HPE 3PAR Policy Server Release Notes

HPE 3PAR Policy Server Release Notes
Abstract
This release notes document is for HPE 3PAR Policy Server and includes updates for version
6.8.3.
Part Number: QR482-97205
Published: March 2017
©
2012, 2017 Hewlett-Packard Development Company, L.P.
Notices
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use,
or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java® and Oracle® are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
Contents
Introduction..................................................................................................4
HPE 3PAR Policy Server 6.1.5 Release......................................................5
Supported Service Processor Versions............................................................................................... 6
Platform Requirements........................................................................................................................6
Known Issues with Policy Server.........................................................................................................6
HPE 3PAR Policy Server 6.8.3 Release......................................................8
Supported Service Processor Versions............................................................................................... 8
Platform Requirements........................................................................................................................9
Known Issues with Policy Server.........................................................................................................9
Contents
3
Introduction
HPE 3PAR Policy Server works to implement customer-configurable remote service access policies. Installed
on a customer-provided host, Policy Server provides the customer with ultimate flexibility and control to allow
or deny outbound communication or remote service connections to and from an HPE 3PAR StoreServ
Storage System and HPE 3PAR Service Processor.
Policy Server also serves as the centralized point for collecting and storing audit logs of all diagnostic data
transfers and authorized remote service connections to and from all configured HPE 3PAR StoreServ Storage
Systems and HPE 3PAR Service Processor.
HPE 3PAR Policy Server provides the following benefits:
•
•
•
4
Complete control over policy administration
Centralized policy administration for all HPE 3PAR Storage Systems
Centralized audit log to facilitate security audits
Introduction
HPE 3PAR Policy Server 6.1.5 Release
This chapter addresses the changes made for version 6.1.5 of Policy Server. As of version 6.1.5, build
615256, Policy Server includes enhancements for capacity, performance, and scalability, a completely new
user interface (UI), an updated version of Tomcat, and an updated Java runtime environment (JRE). Details
are as follows:
•
•
•
•
A new database, HyperSQL Database Server, v2.2, is added.
The version of Tomcat is upgraded to version 6.0.32 for this release.
The JRE (VM) is upgraded to 1.6.0_26 for this release.
A new Adobe Flex-based user interface for the Policy Server application is added. This new UI provides
the same major components as the old UI. However, the names of two components have changed. The
former "Administration" tab is now called "Users," and the former "Devices" tab is now called "Assets."
A new Dashboard replaces the Home page of the Policy Server application. This Dashboard contains
modules where users who have the appropriate privileges can view the most recent Pending Requests,
Remote Sessions, and Audit log entries.
In addition to these changes, the ways you interact with the application is changed. For example, the
Users tab has a Selection bar, from which you can select other views. In the Users tab, the default view is
a table of users configured in the Policy Server directory server. The Selection bar provides access to a
view of Profiles and a view of Roles configured in the system.
•
Each tab also has an Actions panel on the left side of the page, with the table of information on the right
side. The Actions panel provides tools for searching for specific items as well as filtering or sorting the
items shown in the table. Where appropriate, the Actions panel provides tools to add a new item (for
example, a new profile or role). Refer to the online help if you need assistance; the help is thoroughly
revised and its look is changed to match the new UI.
Documentation - The online help is updated and the skin is redesigned to match the new user interface.
The original Policy Server book is split into two books:
◦
•
HPE 3PAR Policy Server Installation and Setup Guide—For system administrators and developers, this
document guides you through the steps of installing Policy Server for new installations. It covers
installing all components on the same machine.
◦ HPE 3PAR Policy Server Administration Guide —For system administrators, this document provides
instructions for starting the Policy Server components for those who did not do so at the end of
installation. In addition, it provides instructions and guidance on setting up user security, setting up
asset groups and policies, backing up and restoring the Policy Server database, and troubleshooting
Tomcat.
Terminology - The term "asset" replaces "device" throughout the user interface and documentation.
Consider the two words synonymous.
This release of the HPE 3PAR Policy Server contains a full installation of the Policy Server and its
components. This release also provides completely revised documentation: online help in the pages of the
Policy Server Application, the HPE 3PAR Policy Server Installation and Setup Guide, and the HPE 3PAR
Policy Server Administration Guide.
Refer to the HPE 3PAR Policy Server Installation and Setup Guide for complete information about
installing and configuring a new Policy Server.
HPE 3PAR Policy Server 6.1.5 Release
5
Supported Service Processor Versions
SP version
Policy Manager/Policy Server version
2.5.1
Policy Manager v4 only.
2.5.2
None. SPs that use software version 2.5.2 must
upgrade to SP 4.1 for Policy Server support.
4.1, 4.2, 4.3, and 4.4 (including all Maintenance
Updates)
Policy Server v6.1.5 only.
CAUTION:
The ship kit contains both HPE 3PAR Policy Manager and HPE 3PAR Policy Server. Be sure you are
installing the correct product for the version of the SP software that you are running.
Platform Requirements
Component
Requirement
Hardware
•
•
•
Operating system
Windows Server 2008 R2, x86 edition (32/64 bit)
1 CPU; 1 GHz minimum
1GB RAM minimum
40GB drive minimum
NOTE:
Operation on 64-bit operating systems
requires execution in 32-bit mode. HPE 3PAR
Policy Server does not have a native 64-bit
executable.
Java Runtime Environment (JRE)
Java version 1.6 with a minimum of update 17
Network connection
100 Mb network interface card (NIC)
Web browser
Windows Internet Explorer 6 or later
LDAP directory server
OpenDS 1.0, installed with HPE 3PAR Policy Server
Virtualization
VMWare ESXi v5.0, v5.1, and v5.5 (including all
VMWare Updates)
Additionally, a Certification Authority certificate must be generated to enable SSL encryption.
Known Issues with Policy Server
Upgrade from Policy Manager v4 to Policy Server v6 is not supported
6
Supported Service Processor Versions
Migration of Policy Manager v4 to Policy Server v6 requires that a new underlying operating system be
installed on a host system on which the Policy Server v6 software is then installed.
There is no supported upgrade path from Policy Manager v4 to Policy Server v6. Moving to Policy Server v6
also requires that any Service Processors that are using the Policy Server be running SP-4.1.0.GA-xx.
For more information, see the HPE 3PAR Policy Server Installation and Setup Guide.
The following table lists and describes known issues in this release of Policy Server:
Issue ID
Description
3107
Policy Server does not work if it is configured to use a port other than the default
port for the OpenDS directory server.
The installer changes the Policy Server configuration file to use a port other than the
default for the OpenDS directory server. However, it does NOT change the OpenDS
configuration file to use a different port number. Policy Server does not work if the port
number in these two configuration files is different.
Workaround: If you must use a different port for OpenDS communications than the
default (389), follow these steps:
1. During installation, select to install OpenDS and Policy Server as services but do
NOT select to start the services immediately after installation.
2. When the installation completes, locate the OpenDS configuration file
(<PolicyServer_install>/OpenDS-1.0.0/config/config.ldif).
3. Search for the listen port entry, ds-cfg-listen-port: 389, and change 389 to the port
number you want to use.
4. Save and close the file.
5. Start the OpenDS service first.
6. Next, start the database service.
7. Finally, start the Policy Server service.
3106
APS cannot be started or stopped if OpenDS is not running.
Due to limitations in Tomcat, the directory server must be running during startup and
shutdown of Policy Server, whether Policy Server is running as a service or not.
Workaround: In general, as explained in the Policy Server installation and maintenance
book, follow this sequence for starting the three components: start the directory server
first, followed by the database, and finally Policy Server. When shutting down the three
components, follow the reverse order: shut down Policy Server first, followed by the
database, and finally the directory server.
3104
Audit Log: Correct user name is not displayed in the Audit Log.
After sending a Set Data Item action and a Start Remote Application action to the asset,
the user logged in as a non-admin user in APS and selected Approve All for the pending
requests created by these two actions.
In the Audit Log page under the Asset communication category, in the Group/User
column, “Group Name/admin user” is displayed for the "Set Data Item action approved"
audit log message and “Group Name/system” is displayed for the "Start Remote
Application action approved" message.
2459
File parameters with trailing spaces in File upload permission results in errors
while uploading files.
HPE 3PAR Policy Server 6.1.5 Release
7
HPE 3PAR Policy Server 6.8.3 Release
This chapter addresses the changes made for version 6.8.3 of Policy Server.
HPE 3PAR Policy Server 6.8.3 release includes the following additions and changes:
•
Adds support for Windows Server 2012 R2 and Windows 10.
NOTE:
Windows 2012 R2 requires setting the installer into "Windows 8 compatibility mode" to run. This
compatibility mode applies ONLY to the installer. Once it is installed, Policy Server operates without
having to set this compatibility mode.
•
Includes the following stack updates:
◦
•
•
Oracle JDK, Java VM (Virtual Machine) - 64-bit—Updated to version 1.8.40. Used in the server and
installer.
◦ Apache Tomcat Server—Updated to version 1.7.62.
Allows older Agents to connect by enabling SSLv2Hello by default.
Increase the security of the default configuration by adding a list of default ciphers with CipherOrder
restriction.
Here is an example of the configuration:
sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"
useServerCipherSuitesOrder="true"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC
_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"
•
•
Avoids warning messages during startup by removing the MaxPermGen setting from all start scripts for
Policy Server, including start as service routines in Windows.
Resolves logging issues where no logging would appear if Policy Server was started as a process using a
script.
Supported Service Processor Versions
8
HPE 3PAR SP version
Policy Server version
4.2, 4.3, and 4.4 (including all Maintenance Updates
and patches)
6.8.3
HPE 3PAR Policy Server 6.8.3 Release
Platform Requirements
Component
Requirement
Hardware
•
•
•
Operating system
Windows Server 2008 R2, x86 edition (32/64 bit)
1 CPU; 1 GHz minimum
1GB RAM minimum
40GB drive minimum
Windows Server 2012 R2 (64 bit)
Java Runtime Environment (JRE)
Java version 1.8 with a minimum of update 40
Network connection
100 Mb network interface card (NIC)
Web browser
Windows Internet Explorer 10, 11
Mozilla Firefox 50, 51
LDAP directory server
Server OpenDS 1.0, installed with HPE 3PAR Policy
Server
Virtualization
VMWare ESXi v5.5 (including all VMWare Updates)
Additionally, a Certification Authority certificate must be generated to enable SSL encryption.
Known Issues with Policy Server
Issue ID
Description
The APS Web Services do not work with the Policy Server version 6.8.3.
For Administrators, the Remove option is available for all permissions, including the hidden
permissions. The Remove option does not work if a permission is designated as hidden.
Workaround: To delete hidden permissions:
1. Ensure that you are logged in as the Policy Server Administrator so that you can see
hidden permissions and the Visible check box for the permission to be deleted.
2. Select the Visible check box to make the permission visible, and save the change.
3. Once the permission is visible, delete it.
Platform Requirements
9
Download PDF
Similar pages