERR_NOT_SUPPORTED.

• GetInstance (Read)

Takes a namespace, classname, and key properties and values.Returns the instance with all its properties.

• EnumerateInstances (Read)

Takes a namespace and a classname. Returns all instances of thespecified class, including all properties. When invoked on a class withsubclasses, WBEM Services will pass the EnumerateInstance CIMoperation to providers for all of the subclasses, and combine all theresults into a single response.

• EnumerateInstanceNames (Read)

Takes a namespace and a classname. Returns all instances of thespecified class. It returns all key properties, but it does not returnnon-key properties.When invoked on a class with subclasses, WBEMServices will pass the EnumerateInstanceNames CIM operation toproviders for all of the subclasses, and combine all the results into asingle response.

• CreateInstance (Write)

Takes a namespace, classname, and key properties and values. Canaccept other properties and values. Creates an instance that meetsthose criteria.

• DeleteInstance (Write)

Takes a namespace, classname, and key properties and values. Canaccept other properties and values. Deletes the instance that meetsthose criteria.

• ModifyInstance (Write)

Takes a namespace, classname, and key properties and values. Canaccept other properties and values. Modifies the instance that meetsthose criteria.

Appendix B 79

WBEM Services CIM OperationsOperations on Properties

Operations on PropertiesOperations on properties are listed below.

• GetProperty (Read)

Takes a namespace, classname, and key properties and values tospecify an instance. Also takes the property desired. Returns thevalue of the property for the specified instance.

• SetProperty (Write)

Takes a namespace, classname, and key properties and values, tospecify a class. Also takes the desired property and value. Sets thedesired property of that instance to the specified value.

Appendix B80

WBEM Services CIM OperationsClass Manipulation Operations

Class Manipulation OperationsThe class manipulation operations can be used by CIM clients toexplicitly manipulate schema. Schema manipulation can be doneimplicitly through a MOF file. When the MOF compiler loads a MOF file,the compiler will use a series of CreateClass Operations to create theclasses contained in the file.

Class manipulation operations are listed below:

• GetClass (Read)

Takes a namespace and classname. Returns the class definition withall properties and methods.

• EnumerateClasses (Read)

Takes a namespace and, optionally, a classname. Returns a list of allthe classes and subclasses of that namespace (and classname if youspecified it), including the definitions of all properties and methods.

• EmumerateClassNames (Read)

Takes a namespace and classname. Returns a list of all subclasses ofthat namespace and class, including definitions of all key properties.Does not return non-key properties or methods.

• CreateClass (Write)

Takes a namespace and class definition. Creates the specified class.

• ModifyClass (Write)

Takes a namespace and a new class specification. Replaces theexisting class specification to the new (modified) one.

• DeleteClass (Write)

Takes a namespace and classname. Removes the class from thenamespace. If the class has subclasses, you must remove thesubclasses first.

Appendix B 81

WBEM Services CIM OperationsQualifier Operations

Qualifier OperationsQualifier declaration operations are listed below:

• GetQualifier (Read)

Takes a namespace and a qualifier name. Returns the information onthat qualifier, such as scope, flavor, and default value. (A qualifier isa modifier containing information that describes a class, an instance,a property, or a method.)

• EnumerateQualifiers (Read)

Takes a namespace. Returns all qualifiers defined in the specifiednamespace. (A qualifier is a modifier containing information thatdescribes a class, an instance, a property, or a method.)

• SetQualifier (Write)

Takes a namespace and qualifier name. Also takes a qualifierdeclaration. Replaces the existing qualifier declaration with thespecified declaration. (A qualifier is a modifier containinginformation that describes a class, an instance, a property, or amethod.)

• DeleteQualifier (Write)

Takes a a namespace and a qualifier name. Deletes the specifiedqualifier from the specified namespace.

Appendix B82

Glossarycore model

GlossaryCIM (Common Information Model) Ahierarchical object-based model developed bythe DMTF that defines a large number ofconcepts common to most computer systems.See Common Information Model.

CIM client A client application that issuesCIM operation requests over HTTP andprocesses the responses.

CIM Object Manager (CIMOM) ManagesCIM objects in an WBEM-enabled system.CIMOM receives and processes CIMoperation requests and issues responses.

CIM Object Manager repository Acentral storage area managed by theCommon Information Model Object Manager(CIM Object Manager). This repositorycontains the definitions of classes andinstances that represent managed objectsand the relationships among them. Also seerepository.

CIM schema A collection of class definitionsused to represent managed objects thatoccur in every management environment.Also see core model, common model, andextension schema.

cipher A key-selected transformationbetween plain text and cipher text. With agood cipher, the secret information inside thecipher remains hidden, even when the ciphertext is stored or transmitted.

class A collection of instances, all of whichsupport a common type; that is, a set ofproperties and methods. The commonproperties and methods are defined as

features of the class. For example, the classcalled Modem represents all the modemspresent in a system.

Common Information Model (CIM) Acommon data model of an implementation-neutral schema for describing overallmanagement information in anetwork/enterprise environment.

CIM is comprised of a Specification and aSchema. The Specification defines the detailsfor integration with other managementmodels defined by the DMTF, such asSNMPs MIBs or the DMI’s MIFs. TheSchema provides the actual modeldescriptions.

Common Information Model ObjectManager (CIM Object Manager) Acomponent in the CIM managementinfrastructure that handles the interactionbetween management applications andclients.

common model The second layer of theCIM schema, which includes a series ofdomain-specific but platform-independentclasses. The domains are systems, networks,applications, and other management-relateddata. The common model is derived from thecore model. Also see extension schema.

core model The first layer of the CIMschema, which includes the top-level classesand their properties and associations. Thecore model sets the conceptual frameworkfor the schema of the rest of the managedenvironment. Systems, applications,networks and related information aremodeled as extensions to the core model.

Glossary 83

GlossaryDesktop Management Interface (DMI)

The core model is both domain- andplatform-independent. Also see commonmodel and extension schema.

Desktop Management Interface (DMI)

An initiative by the DMTF. The DMI allowsdesktop computers, hardware and softwareproducts, and peripherals whether they arestandalone systems or linked into networksto be manageable and intelligent. It allowsthem to communicate their system resourcerequirements and to coexist in a manageablePC system. The DMI is independent ofoperating system and processor, enabling thedevelopment of manageable PC products andapplications across platforms.

Desktop Management Task Force(DMTF) An industry-wide consortiumcommitted to making computing deviceseasier to use, understand, configure andmanage. (www.dmtf.org)

domain The class to which a property ormethod belongs. For example, if status is aproperty of Logical Device, it is said tobelong to the Logical Device domain.

extensible markup language (XML) Asimplified subset of SGML that offerspowerful and extensible data modelingcapabilities. An XML Document is acollection of data represented in XML. AnXML Schema is a grammar that describesthe structure of an XML Document.

extension schema The third layer of theCIM schema, which includesplatform-specific extensions of the CIM

schema such as Microsoft® Windows NT®,UNIX®, and Microsoft® ExchangeServer.Also see common model and core model.

extrinsic method A method defined on aCIM Class in some Schema that is unique tothat class (versus intrinsic methods whichapply across all classes). Also see intrinsicmethod.

HTTP (Hypertext Transfer Protocol) Anapplication-level protocol for distributed,collaborative, hypermedia informationsystems. It is a generic stateless protocolthat can be used for many tasks throughextensions of its request methods, errorcodes and headers.

HTTP Server WBEM Services uses asmall-footprint special-services“light-weight” server that processes HTTPrequests and returns standard HTTPresponses. The server is not intended as areplacement for a web server. The serverdoes not serve up HTML web pages and doesnot run CGI applications.

indication An operation executed as aresult of some action such as the creation,modification, or deletion of an instance,access to an instance, or modification oraccess to a property. Indications can alsoresult from the passage of a specified periodof time. An indication typically results in anevent.

inheritance The relationship that describeshow classes and instances are derived fromparent classes, or superclasses. A class canspawn a new subclass, also called a childclass. A subclass contains all the methodsand properties of its parent class.

Glossary84

Glossarymanagement information base (MIB)

Inheritance is one of the features that allowsthe CIM classes to function as templates foractual managed objects in the CIMenvironment.

instance A representation of a real-worldmanaged object that belongs to a particularclass, or a particular occurrence of an event.Instances contain actual data.

instance provider A type of provider thatsupports instances of system- andproperty-specific classes. Instances providerscan support data retrieval, modification,deletion, enumeration, or query processing.Instance providers can also invoke methodsAlso see class provider and propertyprovider.

intrinsic method A method defined for thepurpose of modeling a CIM operation.Standard intrinsic methods (such asenumerateInstances, getInstance,modifyInstance) are relevant to all classes.Also see extrinsic method.

Kerberos A security mechanism thatprovides authentication, data integrity, dataprivacy, and mutual authentication.(Available through PAM in HP-UX)

key A property that is used to provide aunique identifier for an instance of a class.Key properties are marked with the Keyqualifier. A compound key has more than oneproperty, with a Key qualifier.

key qualifier A qualifier that must beattached to every property in a class thatserves as part of the key for that class.

light-weight HTTP server A small-footprint server that processes HTTPrequests and returns standard HTTPresponses. The server is not intended as areplacement for a web server. The serverdoes not serve up HTML web pages and doesnot run CGI applications.

local property A non-system propertydefined for a class but not inherited from asuperclass.

managed object A hardware or softwaresystem component that is represented as aninstance of the CIM class. Information aboutmanaged objects is supplied by data andevent providers, as well as by the CIMObject Manager.

managed object format (MOF) Acompiled language for defining classes andinstances. A MOF compiler takesinformation from a .mof formatted text fileand adds the data to the CIM ObjectManager repository. MOF eliminates theneed to write code, thus providing a simpleand fast technique for modifying the CIMObject Manager repository. DMTF makestheir schemas available as MOF files.

management application An applicationor service that uses information originatingfrom one or more managed objects in amanaged environment. Managementapplications retrieve this information andperform operations through calls to the CIMObject Manager from the CIM ObjectManager.

management information base (MIB) Adatabase of managed objects, written in text.

Glossary 85

Glossarymanagement information format (MIF) database

management information format (MIF)database Part of DMI that stores andmanages information and passes it tomanagement applications on request. MIFsdefine the standard manageable attributesof PC products in categories including PCsystems, servers, printers, LAN adapters,modems, and software applications.

Management Interface (MI) The MIallows DMI-enabled applications to access,manage and control desktop systems,components and peripherals.

metamodel A CIM component thatdescribes the entities and relationshipsrepresenting managed objects. For example,classes, instances, and associations areincluded in the metamodel.

metaschema The metaschema is a formaldefinition of the model. It defines the termsused to express the model and its usage andsemantics.

method 1. A function describing thebehavior of a class. Including a method in aclass does not guarantee an implementationof the method. The Implemented qualifier isattached to the method to indicate that animplementation is available for the class.

2. A function included in a CIM ObjectManager API interface.

MOF file A text file that contains definitionsof classes and instances, using ManagedObject Format (MOF) formatting.

multiple inheritance The ability of asubclass to derive from more than onesuperclass.

named element An entity that can beexpressed as an object in the meta schema.

namespace A unit for grouping classes andinstances to control their scope and visibility.Namespaces are not physical locations; theyare more like logical databases containingspecific classes and instances. Objectslocated within a namespace must haveunique names (specified by one or more keyvalues) within that namespace. Objects in adifferent namespaces can be unique even ifthey have the same keys, because the twoobjects reside in separate namespaces.

object path A formatted string used toaccess namespaces, classes, and instances.Each object on the system has a unique pathwhich identifies it locally or over thenetwork. Object paths are conceptuallysimilar to Universal Resource Locators(URL).

Open Database Connectivity (ODBC) Aspecification for an API that defines astandard set of routines with which anapplication can access data in a data source.

operational semantics The formalizationof real objects by putting them into acommon language.

override Indicates that the property,method, or reference in the derived classoverrides the similar construct in the parentclass in the inheritance tree or in thespecified parent class.

PAM (Pluggable Authentication Model)

A Hewlett-Packard product that coordinatesuser authentication tools for system security.

Glossary86

Glossarysuperclass

property A name/value pair that describesa unit of data for a class. Property namescannot begin with a digit and cannot containwhite space. Property values must have avalid Managed Object Format (MOF) datatype.

property provider A type of provider thatsupports the retrieval and modification ofthe CIM properties.

provider An executable that can returnand/or set information, execute methods,generate indications, or respond to otherrequests regarding a given managed object.

provider data sheet (PDS) Provides basicprovider information to softwareprofessionals who will design, implement,enhance, and/or support client applicationsthat will use this provider. It containsinformation about what this provider does,what interfaces it uses, how to install it andwhat platforms and operating systems aresupported.

provider registration A provider needs toregister with the CIMOM so that theCIMOM will know what properties andmethods are supported. A special object iscreated during registration to relate theinformation about the provider to the classesin the CIM schema that it supports.

qualifier A modifier containing informationthat describes a class, an instance, aproperty, a method, or a parameter.

reference A special string property typethat is marked with the reference qualifier,indicating that it is a pointer to otherinstances.

repository This repository contains thedefinitions of classes and instances thatrepresent managed objects and therelationships among them. The WBEMServices repository is not available for use byclients or providers for static or persistentdata storage. Also see CIM Object Managerrepository.

required property A property that musthave a value.

schema A collection of class definitions thatdescribe managed objects in a particularenvironment.

Simple Network Management Protocol(SNMP) A protocol of the Internet referencemodel used for network management.

standard schema A common conceptualframework for organizing and relating thevarious classes representing the currentoperational state of a system, network, orapplication. The standard schema is definedby the Desktop Management Task Force(DMTF) in the Common Information Model(CIM).

subclass A class that is derived from asuperclass. The subclass inherits all featuresof its superclass, but can add new features orredefine existing ones.

subschema A part of a schema owned by aparticular organization. The Win32 schemais an example of a subschema.

superclass The class from which a subclassinherits

Glossary 87

GlossaryWBEM (Web-Based Enterprise Management)

WBEM (Web-Based EnterpriseManagement) An initiative based on a setof management and Internet standardtechnologies developed to unify themanagement of enterprise computingenvironments. WBEM provides the abilityfor the industry to deliver a well-integratedset of standard-based management toolsleveraging the emerging technologies suchas CIM and XML.

WBEM Services (HP WBEM Services forHP-UX) A Hewlett-Packard product thatuses WBEM and DMTF standards tomanage HP-UX system resources.

web server Full-service web servers act asHTTP servers. In addition, they have manyother capabilities, like running CGI scripts.Understanding the distinction between alimited-service HTTP server and afull-service Web server is critical tounderstanding security on HP WBEMServices for HP-UX. WBEM Services uses itsown embedded HTTP server (a light-weightserver), not a web server.

Acknowledgement: Much of this informationwas gathered from: http://dmtf.org/education/cimtutorial.php , and muchmore information is available there.

Glossary88

Index

Aarchitecture of WBEM Services, 14associations, 75authentication

local users, 50remote users, 50

authorizationnamespace, 53

authorization for CIM operations, 53

Bbacking up files, 44

Cchecklist for troubleshooting, 56CIM HTTP

WBEM Services standard, 12CIM messages, 58CIM operations authorizations, 53CIM Operations over HTTP

DMTF standard, 12CIM repository, 14CIM Server

WBEM Services architecture, 14CIM server properties, 46cimauth command, 23cimconfig command, 23cimmof command, 23cimprovider command, 24cimserver command, 24, 42cimserverd daemon, 27class, 74client requirements, 19command messages, 62commands

cimauth, 23cimconfig, 23cimmof, 23cimprovider, 24cimserver, 24list of, 23openssl, 25osinfo, 26wbemexec, 26

configuration properties, 46CreateClass operation, 81CreateInstance operation, 79

DDeleteClass operation, 81DeleteInstance operation, 79DeleteQualifier operation, 82

EenableHttpConnection, 46enableHttpsConnection, 47enableNamespaceAuthorization, 47enableRemotePrivilegedUserAccess, 47EnumerateClasses operation, 81EnumerateClassNames operation, 81EnumerateInstanceNames operation, 79EnumerateInstances operation, 79EnumerateQualifiers operation, 82error messages, 57

GGetClass operation, 81GetInstance operation, 79GetProperty operation, 80GetQualifier operation, 82

HHTTP connection

enabling, 46HTTP server, 14

connecting, 21HTTPS and HTTP, 51HTTPS connection

enabling, 47

Iinit_repository, 27initializing respository, 44installing WBEM, 37instance, 74InvokeMethod operation, 78

Kkey property, 74

Mmessages, 57method, 74methods, 74

89

Index

ModifyClass operation, 81ModifyInstance operation, 79MOF Compiler, 14

Nnamespace, 75namespace authorization, 47, 53

Oobject-oriented modeling, 73openssl command, 25operation

CreateClass, 81CreateInstance, 79DeleteClass, 81DeleteInstance, 79DeleteQualifier, 82EnumerateClasses, 81EnumerateClassNames, 81EnumerateInstanceNames, 79EnumerateInstances, 79EnumerateQualifiers, 82GetClass, 81GetInstance, 79GetProperty, 80GetQualifier, 82InvokeMethod, 78ModifyClass, 81ModifyInstance, 79SetProperty, 80SetQualifier, 82

osinfo command, 26overview of WBEM Services, 11

Pports, 39ports (HTTPS and HTTP), 51prerequisites, 39processing requests, 21properties

enableHttpsConnection, 47enableNamespaceAuthorization, 47enableRemotePrivilegedUserAccess, 47shutdownTimeout, 47

properties of CIM server, 46property, 74

providerrequirements, 18responsibilities, 19

Rrepository files, 44repository, initializing, 44request

example, 30processing, 21

Sschema, 73Secure Socket Layer, 52Security, 49SetProperty operation, 80SetQualifier operation, 82shutdownTimeout, 47Software Development Kit, 11SSL, 52subclasses, 74syslog messages, 57

Ttroubleshooting, 55troubleshooting WBEM Services, 56

WWBEM Services

architecture, 14commands, 23messages, 57overview, 11processing requests, 21starting, 42stopping, 42

WBEM Services standards, 12wbemexec command, 26

XXML decoder, 21xmlCIM, 12

90

hp wbem services for hp-ux services admin guide

Documents