Cloud Connector Settings – IBM

Cloud Connector is the Hardware Management Console component that uploads data to the Cloud Management Console (CMC) cloud.

To configure or review the settings for Cloud Connector, click the navigation menu icon () in the portal header and click the Settings icon (). In the Settings page, click the Cloud Connector tab.

Management Tab

The Firewall Configuration area lists the hosts and ports that you must open in your firewall to allow Cloud Connector communication. The area includes the fully qualified domain name (FQDN) and IP address for outbound connections.

Important: The Firewall configuration table on the Settings > Cloud Connector > Management page incorrectly displays 8443 as the port that must be opened in the firewall for accessing the CMC portal. The actual port that must be opened is 443. The user interface will be corrected in a future release.

If both the FQDN and IP address are present for a connection, IBM recommends that you set up the firewall with the FQDN for a connection. If the FQDN is not available, use the IP address. If you need the FQDN for all the outbound connections, contact IBM support.

Note: If you are using an HTTP or SOCKS proxy, ensure that the listed connections are opened in the proxy server as well as in the firewall.

When you activate CMC for the first time, follow these rules for connecting to the FQDN or the IP address associated with port 5044 from HMC:

Allow outbound connection to FQDN or IP address and port as "5044"
Allow tunneling over the 5044 port if you are using HTTP proxy.

Note: By default, this IP address has a self-signed certificate that requires disabling SSL interception. For a CA assigned certificate, contact CMC support.

Blocklist, Allowlist, and No List

You can prevent the Cloud Connector from uploading data for specific managed systems by adding the managed systems to the blocklist. The Blocklist tab in the Managed System Filter area lists the managed systems that are blocklisted. The blocklist contains the model, type, machine serial number (MTMS) of the managed systems. The data from these managed systems is not uploaded to the cloud.

You can specifically allow the Cloud Connector to upload data for specific managed systems by adding the managed systems to the allowlist. The Allowlist tab in the Managed System Filter area lists the managed systems that are allowlisted. The allowlist contains the model, type, machine serial number (MTMS) of the managed systems. The data from these managed systems is uploaded to the cloud. When an allowlist is in effect, only data from managed systems on the allowlist is uploaded to the cloud.

Note: Data filtering for the allowlist is supported only with HMC version 1020 or greater. If this version requirement is not satisfied, data will flow to the CMC for systems that are not part of the allowlist.

To view the current managed systems in the blocklist or allowlist, click the Blocklist and Allowlist tabs above the Managed System Filter area.

If you enable No List, the two managed system filter types are not enabled and the data for all managed systems is shown.

You can have only a Blocklist, an Allowlist, or No List in effect at one time.

Blocklist

Important: You must add managed systems to the blocklist before you start the Cloud Connector so that the data from these managed systems is not uploaded to the cloud.

To add a managed system to the blocklist, click Blocklist and confirm your selection. In the Managed System Filter area, click Edit Blocklist and specify the model, type, serial number of the managed system that you want to blocklist and click Add. To remove a managed system from the blocklist, click the minus sign (-) corresponding to the name of the managed system, and click Yes when you are prompted.

When you add a managed system to the blocklist, the existing data on the cloud that is associated with the managed system is not removed from the cloud automatically. To remove the data from the cloud, start the Cloud Connector, if it is not running. From the management console command line, run the command run chsvc -s cloudconn -o stop --purge to remove the data from the cloud.

Important: The systems that are in Power Enterprise Pool 2.0 cannot be blocklisted.

Allowlist

To add a managed system to the allowlist, click Allowlist and confirm your selection. In the Managed System Filter area, click Edit Allowlist and specify the model, type, serial number of the managed system that you want to allowlist and click Add. To remove a managed system from the allowlist, click the minus sign (-) corresponding to the name of the managed system, and click Yes when you are prompted.

No List

Click No List to disable both the managed system filter types and show data for all managed systems.

Data Filter: To filter the data in Cloud Connector from getting pushed to cloud storage, you can make the selection in this table. Selection are available to filter the System IP Address and Logical Partition/VirtualIOServer IP Address. You can enable them later if you want to. After the selection is made, it will take about 5 to 10 minutes to reflect the data in the CMC. The patch planning data gets updated once a day, so you might see delay in reflecting the changes in the Patch Planning app.

Note: The purge operation is supported if the HMC is at Version 8 Release 8.6.0 Service Pack 2 or higher.

Attribute Masking: By enabling the attribute masking feature, you can ensure that sensitive data does not leave your data center. After enabling this feature, Cloud Connector masks sensitive data and sends the masked data to the CMC server, and the CMC UI displays the masked values of the resource attributes on all the CMC pages and apps.
To enable Attribute Masking, click Settings > Cloud Connector > Cloud Connector Management, scroll down to the end of the page, and then set Attribute Masking to On.

The attribute masking feature is available with HMC Version 1040 and later only. Data from earlier HMC versions is not masked and will continue to be displayed unmasked even when Attribute Masking is enabled.

Note: If a system is connected to multiple HMCs, for the attribute masking feature to work, the version of all the connected HMCs must be HMC Version 1040 or later.

For a list of attributes whose values are masked, see CMC Attribute Masking.

Cloud Connector Startup Command: The Cloud Connector Startup Command area displays the command chsvc -s cloudconn -o start -k <value> to start the Cloud Connector. The Cloud Connector is an application that runs on the management console. The Cloud Connector reads the configuration file from the cloud to determine the data collection procedures that must be run. It applies the settings for each application and sends the data. Click Copy to Clipboard to copy the command to the management console command line and run the command to start sending the data.

Using a proxy connection

To use a proxy connection, you must modify the startup command to use proxy paths. You can add a SOCKS5 proxy, HTTP proxy, or both connections. When you use both connections, you must specify both the arguments in the startup command at one instance. For example,

chsvc -s cloudconn -o start -k <key> --socks socks.proxy:8080 --http http.proxy:9090

For more information about creating proxy connections, see Creating Proxy Connections on the HMC.

Restarting Cloud Connector
To restart Cloud Connector, update the startup command by replacing start with restart in the command. For example,

chsvc -s cloudconn -o restart -k <key> --socks socks.proxy:8080 --http http.proxy:9090

Status Tab

The table in the Cloud Connector Status area displays the Network Time Protocol (NTP) service status for all management consoles where Cloud Connector is running. Click View Status to view the Cloud Connector status for the selected HMC. It is recommended that you enable the NTP service on the HMC (Hardware Management Console) to automatically synchronize the HMC clock with an NTP time server. When you enable the NTP service, the time of your HMC is synchronized with other management consoles. The applications that are running in the cloud depend on the data that is captured in HMC that has local HMC time stamp. If you do not configure the NTP service in the HMC, there might be inconsistency in the time at which the data is collected by the Cloud Connector in the management console and the view that is built in the cloud application might not show the real-time data. To enable the NTP service, log in to the HMC and go to the HMC Management > Change date and time > NTP configuration and select the Enable NTP service for this HMC check-box. You can also use the command chhmc -c xntp -s enable from the HMC command line to enable NTP.

The green circle icon () or the red triangle icon () in the first column of the table represents the status of the Cloud Connector. A green circle icon () indicates a good state for the Cloud Connector. The red triangle icon () indicates an issue with the Cloud Connector. Click the icon for more information about the state and the action to be taken.

A cloud connector may show outdated or incorrect data if it cannot connect to the cloud or it is stopped on the HMC. You can remove the data for such inactive HMCs from the Status tab.

To remove the data, click View Status for the HMC.
On the Cloud Connector Status dialog box, click Yes, remove the data.

This action purges the inventory and usage data collected for systems, partitions, and VIOSs managed by the HMC. However, data from redundant HMCs for these systems remains unchanged.
Notes:

Removing the data permanently deletes all information sent from this Cloud Connector, including any inventory or performance preferences data.
If you are unsure about removing the data and want to resolve this issue yourself, click Close, I will resolve it myself.

Network outage with Cloud Connector

If the active communication with CMC fails, Cloud Connector will go into inactive state if the network outage is not resolved after 24 hours. In this situation, after the network outage is resolved, manually restart Cloud Connector.

Related articles