Navigating

SAM and the SMH

SAM and SMH Overview

• SAM provides an intuitive, menu-based administration interface in 11i v1 and v2

• SMH provides an intuitive, menu-based administration interface in 11i v3
• Both tools simplify complex administration tasks and minimize errors
• Both tools are sometimes less flexible than the command-line interface

Feature SAM SMH

HP-UX versions support 11i v1, v2 11i v1*, v2*, v3
Intuitive Terminal User Interface (TUI) Yes Yes, in 11i v3 only
Intuitive Graphical User Interface (GUI) X-based Web-based
Configurable to provide access to non-root users Yes Yes
Built-in help facility Yes Yes
Customizable and extensible Yes Yes
Uses standard HP-UX commands to perform tasks No Yes
Integrates with HP Systems Insight Manager (SIM) No Yes
Windows, Linux support No Yes

* 11i v1 and v2 provide limited SMH functionality

2
Navigating
SAM and the SMH
Part 1: Navigating the SAM Interface
Launching the SAM GUI

Administrators who have a graphical display and a DISPLAY

variable can use the X-based SAM Graphical User Interface
(GUI)
# echo $DISPLAY
# sam &

Menu Bar
Status Bar

Functional Areas

Scroll Bar
Launching the SAM TUI

Administrators who don’t have a graphical display or a DISPLAY variable

can use the SAM Terminal User Interface (TUI)

# sam
┌ === System Administration Manager ==== ┐
│ File View Options Actions Help │ Menu Bar
│ Press CTRL-K for keyboard help. │
│ SAM Areas │ Status Bar
│────────────────────────────────────────│
│ Source Area │
│ ┌────────────────────────────────────┐ │
│ │ SAM Auditing and Security -> │ │
│ │ SAM Backup and Recovery -> │ │ Functional Areas
│ │ SAM Disks and File Systems -> │ │
│ │ SAM Kernel Configuration -> │ │
│ └────────────────────────────────────┘ │
└────────────────────────────────────────┘

NOTE: this screenshot has been formatted and truncated to fit the slide
Using SAM Object Menus and Actions

SAM generally uses the following interface paradigm

1. Select a Functional Area (e.g.: Users)
2. Select an Object from the Functional Area Object List (e.g.: user1)
3. Select an Action from the Action menu (e.g.: Modify)
4. Complete the resulting dialog box and click [OK], [Apply], or [Cancel]

┌ ============== Accounts for Users and Groups ================ ┐

│File List View Options Actions │
│───────────────────────│ ==================================== ││
│Users │ Add... ││
│───────────────────────│ User Templates-> ││
│ Login User ID │ Task Customization... ││
│ Name (UID) │ Modify... ││
│┌──────────────────────│ Remove... ││
││ user1 104 │ Modify Secondary Group Membership ││
││ user2 105 │ Modify User's Password ││
││ user3 106 │ Deactivate ││
││ user4 107 └──────────────────────────────────────┘│
││ user5 108 NOTE: this screenshot has been formatted and truncated to fit the slide
│
│└──────────────────────────────────────────────────────────────│
└───────────────────────────────────────────────────────────────┘
Navigating
SAM and the SMH
Part 2: Navigating the SMH Interface
Launching the SMH TUI

• The SMH offers a web interface and, in 11i v3, a TUI interface
• Use smh –t to launch the TUI interface
• Use the arrow keys and shortcuts listed at the bottom of each screen to navigate the TUI

# smh -t

SMH->Accounts for Users and Groups->Local Users

----------------------------------------------------------------
Login Name User ID Primary Group Real Name Last Login
================================================================
user1 301 class student NEVER
user2 302 class student Mon Jun 11 12:56:10
user3 303 class student NEVER
user4 304 class student Thu Jun 14 10:23:20
<-------------------------------------------------------------->
x-Exit smh ESC-Back 1-Help m-Modify User
ENTER-Details /-Search a-Add User Ctrl o-Other Actions

NOTE: this screenshot has been formatted and truncated to fit the slide
Launching the SMH GUI via Autostart

• SMH web access is provided via an Apache web server daemon

• By default, SMH is configured to run in “autostart” mode
• A lightweight smhstartd daemon starts at boot time
• Users connect to smhstartd via web address http://server:2301/
• smhstartd launches the Apache/SMH daemon when needed
• smhstartd redirects each request via HTTPS to the Apache/SMH daemon
• Apache/SMH terminates after 30 minutes of inactivity

Enable SMH autostart

# smhstartconfig –a on –b off Browser

Verify SMH autostart http://server:2301/

# smhstartconfig
HPSMH 'autostart url' mode.........: ON smhstartconfig
HPSMH 'start on boot' mode.........: OFF
Start Tomcat when HPSMH starts.....: OFF https://server:2381/

Access the SMH from any web browser Apache/SMH

# mozilla http://servername.hp.com:2301/
Launching the SMH GUI via Start-on-Boot

• Alternatively, configure the Apache/SMH daemon to run perpetually

• Apache/SMH daemon starts at boot time and runs perpetually
• Users connect directly to the Apache/SMH daemon via HTTPS
• Advantage: SMH clients can connect directly via HTTPS, avoiding a redirect
• Disadvantage: Apache runs perpetually on the system

Enable SMH start-on-boot

# smhstartconfig –a off –b on Browser

Verify SMH autostart

https://server:2381/
# smhstartconfig
HPSMH 'autostart url' mode.........: OFF
HPSMH 'start on boot' mode.........: ON Apache/SMH
Start Tomcat when HPSMH starts.....: OFF

Access the SMH from any web browser

# mozilla https://server:2381/
Verifying the SMH Certificate

Browsers use security “certificates” to authenticate the identity of HTTPS servers

• By default, SMH uses “self-signed” security certificates
• Some administrators install certificates signed by a Certificate Authority (CA) instead
If using “self-signed” certificates, browsers may display a security warning

Mozilla security certificate warning: IE security certificate warning:

Logging into the SMH

• After connecting to the SMH daemon, enter an authorized HP-UX username/password

• By default, only members of the HP-UX root group can log into the SMH
• Other HP-UX groups can optionally be granted access to the SMH, too
SMH->Home

SMH utilizes a tabbed interface

• Use the “Home” tab, the default tab, to view hardware/status information
• Use the “Settings” tab to customize SMH security and add custom menu items
• Use the “Tasks” tab to execute arbitrary commands on the server
• Use the “Tools” tab to view and configure OS features
• Use the “Logs” tab to launch SMH’s web-based log file viewers

NOTE: screenshot has

been formatted and
truncated to fit the slide
SMH->Home->System

The “Home” tab “System” box reports hardware status information

• Click a hardware subsystem (e.g.: “Physical Memory”) for more details
• Output varies model to model

NOTE: screenshot has been

formatted and truncated to fit
the slide
SMH->Home->Operating System

The “Home” tab “Operating System” box provides links to a variety of OS status screens
• Reports vary from OS release to OS release

NOTE: screenshot has been formatted and truncated to fit the slide
SMH->Tools (1 of 4)

The “Tools” tab provides GUI interfaces for many common admin tasks
• Some tools launch GUI interfaces, some launch web interfaces, others run CLIs
• Supported tools vary from release to release

NOTE: screenshot has

been formatted and
truncated to fit the slide
SMH->Tools (2 of 4)

To run a tool...
• Click a tool (e.g.: “File Systems”) on the “Tools” tab
• Select an object (e.g.: “/home”) from the resulting object list
• Select an action (e.g.: “Unmount”) from the resulting action list
• Provide the information requested in the dialog box that follows

NOTE: screenshot has

been formatted and
truncated to fit the slide
SMH->Tools (3 of 4)

• Dialog boxes vary

from tool to tool

• Most include an
explanation of the tool
and it’s limitations and
side-effects

• Most include a
preview button that
displays the HP-UX
command(s)
executed by the tool

NOTE: screenshot has

been formatted and
truncated to fit the slide
SMH->Tools (4 of 4)

Some SMH tools are simply wrappers for external non-web-based applications
• Select your preferred language
• Enter your desktop system’s $DISPLAY variable value
• Look at the command preview to determine which command the tool executes
• Click “Run”

NOTE: screenshot has

been formatted and
truncated to fit the slide
SMH->Settings

The “Settings” tab allows you to add and remove your own custom tools, too
• Access the “Settings” tab
• Click “Add Custom Menu”
• Use the resulting dialog box to create the custom tool
• Custom tools may be added to existing SMH tool categories, or new custom categories
• Custom tools may launch X applications, CLI commands, or web applications
• Custom tools may be configured to run as root when launched by non-root users
• Custom tools may be executed just like built-in SMH tools

NOTE: screenshot has

been formatted and
truncated to fit the slide
SMH->Tasks

Use the “Tasks” tab to execute a single command through the SMH
• Access the “Tasks” tab
• Click “Launch” or “Run”, and follow the prompts to run the program
• SMH reports the command’s STDERR and STDOUT output

NOTE: screenshot has

been formatted and
truncated to fit the slide
SMH->Logs

SMH provides web-based log file viewers for viewing some common system log files
• Access the “Logs” tab
• Select a log file viewer (e.g.: “System Log Viewer”)
• Use the “Select” tab to select a log file (e.g.: “syslog.log” vs. “OLDsyslog.log”)
• Use the “Layout” and ”Filters” tabs to customize the column layout
• Use the “Display” tab to view the log contents
• Log file viewer features for other log files may vary

NOTE: screenshot has been formatted and truncated to fit the slide
SMH Group Access Control

• Users must enter a valid HP-UX username/password in order to access the SMH
• SMH determines a user’s access rights (if any) via the user’s HP-UX group memberships
• By default, only members of the root group can access the SMH
• Use Settings->Security->User Groups to grant SMH access to other HP-UX groups
SMH Authentication

Security conscious system administrators can enable additional SMH

authentication features via other links on the Settings->Security menu

IP Binding:
Only allow users to access SMH from selected networks
IP Restricted login:
Only allow users to access SMH from selected IP addresses
Local Server Certificate:
Import a security certificate for the SMH server from a third party
Local/Anonymous Access:
Allow local and/or remote users to access SMH without providing a username & password
Trust Mode:
Determine how SMH authenticates configuration requests from remote SIM servers
Trusted Management Servers:
Import security certificates for SIM servers, if using SIM to remotely manage SMH nodes
SMH and SIM Integration Possibilities
HP SMH provides an intuitive web interface for managing a single system
HP SIM provides an intuitive web interface for managing multiple systems
• SIM manages all HP-supported operating systems, and most HP-supported devices
• SIM can automatically, seamlessly launch any server’s SMH page
• SIM consolidates status, log, and other information from multiple nodes
• SIM provides robust role based security and key-based authentication
• SIM is included with HP-UX; other licensed plug-ins provide even greater functionality
For Further Study

Course from HP Customer Education:

HB508S HP Systems Insight Manager (SIM) for HP-UX

Manuals on http://docs.hp.com:
HP System Management Homepage User Guide
HP System Management Homepage Installation Guide
HP System Management Homepage Release Notes
Lab
activity

H3064S G.00 – © 2007 Hewlett-

27 Packard Development Company, L.P.