Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

EMC VNX Storage

EMC VNX Storage Configuration

What is Discovered and Monitored

Like EMC Clarion, FortiSIEM uses Navisec CLI to discover the device and to collect performance metrics. The only difference is that a slightly different command and XML formatted output is used.

Protocol

Information Discovered

Metrics collected

Used for

Navisec CLI

Host name, Operating system version, Hardware model, Serial number, Network interfaces* Installed Software, Storage Controller Ports

Hardware components: Enclosures, Fan, Power Supply, Link Control Card, CPU, Disk

Storage Pools, RAID Groups and the assigned disks

LUNs and LUN -> Storage Pool and RAID Group mappings

Storage Groups and memberships (Host, Port, LUN)

Processor utilization: SP Name, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps)

Storage Pool I/O: RAID Group id, RAID type, Total disk, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps)

Availability and Performance Monitoring

LUN I/O: LUN name, LUN id, Total disk, Used disk, Free disk, Disk util, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps)

Host HBA Connectivity: Source IP, Source Name, Source WWN, Dest IP, Destination Name, SP Port Name, Storage Group, LUN Names, Login Status, Registration Status

Host HBA Unregistered Host: Source IP, Source Name, Source WWN, Dest IP, Destination Name, SP Port Name

Hardware component health: Component name (Disk, Power supply, LCC, Fan, Link, Port), Component status, Host spare ready disk count

Overall Disk health: Total disk count, Total disk size (MB), Active disk count, Failed disk count, Spare disk count

Configuration

Installing the NaviSecCLI Library in FortiSIEM

Changing NaviSecCLI Credentials

If you change the NaviSecCLI credentials on your EMC Clarion device, the certificates may also be changed and naviseccli may prompt you to accept new certificates. This should only happen the first time after a certificate change, however, FortiSIEM discovery and performance monitoring will fail. You must run NaviSecCLI manually on each Supervisor and Worker in your deployment and accept the certificate, and then rediscover your EMC Clarion device for performance monitoring to resume.

Configuration of your EMC Clarion storage device involves installing EMC's NaviSecCLI library in your FortiSIEM virtual appliance, and then setting the access credentials that the appliance will use to communicate with your device.

  1. Log in to your FortiSIEM virtual appliance as root.
  2. Copy the file NaviCLI-Linux-64-x86-versionxyz.rpm to the FortiSIEM directory.
  3. Run rpm --Uvh NaviCLI-Linux-64-x86-versionxyz.rpm to install the rpm package.
    [root@Rob-SP-94 tmp]# rpm -Uvh NaviCLI-Linux-64-x86-en_US-7.30.15.0.44-1.x86_64.rpm
    Preparing... ########################################### [100%]
    1:NaviCLI-Linux-64-x86-en########################################### [100%]
    Please enter the verifying level(low|medium|l|m) to set?
    m
    Setting medium verifying level
    [root@Rob-SP-94 opt]# ls -la
    total 40
    drwxr-xr-x 8 root root 4096 Aug 22 16:06 .
    drwxr-xr-x 29 root root 4096 Aug 16 16:46 ..
    drwxr-xr-x 11 admin admin 4096 Jul 23 18:56 glassfish
    lrwxrwxrwx 1 root root 16 Aug 16 16:46 Java -> /opt/jdk1.6.0_32
    drwxr-xr-x 8 root root 4096 Jun 2 16:35 jdk1.6.0_32
    drwxr-xr-x 5 root root 4096 Aug 22 16:06 Navisphere <----Note this directory was created***
    drwxrwxr-x 14 admin admin 4096 Jul 24 11:22 phoenix
    drwxrwxr-x 3 root root 4096 Jun 2 16:36 rpm
    drwxr-xr-x 8 root root 4096 Jun 18 2010 vmware
    [root@Rob-SP-94 opt]#
  4. Change the user role to the admin su - admin and make sure that the user can run the command naviseccli -h -User <user> -Password <pwd> -Scope global getall -sp from the directory /opt/phoenix/bin .
    [root@Rob-SP-94 Navisphere]# cd bin
    [root@Rob-SP-94 bin]# su - admin
    [admin@Rob-SP-94 ~]$ naviseccli
    Not enough arguments
    Usage:
    [-User <username>] [-Password <password>]
    [-Scope <0 - global; 1 - local; 2 - LDAP>]
    [-Address <IPAddress | NetworkName> | -h <IPAddress | NetworkName>]
    [-Port <portnumber>] [-Timeout <timeout> | -t <timeout>]
    [-AddUserSecurity | -RemoveUserSecurity | -DeleteSecurityEntry]
    [-Parse | -p] [-NoPoll | -np] [-cmdtime]
    [-Xml] [-f <filename>] [-Help] CMD <Optional Arguments>[security -certificate]
    [admin@Rob-SP-94 ~]$ pwd
    /opt/phoenix/bin
  5. Make sure that the Navisphere Analyzer module is on.
    If the module is off, performance metrics will not be available and discovery will fail. This log shows an example of the module being turned off.
    [admin@fsiem ~]$ naviseccli -user admin -password admin*1 -scope 0 -h 192.168.1.100 getall -sp
    Server IP Address:       192.168.1.100
    Agent Rev:           7.32.26 (0.95)
    SP Information
    --------------
    Storage Processor:                  SP A
    Storage Processor Network Name:     A-IMAGE
    Storage Processor IP Address:       192.168.1.100
    Storage Processor Subnet Mask:      255.255.255.0
    Storage Processor Gateway Address:  192.168.1.254
    Storage Processor IPv6 Mode:               Not Supported
    Management Port Settings:
    Link Status:                        Link-Up
    Current Speed:                      1000Mbps/full duplex
    Requested Speed:                    Auto
    Auto-Negotiate:                     YES
    Capable Speeds:                     1000Mbps half/full duplex
                                        10Mbps half/full duplex
                                        100Mbps half/full duplex
                                        Auto
    System Fault LED:              OFF
    Statistics Logging:            OFF    <----- Note: performance statistics are not being collected
                                          <------ so AccelOp can not pull stats and discovery will fail.
                                          <------ See how to turn ON Statistics Logging below.
    SP Read Cache State            Enabled
    SP Write Cache State           Enabled
    ....
  6. If the Navisphere Analyzer module is off, turn it on with the setstats -on command.
    [admin@fsiem ~]$ naviseccli -user admin -password admin*1 -scope 0 -h 192.168.1.100 setstats -on
    [admin@fsiem ~]$ naviseccli -user admin -password admin*1 -scope 0 -h 192.168.1.100 getall -sp
    
    Server IP Address:       192.168.1.100
    Agent Rev:           7.32.26 (0.95)
     
    SP Information
    --------------
    Storage Processor:                  SP A
    Storage Processor Network Name:     A-IMAGE
    Storage Processor IP Address:       192.168.1.100
    Storage Processor Subnet Mask:      255.255.255.0
    Storage Processor Gateway Address:  192.168.1.254
    Storage Processor IPv6 Mode:               Not Supported
    Management Port Settings:
    Link Status:                        Link-Up
    Current Speed:                      1000Mbps/full duplex
    Requested Speed:                    Auto
    Auto-Negotiate:                     YES
    Capable Speeds:                     1000Mbps half/full duplex
                                        10Mbps half/full duplex
                                        100Mbps half/full duplex
                                        Auto
    System Fault LED:              OFF
    Statistics Logging:            ON   <---NOTE that statistics Logging is now ON.
    SP Read Cache State            Enabled
    SP Write Cache State           Enabled
    Max Requests:                  N/A
    Average Requests:              N/A
    Hard errors:                   N/A
    Total Reads:                   1012
    Total Writes:                  8871
    Prct Busy:                     6.98
    Prct Idle:                     93.0
    System Date:                   10/04/2013
    Day of the week:               Friday
    System Time:                   11:23:48
    Read_requests:                 1012
    Write_requests:                8871
    Blocks_read:                   26259
    Blocks_written:                235896
    Sum_queue_lengths_by_arrivals: 27398
    Arrivals_to_non_zero_queue:    3649
    ....
  7. Once this command runs successfully, you are ready to set the access credentials for your device in FortiSIEM and initiate the discovery process.
Setting the IP Address for Credential Mapping

Enter the Storage Processor IP address when you associate your device's access credentials to an IP address during the credential set up process. Do not enter any other IP address, such as the Control Station IP.

Settings for Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your EMC VNX storage device over NaviSecCLI.

Setting Value
Name <set name>
Device Type EMC VNX
Access Protocol Navisec CLI
Use LDAP Select to use LDAP to access directory services
User Name The user you configured to access NaviSecCLI
Password The password associated with the user

EMC VNX Storage

EMC VNX Storage Configuration

What is Discovered and Monitored

Like EMC Clarion, FortiSIEM uses Navisec CLI to discover the device and to collect performance metrics. The only difference is that a slightly different command and XML formatted output is used.

Protocol

Information Discovered

Metrics collected

Used for

Navisec CLI

Host name, Operating system version, Hardware model, Serial number, Network interfaces* Installed Software, Storage Controller Ports

Hardware components: Enclosures, Fan, Power Supply, Link Control Card, CPU, Disk

Storage Pools, RAID Groups and the assigned disks

LUNs and LUN -> Storage Pool and RAID Group mappings

Storage Groups and memberships (Host, Port, LUN)

Processor utilization: SP Name, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps)

Storage Pool I/O: RAID Group id, RAID type, Total disk, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps)

Availability and Performance Monitoring

LUN I/O: LUN name, LUN id, Total disk, Used disk, Free disk, Disk util, Read request rate (IOPS), Write request rate (IOPS), Read volume (KBps), Write volume (KBps), Read/Write request rate (IOPS), Read/Write volume (KBps)

Host HBA Connectivity: Source IP, Source Name, Source WWN, Dest IP, Destination Name, SP Port Name, Storage Group, LUN Names, Login Status, Registration Status

Host HBA Unregistered Host: Source IP, Source Name, Source WWN, Dest IP, Destination Name, SP Port Name

Hardware component health: Component name (Disk, Power supply, LCC, Fan, Link, Port), Component status, Host spare ready disk count

Overall Disk health: Total disk count, Total disk size (MB), Active disk count, Failed disk count, Spare disk count

Configuration

Installing the NaviSecCLI Library in FortiSIEM

Changing NaviSecCLI Credentials

If you change the NaviSecCLI credentials on your EMC Clarion device, the certificates may also be changed and naviseccli may prompt you to accept new certificates. This should only happen the first time after a certificate change, however, FortiSIEM discovery and performance monitoring will fail. You must run NaviSecCLI manually on each Supervisor and Worker in your deployment and accept the certificate, and then rediscover your EMC Clarion device for performance monitoring to resume.

Configuration of your EMC Clarion storage device involves installing EMC's NaviSecCLI library in your FortiSIEM virtual appliance, and then setting the access credentials that the appliance will use to communicate with your device.

  1. Log in to your FortiSIEM virtual appliance as root.
  2. Copy the file NaviCLI-Linux-64-x86-versionxyz.rpm to the FortiSIEM directory.
  3. Run rpm --Uvh NaviCLI-Linux-64-x86-versionxyz.rpm to install the rpm package.
    [root@Rob-SP-94 tmp]# rpm -Uvh NaviCLI-Linux-64-x86-en_US-7.30.15.0.44-1.x86_64.rpm
    Preparing... ########################################### [100%]
    1:NaviCLI-Linux-64-x86-en########################################### [100%]
    Please enter the verifying level(low|medium|l|m) to set?
    m
    Setting medium verifying level
    [root@Rob-SP-94 opt]# ls -la
    total 40
    drwxr-xr-x 8 root root 4096 Aug 22 16:06 .
    drwxr-xr-x 29 root root 4096 Aug 16 16:46 ..
    drwxr-xr-x 11 admin admin 4096 Jul 23 18:56 glassfish
    lrwxrwxrwx 1 root root 16 Aug 16 16:46 Java -> /opt/jdk1.6.0_32
    drwxr-xr-x 8 root root 4096 Jun 2 16:35 jdk1.6.0_32
    drwxr-xr-x 5 root root 4096 Aug 22 16:06 Navisphere <----Note this directory was created***
    drwxrwxr-x 14 admin admin 4096 Jul 24 11:22 phoenix
    drwxrwxr-x 3 root root 4096 Jun 2 16:36 rpm
    drwxr-xr-x 8 root root 4096 Jun 18 2010 vmware
    [root@Rob-SP-94 opt]#
  4. Change the user role to the admin su - admin and make sure that the user can run the command naviseccli -h -User <user> -Password <pwd> -Scope global getall -sp from the directory /opt/phoenix/bin .
    [root@Rob-SP-94 Navisphere]# cd bin
    [root@Rob-SP-94 bin]# su - admin
    [admin@Rob-SP-94 ~]$ naviseccli
    Not enough arguments
    Usage:
    [-User <username>] [-Password <password>]
    [-Scope <0 - global; 1 - local; 2 - LDAP>]
    [-Address <IPAddress | NetworkName> | -h <IPAddress | NetworkName>]
    [-Port <portnumber>] [-Timeout <timeout> | -t <timeout>]
    [-AddUserSecurity | -RemoveUserSecurity | -DeleteSecurityEntry]
    [-Parse | -p] [-NoPoll | -np] [-cmdtime]
    [-Xml] [-f <filename>] [-Help] CMD <Optional Arguments>[security -certificate]
    [admin@Rob-SP-94 ~]$ pwd
    /opt/phoenix/bin
  5. Make sure that the Navisphere Analyzer module is on.
    If the module is off, performance metrics will not be available and discovery will fail. This log shows an example of the module being turned off.
    [admin@fsiem ~]$ naviseccli -user admin -password admin*1 -scope 0 -h 192.168.1.100 getall -sp
    Server IP Address:       192.168.1.100
    Agent Rev:           7.32.26 (0.95)
    SP Information
    --------------
    Storage Processor:                  SP A
    Storage Processor Network Name:     A-IMAGE
    Storage Processor IP Address:       192.168.1.100
    Storage Processor Subnet Mask:      255.255.255.0
    Storage Processor Gateway Address:  192.168.1.254
    Storage Processor IPv6 Mode:               Not Supported
    Management Port Settings:
    Link Status:                        Link-Up
    Current Speed:                      1000Mbps/full duplex
    Requested Speed:                    Auto
    Auto-Negotiate:                     YES
    Capable Speeds:                     1000Mbps half/full duplex
                                        10Mbps half/full duplex
                                        100Mbps half/full duplex
                                        Auto
    System Fault LED:              OFF
    Statistics Logging:            OFF    <----- Note: performance statistics are not being collected
                                          <------ so AccelOp can not pull stats and discovery will fail.
                                          <------ See how to turn ON Statistics Logging below.
    SP Read Cache State            Enabled
    SP Write Cache State           Enabled
    ....
  6. If the Navisphere Analyzer module is off, turn it on with the setstats -on command.
    [admin@fsiem ~]$ naviseccli -user admin -password admin*1 -scope 0 -h 192.168.1.100 setstats -on
    [admin@fsiem ~]$ naviseccli -user admin -password admin*1 -scope 0 -h 192.168.1.100 getall -sp
    
    Server IP Address:       192.168.1.100
    Agent Rev:           7.32.26 (0.95)
     
    SP Information
    --------------
    Storage Processor:                  SP A
    Storage Processor Network Name:     A-IMAGE
    Storage Processor IP Address:       192.168.1.100
    Storage Processor Subnet Mask:      255.255.255.0
    Storage Processor Gateway Address:  192.168.1.254
    Storage Processor IPv6 Mode:               Not Supported
    Management Port Settings:
    Link Status:                        Link-Up
    Current Speed:                      1000Mbps/full duplex
    Requested Speed:                    Auto
    Auto-Negotiate:                     YES
    Capable Speeds:                     1000Mbps half/full duplex
                                        10Mbps half/full duplex
                                        100Mbps half/full duplex
                                        Auto
    System Fault LED:              OFF
    Statistics Logging:            ON   <---NOTE that statistics Logging is now ON.
    SP Read Cache State            Enabled
    SP Write Cache State           Enabled
    Max Requests:                  N/A
    Average Requests:              N/A
    Hard errors:                   N/A
    Total Reads:                   1012
    Total Writes:                  8871
    Prct Busy:                     6.98
    Prct Idle:                     93.0
    System Date:                   10/04/2013
    Day of the week:               Friday
    System Time:                   11:23:48
    Read_requests:                 1012
    Write_requests:                8871
    Blocks_read:                   26259
    Blocks_written:                235896
    Sum_queue_lengths_by_arrivals: 27398
    Arrivals_to_non_zero_queue:    3649
    ....
  7. Once this command runs successfully, you are ready to set the access credentials for your device in FortiSIEM and initiate the discovery process.
Setting the IP Address for Credential Mapping

Enter the Storage Processor IP address when you associate your device's access credentials to an IP address during the credential set up process. Do not enter any other IP address, such as the Control Station IP.

Settings for Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your EMC VNX storage device over NaviSecCLI.

Setting Value
Name <set name>
Device Type EMC VNX
Access Protocol Navisec CLI
Use LDAP Select to use LDAP to access directory services
User Name The user you configured to access NaviSecCLI
Password The password associated with the user