- Notes, cautions, and warnings
- Getting Started
- Post-Deployment Activities
- Post-deployment tasks
- Post-deployment task checklist
- Prepare lockbox files for Java upgrade
- Create the lockbox
- Customer support
- Configure native users
- Configure LDAP users
- Configure SNMP
- Enable OpenSSL FIPS compliance
- Create and map volumes
- Set up replication on peer systems
- Install and configure PowerFlex SRA
- Post-deployment best practice suggestions
- Link PowerFlex presentation server to the MDM cluster
- View MDM certificate details in the PowerFlex GUI
- Configure the SDS for NVDIMM health awareness
- Post-deployment tasks
- PowerFlex Performance Fine-Tuning
- PowerFlex performance fine-tuning
- Tune PowerFlex for best performance
- Performance tuning post-installation
- PowerFlex system changes
- Optimize Linux
- Optimize ESXi
- Optimize SVM settings
- Optimizing VM guests
- Optimize Hyper-V
- Optimize AIX
- Optimize Windows
- PowerFlex Performance Parameters
- RAID controller virtual disk settings
- Apply Performance Profiles to system components
- PowerFlex performance fine-tuning
- Configure and Customize
- Configuration
- Protection Domains
- Fault Sets
- SDS
- Storage Pools
- Configuring acceleration
- Devices
- Volumes
- Configuring SDCs
- Manual SDC configuration/verification
- Update approved SDC IP addresses using the PowerFlex GUI
- Approve SDCs using the PowerFlex GUI
- Restricted SDC mode
- Add an external SDC to an existing PowerFlex system
- SDC operations
- Update the SDC driver with IP address changes
- Detecting new volumes
- Query volumes using drv_cfg
- Query tgt objects using drv_cfg
- Query GUID using drv_cfg
- Query MDMs using drv_cfg
- Loading a configuration file using drv_cfg
- Adding an MDM using drv_cfg
- Modifying an MDM IP address using drv_cfg
- Permanent Device Loss state
- Update the SDC parameters in VMware based HCI or compute node
- Run the SDC driver on RHEL\SLES with multipath enabled
- SDC authentication
- Apply Performance Profiles to system components
- RFcache (xcache) package installation
- Increase SVM memory to accommodate additional SDS device
- Modify an SDS port during I/O
- Configure the PowerFlex presentation server
- Unlink from the MDM cluster
- PowerFlex VASA provider and vVols
- MDM Cluster
- Configuring MDM cluster
- Configure virtual IP addresses using the PowerFlex Installer
- Security
- Approving pending security certificates
- Default self-signed certificate expires on the PowerFlex Gateway
- Default self-signed certificate expires on PowerFlex GUI
- Upgrade the PowerFlex Gateway when a custom certificate is used
- Change the PowerFlex Gateway's keystore password
- Change the PowerFlex presentation server's keystore password
- Change the PowerFlex presentation server's truststore password
- Certificate management for PowerFlex presentation server
- Certificate management for PowerFlex Gateway
- Use SSH authentication for the PowerFlex Gateway
- Configure SSL component authentication
- Configure SDC access to the MDM
- Approved encryption methods
- Login banner overview
- Managing LIA security
- User Management
- Fault reporting features
- Add, Remove or Rename Components
- Logs
- LIA
- Configuration
- Protection
- Snapshots
- Snapshot policies
- Remote Protection
- Add a peer system
- SDR journal capacity
- Restart the replication cluster
- SDR
- Replication Consistency Group
- Replication direction and mapping
- Add a RCG
- Map RCG target volumes to SDC
- Unmap an SDC from RCG target volumes
- Set target to inconsistent mode
- Set target to consistent mode
- Modify RPO
- Add a replication pair to RCG
- Pause RCG
- Create snapshot of RCG volume
- Failover
- Reverse replication
- Restore replication
- Test Failover
- Test failover stop
- Freeze RCG
- Unfreeze RCG
- Activate RCG
- Terminate RCG
- Pause initial copy
- Resume initial copy
- Set priority
- Unpair from RCG
- VMware environment specific tasks
- Operating System Patching
Configure and Customize Dell PowerFlex v3.6.x
Workflow for externally signed security certificates
The system generates and signs self-signed certificates automatically when secure communication is enabled, and no user intervention is required. You can replace the certificates by an externally signed security certificate. A Certificate Authority (CA) uses the CSR (Certificate Signing Request) file to create an externally signed security certificate.
About this task
The workflow describes how to replace the certificates signed by an external CA for each MDM.
Steps
-
Log in to the primary MDM with a security or administrator user role:
scli --mdm_ip <primary_mdm_ip> --login --username admin --password <password>
-
Generate the CSR file on the primary MDM, for the specified MDM (target):
scli --generate_mdm_csr_file --target_mdm_ip <mdm_ip>
The file mdm-target_hostname.csr is created and saved to:- Linux: /opt/emc/scaleio/mdm/cfg
- Windows: C:\Program Files\emc\scaleio\mdm\cfg
-
Send the generated CSR file to the CA for signing.
The CA returns the following files:
- A certificate for each MDM.
- A trusted/root certificate and its' intermediate certificate from the CA.
-
On each MDM, from the CLI, add the root and intermediate certificate to the truststore, using the
--add_certificate command. Refer to
PowerFlex CLI Reference Guide for more information.
scli --add_certificate --certificate_file root-ca.pem.crt
-
Run the following commands using Java's keytool to import all the certificates to each of the following components' truststore. It is recommended to restart the machine after running the commands.
- PowerFlex Gateway
- Linux: /opt/emc/scaleio/gateway/webapps/ROOT/WEB-INF/classes/certificates/truststore.jks
- Windows (64 bit): C:\Program Files\EMC\ScaleIO\Gateway\webapps\ROOT\WEBINF\classes\certificates\truststore.jks
- PowerFlex presentation server
NOTE:Refer to "Update the certificate for the PowerFlex presentation server" for detailed steps on how to import the certificate from the MDM to the PowerFlex presentation server.
- Linux: /etc/mgmt-server/.config/mdm-truststore.jks
- vSphere plugin
- Linux: $HOME/.vmware/scaleio/certificates
- Windows: C:\Users\[user_name]\AppData\Roaming\VMware\scaleio\certificates\truststore.jks or C:\Windows\System32\config\systemprofile\AppData\Roaming\VMware\scaleio\certificates
Trust is now established. - PowerFlex Gateway
- Save the signed certificate for the MDM in /opt/emc/scaleio/mdm/cfg.
- Rename the MDM certificate file to mdm_signed_certificate.pem.
-
From the MDM, remotely log in to the primary MDM with a security or administrator user role:
scli --mdm_ip <primary_mdm_ip> --login --username admin --password <password>
-
Run the following command to begin applying the signed certificate to each of the MDMs:
/opt/emc/scaleio/mdm/bin/apply_signed_certificate.py --mdm_ip <primary_mdm_ip> --local_mdm_ip <local_mdm_ip>
If the remote read-only feature is enabled on the MDM, add --skip_cli_command to the command, and later, while logged in with user that has security permissions, run the command scli --replace_mdm_security_files.NOTE:This step changes the MDM certificate, and might cause a brief failure period (switch ownership).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\