Professional Documents
Culture Documents
Imanager U2000 V200R016C60 Administrator Guide 14 (PDF) - C PDF
Imanager U2000 V200R016C60 Administrator Guide 14 (PDF) - C PDF
Imanager U2000 V200R016C60 Administrator Guide 14 (PDF) - C PDF
System
V200R016C60
Administrator Guide
Issue 14
Date 2018-11-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Related Version
The following table lists the product version related to this document.
Intended Audience
This document describes the operations that are performed by the network management
system (NMS) administrators on the U2000. This document describes the processes of and
methods for the operations and maintenance in various aspects, including user management,
log management, database management, process management, and file management.
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Symbol Description
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Convention Description
Change History
Updates between document issues are cumulative. Therefore, the latest document issue
contains all updates made in previous issues.
Contents
5 Security Management................................................................................................................. 79
5.1 User Security................................................................................................................................................................ 80
5.2 Managing User Rights.................................................................................................................................................. 86
5.2.1 Getting to Know Operation Rights Management...................................................................................................... 87
5.2.1.1 Rights......................................................................................................................................................................87
5.2.1.2 U2000 Authorization Principles............................................................................................................................. 88
5.2.1.3 Users and User Groups........................................................................................................................................... 94
5.2.1.4 Object and Object Set............................................................................................................................................. 96
5.2.1.5 Domain................................................................................................................................................................... 97
5.2.1.6 Operation and Operation Set.................................................................................................................................. 98
5.2.2 Scenarios for Operation Right Management........................................................................................................... 101
5.2.3 Authorization Plan................................................................................................................................................... 104
5.2.4 Assigning Rights to Users........................................................................................................................................116
5.2.4.1 Authorization Process........................................................................................................................................... 116
5.2.4.2 Creating User-Defined Object Sets.......................................................................................................................117
6.1.4.6.1 Restoring U2000 High Availability System (Solaris) Data from a Local Server..............................................282
6.1.4.6.2 Restoring U2000 High Availability System (Solaris) Data from a Remote Server.......................................... 285
6.1.4.7 Restoring U2000 High Availability System (SUSE Linux) Data.........................................................................288
6.1.4.7.1 Restoring U2000 High Availability System (SUSE Linux) Data from a Local Server.....................................288
6.1.4.7.2 Restoring U2000 High Availability System (SUSE Linux) Data from a Remote Server................................. 291
6.1.5 U2000 Data is Restored by Mirroring the Database................................................................................................294
6.1.5.1 Restoring the U2000 Single-Server System (Solaris) Data by Switching the Data Source................................. 294
6.1.5.2 Restoring the U2000 Single-Server System (SUSE Linux) Data by Switching the Data Source........................297
6.1.5.3 Restoring the U2000 High Availability System (Solaris) Data by Switching the Data Source........................... 300
6.1.5.4 Restoring the U2000 High Availability System (SUSE Linux) Data by Switching the Data Source.................. 303
6.1.6 Backing Up and Restoring the U2000 Network Configuration Data by Using Scripts.......................................... 307
6.1.6.1 Script Files............................................................................................................................................................ 309
6.1.6.2 Immediately Backing Up the U2000 Data by Script............................................................................................ 321
6.1.6.3 Backing Up the U2000 Data Through Script Exporting in a Scheduled Manner................................................ 322
6.1.6.4 Restoring the U2000 Data by Using the Script.................................................................................................... 323
6.1.7 Full System Backup and Restoration (Single Server System, SUSE Linux).......................................................... 328
6.1.7.1 Full System Backup Solution Overview.............................................................................................................. 329
6.1.7.2 (Optional) Mounting Configurations for the U2000 Server and File Server........................................................332
6.1.7.2.1 Mounting the Windows 2008 File Server..........................................................................................................332
6.1.7.2.2 Mounting the Solaris File Server.......................................................................................................................333
6.1.7.2.3 Mounting the SUSE Linux File Server..............................................................................................................335
6.1.7.3 (Optional) Configuring a Local Backup Disk for the U2000 Server....................................................................337
6.1.7.4 Creating of the ISO File for Urgent System Recovery.........................................................................................339
6.1.7.5 (Optional) Backing up System Partitions............................................................................................................. 340
6.1.7.6 Recovering the Full System..................................................................................................................................343
6.1.8 Managing the U2000 Database................................................................................................................................346
6.1.8.1 U2000 Database List............................................................................................................................................ 346
6.1.8.1.1 List of Small-scale U2000 Databases................................................................................................................ 346
6.1.8.1.2 List of Common-scale U2000 Databases.......................................................................................................... 349
6.1.8.1.3 List of Medium-scale U2000 Databases............................................................................................................352
6.1.8.1.4 List of Large-scale/Super-large-scale U2000 Databases................................................................................... 356
6.1.8.2 Initializing the U2000 Database........................................................................................................................... 359
6.1.8.3 Checking the Database Status...............................................................................................................................362
6.1.9 Dumping Performance Data.................................................................................................................................... 362
6.1.9.1 Dumping Performance Data Manually.................................................................................................................362
6.1.9.2 Dumping Performance Data Automatically......................................................................................................... 364
6.2 Fast Restoration Scheme for the U2000 Cold Backup System.................................................................................. 366
6.2.1 Introduction to the Fast Restoration Scheme for the U2000 Cold Backup System................................................ 366
6.2.2 Creating Backup and Restoration Tasks.................................................................................................................. 369
6.2.2.1 Configuring Automatic Backup Tasks on the Primary Site..................................................................................369
6.2.2.2 Configuring Automatic Restoration on the Secondary Site................................................................................. 373
6.2.3 Manually Execute Backup and Restoration Tasks...................................................................................................378
A FAQs............................................................................................................................................610
A.1 Windows OS.............................................................................................................................................................. 611
A.1.1 How to Add a Static Route..................................................................................................................................... 611
A.1.2 How to Change the Password of the OS Administrator......................................................................................... 611
A.1.3 How to Configure the Remote Login to the Windows OS..................................................................................... 612
A.1.4 How to Set the Virtual Memory to the System Managed Size............................................................................... 613
A.1.5 How to Check Whether an NIC Is Assigned Multiple IP Addresses (Windows).................................................. 614
A.1.6 How to Delete Unnecessary IP Addresses of an NIC (Windows)..........................................................................614
A.1.7 How to Query the Type of a Windows OS............................................................................................................. 615
A.1.8 How to Log In to the CLI on Windows.................................................................................................................. 615
A.1.9 How to Shut Down Automatic Update of the Windows OS.................................................................................. 616
A.1.10 How to Identify the Network Connection Name Associated with the NMS Application IP Address on Windows
.......................................................................................................................................................................................... 616
A.1.11 How Do I Manually Enable and Disable the FTP Service on a Server?.............................................................. 617
A.1.12 How to Configure the minasshd Encryption Algorithm.......................................................................................618
A.1.13 How to Change the Password for the Windows OS User ossuser?..................................................................... 619
A.1.14 How to Change the Password for the Windows OS User dbuser?...................................................................... 620
A.1.15 How to Change the Password for the Windows OS User ftpuser?......................................................................621
A.1.16 How Can I Manually Disable SSL and Start TLS?.............................................................................................. 622
A.1.17 How Do I Configure an Internet Explorer Browser as the Default Browser on a Windows 10 OS?...................623
A.2 SUSE Linux OS......................................................................................................................................................... 624
A.2.1 How to Change the OS User Password.................................................................................................................. 624
A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.............................................................. 625
A.2.3 How to Enable and Disable the FTP Authority of the root User in the SUSE Linux OS...................................... 627
A.2.4 How to manually Add the Default Route (SUSE Linux)....................................................................................... 627
A.2.5 How to manually Add a Static Route (SUSE Linux)............................................................................................. 628
A.2.6 How to Add a Static Route If the U2000 Is Installed............................................................................................. 629
A.2.7 How to Check the Remaining Space of a Disk.......................................................................................................631
A.2.8 How to Monitor System Processes and Application Ports..................................................................................... 631
A.2.9 How to Enable Remote GUI Logins.......................................................................................................................632
A.2.10 How to Query the Process Status..........................................................................................................................632
A.2.11 How to Forcibly End a Process.............................................................................................................................632
A.2.12 How to Use the vi Editor...................................................................................................................................... 633
A.2.13 How to Change the Time and Time Zone of the SUSE Linux OS....................................................................... 634
A.2.14 How to Use the VNC to Remotely Log In to SUSE Linux by Retaining the Session......................................... 636
A.2.15 How to Set IP Addresses for Unused NICs on SUSE Linux................................................................................645
A.2.16 How to Capture Snapshots on SUSE Linux......................................................................................................... 648
A.2.17 How to Check Whether Bond Is Configured........................................................................................................648
A.2.18 How to Configure the Resolution on SUSE Linux...............................................................................................649
A.2.19 How to Install the 7-zip Software on the SUSE Linux OS...................................................................................653
A.2.20 How to Enable the File Change Audit Function on SUSE Linux OS.................................................................. 654
A.2.21 How Do I Set an Encryption Algorithm for OpenSSH (SUSE Linux)................................................................ 659
A.2.22 How to Set the OpenSSH Encryption Algorithm on a Linux Distributed System............................................... 662
A.2.23 How Do I Obtain the Public Key of a Third-party SFTP Server?........................................................................665
A.2.24 How to Check Downloaded Software Packages Using HashMyFiles Software.................................................. 665
A.2.25 How Do I Verify Downloaded Software Packages Using the PGPVerify Software............................................ 667
A.2.26 How to Fix Garbled Characters in the SUSE Linux Command Output............................................................... 670
A.2.27 Checking the NTP Service on Linux.................................................................................................................... 672
A.2.28 How to Use the FileZilla to Transfer Files by SFTP............................................................................................ 674
A.2.29 What Can I Do If Logging In to the GUI Desktop Fails in SUSE Linux.............................................................677
A.3 Solaris OS.................................................................................................................................................................. 679
A.3.1 Network Configurations of the Workstation...........................................................................................................679
A.3.1.1 How to Make the Devices Directly Connected to the two NICs of the Server Communicate with Each Other.680
A.3.1.2 How to Add the Default Route............................................................................................................................ 680
A.3.1.3 How to Add a Static Route.................................................................................................................................. 681
A.8.2.4 How to Change the Database Administrator Password for the Sybase Database If the U2000 Is Installed....... 867
A.8.2.5 How to View the Bit Number of the Sybase Database........................................................................................ 869
A.8.2.6 How to View the Details of the Sybase Database................................................................................................870
A.8.2.7 How to View Data Tables.................................................................................................................................... 871
A.8.2.8 How to Query a Database Table if Only Part of the Table Name Is Remembered..............................................872
A.8.2.9 How to Identify Database Errors Caused by Unexpected Powering-Off of the Workstation............................. 873
A.8.2.10 How to Expand Space for the master Database.................................................................................................874
A.8.2.11 How to Set Up More User Connections to a Database......................................................................................876
A.8.2.12 How to Check for Database Errors Using the dbcc Tool...................................................................................877
A.8.2.13 How to Set the Network Transport Parameters of Databases............................................................................878
A.8.2.14 How to Delete a Suspect Database.................................................................................................................... 880
A.8.2.15 How to Delete a Damaged User Database.........................................................................................................882
A.8.2.16 How to Delete a Database from the Sybase Database....................................................................................... 883
A.8.2.17 How to View the Deadlock Information in the Database.................................................................................. 884
A.8.2.18 How to Create a Replacement User for the Sybase Database Administrator sa User....................................... 885
A.9 MSuite........................................................................................................................................................................888
A.9.1 How to Verify That The Process of the MSuite Server Is Started.......................................................................... 888
A.9.2 How to Start the Process of the MSuite Server...................................................................................................... 888
A.9.3 How to End Processes on the MSuite Server......................................................................................................... 889
A.9.4 How to Start the MSuite Client.............................................................................................................................. 889
A.9.5 Starting the Process of the MSuite Server.............................................................................................................. 891
A.9.6 How to Resolve the Problem of Failing to Log In to a MSuite Client................................................................... 891
A.10 U2000 System..........................................................................................................................................................893
A.10.1 How to Change the System Time and Time Zone of the Single-Server System on Windows.............................893
A.10.2 How to Change the System Time and Time Zone of the Single-Server System (Solaris)................................... 894
A.10.3 How to Modify the Time and Time Zone on the SUSE Linux Single-Server System......................................... 895
A.10.4 How to Change the System Time and Time Zone of the High Availability System (Solaris, SUSE Linux)....... 897
A.10.5 How to Determine Whether an Installed SUSE Linux System is a Local or Remote High Availability System 900
A.10.6 How to Verify That the Processes of the U2000 Single-Server System Are Running on Windows....................900
A.10.7 How to Start the Processes of the U2000 Single-Server System on Windows.................................................... 901
A.10.8 How to End the Processes of the U2000 Single-Server System on Windows......................................................903
A.10.9 How to Verify That the Processes of the U2000 Single-Server System Are Running on Solaris........................ 904
A.10.10 How to Start the Processes of the U2000 Single-Server System on Solaris...................................................... 905
A.10.11 How to End the Processes of the U2000 Single-Server System on (Solaris)..................................................... 905
A.10.12 How to Verify That the Processes of the U2000 Single-Server System Are Running on SUSE Linux.............906
A.10.13 How to Start the Processes of the U2000 Single-Server System on SUSE Linux............................................. 907
A.10.14 How to End the Processes of the U2000 Single-Server System on (SUSE Linux)............................................907
A.10.15 How to Check Whether the U2000 Processes of the High Availability System (Solaris, PC Linux) Are Started
.......................................................................................................................................................................................... 908
A.10.16 How to Start the U2000 Processes of the High Availability System (Solaris, PC Linux)..................................908
A.10.17 How to End the U2000 Processes of the High Availability System (Solaris, PC Linux)...................................909
A.10.18 What Factors Affect the Response Speed of the NMS....................................................................................... 909
A.10.19 How to Resolve the Problem Wherein Illegible Characters Occur in the NMS Window..................................910
A.10.57 How Do I Change an H2 Database User's Password for the U2000 Guard....................................................... 974
A.10.58 How Do I Import a U2000 Key Store.................................................................................................................976
A.10.59 How Do I Disable the U2000 from Monitoring the All-Zero IP Address..........................................................977
A.10.60 How Can the U2000 Client Use a Non-NMS-Application IP Address for Login..............................................983
A.10.61 How Do I Perform a Rollback After the H2 Key Replacement Fails.................................................................984
A.10.62 How Can the MSuite Client Use a Non-NMS-Application IP Address for Login.............................................985
A.10.63 How Can the U2000 Client Use a Non-NMS-Application IP Address for Login..............................................985
A.10.64 How Do I Enable the U2000 Distributed System to Monitor Default Network Adapters................................. 986
A.10.65 How to Configure an SSH Listening IP Address(Solaris, PC Linux)................................................................ 987
A.10.66 How Do I Configure an SSH Listening IP Address(Windows)......................................................................... 988
A.10.67 How Do I Configure iptables Listening for a Solaris/Linux HA System...........................................................989
A.10.68 How Do I Modify the ossuser or dbuser ID at the Secondary Site to Be the Same as that at the Primary Site
.......................................................................................................................................................................................... 991
A.10.69 How to Change the Password for the User ftpuser............................................................................................991
A.10.70 The Chinese Characters Entered on the iMAP Client Using Sogou Pinyin Are Incorrectly Displayed............ 993
A.10.71 How to Apply for U2000 Digital Certificates.................................................................................................... 994
A.10.72 How Do I Uninstall a Mirroring Database......................................................................................................... 999
A.10.73 How Do I Configure an FTP Listening IP Address..........................................................................................1000
A.10.74 Checking Whether the Restoration Server Meet Restoration Requirements....................................................1000
A.11 VMware Virtual Machine(VMware vSphere Client)............................................................................................ 1002
A.11.1 How Do I Log In to the VMware ESXi..............................................................................................................1002
A.11.2 How Do I Log In to the VMware vCenter Server?.............................................................................................1003
A.11.3 How to Check and Create a Port Group (Network Label) on the Virtual Machine............................................1007
A.11.4 How to Check Whether the Available Space of the Storage on a Virtual Machine Meets the U2000 Requirement
........................................................................................................................................................................................ 1010
A.11.5 How to View the Usage of Network Interfaces on the VMware Server.............................................................1010
A.11.6 How Do I Configure Virtual Machine Memory?................................................................................................1012
A.11.7 How Do I Change the Number of CPUs in a Virtual Machine?.........................................................................1014
A.11.8 How Do I Configure the Disk of a Virtual Machine?.........................................................................................1016
A.11.9 Establishing Connections Between the E9000 Server and the OceanStor 5500 V3 Disk Array on the GUI.....1019
A.11.10 Establishing Connections Between the E9000 Server and the OceanStor S3900 Disk Array on the GUI...... 1034
A.11.11 Expanding LUNs of a 5500 V3 Disk Array......................................................................................................1053
A.11.12 Creating a Service Network on the GUI........................................................................................................... 1056
A.11.13 How Do I Test the Real-Time Network Speed of an ESXI Host?.................................................................... 1061
A.11.14 How Do I Replace a Physically Damaged Blade and Configure the New Blade?........................................... 1062
A.11.15 How Do I Change the User Passwords for the vCenter and the OS That Houses the vCenter?.......................1063
A.11.16 How to shut down the OfficeScan software..................................................................................................... 1063
A.11.17 How Do I Change the Idle Time After Logging In to the vCenter Through the VMware vSphere Web Client?
........................................................................................................................................................................................ 1064
A.11.18 How to Enable or Disable Access to the ESXi Host Through Internet Explorer............................................. 1065
A.11.19 How Do I Change the Password of the administrator@vsphere.local User?................................................1065
A.11.20 How Do I Enable or Disable the vSphere Web Client Function?.....................................................................1066
A.11.21 How to Change the Windows OS Computer Name?........................................................................................ 1066
C MSuite.......................................................................................................................................1120
C.1 Overview.................................................................................................................................................................. 1121
C.1.1 Basic Concepts...................................................................................................................................................... 1121
C.1.2 System Architecture.............................................................................................................................................. 1121
C.1.3 Function Overview................................................................................................................................................1122
C.1.4 Graphical User Interface....................................................................................................................................... 1125
C.1.5 Command Line Interface.......................................................................................................................................1126
C.2 Starting and Stopping the MSuite............................................................................................................................ 1129
C.2.1 Starting the Process of the MSuite Server.............................................................................................................1129
C.2.2 Logging In to the MSuite Client........................................................................................................................... 1130
C.2.3 Exiting from the MSuite client..............................................................................................................................1131
C.2.4 Ending the Process of the MSuite Server..............................................................................................................1132
C.3 System Management................................................................................................................................................ 1132
C.3.1 Changing the Password of the MSuite.................................................................................................................. 1132
C.3.2 Logging Out of the MSuite Client........................................................................................................................ 1134
C.4 U2000 Deployment.................................................................................................................................................. 1134
C.4.1 Setting the System Time and Time Zone.............................................................................................................. 1134
C.4.2 Changing the Password of the Database Administrator........................................................................................1136
C.4.3 Changing the Password of the User of the Database............................................................................................ 1138
C.4.4 Configuring the NTP Service................................................................................................................................1140
C.4.5 Deploying Domains.............................................................................................................................................. 1141
C.4.6 Undeploying Domains.......................................................................................................................................... 1143
C.5 Adjusting the NMS.................................................................................................................................................. 1145
C.5.1 Changing the Host Name and IP Address.............................................................................................................1145
C.5.1.1 How to Change the IP Address of the Single-Server System (Windows 2008)................................................ 1148
C.5.1.2 How to Change the Host Name of the Single-Server System (Windows 2008)................................................1150
C.5.1.3 How to Change the IP Address and Host Name for the Single-Server System (Solaris).................................. 1152
C.5.1.4 How to Change the IP Address and Host Name for the Single-Server System (SUSE Linux).........................1154
C.5.1.5 How to Change the IP Address and Host Name for the High Availability System (Solaris)............................ 1155
C.5.1.6 How to Change the IP Address and Host Name for the Local High Availability System (SUSE Linux)......... 1159
C.5.1.7 How to Change the IP Address and Host Name for the Remote High Availability System (SUSE Linux)......1163
C.5.2 Configuring Routes............................................................................................................................................... 1168
C.5.3 Synchronizing Network Configurations............................................................................................................... 1170
C.5.4 Example for Adjusting the Network configurations of the Solaris Single-Server System................................... 1172
C.5.5 Example for Adjusting the Network configurations of the SUSE Linux Single-Server System..........................1174
C.5.6 Example for Adjusting Network Configurations of the High Availability System (Solaris)............................... 1176
C.5.7 Example for Adjusting Network Configurations of the High Availability System (SUSE Linux)...................... 1179
C.6 Management of the High Availability System (Veritas hot standby).......................................................................1182
C.6.1 Establishing the HA Relationship Between the Primary and Secondary Sites.....................................................1182
C.6.2 Separating the Primary Site from the Secondary Site...........................................................................................1185
C.6.3 Configuring the Current Server as the Active Server Forcibly.............................................................................1187
C.6.4 Monitoring the Status of the HA System.............................................................................................................. 1188
This topic describes the suggestions on running security. To ensure normal running of the
U2000, you must comply with the precautions for hardware and software operations.
On Solaris and SUSE Linux, removing unwanted network cables may lead to intermittent network
interruption.
l You must keep the equipment room clean, dustproof and moistureproof.
During U2000 O&M, any violation against the following precautions leads to service risks or
system collapse. Read the precautions carefully and perform operation in strict compliance
with them.
OS Do not install the OS that is This operation may For the mapping OS,
incompatible with the U2000 result in see Chapter Software
version. incompatibility Configuration
For example, the OS is between the OS and Planning for the
unauthorized, pirated, or U2000 and NMS Server in
incompatible with the U2000 consequently a failure U2000 Planning
version. to start the U2000 Guide.
process.
Do not enable insecure This operation may Using the SSH and
services that are irrelevant to bring risks of attacks. SFTP services is
the OS. recommended
For example, the Telnet and because the SSH and
FTP services of the OS and the SFTP services are
mail service. more secure.
Do not use the OS hardening This operation may Use the OS hardening
tools that are not provided the result in system tools provided by the
U2000. failure. U2000.
Do not manually change the IP This operation may If the IP address and
address and host name of OS. lead to a failure to host name of OS need
start U2000 to be changed, use the
processes. U2000 MSuite tool to
change it. Ensure that
the U2000processes
have been stopped
before making such a
change.
Databa Do not install the database that This operation may For the mapping OS,
se is incompatible with the cause incompatibility see Chapter Software
U2000 version. between the database Configuration
For example, the database is and the U2000 Planning for the
unauthorized, pirated, or version and NMS Server in
incompatible with the U2000 consequently a failure U2000 Planning
version. to start the U2000. Guide.
Do not modify the system time This operation may l To modify the
during U2000 running. cause time system time of the
inconsistency server, exit the
between the U2000 U2000server and
and NEs and failures restart it after the
of some functions. modification.
l To modify the
system time of the
client, exit the
U2000 client and
restart it after the
modification.
This topic describes how to start the U2000 system. The procedure for starting the U2000
system varies according to deployment solutions.
2.1 Starting the U2000 Server in a Windows Single-Server System
The U2000 server can be started in three steps: power on the server safely, start the database,
and start the U2000 server processes.
2.2 Starting the U2000 Server in a Solaris Single-Server System
The U2000 server can be started in three steps: power on the server safely, start the database,
and start the U2000 server processes.
2.3 Starting the U2000 Server in a SUSE Linux Single-Server System
The U2000 server can be started in three steps: power on the server safely, start the database,
and start the U2000 server processes.
2.4 Starting the U2000 Server in a Solaris High Availability System
The U2000 server can be started in three steps: power on the server safely, start the database,
and start the U2000 server processes.
2.5 Starting the U2000 Server in a SUSE Linux High Availability System
The U2000 server can be started in three steps: power on the server safely, start the database,
and start the U2000 server processes.
2.6 Logging In to a U2000 Client
Log in to a U2000 using the client, and then perform management operations in the GUI of
the U2000 client.
2. Press the power buttons on the peripherals and monitor connected to a server.
3. Wait 2 to 3 minutes. When the green indicator on the front panel of the server blinks
every 1s, press the power button on the shelf of the server.
NOTE
If the power button is steady on, the server has been successfully powered on. For details about
IBM server indicators, see the manual for IBM servers or log in to the official IBM website. For
details about Huawei server indicators, see the manual for Huawei servers or log in to the official
Huawei website. For official websites of software and hardware documents, see A.10.44 How Do
I Obtain Third-Party Software and Hardware Materials.
The red boxes in the following figures show the positions of power buttons on Huawei
RH2288H V2, Huawei RH2288H V3, Huawei RH5885H V3, IBM X3650 M4, IBM
X3650 M3 and, IBM X3850 X5.
Prerequisites
The OS has been started.
Context
Generally, the database starts along with the OS.
Procedure
Step 1 Log in to the OS as administrator.
NOTE
Step 2 Choose Start > All apps > Microsoft SQL Server 2008 > SQL Server Configuration
Manager > SQL Server Services.
Step 3 Right-click SQL Server (MSSQLSERVER) and choose Start from the shortcut menu.
----End
Result
In the SQL Server (MSSQLSERVER), if Start is dimmed, Microsoft SQL Server 2008 is
running.
Follow-up Procedure
Open the task manager of the server and click the Processes tab to check whether the
sqlserver.exe process is started by the dbuser user.
Prerequisites
The OS on the computer on which the U2000 server processes are installed is running
properly, and the database has been started.
Context
l Generally, the U2000 server processes start along with the OS.
l Only one default NMS user, admin, is provided during U2000 software installation. The
admin user is a U2000 administrator with the highest rights on the U2000 system.
Procedure
Step 1 Log in to the OS as a user with ossuser rights.
Step 2 View the startup information about the U2000 server processes.
1. Choose Start > Run. The Run window will be displayed.
2. Enter cmd and click OK.
3. In the CLI, run the daem_ps command to check whether the U2000 process is started.
– If information similar to the following is displayed, the U2000 process has started.
imapmrb.exe 30616 RDP-Tcp#1 3
19,252 K
imapeventmgr.exe 4392 RDP-Tcp#1 3
19,812 K
imapsysd.exe 27224 RDP-Tcp#1 3
39,720 K
imapwatchdog.exe 36812 RDP-Tcp#1 3
14,216 K
ResourceMonitor.exe 29472 RDP-Tcp#1 3
25,024 K
imap_sysmonitor.exe 8368 RDP-Tcp#1 3
36,628 K
python.exe 33732 RDP-Tcp#1 3
21,216 K
httpd.exe 14920 RDP-Tcp#1 3
11,140 K
java.exe 21572 RDP-Tcp#1 3
92,424 K
httpd.exe 15980 RDP-Tcp#1 3
16,476 K
NOTE
If information similar to the following is displayed, the U2000 process also has started.
imapmrb.exe 11116 Services 0
30,392 K
imapeventmgr.exe 11164 Services 0
21,404 K
imapsysd.exe 10236 Services 0
42,116 K
imapwatchdog.exe 8584 Services 0
11,676 K
ResourceMonitor.exe 26056 Services 0
28,184 K
imap_sysmonitor.exe 13168 Services 0
39,632 K
– If no command output is displayed, the U2000 process is not started. You can run
the D:\oss\server\platform\bin\startnms.bat command in the CLI to start the
U2000 process. If information similar to the following is displayed, the database
has to be started. For details, see 2.1.2 Starting the Database. Then, execute the
startnms.bat file to start the U2000 process.
Service MSSQLSERVER does not running,please start it first.
NOTE
Step 3 Check the running status of every process on the System Monitor client.
1. Choose Start > All Programs > Network Management System > U2000 System
Monitor or click the shortcut icon on the desktop to start the U2000 System Monitor
client.
Two data transmission modes are available: Common and Security(SSL) (more secure,
recommended). The default data transmission mode is Security(SSL). For details, see section A.
10.26 How to Set the Communication Mode on the U2000 server for the Single-Server
System (Windows) to query or change the communication mode of the server.
The initial password of the admin user is Changeme_123. The password must be changed during
the first login to ensure system security. Keep the password confidential and change it regularly.
----End
Result
l If the U2000 services with the startup type of Automatic have started properly, the
U2000 runs properly.
l If some services have not started, select them, right-click, and choose Start the Service
from the shortcut menu.
l If the U2000 does not run properly, contact Huawei engineers.
Follow-up Procedure
The network management system maintenance suite is used for U2000 commissioning,
maintenance, and redeployment.
Log in to the OS as a user with administrator rights, in the Windows Task Manager dialog
box, check whether msdaemon.exe and msserver.exe are listed.
l If the two processes are listed, the MSuite server has started.
l If the two processes are not listed, the MSuite server has not started. Navigate to the D:
\oss\engr\engineering directory of U2000 server and double-click startserver.bat to
start the MSuite server.
l Oracle SPARC T4-2 workstations support only 200 ~ 240 VAC input voltage and do
not support 100 ~ 120 VAC input voltage.
l Netra T4-1/Oracle T4-1/M4000/M5000 server supports 200 to 240 VAC and 100 to
120 VAC input voltage.
l Netra T4-2 server supports100 to 220 VAC input voltage.
l Configure power supply based on the rated system power requirement, see U2000
Hardware Installation Guide (Huawei N610E cabinet). If the power supply is
insufficient, the server automatically stops and the high availability system fails to
trigger an active/standby switchover.
2. Wait about 2 or 3 minutes. Then switch on the power of the Netra T4-1/Netra T4-2/
Oracle T4-1/Oracle T4-2/T5220 workstation to start the server.
3. After the server is started, check indicators on the front panel. If the power indicator is
steady green, the server is powered on. If another indicator is on or blinks, the server
does not function properly. Contact the server maintenance engineers to solve the
problem. The following figure shows the positions of the power switch and power
indicator.
Figure 2-7 Power switch and power indicator on the Netra T4 server
Figure 2-8 Power switch and power indicator on the Netra T4-2 server
Figure 2-9 Power switch and power indicator on the Oracle T4-1 server
Figure 2-10 Power switch and power indicator on the Oracle T4-2 server
NOTE
l If the Solaris OS starts automatically on the server, the Solaris OS has been correctly installed.
l If the server displays the OK prompt, enter boot. If the server does not respond, no Solaris OS has
been installed on the server.
M4000/M5000 Server
1. Power on an M4000/M5000 server.
NOTE
Configure power supply based on the rated system power requirement, see U2000 Hardware
Installation Guide (Huawei N610E cabinet). If the power supply is insufficient, the server
automatically stops and the high availability system fails to trigger an active/standby switchover.
This issue occurs frequently for the M4000/M5000 with high power consumption.
2. Insert the key delivered with the server into the key slot in the front panel of the M4000/
M5000 server, and turn the rotary switch to the Locked position labeled with , as
shown in the following figure.
l Ensure that the green LED power indicator on the operation panel is lit.
l During the power-on process, it is recommended that you use a PC to log in to the controller
on an M4000/M5000 server through a serial interface and enter console -d 0 -f to view the
server start status.
l If the Solaris OS starts automatically on the server, the Solaris OS has been correctly installed.
l If turn the rotary switch to the Service position labeled with , the server cannot access the
OS automatically, the server displays the ok prompt. Enter boot. If the server does not
respond, no Solaris OS has been installed on the server.
Disk Array
l To prevent data loss, do not remove or insert disk modules, controllers, fibers, network
cables, or serial cables when powering on a disk array.
l To prevent disk damage and data loss, do not turn on or cut off the power supply when the
disk is accessing data. If the power supply is cut off, wait at least 1 minute before turning
it on.
l Power supply must be provided for the two power modules of the OceanStor S2600 and
OceanStor S3900; otherwise, the OceanStor S2600 and OceanStor S3900 fail to be used. Then
press the power switch on the controller A / B. Wait 5 to 10 minutes until the power indicator is
steady green, no longer flashing, indicating the success of the power-on.
l Power supply must be provided for the two power modules of the OceanStor 5500 V3; otherwise,
the OceanStor 5500 V3 fails to be used. Press the power button on controller A/B. Wait 5 to 10
minutes until the power indicator is steady green and no longer flashing, indicating the power-on
success.
Physical indications that the storage system is up and running without error:
l The power indicators of the controllers, controller enclosure, and disk enclosures are
steady green.
l The alarm indicators of the controllers, controller enclosure, and disk enclosures are off.
l The running indicators of the coffer disks are steady green, and their alarm/location
indicators are off.
Prerequisites
The OS has been started.
Context
Generally, the database starts along with the OS.
Procedure
Step 1 Log in to the OS as the dbuser user.
NOTE
To switch to the dbuser user, run the su - dbuser command. After the U2000 is installed, the password
for the dbuser user is Changeme_123. For system security, modify the default password and remember
the new password. For details, see A.2.1 How to Change the OS User Password.
NOTE
Run the following commands to start the Sybase database if it is not running:
$ su - dbuser
NOTE
Enter the dbuser user password as prompted. The default password is Changeme_123. For system
security, modify the default password and remember the new password. For details, see A.2.1 How to
Change the OS User Password.
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/ASE*/install
$ ./startserver -f ./RUN_DBSVR &
$ ./startserver -f ./RUN_DBSVR_back &
$ exit
NOTE
l Leave a space between the dot (.) and the command /opt/sybase/SYBASE.sh.
l DBSVR is the name of the database server and DBSVR_back is the name of the database backup
server. These names must be consistent with the actual database names.
l View the database name and database backup server name by running the more /opt/sybase/
interfaces command.
----End
Result
Run the following command to check whether the Sybase process is running:
$ ps -ef | grep sybase
NOTE
Prerequisites
The OS on the computer on which the U2000 server processes are installed is running
properly, and the database has been started.
Context
l Generally, the U2000 server processes start along with the OS.
l Only one default NMS user, admin, is provided during U2000 software installation. The
admin user is a U2000 administrator with the highest rights on the U2000 system.
Procedure
Step 1 Log in to the OS of the server as the ossuser user.
Step 2 Run the following command to check whether the U2000 processes have started:
$ daem_ps
NOTE
If the displayed information contains imapmrb, imapwatchdog -cmd start, imapsysd -cmd start,
imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start, the U2000 processes
have started.
Step 3 Run the following command to start the U2000 processes if they have not started:
$ cd /opt/oss/server/platform/bin
$ ./startnms.sh
----End
Result
l If the U2000 services with the startup type of Automatic have started properly, the
U2000 runs properly.
l If some services have not started, select them, right-click, and choose Start the Service
from the shortcut menu.
l If the U2000 does not run properly, contact Huawei engineers.
Follow-up Procedure
The network management system maintenance suite is used for U2000 commissioning,
maintenance, and redeployment. Generally, the MSuite server starts along with the OS. If the
MSuite server does not start, run the following commands:
$ cd /opt/oss/engr/engineering
$ ./startserver.sh
Run the following command to check whether the network management system maintenance
suite process has started:
$ ps -ef | grep java
NOTE
Server
1. Power on a Huawei RH2288H V2/Huawei RH2288H V3/Huawei RH5885H V3/IBM
X3650 M4/IBM X3650 M3/IBM X3850 X5 server.
2. Press the power buttons on the peripherals and monitor connected to a server.
3. Wait 2 to 3 minutes. When the green indicator on the front panel of the server blinks
every 1s, press the power button on the shelf of the server.
NOTE
If the power button is steady on, the server has been successfully powered on. For details about
IBM server indicators, see the manual for IBM servers or log in to the official IBM website. For
details about Huawei server indicators, see the manual for Huawei servers or log in to the official
Huawei website. For official websites of software and hardware documents, see A.10.44 How Do
I Obtain Third-Party Software and Hardware Materials.
The red boxes in the following figures show the positions of power buttons on Huawei
RH2288H V2, Huawei RH2288H V3, Huawei RH5885H V3, IBM X3650 M4, IBM
X3650 M3 and, IBM X3850 X5.
Disk Array
l To prevent data loss, do not remove or insert disk modules, controllers, fibers, network
cables, or serial cables when powering on a disk array.
l To prevent disk damage and data loss, do not turn on or cut off the power supply when the
disk is accessing data. If the power supply is cut off, wait at least 1 minute before turning
it on.
NOTE
Power supply must be provided for the two power modules of the OceanStor S3900; otherwise, the
OceanStor S3900 fail to be used. Then press the power switch on the controller A / B. Wait 5 to 10
minutes until the power indicator is steady green, no longer flashing, indicating the success of the
power-on.
Prerequisites
The OS has been started.
Context
Generally, the database starts along with the OS.
Procedure
Step 1 Log in to the OS as the dbuser user.
NOTE
To switch to the dbuser user, run the su - dbuser command. After the U2000 is installed, the password
for the dbuser user is Changeme_123. For system security, modify the default password and remember
the new password. For details, see A.2.1 How to Change the OS User Password.
Step 2 Run the following command to check whether the Sybase database is running.
$ ps -ef | grep sybase
NOTE
Step 3 Run the following commands to start the Sybase database if it is not running.
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/ASE*/install
$ ./startserver -f ./RUN_DBSVR &
$ ./startserver -f ./RUN_DBSVR_back &
NOTE
l Leave a space between the dot (.) and the command /opt/sybase/SYBASE.sh.
l DBSVR is the name of the database server and DBSVR_back is the name of the database backup
server. These names must be consistent with the actual database names.
l View the database name and database backup server name by running the more /opt/sybase/
interfaces command.
----End
Result
Run the following command to check whether the Sybase process is running:
$ ps -ef | grep sybase
NOTE
Prerequisites
The OS on the PC server on which the U2000 server processes are installed is running
properly, and the database has been started.
Context
Generally, the U2000 server processes start along with the OS.
Procedure
Step 1 Log in to the OS of the server as the ossuser user.
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
----End
Result
l If the U2000 services with the startup type of Automatic have started properly, the
U2000 runs properly.
l If some services have not started, select them, right-click, and choose Start the Service
from the shortcut menu.
l If the U2000 does not run properly, contact Huawei engineers.
l Oracle SPARC T4-2 workstations support only 200 ~ 240 VAC input voltage and do
not support 100 ~ 120 VAC input voltage.
l Netra T4-1/Oracle T4-1/M4000/M5000 server supports 200 to 240 VAC and 100 to
120 VAC input voltage.
l Netra T4-2 server supports100 to 220 VAC input voltage.
l Configure power supply based on the rated system power requirement, see U2000
Hardware Installation Guide (Huawei N610E cabinet). If the power supply is
insufficient, the server automatically stops and the high availability system fails to
trigger an active/standby switchover.
2. Wait about 2 or 3 minutes. Then switch on the power of the Netra T4-1/Netra T4-2/
Oracle T4-1/Oracle T4-2/T5220 workstation to start the server.
3. After the server is started, check indicators on the front panel. If the power indicator is
steady green, the server is powered on. If another indicator is on or blinks, the server
does not function properly. Contact the server maintenance engineers to solve the
problem. The following figure shows the positions of the power switch and power
indicator.
Figure 2-18 Power switch and power indicator on the Netra T4 server
Figure 2-19 Power switch and power indicator on the Netra T4-2 server
Figure 2-20 Power switch and power indicator on the Oracle T4-1 server
Figure 2-21 Power switch and power indicator on the Oracle T4-2 server
NOTE
l If the Solaris OS starts automatically on the server, the Solaris OS has been correctly installed.
l If the server displays the OK prompt, enter boot. If the server does not respond, no Solaris OS has
been installed on the server.
M4000/M5000 Server
1. Power on an M4000/M5000 server.
NOTE
Configure power supply based on the rated system power requirement, see U2000 Hardware
Installation Guide (Huawei N610E cabinet). If the power supply is insufficient, the server
automatically stops and the high availability system fails to trigger an active/standby switchover.
This issue occurs frequently for the M4000/M5000 with high power consumption.
2. Insert the key delivered with the server into the key slot in the front panel of the M4000/
M5000 server, and turn the rotary switch to the Locked position labeled with , as
shown in the following figure.
l Ensure that the green LED power indicator on the operation panel is lit.
l During the power-on process, it is recommended that you use a PC to log in to the controller
on an M4000/M5000 server through a serial interface and enter console -d 0 -f to view the
server start status.
l If the Solaris OS starts automatically on the server, the Solaris OS has been correctly installed.
l If turn the rotary switch to the Service position labeled with , the server cannot access the
OS automatically, the server displays the ok prompt. Enter boot. If the server does not
respond, no Solaris OS has been installed on the server.
Disk Array
l To prevent data loss, do not remove or insert disk modules, controllers, fibers, network
cables, or serial cables when powering on a disk array.
l To prevent disk damage and data loss, do not turn on or cut off the power supply when the
disk is accessing data. If the power supply is cut off, wait at least 1 minute before turning
it on.
deployed but is not powered on). 4. Turn on the application server (if the
application server is not powered on).
– Normal power-down sequence: 1. Stop the services of the application server. 2.
Hold the power button for 5 seconds on the controller enclosure. 3. Disconnect the
controller enclosure and disk enclosures from the external power supplies.
l For OceanStor S3900:
– Normal power-on sequence: 1. Turn on the power switches of the external power
supplies connected to all the devices. 2. Press the power button on either controller.
3. Turn on the LAN switch or FC switch (if any LAN switch or FC switch is
deployed but is not powered on). 4. Turn on the application server (if the
application server is not powered on).
– Normal power-down sequence: 1. Stop the services of the application server. 2.
Hold the power button for 5 seconds on either controller. 3. Disconnect the
controller enclosure and disk enclosures from the external power supplies.
l For OceanStor S2600:
– Power-on sequence: cabinet → disk enclosures → controller enclosure → switch (if
has) → application server.
– Power-off sequence: application server → switch (if has) → controller enclosure →
disk enclosures → cabinet.
NOTE
l Power supply must be provided for the two power modules of the OceanStor S2600 and
OceanStor S3900; otherwise, the OceanStor S2600 and OceanStor S3900 fail to be used. Then
press the power switch on the controller A / B. Wait 5 to 10 minutes until the power indicator is
steady green, no longer flashing, indicating the success of the power-on.
l Power supply must be provided for the two power modules of the OceanStor 5500 V3; otherwise,
the OceanStor 5500 V3 fails to be used. Press the power button on controller A/B. Wait 5 to 10
minutes until the power indicator is steady green and no longer flashing, indicating the power-on
success.
Physical indications that the storage system is up and running without error:
l The power indicators of the controllers, controller enclosure, and disk enclosures are
steady green.
l The alarm indicators of the controllers, controller enclosure, and disk enclosures are off.
l The running indicators of the coffer disks are steady green, and their alarm/location
indicators are off.
Prerequisites
l The OS has been started.
l The server is properly connected to the network.
l The VCS service must be properly started. The VCS service has started along with the
OS and the disk is functioning properly. For details about how to check the server disk
status, see 8.5.1 Checking Server Disks.
Procedure
Step 1 Perform the following operations to start the Sybase database:
1. Log in to the active site as the ossuser user. Run the following command to switch to the
root user.
$ su - root
Password: password for the root user
3. Run the hagrp -autoenable AppService -sys hostname command to set the AppService
group to autoenable. Run the hares -modify resource name Enabled 1 command to
change the status of all Veritas resources to Enabled. Use the resource names displayed
in the previous command output as an example. Run the following commands to change
the status of all the Veritas resources to Enabled:
For example, execute the following commands in a Solaris high availability system:
# hares -modify BackupServer Enabled 1
# hares -modify DataFilesystem Enabled 1
# hares -modify DatabaseServer Enabled 1
# hares -modify NMSServer Enabled 1
# hares -modify RVGPrimary Enabled 1
# hares -modify datarvg Enabled 1
# hares -modify wac Enabled 1
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
4. Run the following command to start the Sybase database service:
# hares -online BackupServer -sys hostname
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
----End
Result
Run the following command to check whether the Sybase process is running:
$ ps -ef | grep sybase
NOTE
Prerequisites
The OS on the computer on which the U2000 server processes are installed is running
properly, and the database has been started.
Procedure
Step 1 Log in to the OS on the active site as the root user.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
NOTE
----End
Result
1. Log in to the OS of the active site as the ossuser user.
2. Run the following command to check whether the U2000 is running:
$ daem_ps
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd
start, imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -
cmd start, the U2000 processes have started.
Server
1. Power on a Huawei RH2288H V2/Huawei RH2288H V3/Huawei RH5885H V3/IBM
X3650 M4/IBM X3650 M3/IBM X3850 X5 server.
2. Press the power buttons on the peripherals and monitor connected to a server.
3. Wait 2 to 3 minutes. When the green indicator on the front panel of the server blinks
every 1s, press the power button on the shelf of the server.
NOTE
If the power button is steady on, the server has been successfully powered on. For details about
IBM server indicators, see the manual for IBM servers or log in to the official IBM website. For
details about Huawei server indicators, see the manual for Huawei servers or log in to the official
Huawei website. For official websites of software and hardware documents, see A.10.44 How Do
I Obtain Third-Party Software and Hardware Materials.
The red boxes in the following figures show the positions of power buttons on Huawei
RH2288H V2, Huawei RH2288H V3, Huawei RH5885H V3, IBM X3650 M4, IBM
X3650 M3 and, IBM X3850 X5.
Disk Array
l To prevent data loss, do not remove or insert disk modules, controllers, fibers, network
cables, or serial cables when powering on a disk array.
l To prevent disk damage and data loss, do not turn on or cut off the power supply when the
disk is accessing data. If the power supply is cut off, wait at least 1 minute before turning
it on.
NOTE
Power supply must be provided for the two power modules of the OceanStor S3900; otherwise, the
OceanStor S3900 fail to be used. Then press the power switch on the controller A / B. Wait 5 to 10
minutes until the power indicator is steady green, no longer flashing, indicating the success of the
power-on.
Prerequisites
l The OS has been started.
l The server is properly connected to the network.
l The VCS service has started along with the OS and the disk is functioning properly. For
details about how to check the server disk status, see 8.6.1 Checking Server Disks.
Procedure
Step 1 Perform the following operations to start the Sybase database:
1. Log in to the active site as the ossuser user. Run the following command to switch to the
root user.
$ su - root
Password: password for the root user
3. Run the hagrp -autoenable AppService -sys hostname command to set the AppService
group to autoenable. Run the hares -modify resource name Enabled 1 command to
change the status of all Veritas resources to Enabled. Use the resource names displayed
in the previous command output as an example. Run the following commands to change
the status of all the Veritas resources to Enabled:
For example, execute the following commands in a PC Linux high availability system:
# hagrp -autoenable AppService -sys hostname
# hares -modify APPBOND Enabled 1
# hares -modify BackupServer Enabled 1
# hares -modify DatabaseServer Enabled 1
# hares -modify NMSServer Enabled 1
# hares -modify RVGPrimary Enabled 1
# hares -modify datarvg Enabled 1
# hares -modify mountRes Enabled 1
# hares -modify wac Enabled 1
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
4. Run the following command to start the Sybase database service:
# hares -online BackupServer -sys hostname
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
----End
Result
Run the following command to check whether the Sybase process is running:
$ ps -ef | grep sybase
NOTE
Prerequisites
The OS on the computer on which the U2000 server processes are installed is running
properly, and the database has been started.
Procedure
Step 1 Log in to the OS on the active site as the root user.
Step 2 Run the following command to start the U2000 server processes.
# hagrp -online AppService -sys hostname
NOTE
l hostname specifies the server name. You can run the hostname command to view the server name.
l If a fault has occurred during the start of the AppService process, run the # hagrp -clear AppService -
sys hostname command to rectify the fault. Then run the # hagrp -online AppService -sys hostname
command to start the AppService process.
----End
Result
1. Log in to the OS of the active site as the ossuser user.
2. Run the following command to check whether the U2000 is running:
$ daem_ps
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd
start, imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -
cmd start, the U2000 processes have started.
Prerequisites
Before logging in to a U2000 client, ensure that the following conditions are met:
Run the ping peer IP address command to check the network communication.
– In a single-server system, the IP address is the system IP address for the server.
– In an availability system, the IP address is the NMS application network IP address
for the active site.
l The ports used between the U2000 client and the U2000 server have been enabled. For
details, see U2000 Communication Port Matrix.
l The IP address of the U2000 client is included in the ACL configured on the U2000
server.
NOTE
By default, an ACL contains all IP addresses. Setting an ACL based on security requirements is
recommended. For details, see 5.3.1.2 Setting a User ACL.
l Valid U2000 user account and password are available.
l U2000 licenses have been correctly loaded to the U2000 server.
l The recommended resolution range is 1024 * 768 to 1920 * 1080.
Context
l By default, if three incorrect passwords are entered consecutively, the associated user
account will be locked by the U2000. The user admin can unlock common user
accounts. The U2000 will also unlock the user account in 30 minutes.
l The password for the U2000 System Monitor must be the same as that for the U2000
client.
l Each U2000 client can concurrently connect to multiple U2000 servers of the same
version.
Procedure
Step 1 Log in to the independent client OS as the administrator right user on which the U2000
client is installed.
NOTE
Log in to the Windows server OS as the ossuser right user on which the U2000 client is installed.
Step 2 Double-click the U2000 Client shortcut icon on the desktop. The Login dialog box is
displayed.
NOTE
l On Windows, double-click the startup_all_global.bat file in the client installation path, for example
D:\oss\client directory to start the U2000 client.
Step 3 In the Login dialog box, select a desired server from the Server drop-down list.
If no server has been configured, perform the following operations to add a server:
1. Click the ... button. In the Server List dialog box, click Add.
2. In the Add Server Information dialog box, set parameters for the U2000 server to be
added and click OK.
Name Setting this parameter to the login IP address or the related host
name is recommended.
Secondary server Generally, this parameter is not set. If the U2000 server is running
name (or IP in a high availability system, set this parameter to the IP address
address) of the standby site.
3. In the Server List dialog box, select a server from the list and click OK.
Step 4 Enter valid user name and password, and click Login.
l The default user name is admin. The initial password of the admin user is
Changeme_123. The password must be changed during the first login to ensure system
security. Keep the password confidential and change it regularly.
l If you attempt to connect to the server in a non-SSL mode, the client displays a dialog
box indicating security risks.
– If you want to continue the connection, click Yes. If you do not want the client to
display the dialog box again upon subsequent logins, select Do not remind me
next time.
NOTE
The IP address of the server being connected is saved to the allComServer.dat file in Client
installation directory\client\client\plugins\loginui\style\conf\loginui. Therefore, the Do not
remind me next time settings apply only to the connected server. If you want the client to
display the dialog box that indicates the security risks upon subsequent logins, delete the
allComServer.dat file.
– If you want to terminate the connection, click No. The Login dialog box is
displayed. You can select the matched communication mode.
l If the client does not trust the server, you need to determine whether the server is
trustworthy using the server certificate.
– If you confirm that the server is trustworthy, click Yes and log in to the client. If you
do not want the system to display the dialog box again, contact the system
administrator to configure a trust certificate.
– If you confirm that the server is untrustworthy, click No to return to the Login
dialog box and contact the system administrator to process the issue.
l When you log in to the U2000 client, a message will be displayed asking you whether to
upgrade the client if the U2000 detects that the local computer version is earlier than the
server version.
NOTE
Clients installed in package installation mode do not support client automatic upgrades (CAUs).
– If the client is installed in CAU mode, click OK to upgrade the client.
– If the client is installed in package installation mode, click Cancel and then use the
CAU mode to re-install the client.
----End
Result
After the U2000 client is successfully logged in to, it automatically obtains associated data
from the U2000 server.
NOTE
After the U2000 client is successfully logged in to, if a certificate problem is prompted, accept this
certificate permanently. Click OK.
This topic describes how to shut down the U2000 server and U2000 clients. The shutdown
procedure varies according to the deployment scheme.
3.1 Shutting Down U2000 Clients
You must ensure that all U2000 clients are shut down before you shut down the U2000 server.
This topic describes how to shut down the U2000 clients.
3.2 Shutting Down the U2000 Server (Single Server System, Windows)
Three steps are required to shut down the U2000 server: stop the U2000 server processes, shut
down the database, and power off the server safely.
3.3 Shutting Down the U2000 Server (Single Server System, Solaris)
Three steps are required to shut down the U2000 server: stop the U2000 server processes, shut
down the database, and power off the server safely.
3.4 Shutting Down the U2000 Server (Single Server System, SUSE Linux)
Three steps are required to shut down the U2000 server: stop the U2000 server processes, shut
down the database, and power off the server safely.
3.5 Shutting Down the U2000 Server in a High Availability System (Solaris)
Four steps are required to shut down the U2000 server in a high availability system (Solaris):
stop the U2000 server processes, shut down the database, stop the VCS service, and power off
the server safely.
3.6 Shutting Down the U2000 Server in a High Availability System (PC Linux)
Four steps are required to shut down the U2000 server: stop the U2000 server processes, shut
down the database, stop the VCS service, and power off the server safely.
Prerequisites
The U2000 clients must be started properly.
Procedure
Step 1 Choose File > Exit from the main menu.
----End
Prerequisites
Exit all running U2000 clients.
Procedure
Step 1 Log in to the OS as a user with ossuser rights.
NOTE
If the server is started by the administrator, switch to the administrator and log in to the OS to disable the
server.
36,628 K
python.exe 33732 RDP-Tcp#1 3
21,216 K
httpd.exe 14920 RDP-Tcp#1 3
11,140 K
java.exe 21572 RDP-Tcp#1 3
92,424 K
httpd.exe 15980 RDP-Tcp#1 3
16,476 K
NOTE
n If information similar to the following is displayed, the U2000 process is not stopped.
Switch to the administrator and run the D:\oss\server\platform\bin\stopnms.bat command
to stop the U2000 process.
imapmrb.exe 11116 Services
0 30,392 K
imapeventmgr.exe 11164 Services
0 21,404 K
imapsysd.exe 10236 Services
0 42,116 K
imapwatchdog.exe 8584 Services
0 11,676 K
ResourceMonitor.exe 26056 Services
0 28,184 K
imap_sysmonitor.exe 13168 Services
0 39,632 K
n D:\oss specifies the installation path of the U2000.
n Stopping the U2000 process takes about 3 minutes.
----End
Result
If no command output is displayed after the daem_ps command is executed, the U2000
process has stopped.
Prerequisites
The U2000 server processes must have been stopped.
Procedure
Step 1 Log in to the OS as administrator.
NOTE
Step 2 Choose Start > All apps > Microsoft SQL Server 2008 > SQL Server Configuration
Manager > SQL Server Services.
Step 3 Right-click SQL Server (MSSQLSERVER) and choose Stop to stop the database.
----End
Result
Two methods are available for checking whether the SQL Server database can connect
normally.
In order to enhance the security of the database after the U2000 is installed, the sa
user may be manually disabled and replaced with a customized administrator name,
such as dbadmin.
NOTE
Prerequisites
l The U2000 server processes must have been stopped.
l The database must have been shut down.
Procedure
Step 1 Log in to the OS as a user with administrator rights.
NOTE
If the server is started by the administrator, switch to the administrator and log in to the OS to disable the
server.
Step 2 Choose Start > Shut down to shut down the Windows OS.
----End
Prerequisites
Exit all running U2000 clients.
Procedure
Step 1 Log in to the OS of the server as the ossuser user.
Step 2 To check the running status of the U2000 process, run the following command:
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
----End
Result
Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE
Prerequisites
The U2000 server processes must have been stopped.
Procedure
Step 1 Log in to the OS as the dbuser user.
NOTE
To switch to the dbuser user, run the su - dbuser command. After the U2000 is installed, the password
for the dbuser user is Changeme_123. For system security, modify the default password and remember
the new password. For details, see A.2.1 How to Change the OS User Password.
Step 2 Run the following command to check whether the Sybase database is running:
$ ps -ef | grep sybase
NOTE
Step 3 Run the following commands to stop the Sybase database if it is running:
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
Enter the database administrator user password as prompted. The initial password of the database
administrator user is Changeme_123.
In order to enhance the security of the database after the U2000 is installed, the sa user may be manually
disabled and replaced with a customized administrator name, such as dbadmin.
1> shutdown SYB_BACKUP
2> go
1> shutdown
2> go
NOTE
l Leave a space between the dot (.) and the command /opt/sybase/SYBASE.sh.
l Information similar to the following is displayed. The error message does not affect the shutdown of
the database.
Server SHUTDOWN by request.
ASE is terminating this process.
CT-LIBRARY error:
ct_results(): network packet layer: internal net library error:
Net-Library operation terminated due to disconnect
----End
Result
Run the following command to check whether the Sybase database is running:
$ ps -ef | grep sybase
NOTE
The database is stopped if the displayed information does not contain /opt/sybase/ASE-15_0/bin/
dataserver -sDBSVR and /opt/sybase/ASE-15_0/bin/backupserver -SDBSVR_back.
Prerequisites
l The U2000 server processes must have been stopped.
l The database must have been shut down.
Procedure
Step 1 Log in to the Solaris OS as user root.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
NOTE
If you do not want to power off the server, you can run the following commands to restart the OS:
# sync;sync;sync;sync
# shutdown -y -g0 -i6
----End
Prerequisites
All running U2000 clients have been stopped.
Procedure
Step 1 Log in to the OS of the server as the ossuser user.
Step 2 To check the running status of the U2000 process, run the following command:
$ daem_ps
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
----End
Result
Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE
Prerequisites
The U2000 server processes must have been stopped.
Procedure
Step 1 Log in to the OS as the dbuser user.
NOTE
To switch to the dbuser user, run the su - dbuser command. After the U2000 is installed, the password
for the dbuser user is Changeme_123. For system security, modify the default password and remember
the new password. For details, see A.2.1 How to Change the OS User Password.
Step 2 Run the following command to check whether the Sybase database is running.
$ ps -ef | grep sybase
NOTE
Step 3 Run the following commands to stop the Sybase database if it is running:
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
Enter the database administrator user password as prompted. The initial password of the database
administrator user is Changeme_123.
In order to enhance the security of the database after the U2000 is installed, the sa user may be manually
disabled and replaced with a customized administrator name, such as dbadmin.
1> shutdown SYB_BACKUP
2> go
1> shutdown
2> go
NOTE
l Leave a space between the dot (.) and the command /opt/sybase/SYBASE.sh.
l Information similar to the following is displayed. The error message does not affect the shutdown of
the database.
Server SHUTDOWN by request.
ASE is terminating this process.
CT-LIBRARY error:
ct_results(): network packet layer: internal net library error:
Net-Library operation terminated due to disconnect
----End
Result
Run the following command to check whether the Sybase database is running:
$ ps -ef | grep sybase
NOTE
The database is stopped if the displayed information does not contain /opt/sybase/ASE-15_0/bin/
dataserver -sDBSVR and /opt/sybase/ASE-15_0/bin/backupserver -SDBSVR_back.
Prerequisites
l The U2000 server processes must have been stopped.
l The database must have been shut down.
Procedure
Step 1 Log in to the OS as the ossuser user. Run the following command to switch to the root user.
$ su - root
Password: password for the root user
NOTE
If you do not want to power off the server, you can run the following commands to restart the OS:
# sync;sync;sync;sync
# shutdown -r now
----End
Prerequisites
Exit all running U2000 clients.
Procedure
Step 1 Log in to the OS of the active site as the root user.
4. Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE
----End
Prerequisites
The U2000 server processes must have been stopped.
Procedure
Step 1 Perform the following operations to disable the Sybase database service at the primary site in
the HA system:
NOTE
By default, the Sybase database service at the secondary site is not running.
1. Log in to the primary site as user ossuser through Putty. Run the following command to
switch to the root user.
$ su - root
Password: password for the root user
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
4. Run the following command to check whether the Sybase database service is disabled:
# ps -ef | grep sybase
If the following message is displayed, the Sybase database service has been disabled:
root 9629 14603 0 07:46:52 pts/3 0:00 grep sybase
----End
Prerequisites
The U2000 and database must have been shut down.
Context
Before powering off the server safely, manually stop the VCS service; otherwise, the server
may fail to shut down properly.
Procedure
Step 1 Log in to the OS on the server as the ossuser user. Run the following command to switch to
the root user.
$ su - root
Password: password for the root user
----End
Prerequisites
l The U2000 server processes must have been stopped.
l The database must have been shut down.
l The VCS services must have been shut down.
Procedure
Step 1 Log in to the Solaris OS as user root.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
NOTE
If you do not want to power off the server, you can run the following commands to restart the OS:
# sync;sync;sync;sync
# shutdown -y -g0 -i6
----End
Prerequisites
Exit all running U2000 clients.
Procedure
Step 1 Log in to the OS of the active site as the ossuser user. Run the following command to switch
to the root user.
$ su - root
Password: password for the root user
Step 2 Run the following command to stop the U2000 server processes.
# hares -offline NMSServer -sys hostname
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
4. Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE
----End
Prerequisites
The U2000 server processes must have been stopped.
Procedure
Step 1 Perform the following operations to disable the Sybase database service at the primary site in
the HA system:
NOTE
By default, the Sybase database service at the secondary site is not running.
1. Log in to the primary site as user ossuser through Putty. Run the following command to
switch to the root user.
$ su - root
Password: password for the root user
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
4. Run the following command to check whether the Sybase database service is disabled:
If the following message is displayed, the Sybase database service has been disabled:
root 9629 14603 0 07:46:52 pts/3 0:00 grep sybase
----End
Prerequisites
The U2000 and database must have been shut down.
Context
Before powering off the server safely, manually stop the VCS service; otherwise, the server
may fail to shut down properly.
Procedure
Step 1 Log in to the OS on the server as the ossuser user. Run the following command to switch to
the root user.
$ su - root
Password: password for the root user
----End
Prerequisites
l The U2000 server processes must have been stopped.
l The database must have been shut down.
l The VCS services must have been shut down.
Procedure
Step 1 Log in to the OS as the ossuser user. Run the following command to switch to the root user.
$ su - root
Password: password for the root user
NOTE
If you do not want to power off the server, you can run the following commands to restart the OS:
# sync;sync;sync;sync
# shutdown -r now
----End
This topic describes the license file of the U2000, and how to apply for, install, and use the
U2000 license.
4.1 U2000 License Precautions
This topic describes the U2000 license file. The license file is used to control the functions
and management capabilities of the U2000. If the U2000 license file is unavailable, you
cannot log in to the U2000 client.
4.2 Applying for a U2000 License
This topic describes how to apply for a U2000 license.
4.3 Updating the U2000 License
This topic describes how to update the U2000 license.
4.4 Checking the Status of the U2000 License
This topic describes how to check the status of the U2000 license. By checking the license
status, you can learn the usage of the license, so as to apply for a new license file from
Huawei in time before the NMS needs to be expanded or the validity of the license is due.
4.5 Revoking a License on the U2000
The U2000 supports the function of revoking a License. You can revoke the License that is
not in use to obtain the revocation code and then use the code to apply for a new License.
4.6 Querying the License Revocation Code on the U2000
This topic describes how to view the License revocation code on the U2000 client. When
applying for a new License, you need to provide the revocation code of the old License.
4.7 Exporting License Files
U2000 can export license files and save them as backup in a specified path. This way, the
backup can be used to restore licenses when an exception occurs during update of license
files.
4.8 Setting Periodic Export of the U2000 License
When the upper-layer OSS needs to collect statistics on Licenses used by U2000 recently (for
example, usage of License items and License update time), you can perform U2000 License
export tasks periodically or instantly to dump the Licenses information used by the U2000,
and save them as an XML file to the specified folder.
4.9 Setting Alarms for U2000 License Resource Item Capacity
When the consumption of each OSS License resource item reaches or exceeds the preset
threshold, the U2000 sends an alarm or periodically displays an Information dialog box,
reminding users to apply for or purchase a new License in a timely manner.
4.10 Collecting Port Statistics of Service Licenses
This topic describes how to use the U2000 to collect port statistics of service licenses
automatically. The number of service license items that are consumed and charged is
measured by the number of ports that network services occupy. The automatic statistics
collection enables you to quickly obtain the service license usage.
Context
l The license file is not delivered to customers along with the U2000 installation DVD.
Contact Huawei engineers to apply for the licenses according to the contract number and
the equipment serial numbers (ESNs) of the oss server.
l To prevent the failure in finding the license file for possible U2000 reinstallation, save
the license application email and the license file properly.
l Before using the U2000, apply for the formal U2000 license in advance because the
U2000 license application goes through a long process.
l An ESN is a string consisting of 40-digit numerals or letters obtained by encrypted
calculation on the MAC addresses of the U2000 server network interface. The number of
ESNs is the same as the number of network interfaces on the U2000 server. To avoid
applying for a new license due to replacing certain network interface cards (NICs), save
all the ESNs to ensure proper use of the U2000 license.
– Generally, the ESN for a server does not change. It can be used for the U2000
license that is normally applied for.
– If the ESN for a U2000 license is changed due to NIC or server replacement or ESN
application error, apply for a U2000 license again and contact Huawei technical
support engineers.
l The requirements for the ESNs of the server to which a license needs to be bound vary
according to the installation scheme. You must obtain ESNs of the server based on the
installation scheme.
– In a centralized single-server system scheme, the license needs to be bound to the
ESNs of the server.
– In a centralized high availability system (Veritas hot standby) scheme, the license
needs to be bound to the ESNs of the servers on both the primary site and the
secondary site.
– In the cold standby solution, ESNs of the U2000 servers at both primary and
secondary sites are used to apply for the same U2000 license, which is loaded at
both sites.
Procedure
Step 1 Obtain the contract number.
Step 2 Use the ESN tool provided by the U2000 to view ESNs of the server.
NOTE
If the U2000 has been installed, using the ESN tool of the U2000 to view the ESN is recommended.
Mode 1: View the ESN using the ESN tool of the NMS after installing the U2000.
On Solaris OS or SUSE Linux, perform the following steps to obtain ESNs:
1. Log in to the OS of the U2000 server as the root user.
NOTE
When a high availability system scheme is used, you must log in to the OSs of the primary and
secondary sites as the root user.
2. Run the following commands to view ESNs:
# su - ossuser
$ . /opt/oss/server/svc_profile.sh
$ exit
# cd /opt/oss/server/platform/bin
# ./esn
NOTE
If a high availability system scheme is used, you must respectively save the ESNs for the primary and
secondary sites. During the application for a formal license, you must provide the ESNs of the network
interfaces of the primary and secondary sites for external communication.
Mode 2: Use the ESN tool to generate ESNs before installing the U2000.
NOTE
Solaris or SUSE Linux is used as an example to describe how to use the downloaded ESN
tool to generate ESNs.
1. Use SFTP to upload the ESN tool to the U2000 server as the root user. For example,
upload the ESN tool to the /opt path. For details, see A.2.28 How to Use the FileZilla to
Transfer Files by SFTP.
2. Run the following commands to decompress the ESN tool package:
# cd /opt
# tar xvf ESN tool package
ESN3:F72F9EC08AEE78AA05A42EFD7BFD89F5E03139C4
...
Step 3 After the esn command is executed, the Esn.txt file is automatically generated in the current
path. Send the contract number and the server ESNs to Huawei engineers or the local Huawei
office.
NOTE
Huawei engineers access http://w3.huawei.com/sdp/ to obtain the license based on the contract number
and ESNs.
Step 4 Huawei engineers send the license file to you after obtaining it.
NOTE
The license file provided with the U2000 exists as a .dat file.
----End
Prerequisites
l The OS and database must run properly. For details on how to start the OS and database,
see 2 Starting the U2000 System.
l The processes of the U2000 must be properly started. For details on how to start the
U2000 processes, see 2 Starting the U2000 System.
l You must log in to the U2000 client as the admin user.
l The license file of the U2000 must be obtained. The license file name can contain digits,
letters, and special characters excluding the space or \ /:*?"<>|.
– Through the GUI of the client: Save the new U2000 license to the server where
the U2000 client is located.
– Through the CLI: The new license file must be transferred to the U2000 server
through SFTP.
n In the Solaris OS, if no security hardening is performed on the OS, upload the
license file to the /export/home/ossuser path on the server as the ossuser user.
If security hardening is performed on the OS, FTP/SFTP rights of ossuser will
be disabled. In this case, you need to upload files to the backup directory in the
FTP root directory as the ftpuser user (the FTP root directory of ftpuser
is /opt/backup/ftpboot).
n In the SUSE Linux OS, if no security hardening is performed on the OS,
upload the license file to the /export/home/ossuser path on the server as the
ossuser user. If security hardening is performed on the OS, FTP/SFTP rights
of ossuser will be disabled. In this case, you need to upload files to the backup
directory in the FTP root directory as the ftpuser user (the FTP root directory
of ftpuser is /opt/backup/ftpboot).
n In the high availability system, if no security hardening is performed on the
OS, upload the new U2000 license file to the /export/home/ossuser path on
the server on the primary site through SFTP. If security hardening is performed
on the OS, FTP/SFTP rights of ossuser will be disabled. In this case, you need
to upload files to the backup directory in the FTP root directory as the ftpuser
Context
l If the U2000 license file is unavailable, you cannot log in to the U2000 client. Update the
U2000 license file in time.
l During the update of the U2000 license file, you can replace the formal U2000 license
file with the temporary one; It is recommended to use the formal U2000 license as soon
as possible.
l The licenses of different R versions of the U2000 are incompatible. For example, the
license of V100R001 cannot be used by V100R002.
l Determine whether to update the U2000 license file based on the U2000 license use
conditions.
– In the case that the device types supported by the new license are different from
those supported by the original license, the license is updated as follows:
n If the device types supported by the new license are more than the device types
supported by the original license and the added device types are supported by
the current version, the license can be updated. If the added device types are
not supported by the current version, the license cannot be updated.
n If the device types supported by the new license are less than the device types
supported by the original license and no NEs of the reduced device types are
created in the NMS, the license can be updated. If certain NEs of the reduced
device types are created in the NMS, the license cannot be updated.
– For IP domain, if the function items supported by the new license are less those
supported by the original license, the license cannot be updated.
– In the case that the number of clients supported by the new license is different from
that supported by the original license, the license is updated as follows:
n If the number of clients supported by the new license is less than that
supported by the original license but the number of online clients is less than
the number of clients supported by the new license, the license can be updated.
If the number of online clients is greater that the number of clients supported
in the new license, the license cannot be updated.
n If the number of clients supported by the new license is greater than that
supported by the original license, the license can be updated.
l In scenarios where you can change the license, you can update the U2000 license and
then restart the server.
– You can update the U2000 license through the GUI or CLI.
Restart the client after you replace a license. Then, the client automatically reloads
the menu items according to the control items defined in the new license.
n Through the GUI of the Client:
To make both the U2000 commercial and temporary licenses take effect, use the GUI mode.
Procedure
l Through the GUI of the Client
For the single-server system:
a. On the U2000 workstation, back up the original license file.
n In the Windows OS: Create the backup folder in the directory D:\oss\server
\etc\conf Copy the original license file to the created folder.
n In the Solaris or SUSE Linux OS:
run the following commands as the ossuser to back up the any other license
file to the /opt/oss/server/etc/conf/license path.
$ mkdir -p /opt/oss/server/etc/conf/license_backup
$ cd /opt/oss/server/etc/conf/license
$ cp license_file_name /opt/oss/server/etc/conf/license_backup
NOTE
After SetSolaris is enabled, only the SSH service for the ossuser user has the login right.
The SSH login mode is recommended for your system security. To use another login mode
such as Telnet, you must enable the access right for the Telnet service and the login user.
For details, see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services and A.
3.3.4 How to Enable and Disable the FTP/Telnet Authority of user root on Solaris OS.
b. Update the U2000 License file through the GUI of the U2000 Client.
i. Choose Help > License Management > License Information from the main
menu (traditional style); alternatively, double-click System Management in
The U2000 license only need to be loaded on the primary site. It will be synchronized to
the secondary site automatically after the U2000 license has been loaded on the primary
site.
l The default path of U2000 license file in the Solaris or SUSE Linux OS is /opt/oss/
server/etc/conf/license.
l If the primary and secondary sites are associated normally, the /opt/oss/server/etc/conf/
license directory will not be displayed on the U2000 at the secondary site.
l The default path of U2000 license file in the Windows OS is D:\oss\server\etc\conf
\license.
c. Update the license file on the primary site.
i. Log in to the Windows OS as the ossuser user where the U2000 client is
installed.
ii. Save the license to be loaded to the server where the U2000 client is installed.
iii. On the desktop, double-click U2000 Client. The Login dialog box is
displayed.
iv. In the Server drop-down list, select the server (server on the primary site) to
be logged in to. Then, set User Name and Password to the valid values, and
click Login. The initial password of the admin user is Changeme_123. The
password must be changed during the first login to ensure system security.
Keep the password confidential and change it regularly.
○ If a message indicating that no license is available is displayed when you
log in to the U2000 client.
1) In the Confirm dialog box, click Yes. The Open dialog box will be
displayed.
2) In the Open dialog box that is displayed, select the new license file
and click Open. The License Comparison Results dialog box will
be displayed.
3) Click OK.
4) Click Yes and confirm the loaded license.
5) Click OK.
○ If U2000 license is loaded before.
1) Choose Help > License Management > License Information from
the main menu (traditional style); alternatively, double-click System
Management in Application Center and choose License
Management > Licenes Information from the main menu
(application style).
2) In the License Information dialog box, click Update License.
3) Select the new license file and click Open.
4) Click Next.
5) Select a scenario and perform the associated operations as required:
○ If Incremental is unavailable, click Next.
○ If Incremental is available and only the new U2000 license
needs to be effective, select Full and click Next.
○ If Incremental is available and both the new and in-use U2000
licenses need to be effective, select Incremental and click
Next. If the in-use U2000 license has a commercial license and
a temporary license, the new license will replace the license of
the same type. For example, if the new license is a commercial
license, the commercial license in the in-use U2000 license will
be replaced.
6) Click Finish.
7) Click Yes and confirm the updated license.
8) Click Yes to close all windows.
9) Click Yes to log out of the system.
d. Restart the client after you replace a license. Then, the client automatically reloads
the menu items according to the control items defined in the new license.
l Through the CLI
For the single-server system:
a. On the U2000 workstation, back up the original license file.
n In the Windows OS: Create the backup folder in the directory D:\oss\server
\etc\conf Copy the original license file to the created folder.
NOTE
After SetSolaris is enabled, only the SSH service for the ossuser user has the login right.
The SSH login mode is recommended for your system security. To use another login mode
such as Telnet, you must enable the access right for the Telnet service and the login user.
For details, see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services and A.
3.3.4 How to Enable and Disable the FTP/Telnet Authority of user root on Solaris OS.
b. Update the U2000 license.
n In the Windows OS:
1) Log in to the OS of the server.
2) Run the following command to update the U2000 license file:
> updateLicense -file License_file_name
NOTE
NOTE
Client 1 1
no change: U2000 COMMON LSW1FMCLT01
Alarm Export 1 1
no change: U2000 COMMON LSW1RENOTI01
Client 1 1
The U2000 license only need to be loaded on the primary site. It will be synchronized to
the secondary site automatically after the U2000 license has been loaded on the primary
site.
l The default path of U2000 license file in the Solaris or SUSE Linux OS is /opt/oss/
server/etc/conf/license.
l If the primary and secondary sites are associated normally, the /opt/oss/server/etc/conf/
license directory will not be displayed on the U2000 at the secondary site.
l The default path of U2000 license file in the Windows OS is D:\oss\server\etc\conf
\license.
c. Run the updateLicense command to update the license file on the primary site. For
details, see b.
d. Restart the client after you replace a license. Then, the client automatically reloads
the menu items according to the control items defined in the new license.
----End
Result
After the preceding operations are performed, the license file is automatically loaded to
the /opt/oss/server/etc/conf/license path.
Context
By checking the U2000 license status, you can learn whether the U2000 license control items
are correct. If a license control item is incorrect, the related functional module is unavailable.
For example, if the license control item for the U2000 E2E module is absent, tunnels cannot
be created.
Procedure
Step 1 Log in to the U2000 Client.
Step 2 Choose Help > License Management > License Information from the main menu
(traditional style); alternatively, double-click System Management in Application Center
and choose License Management > Licenes Information from the main menu (application
style).
Step 3 In the License Information dialog box that is displayed to view the condition of the license.
----End
Prerequisites
You have logged in as a user who belongs to the Administrators or SMManagers user
group.
Context
The Revoke License dialog box displays only available License files and does not display
revoked and invalid Licenses.
Procedure
Step 1 Choose Help > License Management > Revoke License from the main menu (traditional
style); alternatively, double-click System Management in Application Center and choose
License Management > Revoke License from the main menu (application style).
Step 2 In the Revoke License dialog box, select the License that will not be used any more, and then
click Revoke License.
NOTE
----End
Result
If you revoke a License file but do not apply a new License, the U2000 displays a dialog box
every hour, prompting you to update the License. The U2000 also displays License SN,
Revocation Time, and Valid Date (indicating the date before which the revoked License can
still be used) of the License, and License File.
Procedure
Step 1 Choose Help > License Management > Query License Revocation Code from the main
menu (traditional style); alternatively, double-click System Management in Application
Center and choose License Management > Query License Revocation Code from the main
menu (application style).
Step 2 In the Query License Revocation Code dialog box, view the License SN, License revocation
code and revocation setting time.
NOTE
Step 3 Right-click the information about the revocation code and choose Copy from the shortcut
menu to copy the information.
The copied information about the revocation code can be used to apply for a license.
NOTE
You can also select the information about the queried revocation code, and then press Ctrl+C to copy
the information.
----End
Prerequisites
You have logged in as a user who belongs to the Administrators or SMManagers user
group.
Procedure
Step 1 Help > License Management > Export License File from the main menu (traditional style);
alternatively, double-click System Management in Application Center and choose License
Management > Export License File from the main menu (application style).
Step 2 In the Export License File dialog box, select license files to be exported. Click Export.
Step 3 In the Save dialog box, set the path to save the exported license files. Click Save.
----End
Result
A dialog box is displayed, prompting the exporting result and the path to save the exported
license files.
Context
If the current License file used by the U2000 becomes invalid due to a License initialization
failure, the exporting task can not executed, and users need to contact Huawei technical
support to update the License.
Procedure
Step 1 Choose Administration > Task Schedule > Task Management from the main menu
(traditional style); alternatively, double-click System Management in Application Center
and choose Task Schedule > Task Management from the main menu (application style).
Step 2 In the Take Type navigation tree, choose File Interface > OSS License Export.
Step 3 In the task list on the right, double-click the OSS License Export task.
Step 4 In the Attributes dialog box, set the parameters on the Common Parameters and Extended
Parameters tabs, and then click OK.
----End
Procedure
Step 1 Choose Help > License Management > Alarm Configuration for License Resource Item
Capacity from the main menu (traditional style); alternatively, double-click System
Management in Application Center and choose License Management > Alarm
Configuration for License Resource Item Capacity from the main menu (application style).
Step 2 In the Alarm Configuration for License Resource Item Capacity dialog box, set the
threshold for each resource item, and set whether to send an alarm, whether to enable timed
prompting, and the prompting interval if the consumption of the resource item reaches or
exceeds the preset threshold.
Step 3 Optional: Select one or more configured resource items and click Modify in Batches. In the
displayed Modify Alarm Configurations in Batches dialog box, set the parameters.
Step 4 Optional: Set Display to Not configured. Select one or more resource items that are not
configured and click Add in Batches. In the displayed Add Alarm Configurations in
Batches dialog box, set the parameters.
Step 5 Click OK.
----End
Result
l When the consumption of the Capacity Management resource item reaches or exceeds
the preset threshold, the U2000 generates The NE Capacity Reached the Threshold
Alarm and periodically displays an Information dialog box. When the consumption of
the Management Capacity resource item is lower than the preset threshold, The NE
Capacity Reached the Threshold Alarm is automatically cleared and the Information
dialog box is not displayed any more.
l When the consumption of other resource items reaches or exceeds the preset thresholds,
the U2000 generates The OSS License Consumption Reached the Threshold alarm
and periodically displays an Information dialog box. When the consumption of other
resource items is lower than the preset thresholds, The OSS License Consumption
Reached the Threshold alarm is automatically cleared and the Information dialog box
is not displayed any longer.
Prerequisites
This operation applies only to the service licenses that are consumed and charged based on
ports.
Context
l License items are subtracted when you add a board rather than when you create a
service. The number of service license items is subtracted by the number of ports on the
new board.
l The U2000 checks the number of service license items at scheduled time every day and
enters the grace period when the number of remaining license items reaches the
threshold. During the grace period, there is no restriction on your operations. When the
grace period expires, you cannot create services. However, existing services are still
functioning properly. Because the deleted services cannot be recreated, excise caution
when deleting the services.
l The grace period ends for the U2000 when you update the service license with a new
valid one. If resources are still insufficient, the start and end time of the grace period are
recalculated.
l Service licenses do not restrict NE functions. That is, NE licenses are not affected by
service licenses.
Procedure
Step 1 Choose Help > License Management > Statistics of Service Ports from the main menu
(traditional style); alternatively, double-click System Management in Application Center
and choose License Management > Statistics of Service Ports from the main menu
(application style).
Step 2 In the Statistics of Service Ports dialog box, view the number of ports consumed in each
service license.
NOTE
Choose Help > License Management > License Information from the main menu (traditional style);
alternatively, double-click System Management in Application Center and choose License
Management > Licenes Information from the main menu (application style). In the License
Information dialog box, click the Resource Control Item tab and view Capacity, Consumption, and
Overflow Time of different resource control items in the current licenses.
Step 3 Optional: Click Advanced. In the Advanced Settings dialog box, view the number of free
inventory resources.
Step 4 Optional: Click Export and save the port statistics to a TXT, CSV, HTML, XLSX or XLS
file.
----End
5 Security Management
The U2000 data is saved in the database. Therefore, ensure the database security with priority,
including protecting the security of the database password, backing up the database
periodically, viewing the database status, and dumping the database.
Security object U2000 objects on which only users that are authorized by
users from the SMManagers group can perform operations.
Security objects, such as devices, object sets, and subnets,
are managed by the U2000.
NOTE
Not all devices in the Main Topology are managed by the U2000. If
a user from the SMManagers group creates a common user and
does not assign any operation rights to the common user, the
common user can view some objects in the Main Topology after
logging in to the U2000. However, these objects are not security
objects because they are not managed by the U2000.
Concept Description
User A U2000 client user. The user name and password of a user
identify the user's U2000 operation and management rights.
After being added to a user group, a user inherits the
operation rights of the user group. A user can be added to
multiple user groups. The operation rights of a user
comprise those of the user and user groups to which the user
belongs.
The U2000 provides the default user admin as the system
administrator. The admin user belongs to the
Administrators and SMManagers groups by default and
has more rights than the SMManagers group. You cannot
change the admin user's rights or add this user to other user
groups.
NOTE
The admin user's initial password is Changeme_123. (The initial
password is Admin_123 for a preinstalled U2000.) You must
change the password upon the first login as the admin user to
ensure system security. Keep the password secure and change it
regularly.
User Group A collection of U2000 users that have the same operation
rights. Adding users to user groups on the U2000 enables
the management of user rights in batches and reduces
management costs.
A user group has the following attributes: details (group
name, description, group type, and maximum number of
sessions), members, domain, operation rights, and current
session.
The U2000 provides the following default user groups:
Administrators, SMManagers, Maintenance Group,
Guests, Operator Group, and NBI User Group.
User Group Administrat Only the Administrators group belongs to this type of
Type or Group group. This administrator group has a domain that contains
all network objects and has all operation rights except
security management rights. The domain and operation
rights cannot be changed, and this type of user group cannot
be created.
Concept Description
Concept Description
NBI User The OSS interconnects with the U2000 through NBIs. The
Group NBI user group is created on the U2000 to manage access
of the OSS.
NOTE
NBI User Group is available only when the NBI instance is
deployed.
To prevent network security issues due to misoperations, U2000 users must be assigned with
the minimum rights that are sufficient to perform certain operations.
l The admin account must be used by an authorized person for management only. Do not
perform any service configuration as the admin user.
l The scope of NEs that can be operated and operation rights must be assigned to new
U2000 users based on their skills and levels.
Account Policy Specifies the minimum length of a user name, login policy,
and unlocking policy. You can set the account policy to
ensure account security.
Remote Maintenance User The U2000 supports remote maintenance. It allows a remote
Management maintenance terminal to log in to the U2000 server to
perform operations on NEs that the U2000 manages.
Remote maintenance is commonly used for remote NE fault
locating and periodical checks.
The remote maintenance user is a U2000 user that logs in to
the U2000 server from the remote maintenance terminal. By
default, the remote maintenance user is disabled. Before
starting remote maintenance, enable the remote maintenance
user and set parameters for the user as required.
SSL Protocol The Secure Sockets Layer (SSL) protocol ensures data
security and integrity for network communication. The SSL
protocol configured for the server that communicates with
clients can efficiently protect customers' network
information.
Single-User Mode The admin user uses the single-user mode to perform
special operations such as rights assignment. In single-user
mode, only one user is allowed to log in to the U2000 as the
admin user, which prevents other users' interference during
operations. When the login mode is switched to the single-
user mode, all the users except the admin user are forcibly
logged out and cannot log in again.
Client Lockout To ensure network security, the U2000 locks out a U2000
client if a user does not perform any operations on the client
for a specified period. Client lockout does not affect the
running of the U2000.
ACL
Access control lists (ACLs) are a secure access control mechanism. It restricts users to log in
to the U2000 server only from clients that have specified IP addresses.
To improve the security of the U2000, ACLs restrict what client IP addresses users can use to
log in to the U2000. If user accounts and passwords are stolen, unauthorized users cannot log
in to the U2000. The U2000 provides two types of ACLs:
l System ACL
ACL for the U2000. All the users can log in to the U2000 only from the IP addresses or
network segments specified in the system ACL.
l User ACL
ACL for a user. The current user can log in to the U2000 only from the IP addresses or
network segments specified in the ACL for the user.
NOTE
The IP addresses or network segments in a user ACL must be within the range of the IP addresses
or network segments in the system ACL.
User Monitoring
The U2000 monitors user access to resources. User monitoring comprises session monitoring
and operation monitoring. For session monitoring, the U2000 monitors users' online status.
For operation monitoring, the U2000 monitors operation objects, time, and specific operation
items.
If a user performs unauthorized operations or operations that potentially affect the system, a
security administrator of the U2000 can forcibly log out the user.
Related Tasks
5.2.4.2 Creating User-Defined Object Sets
5.2.4.3 Creating User-Defined Operation Sets
5.2.4.4 Creating and Authorizing U2000 User Groups
Procedure for Creating U2000 Users
5.2.10.1 Assigning Specific Operation Rights to an NMS User
5.2.10.2 Adjusting User Rights
Related References
New Object Set
New Operation Set
New User Group
support.huawei.com/carrier/docview?path=PBI1-7275726/PBI1-8132359/
PBI1-20977039/PBI1-21427015/PBI1-15315&nid=SE0000685570.
5.2.1.1 Rights
Rights specify operations that can be performed and objects on which the operations are
performed. Operations that can be performed vary according to user.
Operable objects mainly involve the U2000 and NEs, which are managed as devices.
U2000 users can perform operations on the U2000 or NEs only when they are authorized to
access and operate the U2000 or NEs.
Figure 5-2 shows the operations that can be performed on the U2000 and NEs.
Figure 5-2 Operations that can be performed on the U2000 and NEs
Access
rights
iMAP application
operations
Operation
iMAP
rights
Network device
operations
Access Logging in to To log in to the U2000, a user must have a valid account
rights the U2000 and password.
Authorization Methods
Security administrators can authorize users using the following methods:
l Authorize users directly. Specifically, set domains and operation rights for the users.
NOTE
In view of user rights management and security, you are not advised to use this authorization
method.
If you use this method, user admin must select the check box of Assign rights to users directly in
the Advanced dialog box of the Account Policy tab page.
l Authorize users by binding them to a user group. Specifically, authorize a user group by
setting domains and operation rights of the user group, and then add users to the user
group so that the users inherit the user group's rights.
The second method (binding users to a user group) is recommended. This method
enables the security administrators to simultaneously authorize all the users who hold the
same post. When users' posts change, the security administrators can authorize new users
by removing original users from and adding the new users to the user groups.
Table 5-1 describes the operation right configuration modes. The subnet device set mode and
user-defined object set mode are commonly used.
All The default The three The All Objects This mode is This
Objects object set All modes are mode co-works rarely used mode
Objects object set with the default because few appli
provided by modes. In operation set All users except es to
the U2000 is these modes, Object users in the the
assigned as a security Operations Administrators scena
managed administrators provided by the or rio
object to users must assign U2000 to assign SMManagers wher
or user operation all operation rights group need to e
groups. rights by for all devices to manage all users
binding users. devices. must
operation sets mana
to object sets. ge all
If a user group devic
wants to have es.
operation
rights for an
object, the
following
conditions
must be met:
l The user
group's
object set
device set is
apt to lack
objects on
which
operations
contained in
the operation
set are
performed.
Users
By default, U2000 provides the user account admin that can be used to manage all devices
and has all operation rights. By default, the admin user belongs to the Administrators and
SMManagers user groups and has the most operation rights on the U2000.
User Groups
A user group is a collection of user accounts. After a user account is added to a user group,
the user has domains and operation rights of the user group. A user account can belong to
multiple user groups.
A user account can belong to multiple user groups. When a user account belongs to multiple
user groups, the user has all managed domains and operation rights of these user groups.
NOTE
To delete right A of a user, you also need to delete right A of the user groups that the user account
belongs to, or delete the user account from the user groups that have right A.
Managing users' operation rights based on user groups makes right management convenient
and clear.
The U2000 provides six default user groups. For details, see Table 5-2.
The default user groups cannot be deleted. The management domain of the default user
groups is All Objects. The rights of the default user groups are provided by the U2000 by
default, and these rights cannot be modified.
The U2000 supports user-defined user groups created based on application requirements. The
management domain and operation rights for user-defined user groups must be appropriate.
Administrators This user group has all operation rights except those of the
SMManagers user group. Users in the Administrators user group
can perform operations such as maintaining U2000 servers and
setting global parameters.
Users in the Administrators and SMManagers user groups can
manage all objects. Other users can manage only authorized objects.
SMManagers This user group has operation rights only for Security
Management, which include permissions to configure a security
policy, query security logs, manage users/user groups/object sets/
operation sets/use permissions/security log templates, monitor user
dialogues/operations, force users to exit, unlock users, and re-set
user passwords. The users added to the user group can manage all
the users on the U2000, except for the admin and other security
administrators.
Users in the SMManagers user group are U2000 security
administrators.
Maintenance Group By default, the domain of this user group is All Objects, and it has
operation rights for default maintenance operation sets. In addition
to the rights of the Guests and Operator Group groups, users in
this group have the rights to perform configurations that affect the
running of the U2000 and NEs. For example, they can search for
SDH protection subnets and trails, delete composite services, and
reset boards.
Operator Group By default, the domain of this user group is All Objects, and it has
operation rights for default operator operation sets. In addition to the
rights of the Guests group, users in this group have the rights to
create, modify, and delete (rights to perform potentially service-
affecting operations are not involved). For example, they can create
NEs, change alarm severities, and configure SDH trails.
Guests By default, the domain of this user group is All Objects, and it has
operation rights for default monitor operation sets. They can
perform query operations, such as querying statistics, but cannot
create or configure objects.
NBI User Group By default, this user group has operation rights related to
northbound Service.
The U2000 distributed system provides the following default user groups: Administrators,
SMManagers, Maintenance Group, Guests, Operator Group, and NBI User Group. When
creating an SSO user group in the Centralized Account Management Center window,
synchronize it to the NM and EM clients and authorize it on the clients.
Object
Objects are classified into security and non-security objects. This topic focuses on security
objects.
On the U2000, a security object is an entity on which only users authorized by security
administrators can perform operations. For example, devices, subnets, and object sets are
security objects.
On the U2000, a non-security object is an entity on which users can perform operations
without the authorization of security administrators. In the Main Topology, not all devices can
be managed by the U2000. If a security administrator creates a common user but does not
grant any rights to the user, the user still can view some objects in the Main Topology after
logging in to the U2000. However, these objects are not security objects because they are not
managed by the U2000.
Object Set
An object set is a collection of objects. The U2000 provides the default object set All Objects
that includes all objects managed by the U2000. The objects in the All Objects set cannot be
modified or deleted.
A maximum number of 99 object sets is recommended in addition to the default object set.
The maximum limit helps prevent performance problems.
Subnet The U2000 creates a subnet device set that shares the same name as a subnet
device set for each subnet in the physical topology view.
Subnet device sets have the following features:
l A subnet device set contains a subnet in the physical topology view and
all objects on the subnet.
l If a subnet contains a lower-layer subnet in the physical topology view,
the corresponding subnet device set contains the lower-layer subnet and
objects on the lower-layer subnet.
l If objects on a subnet in the physical topology view are adjusted, the
adjustments are synchronized to the corresponding subnet device set in
the security management module. The U2000 does not allow security
administrators to directly adjust objects in a subnet device set in the
security management module.
l A subnet device set cannot be added to a user-defined object set.
l All subnet device sets are displayed only in the window in which
security administrators set domains. They are not displayed under the
Object Set node of the navigation tree in the Security Management
window.
All objects The U2000 provides one default object set, the All Objects set that includes
all objects managed by the U2000. This object set cannot be modified or
deleted.
User- Object sets manually created by a user are user-defined object sets.
defined User-defined object sets have the following features:
object set
l A user-defined object set can contain NEs, subnets, and other user-
defined object sets.
l When a user-defined object set contains subnets, it contains only the
subnets, excluding objects on the subnets.
l A user-defined object set cannot contain subnet device sets.
l A user-defined object set that contains subobject sets cannot be added to
another user-defined object set.
l Objects in a user-defined object set can only be manually adjusted.
5.2.1.5 Domain
A domain refers to the scope of NE objects managed by a user or user group. After a user logs
in to the U2000 client, only the NE objects in the user's domain are available to this user
(including the U2000 itself).
Objects managed by users or user groups vary according to authorization modes for domains.
For details, see Table 5-4.
Object Set Users or user groups can manage only NE objects in selected object
sets. They cannot automatically have the operation rights for new
NE objects that are of the same types as those in selected object sets.
Subnet Device Set Users or user groups can manage all NE objects in selected subnet
device sets. If NE objects in the selected subnet device sets are
adjusted, the NE objects managed by the users or user groups are
adjusted simultaneously.
Device Users or user groups can manage only selected NE objects. They
cannot automatically have the operation rights for NE objects that
are of the same types as the selected NE objects and are added to the
U2000 later.
Operation Types
On the U2000, users can perform operations on both the U2000 and NEs. Therefore,
operations are classified into two types: NMS application operations and network device
operations.
l NMS application operations are performed on the U2000, such as Acknowledge
Alarms, Add Alarm/Event Mask Rules, Modify Object Position, and Query a
Board.
l Network device operations are performed for managed NEs, such as Configure the NE
Type, Reset Board, Suppress Device Alarm, and Modify Routing Policy.
The object of NMS application operations is the U2000. For example, those operations
involving topology objects constitute the Topo Management rights and those alarm-related
operations constitute the Fault Management rights. The following Figure 5-4 shows the
Select Operation Rights window. The NMS application operations are classified into more
than 20 types and listed under the Operation node in the Operation area.
The objects of network device operations are NEs. All operations for an NE on the U2000
constitute the rights for the NE. A Router NE (CX600-144) is used as an example. All rights
for it are listed under the Operation node in the Operation area as shown in the following
figure.
Operation sets that contain operation subsets cannot be added to another operation set because an
operation set cannot contain two levels of operation sets.
The U2000 provides more than 20 types of default NMS application rights (corresponding to
more than 60 types of operation sets) and more than 70 types of network device rights in all
domains (corresponding to more than 200 operation sets). If the default operation sets do not
meet requirements, create operation sets manually.
NOTE
It is not recommended to assign the All Application Operations and All Object Operations operation
sets to common users. All Application Operations contains operations for all U2000 applications
except security applications. All Object Operations contains operations for all NEs managed by the
U2000. A user who is assigned both of the two operation sets has all operation rights for the U2000 and
NEs.
l A default operation set of the U2000 contains all operations in the operation sets at lower levels.
l The U2000 may define the high and low levels of operation sets differently from O&M engineers'
expectations. In this situation, O&M engineers can create operation sets based on the actual O&M
scenarios.
Specifically, administrators can assign rights for topology management to a user on the New
User Group > Operation Rights > Select > Select Operation Rights GUI in the following
ways:
l Assign default operation sets to a user. The following operation sets can be assigned:
Topo Monitor Operation Set, Topo Maintainer Operation Set, and Topo Monitor
Operation Set. To view which operations are included in an operation set, right-click it
and choose View Operation Set Member from the shortcut menu. This method is used
when the default operation sets meet the requirement for rights assignment.
l Create operation sets, add desired operations in Topo Management to them, and assign
them to users. This method is used when the default operation sets cannot meet the
requirement for rights assignment.
l Assign operation rights in Topo Management to users directly. This method is
inconvenient for management and maintenance. Therefore, it is not recommended.
Table 5-5 describes the activities and rules for each procedure in the process.
Table 5-5 Activities and rules for each procedure in the process
Procedure Description Rule
Planning Classify personnel into groups based l Place personnel who have the
user on their responsibilities. same responsibilities in a user
groups group.
l Place a person whose
responsibilities are partially
different from others' in a
separate user group.
Planning Plan modes for adding managed Plan domains collectively for
domains objects to domains to improve personnel who have the same
authorization and maintenance management scope. Plan domains
efficiency. separately for personnel whose
management scopes are partially
different from others'. The subnet
device set mode is preferred for
planning domains. Devices that are
not included in a subnet device set
are added to a user-defined object
set to avoid repeated authorization
for individual devices. To facilitate
future adjustment, it is
recommended that a user-defined
object set not include subobject sets.
Planning Analyze operation rights required for l If user groups support the same
operation personnel to fulfill their network management application
sets responsibilities and classify the operations, plan the same
operation rights into operation sets. network management application
Plan network device operation sets operation set for the user groups.
and network management Otherwise, plan network
application operation sets management application
according to the engineers' operation sets separately for the
management responsibilities. user groups.
NOTE l If user groups support the same
If the device modes are used in a network device operations, plan
domain management plan, you do not the same network device
need to plan operation sets. operation set for the user groups.
Otherwise, plan network device
operation sets separately for the
user groups.
Sorting Sort data and create a user group l The domain column must specify
data and attribute table for reference during the subnet device set, user-
creating a authorization and right management. defined object set, or device
user group The user group attribute table must mode in which managed objects
attribute include the user group member, are added to a domain.
table domain, and operation right l If the subnet device set mode and
columns. user-defined object set mode are
used, the operation right column
must specify an operation set that
includes all required operations.
Eight persons are assigned to manage the devices in region A. Figure 5-9 shows device
management division. Table 5-6 describes the division, providing the original right
management data generated based on the organization and networking structures for region A.
To help the authorization planning later, sort out the following items based on the original
right management data:
l Personnel who manage the same devices, that is, personnel who have the same domain
l Personnel who have the same responsibilities, that is, personnel who can perform the
same operations on the same devices
Sort the data in Table 5-6 based on these two items to generate Table 5-7 and Table 5-8.
Personn Responsibilities
el
C and D Work full time or part time to configure data and perform routine maintenance
for Subnet01 (Device01, Device02, Device03, and Device04), Device05,
Device06, and Device11.
l Full-time data configuration engineer C and part-time data configuration
engineer D configure data for the same managed devices.
l Part-time system maintenance engineer C and full-time system
maintenance engineer D perform routine maintenance for the same
managed devices.
G and H Work full time or part time to configure data and perform routine maintenance
for Subnet02 (Device07, Device08, Device09, and Device10), Device06, and
Device11.
l Full-time data configuration engineer G and part-time data configuration
engineer H configure data for the same managed devices.
l Part-time system maintenance engineer G and full-time system
maintenance engineer H perform routine maintenance for the same
managed devices.
Data configuration C and D Configure data and perform routine maintenance for
and system Subnet01 (Device01, Device02, Device03, and
maintenance Device04), Device05, Device06, and Device11.
engineer group 1
Data configuration G and H Configure data and perform routine maintenance for
and system Subnet02 (Device07, Device08, Device09, and
maintenance Device10), Device06, and Device11.
engineer group 2
Planning Domains
Domain planning aims to improve authorization and maintenance efficiency by specifying the
modes for adding managed objects to domains.
Plan domains collectively for personnel who have the same management scope. Plan domains
separately for personnel whose management scopes are partially different from others'. Use
the management personnel in region A as an example. A, B, C, and D have the same
management scope, E, F, G, and H have the same management scope (see Table 5-7), and in
these two groups there is no person whose management scope is partially different from
others'. In this example, only two domains are required: one for A, B, C, and D, and the other
for E, F, G, and H.
Comply with the following rules when planning domains: Prefer the subnet device set mode.
Devices that cannot be included in a subnet device set are included in a user-defined object
set, avoiding authorization on a device basis. To ensure a clear object set structure and
facilitate maintenance, it is recommended that a user-defined object set not include subobject
sets.
Table 5-10 describes domains for region A based on the rules. Figure 5-10 shows
management division based on managed objects in each domain.
Plan operation sets based on operations that user groups perform on the same type of
device. If user groups support operations on different types of devices, the user groups
must be assigned different operation rights. For example, if user groups have the right to
view Device01 and Device02, and Device01 and Device02 are of different types, the
user groups must be assigned different operation rights.
– If user groups support the same network management application operations, plan
the same network management application operation set for the user groups.
Otherwise, plan network management application operation sets separately for the
user groups.
– If user groups support the same network device operations, plan the same network
device operation set for the user groups. Otherwise, plan network device operation
sets separately for the user groups.
For example, network monitoring engineer groups 1 and 2 require the same network
management application operation rights; therefore, the same operation set is planned for
the two groups. Table 5-12 describes the operation set plan for region A.
The user group attribute table must include the user group member, domain, and operation
right columns. The domain column must specify modes in which managed objects are added
to domains. The operation right column must specify modes in which rights are assigned to
personnel. Table 5-13 is the user group attribute table generated based on Table 5-9, Table
5-10, Table 5-11, and Table 5-12.
Figure 5-11 shows the authorization process. You can click a procedure in the flowchart to
access the section for more details.
NOTE
If no user-defined object set or user-defined operation set is involved in the authorization plan, you do
not need to create user-defined object sets or user-defined operation sets. That is, you can skip the first
two procedures in the authorization process.
Prerequisites
l You have logged in as a user in the SMManagers group.
l You have planned object sets. For details, see 5.2.3 Authorization Plan.
Context
l After creating object sets during the initial phase of site deployment, you can adjust them
or create object sets during site maintenance.
l If an object set is allocated to a user group, all members of the user group can view
members of the object set in the physical topology view.
l The topic uses the examples in 5.2.3 Authorization Plan to describe how to create an
object set.
Procedure
Step 1 Determine the object sets to be created and their members based on the authorization plan.
Object sets to be created and their members are listed in the Domain column of Table 9 in
5.2.3 Authorization Plan. The following steps use Objectset01 as an example.
Step 2 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 3 In the NMS User Management navigation tree, right-click the Object Set node and choose
New Object Set.
Step 4 On the Details tab of the New Object Set dialog box, set Type to Network Device, Name to
Objectset01, and Description to Object set for region A.
NOTE
l Object sets that do not contain subsets can also be selected as members of an object set. However,
you are not advised to select such object sets as members to simplify right maintenance.
l To select objects in existing object sets as members, click Copy Members from Object Sets in the
New Object Set dialog box and select one or more object sets in the Copy Members from Object
Sets dialog box. The members of the selected object sets are copied to the Members tab for the
current object set.
NOTE
l You can click and choose Sort by topology position or Sort by device type to sort available
or selected devices and object sets.
l You can enter the desired character string in the Find text box and click or to search for
objects and object sets in the up or down direction.
l You can click to specify whether to use the Match whole word only or Match case rules
during an object or object set search.
Step 6 In the New Object Set dialog box, click OK. The object set is created.
----End
Result
The new object set is displayed in the object set list. You can double-click the object set to
view the objects contained in the object set on the Members tab.
Follow-up Procedure
You can click Select in the lower right corner of the Members tab and adjust the members of
the object set in the dialog box that is displayed.
Related Concepts
5.1 User Security
Related References
New Object Set
Prerequisites
l You have logged in as a user in the SMManagers group.
l You have planned operation sets. For details, see 5.2.3 Authorization Plan.
Context
l Operation sets can be allocated to users or user groups.
l If an operation set is allocated to a user group, all members of the user group have the
operation rights in the operation set.
l The U2000 provides default operation sets.
l This topic uses the examples in 5.2.3 Authorization Plan to describe how to create an
operation set.
l During version upgrade, new operation rights or modified operation rights in the latest
version are not automatically added to user-defined operation sets. To add the operation
rights, perform the following instructions in this section.
Procedure
Step 1 Determine the operation sets to be created and their types and members based on the
authorization plan.
Operation sets to be created and their types and members are listed in the Operation Rights
column of Table 9 in 5.2.3 Authorization Plan. The following steps use Device Monitoring
Operation Set 1 (a network device operation set) as an example to describe how to create an
operation set.
Step 2 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 3 In the NMS User Management navigation tree, right-click the Operation Set node and
choose New Operation Set.
Step 4 On the Details tab of the New Operation Set dialog box, set Type to Network Device,
Name to Device Monitoring Operation Set 1, and Description to Operation of monitoring
devices in domain A.
– Operation sets that do not contain subsets can also be selected as members of an operation set.
However, you are not advised to select such operation sets as members to simplify right
maintenance.
– To select operations in existing operation sets as members, click Copy Members from
Operation Sets in the New Operation Set dialog box and select one or more operation sets in
the Copy Members from Operation Sets dialog box. The members of the selected operation
sets are copied to the Members tab for the current operation set.
NOTE
l You can enter the desired character string in the Find text box and click or to search for
operations and operation sets in the up or down direction.
l You can click to specify whether to use the Match whole word only or Match case rules
during an operation or operation set search.
Step 6 In the New Operation Set dialog box, click OK. The operation set is created.
----End
Result
The new operation set is displayed in the operation set list. You can double-click the operation
set to view the operations contained in the operation set on the Members tab.
Follow-up Procedure
You can click Select in the lower right corner of the Members tab and adjust the members of
the operation set in the dialog box that is displayed.
Related Concepts
5.1 User Security
Related References
New Operation Set
Prerequisites
l You have logged in as a user in the SMManagers group.
l You have planned user groups. For details, see 5.2.3 Authorization Plan.
l You are familiar with the operation rights of the U2000 default user groups.
Context
For the U2000 distributed system, after creating an SSO user group in the Centralized
Account Management Center window, synchronize the user group to the NM and EM
clients for authorization.
Procedure
Step 1 Determine the user group to be created based on the authorization planning.
User groups to be created and their domains and operation sets are listed in Table 9 in 5.2.3
Authorization Plan. The following steps use Network monitoring engineer group 1 as an
example.
Step 2 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 3 In the NMS User Management navigation tree, right-click the User Group node and choose
New User Group.
Step 4 In the New User Group dialog box, set the attributes of the user group.
1. On the Details tab, set the user group name, description, and maximum number of
sessions.
NOTE
If the operation rights of the new user group are the same with those of existing user groups, you
can copy operation rights from the existing user group. Click Copy Rights from User Groups. In
the Copy Rights from User Groups dialog box, select one or multiple user groups and click OK.
After the copy is complete, the domains and operation rights of the selected user groups are
respectively displayed on the Domain and Operation Rights tabs. Security administrator can
adjust the domains and rights as required.
2. Optional: Select members.
Click Add. In the Add User dialog box, select the desired user and click OK.
NOTE
You can add users to a user group in any of the following ways:
– When creating a user group, select users as its members.
– When creating a user, add the user to a user group.
– After a user or user group is created, add the user to a user group by setting user groups for
the user or add users by setting members for the user group.
3. Click Next.
Step 5 Set the domain for the user group to specify the object scope that the user group manages.
1. On the Domain tab, click Select.
2. In the Select Domain dialog box, set domain parameters and click OK.
– In the Authorization Mode area, click the icon above Object Set. In the Available
Objects area, select Objectset01 and click . The selected object set is
added to the Selected Objects area.
NOTE
Only user-defined object sets created by security administrators are displayed under the
Object Set node. If no user-defined object set has been created, no object set is displayed
under this node.
– In the Authorization Mode area, click the icon above Subnet Device Set. In the
Available Objects area, select Subnet01 and click . The selected
subnet devise set is added to the Selected Objects area.
NOTE
You can select other authorization modes in the Authorization Mode area as required.
You can click More or Hide to expand or hide the authorization modes.
NOTE
– In the Available Objects area, you can click to view members of the selected object set
and subnet device set.
– You can enter the desired character string in the Find text box and click or to search
for objects in the up direction or down direction, and click to specify whether to set
the Match whole word only or Match case rules.
– After clicking to select the Device authorization mode, you can click and choose
Sort by topology position or Sort by device type to sort available or selected objects.
3. Click Next.
Step 6 Set operation rights for the user group to assign U2000 application rights and object operation
rights to users.
1. On the Operation Rights tab, click Select.
2. In the Select Operation Rights dialog box, set parameters and click OK.
– In the Authorization Objects area, expand the Object Set node and select
Objectset01. In the Operations area, select Device monitoring operation set 1.
Click . The selected right is added to the Selected Rights area.
NOTE
After an authorized object is selected, operations that can be bound to the authorized object are
displayed in the Operations area. For details about the binding relationship between authorized
objects and operations, see Operation Rights.
NOTE
– In the Authorization Objects and Operations area, you can click to view the members
of the selected object set, subnet device set, and operation set.
– After binding operations to a selected device, you can click and choose Sort by topology
position or Sort by device type to sort rights for the device.
3. Click Next.
Step 7 Set secondary authorization for the user group, so that secondary authorization is required for
members in the user group when they perform certain operations and meet policy
requirements.
1. On the Secondary Authorization wizard page, enable secondary authorization for
certain operations, and set the alarm threshold value and forbid threshold value for the
operations.
2. Click Finish.
NOTE
To view the latest secondary authorization information, click Refresh.
l Exercise this operation with caution, because refreshing the page will clear all the modifications you
made to the secondary authorization information.
l If the user group you copied contains secondary authorization information, clicking Refresh does
not clear the copied authorization information.
----End
Result
The new user group is displayed in the user group list. You can double-click the user group to
view:
Follow-up Procedure
l You can click Select in the lower right corner of the Domain and Operation Rights tabs
to adjust the managed objects and operations respectively for the user group in the dialog
box that is displayed.
l You can click Configure in the lower right corner of the Secondary Authorization tab
to adjust the secondary authorization configuration for the user group's operations in the
dialog box that is displayed.
Related Concepts
5.1 User Security
Related References
New User Group
Prerequisites
l You have logged in as a user in the SMManagers group.
l You are familiar with account and password policies. For details, see Account Policy and
Password Policy.
Context
l When you create an U2000 user, ensure that the attributes of the user must comply with
the account and password policies. For details about how to set account and password
policies, see 5.3.1.4 Setting Account Policies and 5.3.1.5 Setting Password Policies.
l After the U2000 user is created, add it to a user group so that the operation rights of the
user group are granted to the user. Do not set domains or operation rights for the user
individually.
l A user account can belong to multiple user groups. When a user account belongs to
multiple user groups, the user has all managed domains and operation rights of these user
groups.
NOTE
To delete right A of a user, you also need to delete right A of the user groups that the user account
belongs to, or delete the user account from the user groups that have right A.
l You must set the user name and password when creating a user. For the other attributes,
you can use default values or set them after you create the user successfully.
l This topic uses the examples in 5.2.3 Authorization Plan to describe how to create a
user and add it to a user group.
l Certain words cannot serve as user names due to political or religionary factors in the
local regions. The iMAP provides the user name blacklist function. The words stored in
the blacklist file cannot be used to create users. For the detailed setting method, see
Setting the User Name Blacklist in U2000 Administrator Guide.
l For the U2000 distributed system, an SSO user must be created in the Centralized
Account Management Center window and then added to an SSO user group for
inheriting the user group's rights. You cannot authorize SSO users directly.
Procedure
Step 1 Determine the users to be created based on the authorization plan.
Users to be created and their user groups are listed in Table 9 in 5.2.3 Authorization Plan.
The following steps use user A as an example. Because the user name is too short and does
not comply with the U2000 security policy, the user name is changed to Network monitoring
engineer A.
Step 2 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 3 In the NMS User Management navigation tree, right-click the User node and choose New
User.
Step 4 In the New User dialog box, set general attributes of the user and add it to a user group. For
details, see New User Account.
1. Set general attributes such as the user name, password, and confirm password.
NOTE
– Characters allowed in a user name depend on whether the user name is allowed to contain
wide character. User names and figures allowed to contain wide characters are used as an
example in this section.
n If a user name is allowed to contain wide characters, it cannot contain the following
characters:
`~*()=+\|[]{};':",<>/?&©® or spaces
n If a user name is not allowed to contain any wide characters, it can only contain the
following characters:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.!
@#$%^
– Before setting the password, click Password Policy to view the preset password policy.
– On the Password Policy tab, you can also click Advanced to optimize the user policy.
2. Click Add. In the Add User Group dialog box, select the desired user group and click
OK.
In the Add User Group dialog box, select Network monitoring engineer group 1.
Step 5 In the New User dialog box, click OK. The user account is created.
----End
Result
The new user account is displayed in the user list. You can double-click the user account to
view the user groups to which the user has been added on the User Groups tab.
Follow-up Procedure
To add the user to another user group, click Add in the lower right corner of the User Groups
tab. To delete the user from a user group, select the user group on the User Groups tab and
click Delete in the lower right corner of the tab.
Prerequisites
You have logged in as the admin user.
Context
l For a newly installed U2000, you can export network management application operation
sets and network device operation sets to files, add new operation sets to the files, and
import the files to the U2000 using the Import Operation Sets function. In this way,
you can create operation sets in batches at one time.
l For an U2000 that has being running for a period of time, you can export existing
operation sets to files on the local computer. This helps you restore operation sets using
the Import Operation Sets function if some operation sets are lost after an upgrade or a
batch deletion of old operation sets.
l The exported operation set file does not contain the default operation sets.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 On the top of the NMS User Management navigation tree, click and choose Export
Operation Sets.
Step 3 In the Save dialog box, name the file, specify a path, and then click Save.
----End
Result
l The Network Management Application and Network Device operation sets are saved
in separate files.
NOTE
All operation information is listed in columns A to E in the exported operation set files. The cells
after column E provide the names of operation sets that exist on the U2000. Operations marked
with the letter Y are members in the corresponding operation sets.
l The formats of default file names are
Operation_Sets_YYYY_MM_DD_HH_MM_SS_Network_Device.csv and
Operation_Sets_YYYY_MM_DD_HH_MM_SS_Network_Management_Application.
csv.
NOTE
Related References
5.2.5.3 Importing Operation Set Files
5.2.5.2 Adding Operation Sets or Changing Operation Set Members in Batches
Prerequisites
l You have logged in as the admin user.
l The file containing the exported operation set information should be edited by user
admin based on the right-related policy and operation set planning.
l The information about all the operation sets in the U2000 is exported and saved in a file.
For details, see 5.2.5.1 Exporting Operation Sets.
l You are familiar with the planning of system operations or operation sets. For details, see
5.2.3 Authorization Plan.
Context
l This operation does not apply to the change of operation set names.
l The information in columns from A to E in the operation set file cannot be modified. If it
is modified, importing the file will fail. If the information is modified, export operation
set file again.
l In the operation set file, the table cells in line 10 and columns except columns from A to
E contain only operation set names.
l If the operation set name in the file exists in the current U2000, the operation set fails to
import.
l The naming convention of a new operation set is the same as that of an operation set
created in the U2000.
Procedure
Step 1 Open and edit the .csv file containing the exported operation set information.
----End
Result
After the file is imported successfully, you can view the change of the rights in an operation
set.
Related Tasks
5.2.5.1 Exporting Operation Sets
Related References
How Do I Determine an Operation Right Type?
Prerequisites
l You have logged in as the admin user.
l The information about all the operation sets in the U2000 system has been exported and
saved in a file. For details, see 5.2.5.1 Exporting Operation Sets.
l You are familiar with the planning of operation sets. For details, see 5.2.3 Authorization
Plan.
Context
l The operation set files to be imported must be files exported using the Export
Operation Sets function.
l If an operation set name in the file already exists in the current U2000, the operation set
fails to be imported.
Procedure
Step 1 Optional: In the exported operation set files, add operation sets or modify members in the
operation sets in batches.
l This operation does not apply to the change of operation set names.
l The information in columns from A to E in the operation set file cannot be modified. If it
is modified, importing the file will fail. If the information is modified, export operation set
file again.
l In the operation set file, the table cells in line 10 and columns except columns from A to E
contain only operation set names.
1. Open and edit the .csv file containing the exported operation set information.
Add an operation 1. In the .csv file, add a column next to column E, and enter
set the name of the new operation set in the cell next to
Operation Type ID in the new column, such as Figure
5-13. If the U2000 has Operation Set A and Operation
Set B and they already exist in columns F and G, you can
add New Operation Set C next to Operation Set B.
NOTE
The operation set name contains a maximum of 100 characters.
2. Add members for the new operation set. You can enter Y in
the row corresponding to an operation, as shown in the blue
rectangle in Figure 5-13. Create Subnet and Modify NE
are added for New Operation Set C.
NOTICE
Only letter Y is valid.
Modify the Assume Operation Set A already exists in the U2000. You can
operation set modify the operation set members as follows:
members 1. In the Operation Set A column, enter or delete Y at rows
of operations. If you need to delete the Query System Logs
operation from Operation Set A, delete Y at row Query
System Logs, column Operation Set A. If you need to add
the Create Subnet operation, enter Y at row Create
Subnet, column Operation Set A.
2. To prevent a file import failure due to inconsistency of
operation set information between the file and the U2000
client, delete the operation set modified in the previous step
from the client. For example, delete Operation Set A.
Step 3 On the top of the NMS User Management navigation tree, click and choose Import
Operation Sets.
Step 4 In the Open dialog box, select the .csv file to be imported and click Open.
Step 5 In the Confirm dialog box, click Yes.
Step 6 In the Information dialog box, click OK.
----End
Result
Operation sets contained in the imported file are listed under the Operation Set node in the
navigation tree on the left. After you choose an operation set, its members are displayed in the
right pane, which are the same as those specified in the imported file.
Related Tasks
5.2.5.1 Exporting Operation Sets
Prerequisites
l You have logged in as a user in the SMManagers group.
l A user group has been planned to manage the new NE.
Context
If initial authorization has met the following conditions, users in the user group automatically
have the operation rights for the new NE, and no adjustment is required.
The subnet device set to which the new NE belongs has been added to the user group's
domain. The operation set bound to the subnet device set contains all required operations on
the new NE.
Figure 5-14 shows the process of adjusting operation rights after an NE is added.
Start
No
No
End
Procedure
Step 1 Viewing the Domain of a User or User Group and Viewing Operation Rights of a User or
User Group. Determine whether the user group automatically has the operation rights for the
new NE based on the context information mentioned above.
l If yes, the procedure ends.
l If the subnet device set to which the new NE belongs has been added to the user group's
domain, but the user group's operation rights do not contain the operation rights for the
NE, perform Step 2.
l If none of the preceding conditions is met, perform Step 4.
Step 2 Add the operation rights for the new NE to the user group's operation set.
1. Choose Administration > NMS Security > NMS User Management from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
2. In the NMS User Management navigation tree, expand the Operation Set node and
select the user group's operation set.
3. On the Members tab page in the right pane, click Select.
4. In the Available rights area of the Select Operation Set Member dialog box, select
operation rights for the type of the new NE.
The operation rights for the new NE are assigned to the user group.
l If the user group is authorized using a user-defined object set, perform the following
steps:
a. Choose Administration > NMS Security > NMS User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
b. In the NMS User Management navigation tree, expand the Object Set node and
select the user group's object set.
c. On the Members tab page in the right pane, click Select.
d. In the Available Devices and Object Sets area of the Select Object Set Member
dialog box, expand all nodes and select the new NE.
e. Click to move the new NE to the Selected Devices and Object Sets
area.
f. Click OK.
l If the user group is authorized using the device mode, perform the following steps:
a. Choose Administration > NMS Security > NMS User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
b. In the NMS User Management navigation tree, expand the User Group node and
choose the user group that manages the new NE.
c. On the Domain tab page in the right pane, click Select.
d. In the Select Domain dialog box, click More in the Authorization Mode area and
select Device.
e. In the Available Objects area, select the new NE.
Step 4 Verify that the user group's operation rights include the operation rights for the new NE.
l If the user group is authorized using a user-defined object set, perform the following
steps:
a. In the NMS User Management navigation tree, expand the Operation Set node
and select the operation set corresponding to the user-defined object set.
b. On the Members tab page in the right pane, check whether the user group's
operation set contains the operation rights for the new NE.
n If yes, the procedure ends.
n If no, go to the next step.
c. On the Members tab page in the right pane, click Select.
d. In the Available Rights area of the Select Operation Set Member dialog box,
select operation rights for the type of the new NE.
The operation rights for the new NE are assigned to the user group.
----End
Prerequisites
l You have logged in as a user in the SMManagers group.
l You have obtained information about user groups that manage the new subnet, types of
all devices on the subnet, and operation rights required for the user groups to manage the
devices.
Context
l Based on the original authorization mode, assign operation rights for the new subnet as
follows:
– If the original authorization mode is the single-device mode, assign operation rights
based on subnet device sets.
– If the original authorization mode is the subnet device set mode or user-defined
object set mode, assign operation rights based on subnet device sets.
l If the new subnet is managed by multiple user groups, adjust each user group's operation
rights in a similar way. This section describes the process of adjusting a user group's
operation rights.
Figure 5-15 shows the process of adjusting operation rights after a subnet is added.
Start
Add the subnet device set corresponding to Add the subnet device set corresponding to
the new subnet to the user groups' domains. the new subnet to the user groups' domains.
End
Procedure
Step 1 Add the subnet device set corresponding to the new subnet to the user group's domain.
1. Choose Administration > NMS Security > NMS User Management from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
2. In the NMS User Management navigation tree, expand the User Group node and
choose the user group that manages the new subnet.
3. On the Domain tab page on the right, click Select.
4. In the Authorization Mode area of the Select Domain dialog box, select Subnet Device
Set.
5. In the Available Objects area, select the subnet device set that corresponds to the new
subnet and has the same name as the new subnet, and click to add the
subnet device set to the user group's domain.
6. Click OK to close the Select Domain dialog box.
Step 2 Query the user group's authorization mode. For details, see 5.2.8.2 Viewing Operation
Rights of a User or User Group.
l If the user group is authorized in single-device mode, create an operation set for the new
subnet. For details, see 5.2.4.3 Creating User-Defined Operation Sets. After an
operation set is created, perform Step 5.
l If the user group is authorized in subnet device set mode or user-defined object set mode,
perform Step 3.
Step 3 Check whether the network device operation set contains all operation rights for various types
of devices on the new subnet. For details, see 5.2.8.5 Viewing Operations in an Operation
Set.
l If the network device operation set does not contain all required operation rights,
perform Step 4.
l If the network device operation set contains all required operation rights, perform Step 5.
Step 4 Modify the network device operation set so that it contains all operation rights for various
types of devices on the new subnet.
1. Choose Administration > NMS Security > NMS User Management from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
2. In the NMS User Management navigation tree, expand the Operation Set node and
choose the network device operation set corresponding to the user group.
3. On the Members tab page in the right pane, click Select.
4. In the Available Rights area of the Select Operation Set Member dialog box, select
operation rights for various types of devices on the new subnet.
Procedure
l During NE transfer (for example, when an NE is transferred from one subnet to another),
a security administrator adjusts user groups' operation rights by deleting the NE from the
transferor user group's domain and adding the NE to the transferee user group's domain.
For details, see 5.2.6.1 Adjusting Operation Rights After an NE Is Added.
– If the NEs are assigned to the transferor user group in subnet device set mode, the
security administrator does not need to adjust the transferor user group's operation
rights after NE transfer.
– If the NEs are assigned to the transferor user group in object set mode or device
mode, delete the NEs from the user group's domain. For details, see NE Scope
Change.
l During global networking structure modification, a security administrator plans
authorization and authorizes users again. For details, see Performing the Initial
Authorization.
----End
Related Tasks
Performing the Initial Authorization
Prerequisites
You have logged in as a user in the SMManagers group.
NE Scope Change
In subnet device set mode, user groups are assigned operation rights for devices based on
subnets. Therefore, security administrators do not need to adjust operation rights after the
scope of managed objects is changed if user groups are authorized in subnet device set mode.
1. Choose Administration > NMS Security > NMS User Management from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
2. In the NMS User Management navigation tree, expand User Group and select the user
group that no longer manages NEs.
3. On the Domain tab page in the right pane, delete NEs based on authorization modes.
Operation Right NE Deletion Method
Configuration Mode
Assign an NE to a user 1. Expand the Device node, choose the NE, and click
group in device mode. Delete in the lower right corner.
2. In the Confirm dialog box, click Yes.
Step 2 Adjust the operation rights for the NEs for the transferee user group. For details about how to
adjust operation rights, see 5.2.6.1 Adjusting Operation Rights After an NE Is Added.
----End
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
2. In the NMS User Management navigation tree, expand User Group and select a user
group that does not manage the subnet.
3. On the Domain tab page right to the navigation tree, select the subnet device set and
click Delete.
4. In the Confirm dialog box, click Yes.
5. For a user group that is going to manage subnet rights, assigning subnet rights to it
means adding a new subnet. For details about how to adjust operation rights, see 5.2.6.2
Adjusting Operation Rights After a Subnet Is Added.
Prerequisites
You have logged in as a user in the SMManagers group.
Procedure
Step 1 View the operation rights of a desired user group.
Task Operations
Adding an operation l For assigning operation rights for a single device or a device
right for a managed type:
object 1. On the Operation Rights tab page, click Select.
2. In the Select Operation Rights dialog box, expand
Device or Device Type in the Authorization Objects
navigation tree and select a device or a device type. In
the Operation navigation tree, select the desired
operations and add them to Selected rights in the right
pane.
3. Click OK.
l For details about how to assign operation rights for subnet
device sets and user-defined object sets on the basis of
existing operation sets, see step 4 in 5.2.8.5 Viewing
Operations in an Operation Set.
Task Operations
Deleting an operation l For assigning operation rights for a single device or a device
right for a managed type: On the Operation Rights tab page, expand Device or
object Device Type, select the desired operations, and click
Delete.
l For assigning operation rights for subnet device sets and
user-defined object sets: Select the bound operation sets,
right-click, and choose View Members from the shortcut
menu. Check whether the operation sets contain operation
rights that need to be deleted. If the operation sets contain
operation rights that need to be deleted, see step 4 in 5.2.8.5
Viewing Operations in an Operation Set to delete the
operation rights.
NOTE
An operation may exist in multiple operation sets. The operation
right is deleted from a user group only when all operation sets
bound to the user group do not contain the operation.
----End
Prerequisites
You have logged in as a user in the SMManagers group.
Role Change
After management personnel's roles change, security administrators must perform the
following steps to adjust user groups to which the personnel belong:
1. Choose Administration > NMS Security > NMS User Management from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
2. In the NMS User Management navigation tree, expand User and select a user whose
user group is to be adjusted.
3. On the User Groups tab page in the right pane, select the user group to which the user
belongs and click Delete. In the Confirm dialog box that is displayed, click Yes.
4. On the User Groups tab page in the right pane, click Add. In the Add User Group
dialog box, select a user group to which the user is to be added and click OK.
Recruitment
If new employees are recruited, security administrators must create user accounts and assign
the user accounts to the new employees. For details about how to create user accounts and
assign operation rights to user accounts, see 5.2.4.5 Creating Users and Adding Them to
User Groups.
Resignation
After an employee resigns, the employee's user account is no longer used or is retained.
l To delete the user account, security administrators perform the following steps:
a. Choose Administration > NMS Security > NMS User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
b. In the NMS User Management navigation tree, expand User. Right-click the user
to be deleted and choose Delete from the shortcut menu. In the Confirm dialog box
that is displayed, click Yes.
l To retain the user account for future use, security administrators perform the following
steps:
a. Choose Administration > NMS Security > NMS User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style).
b. In the NMS User Management navigation tree, expand User and choose a user.
c. On the Details tab page, set Disable user account to Yes.
l If the policy for deleting a user account when the user account is not used to log
in for a specified period has been set in Setting the Account Policy, the user
account is deleted when it has not been used to log in for the specified period.
l After an employee resigns or a user account is re-enabled, the corresponding
user password must be changed to improve account security.
Prerequisites
You have logged in as a user in the SMManagers group.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 In the NMS User Management navigation tree, expand the User or User Group node and
select a user or user group.
Step 3 On the Domain tab, view managed objects in the domains.
The following table lists different methods for viewing domains based on the authorization
mode.
Authorization Method
Mode
All objects No operation is required. The domain contains all network objects.
Subnet device set Expand the Subnet Device Set node. Right-click the desired subnet
device set and choose View Member from the shortcut menu.
User-defined Expand the Object Set node. Right-click the desired user-defined
object set object set and choose View Member from the shortcut menu.
To change objects in the object set, see step 4 in 5.2.8.6 Viewing
Objects Contained in an Object Set.
NOTE
l If you select the Show the domain of the owner user group check box when viewing a user's
domain, managed objects displayed include managed objects that the user inherits from user
groups. Perform the following operations to view the inherited managed objects:
1. Switch to the User Groups tab. View the user groups to which the user belongs.
2. View the managed objects contained in each user group.
l If you select the Sort by device type check box, objects under the Device node on the Domain tab
are grouped by type.
l By default, the Show the domain of the owner user group check box is selected and the Sort by
device type check box is cleared.
----End
Prerequisites
You have logged in as a user in the SMManagers group.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 In the NMS User Management navigation tree, expand the User or User Group node and
select a user or user group.
Step 3 On the Operation Rights tab, expand the object nodes and view the operation rights of the
user or user group on each object.
The following table lists different methods for viewing operation rights based on the
authorization mode.
Authorization Method
Mode
Subnet device set Expand the Subnet Device Set node. Right-click the desired operation
set and choose View Member from the shortcut menu.
To change operations in the operation set, see step 4 in 5.2.8.5
Viewing Operations in an Operation Set.
User-defined Expand the Object Set node. Right-click the desired operation set and
object set choose View Member from the shortcut menu.
To change operations in the operation set, see step 4 in 5.2.8.5
Viewing Operations in an Operation Set.
Device Expand the Device node and view operation rights of the user on
different devices.
NOTE
If the Show the operation rights of the owner user group check box is selected when you view user
operation rights, the displayed user operation rights contain the operation rights inherited from the user
groups. The operation rights inherited from the user groups are displayed in gray on the UI and cannot
be deleted. Perform the following operations to view the inherited operation rights:
1. View the user groups to which the user belongs.
2. View the operation rights of each user group.
By default, the Show the domain of the owner user group check box is selected.
----End
Prerequisites
You have logged in as a user in the SMManagers group.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 In the NMS User Management navigation tree, expand the User node and select a user.
Step 3 On the User Groups tab, view user groups to which the user belongs.
----End
Prerequisites
You have logged in as a user in the SMManagers group.
Context
The Administrators group contains all operation rights on the U2000 except Security
Management rights. Therefore, in the Authorization Details dialog box, the
Administrators is always displayed in the Authorized User/User Group area when any
operation or operation set is selected.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 On the top of the NMS User Management navigation tree, click .
NOTE
You can enter the desired character string in the Find text box and click or to search for
authorization objects in the up direction or down direction, and click to specify whether to set the
Match whole word only or Match case rules.
Step 3 In the Authorization Details dialog box, expand the root node or parent node and select a
child node in the navigation tree.
After a node is selected, the corresponding operation or operation set is displayed in the
Operation area.
Step 4 In the Operation area, expand the root node or parent node and select an operation or
operation set.
In the Authorized User/User Group area, you can view the user or user group to which the
operation or operation set is assigned.
----End
Prerequisites
You have logged in as a user in the SMManagers group.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 In the NMS User Management navigation tree, expand the Operation Set node and select
the desired operation set.
Step 3 On the Members tab, view operations contained in the operation set.
NOTE
To query and manage user rights more easily, export users' managed objects and operation rights by
right-clicking in a blank area and choosing Save All from the shortcut menu.
NOTE
l On the Details tab, you can view the operation set type (network management application operation
set or network device operation set).
l On the Applicable for tab, you can view the users and user groups to which the operation set is
assigned.
Step 4 Optional: Add operations to or delete operations from the operation set.
l Adding operations: On the Members tab, click Select. In the Select Operation Set
Member dialog box, select the desired operation set members and click OK.
l Deleting operations: On the Members tab, select one or multiple operation set members
and click Delete. In the Confirm dialog box, click Yes.
----End
Prerequisites
You have logged in as a user in the SMManagers group.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 In the NMS User Management navigation tree, expand Object Set and select the desired
object set.
Step 3 On the Members tab, view objects contained in the object set.
NOTE
l On the Details tab, you can view the details about the object set.
l On the Applicable for tab, you can view the users and user groups to which the object set is
assigned.
l If the Sort by device type check box is selected, the members of the object set are sorted by device
type. If the object set does not contain any device, the Sort by device type check box is unavailable.
Step 4 Optional: Add members to or delete members from the object set.
l Adding members: On the Members tab, click Select. In the Select Object Set Member
dialog box, select the desired object set members and click OK.
l Deleting members: On the Members tab, select one or multiple object set members,
right-click, and choose Delete from the shortcut menu. In the Confirm dialog box, click
Yes.
----End
Prerequisites
You have logged in as a user in the SMManagers group.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 On the top of the NMS User Management navigation tree, click .
Step 3 In the Compare Users dialog box, select a user from the Source User and Target User list
boxes, click Compare.
Step 4 View the result in the Compare User Rights dialog box.
NOTE
l During the comparison of rights between user A and user B, if user A has an operation right but user
B does not have this right, this right node of user B is left blank.
l On the U2000, you cannot compare rights of the same user. If you select the same user from the
Source User and Target User list boxes, the Compare button is unavailable.
l In the Compare User Rights dialog box, the U2000 can display user rights in either of the
following modes:
– Display all rights: All user rights are displayed for each user.
– Display only differences: Only the differences between user rights are displayed.
----End
Prerequisite
l You have logged in as a user in the SMManagers group.
l This policy supports wdm, mstp, routers, and PTNs.
Context
l By default, secondary authorization is not enabled for all operations.
l This policy does not apply to the admin user.
l By default, user in theAdminstrators group have the secondary authorization
permission.
l You are advised to enable secondary authorization for special occasions such as holiday.
This can prevent the potential service interruption caused by misoperation.
Procedure
1. Choose Administration > NMS Security > Configure Secondary Authorization
Operations from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose OSS Security > Settings > Configure
Secondary Authorization Operations from the main menu (application style).
In this example, secondary authorization is configured for BFD global disable of the
CX600–X8.
2. Configure parameters related to secondary authorization. For details, see the description
of the parameters.
3. Clear the Enable checkbox, and click Apply. The configuration of secondary
authorization is complete.
Result
When configuring BFD global disable for the CX600–X8, a warning dialog box id displayed.
After you click Yes, the Secondary Authorization Authentication is displayed, indicating
that the user name and password of the authorization user are required to proceed the
operation.
Infographic
Related References
Configuring Secondary Authorization Operations
Prerequisites
You have logged in as a user in the SMManagers group.
Context
If the topology view is locked, Modify Object Position is unavailable even if the user has
this operation right. Only a user with the Lock/Unlock View operation right can unlock the
topology view and make Modify Object Position available. To unlock the topology view,
choose View > Lock from the main menu.
Scenario
Security administrator A needs to create a topology maintenance engineer (Topo_mtB) to
manage topological objects and ensure that the assigned rights do not contain the Modify
Object Position right.
Roadmap
Step Roadmap
Step Roadmap
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
(application style).
3. On the Members tab, configure members for the new object set. These members are the
objects managed by Topo_mtB.
3. On the Members tab, configure members for the new operation set. Select the
topological management rights other than Modify Object Position in the Topo
Management node.
4. Click OK.
Step 4 Create topology maintenance user group Topo_mtgroup and set its management domain and
operation rights.
1. In the NMS User Management navigation tree, right-click User Group and choose
New User Group from the shortcut menu. Alternatively, click above the navigation
tree and choose New User Group.
2. In the New User Group dialog box, click the Details tab and set common attributes such
as User name and Description, and then click Next.
3. Click Select. In the Select Domain dialog box, select Object Set of Topo_mtGroup,
click OK, and then click Next.
4. Click Select. In the Select Operation Rights dialog box, select Operation Set of
Topo_mtB, click OK, and then click Next.
5. Click OK.
Step 5 Create topology maintenance user Topo_mtB and add it to group Topo_mtgroup.
1. In the NMS User Management navigation tree, right-click User and choose New User
from the shortcut menu. Alternatively, click above the navigation tree and choose
New User.
2. Set common attributes for the user, such as user name and password.
3. Click Add, choose Topo_mtgroup from the Add New Group dialog box, and click OK.
4. Click OK.
----End
Result
Once you have created user Topo_mtB following the preceding procedure, log in to the
U2000 as user Topo_mtB to manage the topology.
Related Concepts
5.2.10.3 Example for Creating U2000 User Accounts and Allocating Rights in the Rights- and
Domain-based Management Scenario
5.1 User Security
Prerequisites
l You have logged in as a user in the SMManagers group.
l A clear plan is required before adjusting rights for a user. Before the plan is made, the
user's role must be clear.
Scenario
Security administrator A finds out that a monitoring engineer Monitor_B has the Modify
Object Position rights. However, a monitoring engineer should not have the rights according
to the plan made before the adjustment. Therefore, the rights are to be deleted.
Configuration Roadmap
Scenario Configuration Description
Roadmap
1. Monitor_B is a member of the default Modify the rights of Guests has all the
user group Guests. the default operation rights of Monitor
sets in Guests. Operation Set of
NOTE Region XX.
If other members in Checking the
the Guests require Network
the Modify Object Management
Position right, you
Application
must remove
Monitor_B from operation sets
Guests and then exported from the
grant rights to NMS, Topo
Monitor_B Monitor Operation
separately. Set contains Modify
Object Position.
Therefore, remove
Modify Object
Position from Topo
Monitor Operation
Set.
3. Monitor_B does not belong to any user Modify the rights for In the Select
groups. Monitor_B directly. Operation Rights
window, deselect
Modify Object
Position for
Monitor_B.
Procedure
l Operation procedure in scenario 1 (where Monitor_B is a member of Guests):
a. Choose Administration > NMS Security > NMS User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center (application style).
b. Choose NMS User Management > Operation Set > Topo Monitor Operation
Set from the navigation tree.
c. On the Members tab, click Select.
d. The Select Operation Set Member dialog box is displayed. In the Selected rights
group area, expand the nodes under Network Management Application. Select
e. Click OK.
l Operation procedure in scenario 2 (where Monitor_B is a member of the non-default
user group Topo Guests of Region XX):
– The operation procedure is the same as that in scenario 1.
– The operation procedure is similar to that in scenario 1. The only difference is Topo
Monitor Operation Set of Region XX is selected from the navigation tree on step
2.
l Operation procedure in scenario 3 (where Monitor_B does not belong to any user
groups):
a. Choose Administration > NMS Security > NMS User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center (application style).
b. Choose NMS User Management > User > Monitor_B from the navigation tree.
c. On the Operation Rights tab, click Select.
d. The Select Operation Rights dialog box is displayed. In the Selected rights group
area, expand the nodes under Network Management Application. Select Modify
e. Click OK.
Result
If Monitor_B has logged in already, restart the client and relog in to the U2000 for the
settings to take effect. Then, Monitor_B does not have the rights of modifying positions for
topology objects.
Related Concepts
5.2.10.3 Example for Creating U2000 User Accounts and Allocating Rights in the Rights- and
Domain-based Management Scenario
5.1 User Security
5.2.10.3 Example for Creating U2000 User Accounts and Allocating Rights in the
Rights- and Domain-based Management Scenario
This topic provides the example for creating U2000 user accounts and allocating rights in the
rights- and domain-based management scenario.
Application Scenario
In an office, all NEs are monitored and managed through the U2000 in a centralized manner
and they are classed into two categories by domain: transport NEs and IP NEs, which are
monitored and managed separately. To enable different users to monitor and manage NEs
through the U2000, you need to assign them different U2000 user accounts and rights.
transport and IP
domain maintainer
NMS
PTN PTN
CX600 CX600
SDH
SDH
MA5200
NE80E
ME60
RTN RTN NE80E
Data Planning
Plan the following subnets based on the NE domain division:
l Transport domain subnet: All managed transport NEs are included.
l IP domain subnet: All managed IP NEs are included.
Plan the following four user groups based on user groups' responsibilities:
User Descriptio Responsibility Managemen Operation Right
Group n t Domain
Name
NOTE
The operation sets listed in the Operation Right column refer to general operation sets associated with
NEs in the transport or IP domains. Determine the actual operation sets to be added based on the types
of managed NEs and the operation rights of user groups.
Configuration Process
On the U2000, do as follows to create a user account and allocate associated rights:
1. Create subnets.
Create a transport domain subnet and an IP domain subnet, and add NEs in the transport
and IP domains to the associated subnets.
2. Create user groups and allocate management domains and operation sets for the user
groups.
You can easily allocate rights to multiple users by using the user group function.
– Based on responsibilities of user groups, configure management domains for the
user groups so that different user groups can manage different NE domains.
– Based on responsibilities of user groups, configure operation rights for the user
groups so that different user groups have different operation rights.
For details about how to create a user group, see 5.2.4.4 Creating and Authorizing
U2000 User Groups.
3. Create user accounts.
Create user accounts for current users, and configure user groups based on
responsibilities of users. Then, each user account has the management domain and
operation rights of the user group.
For details about how to create a user account, see 5.2.4.5 Creating Users and Adding
Them to User Groups.
NOTE
When creating user accounts, do as follows to ensure the U2000 security:
l Set different time available for login based on the shifts.
l Bind IP addresses of area workstations to users.
l Change the user password when logging in to the U2000 for the first time.
When the configuration is complete, the administrator can provide the accounts to associated
personnel.
Related Tasks
Procedure for Creating U2000 Users
5.2.10.1 Assigning Specific Operation Rights to an NMS User
5.2.10.2 Adjusting User Rights
Prerequisites
You have logged in as a user in the SMManagers group.
Context
The system ACL applies to all U2000 users and requires them to log in to the U2000 only on
the clients using the specified IP addresses or IP addresses in the specified network segments.
A user ACL is a subset of the system ACL and applies only to the current user.
l If multiple network adapters are installed on the host where a client is deployed, you need
to add the IP addresses of all the network adapters to the ACL. This ensures that users can
log in to the U2000 successfully.
l When the network where a client is located has both internal and external networks, you
need to add both the internal and external IP addresses to the ACL. This ensures that users
can log in to the U2000 successfully.
l Security administrators (including the admin user) cannot delete their logged-in client IP
addresses from their ACLs.
l If the admin user logs in to the U2000 installed on the local server, the login is not
controlled by the ACL and the admin user can delete the local server IP address from the
ACL of the admin user.
Procedure
Step 1 Choose Administration > NMS Security > System ACL from the main menu (traditional
style); alternatively, double-click Security Management in Application Center and choose
OSS Security > System ACL from the main menu (application style).
Step 2 In the System ACL dialog box, you can view existing ACLs. You can click Add, Delete, or
Modify to add, delete, or modify a system ACL item, and click OK or Yes for the settings to
take effect.
Set System ACL Procedure
Adding a system ACL item 1. In the System ACL dialog box, click Add.
2. In the Add System Access Control Item dialog
box, select the display mode of IP addresses, set the
related parameters, and click OK.
Deleting a system ACL item 1. In the System ACL dialog box, select the system
ACL item to be deleted, and click Delete.
2. In the Confirm dialog box, click Yes.
Modifying a system ACL item 1. In the System ACL dialog box, select the system
ACL item to be changed, and click Modify.
2. In the Modify System Access Control Item dialog
box, modify the related parameters, and click OK.
NOTE
You can change the IP Address Display Mode only after
deleting a system ACL item and adding a new system ACL
item.
3. In the Confirm dialog box, click Yes.
----End
Related References
System ACL
New User Account
Prerequisites
You have logged in as the admin user or a user in the SMManagers group.
Context
l The admin user can set access rights for all users. Users in the SMManagers group can
set access rights for any user except the admin user.
l The system ACL applies to all U2000 users and requires them to log in to the U2000
only on the clients using the specified IP addresses or IP addresses in the specified
network segments. A user ACL is a subset of the system ACL and applies only to the
current user.
l If multiple network adapters are installed on the host where a client is deployed, you
need to add the IP addresses of all the network adapters to the ACL. This ensures that
users can log in to the U2000 successfully.
l When the network where a client is located has both internal and external networks,
you need to add both the internal and external IP addresses to the ACL. This ensures
that users can log in to the U2000 successfully.
l Security administrators (including the admin user) cannot delete their logged-in
client IP addresses from their ACLs.
l If the admin user logs in to the U2000 installed on the local server, the login is not
controlled by the ACL and the admin user can delete the local server IP address from
the ACL of the admin user.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 In the NMS User Management navigation tree, expand the User node, and select the user to
be modified.
Step 3 Select the policy for using ACLs on the ACL tab in the right pane and click Apply. For
details about the policies, see Table 5-14.
NOTE
l Access control items on the ACL tab for a user come from the system ACL. That is, a user ACL is
a subset of the system ACL.
l In the lower right corner of the ACL tab for a user, you can click Set System ACL to open the
System ACL dialog box and click Add, Delete, or Modify to add, delete, or modify a system
ACL in the dialog box that is displayed.
Use all After this option is selected, the user ACL is the same as the user ACL.
ACLs
Use After selecting this option, you can log in to the U2000 server by using the
specified clients with the specified IP address or IP addresses in the specified
ACLs network segment.
----End
Related References
System ACL
New User Account
Prerequisites
l You have logged in as a user in the SMManagers group.
l This function applies to the Router series, Switch series, Access series and Security and
PTN V8 series NEs.
Context
l Newly configured access control items applies only to new proxy connections and do not
apply to existing proxy connections. To apply the newly configured access control items
to existing proxy connections, users must re-establish the proxy connections.
l When a user uses the proxy service to connect to an NE, the U2000 compares the source
IP address with the access control items from the top to the bottom in the Proxy Service
ACL dialog box. If a matched access control item is found, the comparison is complete.
If no matched access control item is found, the proxy connection request is rejected.
Users can click Up or Down to change the access control item sequence in the Proxy
Service ACL dialog box.
l If the networking includes gateway devices such as the Network Address Translation
(NAT) device, and U2000 clients or NEs are located on the internal NAT network, users
must set IP addresses in access control items to IP addresses that are stored on the NAT
device and can be connected to by the U2000 server. Do not set IP addresses in access
control items to internal network IP addresses to which U2000 clients or NEs are bound.
l If the U2000 client and server are installed on the same machine, you must set IP
addresses in access control items to 127.0.0.1.
l If IP Address or Network Segment is set to 0.0.0.0/0 (or a value in IP address/0
format) and Operation is set to Accept in the proxy service ACL, clients in all network
segments can connect to NEs.
Procedure
Step 1 Choose Administration > NMS Security > Proxy Service ACL from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > Proxy Service ACL from the main menu (application style)
from the main menu.
Step 2 In the Proxy Service ACL dialog box, view the existing access control items. Click Add,
Delete, or Modify to add, delete, or modify an access control item, and then click OK for the
settings to take effect.
Setting the Proxy Service Procedure
ACL
Adding an access control item 1. In the Proxy Service ACL dialog box, click Add.
2. In the Add Access Control Item dialog box, enter
an IP address or network segment, set Operation,
and click OK.
NOTE
l You are advised to enter an IP address but not a network
segment when adding an access control item, which
prevents unauthorized operations performed by other users
in the network segment and therefore improves system
security. If the actual IP address is changed, change the IP
address specified in the access control item in a timely
manner.
l If Operation is set to Accept, users can use the entered IP
address or an IP address in the entered network segment to
connect to an NE using the proxy service.
l If Operation is set to Reject, users cannot use the entered
IP address or an IP address in the entered network segment
to connect to an NE using the proxy service.
Deleting an access control item 1. In the Proxy Service ACL dialog box, select an
access control item to be deleted, and click Delete.
2. In the Confirm dialog box, click Yes.
NOTE
After connecting to NEs from clients by using the proxy
service and performing required operations, users must
manually delete access control items that they have set to
prevent other users from connecting to the NEs based on the
access control items.
Modifying an access control 1. In the Proxy Service ACL dialog box, select an
item access control item to be modified, and click
Modify.
2. In the Modify Access Control Item dialog box,
change the IP address or network segment, modify
Operation, and click OK.
NOTE
l If Operation is set to Accept, users can use the entered IP
address or an IP address in the entered network segment to
connect to an NE using the proxy service.
l If Operation is set to Reject, users cannot use the entered
IP address or an IP address in the entered network segment
to connect to an NE using the proxy service.
----End
Prerequisites
You have logged in as a user in the SMManagers group.
Context
l Account policies must be configured after the U2000 is installed for the first time. They
can be adjusted as required during maintenance.
l New account policies do not take effect on existing accounts.
Procedure
Step 1 Choose Administration > NMS Security > Security Policy from the main menu (traditional
style); alternatively, double-click Security Management in Application Center and choose
OSS Security > Security Policy from the main menu (application style).
Step 2 In the Security Policy dialog box, click the Account Policy tab, and view the current account
policies.
Step 3 Set account policies according to the policy plan and click OK. For details about the
parameters of account policies, see Account Policy.
----End
Related References
Account Policy
Prerequisites
You have logged in as a user in the SMManagers group.
Context
l User password policies must be set during the initial phase of site deployment and can be
adjusted as required during maintenance.
l After a password policy is changed, the new password policy takes effect immediately
for all users of the U2000. For example, after the minimum length of user passwords is
changed, the minimum length of the new password must comply with the requirement
when an online user changes a password.
l New password policies do not apply to the passwords that have been set.
l Password policies specify the requirements on password complexity, update periods, and
characters.
Procedure
Step 1 Choose Administration > NMS Security > Security Policy from the main menu (traditional
style); alternatively, double-click Security Management in Application Center and choose
OSS Security > Security Policy from the main menu (application style).
Step 2 In the Security Policy dialog box, click the Password Policy tab, and view the current
password policies.
NOTE
You can set account policies on the Account Policy tab. For details, see 5.3.1.4 Setting Account
Policies.
Step 3 Set basic and advanced parameters for password policies as required.
----End
Related References
Password Policy
Prerequisites
l You have logged in as a user in the SMManagers group.
Context
l A user can log in to the U2000 server on multiple terminals. The user can also start
multiple U2000 clients on the same terminal to log in to the U2000 server. Setting the
maximum number of user sessions limits the total number of sessions that a user can
create on multiple login terminals.
l User groups are categorized based on user roles. To balance the access attempts of
different user roles, you can set the maximum number of user group sessions to limit the
total number of sessions that the users in a user group can create on all the login
terminals.
l The settings of the maximum numbers of user sessions and user group sessions are
limited by the system login mode. If the current system login mode is the single-user
login mode, only the admin user is allowed to log in to the U2000 from one U2000
client to set the maximum numbers of user group sessions and user sessions.
l In the LDAP or RADIUS authentication mode, the value of the Maximum number of
online users for remote users is 1 by default, and can be modified.
Procedure
Step 1 Select an operation mode based on your requirements.
If... Then...
You are Set the maximum numbers of user group sessions and user sessions by
creating a user following the procedures provided in 5.2.4.4 Creating and Authorizing
group or user U2000 User Groups and 5.2.4.5 Creating Users and Adding Them to
User Groups.
You have 1. Choose Administration > NMS Security > NMS User Management
created a user from the main menu (traditional style); alternatively, double-click
group or user Security Management in Application Center and choose OSS
Security > OSS User Management from the main menu (application
style).
2. In the NMS User Management navigation tree, expand the User
Group or User node.
3. Select a user group or a user, on the Details tab page in the right pane,
set Maximum sessions for the user group or Maximum number of
online users for the user.
----End
Prerequisites
l You have logged in as the admin user.
l The time when the login mode will be switched has been planned, and other users have
been notified of the switching and saved data.
Context
l The settings take effect for all the users who log in to the server.
l In single-user mode, only the admin user is allowed to log in to the system. Therefore, in
single-user mode, only the admin user can switch the login mode.
Only the admin user can log in to the U2000 on a client and all the other users are forced
to exit after the U2000 login mode is switched from the multi-user mode to the single-
user mode. You need to switch back to the multi-user mode after you complete
operations in single-user mode. Therefore, other users can log in to the U2000.
Procedure
Step 1 Choose File > Preferences from the main menu.
Step 2 In the Preferences dialog box, choose System Login Mode from the navigation tree on the
left.
Step 3 Set the U2000 login mode in the right pane.
Single-user mode Select Single-user mode and click OK. In the Set Switch
Delay dialog box, set the delay time for switching the
login mode, and click OK.
l If the delay time is not 0, a warning dialog box is
displayed, and the U2000 is switched to the single-user
mode after the specified delay.
l If the delay time is 0, no warning dialog box is
displayed, and the U2000 is directly switched to the
single-user mode immediately.
Single-user mode is displayed in the lower right corner on
the U2000 remote notification client.
----End
By Security Policy
Prerequisites
Context
l After a U2000 client is locked, only the current user or a user in the Administrators
group can unlock it. The current user can unlock the client as prompted. To unlock the
client as a user in the Administrators group, see Unlocking the Client.
l Auto-locking is valid for all online users.
l Auto-locking setting has preference over Automatically lock terminal in the
Preferences dialog box.
After a user in the Administrators group unlocks an U2000 client, the original logged in user
is logged out.
Procedure
Step 1 Choose Administration > NMS Security > Security Policy from the main menu (traditional
style); alternatively, double-click Security Management in Application Center and choose
OSS Security > Security Policy from the main menu (application style).
Step 2 In the Security Policy dialog box, click the Account Policy tab.
Step 3 Select the Automatically lock the terminal if no activity for XX minute(s) check box, set
the time, and then click OK to apply the settings.
----End
By Preference
Prerequisites
Context
l After a U2000 client is locked, only the current user or a user in the Administrators
group can unlock it. The current user can unlock the client as prompted. To unlock the
client as a user in the Administrators group, see Unlocking the Client.
l The settings take effect immediately. They are valid on your other logged-in clients after
you log in again. The settings are invalid for other users.
l If you select the Automatically lock the terminal if no activity for XX minute(s)
check box on the Account Policy tab of the Security Policy dialog box, Automatically
lock terminal in the Preferences dialog box is unavailable.
After a user in the Administrators group unlocks an U2000 client, the original logged in user
is logged out.
Procedure
Step 3 Select the Automatically lock terminal check box, set the time, and then click OK to apply
the settings.
NOTE
If you select the Show main window when terminal locked check box in the Lock Settings area, the
main window of the client is still visible after the client is locked.
----End
Related Tasks
5.3.3.4 Locking a Client Immediately
Unlocking the Client
Locking the Client
Related References
Account Policy
Lock Settings
5.3.2.1 Setting a Secure Connection Between the U2000 Client and Server
This topic describes how to set a secure connection between the U2000 client and server.
Prerequisites
The SSL communication mode is enabled on the U2000 server. For details about how to set
the SSL communication mode, see the U2000 administrator guide.
Context
Data can be transmitted securely when the SSL communication mode is enabled on both the
U2000 client and server.
Procedure
Step 2 In the Server List dialog box, select a server record, and click Modify.
If no server record exists in the Server List dialog box, add a record as follows:
1. In the Server List dialog box, click Add.
2. In the Add Server Information dialog box, enter the name, host IP address, port ID, and
communication mode of the U2000 server.
Step 3 In the Modify Server Information dialog box, select Security(SSL) from the Mode drop-
down list.
fter the communication mode in the Mode drop-down list is changed, the value of Port
changes automatically. The default settings for the port and communication mode are as
follows:
l If the communication mode is set to Common, the port ID is 31037.
l If the communication mode is set to Security(SSL), the port ID is 31039.
Step 4 Click OK in the Modify Server Information and Server List dialog boxes. The Login
dialog box is returned.
Step 5 Enter the user name and password, and click Login.
If the client does not trust the server, you need to determine whether the server is reliable
using the server certificate.
l If you confirm that the server is reliable, click Yes and log in to the client. If you do not
want the system to display the dialog box again, click Import Certificate to add the
server certificate to the trust certificate list.
After adding the server certificate, run Client installation directory\client\client\bin
\CertConfigurator.bat (Windows OS) or Client installation directory/client/client/bin/
CertConfigurator.sh (SUSE Linux and Solaris OS)Client installation directory\client
\notify\bin\CertConfigurator.bat (Windows OS) or Client installation directory/client/
notify/bin/CertConfigurator.sh (SUSE Linux and Solaris OS)Client installation
directory\client\client\bin\CertConfigurator.bat (Windows OS) or Client installation
directory/client/client/bin/CertConfigurator.sh (SUSE Linux and Solaris OS) to start
the Certificate Configuration tool and click the TrustCertificate tab page to manage
the deployed certificate.
l If you confirm that the server is not reliable, click No to return to the Login dialog box
and contact the system administrator to process the issue.
For details, see How Do I Handle the Server Authentication Dialog Box Displayed When
Logging In to a Client?How Do I Handle the Server Authentication Dialog Box Displayed
When Logging In to a Client? in the online help.
----End
5.3.2.2 Setting the File Transfer Policy Between the Client and Server
Files can be transferred between the U2000 client and server. You can set the file transfer
mode and transfer parameters as required.
Prerequisites
You have logged in as a user who belongs to the Administrators or SMManagers group.
Context
The settings of FTP transfer policies are saved on the U2000 server so that multiple clients
can share them. The settings of FTP transfer policies take effect only on the users that are
logging in.
Procedure
Step 1 Choose File > Preferences from the main menu.
Step 2 In the Preferences dialog box, choose OSS Client/Server File Transfer Settings from the
navigation tree.
Step 3 In the OSS Client/Server File Transfer Settings area, set FTP Mode, FTP Option, and
Network timeout (5-3600s).
l FTP Mode includes FTP and SFTP.
NOTE
Because SFTP is more secure than FTP, the SFTP transfer mode is supported by default when the
server is deployed on the Solaris or SUSE Linux OS, and if you need to enable the FTP transfer
mode, contact the system administrator; it is also recommended to use SFTP when the server is
deployed on the Windows OS. When SFTP is used, the system uses password authentication by
default. To use public key authentication, configure both the server and the client. For details about
how to configure SFTP public key authentication, see How Do I Configure SFTP Public Key
Authentication? in U2000 Administrator Guide.
l FTP Option includes Resumable Transfer, Compression, and Passive Mode. If the
Passive Mode check box is not selected, the active mode is used.
l The value of Network timeout (5-3600s) ranges from 5 to 3600 seconds. Its default
value is 120 seconds.
Step 4 Click OK.
----End
5.3.2.3 Configuring the Communication Between a Client and the U2000 Server
in the NAT Scenario
Generally, a client uses the application IP address of the server to communicate with the
server. However, if a NAT device exists between the U2000 client and server, the associated
configuration file must be modified so that the U2000 client can use the IP address or host
name of the server to access the U2000.
Prerequisites
The application IP address of the server and the IP address on which NAT is performed are
obtained.
Context
This topic uses a Solaris remote high availability system as an example to describe how to
configure the communication between a client and the U2000 server in the NAT scenario. The
configuration method for the single server scenario and that for the active site in a remote
high availability system are the same. The configuration method for a Solaris remote high
availability system is the same as that for other high availability systems.
As shown in Figure 5-17, the Solaris remote high availability system has three clients. The
network segments where clients 1 and 2 reside are on the external network and NAT is
performed on clients 1 and 2 during communication. The network segment of client 3 is on
the internal network, and NAT is not performed on client 3 during communication.
Before: 192.168.1.20
After: 10.250.1.20
192.168.1.20
10.250.100.100 Active site
Client 1
Client 2
For details about IP addresses in the networking diagram, see Table 5-15.
Procedure
Step 1 Stop all services on the U2000.
For details, see Shutting Down the U2000 Server in the deployment solution in 3 Shutting
Down a U2000.
Step 2 On the active site, modify the ipmap.cfg configuration file.
l On Solaris/SUSE Linux, run the following commands as the ossuser user:
$ cd $IMAP_ROOT/etc/conf
$ vi ipmap.cfg
l On Windows, run the following commands as the administrator user:
Use a text editor to open the ipmap.cfg file in the %IMAP_ROOT%\etc\conf
directory.
The networking in Figure 5-17 is used as an example. If the external network IP addresses of
the U2000 active and standby sites after NAT is implemented are 10.250.1.20 and
10.250.2.50, the following contents need to be added to the configuration file:
10.250.1.20,192.168.1.20
10.250.2.50,192.168.2.50
NOTE
----End
Context
l After SSLv3 is disabled, you cannot connect to the U2000 server by means of SSLv3. If
SSLv3 needs to be used later, change disable to enable. For details, see u2kSSLv3 and
ssl_adm -cmd enableSSLv3.
l In a high availability system, this command needs to be executed on both the primary
and secondary sites.
l After SSLv3 is disabled, you need to disable the TLSv1.0, referring to 5.3.2.5 Enabling
or Forbidding Using TLSv1.0 on the U2000.
l When U2000 V200R016C50 or later interconnects with transport NEs using SSL,
SSLv3 is disabled by default, while versions earlier than V200R016C50 SSLv3 is
enabled.
Procedure
Step 1 Stop the U2000 service. For details, see Stopping the U2000 Server Processes in section 3
Shutting Down a U2000. Stop the MSuite service. For details, see C.2.4 Ending the Process
of the MSuite Server.
Step 2 Log in to the OS.
l In Windows, log in to the OS as the ossuser user.
l In Solaris or SUSE Linux, log in to the server as the ossuser user.
Step 3 Run the following command to disable SSLv3.
l Disable SSLv3 for the communication between the U2000 server and client and between
the U2000 server and NE Syslogs.
Before SSLv3 is disabled between the U2000 server and client, ensure that all clients
have been upgraded to the version that is compatible with the server. This prevents the
U2000 client from being automatically upgraded due to the security protocol
inconsistency between the foreground and background of the U2000 server.
Before SSLv3 is disabled between the U2000 server and transport NEs, ensure that all
transport NEs support TLS or that NEs communicate using another security protocol
instead of SSL. This prevents NEs from being out of management after SSLv3 is
disabled.
Before SSLv3 is disabled between the MML process on the U2000 server and U2100
server, ensure that the U2100 server supports TLS. This prevents the failure to connect
the U2100 server to the MML process on the U2000 server.
Before SSLv3 is disabled between the U2000 server and XML NBIs, ensure that the
upper-layer OSS supports TLS. This prevents the failure to connect the OSS to the NBIs.
– In Solaris/SUSE Linux:
$ cd /opt/oss/server/tools/sslv3cfg/
$ ./u2kSSLv3.sh -disable xml2tl1
l Disable SSLv3 between the U2000 server and NBIs. For details, see Configuring the
CORBA NBI in the U2000 CORBA NBI User Guide and Configuring the XML NBI in
the U2000 XML NBI User Guide.
Step 4 Restart the U2000 to make the configuration take effect. For details, see Starting the U2000
Server Processes in section 2 Starting the U2000 System. Restart the MSuite to make the
configuration take effect. For details, see C.2.1 Starting the Process of the MSuite Server.
----End
Follow-up Procedure
l After SSLv3 is disabled using the ssl_adm -cmd disableSSLv3 -app mrb -file D:\oss
\server\etc\ssl\option.xml command in the Windows OS or the ssl_adm -cmd
disableSSLv3 -app mrb -file /opt/oss/server/etc/ssl/option.xml command in the
Solaris or SUSE Linux OS, use the type D:\oss\server\etc\ssl\option.xml command in
the Windows OS or the cat /opt/oss/server/etc/ssl/option.xml command in the Solaris
or SUSE Linux OS to check whether SSLv3 is successfully disabled.
– If the version value in the command output is TLSvx, TLSv1, TLSv1.1, or
TLSv1.2, SSLv3 has been disabled for the communication between the U2000
server and client and between the U2000 server and NE Syslog.
– If the version value in the command output is SSLv3 or SSLv23, SSLv3 has been
enabled for the communication between the U2000 server and client and between
the U2000 server and NE Syslog.
l After SSLv3 is disabled using the u2kSSLv3.bat command in the Windows OS or the ./
u2kSSLv3.sh command in the Solaris or SUSE Linux OS, use the u2kSSLv3.bat -
query Service-type command in the Windows OS or the ./u2kSSLv3.sh -query Service-
type command in the Solaris or SUSE Linux OS to check whether SSLv3 is successfully
disabled. Please refer to u2kSSLv3.
Context
l After TLSv1.0 is disabled, TLSv1.0 cannot be used to connect to the U2000 server. If
TLSv1.0 has to be used, change disable in this topic to enable. For details, see
cerSslVersionCfg, u2kTLS_trans and httpdSslTLSCfg.
l This operation needs to be performed at both the primary and secondary sites in HA
system.
l When U2000 V200R016C50 or later interconnects with transport NEs using TL, TLS1.0
is disabled by default, while versions earlier than V200R016C50 TLS1.0 is enabled.
l For the Internet Explorer 8 browser, TLSv1.1 and TLSv1.2 have to be manually enabled
after TLSv1.0 is disabled. For details, see A.1.16 How Can I Manually Disable SSL
and Start TLS?.
Procedure
Step 1 Stop the U2000 service. For details, see Stopping the U2000 Server Processes in section 3
Shutting Down a U2000. Stop the MSuite service. For details, see C.2.4 Ending the Process
of the MSuite Server.
Step 2 Log in to the OS.
l In Windows, log in to the OS as the ossuser user.
l In Solaris or SUSE Linux, log in to the server as the ossuser user.
Step 3 Run the following command to disable TLSv1.0.
l Disable TLSv1.0 for the communication between the U2000 server and client and
between the U2000 server and NE Syslogs.
– By default, the TLSv1.0 for the Apache's default HTTPS port is enabled. U2000
functions will be adversely affected if the Apache's default HTTPS port is
disabled from using the TLSv1.0 protocol and the browser does not support
TLSV1.1/TLSV1.2. The functions include downloading a client through the
CAU, pressing F1 to view online helps, viewing web pages embedded in the
U2000 client, MSO operations such as monitor, management and maintains
system, and using the Distributed Systems Integration tool.
– For the Internet Explorer 8, 9, and 10 browsers, TLSv1.0 is disabled by default.
TLSv1.1 and TLSv1.2 have to be manually enabled after TLSv1.0 is disabled. For
details, see A.1.16 How Can I Manually Disable SSL and Start TLS?.
– If TLSv1.0 has to be used, query the status of TLSv1.0 and enable TLSv1.0 by
referring to httpdSslTLSCfg. Using TLSv1.0 may cause leakage of sensitive
information such as configure the SNMP by MSO.
– Solaris/SUSE Linux:
$ cd /opt/oss/server/tools/cerSslVersionCfg/
$ ./cerSslVersionCfg.sh -disable frame
l Disable TLSv1.0 for the communication between the U2000 server and transport NEs.
Before TLSv1.0 is disabled between the U2000 server and transport NEs, ensure that all
transport NEs support TLS or that NEs communicate using another security protocol
instead of SSL. This prevents NEs from being out of management after TLSv1.0 is
disabled.
– In Solaris/SUSE Linux:
$ cd /opt/oss/server/tools/sslv3cfg/
$ python u2kTLS_trans.py -disable trans_switch
l Disable TLSv1.0 for the communication between the U2000 server and the XML NBIs
on access devices.
– By default, the TLSv1.0 for the communication between the U2000 server and
the XML NBIs on access devices is disabled. If TLSv1.0 has to be used, query the
status of TLSv1.0 and enable TLSv1.0 referring to cerSslVersionCfg.
– Before TLSv1.0 is disabled between the U2000 server and XML NBIs, ensure that
the upper-layer OSS supports TLS. This prevents the failure to connect the OSS to
the NBIs.
– In Solaris/SUSE Linux:
$ cd /opt/oss/server/tools/cerSslVersionCfg/
$ ./cerSslVersionCfg.sh -disable xml2tl1
l Disable the Apache's default HTTPS port (443) from using the TLSv1.0 protocol.
– By default, the TLSv1.0 for the Apache's default HTTPS port is enabled. Disabling
the Apache's default HTTPS port from using the TLSv1.0 protocol will
adversely affect U2000 functions such as client downloading through the CAU or
pressing F1 to view online helps and web pages embedded in U2000 clients.
– If TLSv1.0 has to be used, query the status of TLSv1.0 and enable TLSv1.0 referring
to httpdSslTLSCfg.
Step 4 Restart the U2000 to make the configuration take effect. For details, see Starting the U2000
Server Processes in section 2 Starting the U2000 System. Restart the MSuite to make the
configuration take effect. For details, see C.2.1 Starting the Process of the MSuite Server.
----End
Follow-up Procedure
l After the python u2kTLS_trans.py -disable trans_switch command is run to disable
TLSv1.0, run the python u2kTLS_trans.py -query trans_switch command to check
whether TLSv1.0 is disabled. For details, see u2kTLS_trans.
l After the cerSslVersionCfg.bat (Windows)/./cerSslVersionCfg.sh (Solaris/SUSE
Linux) command is run to disable TLSv1.0, run the cerSslVersionCfg.bat -query
Service-type (Windows)/./cerSslVersionCfg.sh Service-type (Solaris/SUSE Linux)
command to check whether TLSv1.0 is disabled. For details, see cerSslVersionCfg.
Prerequisites
The U2000 server is not running.
Procedure
Step 1 Log in to the U2000 server as the ossuser user.
Step 2 Run the following commands to modify the SSL certificate algorithm 3DES.
l For Linux and Solaris, run the following commands:
$ cd /opt/oss/server/tools/ssltool
$ python ModifySSLCipherSuite.pyc /opt/oss/server/etc/ssl
NOTE
/opt/oss/server/etc/ssl is the directory where the SSL certificate resides.
l For Windows, run the following commands in the CLI:
> cd /d D:\oss\server\tools\ssltool
> python ModifySSLCipherSuite.pyc D:\oss\server\etc\ssl
NOTE
D:\oss\server\etc\ssl is the directory where the SSL certificate resides.
22 TLS_DHE_RSA_WITH_AES_256_CCM
23 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
24 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
25 TLS_RSA_WITH_AES_256_GCM_SHA384
26 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
NOTE
The preceding information in bold indicates that the SSL certificate algorithm 3DES has been deleted.
Step 4 Add or delete the SSL certificate algorithm 3DES based on the information, for example,
enter +1.
----End
Prerequisites
l You have logged in as an U2000 user.
l You are familiar with password policies. For details, see 5.3.1.5 Setting Password
Policies.
l You are familiar with password policies. For details about the policies, contact the
system administrator.
Context
l The password of the admin user cannot be restored after being changed. Therefore, keep
the new password secure.
Procedure
Step 1 Choose File > Change Password from the main menu (traditional style); alternatively,
double-click Security Management in Application Center and choose OSS Security >
Change Password from the main menu (application style).
Step 2 In the Change Password dialog box, set the new password for the current user and click OK.
Step 3 In the Confirm dialog box, click Yes to confirm the settings.
----End
Context
l The configured password must comply with all password policies except the policies
related to differences between old and new passwords. The password policies related to
differences between old and new passwords are specified by the Previously used
passwords that cannot be the same as new password, Min. different characters
between new and old password, and Password repetition not allowed within
(months) parameters. For details about how to set password policies, see 5.3.1.5 Setting
Password Policies.
l The SMManagers user can re-set the passwords of all users, except for the admin user,
other security administrators, and itself. The password of a security administrator needs
to be re-set by the admin user.
l A user in the SMManagers group cannot reset passwords of himself (or herself). The
password of a user in the SMManagers group can be reset only by the admin user.
l The password of the admin user must be kept secure because the admin user cannot
reset it.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 In the NMS User Management navigation tree, expand the User node. Right-click the user
whose password is to be reset and choose Reset Password.
Step 3 In the Reset Password dialog box, set New password and Confirm password and click OK.
NOTE
If the Require user to change password on next login check box is selected, users need to change the
passwords next time they log in to the U2000 client. You are advised to select the Require user to
change password on next login check box to improve the security of the U2000 system.
----End
Related References
New User Account
Prerequisites
You have logged in as a user in the SMManagers group.
Context
l You can modify only Disable user account, Password validity period (days), New
password, Require user to change password on next login, Login period, Maximum
number of online users,and Auto-logout, and cannot modify other attributes such as
the user group, domain, operation rights, and ACL.
l You cannot modify the information about the current user and the admin user. If the list
of selected users contains the current user or a admin user, the shortcut menu item
Modify Multiple Users is unavailable.
l If a security administrator modifies multiple users,and the selected user list contains
other security administrators,Modify Multiple Users is unavailable.
l If the list of selected users contains only local user:
– In the local or SSO authentication mode,all attributes can be modified.
– In the LDAP or RADIUS authentication mode,no attributes can be modified.
Procedure
Step 1 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application style).
Step 2 In the NMS User Management navigation tree, expand the User node, and select one or
more users in the user list in the right pane.
Step 3 Right-click one of the selected users and choose Modify Multiple Users from the shortcut
menu. In the Confirm dialog box, click Yes.
Step 4 In the Modify Multiple Users dialog box, specify the parameter values.
NOTE
The configured password must meet all password policies except the policies related to user accounts
and differences between old and new passwords. The password policies related to user accounts are
specified by the Password cannot be any user name in reverse order and Max. Same Consecutive
Characters Between User Name and Password parameters. The password policies related to
differences between old and new passwords are specified by the Previously used passwords that
cannot be the same as new password, Min. different characters between new and old password,
and Password repetition not allowed within (months) parameters. For details about how to set
password policies, see 5.3.1.5 Setting Password Policies.
----End
Result
The parameters are modified successfully for selected users according to the settings in the
Modify Multiple Users dialog box.
Related References
Parameters for Modifying NMS user Information in Batches
Prerequisites
You have logged in as an U2000 user.
Context
After an U2000 client is locked, only the current user or a user in the Administrators group
can unlock it. The current user can unlock the client as prompted. To unlock the client as a
user in the Administrators group, see Unlocking the Client.
After a user in the Administrators group unlocks an U2000 client, the original logged in user
is logged out.
Procedure
Step 1 Lock your U2000 client in either of the following ways:
l Choose File > Lock Terminal from the main menu.
----End
Related Tasks
5.3.1.8 Setting Auto-locking for a Client
Prerequisites
The U2000 remote notification client is locked.
Procedure
The following table describes how to unlock the client in different scenarios.
If the current user A user in the SMManagers group need to reset the current user
forgets the password password. Then log in to the client again using the user name and
the new password.
l A user in the SMManagers group need to reset the current user
password. For details, see 5.3.3.2 Resetting the Password of an
NMS user. Then log in to the client again using the user name
and the new password.
NOTE
A user in the SMManagers group cannot reset the password of the
admin user. If the current user is admin, only a user in the
Administrators group can unlock the client.
l The current user must ask a user in the Administrators group to
unlock the client. After the client is unlocked, the current user is
logged out.
1. Press Ctrl+Alt+U or click .
2. Enter the user name and password of the user in the
Administrators group, and click OK.
NOTE
If the number of password retries reaches the upper limit (3 by default), the user account is locked for a
specified period (30 minutes by default). The U2000 user is automatically unlocked after the auto-
unlocking duration. The U2000 user can also be unlocked by security administrators manually. For
details, see 5.3.4.4 Unlocking Users.
Prerequisites
You have logged in as a user in the SMManagers group.
Context
l The system considers the login unauthorized if a user uses an incorrect password to log
in to the system. You can also set the maximum number of login attempts and the auto-
unlocking duration when setting account policies. For details about the parameters, see
Account Policy.
l To manually unlock a user as the admin user or security administrators, see 5.3.4.4
Unlocking Users.
Procedure
Step 1 Choose Administration > NMS Security > Security Policy from the main menu (traditional
style); alternatively, double-click Security Management in Application Center and choose
OSS Security > Security Policy from the main menu (application style).
Step 2 On the Account Policy tab, set the maximum number of login attempts and the auto-
unlocking duration, and then click OK to apply the settings.
----End
Prerequisites
You have logged in as a user in the SMManagers group or a user who has the Monitor All
User Sessions right.
Context
l A session refers to the connection established between a client and the server. A session
starts when a user logs in to the client and ends when the user logs out or exits the client.
l Multiple sessions can be created by using one U2000 user account.
On the U2000, a user account can be used to log in to multiple clients concurrently. If a
user account is used to log in to a certain number of clients, the same number of sessions
are established. You can set the maximum number of clients to which a user account can
be used to log in concurrently in the Maximum of online users text box on the Details
tab.
l When a client uses multiple network adapters, the value of Operation Terminal is
randomly selected from available IP addresses.
l Users in the SMManagers group or users who have the Monitor All User Sessions
right can monitor sessions of all online users.
l The Session Monitor and Operation Monitor functions of the OSS do not involve
users' private information.
Procedure
Step 1 Choose Administration > NMS Security > User Session Monitor from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > User Session Monitor from the main menu (application style).
Step 2 In the User Session Monitor window, view the information about online users and the
operations performed by these users.
Session Monitor In the Session Monitor area, view the information about online
users and sessions.
NOTE
After the U2000 server is restarted or the network is recovered from a
disconnection, you need to click Refresh to update the session monitoring
table.
----End
Related References
Monitor User Sessions
Procedure
Step 1 Choose Administration > NMS Security > User Operator Monitor from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > User Operator Monitor from the main menu (application style).
Step 2 Click Filter. In the displayed Filter dialog box, set the operation information to be displayed.
Click OK.
Step 3 In the Monitor User Operation window, view information about operations performed by
U2000 users.
NOTE
l When an operation affects the U2000, you can limit the user who performs this operation according
to the actual U2000 applications. For example, you can force the user to log out in the User Session
Monitoring window.
l You can monitor the operations performed by the following users in the Monitor User Operation
window:
– Users in the Administrators group or users who have the Query All Operation Logs
permission: In the Query Operation Logs window, click Choose at the lower left corner in
the Filter dialog box. In the Select Operation Name dialog box, you can view the operations
that can be monitored. For details, see 9.1.3 Querying OSS Logs.
– SMManger: In the Query Security Logs window, click Choose at the lower left corner in the
Filter dialog box. In the Select Security Event dialog box, you can view the operations that
can be monitored. For details, see 9.1.3 Querying OSS Logs.
– The Session Monitor and Operation Monitor functions of the OSS do not involve users'
private information.
----End
Related References
Monitor User Operations
Context
l Only members of the SMManagers group can force a user to log out.
l The forcible logout takes effect only on the specified session. For example, a user logs in
to the U2000 server as the user_z user on clients A and B, and sessions a and b are
generated respectively. When the user_z user on client A is forcibly logged out, session
b is not affected.
l Users who have logged in cannot force themselves to log out.
Procedure
Step 1 Choose Administration > NMS Security > User Session Monitor from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > User Session Monitor from the main menu (application style).
Step 2 In the Session Monitor table, select desired sessions and click Force User to Log Out.
----End
Related References
Monitor User Sessions
Prerequisites
You have logged in as a user in the SMManagers group.
Procedure
Unlock a user based on the unlocking mode. For details, see the following table.
Manual unlocking Only a member of the SMManagers group can perform the
following operations:
1. Choose Administration > NMS Security > NMS User
Management from the main menu (traditional style);
alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User
Management from the main menu (application style).
2. In the NMS User Management navigation tree, expand the
User node.
3. Right-click the locked user account, and choose Unlock User.
Automatic A locked user can log in to the U2000 only after a preset period of
unlocking time.
NOTE
You can set the automatic unlocking duration on the Account Policy tab as
follows:
Choose Administration > NMS Security > Security Policy from the main
menu (traditional style); alternatively, double-click Security Management
in Application Center and choose OSS Security > Security Policy from
the main menu (application style). In the displayed Security Policy dialog
box, click the Account Policy tab, and set Auto-unlock (minutes).
Context
On the U2000, users of current sessions cannot send messages to themselves.
Procedure
Step 1 Choose Administration > NMS Security > User Session Monitor from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > User Session Monitor from the main menu (application style).
Step 2 In the Session Monitor area, send messages to the users of the specified sessions or all
sessions.
A specific session Right-click a session and choose Send Message. Enter the message
contents, and then click Send.
Multiple sessions Hold the Ctrl or Shift key to select multiple sessions. Right-click
the selected sessions and choose Send Message. Enter the message
contents, and then click Send.
All sessions Press the combination key Ctrl+A to select all sessions. Right-click
the selected sessions and choose Send Message. Enter the message
contents, and then click Send.
NOTE
You can choose Administration > Broadcast Message from the main menu (traditional style);
alternatively, double-click System Management in Application Center and choose System >
Broadcast Message from the main menu (application style) to send broadcast messages to the users of
all sessions. For details, see Sending Broadcast Messages.
----End
Related References
Monitor User Sessions
Prerequisites
You have logged in as a user in the SMManagers group.
l If the data is to be exported by the Huawei technical support engineers, the Huawei
technical support engineers must obtain the written authority from the customer before
exporting the data.
l Before customer's network data is exported from the customer network, the customer is
advised to encrypt the data. When the data is provided for the Huawei technical support
engineers for analysis, the customer needs to provide the decryption method.
l Before customer's network data is exported from the customer network, the Huawei
technical support engineers needs to apply for and obtain written authority from the
customer and comply with local laws and regulations.
l Customer's network data must be transferred in strict compliance with customer's authority
purpose. The data is transferred by the Huawei technical support engineers only for
providing the customer with services.
Procedure
Step 1 Select Administration > NMS Security > Export User and User Group Rights Data
(traditional style) or OSS Security > Export User and User Group Rights Data (application
style) from the main menu.
Step 2 In the Please enter the password dialog box, enter the password of the current security
administrator for login and click OK.
Step 3 In the Save dialog box, name the file, specify a path, and then click Save.
----End
Result
A prompt dialog box is displayed on the client, indicating the file path.
Context
l In the remote HA system, you must create web proxy users on the primary and
secondary servers.
l In the distribution environment, you need to create web proxy users only on the master
server. The created web proxy users will automatically synchronized to the slave servers.
l To improve password security, it is recommended that the following conditions for
passwords should be met:
– A password contains at least eight characters.
– A password contains at least two types of the following characters: lowercase
letters, uppercase letters, digits, and special characters (spaces and ` ~ ! @ # $ % ^
& * ( ) - _ = + \ | [ { } ] ; : ' " , < . > / ?).
– A password cannot be the user name or user name in reverse order.
l The U2000 provides a web proxy user by default. The user name is proxyuser and the
password is Changeme_123.
Procedure
Step 1 Log in to the U2000 server:
l Windows: Log in to the U2000 server as user ossuser.
l Solaris or SUSE Linux: Use the PuTTY to log in to the U2000 server as user ossuser in
SSH mode.
Step 2 Optional: Windows: Open the command line interface (CLI) on Windows.
Step 3 Optional: Solaris or SUSE Linux: Run the following command to set environment variables:
$ . /opt/oss/server/svc_profile.sh
– The variable username indicates the name of the web proxy user to be created.
– You can repeat the previous commands to create multiple web proxy users.
l Solaris or SUSE Linux:
$ cd /opt/oss/server/3rdTools/apache/bin
$ ./htdigest /opt/oss/server/etc/apache/conf/proxy_users Proxy username
Adding user username in realm Proxy
New password:Password
Re-type new password:Password
If the command output is blank, the web proxy user is created successfully.
NOTE
– The variable username indicates the name of the web proxy user to be created.
– You can repeat the previous commands to create multiple web proxy users.
----End
Context
l In the remote HA system, you must delete web proxy users on the primary and
secondary servers.
l In the distribution environment, you need to delete web proxy users only on the master
server. The deleted web proxy users will automatically synchronized to the slave servers.
Procedure
Step 1 Log in to the U2000 server:
l Windows: Log in to the U2000 server as user ossuser.
l Solaris or SUSE Linux: Use the PuTTY to log in to the U2000 server as user ossuser in
SSH mode.
Step 2 Run the following commands to modify the proxy_users file and delete a web proxy user.
l Windows:
a. Use the text editor to open the proxy_users file in D:\oss\server\etc\apache\conf.
b. Delete the line that contains the desired user name.
NOTE
----End
Context
l In the remote HA system, you must change web proxy user passwords on the primary
and secondary servers.
l In the distribution environment, you need to change web proxy user passwords only on
the master server. The changed passwords will automatically synchronize to the slave
servers.
l To improve password security, it is recommended that the following conditions for
passwords should be met:
– A password contains at least eight characters.
– A password contains at least two types of the following characters: lowercase
letters, uppercase letters, digits, and special characters (spaces and ` ~ ! @ # $ % ^
& * ( ) - _ = + \ | [ { } ] ; : ' " , < . > / ?).
– A password cannot be the user name or user name in reverse order.
l You are advised to change the password every month.
Procedure
Step 1 Log in to the U2000 server:
l Windows: Log in to the U2000 server as user ossuser.
l Solaris or SUSE Linux: Use the PuTTY to log in to the U2000 server as user ossuser in
SSH mode.
Step 2 Optional: Windows: Open the command line interface (CLI) on Windows.
Step 3 Optional: Solaris or SUSE Linux: Run the following command to set environment variables:
$ . /opt/oss/server/svc_profile.sh
Step 4 Run the following commands to change the password of a web proxy user:
l Windows:
> cd /d D:\oss\server\3rdTools\apache\bin
> htdigest.exe D:\oss\server\etc\apache\conf\proxy_users Proxy username
Changing password for user username in realm Proxy
New password:New password
Re-type new password:New password
If the command output is blank, the web proxy user password is changed successfully.
NOTE
The variable username indicates the name of the web proxy user whose password is to be changed.
If the web proxy user does not exist, a web proxy user is created.
l Solaris or SUSE Linux:
$ cd /opt/oss/server/3rdTools/apache/bin
$ ./htdigest /opt/oss/server/etc/apache/conf/proxy_users Proxy username
The variable username indicates the name of the web proxy user whose password is to be changed.
If the web proxy user does not exist, a web proxy user is created.
----End
Prerequisites
l You are an NMS user with Maintenance Group authority or higher.
l This function applies to the MSTP series, WDM series, WDM (NA) series, RTN series,
PTN series (except PTN 6900 series) and marine series NEs.
Context
l To facilitate maintenance, the U2000 provides the remote maintenance function. A
maintenance engineer can log in to the remote maintenance terminal as the remote
maintenance user and maintain NEs. It is recommended that the remote maintenance
user be enabled only when a fault occurs.
l For security purposes, it is recommended to create the NE user name and password
before, and then you can use them directly in the interface.
Procedure
Step 1 Choose Administration > NMS Security > Remote Maintenance User Management from
the main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > Remote Maintenance User Management
from the main menu (application style).
Step 2 In the Remote Maintenance User Parameters dialog box, enable the remote maintenance
user.
Step 3 Input the NE User Name and NE User Password.
Step 4 Click Select NE. In the dialog box that is displayed, select the NE.
----End
Follow-up Procedure
After the remote maintenance user is enabled, an NE user can log in to the NE from the
U2000 remote maintenance terminal.
NOTE
By default, you can log in to the NE from the U2000 remote maintenance terminal only as an NMS user
that has rights of the Maintenance Group group or higher-level rights.
NE Access Control
LCT Access Control: If you need to use the U2000 LCT or Web LCT for the NE
management or commissioning, enable the LCT Access Control so that the LCT can access
the NE.
ACL: The access control list (ACL) provides the basic filtering function for the data flow. All
NEs that have the ACL configured can determine whether to filter out an IP packet when the
IP packet passes the NE. The ACL controls the direction of a specific data flow as to whether
the data flow is transmitted in or out of a network.
Communication Port Access Control: An NE can access the U2000 by using the OAM,
COM, Ethernet port or serial port. You can set the port for the NE access by enabling the
access control of the port. By default, an NE is allowed to access the U2000 by Ethernet ports.
NE login management
NE login: To ensure the security of the NE data, an NE user must prevent unauthorized users
from logging in to the NE to obtain information or perform operations.
NE User Management
NE User: To ensure the security of the NE data, you must use the created NE user to log in to
the NE. In addition, you can only perform the operations that are authorized to the NE user.
NE User Level: Based on the operation types authorized to a user, the NE users are regarded
as having different operation levels. This level is known as the NE user level. The NE users of
different levels are allocated to different NE user groups. The operation rights of NE users
have different levels. The user with a higher rights level can perform all operations that are
authorized to a user with a lower right level. For example, the user of the operation level has
all the operation rights authorized to the user of the monitor level. The following describes
what operations are authorized to each level.
l For Non-NA NEs, the NE user has the following five levels in ascending order: monitor
level, operation level, maintenance level, system level, and debug level. The authorities
of the five user levels are as follows:
– Monitor level: all the query commands, login, logout, password modification
– Operation level: all the fault and performance settings, part of security settings, part
of configurations
– Maintenance level: part of security settings, part of configurations, communication
settings, log management
– System level: all the security settings, all the configurations
– Debug level: all the security settings, all the configurations, debug commands
l For the NA NEs, the NE user has the following four levels in ascending order: RTRV,
MAINT, PROV, and SUPER. The authorities of the four user levels are as follows:
– RTRV: This user level has the right to use all query commands, to log in, to log out,
and to change its own password.
– MAINT: This user level has all fault performance authorities, some security
authorities, and some configuration authorities.
– PROV: This user level has some security authorities, some configuration
authorities, the communication setting authority, and the log management authority.
– SUPER: This user level has all security and configuration authorities.
Authority Management: To ensure the security of the NE data, any one who wants to
perform operations on an NE must log in to the NE as an NE user, and can only perform the
operations authorized to this user. It is recommended that the network manager create NE
users before configuring services. Make sure that when you create a common user account
that can be used on all NEs, keep the rights levels on all NEs consistent to avoid the disorder
of user rights.
NE Data Backup/Restoration
NE Data Backup: Backing up the NE database is necessary for daily maintenance. With the
backup of the database, the NE can automatically restore the NE data and run normally if the
data on the SCC is lost or the equipment is powered off.
SSH Server: The NE user can query whether an NE is acting as a Secure Shell (SSH) server
and set the NE login mode (to Telnet or STelnet) to suit your needs.
NE Key Management: The NE user can manage NE keys, including generating public-
private key pairs, setting the passphrase for keys, and exporting the public-key files of NEs.
Client Key Management: To ensure the security of the NE data, you can manage client keys.
A pair of client keys needs to be generated when Key is used as the authentication type and
STelnet is used as the NE login mode.
SSH User Management: To ensure the security of the NE data, you can manage Secure Shell
(SSH) users, mainly associating SSH users with client public keys.
SSL Certificate Management: The NE user can query and set the status of Secure Sockets
Layer (SSL) certificate encryption for NEs.
SFTP Public Key Fingerprint Management: You can query, set or delete the public key
fingerprints used between the SFTP server and NEs.
SFTP Public Key Fingerprint Authentication Settings: You can query or set SFTP public
key fingerprint authentication for NEs to keep NE data secure.
Extended ECC Authentication Management: You can query or set authentication types and
authentication keys for NEs to keep NE data secure.
SSL Version Management: You can query or set the status of the SSLv3 protocol used
between the U2000 and NEs to keep NE data secure.
NE Database Security Management: You can query or set integrity verification and
integrity protection passwords for NEs to keep uploaded or downloaded NE data integral.
Related Tasks
5.4.2 Setting the NE ACL
5.4.3 Setting the Security Access of an NE
5.4.4 Managing NE Login
5.4.5 Managing NE Users
Prerequisites
This function applies to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN
series (except PTN 6900 series) and marine series NEs.
Context
ACL provides the basic filtering function for data flow. All NEs that have the ACL
configured can determine whether to filter out an IP packet when the IP packet passes the NE.
The ACL controls the direction of a specific data flow whether the data flow is transmitted in
or out of a network.
The most important reason to configure ACL is for the network security. ACL can provide the
basic flow control function, so proper ACL rules, the entire network can be prevented from
security threats.
The ACL can control whether certain NEs receive or drop the IP packets. Each IP packet is
examined by the NEs based on predefined ACL rules. After the examination, the NEs
determine whether to receive or drop this packet.
Related Concepts
5.4.1 NE Security Management
Purpose
The most important reason to configure ACL is for the network security. With proper ACL
rules, the entire network can be prevented from security threats. ACL can also provide the
basic flow control function.
Implementation
The ACL can control whether certain NEs receive or drop the IP packets. Each IP packet is
examined by the NEs based on predefined ACL rules. After the examination, the NEs
determine whether to receive or drop this packet.
Prerequisites
You are an NMS user with Operator Group authority or higher.
Context
Pay attention to using the command to set the ACL, because wrong setting of the ACL may
cause the U2000 to fail to log in to an NE.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > ACL from the Function Tree.
Step 2 On the Basic ACL tab, the basic ACL rule list is displayed.
NOTE
If the equipment only supports basic ACL settings, the basic ACL rule list is displayed after you choose
Security > ACL from the Function Tree.
Step 3 Click Query to load the basic ACL rules from the NE.
Step 6 Click Apply to apply the new configuration data to the NE.
The Result dialog box is displayed, indicating that this operation is successful.
Step 7 Click Close to complete the operation.
Step 8 Optional: Repeat Step 4 to Step 7 to set more basic ACL rules for this NE.
Step 9 Optional: Repeat Step 1 to Step 8 to set the basic ACL rules for other NEs.
----End
Prerequisites
You are an NMS user with Operator Group authority or higher.
Context
If the setting is incorrect, the U2000 cannot communicate with the NE.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > ACL from the Function Tree.
Step 2 Click the Advanced ACL tab. The advanced ACL rule list is displayed.
Step 3 Click Query to load the advanced ACL rules from the NE.
Step 6 Click Apply to apply the new configuration data to the NE.
The Result dialog box is displayed, indicating that operation is successful.
Step 8 Optional: Repeat Step 4 to Step 7 to set more advanced ACL rules for this NE.
Step 9 Optional: Repeat Step 1 to Step 8 to set the advanced ACL rules for other NEs.
----End
Prerequisites
Applies to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN series (except
PTN 6900 series) and marine series NEs.
Related Concepts
5.4.1 NE Security Management
Prerequisites
You are an NMS user with Maintenance Group authority or higher.
Context
This operation may affect the communication between the U2000 and NEs.
Procedure
Step 1 In the NE Explorer, choose Communication > Access Control from the navigation tree.
Step 2 In the Ethernet Access Control area, click Refresh to check whether Ethernet access is
enabled.
Step 3 Configure Ethernet access according to the GUI instructions. The configuration methods vary
with NE types.
l Select the Enable Ethernet Access check box and click Apply. Ethernet access is
enabled for the NE.
NOTE
If you want to disable this function, clear the Enable Ethernet Access check box and click Apply.
l Set The First Network Port to Enabled and click Apply. Ethernet access is enabled for
the NE.
NOTE
– If you want to disable this function, set The First Network Port to Disabled and click Apply.
– If a second network port exists, you can also enable Ethernet access for this port. For OptiX
OSN NEs, the second network port is an EXT port.
----End
Prerequisites
You are an NMS user with Maintenance Group authority or higher.
Context
This operation may affect the communication between the U2000 and NEs.
Procedure
Step 1 In the NE Explorer, choose Communication > Access Control from the navigation tree.
Step 2 Configure serial port access according to the GUI instructions. The configuration methods
vary with NE types.
l Select the Enable Serial Port Access check box. Click Apply to apply the setting to the
NE.
l Select the Enable Serial Port Access check box. Click Refresh to check whether the
current NE allows serial port access. Select Access Command Line or Access NM as
required. Click Apply to apply the setting to the NE.
Step 3 Select a baud rate allowed for serial port access from the Baud Rate drop-down list and click
Apply.
----End
Prerequisites
l You are an NMS user with Maintenance Group authority or higher.
l This function applies to the MSTP series NEs.
Context
This operation may affect the communication between the U2000 and NEs.
Procedure
Step 1 In the NE Explorer, select an NE and choose Communication > Access Control from the
Function Tree.
Step 2 Select the Enable OAM Access check box and click Apply. The OAM access of the NE is
now enabled.
----End
Prerequisites
l You are an NMS user with Maintenance Group authority or higher.
l This function applies to the MSTP series, Metro WDM series, LH WDM series, RTN
series, PTN series, and Marine series NE.
Context
This operation may affect the communication between the U2000 and NEs.
l The COM port directly connects to the SCC board, improper usage may affect the
normal service handling on the NE, and the rate of the COM port is slow. Therefore, it is
recommended to use Ethernet access for the U2000 LCT or Web LCT in most cases.
l Use COM port access only when the Ethernet access fails, the NE already connects to
the U2000, or certain lower layer commissioning commands need to be run.
l For security measures, the COM port access is disabled by default after NE initialization
or downloading. If necessary, use the U2000 to temporarily enable COM access.
Procedure
Step 1 In the NE Explorer, select an NE and choose Communication > Access Control from the
Function Tree.
Step 2 Select the Enable COM Access check box and click Apply. The COM access of the NE is
now enabled.
----End
Prerequisites
You are an NMS user with Administrators authority.
Context
This operation may affect the communication between the U2000 and NEs.
l When no U2000 user logs in to an NE and an LCT user requests to log in to the NE, the
NE does not refer to the LCT Access Control parameter and allows the LCT access
directly.
l When a U2000 user has logged in to an NE and then an LCT user requests to log in to
the NE, the NE determines whether to allow the LCT user to log in based on the LCT
Access Control parameter.
l When an LCT user has logged in to an NE and then a U2000 user requests to log in to
the NE, the login of the LCT user does not affect the login of the U2000 user, and the
successful login of the U2000 user does not affect the logged-in LCT user.
l When the LCT user and the U2000 user log in to the NE at the same time, set LCT
Access Control to Prohibit Access. This does not affect the LCT user that has already
logged in.
l After the OptiX OSN 500 is disconnected to the U2000 for over 30 minutes, the OptiX
OSN 500 automatically allows the LCT access.
Procedure
l If you want to manage network-wide LCT access, use the following method to the
navigate to the LCT Access Control window.
----End
Prerequisites
This function applies to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN
series (except PTN 6900 series) and marine series NEs.
Context
l After an NE becomes unreachable, the logged-out mark is displayed for it. The mark
disappears after the U2000 logs in to the NE again.
l Before logging in to a gateway NE, ensure that the NE IP address is correct.
Do not use the szhw user to log in to NEs. Otherwise, the U2000 may report an error.
Related Concepts
5.4.1 NE Security Management
the NE, the NE user cannot lock out the NE. When an NE user at a higher level logs in, NE
login previously locked by a low-level NE user is unlocked automatically.
Prerequisites
l You are an NMS user with Maintenance Group authority or higher.
l The current NE user has the highest authority among all logged-in NE users.
l The NEs are release 4.0 transport NEs.
Procedure
Step 1 Choose Administration > NE Security Management > Lock Out NE Login from the main
menu (traditional style); alternatively, double-click Security Management in Application
Center and choose NE Security > Fix-Network NE > Lock Out NE Login from the main
menu (application style).
Step 2 In the NE list that contains only the available NEs, select an NE and click .
Step 4 Optional: If the value of Login Lock Status is Not Locked out, select it and click Lock
Login or right-click it and choose Lock Login from the shortcut menu.
----End
Follow-up Procedure
After the exclusive NE operation is complete, unlock the NE user immediately by performing
the following operations: Select the desired NE and click Unlock Login or right-click the NE
and choose Unlock Login from the shortcut menu.
Prerequisites
l You are an NMS user with Maintenance Group authority or higher.
l The current NE user has the highest authority among all logged-in NE users.
Context
The user occupies its setting authority until it unlocks the module. NEs can be divided into
configuration module, alarm module, communication module, performance module, protect
switching module, database module and security module, and these modules can be locked
respectively or simultaneously.
After a user locks an NE, only the user has the configuration authority, so that the NE data can
be kept consistent when multiple users manage NEs at the same time. This function features
the following:
Procedure
Step 1 Choose Administration > NE Security Management > Lock Out NE Settings from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > Lock Out NE Settings
from the main menu (application style).
Step 2 In the NE list that contains only the available NEs, select an NE and click .
Step 4 Select an NE functional module, if the value of Set Lock Status is No, select it and click
Lockout or right-click it and choose Lockout from the shortcut menu.
Step 5 In the Set Lock Window dialog box, select the Lock Permanently check box to permanently
lock the current NE settings or enter the value of Continues Time to temporarily lock the
settings. Click OK.
----End
Follow-up Procedure
After the exclusive NE operation is complete, unlock the NE settings immediately by
performing the following operations: Select the desired NE and click Clear Lockout or right-
click the NE and choose Clear Lockout from the shortcut menu.
Prerequisites
You are an NMS user with Administrators authority.
Procedure
Step 1 Choose Administration > NE Security Management > NE Login Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > NE Login Management
from the main menu (application style). Click the Online User Management tab.
Step 3 Click Query to query the user of the online NE and the login mode of this user.
Step 4 Optional: Click Filter. Set Current Connected User and Login Mode as the filter criteria to
view the information about the online NE user.
----End
Prerequisites
l You are an NMS user with Administrators authority.
l NE users are created.
Context
l Only one NE user can log in to an NE from the same U2000 server at a time to manage
the NE.
l One NE user cannot log in to or manage an NE at multiple clients at the same time. If
you use an NE user to log in to the same NE through U2000 server A and B in turn, both
NE login attempts fail and indicators are blinking on different clients indicating that the
NE user has already logged in or exited.
l For an NE managed by multiple network management systems (NMSs), create a login
account for each NMS to prevent conflicts and frequent changes of the NE between the
online and offline status. In addition, upload NE data before performing operations on
the NE to ensure data consistency.
Procedure
Step 1 Choose Administration > NE Security Management > NE Login Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > NE Login Management
from the main menu (application style).
Step 5 Select the NE in the NE list and click Switch NE User. In the Switch Current NE User or
Switch DC User dialog box, enter the NE user name and password.
NOTE
On the NE Login Management tab, switching a logged-in NE user in offline mode is supported; this is
not supported on the DC Login User Management tab.
----End
Prerequisites
l You are an NMS user with Administrators authority.
l An NE user has been created.
l The NE user has logged in.
l This function does not apply to PTN 7900 series NEs.
Procedure
Step 1 Choose Administration > NE Security Management > NE Login Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > NE Login Management
from the main menu (application style).
Step 2 Select the NE to log out of the U2000 from the NE list and click .
Step 3 On the NE Login Management or Online User Management tab, select the NE and click
Logout or Force Logout.
Step 4 In the Result dialog box indicating that the operation succeeded, click Close.
----End
Prerequisites
l You are an NMS user with Administrators authority.
l Log in to the NE as a user with the system level or higher rights.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Security Parameters from the
Function Tree.
Step 3 Select an NE, double-click Warning Screen Switching and choose whether to enable the
warning screen.
Step 4 Double-click Warning Screen Information and enter the NE login prompt message
information.
NOTE
You can enter information in the Warning Screen Information field only when you set Warning
Screen Switching to Enabled.
Step 5 Click Apply. The Result dialog box is displayed, indicating that this operation was
successful. Click Close.
----End
Prerequisites
The following functions apply to the MSTP series, WDM series, WDM (NA) series, RTN
series, PTN series (except PTN 6900 series) and marine series NEs.
Related Concepts
5.4.1 NE Security Management
Prerequisites
l You are an NMS user with Administrators authority.
l The level of the NE user to be queried is lower than that of the logged-in NE user.
Procedure
Step 1 Choose Administration > NE Security Management > NE User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > NE User Management
from the main menu (application style).
Step 3 Optional: Click Query to query NE user information from the NE.
Step 4 Click View Additional User Info to query additional information about this NE user.
----End
Prerequisites
l You are an NMS user with Administrators authority.
l The level of the NE user to be created is lower than that of the logged-in NE user.
NOTE
Choose Administration > NE Security Management > NE User Management from the main
menu (traditional style); alternatively, double-click Security Management in Application Center
and choose NE Security > Fix-Network NE > NE User Management from the main menu
(application style). You can view the level information about NE users on the NE User
Management window.
Context
To ensure NE data security, it is recommended that you allocate NE users with different
authorities as required.
Procedure
Step 1 Choose Administration > NE Security Management > NE User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > NE User Management
from the main menu (application style).
Step 4 Optional: For the NA NE, click Add NA User. The Add NA NE User dialog box is
displayed.
Step 7 In the NE User Flag field, select a user type based on the type of the terminal through which
the user logs in to the NE.
Step 8 Click after the New Password, enter the new password in the output dialog box, click
OK.
NOTE
The password must meet the following requirements to safeguard your user account.
1. The password consists of 8 to 16 characters.
2. The password cannot duplicate or reverse the user name.
3. The password consists at least three of the following characters:
– Lower-case letters
– Upper-case letters
– Digits
– Special characters including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : ' " , < . > / ? and space
For PTN7900 and PTN990, the password must meet the following requirements:
1. The password consists of 8 to 128 characters.
2. The password cannot duplicate or reverse the user name.
3. The password must consists the following elements:
– At least one lower-case letter
– At least one upper-case letter
– At least one digit
– At least one special character including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : ' " , < . > / ?
and space, one space contained in two quotation masks("), for example, "Changeme 123".
NOTE
You also need to set the Immediate Password Change, Valid Permanently, Valid From, Valid Until,
Password Permanently Valid and Password Valid Days.
For the NA NE, you also need to set the Canceling User Automatically, Log Out User After (min),
User Permanently Valid, User Valid Days, Password Permanently Valid and Password Valid Days.
Step 9 Optional: Select the Hide NEs already using this user name check box, the NEs that
already use the user name are not included in the NE Name field.
NOTE
Selecting the Hide NEs already using this user name check box makes it easier to create NE users in
batches.
Step 10 In the NE Name field, select one or more NEs that this NE user is allowed to manage.
----End
Prerequisites
l You are an NMS user with Administrators authority.
l The NE user is created.
l The level of the NE user to be modified is lower than that of the logged-in NE user.
NOTE
Choose Administration > NE Security Management > NE Login Management from the main
menu (traditional style); alternatively, double-click Security Management in Application Center
and choose NE Security > Fix-Network NE > NE Login Management from the main menu
(application style). You can view the login information about NE users on the NE Login
Management tab.
Procedure
Step 1 Choose Administration > NE Security Management > NE User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > NE User Management
from the main menu (application style).
Step 3 In the NE User Management Table, select the NE user to be modified and click Modify. The
Modify NE User dialog box is displayed.
Step 4 In the Modify NE User dialog box, modify the settings of the attributes of the NE user. Click
Apply.
Step 5 Click OK.
----End
Prerequisites
l You are an NMS user with Administrators authority.
l An NE user has been created.
Context
If the default NE user password is not changed, the NE reports the
PASSWORD_NEED_CHANGE alarm to the U2000, prompting for immediate change to
the default password.
Change NE user passwords regularly and keep them secure for security purposes.
Procedure
Step 1 Choose Administration > NE Security Management > NE User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > NE User Management
from the main menu (application style).
Step 2 Select one or multiple NEs from the NE list and click .
The level of the currently logged-in NE user must be higher than that of the NE user whose
password is to be changed.
Alternatively, you can Choose Administration > NE Security Management > NE Login
Management from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose NE Security > Fix-Network NE > NE
Login Management from the main menu (application style). click the NE Login
Management tab, select the currently logged-in NE user, and click Set Current User
Password.
b. In the Set Password of NE User dialog box, set the New Password of the NE
name.
NOTE
The password must meet the following requirements to safeguard your user account.
1. The password consists of 8 to 16 characters.
2. The password cannot duplicate or reverse the user name.
3. The password consists at least three of the following characters:
○ Lower-case letters
○ Upper-case letters
○ Digits
○ Special characters including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : ' " , < . > / ?
and space
For PTN7900 and PTN990, the password must meet the following requirements:
1. The password consists of 8 to 128 characters.
2. The password cannot duplicate or reverse the user name.
3. The password must consists the following elements:
○ At least one lower-case letter
○ At least one upper-case letter
○ At least one digit
○ At least one special character including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : '
" , < . > / ? and space, one space contained in two quotation masks("), for example,
"Changeme 123".
c. Click OK.
Step 4 Click OK.
----End
Prerequisites
l You are an NMS user with Guests authority or higher.
l This function applies to the release 5.0 transport NEs.
l Log in to the NE as a user with the system level or higher rights.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Security Parameters from the
Function Tree.
Step 2 Click Query to query the settings of NE security parameters.
----End
Prerequisites
You are an NMS user with Administrators authority.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE User Group Management from
the Function Tree.
Step 2 Click Query to query NE users included in various U2000 user groups of the NE.
----End
Prerequisites
l You are an NMS user with Administrators authority.
l The NE user is created.
l The level of the NE user to be deleted is lower than that of the logged-in NE user.
NOTE
Choose Administration > NE Security Management > NE Login Management from the main
menu (traditional style); alternatively, double-click Security Management in Application Center
and choose NE Security > Fix-Network NE > NE Login Management from the main menu
(application style). You can view the log in information about NE users on the NE Login
Management tab.
Procedure
Step 1 Choose Administration > NE Security Management > NE User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > NE User Management
from the main menu (application style).
Step 3 In the NE User Management Table, select the NE user to be deleted and click Delete. The
Confirm dialog box is displayed asking you whether to delete the NE user.
----End
Prerequisites
l You are an NMS user with Administrators authority.
l It applies to the MSTP series, WDM series, WDM (NA) series, RTN series and marine
series NEs.
Context
The procedure for configuring a specific NE as an SSH server is as follows.
Procedure
Step 1 Set the communication service mode of the NE.
1. Choose Administration > NE Security Management > NE Communication Services
Management from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose NE Security > Fix-Network
NE > NE Communication Services Management from the main menu (application
style).
2. Click the Communication Service Management tab.
3. In the NE list, select the desired NE and click .
4. Click Query to query the current communication service mode of the NE.
5. Enable all the communication service modes for the NE.
NOTE
– You can set the NE login mode (Telnet or STelnet) and NE upgrade and backup mode (FTP
client or SFTP client).
– STelnet is recommended because of STelnet protocol higher security than Telnet. SFTP
client is recommended because of SFTP protocol higher security than FTP.
6. Click Apply.
You can determine whether an NE can be configured as an SSH server by querying the SSH server
information on the NE and choose to use the Telnet or STelnet mode to log in to the NE based on actual
requirements.
1. Choose Administration > NE Security Management > NE Communication Services
Management from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose NE Security > Fix-Network
NE > NE Communication Services Management from the main menu (application
style).
2. Click the SSH Server tab.
3. In the NE list, select the desired NE and click . The query dialog box is
displayed, listing querying results in the right pane.
4. Click Query to query the SSH server of the NE.
NOTE
If the NE functions as the SSH server, among the created NE key pair, the private key is saved on the
NE, and the public key is on the U2000 client. You need to export the public key information from the
U2000 and save the information for follow-up deployment on the SFTP server. In addition, during
package loading or package diffusion upgrade using the NE Software Management (DC), the NE can be
authenticated in SFTP key mode.
1. Choose Administration > NE Security Management > NE Communication Services
Management from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose NE Security > Fix-Network
NE > NE Communication Services Management from the main menu (application
style).
2. Click the NE Key Management tab.
3. In the NE list, select the desired NE and click . The query dialog box is
displayed, listing querying results in the right pane.
4. Click Query to query key management information of the NE.
5. Click New Key Pair.
The New Key Pair dialog box is displayed.
6. Set Key Type to S-RSA (NE As the Server) and select Overwrite Mode.
7. Click OK. In the dialog box that is displayed, click Close.
8. In the confirmation dialog box, click Yes to upload the public key immediately.
The public key is added to the window.
9. Click Export Public Keys. In the Export Public Keys dialog box, set Key Type to S-
RSA, set File Name, and click OK.
10. In the dialog box that is displayed, click Close.
Step 4 Generate a pair of SSH client keys and prepare a public key file.
NOTE
l The generated pair of SSH client keys is mainly used for Client Key Management. When
accessing an NE in Stelnet mode, a user requires a pair of SSH client keys to pass the key
authentication.
l A key pair, including a private key and public key, can be generated by using a key generator
PUTTYGEN.EXE. The following steps use PUTTYGEN.EXE as an example.
1. In the Parameters area, set Type of key to generate to SSH-2 RSA and Number of
bits in a generated key to 2048.
NOTE
– To ensure security, you must enter a password phrase for generating the key pair files. In
addition, the password phrase must meet U2000 password complexity requirements. For
details, see Password Policy.
– It is recommended that the key file is updated periodically to ensure data security. The
updating period can be customized. The recommended period for updating the private key file
is one month.
2. Click Generate, and then click Save public key and Save private key to save the public
key and the private key respectively after they are generated.
NOTE
To ensure security, you are advised to save the private key file and keep it secure.
3. Copy the public key content to a file, as shown in the following figure. Ensure that all
content in the file is put in one line. The file will be used to import public key
information.
This setting can be performed in two ways. One is copying public key information in the public
key set exported in step 4. The other is importing the information into the U2000.
7. Optional: Select the Private Key File. Click the Browse to select the desired directory
to store client private key files, and then set the Passphrase for the client private key.
8. Click OK. In the dialog box that is displayed, click Close.
Public key information generated on the NE is saved to the authorized_keys file in
the .ssh directory for specific NE login users.
Step 6 Associate an SSH user with an SSH client public key.
NOTE
The SSH client public keys are usually shared by multiple NEs. SSH client public keys need to be bound
to NE user names that are usually the same. The U2000 provides SSH User Management to bind NE
users with SSH client public keys. By default, SSH users are security NE users.
1. Choose Administration > NE Security Management > NE Communication Services
Management from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose NE Security > Fix-Network
NE > NE Communication Services Management from the main menu (application
style).
2. Click the SSH User Management tab.
3. In the NE list, select the desired NE and click . The query dialog box is
displayed, listing querying results in the right pane.
4. Click Query to query user authentication information of the NE.
5. Set Authentication Mode and Client Public Key Name.
----End
Prerequisites
l U2000The U2000 has logged in to NEs by using STelnet.
l This operation applies to the Router series, Switch series, PTN6900 series, PTN7900
series, Access series and Security NEs.
l You are an NMS user with Operator Group authority or higher.
Context
When using STelnet to log in to NEs, the U2000 does not verify the SSH fingerprints of NEs
by default but receives and displays fingerprints in the Confirmed Fingerprint area. To
verify the received fingerprints, modify the configuration file on the U2000 server under the
help of Huawei technical support engineers.
Procedure
Step 1 Choose Administration > NE Communicate Parameter > Set NE SSH Fingerprint from
the main menu (traditional style); alternatively, double-click Fix-Network NE Configuration
in Application Center and choose Administration > NE Communicate Parameter > Set
NE SSH Fingerprint from the main menu (application style).
Step 2 In the Confirm Fingerprint window, select an NE in the tree and click .
Step 3 View the received SSH fingerprint in the Confirmed Fingerprint area.
Item Description
Item Description
----End
NOTE
This function applies to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN series
(except PTN 6900 series) and marine series NEs.
5.5.1 Overview
Using the User Datagram Protocol (UDP) as the transmission protocol, RADIUS features
good and real-time performance. Owing to the retransmission mechanism and standby server
mechanism, RADIUS possesses high reliability. RADIUS is easy to implement and applies to
the multithreading structure of the server when there are a large number of users.
RADIUS Protocol
AA (Authentication, Authorization) is a technology used for user authentication,
authorization, and accounting. RADIUS is one of the commonly used protocols to implement
AA. The RADIUS protocol is an information exchange protocol used to authenticate remote
connections to the system and prevent unauthorized users from accessing the network.
RFC 2865 is the standard and protocol compliance of the RADIUS protocol.
Authenticator
Attribute
An RADIUS client communicates with the server by using the user datagram protocol (UDP).
Figure 5-19 shows the structure of the RADIUS protocol stack.
RADIUS
IP
PPP Ether
NOTE
The reasons for using the UDP protocol instead of the TCP protocol for communication are as follows:
l The data transmitted between the network access server (NAS, namely, the RADIUS client) and
the RADIUS server is of tens of or even a hundred bits. The RADIUS protocol is required to
provide a retransmission mechanism and standby server mechanism. The RADIUS protocol
demands for a good timer management mechanism. A user can accept the authentication that lasts
only tens of seconds.
l In the case of many users, multiple threads are required on a server. The UDP protocol helps the
server to achieve this by simplifying the procedure.
l The TCP protocol, however, cannot be used to transmit data until a connection is created
successfully. Therefore, the TCP protocol is weak in the real-time performance when many users
are involved. In addition, the TCP protocol cannot meet the timing requirements of the RADIUS.
Implementation Principles
RADIUS adopts a distributed client/server model. Generally, the model is used to manage a
huge number of distributed dial-in users.
Figure 5-20 shows the networking structure of the RADIUS. An NE is set as an RADIUS
client or a proxy server. By managing a simple user database, the RADIUS server implements
authentication and accounting and adjusts the user service information based on the service
type and rights of a user. The RADIUS protocol specifies how the NAS and the RADIUS
server exchange the user information and the accounting information.
l The NAS extracts configuration information of a user, encapsulates the information into
a standard RADIUS packet, and send the packet to the RADIUS server for processing.
l The RADIUS server receives the connection request of the user, authenticates the user
request, and returns to the NAS the configuration information required for delivering
services to the user.
l The NAS and RADIUS exchange authentication information by using a key. The
password of a user is encrypted before being transmitted on the network, which prevents
the password from being intercepted on an insecure network.
l An RADIUS server can be used as a proxy client for other RADIUS servers or as an
authentication server of other types.
User B
RADIUS
Client
User C
RADIUS
Client
Authentication Process
The password authentication protocol (PAP) is used for transmitting RADIUS packets
between RADIUS clients and RADIUS servers.
Figure 5-21 shows the main process of transmitting RADIUS messages between the server
and the client.
2. The RADIUS client on this NE receives the user name and password and it sends an
authentication request to the RADIUS server.
NOTE
l If no response is returned within the retransmission interval, the RADIUS client transmits the
request packet to the RADIUS server repeatedly. The packet retransmission interval and
retransmission times can be set by the user.
l The RADIUS server can be configured with one active server and zero or multiple standby
servers. The RADIUS client can forward the request to the standby or proxy server if the
active server is down or unreachable.
3. If the request is valid, the server completes the authentication and sends the required
authorization information back to the client.
4. Then the RADIUS client returns the authentication response to the user.
Figure 5-21 Process of transmitting messages between the RADIUS server and the client
(1) User name password (2) Request
Prerequisites
l You are an NMS user with Operator Group authority or higher.
l The NE communicates with the U2000 successfully.
Context
l The RADIUS parameters on an NE can be set only after the NE is set as an RADIUS
client.
l If an NE is set as a RADIUS client without an RADIUS server, the NE cannot
implement RADIUS authentication.
Procedure
Step 1 Choose Administration > NE Security Management > RADIUS Configuration
Management from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose NE Security > Fix-Network NE >
RADIUS Configuration Management from the main menu (application style).
Step 2 In the NE RADIUS Configurations window, click the NE RADIUS Function
Configurations tab.
Step 3 Select the NE and subnet to be queried from the navigation tree on the left. Click to
query the current configuration of the NE RADIUS function from the U2000.
Step 4 Click Query to query the current configuration of the NE RADIUS function from the NE.
Step 5 Double-click RADIUS Client and Proxy Server and set them to Open respectively.
----End
Follow-up Procedure
After an NE is set as a RADIUS client or proxy server, you need to add a RADIUS server.
Prerequisites
l You are an NMS user with Operator Group authority or higher.
l An NE is set as an RADIUS client.
Procedure
Step 1 Choose Administration > NE Security Management > RADIUS Configuration
Management from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose NE Security > Fix-Network NE >
RADIUS Configuration Management from the main menu (application style). In the NE
RADIUS Configurations window, click the NE RADIUS Configurations tab.
Step 2 Click RADIUS Server Configuration. The RADIUS Server Information dialog box is
displayed.
Step 3 Click Query to query the current configuration of the RADIUS server from the NE.
Step 4 Click New. The New RADIUS Server Information dialog box is displayed.
l When adding a RADIUS server, identify the RADIUS server uniquely by entering the IP address of the
NE.
l When adding a proxy server, identify the proxy server by entering the IP address or the NE name.
l Before adding a proxy server, you need to set the NE as an RADIUS proxy server.
Step 7 Optional: In the RADIUS Server Information dialog box, select the RADIUS server to be
deleted. Then, click Delete. In the Hint box, click OK.
----End
Follow-up Procedure
After the RADIUS server is added, you need to configure the RADIUS parameters on the NE.
Prerequisites
l You are an NMS user with Operator Group authority or higher.
l An RADIUS server has been added.
Procedure
Step 1 Choose Administration > NE Security Management > RADIUS Configuration
Management from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose NE Security > Fix-Network NE >
RADIUS Configuration Management from the main menu (application style). In the
RADIUS Configuration Management window, click the NE RADIUS Configurations tab.
Step 2 Select the NE and subnet to be queried from the navigation tree on the left. Click to
query the current configuration of the RADIUS from the U2000.
Step 3 Click Query to query the current configuration of the RADIUS from the NE.
Step 4 Click New. The New NE RADIUS Configuration dialog box is displayed.
NOTE
If the type of the server to be added is Proxy Server, you do not need to set Shared Key.
----End
l Entity changes
The system generates a change history after the change of the device entity is found by
polling or manually refreshing the device.
l Device configuration changes
After the device configuration file is backed up in DC management, you can find the
change of the device configuration file by comparing it with the previous configuration
file. A device configuration change history is generated.
l Software image changes
The change history is generated when the system polls the device and finds the change of
the software image version.
NOTE
The following functions only apply to the Router series, Switch series and Security NEs.
Prerequisites
You are an NMS user with Guests authority or higher.
Procedure
Step 1 Choose Administration > NE Security Management > Change Audit from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose NE Security > Fix-Network NE > Change Audit from the main menu
(application style).
Step 3 In the Filter Criteria dialog box, set the querying criteria and click OK.
Step 4 Click a record. The details about the record are displayed in the Details area.
NOTE
l For a record with Change Type being Software Image, the Details tab displays two records. The
upper one shows software version information before change and the lower one shows the latest
software version information after change.
l For a record with Change Type being Entity, the Details tab displays the specific change type,
either Add or Delete.
----End
Prerequisites
You are an NMS user with Operator Group authority or higher.
Context
The U2000 deletes the records in the database after information about change audit is
dumped. Therefore, you cannot query the dumped records through the U2000 client.
Procedure
Step 1 Choose Administration > NE Security Management > Change Audit from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose NE Security > Fix-Network NE > Change Audit from the main menu
(application style).
Step 2 In the Change Audit window, click Filter, set filter criteria, and click OK.
All records meeting the filter criteria are displayed in the query result area.
Step 3 In the querying result area, select one or more records to be dumped, right-click them and
choose Dump from the shortcut menu.
Step 4 In the Confirm dialog box, click OK.
The system automatically generates a .dat file and dumps it to a specified folder.
NOTE
----End
Prerequisites
You are an NMS user with Operator Group authority or higher.
Context
The U2000 deletes the records in the database after information about change audit is deleted.
Therefore, you cannot query the deleted records through the U2000 client.
Procedure
Step 1 Choose Administration > NE Security Management > Change Audit from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose NE Security > Fix-Network NE > Change Audit from the main menu
(application style).
Step 2 In the Change Audit window, click Filter, set filter criteria, and click OK.
All records meeting the conditions are displayed in the query result area.
Step 3 In the query result area, select one or more records to be deleted, right-click them and choose
Delete from the shortcut menu.
Step 4 In the Confirm dialog box, click OK.
----End
In order to enhance the security of the database after the U2000 is installed, the sa user may be
manually disabled and replaced with a customized administrator name, such as dbadmin.
l Back up the database periodically. Copy each backup file to other storage devices. In the
case of a U2000 or database fault, you can use the backup database for restoration. In
general situations, do as follows:
– Back up all databases of the U2000 once a week at scheduled time. For details of
the operation method, see 6.1.4.1.1 Periodically Backing Up the U2000 Data to a
Local Server Through the U2000 Client and 6.1.4.2.1 Periodically Backing Up
the U2000 Database to a Remote Server Through the U2000 Client.
l View the database status and dump the database periodically.
Related Tasks
6.1 Backing Up and Restoring the U2000 Data
U2000 Fast Restoration include Backing Up and Restoring the U2000 Data, Fast Restoration
Scheme for the U2000 Cold Backup System, HA System (Veritas) Solution, OS Boot Disk
Backup and Restoration for Linux-based Single-Server Systems, SRM Solution.
implement U2000 Distributed System remote disaster recovery. Either the SRM solution or
remote cold standby HA system is used at a time.
Related Concepts
5.7 Database Security Policy
Basic Concepts
Backup
Backup is a method used to store important data for restoring the original data.
NOTE
The personal information (including personal name, phone numbers and addresses) on the U2000 and all
user names and passwords are also backed up. Therefore, you are obligated to take considerable
measures, in compliance with the laws of the countries concerned and the user privacy policies of your
company, to ensure that the personal data of users is fully protected.
Restoration
Restoration coexists with backup. When certain data is damaged or destroyed, you can restore
the data.
Restoration is to restore database data from the backup file, and then overwrite the existing
data file.
Dump
Dump is a process that saves logs (such as alarm logs, event logs, U2000 security logs,
operation logs, and system logs) and performance data on the database as OS files in text
format and deletes the logs and performance data from the database to clear database space.
Application Scenarios
NOTE
Backup data of an OS cannot be used for data restoration of another version or type of OS.
Backup data of a database cannot be used for data restoration of another version or type of database.
The personal information (including personal name, phone numbers and addresses) on the U2000 and all
user names and passwords are also backed up. Therefore, you are obligated to take considerable
measures, in compliance with the laws of the countries concerned and the user privacy policies of your
company, to ensure that the personal data of users is fully protected.
The following data is not backed up when you back up the U2000 database:
l The data that is not saved at the NE side, that is, the data that cannot be uploaded.
l The custom options of the system, for example, font, color setting, and audio setting.
Backing up and restoring the U2000 network configuration data by using the
script files
The U2000 provides the function of exporting and importing script files, to back up and
restore the network configuration data of the U2000, including the user name, password of the
NEs, path information, and topology coordinates. This realizes the upgrade of the
configuration data with zero loss during the U2000 upgrade. For details, see 6.1.6 Backing
Up and Restoring the U2000 Network Configuration Data by Using Scripts.
NOTE
l The default coding format in a script file is UTF-8. If illegible characters are displayed, to change
the coding format of the script file, in the Windows OS, you can modify the encoding configuration
item in the %IMAP_ROOT%\cbb\trans\core\conf\xml\script\script_enum.xml configuration
file; In the Solaris or SUSE Linux OS, you can modify the encoding configuration item in the
$IMAP_ROOT/cbb/trans/core/conf/xml/script/script_enum.xml configuration file.
l By default, the name of a script file contains the NE name. To exclude the NE name from a script
file name, in the Windows OS, you can modify the scriptname configuration item in the
%IMAP_ROOT%\cbb\trans\core\conf\xml\script\script_enum.xml configuration file. In the
Solaris or SUSE Linux OS, you can modify the scriptname configuration item in the
$IMAP_ROOT/cbb/trans/core/conf/xml/script/script_enum.xml configuration file.
l The data are exported from the U2000 database.
l The imported script files update the data on the U2000 only, with no impact on the data on the NEs.
l The personal information (including personal name, phone numbers and addresses) on the U2000
and all user names and passwords are also backed up. Therefore, you are obligated to take
considerable measures, in compliance with the laws of the countries concerned and the user privacy
policies of your company, to ensure that the personal data of users is fully protected.
Backing up and restoring all data in the U2000 database by mirroring the
database
The U2000 automatically creates a scheduled task of backing up the U2000 database during
its initial installation to implement database backup. The backup database equals a clone of
the original U2000 database. When the original U2000 database is damaged, or exceptions
occur on the data in the database, you can quickly switch the data source to the database that
is backed up previously, ensuring that the U2000 can be started properly. Database mirroring
for backup uses disk space. If the server has insufficient space and has another solution
configured to back up the database, uninstall the mirroring database. For details, see A.10.72
How Do I Uninstall a Mirroring Database.
Context
l This scheme applies only to Solaris and SUSE Linux OSs.
l The scheme that U2000 installed on the VM(s) does not support backing up and
restoring all data in the U2000 database by mirroring the database.
l Remaining space in the /opt/backup directory must be at least twice the database size
plus 10 GB. You can run the df -hk /opt/backup command to check the remaining space
of the /opt/backup partition.
l The U2000 will automatically create the /opt/backup/forDBSVRBCK/sybasebackup
directory during its installation. Do not delete or modify the directory and files in it.
l After the U2000 is installed, it automatically mirrors the database at 01:00 every
Wednesday by default to back up data. Ensure that U2000 data is not backed up using
the U2000 client or MSuite during the period when U2000 data is backed up by
mirroring the database.
l If need mirror the database manually, use the PuTTY tool to log in to the OS as a
ossuser and then run the following commands.
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/PlantBackDB
# ./runtimetask.sh
NOTE
The runtimetask.sh stores at /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/
PlantBackDB before U2000 V200R016C60CP2023. While U2000 V200R016C60CP2023 and
later version stores at /opt/sys_oss/DBSVRBCK/PlantBackDB.
l The entire mirroring process lasts for 30 to 60 minutes. In this period, do not perform
operations that involve a large amount of data if possible, for example, U2000 cutover,
data dump, and performance collection.
l Use the PuTTY tool to log in to the OS as a ossuser and run the following commands to
query on which database the U2000 is running:
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./QueryCurrentMode.sh
NOTE
Table 6-1 Characteristics and application scenarios of three data maintenance methods
Method Characteristics Application Scenario
Backing up and restoring all l Backs up the structure This requires a large storage
data in the U2000 databases and contents of the medium space. If you want
U2000 database. to back up the U2000
l The data is in the binary database in a scheduled
mode. manner, large-size disk is
recommended.
l Backs up all data of the
U2000 database.
l The processing speed is
fast.
l The backup file is big.
Backing up and restoring the l Exports the configuration l This method is usually
U2000 network data in the U2000 to used to upgrade the
configuration data by using a .txt file that is similar U2000. The new U2000
the script files to the MML format. This version is compatible
is done to save data. with the scripts of the old
l Backs up only some of version.
the data, including the l This method is usually
basic configuration data, used to back up and
port naming data and restore the basic
custom data. configuration data for a
l The processing speed is single NE. This method
slow. also restores the custom
data.
l The backup file is small.
Backing up and restoring all l This scheme applies only l When the original U2000
data in the U2000 database to Solaris and SUSE database is damaged, or
by mirroring the database Linux OSs. exceptions occur on the
l After the U2000 is data in the database, you
installed, it automatically can quickly switch the
backs up the database at data source to the
a scheduled time. database that is backed
up previously, ensuring
l Backs up all data in the that the U2000 can be
U2000 database. started properly.
l The backup file is large.
l If the hard disk is large (if the available space exceeds 10 GB), you can back up the
U2000 databases on a quarterly basis.
l Regularly move the to-be-backed up database data to a third-party storage medium so
that the database data can still be accessed even when the hard disk is damaged.
l When backing up U2000 data to a local server, also back up the data to a remote server
to improve data security.
l Back up databases before or after performing an installation, deployment, or
maintenance operation on the U2000, for example, U2000 upgrade or patch installation.
l Before backing up the data, upload the NE data, and perform the search of the protection
subnets and trails.
l To ensure successful data backup, do not change any data on the U2000 when backing
up the database.
l To avoid a situation in which data occupies too much disk space, clear the data that is
previously backed up, on a regular basis.
l Before restoring U2000 databases, you must shut down the U2000 server and ensure that
the databases are not used by other users.
l If security hardening is enabled, log in to the OS as the ossuser user. Then run the su -
root command and enter the root user password to switch to the root user.
6.1.4.1.1 Periodically Backing Up the U2000 Data to a Local Server Through the U2000
Client
If a hard disk has available space over 10 GB, you can back up the U2000 databases on a
quarterly basis. The backup object is the entire U2000 database, including the custom data at
the U2000 side (excluding the custom options of the system), network layer trail data, NE-
side configuration data, alarm data and performance data. In addition, a backup is created for
the structure of the entire database, all database tables (including the system tables and the
user tables), table structure, and stored procedures.
Prerequisites
l You are an NMS user with Operator Group authority or higher.
l All users must have been logged out of the MSuite client to prevent incomplete database
backup.
l Sufficient disk space is available.
– On Windows, generally, the available disk space of the local temporary directory
and the local backup path is over 1/3 of that for the local database. The default local
temporary directory is D:\tmp. The default local database path is D:\data in a
single-server system.
– On Solaris, the available disk space of the local backup path is over 3/4 (This is an
empirical value. You can evaluate the space required by each database based on the
value queried in the sp_helpdb command output. The required space is calculated
as follows: Total size = (Remaining date space + Remaining log space). Then,
evaluate the available space of the local backup path.) of that for the local database,
the disk space of the local temporary directory (/tmp) is 500 MB or above. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
– On SUSE Linux, the available disk space of the local backup path is over 3/4 (This
is an empirical value. You can evaluate the space required by each database based
on the value queried in the sp_helpdb command output. The required space is
calculated as follows: Total size = (Remaining date space + Remaining log
space). Then, evaluate the available space of the local backup path.) of that for the
local database, not considering the disk space of the local temporary directory. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
Context
l The U2000 does not support multiple periodic backup tasks at the same time. The
difference between the time points to start scheduled tasks must be greater than the
maximum running period of the tasks.
l Backing up the database data during off-peak hours is recommended because it takes a
long time, and affects other functions, such as adding, deleting, and modifying data. It is
recommended that you set the scheduled backup time to the time when network service
traffic is light, such as at midnight (00:00~06:00).
l You are recommended to back up the database at a different time from planning and
maintaining the live network so that live network planning and maintenance will not be
affected by database backup.
l Do not perform other operations when backing up the database. Otherwise, data
inconsistency may occur and pose potential risks to the system.
l The personal information (including personal name, phone numbers and addresses)
on the U2000 and all user names and passwords are also backed up. Therefore, you
are obligated to take considerable measures, in compliance with the laws of the
countries concerned and the user privacy policies of your company, to ensure that the
personal data of users is fully protected.
Procedure
l Scenario 1: Default scheduled task for database backup
The U2000 provides Default scheduled task for database backup. Database backup is
a method used to store important data to restore the damage of the original data.
NOTE
l Choose Administration > Task Schedule > Task Management from the main menu (traditional
style); alternatively, double-click System Management in Application Center and choose Task
Schedule > Task Management from the main menu (application style).Choose Task Type >
Backup > DB Backup, right-click Default scheduled task for database backup and choose Run
Now from the shortcut menu. You can view the default tasks in the task list on the right.
l Default scheduled task for database backup is a periodical task. The default Start time is set to
02/20/2016 21:00:00, and the default interval is set to 7 Days. That is, the task starts at 21:00 every
Saturday and repeats unlimited times. The default Delete settings is set to not delete tasks
automatically.
l Right-click Default scheduled task for database backup and choose Attributes from the shortcut
menu. In the Attributes dialog box, set parameters such as Start time and interval.
l By default, data is backed up to the local server. You can set Back up the data to the local server
to Back up the data to the remote server on the Extended Parameters tab in the Attributes
dialog box.
l Before the database is backed up, the U2000 will check the available disk space. If the space is
insufficient, the Risk Summary dialog box will be displayed indicating that risks may arise when
the U2000 is running.
l Scenario 2: Manually created task for database backup
a. Log in to the U2000 client. For details, see 2.6 Logging In to a U2000 Client.
b. Choose Administration > Task Schedule > Task Management from the main
menu (traditional style); alternatively, double-click System Management in
Application Center and choose Task Schedule > Task Management from the
main menu (application style).
c. Choose Task Type > Backup > DB Backup in the left pane, and click New. The
New Task dialog box is displayed.
d. Enter a name for the scheduled task. Select One-time or Periodic as the run type.
Then, click Next.
e. In Time Setting, set the planned start time of the task. If One-time is selected,
choose to start the task immediately or not. If Periodic is selected, in the Period
Setting area, specify the task period and set Execution Times or End time. Then,
click Next.
If multiple scheduled backup tasks are configured, their backup time ranges cannot
overlap; otherwise, backup fails.
l The Backup Path must be a relative path that contains letters, digits,
underscores (_), or hyphens (-) and excludes the space, bracket, Chinese
characters and so on. The complete path name cannot exceed 60 characters.
For Windows, the Backup Path must be located on the disk drive of the
server. You can query or modify the default database backup root path
referring to modifyDefaultBackupPath.
l If Backup Path is not specified, the default backup path is used. For
details, see Backup Path.
l If the entered Backup Path value does not exist, the system displays a
message asking you whether to create the directory. Click Yes.
l On Solaris OS or SUSE Linux OS, if the entered Backup Path value
exists, assign permissions to the Backup Path based on the level as root
user.
Run the following command as the root user for the last directory of the
path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the
default value /opt/backup/dbbackup, Backup Path is set to backup, and
backup exists, run the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -
R 750 /opt/backup/dbbackup/backup
g. Then click Finish. A message asking you whether to continue is displayed, click
Yes.
h. In the warning dialog box that is displayed, click OK.
----End
Result
Manually created tasks for database backup are displayed in the right-hand pane of the
window.
6.1.4.1.2 Immediately Backing Up the U2000 Data to a Local Server Through the U2000
Client
This topic describes how to enable the periodically backup of the U2000 database to the local
server. After this configuration, the database can be safely and quickly restored after a fault
occurs. The backup object is the entire U2000 database, including the custom data at the
U2000 side (excluding the custom options of the system), network layer trail data, NE-side
configuration data, alarm data and performance data. In addition, a backup is created for the
structure of the entire database, all database tables (including the system tables and the user
tables), table structure, and stored procedures.
Prerequisites
l You are an NMS user with Operator Group authority or higher.
l All users must have been logged out of the MSuite client.
l Sufficient disk space is available.
– On Windows, generally, the available disk space of the local temporary directory
and the local backup path is over 1/3 of that for the local database. The default local
temporary directory is D:\tmp. The default local database path is D:\data in a
single-server system.
– On Solaris, the available disk space of the local backup path is over 3/4 (This is an
empirical value. You can evaluate the space required by each database based on the
value queried in the sp_helpdb command output. The required space is calculated
as follows: Total size = (Remaining date space + Remaining log space). Then,
evaluate the available space of the local backup path.) of that for the local database,
the disk space of the local temporary directory (/tmp) is 500 MB or above. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
– On SUSE Linux, the available disk space of the local backup path is over 3/4 (This
is an empirical value. You can evaluate the space required by each database based
on the value queried in the sp_helpdb command output. The required space is
calculated as follows: Total size = (Remaining date space + Remaining log
space). Then, evaluate the available space of the local backup path.) of that for the
local database, not considering the disk space of the local temporary directory. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
l The database is running. Perform the following operations to start the database if it is not
running:
– For the Single-Server System (Windows), see A.7.4 How to Start the SQL Server
Database.
– For the Single-Server System (Solaris), see A.8.1.2 How to Start the Sybase
Database Service.
– For the Single-Server System (SUSE Linux), see A.8.1.2 How to Start the Sybase
Database Service.
– For the High Availability System (Solaris/SUSE Linux), see A.8.1.2 How to Start
the Sybase Database Service.
Context
l The backup process cannot be canceled once it is started.
l Backing up the database data during off-peak hours is recommended because it takes a
long time, and affects other functions, such as adding, deleting, and modifying data.It is
recommended that you set the backup time to the time when network service traffic is
light, such as at midnight (00:00~06:00).
l You are recommended to back up the database at a different time from planning and
maintaining the live network so that live network planning and maintenance will not be
affected by database backup.
l Do not perform other operations when backing up the database. Otherwise, data
inconsistency may occur and pose potential risks to the system.
l The personal information (including personal name, phone numbers and addresses)
on the U2000 and all user names and passwords are also backed up. Therefore, you
are obligated to take considerable measures, in compliance with the laws of the
countries concerned and the user privacy policies of your company, to ensure that the
personal data of users is fully protected.
Procedure
Step 1 Log in to the U2000 client. For details, see 2.6 Logging In to a U2000 Client.
Step 2 Choose Administration > Back Up/Restore NMS Data > Database Backup from the main
menu (traditional style); alternatively, double-click System Management in Application
Center and choose System > Back Up/Restore NMS Data > Database Backup from the
main menu (application style).
NOTE
Customizing a backup path helps to avoid the effect of system reinstallation and disk formatting
on backup data. This improves the maintainability of the system.
– The Backup Path must be a relative path that contains letters, digits, underscores (_),
or hyphens (-) and excludes the space, bracket, Chinese characters and so on. The
complete path name cannot exceed 60 characters. For Windows, the Backup Path
must be located on the disk drive of the server. You can query or modify the default
database backup root path referring to modifyDefaultBackupPath.
– If Backup Path is not specified, the default backup path is used. For details, see
Backup Path.
– If the entered Backup Path value does not exist, the system displays a message
asking you whether to create the directory. Click Yes.
– On Solaris OS or SUSE Linux OS, if the entered Backup Path value exists, assign
permissions to the Backup Path based on the level as root user.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists,
run the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R
750 /opt/backup/dbbackup/backup
Step 5 In the warning dialog box that is displayed, click OK. The U2000 database backup starts and
a dialog box is displayed showing the backup progress.
----End
6.1.4.1.3 Immediately Backing Up the U2000 Data to a Local Server Through the MSuite
This topic describes how to immediately back up the U2000 database to a local server through
the NMS maintenance suite (MSuite). After this configuration, the database can be safely and
quickly restored after a fault occurs.
Prerequisites
l The database is running.
l Sufficient disk space is available.
– On Windows, generally, the available disk space of the local temporary directory
and the local backup path is over 1/3 of that for the local database. The default local
temporary directory is D:\tmp. The default local database path is D:\data in a
single-server system.
– On Solaris, the available disk space of the local backup path is over 3/4 (This is an
empirical value. You can evaluate the space required by each database based on the
value queried in the sp_helpdb command output. The required space is calculated
as follows: Total size = (Remaining date space + Remaining log space). Then,
evaluate the available space of the local backup path.) of that for the local database,
the disk space of the local temporary directory (/tmp) is 500 MB or above. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
– On SUSE Linux, the available disk space of the local backup path is over 3/4 (This
is an empirical value. You can evaluate the space required by each database based
on the value queried in the sp_helpdb command output. The required space is
calculated as follows: Total size = (Remaining date space + Remaining log
space). Then, evaluate the available space of the local backup path.) of that for the
local database, not considering the disk space of the local temporary directory. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
Context
The backup process cannot be canceled once it is started.
The personal information (including personal name, phone numbers and addresses) on the
U2000 and all user names and passwords are also backed up. Therefore, you are obligated to
take considerable measures, in compliance with the laws of the countries concerned and the
user privacy policies of your company, to ensure that the personal data of users is fully
protected.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
NOTE
On a high availability system, log in to the MSuite client on the active site.
Step 2 On the MSuite client, choose Backup and Restore > Backup System Data from the main
menu.
Step 3 Select Data Backup-Binary Mode(Recommended), and then click Next.
NOTE
Data Backup-Text Mode is only used to collect fault information when the U2000 fails to locate and
rectify the fault. This mode is not recommended during routine database backup.
– If you want to use another backup path, click Browse to select it.
– The Backup Path must be a relative path that contains letters, digits, underscores (_),
or hyphens (-) and excludes the space, bracket, Chinese characters and so on. The
complete path name cannot exceed 60 characters. For Windows, the Backup Path
must be located on the disk drive of the server. You can query or modify the default
database backup root path referring to modifyDefaultBackupPath.
– If Backup Path is not specified, the default backup path is used. For details, see
Backup Path.
– If the entered Backup Path value does not exist, the system displays a message
asking you whether to create the directory. Click Yes.
– On Solaris OS or SUSE Linux OS, if the entered Backup Path value exists, assign
permissions to the Backup Path based on the level as root user.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists,
run the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R
750 /opt/backup/dbbackup/backup
If the U2000 is running, the follow box is displayed, please click the Yes and ensure that the NMS is not
performing configuration operations.
Step 6 The system starts the backup preprocessing and backup process. A progress bar is displayed
showing the backup progress. Wait patiently.
Step 7 After the backup is completed, click Finish.
----End
l The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
l If the U2000 is running, please stop NMS first, and then backup the U2000 data, or
backup operation fails.
NOTE
l The backup directory must be a relative path (the root path is /opt/backup/dbbackup) that contains
letters, digits, underscores (_), or hyphens (-) and excludes the space, bracket, Chinese characters
and so on. The path name cannot exceed 60 characters. For Windows, the backup directory must be
located on the disk drive of the server.
MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password. For
details, see C.3.1 Changing the Password of the MSuite.
6.1.4.2.1 Periodically Backing Up the U2000 Database to a Remote Server Through the
U2000 Client
This topic describes how to enable periodical backup of the U2000 database to a remote
server. After this configuration, the database can be safely and quickly restored after a fault
occurs.
Prerequisites
l You are an NMS user with Operator Group authority or higher.
l All users have been logged out of the NMS maintenance suite (MSuite) client.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
l The FTP or SFTP user must have the write permission for the remote FTP/SFTP server,
and the U2000 server and remote FTP server can communicate with each other properly.
l If the network segments for the U2000 and the FTP/SFTP server are on different
firewalls, the FTP/SFTP (more secure, recommended) service from the U2000 to the
FTP/SFTP server must be enabled on the firewalls. For details about how to enable the
FTP/SFTP (more secure, recommended) service, see the firewall guide.
l Sufficient disk space is available. Generally, the disk space of the local temporary
directory is over 2/3 of that for the local database, and the disk space of the remote
backup path is over 1/3 of that for the local database.
– On Windows, the default local temporary directory is D:\tmp, the default local
database path is D:\data in a single-server system. To view the disk space, right-
click Data file path and choose Properties from the shortcut menu.
– On Solaris, the default local temporary directory is /opt/backup/dbbackup/tmp,
the disk space of the local temporary directory (/tmp) is 500 MB or above. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
Context
l The U2000 client does not support multiple periodic backup tasks at the same time. The
difference between the time points to start scheduled tasks must be greater than the
maximum running period of the tasks.
l Backing up the database data during off-peak hours is recommended because it takes a
long time, and affects other functions, such as adding, deleting, and modifying data. It is
recommended that you set the scheduled backup time to the time when network service
traffic is light, such as at midnight (00:00~06:00).
l You are recommended to back up the database at a different time from planning and
maintaining the live network so that live network planning and maintenance will not be
affected by database backup.
l Do not perform other operations when backing up the database. Otherwise, data
inconsistency may occur and pose potential risks to the system.
l The personal information (including personal name, phone numbers and addresses)
on the U2000 and all user names and passwords are also backed up. Therefore, you
are obligated to take considerable measures, in compliance with the laws of the
countries concerned and the user privacy policies of your company, to ensure that the
personal data of users is fully protected.
l On the Solaris OS, if the tmp directory exists in the /opt/backup/dbbackup path, you
need to ensure that the owner and group of the directory are both sybase. Run the
following commands to change the owner and group of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/backup/dbbackup/tmp
# chmod -R 775 /opt/backup/dbbackup/tmp
If the tmp directory doesn't exist in the /opt/backup/dbbackup path, the temporary
directory tmp is created in the /opt/backup/dbbackup path during the backup of the
database.
The personal information (including personal name, phone numbers and addresses) on
the U2000 and all user names and passwords are also backed up. Therefore, you are
obligated to take considerable measures, in compliance with the laws of the countries
concerned and the user privacy policies of your company, to ensure that the personal data
of users is fully protected.
Procedure
Step 1 Log in to the U2000 client. For details, see 2.6 Logging In to a U2000 Client.
Step 2 Choose Administration > Task Schedule > Task Management from the main menu
(traditional style); alternatively, double-click System Management in Application Center
and choose Task Schedule > Task Management from the main menu (application style).
Step 3 Choose Task Type > Backup > DB Backup in the left pane, and click New. The New Task
dialog box is displayed.
Step 4 Enter a name for the scheduled task. Select One-time or Periodic as the run type. Then, click
Next.
Step 5 In Time Setting, set the planned start time of the task. If One-time is selected, choose to start
the task immediately or not. If Periodic is selected, in the Period Setting area, specify the
task period and set Execution Times or End time. Then, click Next.
2. Select Back up the data to the remote server and then set the parameters associated
with the remote server. Then click Finish. In the warning dialog box that is displayed,
click OK.
– Server IP Address: IP address of the server where the backup file is stored.
– Transmission Mode: FTP or SFTP mode. SFTP is recommended because it is
more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating
that using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
– User Name: Name of the FTP user or SFTP user.
– Password: Password of the FTP user or SFTP user.
– Backup Path on the Remote Server: Path for storing the backup file of the remote
server.
NOTE
– Backup Path on the Remote Server can not be null, and in Solaris or SUSE Linux, the backup
directory cannot be /. In Windows, the backup directory cannot be the root directory for the SFTP or
FTP service. The backup directory contains letters, digits, underscores (_), or hyphens (-) and
excludes space brackets, Chinese characters and so on. The path name cannot exceed 60 characters.
– The backup path on the remote Windows server must be the same as that FTP/SFTP service on the
server provide, otherwise, backup fails.
– In case the ftpuser user is used for remote Solaris and SUSE Linux server backup, log in to the
remote server as the root user using the PuTTY to create the backup directory in the ftpuser user's
root directory (/opt/backup/ftpboot) on the remote server, and modify the created directory rights
(the created backup directory tmp is used as an example in the following command):
# mkdir /opt/backup/ftpboot/tmp
# chown -R ftpuser:ossgroup /opt/backup/ftpboot/tmp
# chmod -R 700 /opt/backup/ftpboot/tmp
– In case the ossuser user is used for remote Solaris and SUSE Linux server backup, enter the
Backup Path on the Remote Server.
n If the entered Backup Path on the Remote Server is exist, make sure the permission is
ossuser:ossgroup and more than 700 or the task periodically backing up the U2000 database
to a remote server would failed.
n If the entered Backup Path on the Remote Server is a relative path but not exist in the
ossuser user's root directory, the system displays a message asking you whether to create the
directory. Click Yes, the system will create the directory.
n If the entered Backup Path on the Remote Server is an absolute path but failed created. Log
in to the remote server as root user using the PuTTY to create the backup directory, and
modify the created directory rights.
# mkdir Folder that stores backup files
# chown -R ossuser:ossgroup Folder that stores backup files
# chmod -R 700 Folder that stores backup files
----End
Result
On the Task Management tab page, choose Task Type > Backup > DB Backup from the
service tree. The created task is displayed in the right-hand pane of the window.
6.1.4.2.2 Immediately Backing Up the U2000 Database to a Remote Server Through the
MSuite
This topic describes how to immediately back up the U2000 database to a remote server by
using the NMS maintenance suite (MSuite). After this configuration, the database can be
safely and quickly restored after a fault occurs.
Prerequisites
l The database is running.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
l The FTP or SFTP user must have the write permission for the remote FTP/SFTP server,
and the U2000 server and remote FTP server can communicate with each other properly.
l If the network segments for the U2000 and the FTP/SFTP server are on different
firewalls, the FTP/SFTP (more secure, recommended) service from the U2000 to the
FTP/SFTP server must be enabled on the firewalls. For details about how to enable the
FTP/SFTP (more secure, recommended) service, see the firewall guide.
l Sufficient disk space is available. Generally, the disk space of the local temporary
directory is over 2/3 of that for the local database, and the disk space of the remote
backup path is over 1/3 of that for the local database.
– On Windows, the default local temporary directory is D:\tmp, the default local
database path is D:\data in a single-server system. To view the disk space, right-
click Data file path and choose Properties from the shortcut menu.
– On Solaris, the default local temporary directory is /opt/backup/dbbackup/tmp,
the disk space of the local temporary directory (/tmp) is 500 MB or above. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
Context
l The backup process cannot be canceled once it is started.
l On the Solaris OS, if the tmp directory exists in the /opt/backup/dbbackup path, you
need to ensure that the owner and group of the directory are both sybase. Run the
following commands to change the owner and group of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/backup/dbbackup/tmp
# chmod -R 775 /opt/backup/dbbackup/tmp
If the tmp directory doesn't exist in the /opt/backup/dbbackup path, the temporary
directory tmp is created in the /opt/backup/dbbackup path during the backup of the
database.
The personal information (including personal name, phone numbers and addresses) on
the U2000 and all user names and passwords are also backed up. Therefore, you are
obligated to take considerable measures, in compliance with the laws of the countries
concerned and the user privacy policies of your company, to ensure that the personal data
of users is fully protected.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
NOTE
On a high availability system, log in to the MSuite client on the active site.
Step 2 On the MSuite client, choose Backup and Restore > Backup System Data from the main
menu.
Data Backup-Text Mode is only used to collect fault information when the U2000 fails to locate and
rectify the fault. This mode is not recommended during routine database backup.
n Backup Path on the Remote Server can not be null, and in Solaris or SUSE Linux, the
backup directory cannot be /. In Windows, the backup directory cannot be the root
directory for the SFTP or FTP service. The backup directory contains letters, digits,
underscores (_), or hyphens (-) and excludes space brackets, Chinese characters and so
on. The path name cannot exceed 60 characters.
n The backup path on the remote Windows server must be the same as that FTP/SFTP
service on the server provide, otherwise, backup fails.
n In case the ftpuser user is used for remote Solaris and SUSE Linux server backup, log in
to the remote server as the root user using the PuTTY to create the backup directory in
the ftpuser user's root directory (/opt/backup/ftpboot) on the remote server, and modify
the created directory rights (the created backup directory tmp is used as an example in
the following command):
# mkdir /opt/backup/ftpboot/tmp
# chown -R ftpuser:ossgroup /opt/backup/ftpboot/tmp
# chmod -R 700 /opt/backup/ftpboot/tmp
n In case the ossuser user is used for remote Solaris and SUSE Linux server backup, enter
the Backup Path on the Remote Server.
○ If the entered Backup Path on the Remote Server is exist, make sure the
permission is ossuser:ossgroup and more than 700 or the task periodically
backing up the U2000 database to a remote server would failed.
○ If the entered Backup Path on the Remote Server is a relative path but not exist
in the ossuser user's root directory, the system displays a message asking you
whether to create the directory. Click Yes, the system will create the directory.
○ If the entered Backup Path on the Remote Server is an absolute path but failed
created. Log in to the remote server as root user using the PuTTY to create the
backup directory, and modify the created directory rights.
# mkdir Folder that stores backup files
# chown -R ossuser:ossgroup Folder that stores backup files
# chmod -R 700 Folder that stores backup files
l If the U2000 is running, the follow box is displayed, please click the Yes and ensure that the NMS is
not performing configuration operations.
l On Windows, if the default temporary directory does not exist or the disk space is insufficient, a
message is displayed asking you to select a temporary directory. Click Browse to select a disk with
enough space. Select only the drive letter, for example, F:\.
l If the entered Backup Path value does not exist, the system displays a message asking you whether
to create the directory. Click Yes.
Step 6 The system starts the backup preprocessing and backup process. A progress bar is displayed
showing the backup progress. Wait patiently.
Step 7 After the backup is complete, click Finish.
----End
l The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
l If the U2000 is running, please stop NMS first, and then backup the U2000 data, or
backup operation fails.
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l IP address of the remote server: IP address of the remote server whether the backup file is stored.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
l Password: Password of the FTP user or SFTP user.
l Backup path: Path for storing the backup file. Ensure that the FTP user or SFTP user have write
permissions for this path.
6.1.4.3.1 Restoring U2000 Single-Server System (Windows) Data from a Local Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.8 How to End the Processes of the U2000 Single-Server System on Windows.
l The database must be running. If the database is not running, see A.7.4 How to Start the
SQL Server Database.
l If the database of U2000 A needs to restored on U2000 B, ensure that:
– The database file installation paths on U2000 A and U2000 B are the same.
NOTE
For example, if the database file path on U2000 A is D:\data when U2000 A is installed and the
database file path on U2000 B is C:\data when U2000 B is installed, the database file installation
paths on U2000 A and U2000 B are different and the database on U2000 A cannot be restored on
U2000 B. If you create C:\data on U2000 A, copy files in D:\data to C:\data, and use C:\data
on U2000 A to restore the database on U2000 B, the restoration will also fail.
– The OS type and version of U2000 B must be the same as those on U2000 A.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 3 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 4 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 6 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.7 How to Start
the Processes of the U2000 Single-Server System on Windows.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.3.2 Restoring U2000 Single-Server System (Windows) Data from a Remote Server
If the backup U2000 data is stored on a remote server, you can restore U2000 data from the
remote server.
Prerequisites
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.8 How to End the Processes of the U2000 Single-Server System on Windows.
l The database must be running. If the database is not running, see A.7.4 How to Start the
SQL Server Database.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
l If the database of U2000 A needs to restored on U2000 B, ensure that:
– The database file installation paths on U2000 A and U2000 B are the same.
NOTE
For example, if the database file path on U2000 A is D:\data when U2000 A is installed and the
database file path on U2000 B is C:\data when U2000 B is installed, the database file installation
paths on U2000 A and U2000 B are different and the database on U2000 A cannot be restored on
U2000 B. If you create C:\data on U2000 A, copy files in D:\data to C:\data, and use C:\data
on U2000 A to restore the database on U2000 B, the restoration will also fail.
– The OS type and version of U2000 B must be the same as those on U2000 A.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 3 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 4 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 6 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
Follow-up Procedure
After restoring U2000 data, start the NMS processes, for details, see A.10.7 How to Start the
Processes of the U2000 Single-Server System on Windows.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.4.1 Restoring U2000 Single-Server System (Solaris) Data from a Local Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped, see A.10.9 How to Verify That the
Processes of the U2000 Single-Server System Are Running on Solaris. If U2000
processes are not stopped, see A.10.11 How to End the Processes of the U2000 Single-
Server System on (Solaris).
l The database must be running, see A.8.1.3 How to Verify That the Sybase Database Is
Running. If the database is not running, see A.8.1.2 How to Start the Sybase Database
Service.
l Ensure that the owner for the path in which restoration data is stored is ossuser and the
user group for the path is ossgroup and the path has the read, write, and execution
permissions. You do not need to change the permission for the /opt directory.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists, run
the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R 750 /opt/
backup/dbbackup/backup
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 3 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 4 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 5 After U2000 data is restored, click Finish.
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
NOTE
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.10 How to Start
the Processes of the U2000 Single-Server System on Solaris.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.4.2 Restoring U2000 Single-Server System (Solaris) Data from a Remote Server
If the backup U2000 data is stored on a remote server, you can restore U2000 data from the
remote server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped, see A.10.9 How to Verify That the
Processes of the U2000 Single-Server System Are Running on Solaris. If U2000
processes are not stopped, see A.10.11 How to End the Processes of the U2000 Single-
Server System on (Solaris).
l The database must be running, see A.8.1.3 How to Verify That the Sybase Database Is
Running. If the database is not running, see A.8.1.2 How to Start the Sybase Database
Service.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
Context
l The temporary directory tmp is created in the /opt path during the database restoration. If
the tmp directory exists in the /opt path, you need to ensure that the owner of the
directory is ossuser, and the user group of the directory is ossgroup. The directory must
have read, write, and execute permissions. Run the following commands to change the
owner, group, and permissions of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/tmp
# chmod -R 775 /opt/tmp
l Ensure that the owner for the path in which restoration data is stored has the read, write,
and execution permissions. Run the following commands to change the permissions:
# chmod -R 775 path
l During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program,
the connection is automatically torn down to ensure successful restoration of the U2000
data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
l During restoration, the ftpuser user can obtain backup files only from the /opt/backup/
ftpboot path on the remote server, and the ossuser user can obtain backup files only
from the /export/home/ossuser path on the remote server. Therefore, ensure that each
path has backup files before restoration.
Procedure
Step 1 Optional: Perform the following operations to check that the mapping path has backup files:
l Access the /opt/backup/ftpboot path to check that the backup files exist for the ftpuser
user.
l Access the /export/home/ossuser path to check that the backup files exist for the
ossuser user.
Step 2 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 3 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 4 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 5 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 6 After U2000 data is restored, click Finish.
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l IP address of the remote server: The IP address of the server where the restoration data is stored.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
Follow-up Procedure
After restoring U2000 data, start the NMS processes, for details, see A.10.10 How to Start
the Processes of the U2000 Single-Server System on Solaris.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.5.1 Restoring U2000 Single-Server System (SUSE Linux) Data from a Local Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped, see A.10.12 How to Verify That the
Processes of the U2000 Single-Server System Are Running on SUSE Linux. If
U2000 processes are not stopped, see A.10.14 How to End the Processes of the U2000
Single-Server System on (SUSE Linux).
l The database must be running, see A.8.1.3 How to Verify That the Sybase Database Is
Running. If the database is not running, see A.8.1.2 How to Start the Sybase Database
Service.
l Ensure that the owner for the path in which restoration data is stored is ossuser and the
user group for the path is ossgroup and the path has the read, write, and execution
permissions. You do not need to change the permission for the /opt directory.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists, run
the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R 750 /opt/
backup/dbbackup/backup
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 3 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 4 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 6 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On a Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode local
Enter the MSuite login password[]:
NOTE
Follow-up Procedure
After restoring U2000 data, start the NMS processes, for details, see A.10.13 How to Start
the Processes of the U2000 Single-Server System on SUSE Linux.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.5.2 Restoring U2000 Single-Server System (SUSE Linux) Data from a Remote
Server
If the backup U2000 data is stored on a remote server, you can restore U2000 data from the
remote server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped, see A.10.12 How to Verify That the
Processes of the U2000 Single-Server System Are Running on SUSE Linux. If
U2000 processes are not stopped, see A.10.14 How to End the Processes of the U2000
Single-Server System on (SUSE Linux).
l The database must be running, see A.8.1.3 How to Verify That the Sybase Database Is
Running. If the database is not running, see A.8.1.2 How to Start the Sybase Database
Service.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
Context
l The temporary directory tmp is created in the /opt path during the database restoration. If
the tmp directory exists in the /opt path, you need to ensure that the owner of the
directory is ossuser, and the user group of the directory is ossgroup. The directory must
have read, write, and execute permissions. Run the following commands to change the
owner, group and permissions of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/tmp
# chmod -R 775 /opt/tmp
l Ensure that the owner for the path in which restoration data is stored has the read, write,
and execution permissions. Run the following commands to change the permissions:
# chmod -R 775 path
l During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program,
the connection is automatically torn down to ensure successful restoration of the U2000
data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
l During restoration, the ftpuser user can obtain backup files only from the /opt/backup/
ftpboot path on the remote server, and the ossuser user can obtain backup files only
from the /export/home/ossuser path on the remote server. Therefore, ensure that each
path has backup files before restoration.
Procedure
Step 1 Optional: Perform the following operations to check that the mapping path has backup files:
l Access the /opt/backup/ftpboot path to check that the backup files exist for the ftpuser
user.
l Access the /export/home/ossuser path to check that the backup files exist for the
ossuser user.
Step 2 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 3 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 4 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 5 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 6 After U2000 data is restored, click Finish.
Step 7 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l IP address of the remote server: The IP address of the server where the restoration data is stored.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.13 How to Start
the Processes of the U2000 Single-Server System on SUSE Linux.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.6.1 Restoring U2000 High Availability System (Solaris) Data from a Local Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.17 How to End the U2000 Processes of the High Availability System (Solaris, PC
Linux).
l Ensure that the owner for the path in which restoration data is stored is ossuser and the
user group for the path is ossgroup and the path has the read, write, and execution
permissions. You do not need to change the permission for the /opt directory.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists, run
the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R 750 /opt/
backup/dbbackup/backup
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Separate the primary site and secondary site. For details, see C.6.2 Separating the Primary
Site from the Secondary Site.
Step 2 Start the database on the primary site, see A.8.1.2 How to Start the Sybase Database
Service.
Step 3 Log in to the MSuite client of the primary site. For details, see C.2.2 Logging In to the
MSuite Client.
Step 4 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 5 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 6 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 9 After U2000 data is restored on the primary site, start the database on the secondary site, see
A.8.1.2 How to Start the Sybase Database Service.
Step 10 Log in to the MSuite client of the secondary site to restore U2000 data on the secondary site.
For details, see step 4 to 9.
NOTE
If the data for restoration is on the primary site, select Remote server for data on the secondary site. If
the data for restoration is on the secondary site, select Local server to restore the data on the secondary
site.
Step 11 On the primary and secondary site, synchronize network configurations. For details, see C.5.3
Synchronizing Network Configurations.
Step 12 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
Step 13 To view data synchronization status, run the following command on the active site:
If the displayed information contains "needs dcm resynchronization", it indicates that the
status is abnormal. Then, run the following command to synchronize data:
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On a Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode local
Enter the MSuite login password[]:
NOTE
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.16 How to Start
the U2000 Processes of the High Availability System (Solaris, PC Linux).
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.6.2 Restoring U2000 High Availability System (Solaris) Data from a Remote Server
If the backup U2000 data is stored on a remote server, you can restore U2000 data from the
remote server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.17 How to End the U2000 Processes of the High Availability System (Solaris, PC
Linux).
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
Context
l The temporary directory tmp is created in the /opt path during the database restoration. If
the tmp directory exists in the /opt path, you need to ensure that the owner of the
directory is ossuser, and the user group of the directory is ossgroup. The directory must
have read, write, and execute permissions. Run the following commands to change the
owner, group, and permissions of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/tmp
# chmod -R 775 /opt/tmp
l Ensure that the owner for the path in which restoration data is stored has the read, write,
and execution permissions. Run the following commands to change the permissions:
l During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program,
the connection is automatically torn down to ensure successful restoration of the U2000
data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
l During restoration, the ftpuser user can obtain backup files only from the /opt/backup/
ftpboot path on the remote server, and the ossuser user can obtain backup files only
from the /export/home/ossuser path on the remote server. Therefore, ensure that each
path has backup files before restoration.
Procedure
Step 1 Separate the primary site and secondary site. For details, see C.6.2 Separating the Primary
Site from the Secondary Site.
Step 2 Start the database on the primary site, see A.8.1.2 How to Start the Sybase Database
Service.
Step 3 Optional: Perform the following operations to check that the mapping path has backup files:
l Access the /opt/backup/ftpboot path to check that the backup files exist for the ftpuser
user.
l Access the /export/home/ossuser path to check that the backup files exist for the
ossuser user.
Step 4 Log in to the MSuite client of the primary site. For details, see C.2.2 Logging In to the
MSuite Client.
Step 5 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 6 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 8 After U2000 data is restored on the primary site, start the database on the secondary site, see
A.8.1.2 How to Start the Sybase Database Service.
Step 9 Log in to the MSuite client of the secondary site to restore U2000 data on the secondary site.
For details, see step 4 to 9.
NOTE
If the data for restoration is on the primary site, select Remote server for data on the secondary site. If
the data for restoration is on the secondary site, select Local server to restore the data on the secondary
site.
Step 10 On the primary and secondary site, synchronize network configurations. For details, see C.5.3
Synchronizing Network Configurations.
Step 11 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
Step 12 To view data synchronization status, run the following command on the active site:
# vradmin -g datadg repstatus datarvg
If the displayed information contains "needs dcm resynchronization", it indicates that the
status is abnormal. Then, run the following command to synchronize data:
# vradmin -g datadg resync datarvg
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l IP address of the remote server: The IP address of the server where the restoration data is stored.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.16 How to Start
the U2000 Processes of the High Availability System (Solaris, PC Linux).
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.7.1 Restoring U2000 High Availability System (SUSE Linux) Data from a Local
Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.17 How to End the U2000 Processes of the High Availability System (Solaris, PC
Linux).
l Ensure that the owner for the path in which restoration data is stored is ossuser and the
user group for the path is ossgroup and the path has the read, write, and execution
permissions. You do not need to change the permission for the /opt directory.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists, run
the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R 750 /opt/
backup/dbbackup/backup
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Separate the primary site and secondary site. For details, see C.6.2 Separating the Primary
Site from the Secondary Site.
Step 2 Start the database on the primary site, see A.8.1.2 How to Start the Sybase Database
Service.
Step 3 Log in to the MSuite client of the primary site. For details, see C.2.2 Logging In to the
MSuite Client.
Step 4 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 5 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 6 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 9 After U2000 data is restored on the primary site, start the database on the secondary site, see
A.8.1.2 How to Start the Sybase Database Service.
Step 10 Log in to the MSuite client of the secondary site to restore U2000 data on the secondary site.
For details, see step 4 to 9.
NOTE
If the data for restoration is on the primary site, select Remote server for data on the secondary site. If
the data for restoration is on the secondary site, select Local server to restore the data on the secondary
site.
Step 11 On the primary and secondary site, synchronize network configurations. For details, see C.5.3
Synchronizing Network Configurations.
Step 12 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
Step 13 To view data synchronization status, run the following command on the active site:
If the displayed information contains "needs dcm resynchronization", it indicates that the
status is abnormal. Then, run the following command to synchronize data:
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On a Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode local
Enter the MSuite login password[]:
NOTE
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.16 How to Start
the U2000 Processes of the High Availability System (Solaris, PC Linux).
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.7.2 Restoring U2000 High Availability System (SUSE Linux) Data from a Remote
Server
If the backup U2000 data is stored on a remote server, you can restore U2000 data from the
remote server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.17 How to End the U2000 Processes of the High Availability System (Solaris, PC
Linux).
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
Context
l The temporary directory tmp is created in the /opt path during the database restoration. If
the tmp directory exists in the /opt path, you need to ensure that the owner of the
directory is ossuser, and the user group of the directory is ossgroup. The directory must
have read, write, and execute permissions. Run the following commands to change the
owner, group, and permissions of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/tmp
# chmod -R 775 /opt/tmp
l Ensure that the owner for the path in which restoration data is stored has the read, write,
and execution permissions. Run the following commands to change the permissions:
# chmod -R 775 path
l During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program,
the connection is automatically torn down to ensure successful restoration of the U2000
data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
l During restoration, the ftpuser user can obtain backup files only from the /opt/backup/
ftpboot path on the remote server, and the ossuser user can obtain backup files only
from the /export/home/ossuser path on the remote server. Therefore, ensure that each
path has backup files before restoration.
Procedure
Step 1 Separate the primary site and secondary site. For details, see C.6.2 Separating the Primary
Site from the Secondary Site.
Step 2 Start the database on the primary site, see A.8.1.2 How to Start the Sybase Database
Service.
Step 3 Optional: Perform the following operations to check that the mapping path has backup files:
l Access the /opt/backup/ftpboot path to check that the backup files exist for the ftpuser
user.
l Access the /export/home/ossuser path to check that the backup files exist for the
ossuser user.
Step 4 Log in to the MSuite client of the primary site. For details, see C.2.2 Logging In to the
MSuite Client.
Step 5 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 6 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 8 After U2000 data is restored on the primary site, start the database on the secondary site, see
A.8.1.2 How to Start the Sybase Database Service.
Step 9 Log in to the MSuite client of the secondary site to restore U2000 data on the secondary site.
For details, see step 4 to 9.
NOTE
If the data for restoration is on the primary site, select Remote server for data on the secondary site. If
the data for restoration is on the secondary site, select Local server to restore the data on the secondary
site.
Step 10 On the primary and secondary site, synchronize network configurations. For details, see C.5.3
Synchronizing Network Configurations.
Step 11 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
Step 12 To view data synchronization status, run the following command on the active site:
If the displayed information contains "needs dcm resynchronization", it indicates that the
status is abnormal. Then, run the following command to synchronize data:
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode remote -TransMode ftp or sftp -Server IP address of the remote server -
FTPUserName FTP or SFTP user name -FilePath Path where the file to be restored
resides/201201211230
Enter the MSuite login password[]:
Enter the FTP or SFTP user password[]:
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l IP address of the remote server: The IP address of the server where the restoration data is stored.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.16 How to Start
the U2000 Processes of the High Availability System (Solaris, PC Linux).
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.5.1 Restoring the U2000 Single-Server System (Solaris) Data by Switching the
Data Source
After the U2000 is installed, it automatically backs up the database at a scheduled time. When
the original U2000 database is damaged, or exceptions occur on the data in the database, you
can quickly switch the data source to the database that is backed up previously, ensuring that
the U2000 can be started properly.
Prerequisites
When the U2000 malfunctions, you can switch the data source if the following conditions are
met:
l The server can be started properly.
l You can log in to the server as the root and ossuser users.
Context
l This scheme applies only to Solaris and SUSE Linux OSs.
l The scheme that U2000 installed on the VM(s) does not support backing up and
restoring all data in the U2000 database by mirroring the database.
l Remaining space in the /opt/backup directory must be at least twice the database size
plus 10 GB. You can run the df -hk /opt/backup command to check the remaining space
of the /opt/backup partition.
l The U2000 will automatically create the /opt/backup/forDBSVRBCK/sybasebackup
directory during its installation. Do not delete or modify the directory and files in it.
l After the U2000 is installed, it automatically mirrors the database at 01:00 every
Wednesday by default to back up data. Ensure that U2000 data is not backed up using
the U2000 client or MSuite during the period when U2000 data is backed up by
mirroring the database.
l If need mirror the database manually, use the PuTTY tool to log in to the OS as a
ossuser and then run the following commands.
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/PlantBackDB
# ./runtimetask.sh
NOTE
The runtimetask.sh stores at /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/
PlantBackDB before U2000 V200R016C60CP2023. While U2000 V200R016C60CP2023 and
later version stores at /opt/sys_oss/DBSVRBCK/PlantBackDB.
l The entire mirroring process lasts for 30 to 60 minutes. In this period, do not perform
operations that involve a large amount of data if possible, for example, U2000 cutover,
data dump, and performance collection.
l Use the PuTTY tool to log in to the OS as a ossuser and run the following commands to
query on which database the U2000 is running:
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./QueryCurrentMode.sh
NOTE
Procedure
Step 1 Log in to the OS of the server as the root user.
Step 2 Ensure that the U2000 and database have been shut down. For details, see 3.3.1 Stopping the
U2000 Server Processes and 3.3.2 Shutting Down the Database.
Step 3 Run the following commands as the root user to switch the data source:
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./ChangeMode.sh
NOTE
Step 4 Enter 2 and press Enter to switch the data source to the backup database.
NOTE
When "finish change mode" is displayed, the data source is successfully switched.
To switch to the ossuser user, run the su - ossuser command. After the U2000 is installed, the
password for the ossuser user is Changeme_123. For system security, modify the default password
and remember the new password.
2. Run the following command.
$ . /opt/sybase/SYBASE.sh
Run the following command to check whether the Sybase database is running:
$ ps -ef | grep sybase
NOTE
Run the following commands to start the Sybase database if it is not running:
$ su - dbuser
NOTE
Enter the dbuser user password as prompted. The default password is Changeme_123. For
system security, modify the default password and remember the new password. For details, see A.
2.1 How to Change the OS User Password.
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/ASE*/install
$ ./startserver -f ./RUN_DBSVR &
$ ./startserver -f ./RUN_DBSVR_back &
$ exit
NOTE
– Leave a space between the dot (.) and the command /opt/sybase/SYBASE.sh.
– DBSVR is the name of the database server and DBSVR_back is the name of the database
backup server. These names must be consistent with the actual database names.
– View the database name and database backup server name by running the more /opt/sybase/
interfaces command.
Step 6 Start the U2000 by following 2.2.3 Starting the U2000 Server Processes.
----End
Follow-up Procedure
If you need to switch back to the primary database after the system recovers, repeat the steps
in this topic and enter 1 (normal mode) in step 4.
Prerequisites
When the U2000 malfunctions, you can switch the data source if the following conditions are
met:
Context
l This scheme applies only to Solaris and SUSE Linux OSs.
l The scheme that U2000 installed on the VM(s) does not support backing up and
restoring all data in the U2000 database by mirroring the database.
l Remaining space in the /opt/backup directory must be at least twice the database size
plus 10 GB. You can run the df -hk /opt/backup command to check the remaining space
of the /opt/backup partition.
l The U2000 will automatically create the /opt/backup/forDBSVRBCK/sybasebackup
directory during its installation. Do not delete or modify the directory and files in it.
l After the U2000 is installed, it automatically mirrors the database at 01:00 every
Wednesday by default to back up data. Ensure that U2000 data is not backed up using
the U2000 client or MSuite during the period when U2000 data is backed up by
mirroring the database.
l If need mirror the database manually, use the PuTTY tool to log in to the OS as a
ossuser and then run the following commands.
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/PlantBackDB
# ./runtimetask.sh
NOTE
The runtimetask.sh stores at /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/
PlantBackDB before U2000 V200R016C60CP2023. While U2000 V200R016C60CP2023 and
later version stores at /opt/sys_oss/DBSVRBCK/PlantBackDB.
l The entire mirroring process lasts for 30 to 60 minutes. In this period, do not perform
operations that involve a large amount of data if possible, for example, U2000 cutover,
data dump, and performance collection.
l Use the PuTTY tool to log in to the OS as a ossuser and run the following commands to
query on which database the U2000 is running:
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./QueryCurrentMode.sh
NOTE
Procedure
Step 1 Log in to the OS of the server as the root user.
Step 2 Ensure that the U2000 and database have been shut down. For details, see 3.4.1 Stopping the
U2000 Server Processes and 3.4.2 Shutting Down the Database.
Step 3 Run the following commands as the root user to switch the data source:
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./ChangeMode.sh
NOTE
Step 4 Enter 2 and press Enter to switch the data source to the backup database.
The following information is displayed:
change to monitor success>>>>>>>>
finish change mode
NOTE
When "finish change mode" is displayed, the data source is successfully switched.
To switch to the ossuser user, run the su - ossuser command. After the U2000 is installed, the
password for the ossuser user is Changeme_123. For system security, modify the default password
and remember the new password.
2. Run the following command.
$ . /opt/sybase/SYBASE.sh
NOTE
Run the following commands to start the Sybase database if it is not running.
$ su - dbuser
NOTE
Enter the dbuser user password as prompted. The default password is Changeme_123. For
system security, modify the default password and remember the new password. For details, see A.
2.1 How to Change the OS User Password.
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/ASE*/install
$ ./startserver -f ./RUN_DBSVR &
$ ./startserver -f ./RUN_DBSVR_back &
NOTE
– Leave a space between the dot (.) and the command /opt/sybase/SYBASE.sh.
– DBSVR is the name of the database server and DBSVR_back is the name of the database
backup server. These names must be consistent with the actual database names.
– View the database name and database backup server name by running the more /opt/sybase/
interfaces command.
Step 6 Start the U2000 by following 2.3.3 Starting the U2000 Server Processes.
----End
Follow-up Procedure
If you need to switch back to the primary database after the system recovers, repeat the steps
in this topic and enter 1 (normal mode) in step 4.
6.1.5.3 Restoring the U2000 High Availability System (Solaris) Data by Switching
the Data Source
After the U2000 is installed, it automatically backs up the database at a scheduled time. When
the original U2000 database is damaged, or exceptions occur on the data in the database, you
can quickly switch the data source to the database that is backed up previously, ensuring that
the U2000 can be started properly.
Prerequisites
When the U2000 malfunctions, you can switch the data source if the following conditions are
met:
l The server can be started properly.
l You can log in to the server as the root and ossuser users.
Context
l This scheme applies only to Solaris and SUSE Linux OSs.
l The scheme that U2000 installed on the VM(s) does not support backing up and
restoring all data in the U2000 database by mirroring the database.
l Remaining space in the /opt/backup directory must be at least twice the database size
plus 10 GB. You can run the df -hk /opt/backup command to check the remaining space
of the /opt/backup partition.
l The U2000 will automatically create the /opt/backup/forDBSVRBCK/sybasebackup
directory during its installation. Do not delete or modify the directory and files in it.
l After the U2000 is installed, it automatically mirrors the database at 01:00 every
Wednesday by default to back up data. Ensure that U2000 data is not backed up using
the U2000 client or MSuite during the period when U2000 data is backed up by
mirroring the database.
l If need mirror the database manually, use the PuTTY tool to log in to the OS as a
ossuser and then run the following commands.
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/PlantBackDB
# ./runtimetask.sh
NOTE
The runtimetask.sh stores at /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/
PlantBackDB before U2000 V200R016C60CP2023. While U2000 V200R016C60CP2023 and
later version stores at /opt/sys_oss/DBSVRBCK/PlantBackDB.
l The entire mirroring process lasts for 30 to 60 minutes. In this period, do not perform
operations that involve a large amount of data if possible, for example, U2000 cutover,
data dump, and performance collection.
l Use the PuTTY tool to log in to the OS as a ossuser and run the following commands to
query on which database the U2000 is running:
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./QueryCurrentMode.sh
NOTE
Procedure
Step 1 Ensure that the U2000 and database have been shut down. For details, see 3.5.1 Stopping the
U2000 Server Processes and 3.5.2 Shutting Down the Database.
Step 2 Freeze the HA resource group by following 11.5.3 Locking a Resource Group.
Step 3 Run the following commands as the root user to switch the data source:
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./ChangeMode.sh
NOTE
Step 4 Enter 2 and press Enter to switch the data source to the backup database.
NOTE
When "finish change mode" is displayed, the data source is successfully switched.
NOTE
After the data source is switched, the HA resource group cannot monitor the backup database and the HA
system still regards the primary database as stopped. Therefore, when you query the status of the database and
NMSServer from the CLI, they are still faulty. In addition, related Veritas commands are unavailable.
To switch to the ossuser user, run the su - ossuser command. After the U2000 is installed, the
password for the ossuser user is Changeme_123. For system security, modify the default password
and remember the new password.
2. Run the following command.
$ . /opt/sybase/SYBASE.sh
Run the following command to check whether the Sybase database is running:
$ ps -ef | grep sybase
NOTE
Run the following commands to start the Sybase database if it is not running:
$ su - dbuser
NOTE
Enter the dbuser user password as prompted. The default password is Changeme_123. For
system security, modify the default password and remember the new password. For details, see A.
2.1 How to Change the OS User Password.
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/ASE*/install
$ ./startserver -f ./RUN_DBSVR &
$ ./startserver -f ./RUN_DBSVR_back &
$ exit
NOTE
– Leave a space between the dot (.) and the command /opt/sybase/SYBASE.sh.
– DBSVR is the name of the database server and DBSVR_back is the name of the database
backup server. These names must be consistent with the actual database names.
– View the database name and database backup server name by running the more /opt/sybase/
interfaces command.
Step 6 Start the U2000 processes in single-server mode. Start the U2000 by following 2.2.3 Starting
the U2000 Server Processes.
----End
Follow-up Procedure
If you need to switch back to the primary database after the system recovers, follow the steps
bellow to operati
1. Ensure that the U2000 and database have been shut down. For details, see 3.5.1
Stopping the U2000 Server Processes and 3.5.2 Shutting Down the Database.
2. Run the following commands as the root user to switch the data source:
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./ChangeMode.sh
3. Enter 1 and press Enter to switch the data source to the primary U2000 database.
The following information is displayed:
change to normal success>>>>>>>>
finish change mode
4. Unfreeze the resource group. For details, see 11.5.4 Unlocking a Resource Group.
5. Start the database and U2000 by following 2.2.2 Starting the Database and 2.2.3
Starting the U2000 Server Processes.
6.1.5.4 Restoring the U2000 High Availability System (SUSE Linux) Data by
Switching the Data Source
After the U2000 is installed, it automatically backs up the database at a scheduled time. When
the original U2000 database is damaged, or exceptions occur on the data in the database, you
can quickly switch the data source to the database that is backed up previously, ensuring that
the U2000 can be started properly.
Prerequisites
When the U2000 malfunctions, you can switch the data source if the following conditions are
met:
l The server can be started properly.
l You can log in to the server as the root and ossuser users.
Context
l This scheme applies only to Solaris and SUSE Linux OSs.
l The scheme that U2000 installed on the VM(s) does not support backing up and
restoring all data in the U2000 database by mirroring the database.
l Remaining space in the /opt/backup directory must be at least twice the database size
plus 10 GB. You can run the df -hk /opt/backup command to check the remaining space
of the /opt/backup partition.
l The U2000 will automatically create the /opt/backup/forDBSVRBCK/sybasebackup
directory during its installation. Do not delete or modify the directory and files in it.
l After the U2000 is installed, it automatically mirrors the database at 01:00 every
Wednesday by default to back up data. Ensure that U2000 data is not backed up using
the U2000 client or MSuite during the period when U2000 data is backed up by
mirroring the database.
l If need mirror the database manually, use the PuTTY tool to log in to the OS as a
ossuser and then run the following commands.
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/PlantBackDB
# ./runtimetask.sh
NOTE
The runtimetask.sh stores at /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/
PlantBackDB before U2000 V200R016C60CP2023. While U2000 V200R016C60CP2023 and
later version stores at /opt/sys_oss/DBSVRBCK/PlantBackDB.
l The entire mirroring process lasts for 30 to 60 minutes. In this period, do not perform
operations that involve a large amount of data if possible, for example, U2000 cutover,
data dump, and performance collection.
l Use the PuTTY tool to log in to the OS as a ossuser and run the following commands to
query on which database the U2000 is running:
$ su - root
Password: root user password
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./QueryCurrentMode.sh
NOTE
Procedure
Step 1 Ensure that the U2000 and database at the primary site have been shut down. For details, see
3.6.1 Stopping the U2000 Server Processes and 3.5.2 Shutting Down the Database.
Step 2 Freeze the HA resource group by following 11.5.3 Locking a Resource Group.
Step 3 Run the following commands as the root user to switch the data source:
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./ChangeMode.sh
NOTE
Step 4 Enter 2 and press Enter to switch the data source to the backup database.
The following information is displayed:
change to monitor success>>>>>>>>
finish change mode
NOTE
When "finish change mode" is displayed, the data source is successfully switched.
NOTE
After the data source is switched, the HA resource group cannot monitor the backup database and the HA
system still regards the primary database as stopped. Therefore, when you query the status of the database and
NMSServer from the CLI, they are still faulty. In addition, related Veritas commands are unavailable.
To switch to the ossuser user, run the su - ossuser command. After the U2000 is installed, the
password for the ossuser user is Changeme_123. For system security, modify the default password
and remember the new password.
2. Run the following command.
$ . /opt/sybase/SYBASE.sh
NOTE
Run the following commands to start the Sybase database if it is not running.
$ su - dbuser
NOTE
Enter the dbuser user password as prompted. The default password is Changeme_123. For
system security, modify the default password and remember the new password. For details, see A.
2.1 How to Change the OS User Password.
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/ASE*/install
$ ./startserver -f ./RUN_DBSVR &
$ ./startserver -f ./RUN_DBSVR_back &
NOTE
– Leave a space between the dot (.) and the command /opt/sybase/SYBASE.sh.
– DBSVR is the name of the database server and DBSVR_back is the name of the database
backup server. These names must be consistent with the actual database names.
– View the database name and database backup server name by running the more /opt/sybase/
interfaces command.
Step 6 Start the U2000 processes in single-server mode. Start the U2000 by following 2.3.3 Starting
the U2000 Server Processes.
----End
Follow-up Procedure
If you need to switch back to the primary database after the system recovers, follow the steps
bellow to operati
1. Ensure that the U2000 and database have been shut down. For details, see 3.6.1
Stopping the U2000 Server Processes and 3.5.2 Shutting Down the Database.
2. Run the following commands as the root user to switch the data source:
# cd /opt/sys_oss/DBSVRBCK/ChangeStartMode
# ./ChangeMode.sh
3. Enter 1 and press Enter to switch the data source to the primary U2000 database.
The following information is displayed:
change to normal success>>>>>>>>
finish change mode
4. Unfreeze the resource group. For details, see 11.5.4 Unlocking a Resource Group.
5. Start the database and U2000 by following 2.3.2 Starting the Database and 2.3.3
Starting the U2000 Server Processes.
Application Scenario
l The scripts are used to back up U2000 network configuration data during the NMS
upgrade. If the data migration scenario is complicated, contact Huawei technical support
personnel.
NOTE
Data migration refers to the migration of data from one server to another, for example from a
Windows server to a Solaris server.
l The core configuration data of the NMS supports the following upgrade mode: export
user data from the original NMS into script files unrelated to the OS and database;
uninstall the original NMS and install the new NMS; import the script files into the new
NMS; user data that is not exported can be restored by synchronizing NEs or searching
for trails.
NOTE
You are obligated to take considerable measures, in compliance with the laws of the countries
concerned and the user privacy policies of your company, to ensure that the personal data of users
is fully protected.
l Of course, not all U2000 data can be backed up or restored by using scripts. Instead,
backing up and restoring all data in the U2000 database is recommended.
NOTE
Users can modify the exported script as needed and then import it into the U2000.
Precautions
You cannot back up the U2000 topology structure by backing up scripts. You need to adjust
the topology structure manually after scripts are imported during data restoration.
Using scripts to back up and restore data makes the following impacts:
l NBIs are affected:
The upper-layer OSS must use physical IDs or logical IDs of NEs as indexes to
interconnect with the U2000. During U2000 upgrade, physical IDs of NEs are constant
and logical IDs are assigned by the U2000 again. Physical IDs are recommended if the
U2000 is interconnected to an upper-layer OSS. If the upper-layer OSS uses logical IDs
as indexes, NEs must be uploaded after data restoration. Fibers/cables, subnets, and
optical NEs have only logical IDs. If the upper-layer OSS uses data about the fibers/
cables, subnets, or optical NEs, the fibers/cables, subnets, or optical NEs must be
uploaded again.
l Only basic information is stored in scripts, whereas other information must be obtained
by uploading NEs. Therefore, you must manually restore customized information that is
stored on neither NEs nor scripts; otherwise, the information will be lost. Information
that requires manual restoration includes but is not limited to:
– Customized information (background and sound configurations) on clients
– Alarm performance template configurations
– Security information, such as NMS user name and password
– Path naming rule
– Access control list (ACL)
l The following information cannot be restored manually or using scripts. It is
recommended that you dump the information before restoration by using the dumping
function of the U2000.
– Historical alarm
– Historical performance
– U2000 security log
– U2000 operation log
– U2000 system log
– Abnormal event
Main Usage
The main usage of the script files is as follows:
l Realizing the upgrade of the configuration data with zero loss during the U2000 upgrade.
This is an important method for the U2000 upgrade. This is the main usage of the script
files.
l After the network data is modified, restoring the customized information of the U2000,
such as the trail name, fiber name, port name, and the customer information. Therefore,
you are obligated to take considerable measures, in compliance with the laws of the
countries concerned and the user privacy policies of your company, to ensure that the
personal data of users is fully protected.
l By modifying the script files, realizing the division and combination of the U2000 data
and realizing the import of the desired data only, such as the NE list (with no
configuration data), fiber connection, protection subnet, or trail.
l Supporting the simplified implementation of the project design.
U2000 also provides two script scenarios: Upgrade All and Upgrade NE. The network-wide
configuration data can be efficiently restored or backed up in the script scenarios by importing
or exporting a set of script of one or multiple types.
l Upgrade All script scenario consists of NE Configuration File, NE Port Naming File,
NM Computer Information File, Network Layer Information File, and NE List File.
l Upgrade NE script scenario consists of NE Configuration File, NE Port Naming File,
NE List File.
Table 6-2 lists the types of the script files in the .txt format that the U2000 provides and the
contents of the data.
Network- Non This file is a script set, including all This file can be imported and
wide e the information in NE exported.
Configurati Configuration File, NE Port
on File Naming File, NE List File and
Network Layer Information File
in case of importing/exporting.
Before exporting, the network-wide
data should be configured,
including:
l Fiber connection: Includes the
source/sink port, name and
additional information of the
fiber.
l Protection subnet: Includes
basic attributes of the protection
subnet, the NE and link
information.
l Trail: Includes the basic
attributes of the trail, additional
information, the source/sink
port and the physical route, and
supports exporting of VC12,
VC3, VC4 and VC4 service
circuit.
l Wavelength: Includes the basic
attributes of the wavelength,
additional information, the
source/sink port, and the
physical route.
NE Port NEP This file contains the naming This file can be imported and
Naming ort_ information about every port on the exported.
File exte NE.
nsio
n
ID-
basi
c
ID_
NE
nam
e_(c
odin
g
for
mat)
.txt,
such
as
NEP
ort_
9-1_
NE1
_(U
TF-
8).tx
t
NE NE This file contains the configuration This file can be imported and
Configurati Data information that is similar to the exported.
on File _ext command lines. This configuration
ensi script is as follows:
on l NE attributes: including
ID- attributes, NE user and
basi password, NE communication
c settings, its subnet, coordinate
ID_ in view and DCN attributes
NE
nam l Installation slots: including slot
e_(c position and board type.
odin l Protection relationship:
g including protection groups and
for their protection relationship.
mat)
l Service configuration: including
.txt,
SDH traffic (including binding
for
traffic), SNC traffic and WDM
exa
traffic.
mpl
e, l Clock configuration: including
neda clock priority table, invalid
ta_9 condition of clock source, 2M
-1_ phase-locked clock source,
NE1 clock subnet, restoration
_(U conditions of clock source, SSM
TF- output conditions, clock source
8).tx level and VLAN configuration
t of 1588 clock.
l Overhead configuration:
including public overhead,
advanced overhead, auxiliary
overhead, conference call, F1
data port pass-through,
broadcast data port,
communication port, data port,
ring-out route and number of
subnet connected to optical port.
l Environment controlling:
including PMU settings, EMU
settings, and CAU settings.
l Board configuration: including
SDH interface, PDH interface,
WDM interface, ATM interface,
optical amplification board
interface, 64K interface
NE List NW This file contains information This file can be imported and
File NeL about NEs, U2000, and their exported.
ist_ physical location. When the NE list
U20 file is imported or exported, the NE
00 port naming file and the NE
nam configuration file are imported or
e_(c exported in sequence according to
odin the NE list file.
g
for
mat)
.txt
NM NM This file contains the configuration This file can be imported and
Computer Info information about the U2000 exported.
Information _U2 server. The configuration
File 000 information is as follows:
nam l Hardware information such as
e_(c the operating system name and
odin its version, operating system
g patch version, physical memory,
for CPU count and frequency
mat)
.txt l Network information such as
the host name and IP address
l Database information such as
the database name and its
version
Service NW This file provides service This file can be imported and
Actualizati Svc actualization data scripts for the exported.
on Script Data transport service actualization
_U2 system. The service actualization
000 data scripts are as follows:
nam l NE attributes
e_(c
odin l Board installation
g l Board protection
for l Protection relationship
mat)
.txt l Service configuration
l Protection subnets
l Trail configuration
Network NW This file contains information on This file can be imported and
Layer Cfg the network layer configuration, exported.
Information _U2 including the following:
File 000 l Fiber cable connections
nam
e_(c l Protection subnets
odin l Trail configuration
g l Service template
for
mat) l Link information
.txt NOTE
Link information can be imported or
exported only in the Upgrade All
script scenario.
MDS6600 Non It is an interactive file for MDS, This file can be imported and
Script e where the ASON information is exported.
(Network added on the basis of the exporting NOTE
Modeling Networkwide Configuration File l Inventory information of
and Design of the subnet or NE, including the WDM optical modules cannot
Information following: be obtained during NE
File) l Networkwide Configuration uploads. Therefore, users
need to query the inventory
Information information of network-wide
l ASON Node Route Calculation WDM optical modules on the
Policy SFP Information Report tab
of the Physical Inventory
l ASON Node Resource window (Choose Inventory >
Reservation Physical Inventory from the
main menu (traditional style);
l ASON Service Group alternatively, double-click
Information Fix-Network NE
l ASON Route Calculation Policy Configuration in
Application Center
l WDM ASON Optical and (application style). Choose
Electrical Layers Resource Optical/Electrical Module
Reservation Information from the Physical Inventory
Type navigation tree.) before
l WDM ASON Trail Association exporting a script. Otherwise,
Shared Policy and Permanent the exported script will not
Exclusion Information contain inventory information
of WDM optical modules.
l Inventory information,
including slots, ports, and BOM l Inventory information of
WDM optical modules cannot
codes, of WDM optical modules
be imported.
l Before exporting MDS6600
Script (Network Modeling
and Design Information
File), you must synchronize
data about TE Link
Management, ASON Trail
Management, and Search
for WDM Trail to the
U2000.
CEAS NE This file provides scripts for the This file can be exported but
Data operation that is performed on cannot be imported.
_ext multiple NEs in batches.
ensi
on
ID-
basi
c
ID_
NE
nam
e_(c
odin
g
for
mat)
.txt,
for
exa
mpl
e,
neda
ta_9
-1_
NE1
_(U
TF-
8).tx
t
Network Non The network basic configuration This file can be imported and
Basic e information file is the whole set of exported.
Configurati the following script files. When the
on network basic configuration
Information information file is exported, the
File network layer information file does
not contain network-layer path
information, NE port naming file,
NE configuration file, NE list file,
and NM computer information file
are exported. When the network
basic configuration information file
is imported, the NE configuration
file and the NE port naming file are
imported in sequence according to
the NEs contained in the NE list
file. The network layer information
file is also imported.
NM CEAS Non When the NM CEAS information This file can be exported but
Information e file is exported, the NE cannot be imported.
File configuration file, and NM
computer information file are
exported.
User- NW This script mainly provides This file can be imported and
defined Tem information about the user-defined exported.
template plat template on the NMS, including the
e_te following:
mpl l Performance event monitoring
ate status template
type
_te l NE performance threshold
mpl template
ate l NE alarm/event configuration
nam template
e_U l MSTP QoS template
200
0
nam
e_(c
odin
g
for
mat)
.txt,
for
exa
mpl
e,
NW
Tem
plat
e_sd
hmo
n_te
st_L
ocal
NM
_(U
TF-
8).tx
t
In addition, the U2000 provides the script files in the .xml format for the network planning
and design, containing the Network-wide Configuration File, NE Configuration File,
Network Layer Information File, and ASON Information File. The ASON Information
File can be imported and exported, but other types of script files in the .xml format can be
exported only.
NOTE
l The default coding format in a script file is UTF-8. If illegible characters are displayed, to change
the coding format of the script file, in the Windows OS, you can modify the encoding
configuration item in the %IMAP_ROOT%\cbb\trans\core\conf\xml\script\script_enum.xml
configuration file; In the Solaris or SUSE Linux OS, you can modify the encoding configuration
item in the $IMAP_ROOT/cbb/trans/core/conf/xml/script/script_enum.xml configuration file.
l By default, the name of a script file contains the NE name. To exclude the NE name from a script
file name, in the Windows OS, you can modify the scriptname configuration item in the
%IMAP_ROOT%\cbb\trans\core\conf\xml\script\script_enum.xml configuration file. In the
Solaris or SUSE Linux OS, you can modify the scriptname configuration item in the
$IMAP_ROOT/cbb/trans/core/conf/xml/script/script_enum.xml configuration file.
Compatibility
l The scripts exported from the U2000 of an earlier version can be imported to the U2000
of a later version. But an error may occur if the scripts exported from the U2000 of a
later version are imported to the U2000 of an earlier version. The U2000 of an earlier
version do not support the features and functions that are added and the parameters that
are modified in the U2000 of a later version. After the scripts are imported, an error
message is displayed. But this does not affect the import of other information.
l The scripts generated on Windows and on UNIX are compatible.
l T2000 scripts can be imported to the U2000. U2000 scripts cannot be imported to the
T2000.
NOTE
After importing T2000 scripts to the U2000, network-layer trails on the U2000 are different from
those on the T2000 due to software differences. In this case, delete all network-layer trails from
the U2000 and search for trails.
Application
During the network adjustment, such as adding or deleting a node in the network, if the fiber
connection is deleted, the protection subnet and trail carried on the fiber are deleted from the
network layer of the U2000. After the network adjustment, if the source and sink ports of the
trail are not changed, you can find the trail again by performing the trail search. But the
original customized information of the trail, such as the trail name, customized information of
the trail, and remarks, cannot be restored through the search.
NOTE
l The Network Layer Information File script can be used to restore the customized information only
when the source and sink ports of the trail are not changed after the network adjustment. Otherwise,
you need restore the customized information manually.
l When the network layer information file is imported after the network adjustment, errors may be
displayed for part of the data, because certain objects, such as NEs, boards, and ports, are changed.
This does not affect the restoration of the customized information.
Prerequisites
l You are an NMS user with Operator Group authority or higher.
l Before you export the script files, you must check the consistency of the configuration
data to ensure that the configuration data in the U2000 is consistent with that in the NE.
Context
If the keys have been replaced on the U2000 before data is backed up, the exported script files
may contain key information.
The personal information (including personal name, phone numbers and addresses) on the
U2000 and all user names and passwords are also backed up. Therefore, you are obligated to
take considerable measures, in compliance with the laws of the countries concerned and the
user privacy policies of your company, to ensure that the personal data of users is fully
protected.
Procedure
Step 1 Log in to the U2000 client. For details, see 2.6 Logging In to a U2000 Client.
Step 2 Choose Administration > Back Up/Restore NMS Data > Import/Export Script File from
the main menu (traditional style); alternatively, double-click System Management in
Application Center and choose System > Back Up/Restore NMS Data > Import/Export
Script File from the main menu (application style).
Step 5 Select a script file type from the Script File Type field. For details, see 6.1.6.1 Script Files.
NOTE
l To export the network-wide script file, select Networkwide Configuration File. Export the
following files to a specified directory: NWCfg_NMS Name.txt, NWNeList_NMS Name.txt,
NEPort_Port ID-Basic ID_NE Name.txt, and NEData_Extended ID-Basic ID_NE Name.txt.
l The following script types are available for the export: Networkwide Configuration File, NE Port
Naming File, NE Configuration File, NE List File, NM Computer Information File, Service
Actualization Script, Network Layer Information File, Network Modeling and Design
Information File, CEAS, Network Basic Configuration Information File, NM CEAS
Information File, User-defined template and Upgrade All.
l If you want to export script files of access domain or IP domain NEs, only Upgrade All can be
selected.
Step 6 Select the NE for which you want to export script files from the Export NE List.
NOTE
Specify the NE only when you export the Networkwide Configuration File, NE Port Naming File,
NE Configuration File, NE List File, Network Modeling and Design Information File, CEAS,
Network Basic Configuration Information File, NM CEAS Information File and Upgrade All.
Step 7 Click Create File Directory to create a directory where the exported script files are to be
saved.
NOTE
The script file is saved on the U2000 server. On Windows, the backup directory is %IMAP_ROOT%
\script. On Solaris and SUSE Linux, the backup directory is $IMAP_ROOT/script. You can create a
new directory under it.
Step 10 Click OK when the Confirm dialog box is displayed indicating that data has been
synchronized from NEs to the U2000.
----End
Follow-up Procedure
l If you cannot export the script file by referring to U2000 and the Unknown Device-
ASON Configuration message is displayed, check whether the ASON instance is
deployed by using the U2000 NMSuite. If the ASON instance is deployed but is not
supported by the license, delete the instance. Then, you can successfully export the script
file by referring to U2000.
l If you need to transfer a script to another server, compress the script file into a .zip
package first to prevent the file transfer tool (such as FileZilla) from changing the file
format.
Prerequisites
You are an NMS user with Operator Group authority or higher.
Context
l The U2000 does not support multiple periodic backup tasks at the same time. The
difference between the time points to start scheduled tasks must be greater than the
maximum running period of the tasks.
l It is recommended that you set the scheduled backup time to the time when network
service traffic is light, such as at midnight (00:00~06:00).
l Performance data collection involves abundant data. It is recommended that you perform
the 15-minute performance collection every three days, 24-hour performance collection
every six days, at the time when network traffic is light.
If the keys have been replaced on the U2000 before data is backed up, the exported script
files may contain key information.
The personal information (including personal name, phone numbers and addresses) on
the U2000 and all user names and passwords are also backed up. Therefore, you are
obligated to take considerable measures, in compliance with the laws of the countries
concerned and the user privacy policies of your company, to ensure that the personal data
of users is fully protected.
Procedure
Step 1 Log in to the U2000 client. For details, see 2.6 Logging In to a U2000 Client.
Step 2 Choose Administration > Task Schedule > Task Management from the main menu
(traditional style); alternatively, double-click System Management in Application Center
and choose Task Schedule > Task Management from the main menu (application style).
Step 3 Click New. The New Task dialog box is displayed.
Step 4 Select Script Export as the task type and enter a name for the scheduled task. Select Periodic
as the run type. Then click Next.
Step 5 In Time Setting, set the planned start time of the task.
Step 6 In Period Setting, set the execution interval and execution times of the task. Then, click
Next.
Step 7 Select the NEs and the type of the script file to be exported. For details, see 6.1.6.1 Script
Files. Then click Finish. Then the created scheduled task is displayed in the Task
Management window.
----End
Follow-up Procedure
If you need to transfer a script to another server, compress the script file into a .zip package
first to prevent the file transfer tool (such as FileZilla) from changing the file format.
Prerequisites
l During data restoration, the instances deployed for NMS must include the instances
deployed for NMS components during backup.
Context
l For single-type script mode in the transport domain, you need to back up the U2000
database before importing the script file, and then initialize the U2000 database. Then,
import the configuration file. It is recommended that you import the network-wide
configuration file. You can restore the data from a backup file if you failed to import the
script file.
l After restoring the network-wide configuration file on the U2000, upload the configuration
data of NEs with 52TOM boards if any and search for WDM trails. Otherwise, the data of
52TOM board-related fibers and trails is lost on the U2000.
l Before importing the script file, delete data of the transport NE that shares the same ID
with a transport NE in the script file; otherwise, the script file cannot be imported.
Procedure
Step 1 Choose Administration > Back Up/Restore NMS Data > Import/Export Script File from
the main menu (traditional style); alternatively, double-click System Management in
Application Center and choose System > Back Up/Restore NMS Data > Import/Export
Script File from the main menu (application style).
see Figure 6-1.
Step 4 Select the script file type from the Script File Type field.
NOTE
When you select the script file type Network Modeling and Design Information File to import MDS
data:
l If data is imported in the board expansion scenario, you need to manually add boards on the
U2000 first. For demo NEs, dynamic ports also need to be manually added after the boards are
added. For real NEs, dynamic ports are added by default as the boards are added.
l If data is imported in the scenario wherein the U2000 has existing boards and port expansion is
required, you need to manually add ports on the U2000 first.
l Before importing the MDS expansion data script, ensure that the port data of the involved board
on the U2000 is consistent with that in the MDS script.
l After the MDS expansion data script is imported, you need to view Planning Status of the NE
data in the NE Configuration Data management (Choose Configuration > NE Configuration
Data Management from the main menu (traditional style); alternatively, double-click Fix-
Network NE Configuration in Application Center and choose Configuration > NE
Configuration Data Management from the main menu (application style).) window and apply
data to the NE if needed.
l If an exception occurs during an MDS data script import, the script needs to be re-imported and
applied.
Step 5 In the Operation Directory List, select the directory where the script file is to be imported is
located.
Upload the configuration script to the imported to the server as the ossuser user. The directory
must be under the $IMAP_ROOT/script directory and can be under the first-level directory
under the $IMAP_ROOT/script directory at most. Otherwise, the directory cannot be
selected. If the $IMAP_ROOT/script directory does not exist, create it manually and assign
related permission. Run the following commands on the server as the root user:
1. # mkdir $IMAP_ROOT/script
2. # chown -R ossuser:ossgroup $IMAP_ROOT/script
3. # chmod -R 750 $IMAP_ROOT/script
If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this case,
you need to upload files to the backup directory in the FTP root directory as the ftpuser user
(the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy files to the target
directory as the ossuser user.
NOTE
During script import, the U2000 calculates the number of existing equivalent NEs and
imported NE scripts.
n After NE scripts are imported, the number of equivalent NEs managed by each NE
Explorer instance cannot exceed 2,000. Otherwise, the U2000 displays the message
Exceeds the maximum management capability range.
n After NE scripts are imported, the number of gateway NEs managed by each NE
Explorer instance cannot exceed 500. Otherwise, the U2000 reports the alarm
GNE_NUM_LIMIT_OVER and displays the message The number of
Gateways of NE Manager nemgr_otn exceeds..
n If the number of network-wide equivalent NEs exceeds the management capability of
the NE Explorer instance, the U2000 displays a failure message and suggests you to
add an NE Explorer instance.
d. The import progress is displayed. After the import is completed, click Close in the
Operation Result dialog box.
NOTE
After the script is imported, the sign will be displayed on NEs that support data
synchronization and are not unconfigured or preconfigured, which indicates that the NE
configuration data is inconsistent between the U2000 and the NE.
e. In the Information dialog box, click OK. After importing the script, verify that the
following operations have been performed on the U2000 to ensure the integrity of
NE and network data. If these operations are not performed, U2000 data will be
inconsistent with NE data, causing service interruptions.
If U2000 data is required for disaster recovery of NE data. skip this step and contact
Huawei technical support personnel.
NOTE
For details about how to upload the NE Data and synchronize NE configuration data, see
Working with the NMS > Topology Management > Configuring the NE Data.
PTN NEs (excluding PTN 6900 NEs) 1. Upload the NE configuration data
to the U2000.
2. Enable auto IP service discovery.
3. Enable auto protection group
discovery.
b. Manually synchronize or upload NE data to the U2000 based on the NE type. For
details, see Table 6-4.
NOTE
For details about how to upload the NE Data and synchronize NE configuration data, see
Working with the NMS > Topology Management > Configuring the NE Data.
PTN NEs (excluding PTN 6900 NEs) 1. Upload the NE configuration data
to the U2000.
2. Enable auto IP service discovery.
3. Enable auto protection group
discovery.
----End
Follow-up Procedure
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
Principle Introduction
l The solution produces ISO files of system recovery and backs up system partitions when
the U2000 server OS is running properly.
l When the U2000 server OS fails to be started, the OS is started and disk partition
information is recovered using ISO files, helping quickly recover the U2000 for
monitoring.
l The data backed up by the solution covers OS data, U2000 software, and database
software, you are advised to back up system data once a week after finishing the
following operations:
– Install or upgrade the U2000 or install a patch.
– Modify the OS, such as, upgrading a patch, or changing an IP address, a host name,
a time zone, time, or OS user name or password.
– Modify the Sybase, such as upgrading the Sybase database patch or changing the
database password.
l This solution is used to recover data only when the U2000 server OS fails.
NOTE
The personal information (including personal name, phone numbers and addresses) on the U2000 and all
user names and passwords are also backed up. Therefore, you are obligated to take considerable
measures, in compliance with the laws of the countries concerned and the user privacy policies of your
company, to ensure that the personal data of users is fully protected.
Procedure
The following figure shows the process of full system backup for servers with standard
configuration but without a disk array.
l After the U2000 is installed, a scheduled task for backing up system partitions to the
local computer is preconfigured by default. Produce ISO files for urgent system
recovery. For details, see 6.1.7.4 Creating of the ISO File for Urgent System
Recovery.
l If the U2000 server's system partition backup files are saved to the file server, the backup
task should be re-configured. For details, see:
a. 6.1.7.4 Creating of the ISO File for Urgent System Recovery
b. 6.1.7.2 (Optional) Mounting Configurations for the U2000 Server and File
Server
c. 6.1.7.5 (Optional) Backing up System Partitions
l If the U2000 server's system partition backup files are saved to the local server, the
backup task needs to be re-configured. For details, see:
a. 6.1.7.4 Creating of the ISO File for Urgent System Recovery
b. 6.1.7.5 (Optional) Backing up System Partitions
The following figure shows the process of full system recovery for servers with standard
configuration but without a disk array.
Application Restrictions
l Obtained and set the SSR license.
– How to apply SSR License, see Applying for the SSR License in Single-Server
System Software Installation and Commissioning Guide (SUSE Linux).
– How to configure SSR License, see Commissioning the U2000 in Single-Server
System Software Installation and Commissioning Guide (SUSE Linux).
l The solution applies only to a SUSE Linux U2000 single-server system with the standard
configuration (eight disks). It does not support the Linux local HA system, Linux remote
HA system, and Linux VMs.
l Backup and restoration of the local server is supported. For parts with consistent system
partitions (the number of partitions and partition sizes must be consistent), backup and
restoration of remote servers is also supported.
l The SUSE Linux U2000 single-server system server mounts to the ISO file through a
virtual drive.
6.1.7.2 (Optional) Mounting Configurations for the U2000 Server and File Server
The full system backup and restoration solution allows a Windows Server 2008, Solaris 10, or
SUSE Linux server to function as the remote shared directory that can be mounted to the
backup/restoration server. The server is used to store the full system backup data or read the
backup data for restoration. You can select the file server according to one of the following
solutions. For detailed configuration steps, see the subsequent sections. You are advised to use
a Windows Server 2008 to function as the server for file sharing.
Prerequisites
l The disk space of the file server that stores backup files must be sufficient. The
following describes the required space of the file server. The standard compression level
is used. The available space of the file server must be larger than 50% of the occupied
space of the U2000 server before each backup.
NOTE
To check the U2000 server space usage, run the following commands on the U2000 server as root
user:
# df -Th|grep ext3 | awk '{print $4}'
Information similar to the following is displayed:
815M
685M
2.9G
711M
701M
4.5G
897M
The sum of the seven values is the occupied space size of the U2000 server.
l The bandwidth between the U2000 server and file server must be higher than 10 Mbit/s.
Otherwise, do not deploy the backup and restoration solution.
Context
You need to perform the following operations to configure the mounting for the U2000 server
and file server only when the system partition backup files are stored on the file server.
Procedure
Step 1 Log in to the file server Windows 2008 OS as the administrator user.
Step 3 Right-click the ssrbackup_local folder and choose Share with > Specific people from the
shortcut menu.
Step 4 In the File Sharing dialog box, select a desired user (such as administrator) and set
Permission Level to Read/Write.
Step 5 Log in to the U2000 server Linux OS as the root user.
Step 6 Run the following command to mount the shared directory on the file server to the U2000
server:
# mkdir /opt/ssrbackup_local/file_server
# mount -t cifs -o username="User Name",password="Password" //192.168.1.100/
ssrbackup_local /opt/ssrbackup_local/file_server
NOTE
l username: Indicates the shared account specified for the file server Windows 2008 OS, for example
administrator.
l password: Indicates the password for the shared account, for example Changeme_123.
l //192.168.1.100/ssrbackup_local: Indicates the shared directory specified for the file server
Windows 2008 OS.
l /opt/ssrbackup_local/file_server: Indicates the path mounted to Linux OS on the U2000 server.
l Run the following command to unmount:
# umount -f /opt/ssrbackup_local/file_server
Step 7 Run the following command to check whether the shared directory is successfully mounted to
the U2000 server:
# df -h
If information similar to the following words in bold is displayed, the mounting is successful.
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 20G 609M 19G 4% /
udev 16G 252K 16G 1% /dev
tmpfs 16G 76K 16G 1% /dev/shm
/dev/sda8 20G 174M 19G 1% /export/home
/dev/sda7 115G 35G 74G 32% /opt
/dev/sdb2 394G 27G 347G 8% /opt/backup
/dev/sdd1 275G 43G 218G 17% /opt/backup/forDBSVRBCK
//192.168.1.100/ssrbackup_local 275G 100G 161G 39% /opt/ssrbackup_local/
file_server
/dev/sdb1 99G 39G 55G 42% /opt/sybase/data
/dev/sda9 20G 189M 19G 1% /tmp
/dev/sda5 20G 3.6G 16G 19% /usr
/dev/sda6 16G 341M 15G 3% /var
/dev/sda10 9.9G 181M 9.2G 2% /var/log
/dev/sda11 4.0G 137M 3.7G 4% /var/log/audit
----End
Prerequisites
l The Solaris file server must have NFS components. Otherwise, the NFS service cannot
be configured.
NOTE
Log in to the Solaris file server as root user, run the following command.
# svcs -a|grep svc:/network/nfs/server:default
If the output contains "svc:/network/nfs/server:default", the Solaris file server has NFS components.
l The disk space of the file server that stores backup files must be sufficient. The
following describes the required space of the file server. The standard compression level
is used. The available space of the file server must be larger than 50% of the occupied
space of the U2000 server before each backup.
NOTE
To check the U2000 server space usage, run the following commands on the U2000 server as root
user:
# df -Th|grep ext3 | awk '{print $4}'
Information similar to the following is displayed:
815M
685M
2.9G
711M
701M
4.5G
897M
The sum of the seven values is the occupied space size of the U2000 server.
l The bandwidth between the U2000 server and file server must be higher than 10 Mbit/s.
Otherwise, do not deploy the backup and restoration solution.
Context
You need to perform the following operations to configure the mounting for the U2000 server
and file server only when the system partition backup files are stored on the file server.
Procedure
Step 1 Log in to the Solaris server as root user and create a shared directory /opt/nfs. If the /opt/nfs
folder does not exist, run the following commands.
# mkdir -p /opt/nfs
# chmod 755 /opt/nfs
Step 2 Run the following command to configure automatic sharing for the /opt/nfs directory.
# echo "share -F nfs -o rw,anon=0 -d \"\" /opt/nfs" >> /etc/dfs/dfstab
NOTE
Run the following command to check whether automatic sharing has been configured for /opt/nfs.
# cat /etc/dfs/dfstab | grep /opt/nfs
If the following information is displayed, the directory /opt/nfs has been configured for automatic sharing.
share -F nfs -o rw,anon=0 -d "" /opt/nfs
Step 3 Run the following command to check whether Solaris NFS server service is enabled.
# svcs -a|grep svc:/network/nfs/server:defaul
NOTE
Run the following command to start the NFS server service.
# svcadm enable svc:/network/nfs/server:default
Step 4 Run the following command to enable sharing for the /opt/nfs directory.
# share -F nfs -o rw,anon=0 -d "" /opt/nfs
Step 6 Run the following command to mount the shared directory on the file server to the U2000
server:
l If the U2000 server is SUSE Linux 11 OS, run the following command.
# mkdir /opt/ssrbackup_local/file_server
# mount -t nfs -o nolock 192.168.1.100:/opt/nfs /opt/ssrbackup_local/
file_server
l If the U2000 server is SUSE Linux 10 OS, run the following command.
# mkdir /opt/ssrbackup_local/file_server
# mount -t nfs -o rw 192.168.1.100:/opt/nfs /opt/ssrbackup_local/file_server
NOTE
l //192.168.1.100: Indicates the shared directory specified for the file server Solaris OS.
l /opt/nfs: Indicates the shared directory specified for the file server Solaris OS.
l /opt/ssrbackup_local/file_server: Indicates the path mounted to Linux OS on the U2000 server.
l Run the following command to unmount:
# umount -f /opt/ssrbackup_local/file_server
----End
Prerequisites
l The SUSE Linux 11 file server must have portmap and nfsserver services. Otherwise, the
NFS service cannot be configured.
NOTE
Log in to the Linux file server as root user, run the following command.
# service rpcbind status
# service nfsserver status
If the message "no such service" is displayed, the services do not exist.
l The SUSE Linux 10 file server must have portmap and nfsserver services. Otherwise, the
NFS service cannot be configured.
NOTE
Log in to the Linux file server as root user, run the following command.
# service nfsserver status
# service portmap status
If the message "no such service" is displayed, the services do not exist.
l The disk space of the file server that stores backup files must be sufficient. The
following describes the required space of the file server. The standard compression level
is used. The available space of the file server must be larger than 50% of the occupied
space of the U2000 server before each backup.
NOTE
To check the U2000 server space usage, run the following commands on the U2000 server as root
user:
# df -Th|grep ext3 | awk '{print $4}'
Information similar to the following is displayed:
815M
685M
2.9G
711M
701M
4.5G
897M
The sum of the seven values is the occupied space size of the U2000 server.
l The bandwidth between the U2000 server and file server must be higher than 10 Mbit/s.
Otherwise, do not deploy the backup and restoration solution.
Context
You need to perform the following operations to configure the mounting for the U2000 server
and file server only when the system partition backup files are stored on the file server.
Procedure
Step 1 Log in to the Linux server as root user and create a shared directory /opt/nfs. If the /opt/nfs
folder does not exist, run the following commands.
# mkdir -p /opt/nfs
# chmod 755 /opt/nfs
Step 2 Run the following command to configure automatic sharing for the /opt/nfs directory.
# echo "/opt/nfs *(rw,async,no_root_squash)" >> /etc/exports
NOTE
l Run the following command to check whether automatic sharing has been configured for /opt/nfs.
# cat /etc/exports | grep /opt/nfs
l If the following information is displayed on SUSE Linux 10, the directory has been configured for
automatic sharing.
/opt/nfs *(rw,async,no_root_squash)
l If the following information is displayed on SUSE Linux 11, the directory has been configured for
automatic sharing.
/opt/nfs *(rw,async)
Step 4 Run the following commands to restart the NFS server and portmap services.
l For SUSE Linux 11 OS, run the following commands:
# service rpcbind restart
# service nfsserver restart
Step 5 Run the following commands to check whether the services are started.
l For SUSE Linux 11 OS, run the following commands:
# service rpcbind status
# service nfsserver status
Step 7 Run the following command to mount the shared directory on the file server to the U2000
server:
l If the OS of the U2000 server is SUSE Linux 11 OS, run the following command:
# mkdir /opt/ssrbackup_local/file_server
# mount -t nfs -o nolock 192.168.1.100:/opt/nfs /opt/ssrbackup_local/
file_server
l If the OS of the U2000 server is SUSE Linux 10 OS, run the following command:
# mkdir /opt/ssrbackup_local/file_server
# mount -t nfs -o rw 192.168.1.100:/opt/nfs /opt/ssrbackup_local/file_server
NOTE
l //192.168.1.100: Indicates the shared directory specified for the file server Linux OS.
l /opt/nfs: Indicates the shared directory specified for the file server Linux OS.
l /opt/ssrbackup_local/file_server: Indicates the path mounted to Linux OS on the U2000 server.
l Run the following command to unmount:
# umount -f /opt/ssrbackup_local/file_server
----End
6.1.7.3 (Optional) Configuring a Local Backup Disk for the U2000 Server
This topic describes how to configure a local backup disk for the U2000 server.
Context
l An Huawei RH series rack server (RH2288H V3 and RH5885H V3) for standard
delivery is equipped with eight hard disks (600G), In the scenario of new installation, the
backup files of default preconfigured system partitions are stored in /dev/sdc. Run the
following command to view the default backup file storage path:
# df -h
If information similar to the following characters in bold is displayed, the backup files
are stored in /dev/sdc:
Filesystem Size Used Avail Use% Mounted on
......
/dev/sdc1 275G 100G 161G 39% /opt/ssrbackup_local
......
l An Huawei RH series rack server (RH5885H V3 and RH2288H V2) for standard
delivery is equipped with eight hard disks (300G), a local backup disk should be
configured, select an idle disk to perform partitioning. The backup operation involves a
lot of file writing. Therefore, you need to prevent issues, such as application
unavailability, due to the disk IO conflict during data backup.
NOTE
The following operations use configuring /dev/sdc to store backup files of system partitions as an
example.
Procedure
Step 1 Prepare an idle disk and partition it.
1. In the Linux-based single-server system, disk /dev/sdc generally contains no partition.
Run the following command to query whether disk /dev/sdc contains partitions.
# fdisk -l
NOTE
If the queried information does not include /dev/sdc, the /dev/sdc partition does not exist. In this case,
manually partition the disk.
2. Run the following command to partition the disk:
# fdisk /dev/sdc
3. Run the following command to check whether the local backup disk is successfully
mounted to the folder:
# df -h
----End
Prerequisites
l The SSR license has been configured.
l The U2000 quick installation DVD or ISO file has been obtained.
Procedure
Step 1 Mount the ISO file of the SUSE Linux 2000 quick installation disk to the virtual drive.
To mount the ISO file of the U2000 quick installation DVD to a virtual drive for the Huawei
RH series rack server, see A.4.3 How Do I Mount the ISO File or the U2000 Quick
Installation DVD to a Drive (Huawei RH series rack server).
Step 2 Run the following command to check whether the ISO file has been mounted or the U2000
quick installation disk has been inserted.
# df -h | grep /media
Step 3 .Run the following command to create the ISO file for urgent system restoration.
l If the OS of the U2000 server is SUSE Linux 11, run the following command:
# createSRD --iso=/media/SLES-11-SP3-DVD-X86_6407031 -d /opt/ssrbackup_local/
U2000RecoveryISO.iso
l If the OS of the U2000 server is SUSE Linux 10, run the following command:
# createSRD --iso=/media/SUSE-LINUX-ENTERPRISE-SERVER_001/ -d /opt/
ssrbackup_local/U2000RecoveryISO.iso
NOTE
l /media/SLES-11-SP3-DVD-X86_6407031: is the root installation directory for the SUSE Linux 11 ISO
file.
l /media/SUSE-LINUX-ENTERPRISE-SERVER_001/: is the root installation directory for the SUSE Linux
11 ISO file.
l /opt/ssrbackup_local/U2000RecoveryISO.iso: is the ISO file for urgent system restoration.
Step 4 Store this file to the other server immediately after it is generated.
----End
Prerequisites
The SSR license has been configured.
Context
l For servers with standard configuration but without a disk array, a scheduled task is
preconfigured by default to back up system partitions to the local directory (/opt/
ssrbackup_local).
– The task is an independent full system backup task that will be executed at 01:00
every Sunday.
– Except the /opt/ssrbackup_local partition and the partitions whose file system is
udev or tmpfs, all other partitions are backed up.
NOTE
Run crontab -l| grep Manual_backup.sh as the root user to view information about the
scheduled task.
The scheduled task exists if the following information is displayed:
0 1 * * 0 "cd /opt/ssrbackup_local/tools; ./Manual_backup.sh " > /dev/
null 2>&1
l If the default scheduled backup task does not meet requirements, you can delete the
default scheduled backup task and configure an SSR automatic backup task.
l You can also back up system partitions using a script. Specifically, run the
Manual_backup.sh script as the root user.
l If the backup files are stored on the file server, copying files is time-consuming. The
time taken for copying files depends on the file size and network bandwidth.
The following information displays the system partitions using the U2000 quick
installation disk:
0 Ext3 /dev/sda1 / (20 GB total - 991 MB used)
2 Ext3 /dev/sda5 /usr/ (20 GB total - 4.21 GB used)
3 Ext3 /dev/sda6 /var/ (16 GB total - 1.08 GB used)
NOTE
The /opt/ssrbackup_local/ partition does not need to be backed up.
2. Run the following command to back up the disk partition information. During system
restoration, you can query the mounting relationship between devices and files based on
the disk partition information.
# symsr -info disk | grep Ext3 >/opt/ssrbackup_local/diskinfo.log
2. Set the backup interval and press Enter. By default, data is backed up every week. Using
backup every week as an example, enter 2 and press Enter or directly press Enter.
Information similar to the following is displayed:
Set execution weekday (0-6,0=Sunday)|0:0
3. Set the weekday on which the weekly backup starts and press Enter. By default, the
backup starts on Sunday every week. Using backup on Sunday every week as an
example, enter 0 and press Enter or directly press Enter.
Information similar to the following is displayed:
Set execution time(0-23)|1:1
4. Set the execution time and press Enter. By default, the backup starts at 01:00 every day.
Using backup at 01:00 every day as an example, enter 1 and press Enter or directly press
Enter.
Information similar to the following is displayed:
The backup file is stored to (1:local,2:server):1
5. Select local backup or remote backup and press Enter. Using local backup as an
example, enter 1 and press Enter.
Information similar to the following is displayed:
Please enter the local backup path:
7. Set the maximum number of stored copies and press Enter. By default, two copies are
stored. Using two copies as an example, enter 2 and press Enter.
Information similar to the following is displayed:
Select a backup type (1: full backup; 2: minimum backup (excluding the /opt/
backup partition))|1:
8. Set the backup type and press Enter. By default, full backup are stored. Using minimum
backup as an example, enter 2 and press Enter.
----End
Step 1 Use PuTTY to log in to the U2000 server as the root user.
Step 2 Run the following commands to start the automatic backup task.
# cd /opt/ssrbackup_local/tools
# ./Manual_backup.sh -selfstarting
The automatic backup task will be automatically configured. The configuration is successful
if the following information is displayed.
Boot configuration is complete
NOTE
The permanently reserved backup data is automatically backed up to the \opt\ssrbackup_local
\milestonebackup directory after the OS is started. The backup file is updated only when the system
starts automatically. The permanently reserved backup data ensures that the system can be started
normally after restoration. Other backup, however, cannot ensure that the system can be started normally
after restoration.
----End
NOTE
l The backup task automatically starts backup based on the backup path recorded in the backup.cfg file in
the /opt/ssrbackup_local/tools directory.
l The backup task retains the first backup data permanently and wraps data based on the configured
maxnum.
l The backup task retains the first backup data permanently and wraps data based on the maximum number
of copies that can be retained.
l The following describes the naming rules for backup files:
– After the script is executed, a directory named in the format of backup_year+month+day, for
example, backup_1708060955 is automatically generated to store backup files. If backup is
performed multiple times in a day, the corresponding hour and minute are added behind the
directory names.
– Use .v2i as the file name extension. Use linux_Partition name as the file name, for example, the
backup file name of the /export/home/ partition is linux _export_home.v2i.
Step 3 If data is restored to a remote server, execute scripts on the target servers (backup/restoration
server) to check whether the target server meets restoration requirements. For details, see A.
10.74 Checking Whether the Restoration Server Meet Restoration Requirements.
NOTE
----End
Step 2 Run the following commands to query the historical backup results:
# cd /opt/ssrbackup_local/tools
# ./backup_result.sh
----End
Prerequisites
l The SSR license has been configured.
l ISO file for urgent system recovery has been created. For details, see 6.1.7.4 Creating of
the ISO File for Urgent System Recovery.
l System partitions have been backed up. For details, see 6.1.7.5 (Optional) Backing up
System Partitions.
Procedure
Step 1 Copy U2000RecoveryISO.iso to a local PC.
Step 5 Configure the network adapter IP address and route to restore the network communication.
# ifconfig eth0 IP Address netmask NetMask up
# route add default gw Gateway
NOTE
l After the IP address and other configurations are set, you cannot use PuTTY to log in to the OS in SSH
mode because you have entered the rescue mode.
l The system IP address must be available but does not have to be consistent with that of the server.
l route add default gw Gateway indicates that the default route that is added. Replace them with the actual
values.
NOTE
After the mounting is successful, you can view files stored in the /opt/ssrbackup_local directory in the /tmp
directory.
If the system partition backup files are saved to the Windows 2008 file server, follow the
following steps.
1. Mount the Windows Server 2008 file server to the /mnt directory.
# mount -t cifs -o username="User Name",password="Password" //192.168.1.100/
ssrbackup_local /mnt
NOTE
– username: Indicates the shared account specified for the file server Windows Server 2008 OS,
for example administrator.
– password: Indicates the password for the shared account, for example Changeme_123.
– //192.168.1.100/ssrbackup_local: Indicates the shared directory specified for the file server
Windows Server 2008 OS.
Run the following command to check whether the mounting succeeds. The mounting is
successful if information similar to the following is displayed.
# df -h
//192.168.1.100/ssrbackup_local 557G 76G 482G 14% /mnt
NOTE
– If the OS for the U2000 server is SUSE Linux 10, run the following command.
# mount -t nfs -o rw 192.168.1.100:/opt/nfs /mnt
NOTE
Run the following command to check whether the mounting succeeds. The mounting is
successful if information similar to the following is displayed.
# df -h
10.67.186.70:/opt/nfs 115G 46G 63G 43% /mnt
NOTE
NOTE
/backup_1708060955: Indicates the directory the backup files stored which to be restored.
Step 9 Run the following commands to restart the OS. The restart takes 5 to 10 minutes.
# sync;sync;sync;sync
# shutdown -r now
----End
6000 equivalent NEs). The database files of the U2000 server are used to store data or store
the log information that is generated during the running of the database.
Table 6-7 describes Medium-scale U2000 databases.
Prerequisites
l The NMS processes are ended. Perform the following operations to end the NMS
processes if they are running:
– For the Single-Server System (Windows), see A.10.8 How to End the Processes of
the U2000 Single-Server System on Windows.
– For the Single-Server System (Solaris), see A.10.11 How to End the Processes of
the U2000 Single-Server System on (Solaris).
– For the Single-Server System (SUSE Linux), see A.10.14 How to End the
Processes of the U2000 Single-Server System on (SUSE Linux).
– For the High Availability System (Solaris/SUSE Linux), see A.10.17 How to End
the U2000 Processes of the High Availability System (Solaris, PC Linux).
l The database is running. Perform the following operations to start the database if it is not
running:
– For the Single-Server System (Windows), see A.7.4 How to Start the SQL Server
Database.
– For the Single-Server System (Solaris), see A.8.1.2 How to Start the Sybase
Database Service.
– For the Single-Server System (SUSE Linux), see A.8.1.2 How to Start the Sybase
Database Service.
– For the High Availability System (Solaris/SUSE Linux), see A.8.1.2 How to Start
the Sybase Database Service.
l In a high availability (HA) system, freeze the AppService resource group. For more
information, see 11.5.3 Locking a Resource Group.
Context
This operation will delete all U2000 data from the database and restore all U2000 information
to default settings. Therefore, back up the U2000 database and NMS deployment information
before performing initialization.
This operation will:
l Restore the login passwords of admin user for the U2000 client , NE Software
Management and the U2000 System Monitor client to the initial passwords (The initial
password of the admin user is Changeme_123. The password must be changed during
the first login to ensure system security. Keep the password confidential and change it
regularly.).
l Delete all service data that users configured on the U2000 client.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
NOTE
On a high availability system, log in to the MSuite client on the active site.
Step 2 On the MSuite client, choose System > Initialize Database from the main menu. The
initialization wizard and a prompt will be displayed.
Step 4 Click Yes. The system starts initializing the database and displays a progress bar. Wait
patiently.
Step 5 After the initialization is complete, click Finish. A message is displayed indicating that the
U2000 server need to be started manually.
Step 6 Optional: In the HA system, unfreeze the AppService resource group. For more information,
see 11.5.4 Unlocking a Resource Group.
Step 7 Click OK, start the U2000 server manually. For more information, see 2 Starting the U2000
System.
----End
On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su - ossuser
command to switch to the ossuser user to run the following command.):
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -InitDatabase
Enter the MSuite login password[]:
NOTE
The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for system
security, modify the default password and remember the new password. For details, see C.3.1 Changing
the Password of the MSuite.
Follow-up Procedure
l In the HA system, log in to the secondary site as the ossuser user after primary site
initialization is complete and run the following commands to delete flags reported by
hardware alarms or HA system alarms.
$ su - root
Password:root user password
# rm -rf /var/ICMR/alarm/*ERROR
# rm -rf /var/ICMR/alarm/err_*
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000,
you must reconfigure the NBI instance after successfully initializing the database, and
the reconfigured instance must be the same as the instance before the database is
initialized. For details, see the related NBI user manual.
l To ensure system security, log in to the U2000 client and change the password according
to the message displayed upon the first login. For details, see 2.6 Logging In to a U2000
Client.
Prerequisites
l The U2000 server is running properly.
l The system monitoring process is running properly.
l The System Monitor communicates normally with the U2000 server.
Context
If Data Used Rate or Log Used Rate of the database exceeds the preset alarm threshold, the
system monitoring process sends an alarm to the NMS server and the related record on the
System Monitor turns red.
Procedure
Step 1 Optional: In the Windows OS, choose Start > Programs > Network Management System
> U2000 System Monitor or double-click the shortcut icon on the desktop to start the System
Monitor.
Step 2 In the Login dialog box, enter the required user name and password to access the System
Monitor window.
Step 3 Click Login to log in to the System Monitor of the U2000.
Step 4 Click the Database tab and view the data space, remaining data space, data space usage, log
space, remaining log space, and log space usage of the database.
----End
Prerequisites
l Performance data for at least one day exists.
l There is sufficient memory to save the dumped performance data.
Procedure
Step 1 Choose Performance > Performance Dump Management > Manual Dump Performance
Data from the main menu (traditional style); alternatively, double-click Fix-Network
Step 2 In the Specify End Date area, enter the data to the text box, or click to select the end date
to dump the performance data.
The following figure uses the Windows as an example.
Step 3 In the Dump drop-down list of the Specify Granularity area, select a dump mode for a
granularity.
NOTE
l Granularity for dumping the performance data from one file to another file in the local disk is All.
l For PTN and transport, custom period granularity is not displayed.
l Granularity is not supported for TCA data dump.
Dump can be classified as No Dump or Delete.
l If you select No Dump, the performance data or TCA data for the selected granularity
will not be dumped.
l If you select Delete, the collected performance data or TCA data for the selected
granularity will be deleted without saving.
The progress bar displays the status, the number of total records, and the number of dumped
records.
Step 5 In the dialog box displayed indicating that the operation succeeds, click OK.
----End
Prerequisites
l Performance data for at least one day exists.
l There is sufficient memory to save the dumped performance data.
Procedure
Step 1 Choose Performance > Performance Dump Management > Automatic Dump Setting
from the main menu (traditional style); alternatively, double-click Fix-Network Performance
in Application Center and choose Performance Dump Management > Automatic Dump
Setting from the main menu (application style).
Step 3 Set the dump parameters for granularity-based lifecycle. Namely, set a duration for
performance data to be stored in the U2000 database.
1. In the Granularity-based Lifecycle area, enter the number of days according to the
granularity in the Lifecycle text box.
2. Optional: (Optional) Select the Dump to File after Lifecycle check box. If the lifecycle
expires, the performance data in database will be dumped to files in the Path on Server
path. If this check box is not selected, the system will delete the performance data from
the database.
Step 4 Set automatic file dumping based on the used database space. When the used space of the
performances data exceeds the set threshold, the system dumps the performance data to files
according to the set proportion for each granularity.
1. In the Maximum disk space occupied by Data text box, enter the threshold for the used
database space of percentage of performance data.
2. In the Proportion dumped text box, enter the proportion of performance data to be
dumped by granularity.
3. Optional: (Optional) Select the Dump to File check box. When the preceding
conditions are satisfied, the performance data will be dumped to files in the Path on
Server path; otherwise, the system will delete the performance data from the database.
NOTE
If you deselect the Dump to File check box, data is deleted from the database when the life cycle exceeds the
maximum disc space size.
----End
Context
If only one single server U2000 is deployed at a site, network management functions will
become unavailable if the U2000 fails. The cold backup feature is therefore introduced by
HUAWEI to implement fast restoration in the case of a system failure.
In the cold backup solution, two single server U2000 systems with the same version,
deployment domain, language, OS type, server time, and time zone are deployed. One system
is run on the primary site and the other is run on the secondary site.
l In normal conditions, the primary site provides the network management functions. The
network management process and maintenance tool on the secondary site are stop while
the database is running. The primary site backs up the network management data
periodically, and the secondary site obtains the backup file from the primary site at
regular intervals.
l If the U2000 on the primary site fails, the U2000 on the secondary site starts
immediately to provide network management functions.
NOTE
l The backup object is the entire database, including the custom data at the U2000 side (excluding the
custom options of the system), network layer trail data, NE-side configuration data, alarm data and
performance data. In addition, a backup is created for the structure of the entire database, all
database tables (including the system tables and the user tables), table structure, and stored
procedures. The personal information (including personal name, phone numbers and addresses) on
the U2000 and all user names and passwords are also backed up. Therefore, you are obligated to
take considerable measures, in compliance with the laws of the countries concerned and the user
privacy policies of your company, to ensure that the personal data of users is fully protected.
l The following data is not backed up when you back up the U2000 database:
l The data that is not saved at the NE side, that is, the data that cannot be uploaded.
l The custom options of the system. For example, font, color setting, and audio setting.
l The function of the fast restoration scheme for the cold backup system and the scheduled tasks on
the U2000 MSuite or U2000 overlaps. You are recommended to execute those tasks at different
time.
Restriction
l Before starting the secondary site, ensure that the license of the U2000 has been loaded
on the secondary site.
NOTE
Please refer Applying for a U2000 License to generate the both primary and secondary sites ESNs
and send the contract number and the server ESNs to Huawei engineers or the local Huawei office
to apply for a U2000 license.
The U2000 license is loaded at both sites.
l If the database at the primary site has been expanded, the database at the secondary site
must be expanded to the same size; otherwise, restoration may fail.
l If cold backup is performed for the first time in an upgrade scenario, back up data at the
primary site and restore data at the secondary site using the MSuite before configuring a
cold backup task. This prevents a restoration failure due to inconsistent database sizes.
l Automatic backup and restoration scenario:
OS for Automatic Backup OS for Automatic Restoration
Solaris Solaris
Process Introduction to Fast Restoration Scheme for the U2000 Cold Backup
System
The fast restoration scheme for the U2000 cold backup system supports manual and automatic
backup and restoration. If you use manual backup and restoration, you need to manually start
the backup or restoration task each time. If you use automatic backup and restoration is used,
you only need to configure a scheduled backup and a scheduled restoration task. The
automatic backup and restoration is recommended.
l Automatic backup and restoration scheme: To automatically back up and restore data,
you need to configure scheduled backup tasks on the primary site and automatic
restoration tasks on the secondary site. The process is as follows:
a. On the secondary site, install a single server U2000 whose version, deployment
domain, language and database username are the same as those on the primary site.
b. Configure scheduled backup tasks on the primary site. The backup files are
generated through backup modules and stored on the primary site.
c. Configure scheduled restoration tasks on the secondary site. Obtain the backup files
through SFTP from the primary site and restore the files on the secondary site.
d. When the primary site malfunctions, start the U2000 on the secondary site to fast
restore the U2000.
l Manual backup and restoration scheme: The manual backup and restoration scheme
requires a cold backup tool to back up and restore data. The process is as follows:
a. On the secondary site, install a single server U2000 whose version, deployment
domain, language and database username are the same as those on the primary site.
b. Use a cold backup tool to back up the U2000 data on the primary site as backup
files and store the files on the primary site.
c. Copy the backup files from the primary site to the secondary site, and use the cold
backup tool to restore the files on the secondary site.
Prerequisites
l A single server U2000 system whose version, deployment domain, language, OS type,
server time, and time zone are the same as those on the primary site is installed on the
secondary site. For details about the installation procedure, see the U2000 Single-Server
System Software Installation and Commissioning Guide.
l The U2000 processes and the database are running on the primary site.
l Network communication between the primary site and the secondary site is normal, and
the minimum bandwidth is 10 Mbit/s.
l The SFTP Server service has been activated on the primary site, and related ports
(including the SFTP service port 22) have been enabled.
NOTE
For details on enabling the SFTP Server service on a SUSE Linux operating system, see A.2.2
How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
For details on enabling the SFTP Server service on a Solaris operating system, see A.3.3.3 How to
Start/Stop the FTP, SFTP, and Telnet Services.
For details on enabling the SFTP Server service on a Windows operating system, see A.1.11 How
Do I Manually Enable and Disable the FTP Service on a Server?.
l If a firewall is deployed between the primary site and the secondary site, the SFTP
service port (by default, port 22) on the firewall must be enabled. For details on enabling
the SFTP service port on a firewall, see the firewall user guide.
l Only one scheduled backup or restoration task is allowed on a single server. For
example, if you create a new automatic backup task on the primary site, the old backup
task on the primary site will become invalid and only the new one will be retained.
Procedure
Step 1 Run the following steps to execute the configuration script.
NOTE
If execution of the configuration script fails, apply troubleshooting as prompted or contact Huawei
technical support engineers.
l Windows Server 2008 OS:
a. Log in to the OS as the administrator user.
b. Navigate to the D:\oss\engr\tools\coldbackuptool directory and run the
userconfig.bat script.
Information similar to the following is displayed:
Select a task type (1: backup, 2: restoration):
NOTE
The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
l Solaris or Linux OS:
a. Log in to the OS as the ossuser user through SSH by using PuTTY.
b. Run the following command to switch to the root user and run the userconfig.sh
script.
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./userconfig.sh
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
NOTE
The time configured for the cold backup task does not overlap with the time when data is being restored
using the MSuite. Cold backup may fail if the MSuite is restoring data.
Step 4 Enter the backup frequency, for example, if the frequency is 2:00 every day, enter 2 and press
Enter.
NOTE
l The maximum number of backup files must match the size of disk that will hold the backup files,
and is recommended to be 30.
l It is recommended that you set the scheduled backup time to the time when network service traffic is
light, such as at midnight (00:00 to 06:00).
Step 5 Enter the maximum number of backup files, such as 30, and press Enter.
The scheduled task is successfully created if the following information is displayed.
Scheduled task created successfully.
NOTE
To query the configured maximum number of backup files, take either of the following approaches:
l For a Windows Server 2008 OS: Navigate to the path D:\oss\engr\tools\coldbackuptool\conf, and
open the mark.inf file using Notepad. Information similar to maxbackupfiles=30 will be displayed.
l For a Linux or Solaris OS: Navigate to the path /opt/oss/engr/tools/coldbackuptool/conf, and run
the cat mark.inf command to view content in the mark.inf file. Information similar to
maxbackupfiles=30 will be displayed.
----End
Result
After a backup task is created on the primary site, use one of the following methods to verify
whether the configuration of backup task is successful:
l Using query commands
– On the Windows Server 2008 OS:
n Check the backup task.
1) Log in to the OS as the administrator user.
2) Run the following command in the command line window:
> cd /d D:\oss\engr\tools\coldbackuptool
> coldbackupInfo.bat -task
The backup task has been created if information similar to the following
is displayed:
cycle time Command Line
daily 0:00 D:/oss/engr/tools/coldbackuptool/coldbackup.bat -
silent
NOTE
The displayed value of cycle varies depending on the backup interval. For
example:
l If the configured backup interval is daily, the displayed value of Day is
similar to daily.
l If the configured backup interval is weekly, the displayed value of Day is
similar to weekly: Sunday.
l If the configured backup interval is monthly, the displayed value of Day is
similar to monthly: 22.
n Check the backup result.
1) Log in to the OS as the administrator user.
2) Run the following command in the command line window:
> cd /d D:\oss\engr\tools\coldbackuptool
> coldbackupInfo.bat -result
NOTE
The fields in the command output indicate the backup date and time, operation
result (Successful/Failure), operation type (backupDB/restoreDB), and backup
package (the timestamp in the file name indicates the backup time).
NOTE
The directory D:\oss\engr\tools\coldbackuptool in the preceding command assumes that
the U2000 is installed in the default directory D:\oss. If the U2000 is not installed in the
default directory, replace the directory in the command accordingly.
– On the Linux or Solaris OS:
n Check the backup task.
1) Log in to the OS as the ossuser user through SSH by using PuTTY.
2) Run the following command to switch to the root user and run the
coldbackupInfo.sh script.
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./coldbackupInfo.sh -task
NOTE
The displayed value of cycle varies depending on the backup interval. For
example:
l If the configured backup interval is daily, the displayed value of Day is
similar to daily.
l If the configured backup interval is weekly, the displayed value of Day is
similar to weekly: Sunday.
l If the configured backup interval is monthly, the displayed value of Day is
similar to monthly: 22.
n Check the backup result.
1) Log in to the OS as the ossuser user through SSH by using PuTTY.
2) Run the following command to switch to the root user and run the
coldbackupInfo.sh script.
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./coldbackupInfo.sh -result
NOTE
The fields in the command output indicate the backup date and time, operation
result (Successful/Failure), operation type (backupDB/restoreDB), and backup
package (the timestamp in the file name indicates the backup time).
NOTE
The directory /opt/oss/engr/tools/coldbackuptool in the preceding command assumes that
the U2000 is installed in the default directory /opt/oss. If the U2000 is not installed in the
default directory, replace the directory in the command accordingly.
l Check the log.
– On the Windows Server 2008 OS: When the scheduled time of the backup task is
reached, check the d:\oss\engr\tools\coldbackuptool\silent\coldbackupresult.txt file
for the backup log.
– On the Linux or Solaris OS: When the scheduled time of the backup task is reached,
run tail -f /opt/oss/engr/tools/coldbackuptool/silent/coldbackupresult.txt to check
the backup log.
l Check the backup files.
– On the Windows Server 2008 OS, the backup directory is D:\coldbackupdata and
the backup files are in the 7z format.
– On the Linux or Solaris OS, the backup directory is /opt/backup/ftpboot/
coldbackupdata and the backup files are in the 7z format.
Follow-up Procedure
For how to end the backup task, run the following steps.
l Windows Server 2008 OS:
a. Log in to the OS as the administrator user.
b. Navigate to the D:\oss\engr\tools\coldbackuptool directory and execute the
stopCron.bat script.
l Solaris or Linux OS:
a. Log in to the OS as the ossuser user through SSH by using PuTTY.
b. Run the following commands to switch to the root user and end the backup task on
the secondary site:
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./stopCron.sh
Prerequisites
l A single server U2000 system whose version, deployment domain, language, OS type,
server time, and time zone are the same as those on the primary site is installed on the
secondary site. For details about the installation procedure, see the U2000 Single-Server
System Software Installation and Commissioning Guide.
l On the secondary site, network management process and the maintenance tool are
standby and the database is running. If the U2000 has started when the restoration task is
performed, the U2000 process is automatically stopped.
l Network communication between the primary site and the secondary site is normal, and
the minimum bandwidth is 10 Mbit/s.
l The primary site is running correctly. (If the primary site becomes faulty before
automatic restoration starts, data cannot be restored on the secondary site.)
l Only one scheduled backup or restoration task is allowed on a single server. For
example, if you create a new automatic backup task on the primary site, the old backup
task on the primary site will become invalid and only the new one will be retained.
Procedure
Step 1 Run the configuration script on the secondary site.
NOTE
If execution of the configuration script fails, apply troubleshooting as prompted or contact Huawei
technical support engineers.
l Windows Server 2008 OS:
a. Log in to the OS as the administrator user.
b. Navigate to the D:\oss\engr\tools\coldbackuptool directory and run the
userconfig.bat script.
Information similar to the following is displayed:
Select a task type (1: backup, 2: restoration):
NOTE
The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
l Solaris or Linux OS:
a. Log in to the OS as the ossuser user through SSH by using PuTTY.
b. Run the following command to switch to the root user and run the userconfig.sh
script.
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./userconfig.sh
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
Step 3 Enter the automatic restoration interval, for example, if the automatic restoration task is
performed once every day, enter 1 and press Enter.
Step 4 Enter the time to start the automatic restoration task, such as 5 and press Enter.
Information similar to the following is displayed:
>>>>>Enter the peer SFTP user<<<<<
Enter the peer SFTP IP address:
Enter the password for SFTP user:
NOTE
l The interval between the automatic restoration time and the automatic backup time is fixed at 3
hours. For example, if the automatic backup time is 2 a.m., set the automatic restoration time to 5
a.m.
l If connection to the primary site fails due to Primary Site Authentication Error when you enter
the primary site's SFTP information, see A.10.52 How Do I Handle the Failure to Connect Two
Servers Due to a Mutual Trust Authentication Error? for troubleshooting.
l Reconfigure the automatic restoration task if the SFTP user's password is changed.
Step 5 Enter the IP address and SFTP user name of the primary site, and press Enter. In this
example, IP address is 192.168.0.0 and default password of the SFTP user is
Changeme_123. The information is used by the secondary site to obtain the backup file from
the primary site by using the SFTP.
The scheduled task is successfully created if the following information is displayed.
Scheduled restoration will automatically shut down the U2000 and MSuite.
Scheduled task created successfully.
----End
Result
After an automatic restore task is created on the secondary site, use one of the following
methods to verify whether the configuration of restore task is successful:
l Using query commands
– On the Windows Server 2008 OS:
n Check the restoration task.
1) Log in to the OS as the administrator user.
2) Run the following command in the command line window:
> cd /d D:\oss\engr\tools\coldbackuptool
> coldbackupInfo.bat -task
NOTE
The displayed value of cycle varies depending on the restoration interval. For
example:
l If the configured restoration interval is daily, the displayed value of Day is
similar to daily.
l If the configured restoration interval is weekly, the displayed value of Day is
similar to weekly: Sunday.
l If the configured restoration interval is monthly, the displayed value of Day
is similar to monthly: 22.
NOTE
The fields in the command output indicate the restoration date and time,
operation result (Successful/Failure), operation type (backupDB/restoreDB), and
backup package (the timestamp in the file name indicates the backup time of the
data to be restored).
NOTE
The directory D:\oss\engr\tools\coldbackuptool in the preceding command assumes that
the U2000 is installed in the default directory D:\oss. If the U2000 is not installed in the
default directory, replace the directory in the command accordingly.
– On the Linux or Solaris OS:
n Check the restoration task.
1) Log in to the OS as the ossuser user through SSH by using PuTTY.
2) Run the following command to switch to the root user and run the
coldbackupInfo.sh script.
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./coldbackupInfo.sh -task
NOTE
The displayed value of cycle varies depending on the restoration interval. For
example:
l If the configured restoration interval is daily, the displayed value of Day is
similar to daily.
l If the configured restoration interval is weekly, the displayed value of Day is
similar to weekly: Sunday.
l If the configured restoration interval is monthly, the displayed value of Day
is similar to monthly: 22.
n Check the restoration result.
1) Log in to the OS as the ossuser user through SSH by using PuTTY.
2) Run the following command to switch to the root user and run the
coldbackupInfo.sh script.
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./coldbackupInfo.sh -result
NOTE
The fields in the command output indicate the restoration date and time,
operation result (Successful/Failure), operation type (backupDB/restoreDB), and
backup package (the timestamp in the file name indicates the backup time of the
data to be restored).
NOTE
The directory /opt/oss/engr/tools/coldbackuptool in the preceding command assumes that
the U2000 is installed in the default directory /opt/oss. If the U2000 is not installed in the
default directory, replace the directory in the command accordingly.
l Checking the log
– On the Windows Server 2008 OS: When the scheduled time of the backup task is
reached, check the D:\oss\engr\tools\coldbackuptool\silent\coldbackupresult.txt
file for the restore log.
– On the Linux or Solaris OS: When the scheduled time of the backup task is reached,
run tail -f /opt/oss/engr/tools/coldbackuptool/silent/coldrestoreresult.txt to check
the restore log.
Follow-up Procedure
l For how to end the restoration task, run the following steps.
– Windows Server 2008 OS:
i. Log in to the OS as the administrator user.
ii. Navigate to the D:\oss\engr\tools\coldbackuptool directory and execute the
stopCron.bat script.
– Solaris or Linux OS:
i. Log in to the OS as the ossuser user through SSH by using PuTTY.
ii. Run the following commands to switch to the root user and end the restoration
task on the secondary site:
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./stopCron.sh
l After automatic restoration is implemented for the first time, stop the U2000 process on
the primary site and start the U2000 process on the secondary site to ensure that the
process can function properly.
– If the U2000 process runs properly on the secondary site, stop the U2000 process on
the secondary sites start the U2000 process on the primary site.
– If the U2000 process not runs properly on the secondary site, re-execute the restore
task on the secondary sites or contact Huawei technical support personnel.
NOTE
After data restoration fails, if the missing database files fault is found in the log file, rectify the
fault by following the instructions provided in A.10.50 How to Rectify the Data Restoration
Failure on a Secondary Site Because of Missing Databases.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after
successfully restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
Prerequisites
l A single server U2000 system whose version, deployment domain, language, OS type,
server time, and time zone are the same as those on the primary site is installed on the
secondary site. For details about the installation procedure, see the U2000 Single-Server
System Software Installation and Commissioning Guide.
l The U2000 processes and the database are running on the primary site.
l The time configured for the cold backup task does not overlap with the time when data is
being restored using the MSuite. Cold backup may fail if the MSuite is restoring data.
Procedure
Step 1 Log in to the U2000 on the primary site and manually execute the backup script.
NOTE
If execution of the backup script fails, apply troubleshooting as prompted or contact Huawei technical
support engineers.
l Windows Server 2008 OS:
– Do not close the command window when the backup script is running.
– If you press Ctrl+C while the manual backup task is running, the manual backup
operation will be forcibly terminated. When forcible termination is incurred,
manually delete the file that is not completely backed up from the backup directory.
c. Enter the directory (recommended: D:\backup) where the backup file resides, and
press Enter.
NOTE
The backup directory must not contain special characters. Only letters, digits, and
underscores <_> are allowed.
The backup task is successfully executed if the following information is displayed.
Running task Initialize the
backup.............................................RunSucceeded
Execution completed. For detailed execution results, see the file: D:\oss
\engr\tools\coldbackuptool\bcpoutput.zip
NOTE
The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
l Solaris or Linux OS:
If you press Ctrl+C while the manual backup task is running, the manual backup
operation will be forcibly terminated. When forcible termination is incurred, manually
delete the file that is not completely backed up from the backup directory.
n The backup directory must not contain special characters. Only letters, digits, and
underscores <_> are allowed.
n If a non-recommended backup directory is used, ensure that its owner is ossuser and the
owner group is ossgroup. The owner must have the write permission on the backup
directory.
The backup task is successfully executed if the following information is displayed.
Running task Initialize the
backup.............................................RunSucceeded
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
----End
Result
After the backup tasks are started on the primary site, perform the following operations to
check whether the tasks are successfully executed:
l Check the backup file.
Switch to the backup directory specified for the backup task, and check whether the
backup file is generated.
After the backup tasks are executed successfully on the primary site, copy backup files to the
secondary site in a timely manner.
Prerequisites
l A single server U2000 system whose version, deployment domain, language, OS type,
server time, and time zone are the same as those on the primary site is installed on the
secondary site. For details about the installation procedure, see the U2000 Single-Server
System Software Installation and Commissioning Guide.
l On the secondary site, network management process and the maintenance tool are
standby and the database is running. If the U2000 has started when the restoration task is
performed, the U2000 process is automatically stopped.
l The latest backup files have been obtained from the primary site, including the backup
files in *.7z and *.asc formats. For example, use FileZilla to download the backup files
from the primary site to the local and then upload them to the secondary site.
l For Linux and Solaris, ensure that the owner for the backup file and the path in which
backup file is stored is ossuser and the user group for the path is ossgroup and the path
has the read and execution permissions. You do not need to change the permission for
the /opt directory.
Run the following commands as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path
# chmod -R 750 path
For example, if the path is /opt/backup/dbbackup, run the following commands as user
root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup
# chmod -R 750 /opt/backup/dbbackup
If the backup file is backupfile.7z, run the following commands as user root:
# cd /opt/backup/dbbackup
# chown ossuser:ossgroup 20150531144932.7z
# chmod 600 20150531144932.7z
Procedure
Step 1 Log in to the U2000 on the secondary site and manually execute the restoration script.
NOTE
If execution of the restoration script fails, apply troubleshooting as prompted or contact Huawei
technical support engineers.
l Windows Server 2008 OS:
– Do not close the command window when the restoration script is running.
– If you press Ctrl+C while the manual restoration task is running, the manual
restoration operation will be forcibly terminated. When forcible termination is
incurred, try the restoration task again.
Execution completed. For detailed execution results, see the file: D:\oss
\engr\tools\coldbackuptool\bcpoutput.zip
NOTE
The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
l Solaris or Linux OS:
If you press Ctrl+C while the manual restoration task is running, the manual restoration
operation will be forcibly terminated. When forcible termination is incurred, try the
restoration task again.
NOTE
If both the U2000 and MSuite are running, executing this file will automatically stop the
U2000 and MSuite. In addition, related descriptions about service stopping will be displayed
before you enter the directory for the .7z file.
The restoration task is successfully executed if the following information is
displayed.
Running task Initialize before
restore.............................................RunSucceeded
Running task Restore
Database...................................................RunSucceeded
Running task Restore U2000 service
files.......................................RunSucceeded
Running task After restore
operation............................................RunSucceeded
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
----End
Result
After the restoration tasks are started on the secondary site, perform the following operations
to check whether the tasks are successfully executed:
l Start the U2000 process and ensure that the U2000 process can start normally.
NOTE
After data restoration fails, if the missing database files fault is found in the log file, rectify the fault by
following the instructions provided in A.10.50 How to Rectify the Data Restoration Failure on a
Secondary Site Because of Missing Databases.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
Prerequisites
l U2000 MSuite is ended on the secondary site.
l The last automatic restoration task on the secondary site is successfully executed.
NOTE
l In this example, the U2000 installation directory is D:\oss\. On the Windows 2008 OS, check
the d:\oss\engr\tools\coldbackuptool\silent\coldrestoreresult.txt file for the status of the
automatic restoration task.
l On the Linux or Solaris OS, run tail -f /opt/oss/engr/tools/coldbackuptool/silent/
coldrestoreresult.txt to check the status of the automatic restoration task.
l The license of the U2000 has been loaded on the secondary site.
l On SNMP-based routers, switches, PTN 6900, PTN 7900, access devices, and security
devices, the server IP address of the primary site and that of the secondary site have been
added to the list of IP addresses of the Trap destination host.
Procedure
Step 1 End the restoration task on the secondary site and start the U2000.
l Windows Server 2008 OS:
a. Log in to the OS as the administrator user.
b. Navigate to the D:\oss\engr\tools\coldbackuptool directory and execute the
stopCron.bat script.
c. Navigate to the D:\oss\server\platform\bin directory and execute startnms.bat
command to start the U2000. If information similar to the following is displayed,
the database has to be started. For details, see 2.1.2 Starting the Database. Then,
execute the startnms.bat file to start the U2000 process.
Service MSSQLSERVER does not running,please start it first.
c. Run the following commands to switch to the ossuser user and start the U2000:
# su - ossuser
$ cd /opt/oss/server/platform/bin
$ ./startnms.sh
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./stopCron.sh
Step 3 Log in to the U2000 by using the IP address of the new U2000 server.
----End
Follow-up Procedure
l If the U2000 interworks with the upper-layer OSS or uTraffic, reconfigure their
interworking to ensure that the upper-layer OSS or uTraffic is able to access the U2000
through the IP address and port number of the secondary site.
l Reconnect to the U2000 client. For details, see the Logging In to a U2000 Client
section in the U2000 Administrator Guide.
Context
l After the primary site is recovered, the U2000 needs to be switched back to the primary
site.
l If the secondary site provides the network management service for a long period of time,
the site must be backed up. The backup data is used to restore data at the primary site.
Procedure
Step 1 Optional: Back up the secondary site. For details, see 6.2.3.1 Executing Backup Tasks on
the Primary Site.
NOTE
l If the secondary site provides the network management service for a long period of time, this step
must be performed to back up the secondary site. The backup data is used to restore data at the
primary site.
l The backup task must be manually executed at the secondary site. The operations are similar to
those at the primary site.
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
Step 4 Optional: Restore data at the primary site. For details, see 6.2.3.2 Manually Execute
Restoration Tasks on the Secondary Site.
NOTE
l If the secondary site provides the network management service for a long period of time, this step
must be performed to restore data at the primary site.
l The restoration task must be manually executed at the primary site. The operations are similar to
those at the secondary site.
Step 5 Start the original automatic backup tasks of the primary site.
l On the Windows Server 2008 OS
a. Log in to the OS as the administrator user.
b. Navigate to the D:\oss\engr\tools\coldbackuptool directory and execute the
startCron.bat to start the automatic backup tasks.
l On the Linux or Solaris OS
a. Log in to the OS as the ossuser user through SSH by using PuTTY.
b. Run the following command to switch to the root user and start the automatic
backup tasks:
$ su - root Password: Password of the root user # cd /opt/oss/engr/tools/
coldbackuptool # ./startCron.sh
NOTE
If the U2000 has been reinstalled or backup tasks need to be reconfigured due to special reasons,
following the operation procedure described in 6.2.2.1 Configuring Automatic Backup Tasks on the
Primary Site.
Step 6 Start the original automatic backup tasks of the secondary site.
l On the Windows Server 2008 OS
a. Log in to the OS as the ossuser user.
b. Navigate to the D:\oss\engr\tools\coldbackuptool directory and execute the
startCron.bat to start the automatic backup tasks.
NOTE
To reconfigure the backup tasks of the secondary site, see 6.2.2.2 Configuring Automatic Restoration
on the Secondary Site.
----End
Follow-up Procedure
l If the U2000 interworks with the upper-layer OSS or uTraffic, reconfigure their
interworking to ensure that the upper-layer OSS or uTraffic is able to access the U2000
through the IP address and port number of the secondary site.
l Reconnect to the U2000 client. For details, see the Logging In to a U2000 Client
section in the U2000 Administrator Guide.
For details, see 6.1.2 Methods of Backing Up and Restoring the U2000 Data and 6.1.5
U2000 Data is Restored by Mirroring the Database.
The key is an input parameter of the algorithm used to encrypt or decrypt data.
Overview
l Root key: used to encrypt a working key.
l Working key: used to encrypt keys of important service data such as NE access
parameters.
l Key store: collection of the root keys and working keys.
U2000 keys are classified into the root keys and working keys. A root key is used only to
encrypt a working key. Currently, only the working keys used for encrypting the data saved to
the files or database are available. A working key is used to encrypt all important information
stored on disks, such as passwords in device access parameters.
Usage Scenario
U2000 key replacement involves the single-server solution, HA solution, and distributed
system solution.
1. After Perform After the U2000 is installed, the default key is public. If the
U2000 key system key store is lost or damaged, related data will fail to be
installation replacemen encrypted. Therefore, periodically replacing keys is
t recommended.
immediatel
y.
4. Script Ensure that l Before script data is exported from NMS A with key
import and the save replacement and imported to NMS B, the mapping key
export paths of store must be imported to NMS B first.
keys are l To import script data in a distributed system, the mapping
trustable. key store must be imported to each node first.
l The MSuite provides a function that controls whether the
key store is exported with script data, which is enabled by
default. It is recommended that this function be disabled so
that confirmation is required before the key store is
exported with script data in scenarios such as script export/
import for backup and recovery.
5. Full Ensure that Full system backup indicates backup of the entire NMS system
system the save including both data and the key store. Backup data
backup paths of confidentiality should be ensured. Once a confidentiality
keys are problem is detected, the system keys must be replaced, and
trustable. device access parameters must be modified in a timely manner.
6. Database Ensure that The key store, database, and configuration file should be
backup the save packed and backed up together. Data and the key store are
paths of backed up together. Backup data confidentiality should be
keys are ensured. Once a confidentiality problem is detected, the system
trustable. keys must be replaced, and device access parameters must be
modified in a timely manner.
7. Routine Periodicall Encrypted data may be leaked to external systems through data
maintenanc y perform backup or script import and export, and key confidentiality
e key decreases with time. Therefore, it is recommended that a key
replacemen be replaced at an interval of less than 1 year.
t.
Replacement Process
l For a single-server system:
l For a HA system:
Prerequisites
l Ensure that the NMS process is stopped. To check whether it is stopped, see A.10.6 How
to Verify That the Processes of the U2000 Single-Server System Are Running on
Windows. If the NMS process is not stopped, see A.10.8 How to End the Processes of
the U2000 Single-Server System on Windows.
l Ensure that the database is running properly. To check the database status, see A.7.4
How to Start the SQL Server Database.
l Ensure that the MSuite server process is stopped. For details, see How to End Processes
on the MSuite Server.
l Ensure that the key store is backed up.
Procedure
Step 1 Log in to the OS as the administrator.
Step 2 Run the following command in the CLI window to back up the key store:
> D:/oss/engr/tools/crypto/export.bat export_path
NOTE
l The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is not installed
in partition D, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for example,
D:/oss/engr/tools/crypto.
NOTE
In the preceding displayed message, D:/oss/engr/tools/crypto indicates the key store's backup directory.
The backup file cryptoInfo.zip contains both the working key and root key.
Step 3 Run the following command in the CLI window to replace the root key:
> crypto_cfgtool -cmd modifyRootKey
NOTE
Replacing a working key may take a long period of time, usually less than 4 hours.
NOTE
If the preceding command fails to be executed, perform rollback. For details, see A.10.61 How Do
I Perform a Rollback After the H2 Key Replacement Fails.
4. Delete the D:\oss\server\etc\oss_cfg\frame\is_server\data\isdb.h2.db.bak file.
NOTE
The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
Step 5 See A.10.7 How to Start the Processes of the U2000 Single-Server System on Windows to
start the NMS process.
Step 6 See A.9.2 How to Start the Process of the MSuite Server to start the Process of the MSuite
Server.
----End
Follow-up Procedure
1. Delete the exported key store.
a. Log in to the OS as the administrator.
b. Access the key store's backup directory and delete the key store exported before key
replacement, for example, deleting the cryptoInfo.zip file in the D:/oss/engr/tools/
crypto/cryptoInfo.zip directory.
2. Back up the new key store.
a. Log in to the OS as the administrator.
b. Run the following command in the CLI to back up the new key store:
> D:/oss/engr/tools/crypto/export.bat export_path
NOTE
l The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is
not installed in partition D, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for
example, D:/oss/engr/tools/crypto.
If information similar to the following is displayed, the backup succeeds:
Operations are successful,Backup File is:D:/oss/engr/tools/crypto/
cryptoInfo.zip
NOTE
l The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is
not installed in partition D, change the partition in the directory accordingly.
l In the preceding displayed message, D:/oss/engr/tools/crypto indicates the key store's
backup directory. The backup file cryptoInfo.zip contains both the working key and root
key.
c. Save the exported backup key store after encryption to a storage unit with a higher
level of confidentiality, and delete it locally.
Prerequisites
l Ensure that the NMS process is stopped. To check whether it is stopped, see A.10.12
How to Verify That the Processes of the U2000 Single-Server System Are Running
on SUSE Linux. If the NMS process is not stopped, see A.10.14 How to End the
Processes of the U2000 Single-Server System on (SUSE Linux).
l Ensure that the database is running properly. To check the database status, see A.8.1.3
How to Verify That the Sybase Database Is Running. If the database is stopped, see
A.8.1.2 How to Start the Sybase Database Service to start it.
l Ensure that the MSuite server process is stopped. For details, see How to End Processes
on the MSuite Server.
l Ensure that the key store is backed up.
Procedure
Step 1 Log in to the OS as the ossuser user over SSH using the PuTTY.
Step 2 Run the following command to back up the key store:
$ cd /opt/oss/engr/tools/crypto
$ ./export.sh export_path
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not installed
in partition /opt, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for
example, /opt/oss/engr/tools/crypto.
NOTE
In the preceding displayed message, /opt/oss/engr/tools/crypto indicates the key store's backup
directory. The backup file cryptoInfo.zip contains both the working key and root key.
You can use the backup to restore the data if the command fails to be run.
To continue, enter "yes". To exit, enter other characters:
NOTE
Replacing a working key may take a long period of time, usually less than 4 hours.
3. Run the following command to replace the H2 working key.
$ cd /opt/oss/server/tools/h2CryptoCfgTool
$ ./H2CryptoCfgTool.sh
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
If the following information is displayed, the replacement succeeds.
operation start.
...
operation success.
NOTE
If the preceding command fails to be executed, perform rollback. For details, see A.10.61 How Do
I Perform a Rollback After the H2 Key Replacement Fails.
4. Run the following command to delete the isdb.h2.db.bak file.
$ rm -rf /opt/oss/server/etc/oss_cfg/frame/is_server/data/isdb.h2.db.bak
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
Step 5 Optional: If the MSO Web system has been installed on the U2000, run the following
commands to re-encrypt data:
NOTE
Run the following command to check whether the MSO Web system is installed on the U2000:
$ ps -ef
The MSO Web system has been installed on the U2000 if the following information is displayed:
ossuser 127282 123782 99 14:33 pts/9 00:10:39 /opt/oss/OSSJRE/jre_linux/bin/
java -Dprocname=MSOService -Dfile.encoding=UTF-8 -DappName=MSOService -
Dfile.encoding=utf-8 -Xms4g -Xmx4g -Xmn3g -Xss256k -XX:ParallelGCThreads=20 -
XX:+UseC
$ cd /opt/oss/server/tools/msoCryptoCfgTool
$ sh MsoCryptoCfgTool.sh
Step 6 See A.10.13 How to Start the Processes of the U2000 Single-Server System on SUSE
Linux to start the NMS process.
Step 7 See A.9.2 How to Start the Process of the MSuite Server to start the Process of the MSuite
Server.
----End
Follow-up Procedure
1. Delete the exported key store.
a. Log in to the OS as the ossuser user using the PuTTY.
b. Run the following command to delete the key store exported before key
replacement:
$ rm -rf opt/oss/engr/tools/crypto/cryptoInfo.zip
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
2. Back up the new key store.
a. Log in to the OS as the ossuser user using the PuTTY.
b. Run the following command to back up the new key store:
$ cd /opt/oss/engr/tools/crypto
$ ./export.sh export_path
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is
not installed in partition /opt, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for
example, /opt/oss/engr/tools/crypto.
If information similar to the following is displayed, the backup succeeds:
Operations are successful,Backup File is:opt/oss/engr/tools/crypto/
cryptoInfo.zip
NOTE
In the preceding displayed message, /opt/oss/engr/tools/crypto indicates the key store's
backup directory. The backup file cryptoInfo.zip contains both the working key and root
key.
c. Save the exported backup key store after encryption to a storage unit with a higher
level of confidentiality, and delete it locally.
Prerequisites
l Ensure that the NMS process is stopped. To check whether it is stopped, see A.10.9 How
to Verify That the Processes of the U2000 Single-Server System Are Running on
Solaris. If the NMS process is not stopped, see A.10.11 How to End the Processes of
the U2000 Single-Server System on (Solaris).
l Ensure that the database is running properly. To check the database status, see A.8.1.3
How to Verify That the Sybase Database Is Running. If the database is stopped, see
A.8.1.2 How to Start the Sybase Database Service to start it.
l Ensure that the MSuite server process is stopped. For details, see How to End Processes
on the MSuite Server.
l Ensure that the key store is backed up.
Procedure
Step 1 Log in to the OS as the ossuser user over SSH using the PuTTY.
Step 2 Run the following command to back up the key store:
$ cd /opt/oss/engr/tools/crypto
$ ./export.sh export_path
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not installed
in partition /opt, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for
example, /opt/oss/engr/tools/crypto.
NOTE
In the preceding displayed message, /opt/oss/engr/tools/crypto indicates the key store's backup
directory. The backup file cryptoInfo.zip contains both the working key and root key.
NOTE
Replacing a working key may take a long period of time, usually less than 4 hours.
3. Run the following command to replace the H2 working key.
$ cd /opt/oss/server/tools/h2CryptoCfgTool
$ ./H2CryptoCfgTool.sh
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
If the following information is displayed, the replacement succeeds.
operation start.
...
operation success.
NOTE
If the preceding command fails to be executed, perform rollback. For details, see A.10.61 How Do
I Perform a Rollback After the H2 Key Replacement Fails.
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
Step 5 See A.10.10 How to Start the Processes of the U2000 Single-Server System on Solaris to
start the NMS process.
Step 6 See A.9.2 How to Start the Process of the MSuite Server to start the Process of the MSuite
Server.
----End
Follow-up Procedure
1. Delete the exported key store.
a. Log in to the OS as the ossuser user using the PuTTY.
b. Run the following command to delete the key store exported before key
replacement:
$ rm -rf opt/oss/engr/tools/crypto/cryptoInfo.zip
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
2. Back up the new key store.
a. Log in to the OS as the ossuser user using the PuTTY.
b. Run the following command to back up the new key store:
$ cd /opt/oss/engr/tools/crypto
$ ./export.sh export_path
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is
not installed in partition /opt, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for
example, /opt/oss/engr/tools/crypto.
If information similar to the following is displayed, the backup succeeds:
Operations are successful,Backup File is:opt/oss/engr/tools/crypto/
cryptoInfo.zip
NOTE
In the preceding displayed message, /opt/oss/engr/tools/crypto indicates the key store's
backup directory. The backup file cryptoInfo.zip contains both the working key and root
key.
c. Save the exported backup key store after encryption to a storage unit with a higher
level of confidentiality, and delete it locally.
Prerequisites
l Ensure that the NMS process is stopped at both primary and secondary sites. To check
whether it is stopped, see A.10.15 How to Check Whether the U2000 Processes of the
High Availability System (Solaris, PC Linux) Are Started. If the NMS is not stopped,
see A.10.17 How to End the U2000 Processes of the High Availability System
(Solaris, PC Linux).
l Ensure that the MSuite server process is stopped. For details, see How to End Processes
on the MSuite Server.
l Ensure that the key store is backed up.
Context
Keys need to be replaced only at the primary site in a U2000 HA system because the key store
files will be automatically synchronized to the secondary site.
Procedure
Step 1 Log in to the primary sites as the oss user using the PuTTY.
Step 2 See C.6.2 Separating the Primary Site from the Secondary Site to separate the primary
and secondary sites.
Step 3 See A.8.1.2 How to Start the Sybase Database Service to start the database at both primary
and secondary sites.
Step 4 Run the following command at primary sites to back up the key store:
$ cd /opt/oss/engr/tools/crypto $ ./export.sh export_path
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not installed
in partition /opt, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for
example, /opt/oss/engr/tools/crypto.
NOTE
In the preceding displayed message, opt/oss/engr/tools/crypto indicates the key store's backup
directory. The backup file cryptoInfo.zip contains both the working key and root key.
Step 5 Run the following command at the primary site to replace the root key.
$ crypto_cfgtool -cmd modifyRootKey
NOTE
Replacing a working key may take a long period of time, usually less than 4 hours.
3. Run the following command at the primary site to replace the H2 working key.
$ cd /opt/oss/server/tools/h2CryptoCfgTool
$ ./H2CryptoCfgTool.sh
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
If the following information is displayed, the replacement succeeds.
Start operation.
operation success.
Please do not delete isdb.h2.db.bak until all IS( centralized or
distributed(master/slave) )exec success.
NOTE
If the preceding command fails to be executed, perform rollback. For details, see A.10.61 How Do
I Perform a Rollback After the H2 Key Replacement Fails.
4. Run the following command at the primary site to delete the isdb.h2.db.bak file.
$ rm -rf /opt/oss/server/etc/oss_cfg/frame/is_server/data/isdb.h2.db.bak
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
Step 7 Optional: If the MSO Web system has been installed on the U2000, run the following
commands to re-encrypt data:
NOTE
Run the following command to check whether the MSO Web system is installed on the U2000:
$ ps -ef
The MSO Web system has been installed on the U2000 if the following information is displayed:
ossuser 127282 123782 99 14:33 pts/9 00:10:39 /opt/oss/OSSJRE/jre_linux/bin/
java -Dprocname=MSOService -Dfile.encoding=UTF-8 -DappName=MSOService -
Dfile.encoding=utf-8 -Xms4g -Xmx4g -Xmn3g -Xss256k -XX:ParallelGCThreads=20 -
XX:+UseC
$ cd /opt/oss/server/tools/msoCryptoCfgTool
$ sh MsoCryptoCfgTool.sh
Step 8 See A.10.16 How to Start the U2000 Processes of the High Availability System (Solaris,
PC Linux) to start the NMS process at primary sites.
Step 9 See A.9.2 How to Start the Process of the MSuite Server to start the Process of the MSuite
Server.
Step 10 See Connecting the Primary and Secondary Sites to connect the primary and secondary
sites.
----End
Follow-up Procedure
1. Delete the exported key store before key replacement.
a. Log in to the primary and secondary sites as the oss user using the PuTTY.
b. Run the following command to delete the exported key store:
$ rm -rf /opt/oss/engr/tools/crypto/cryptoInfo.zip
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
2. Back up the new key store.
a. Log in to the primary and secondary sites as the oss user using the PuTTY.
b. Run the following command to back up the new key store:
$ cd /opt/oss/engr/tools/crypto $ ./export.sh export_path
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is
not installed in partition /opt, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for
example, /opt/oss/engr/tools/crypto.
If information similar to the following is displayed, the backup succeeds:
Operations are successful,Backup File is:opt/oss/engr/tools/crypto/
cryptoInfo.zip
NOTE
In the preceding displayed message, /opt/oss/engr/tools/crypto indicates the key store's
backup directory. The backup file cryptoInfo.zip contains both the working key and root
key.
c. Save the exported backup key store after encryption to a storage unit with a higher
level of confidentiality, and delete it locally.
Prerequisites
l Ensure that the NMS process is stopped on the EM, NM, IS, PM and NBI_GW nodes.
For details about how to stop the NMS process, see Stopping the U2000 Distributed
System.
l Ensure that the database service is started on the EM, NM, IS, PM and NBI_GW nodes.
For details about how to start the database service, see A.8.1.2 How to Start the Sybase
Database Service.
l Ensure that the key store is backed up.
l Ensure that the key store is the same for all nodes in the distributed system.
Context
This section describes how to replace keys on EM, NM, IS, and NBI_GW nodes.
Procedure
Step 1 Log in to the EM, NM, IS, PM and NBI_GW nodes one by one as the ossuser user using the
PuTTY.
Step 2 Run the following commands on the EM, NM, IS, PM and NBI_GW nodes one by one to
back up the key store:
$ cd /opt/oss/engr/tools/crypto
$ ./export.sh export_path
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not installed
in partition /opt, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for example,
opt/oss/engr/tools/crypto.
NOTE
In the preceding displayed message, opt/oss/engr/tools/crypto indicates the key store's backup
directory. The backup file cryptoInfo.zip contains both the working key and root key.
NOTE
After the preceding command is executed, the system will automatically generate a root key,
which is saved to the /opt/oss/server/etc/conf directory. For example, the rootkey.cfg file stored
in /opt/oss/server/etc/conf indicates an automatically generated root key.
2. Copy the generated root key rootkey.cfg to the /export/home/ossuser/ directory on the
EM, IS, PM and NBI_GW node servers, see A.2.28 How to Use the FileZilla to
Transfer Files by SFTP. Log in to the NM, IS, PM and NBI_GW nodes one by one as
the root user, run the following command to replace the original root key:
# chown ossuser:ossgroup /export/home/ossuser/rootkey.cfg
# su - ossuser
$ crypto_cfgtool -cmd modifyRootKey -file /export/home/ossuser/rootkey.cfg
3. When replacing the working key on the PM node, perform the following extra
operations:
$ cd /opt/oss/Collector/server/platform/bin/
$./crypto_cfgtool -cmd modifyRootKey -file /export/home/ossuser/rootkey.cfg
If information similar to the following is displayed, the root key on the PM node has
been successfully replaced:
Root material updated successfully.
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
4. Run the following command to delete the temporary file rootkey.cfg on the NM, EM, IS,
PM and NBI_GW nodes one by one:
$ rm -rf /export/home/ossuser/rootkey.cfg
NOTE
– Replacing a working key may take a long period of time, usually less than 4 hours.
– After the preceding command is executed, the system will automatically generate a working
key, which is saved to the /opt/oss/server/etc/conf/runinfos directory. For example, the
runinfo_00000033D559AFAF28200010E02DAF6E.cfg file stored in /opt/oss/server/etc/
conf/runinfos/ indicates an automatically generated working key.
3. Run the following command to locate the new working key:
$ crypto_cfgtool -cmd getEncMaterial
Information similar to the following is displayed:
/opt/oss/server/etc/conf/runinfos/runinfo_00000033D559AFAF28200010E02DAF6E.cfg
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
5. When replacing the working key on the PM node, perform the following extra
operations:
$ cd /opt/oss/Collector/server/platform/bin/
./crypto_cfgtool -cmd modify -file /opt/oss/server/etc/conf/runinfos/
runinfo_XXX.cfg
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
6. When replacing the working key on the IS node, perform the following extra operations:
a. Run the following command on the IS node to replace the working key:
$ cd /opt/oss/server/tools/h2CryptoCfgTool
$ ./H2CryptoCfgTool.sh
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
If the following information is displayed, the replacement succeeds; otherwise,
return to step 1.
operation start.
...
operation success.
NOTE
If the preceding command fails to be executed, perform rollback. For details, see How to
Perform Rollback After a Failed Key Replacement on the IS Node?.
b. Run the following command to delete the isdb.h2.db.bak file on the primary IS
node.
$ rm -rf /opt/oss/server/etc/oss_cfg/frame/is_server/data/isdb.h2.db.bak
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
7. Repeat step f to replace the working key on the secondary IS node.
Step 5 Start the EM, NM, IS, PM and NBI_GW node processes one by one. For details about how to
start a node process, see Starting the U2000 Distributed System.
----End
Follow-up Procedure
1. Delete the exported key store.
a. Log in to the EM, NM, IS, and NBI_GW nodes one by one as the ossuser user
using the PuTTY.
b. Run the following command to delete the key store exported before key
replacement:
$ rm -rf opt/oss/engr/tools/crypto/cryptoInfo.zip
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
2. Back up the new key store.
a. Log in to the EM, NM, IS, and NBI_GW nodes one by one as the ossuser user
using the PuTTY.
b. Run the following command to back up the new key store:
$ cd /opt/oss/engr/tools/crypto
$ ./export.sh export_path
NOTE
In the preceding command, export_path indicates the key store's backup directory, for
example, opt/oss/engr/tools/crypto.
If information similar to the following is displayed, the backup succeeds:
Operations are successful,Backup File is:opt/oss/engr/tools/crypto/
cryptoInfo.zip
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is
not installed in partition /opt, change the partition in the directory accordingly.
l In the preceding displayed message, opt/oss/engr/tools/crypto indicates the key store's
backup directory. The backup file cryptoInfo.zip contains both the working key and root
key.
c. Save the exported backup key store after encryption to a storage unit with a higher
level of confidentiality, and delete it locally.
Context
l The U2000 automatically generates an RSA key file in the default directory, which is
used to replace the default RSA key file after the U2000 is installed. You can also
manually re-generate the RSA key file. For details, see Step 3.
l By default, the U2000 is installed in /opt/oss. If the U2000 is not installed in this
directory, modify the directories in this topic based on the actual situation.
l The RSA key files include /opt/oss/server/etc/conf/cipher/rsa/rsapublic.key
and /opt/oss/server/etc/conf/cipher/rsa/rsaprivate.key.
Procedure
Step 1 Log in to the NM as the ossuser user.
Step 2 Stop the NM and EM processes. For details, see Stopping the U2000 Distributed System.
Step 3 Optional: Run the following commands to generate an RSA key file.
$ cd /opt/oss/server/tools/rsa
$ /opt/oss/server/3rdTools/bin/python rsatool.py
Step 5 Log in to each EM as the ossuser user and run the following command to make the RSA key
file take effect:
$ ssl_adm -cmd genkey
The RSA key file is successfully generated if the following information is displayed:
Generating an RSA key...
An RSA key generated successfully.
Step 6 Start the NM and EM processes. For details, see Starting the U2000 Distributed System.
----End
Prerequisites
l Ensure that the NMS process is stopped. To check whether it is stopped, see A.10.6 How
to Verify That the Processes of the U2000 Single-Server System Are Running on
Windows. If the NMS process is not stopped, see A.10.8 How to End the Processes of
the U2000 Single-Server System on Windows.
l Ensure that the database is running properly. To check the database status, see A.7.4
How to Start the SQL Server Database.
l Ensure that the MSuite server process is stopped. For details, see How to End Processes
on the MSuite Server.
l Ensure that the key store is backed up.
Procedure
Step 1 Log in to the Windows OS as a user with administrator rights.
Step 2 Run the following commands to generate the RSA key parameter:
> cd /d D:
> openssl genrsa -out rsa_pri.pem 2048
If information similar to the following is displayed, the parameter is successfully generated:
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
..+++
................................................................+++
e is 65537 (0x10001)
NOTE
After the preceding commands are executed, the rsa_pri.pem file will be generated in the root directory
of disk D.
Step 3 Run the following command to generate the public.key file based on the key file:
> openssl rsa -in rsa_pri.pem -pubout -outform PEM -out public.key
If information similar to the following is displayed, the file is successfully generated:
writing RSA key
NOTE
After the preceding command is executed, the public.key file will be generated in the root directory of
disk D.
Step 4 Run the following command to generate the private key file pkcs8.pem in PKCS8 format
based on the key file:
> openssl pkcs8 -topk8 -inform PEM -outform PEM -in rsa_pri.pem -out pkcs8.pem -
nocrypt
NOTE
After the preceding command is executed, the pkcs8.pem file will be generated in the root directory of
disk D.
Step 5 Copy all the data in pkcs8.pem and public.key files to one text file and name it as
rsa_host.key. The content format is as follows:
----End
This topic describes how to manage the system files and disks of the U2000.
8.1 U2000 File System Overview
This topic describes the system architecture of the U2000, which is based on the client/server
model, and the file system of the U2000.
8.2 Single-Server System Running on Windows
This topic describes how to manage system files and disks of the U2000 in a single-server
system running on Windows.
8.3 Single-Server System Running on Solaris
This topic describes how to manage system files and disks of the U2000 in a single-server
system running on Solaris.
8.4 Single-Server System Running on SUSE Linux
This topic describes how to manage system files and disks of the U2000 in a single-server
system running on SUSE Linux.
8.5 High Availability System Running on Solaris
This topic describes how to manage system files and disks of the U2000 in a high availability
system running on Solaris.
8.6 High Availability System Running on SUSE Linux
This topic describes how to manage system files and disks of the U2000 in a high availability
system running on SUSE Linux.
The system architecture of the U2000 is based on the client/server model. The details are as
follows:
l The client provides the graphical user interface (GUI) for you to maintain and perform
operations on network elements (NEs), in addition to monitoring the status of the U2000.
l The server communicates with NEs and stores the data of operations and maintenance on
NEs.
l The client and server of the U2000 communicate with each other through the data
communication network (DCN). The lower-layer NMS and the upper-layer (OSS)
communicate with the U2000 server through a DCN.
l Do not move or delete U2000 and database folders or files randomly during daily
maintenance and management. Otherwise, the U2000 may fail to function properly.
l Do not modify owners, groups, or permissions of U2000 files randomly during daily
maintenance and management.
The U2000 server software can run in the Windows, SUSE Linux and Solaris operating
system (OS) and integrates the database software. The file systems of the servers of the
U2000 are the same. The following table shows the directory structure.
NOTE
The situation where the U2000 is installed in D:\oss is used as an example to describe the major
directory architectures for the U2000 server software in the following Windows OSs.
Table 8-1 Major directory architecture for the U2000 server software in the Windows OS
NOTE
The situation where the U2000 is installed in /opt/oss is used as an example to describe the major
directory architectures for the U2000 server software in the following Solaris or SUSE Linux OSs.
Table 8-2 Directory structure of the U2000 server software in the Solaris or SUSE Linux OS
Default Directory Name Description
The U2000 client software can run in the Windows OS. The following table shows the
directory structure of the client file system.
NOTE
The situation where the U2000 is installed in D:\oss is used as an example to describe the major
directory architectures for the U2000 client software in the following Windows OSs.
Table 8-3 Directory structure of the U2000 client software in the Windows OS
Default Directory Name in Windows Description
Procedure
Step 1 In the Computer window, right-click a disk and choose Properties from the shortcut menu.
Step 2 In the dialog box that is displayed, click the Tools tab.
Step 4 In the Check Disk operation dialog box, select the required check disk option and click
Start.
----End
Reference Standard
Hardware errors prompts do not exist in the displayed information.
Exception Handling
If a disk is faulty, contact the device supplier to repair or replace the disk.
Context
To ensure the normal running, the U2000 automatically deletes some data and reports one or
more of the disk clean-up event 5012, disk clean-up event 5013, and emergency disk data
migration event 5014 when the disk space on the server is insufficient. This is an emergency
preventive measure that does not resolve problems completely. Clean up disks as soon as
possible.
Procedure
l Method one (recommended): Use the disk cleanup tool.
a. Log in to Windows as a user with administrator rights.
b. Choose Start > Run. In the Run dialog box, enter cmd to open the command line
interface (CLI) window.
c. Run the following commands to start the disk cleanup tool script:
C:\Documents and Settings\Administrator>cd /d C:\oss\engr\engineering
\tool\hdcleaner
C:\oss\engr\engineering\tool\hdcleaner>start.bat
If the following information is displayed, the script has been executed successfully.
HD CLeaner : Operation Started.
l If a core dump fault occurs, some files whose names start with core may be
generated. After rectifying the fault, delete these files to release space.
l 20110221 indicates the scheduled alarm dumping file created on February 21,
2011. Confirm that the file is useless before deleting it.
For example, delete the 20110221 folder from the U2000 installation path
\server\dump\ThresholdExport\FMpath.
Perform the following steps to check the available disk space:
a. Press Win+E to open the resource manager.
b. Right-click Local Disk (D:) and choose Properties from the shortcut menu.
NOTE
Assume that the U2000 is installed in Local Disk (D:).
c. On the General tab page, check the disk usage.
----End
Context
Ensure that the files to be deleted are no longer used. If a useful file is deleted, the U2000
client may not run properly.
Procedure
Step 1 Delete the files in the d:\oss\client\logs path.
Step 2 Delete useless files.
Step 3 Empty the Recycle Bin.
----End
Procedure
Step 1 Log in to the Solaris OS as the ossuser user.
Step 2 Open a terminal window. Then, run the following commands to switch to the root user:
$ su - root
Password:password of the root user
Step 3 Run the following command to view the physical status of the current server disk:
# df -h
NOTE
The displayed information varies according to the actual condition of the intended workstation, and thus
may be different from the preceding information.
----End
Reference Standard
Hardware errors prompts do not exist in the displayed information.
Exception Handling
If a disk is faulty, contact the device supplier to repair or replace the disk.
Context
To ensure the normal running, the U2000 automatically deletes some data and reports one or
more of the disk clean-up event 5012, disk clean-up event 5013, and emergency disk data
migration event 5014 when the disk space on the server is insufficient. This is an emergency
preventive measure that does not resolve problems completely. Clean up disks as soon as
possible.
Procedure
l Method one (recommended): Use the disk cleanup tool.
a. Log in to the Solaris OS as the root user.
b. Run the following commands to start the disk cleanup tool script:
# cd /opt/oss/engr/engineering/tool/hdcleaner
# ./start_solaris.sh
If the following information is displayed, the script has been executed successfully.
HD CLeaner : Operation Started.
l If a core dump fault occurs, some files whose names start with core may be
generated. After rectifying the fault, delete these files to release space.
l 20110221 indicates the scheduled alarm dumping file created on February 21,
2011. Confirm that the file is useless before deleting it.
For example, run the following command to delete useless scheduled alarm
dumping files:
# cd /opt/oss/server/var/ThresholdExport/FM
# rm -r 20110221
----End
Context
Ensure that the files to be deleted are no longer used. If a useful file is deleted, the U2000
client may not run properly.
Procedure
Step 1 Delete the files in the /opt/oss/client/logs path.
----End
Procedure
Step 1 Log in to the SUSE Linux OS as the ossuser user.
Step 2 Open a command line interface (CLI). Then, run the following commands to switch to the
root user:
$ su - root
Password:password of the root user
Step 3 To view the physical status of the current server disk, run the following command:
# df -h
NOTE
The command output varies according to the actual condition of the server.
----End
Reference Standard
The command output does not contain information about hardware errors.
Exception Handling
If a disk does not function properly, contact the device supplier to repair or replace the disk.
Context
To ensure the normal running, the U2000 automatically deletes some data and reports one or
more of the disk clean-up event 5012, disk clean-up event 5013, and emergency disk data
migration event 5014 when the disk space on the server is insufficient. This is an emergency
preventive measure that does not resolve problems completely. Clean up disks as soon as
possible.
Procedure
l Method one (recommended): Use the disk cleanup tool.
a. Use the PuTTY to log in to the SUSE Linux OS as user ossuser in SSH mode.
b. Run the following commands to start the disk cleanup tool script:
$ cd /opt/oss/engr/engineering/tool/hdcleaner
$ ./start_linux.sh
If the following information is displayed, the script has been executed successfully.
HD CLeaner : Operation Started.
a. Use the PuTTY to log in to the SUSE Linux OS as user ossuser in SSH mode.
b. Run the following commands to switch to the root user:
$ su - root
Password:password of the root user
l If a core dump fault occurs, some files whose names start with core may be
generated. After rectifying the fault, delete these files to release space.
l 20110221 indicates the scheduled alarm dumping file created on February 21,
2011. Confirm that the file is useless before deleting it.
For example, run the following command to delete useless scheduled alarm
dumping files:
# cd /opt/oss/server/var/ThresholdExport/FM
# rm -r 20110221
----End
Context
Ensure that the files to be deleted are no longer used. If a useful file is deleted, the U2000
client may not run properly.
Procedure
Step 1 Delete the files in the /opt/oss/client/logs path.
----End
Procedure
l To check the disk usage by using the System Monitor, perform the following steps:
a. Log in to the System Monitor.
b. Click the Disk tab to check information such as the remaining space and percentage
of the used disk space.
l To check the disk usage by using commands, perform the following steps:
a. Log in to the Solaris OS as the ossuser user. Run the following command to switch
to the root user.
$ su - root
Password: password for the root user
b. Run the following command to view the disk usage on the primary and secondary
sites:
# df -h
The following information is displayed:
Filesystem kbytes used avail capacity
Mounted on
/dev/vx/dsk/bootdg/rootvol
12G 3.8G 7.9G 33% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 9.1G 1.8M 9.1G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
sharefs 0K 0K 0K 0% /etc/dfs/sharetab
/platform/sun4u-us3/lib/libc_psr/libc_psr_hwcap1.so.1
12G 3.8G 7.9G 33% /platform/sun4u-
us3/lib/libc
_psr.so.1
/platform/sun4u-us3/lib/sparcv9/libc_psr/libc_psr_hwcap1.so.1
12G 3.8G 7.9G 33% /platform/sun4u-
us3/lib/spar
cv9/libc_psr.so.1
fd 0K 0K 0K 0% /dev/fd
/dev/vx/dsk/bootdg/var
7.9G 1.4G 6.4G 19% /var
swap 9.1G 104K 9.1G 1% /tmp
swap 9.1G 40K 9.1G 1% /var/run
swap 9.1G 0K 9.1G 0% /dev/vx/dmp
swap 9.1G 0K 9.1G 0% /dev/vx/rdmp
/dev/vx/dsk/bootdg/opt
64G 7.4G 56G 12% /opt
/dev/vx/dsk/bootdg/home
1002M 1.0M 941M 1% /export/home
/dev/odm 0K 0K 0K 0% /dev/odm
/dev/vx/dsk/datadg/lv_nms_data
39G 40M 39G 1% /opt/sybase/data
----End
Procedure
l Check the disk status on Veritas.
a. Log in to the Solaris operating system as user ossuser.
b. Open a terminal window, and run the following commands to switch to user root:
$ su - root
Password:password_of_user_root
In the case of two hard disks, the terminal displays the following information:
DEVICE TYPE DISK GROUP STATUS
c1t0d0s2 auto:sliced rootdisk datadg online
c1t1d0s2 auto:sliced rootmirror datadg online
In the case of four hard disks, the terminal displays the following information:
DEVICE TYPE DISK GROUP STATUS
c1t0d0s2 auto:slice rootdisk rootdg online
c1t1d0s2 auto:slice rootmirror rootdg online
c1t2d0s2 auto:slice datadisk datadg online
c1t3d0s2 auto:slice datamirror datadg online
NOTE
The equipment names in the DEVICE column may be different from those displayed on the
terminal according to the actual situation of the workstation.
d. Run the following commands to switch to non-root user:
# exit
c. Run the following commands to view the physical status of the disk on the current
server:
# iostat -E
NOTE
The output information may be different from that displayed on the terminal according to the
actual situation of the workstation.
d. Run the following commands to switch to non-root user:
# exit
----End
Reference Standard
If the following standards are met, it indicates that the disk status is normal:
l After you run the vxdisk list command, the disk status is online.
l After you run the iostat -E command, if the Hard Errors information of the disk is 0, it
indicates that the physical status of the disk is normal.
Troubleshooting
If a disk fails, contact the equipment supplier to repair or replace the disk in a timely manner.
Procedure
Step 1 Open a terminal window, and run the following commands to switch to user root:
$ su - root
Password:password_of_user_root
Step 2 Run the following commands on both the primary and secondary sites:
# vxdg list
----End
Reference Standards
If the following standards are met, the disk group status is normal:
l If over two disks are available on the workstation, two disk groups should be displayed,
including rootdg and datadg. Otherwise, there is a problem with the disk groups.
l If only two disks are available on the workstation, only one disk group, that is, datadg,
should be displayed. Otherwise, there is a problem with the disk group.
l The STATE of each disk group should be enabled. Otherwise, there is a problem with
the disk groups.
Troubleshooting
If a fault of the disk group occurs, contact the local office or Customer Service Center of
Huawei according to the warranty.
Procedure
Step 1 Log in to the Solaris OS as the ossuser user.
Step 2 Open a terminal window, and run the following commands to switch to the root user:
$ su - root
Password:password_of_user_root
Step 3 Run the following commands to check whether the disk volume status is normal, according to
the disk volume information:
# vxprint -v
NOTE
The displayed information varies with the data of the disks that are actually configured.
l If over two disks are configured, the two disk groups including rootdg and datadg are available.
l If only two disks are configured, only one disk group (datadg) is available.
----End
Reference Standards
If the following standards are met, it indicates that the disk volume status is normal:
l Disk volumes used by the U2000 exist. Currently, disk volumes used by the U2000 is
lv_nms_data.
l For all the disk volumes, KSTATE must be ENABLED.
l For all the disk volumes, STATE must be ACTIVE.
Troubleshooting
1. If the problem persists, run the following command to record the details of all the disk
volumes, and contact the local office or Customer Service Center of Huawei according to
the warranty.
# vxprint -l VolumeName
Table 8-4 describes the meanings of the fields that are displayed:
For example, to query the details of the disk volume lv_nms_data, you can run the
following command:
# vxprint -l lv_nms_data
Volume: lv_nms_data
info: len=83886080
type: usetype=fsgen
state: state=ACTIVE kernel=ENABLED cdsrecovery=0/0 (clean)
assoc: rvg=datarvg
plexes=lv_nms_data-01,lv_nms_data-02
exports=(none)
policies: read=SELECT (round-robin) exceptions=GEN_DET_SPARSE
flags: closed writecopy writeback
logging: type=DCM loglen=512 serial=0/0 mapalign=256 (enabled)
apprecov: seqno=0/0
recovery: mode=default
recov_id=0
device: minor=1001 bdev=295/1001 cdev=295/1001 path=/dev/vx/dsk/datadg/
lv_nms_data
perms: user=root group=root mode=0666
......
Procedure
Step 1 Log in to the Solaris OS as the ossuser user.
Step 2 Open a terminal window, and run the following commands to switch to user root:
$ su - root
Password:password_of_user_root
Step 3 Run the following command to view the mounting status of the U2000 file system and the
Sybase file system.
# df -k
/devices 0 0 0 0% /devices
ctfs 0 0 0 0% /system/contract
proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
swap 70817088 1496 70815592 1% /etc/svc/volatile
objfs 0 0 0 0% /system/object
sharefs 0 0 0 0% /etc/dfs/sharetab
swap 70815592 0 70815592 0% /dev/vx/dmp
swap 70815592 0 70815592 0% /dev/vx/rdmp
/platform/sun4v/lib/libc_psr/libc_psr_hwcap3.so.1
51636771 4091453 47028951 9% /platform/sun4v/lib/
libc_psr.so.1
/platform/sun4v/lib/sparcv9/libc_psr/libc_psr_hwcap3.so.1
51636771 4091453 47028951 9% /platform/sun4v/lib/
sparcv9/libc_psr.so.1
fd 0 0 0 0% /dev/fd
/dev/vx/dsk/bootdg/var
51636771 1695737 49424667 4% /var
swap 70815664 72 70815592 1% /tmp
swap 70815624 32 70815592 1% /var/run
/dev/vx/dsk/bootdg/opt
413086752 5908189 403047696 2% /opt
/dev/vx/dsk/datadg/lv_nms
206437998 10791780 193581839 6% /opt/oss
/dev/vx/dsk/datadg/lv_database
154828495 9954606 143325605 7% /opt/sybase
/dev/vx/dsk/datadg/lv_backup
412876013 84594334 324152919 21% /opt/backup
/dev/vx/dsk/bootdg/home
20658157 20737 20430839 1% /export/home
/dev/odm 0 0 0 0% /dev/odm
/dev/vx/dsk/datadg/lv_nms_data
92897090 80218299 11749821 88% /opt/sybase/data
/dev/vx/dsk/datadg/lv_filesync
30965686 30729 30625301 1% /export/sync
----End
Context
To ensure the normal running, the U2000 automatically deletes some data and reports one or
more of the disk clean-up event 5012, disk clean-up event 5013, and emergency disk data
migration event 5014 when the disk space on the server is insufficient. This is an emergency
preventive measure that does not resolve problems completely. Clean up disks as soon as
possible.
Procedure
l Method one (recommended): Use the disk cleanup tool.
a. Log in to the Solaris OS as the root user.
b. Run the following commands to start the disk cleanup tool script:
# cd /opt/oss/engr/engineering/tool/hdcleaner
# ./start_solaris.sh
If the following information is displayed, the script has been executed successfully.
HD CLeaner : Operation Started.
l If a core dump fault occurs, some files whose names start with core may be
generated. After rectifying the fault, delete these files to release space.
l 20110221 indicates the scheduled alarm dumping file created on February 21,
2011. Confirm that the file is useless before deleting it.
For example, run the following command to delete useless scheduled alarm
dumping files:
# cd /opt/oss/server/var/ThresholdExport/FM
# rm -r 20110221
----End
Context
Ensure that the files to be deleted are no longer used. If a useful file is deleted, the U2000
client may not run properly.
Procedure
Step 1 Delete the files in the /opt/oss/client/logs path.
Step 2 Delete other useless files.
Step 3 Empty the Trash.
----End
Procedure
l Method one (recommended): To check the disk usage by using the System Monitor,
perform the following steps:
a. Log in to the System Monitor.
b. Click the Disk tab to view information such as the available space and percentage
of used disk space.
l Method two: To check the disk usage by using command lines, perform the following
steps:
a. Log in to the SuSE Linux OS as the ossuser user. Run the following command to
switch to the root user.
$ su - root
Password: password for the root user
----End
Procedure
Step 1 Log in to the SUSE Linux OS as the ossuser user.
Step 2 Open a terminal window. Then, run the following commands to switch to the root user:
$ su - root
Step 3 Run the following command on the primary and secondary sites:
# vxdisk list
NOTE
The equipment name displayed in the DEVICE column varies according to the actual condition of the
intended workstation, and thus may be different from the preceding information.
----End
Reference Standard
The disk status can be concluded to be normal in the following situation:
After you run the vxdisk list command, the status of all disks is online.
Exception Handling
If a disk is faulty, contact the equipment supplier to repair or replace the disk in time.
Procedure
Step 1 Open a command line interface (CLI). Then, run the following commands to switch to the
root user:
$ su - root
Password:password_of_user_root
Step 2 Run the following command on both the primary and secondary sites:
# vxdg list
----End
Result
Disk group status is considered normal in the following situations:
l On the workstation, only the datadg disk group is displayed.
l STATE is enabled for disk group.
Follow-up Procedure
If a fault of the disk group occurs, contact the local office or Customer Service Center of
Huawei according to the warranty.
Procedure
Step 1 Log in to the SUSE Linux OS as the ossuser user.
Step 2 Open a command line interface (CLI). Then, run the following commands to switch to the
root user:
$ su - root
Password:password_of_user_root
Step 3 Run the following command to check whether the disk volume status is normal:
# vxprint -v
Information similar to the following is displayed:
Disk group: datadg
----End
Reference Standards
Disk volume status is considered normal if the following standards are met:
l Disk volumes used by the U2000 exist. Currently, the U2000 uses the lvdata disk
volume.
l KSTATE is ENABLED for all disk volumes.
l STATE is ACTIVE for all disk volumes.
Troubleshooting
1. If the problem persists, run the following command to record details of all disk volumes,
and contact the local office or customer service center of Huawei according to the
warranty:
# vxprint -l VolumeName
In the command, VolumeName indicates the name of the disk volume. The name of the
current disk volume can be obtained through the vxprint -v command.
Table 8-5 describes meanings of the fields in the command output.
For example, to view details of the lvdata disk volume, run the following command:
# vxprint -l lvdata
Volume: lvdata
info: len=209715200
type: usetype=fsgen
state: state=ACTIVE kernel=ENABLED cdsrecovery=0/0 (clean)
assoc: rvg=datarvg
plexes=lvdata-01,lvdata-02
exports=(none)
policies: read=SELECT (round-robin) exceptions=GEN_DET_SPARSE
flags: open writecopy writeback
logging: type=DCM loglen=512 serial=0/0 mapalign=256 (enabled)
apprecov: seqno=0/0
recovery: mode=default
recov_id=0
device: minor=25001 bdev=199/25001 cdev=199/25001 path=/dev/vx/dsk/datadg/
lvdata
perms: user=root group=root mode=0600
guid: {41ad6708-b94f-11e2-875a-1a5d1918d772}
mediatype: hdd
Procedure
Step 1 Log in to the SUSE Linux OS as the ossuser user.
Step 2 Open a command line interface (CLI). Then, run the following commands to switch to the
root user:
$ su - root
Password:root user password
Step 3 Run the following command to view the mounting status of the U2000 file system and Sybase
file system:
# df -k
If the file system information about /dev/sda7 119719140 63434664 50203096 56% /opt
and /dev/vx/dsk/datadg/lvdata 103212320 44358408 53611032 46% /opt/sybase/data is
displayed, it indicates that the mounting status of the U2000 file system and the Sybase file
system is normal.
----End
Context
To ensure the normal running, the U2000 automatically deletes some data and reports one or
more of the disk clean-up event 5012, disk clean-up event 5013, and emergency disk data
migration event 5014 when the disk space on the server is insufficient. This is an emergency
preventive measure that does not resolve problems completely. Clean up disks as soon as
possible.
Procedure
l Method one (recommended): Use the disk cleanup tool.
a. Use the PuTTY to log in to the SUSE Linux OS as user ossuser in SSH mode.
b. Run the following commands to start the disk cleanup tool script:
$ cd /opt/oss/engr/engineering/tool/hdcleaner
$ ./start_linux.sh
If the following information is displayed, the script has been executed successfully.
HD CLeaner : Operation Started.
l If a core dump fault occurs, some files whose names start with core may be
generated. After rectifying the fault, delete these files to release space.
l 20110221 indicates the scheduled alarm dumping file created on February 21,
2011. Confirm that the file is useless before deleting it.
For example, run the following command to delete useless scheduled alarm
dumping files:
# cd /opt/oss/server/var/ThresholdExport/FM
# rm -r 20110221
----End
Context
Ensure that the files to be deleted are no longer used. If a useful file is deleted, the U2000
client may not run properly.
Procedure
Step 1 Delete the files in the /opt/oss/client/logs path.
----End
9 Log Management
The U2000 automatically records OSS logs, such as system logs, security logs, and user
operation logs when it operates. By querying and collecting statistics on logs, you can
understand the U2000 operating status, system security status, or specific user operation
information. In addition, the U2000 records NE Syslog operation logs and NE Syslog run
logs. By viewing NE logs, you can learn the operating status of the NEs. You can dump logs
to a hard disk or forward logs to a third-party Syslog server, relieving pressure on the
database. You can also export logs to a file or save log results as a file for access.
Context
NOTE
l Personal data may be involved during application and maintenance. To address this issue, multiple
handling methods are provided such as data anonymization.
l You are advised to comply with local laws and regulations and company policies as well as take
sufficient measures to fully protect user data. For example, delete saved log files after usage.
NMS Log
The U2000 records operations performed by all the U2000 users and the operation results.
l U2000 system log: System logs record operations or tasks that the U2000 performs
automatically, such as scheduled and system tasks.
l U2000 operation log: Operation logs record the information about the non-security
operations that the user performs on the U2000, for example, muting and displaying the
alarm sound.
l U2000 security log: Security logs record the security operations that the user performs in
the U2000, for example, login, logout, and unlocking.
By querying logs, the administrator can track and check user operations. Pay close attention to
operation logs. This helps you to master the system runtime information. The logs record of
events related to the equipment operations. For example, querying, creating, and deleting an
NE or other objects. The logs also help you to learn user activities. For example, you can view
operations performed by a user in the system.
You can query the preceding three types of logs on a client. In addition, all user activities and
operation instructions on the U2000 management plane are recorded as events to the OS logs
which are stored in the C: \Windows\System32\winevt\Logs\Application.evtx
(Windows), /var/adm/localmessages (Solaris), and /var/log/localmessages (Linux)
directories. If the number of recorded logs reaches the threshold, new logs will overwrite logs
recorded earlier.
NE Log
Operations and operation results of all the NE users are recorded in the NE. The U2000
supports the query of NE logs encapsulated by the syslog protocol of IP and access NEs and
the query of original security logs of transport NEs.
l NE syslog run log: Syslog run logs record running information about managed NEs. You
can view the NE syslog run logs on the U2000, rather than viewing them on each NE.
The U2000 allows users to browse syslog run logs of IP NEs.
l NE syslog operation log: Syslog operation logs record operation information about
managed NEs. You can view the NE syslog operation logs on the U2000, rather than
viewing them on each NE. The U2000 allows users to browse syslog operation logs of
access NEs.
l NE security log: NE security logs record security-based operations that all NE users
perform on an NE. You can view the NE security logs on the U2000, rather than viewing
them on each NE. The U2000 allows users to browse security logs of transport NEs.
Log Dumping
By setting the scheduled task dump, you can enable the U2000 to periodically save the log in
a specified directory. This function facilitates log viewing, reduces records in the database,
and speeds up the running of the system. By default, the dump path of the log is
$IMAP_ROOT/var/ThresholdExport/Log(Solaris/Linux) or %IMAP_ROOT%\var
\ThresholdExport\Log(Windows). The dumped log can be saved as .csv, .xml, .txt or .html
files.
Log Forwarding
U2000 log forwarding: The U2000 forwards logs to the syslog server and save them. This
function provides references for maintenance and relieves the storage burden of the U2000
server.
NE log forwarding: The U2000 forwards various types of NE information to the system log
server in a format that complies with the system log protocol. Network management
personnel and network maintenance personnel can learn the NE status according to
emergency of the information. The U2000 can forward logs of only IP and transport NEs. You
can configure a syslog server on an access NE and run commands to forward access NE logs.
Log Export
Automatic system log export: The U2000 can automatically export system logs to the server
so that users can browse the logs easily. To configure an automatic export task, do as follows:
Choose Administration > Task Schedule > Task Management from the main menu. In the
Task Management window, choose File Interface > Operation Log Export, File Interface
> Security Log Export, File Interface > System Log Export from the navigation tree.
Manual system log export: The U2000 allows users to manually export system logs to the
current client so that users can browse the logs easily. To configure a manual export task, do
as follows: Choose Administration > Log Management > Query System Logs from the
main menu. In the Query System Logs window, export logs by choosing a shortcut menu
item. (The procedures for exporting operation logs and security logs are similar to this.)
Log Types
Type Description Example Parameter
NOTE
l Generated OSS logs and NE Syslog operation logs are saved in the OSS LogDB.
l Generated NE Syslog run logs are saved on both the hard disk and Syslog database (omcDB).
l The data on the hard disk is displayed on the client. Users can view the data on the client. In
Solaris and SUSE Linux operating systems, NE Syslog run logs are saved in the /opt/oss/
server/var/devlogs directory. In Windows operating system, NE Syslog run logs are saved in
the D:\oss\server\var\devlogs directory.
l The data in the Syslog database is forwarded to the third-party Syslog server, implementing
unified log management.
Risk Level Level of a risk caused by the operation that is performed on the
U2000. The options are Warning, Minor, and Risk.
Parameter Description
Operation Result An operation may have one of the following three results:
Successful, Failed, and Partially successful (which are
displayed as Successful, Failed, and Unknown in system
logs.)
l Successful: indicates that the operation is successful and a
complete operation result is returned.
l Failed: indicates that the operation fails.
l Partially successful: indicates that the operation is partially
successful and a complete operation result is returned.
l Unknown: indicates an unknown status.
Parameter Description
User Name User who runs the command recorded in an NE Syslog run log.
User IP Address IP address of the user who runs the command recorded in an
NE Syslog run log.
Level NE Syslog run log level. Log levels include the Emergency,
Alert, Critical, Error, Warning, Notice, Informational, and
Debug levels.
Context
l Query results are generated based on the existing data in the database. If the database is
empty, no query result is displayed.
l Different users have different log query rights. For details, see Table 9-4.
Operation logs l Users in the Administrators group or users who have the
Query All Operation Logs permission can query operation
logs of all users.
NOTE
Users who have permission to Query All Operation Logs in a region
can view the operation logs of all users only in the region.
l Users in the SMManagers group who have the Query
Operation Logs permission can query operation logs of all
users.
l Common users who do not belong to the Administrators or
SMManagers group and who have the Query Operation
Logs permission can query only their own operation logs.
System logs l Users who have the Query System Logs permission can query
system logs.
Security logs l Users in the SMManagers group can query security logs of all
users.
l Users who have the Query All Security Logs permission can
query security logs of all users.
NOTE
Users who have permission to Query All Security Logs in a region
can view the security logs of all users only in the region.
l Users in a group of the Subdomain Security Administrator
Group type can view their own and their managed users'
security logs.
l Users who have the Query Security Logs permission can
query their own security logs.
Procedure
Step 1 Choose a menu portal.
l Querying operation logs: Choose Administration > Log Management > Query
Operation Logs from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose Log Management > Query
Operation Logs from the main menu (application style).
l Querying system logs: Choose Administration > Log Management > Query System
Logs from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose Log Management > Query System
Logs from the main menu (application style).
l Querying security logs: Choose Administration > Log Management > Query Security
Logs from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose Log Management > Query Security
Logs from the main menu (application style).
Step 2 In the Filter dialog box, set filter criteria and click OK.
Step 3 Right-click OSS logs in the query result window and choose the following operations from
the shortcut menu:
Operation Method
Details Right-click a log in the window and choose Details from the shortcut
menu, or double-click the log.
NOTE
The Log Details dialog box displays log information, such as the operation
time, risk level, or operation result.
Save All Records 1. Right-click a log in the window and choose Save All Records
from the shortcut menu.
2. In the Save dialog box, select the path to save all the records, and
click Save.
NOTE
l Log records can be saved as a file in .txt, .html, .csv, .pdf, .xls or .xlsx
format. When a user saves a log file in .xls or .xlsx format, a cell can
support a maximum of 32,767 characters.
l For .txt files, code formats ISO-8859-1 and UTF-8 are supported. The
default encoding format is ISO-8859-1. You are advised to use the default
encoding format if the saved file does not need to support multiple
languages; otherwise, UTF-8 is recommended.
l The Progress dialog box is displayed if numerous log records exist. You
can click Background in the Progress dialog box or press Enter to perform
other operations on the background.
Save Selected 1. Select one or more logs in the query window, right-click, and
Records choose Save Selected Records from the shortcut menu.
2. In the Save dialog box, select the path to save the records and click
Save.
NOTE
l Log records can be saved as a file in .txt, .html, .csv, .pdf, .xls or .xlsx
format. When a user saves a log file in .xls or .xlsx format, a cell can
support a maximum of 32,767 characters.
l For .txt files, code formats ISO-8859-1 and UTF-8 are supported. The
default encoding format is ISO-8859-1. You are advised to use the default
encoding format if the saved file does not need to support multiple
languages; otherwise, UTF-8 is recommended.
l The Progress dialog box is displayed if numerous log records exist. You
can click Background in the Progress dialog box or press Enter to perform
other operations on the background.
Operation Method
Save Specified 1. Right-click a log in the window and choose Save Specified
Records Records from the shortcut menu.
2. In the Save Specified Records dialog box, set the start and end log
records and the name of the file to be saved, and click OK.
NOTE
l In the Save Specified Records dialog box, click on the right of File
name. In the Save dialog box, select the path for saving the records. Log
records can be saved as a file in .txt, .html, .csv, .pdf, .xls or .xlsx format.
When a user saves a log file in .xls or .xlsx format, a cell can support a
maximum of 32,767 characters.
l For .txt files, code formats ISO-8859-1 and UTF-8 are supported. The
default encoding format is ISO-8859-1. You are advised to use the default
encoding format if the saved file does not need to support multiple
languages; otherwise, UTF-8 is recommended.
l The Progress dialog box is displayed if numerous log records exist. You
can click Background in the Progress dialog box or press Enter to perform
other operations on the background.
Print All Records 1. Right-click a log in the window and choose Print All Records
from the shortcut menu.
2. In the Print dialog box, set the print parameters and click Print.
Print Selected 1. Select one or more logs in the query window, right-click, and
Records choose Print Selected Records from the shortcut menu.
2. In the Print dialog box, set the print parameters and click Print.
Print Specified 1. Right-click a log in the window and choose Print Specified
Records Records from the shortcut menu.
2. In the Print Specified Records dialog box, set the start and end
log records and click OK.
3. In the Print dialog box, set the print parameters and click Print.
Find Enter a keyword in Find what in the Find dialog box for search.
NOTE
l Match case: determines whether the case of search contents matches the
case of the keyword. By default, the cases do not match.
l Match entire cell contents: If you want the search contents to partially
match the cell contents, clear Match entire cell contents. If you want the
search contents to exactly match the cell contents, select Match entire cell
contents. By default, Match entire cell contents is cleared.
----End
Context
l Statistical results are generated based on the existing data in the database. If the database
is empty, there is no statistical result.
l Different users have different log statistics rights. For details, see Table 9-5.
Table 9-5 Relationship between OSS log types and operation rights
Type Operation Rights
OSS logs Operatio l Users in the Administrators group or users who have the
n logs Query All Operation Logs permission can collect
statistics on operation logs of all users.
NOTE
Users who have permission to Query All Operation Logs in a
region can collect statistics on the operation logs of all users only
in the region.
l Users in the SMManagers group who have the Query
Operation Logs permission can collect statistics on
operation logs of all users.
l Common users who do not belong to the Administrators
or SMManagers group and who have the Query
Operation Logs permission can collect only their own
statistics on operation logs.
System l Users who have the Query System Logs permission can
logs collect statistics on system logs.
Procedure
Step 1 Choose a menu portal.
l Collecting statistics on operation logs: Choose Administration > Log Management >
Operation Log Statistics from the main menu (traditional style); alternatively, double-
click Security Management in Application Center and choose Log Management >
Operation Log Statistics from the main menu (application style).
l Collecting statistics on system logs: Choose Administration > Log Management >
System Log Statistics from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose Log Management > System
Log Statistics from the main menu (application style).
l Collecting statistics on security logs: Choose Administration > Log Management >
Security Log Statistics from the main menu (traditional style); alternatively, double-
click Security Management in Application Center and choose Log Management >
Security Log Statistics from the main menu (application style).
Step 2 In the Filter dialog box, set Statistics Settings and Filter Criteria, and click OK.
NOTE
l You can also click Cancel and use either of the following methods to filter and collect statistics on
logs.
– Click Template and choose Open. Select a template from the template list and click Open to
use an existing template to collect statistics on operation logs. If no template exists on the
U2000, follow the instructions described in 9.1.5 Setting U2000 Log Templates to create a
template.
– Click Filter. In the Filter dialog box, set Statistics Settings and Filter Criteria and click OK
to collect statistics on operation logs.
----End
Result
The display mode of statistics varies according to the settings on the Statistics Settings tab
page in the Filter dialog box. Table 9-6 describes the relationship between Statistics Settings
for operation logs and security logs and the display mode of statistics. Table 9-7 describes the
relationship between Statistics Settings for system logs and the display mode of statistics.
Table 9-6 Relationship between Statistics Settings and the display mode of statistics (1)
Do not set it Do not set it Set it to The statistical result is displayed as follows:
to (None). to (None). (Count). l The statistical result is displayed in a
collapsed tree with Item 1 as the level-1
node and Item 2 as the level-2 node.
l The statistical result is achieved based on
the items selected in Row.
Do not set it Do not set it Do not set it l The statistical result is displayed in a
to (None). to (None). to (Count). collapsed tree with Item 1 as the level-1
node and Item 2 as the level-2 node.
l The statistical result is achieved based on
the combination of the items selected in
Row and the item selected in Column.
Do not set it Set it to Do not set it l The statistical result is displayed by Item
to (None). (None). to (Count). 1 or Item 2.
Set it to Do not set it Do not set it l The statistical result is achieved based on
(None). to (None). to (Count). the combination of the items selected in
Row and the item selected in Column.
Table 9-7 Relationship between Statistics Settings and the display mode of statistics (2)
Row Column Display Mode
Item 1 Item
Set it to Risk Level. Set it to (Count). The statistical result is displayed as follows:
Set it to Risk Level. Set it to Source. l The statistical result is displayed by Risk
Level.
l The statistical result is achieved based on
Source.
Context
l Choose Administration > Log Management > Query Operation Logs from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose Log Management > Query Operation Logs from the
main menu (application style). Click Template Filter to set the template.
l Choose Administration > Log Management > Query System Logs from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose Log Management > Query System Logs from the
main menu (application style). Click Template Filter to set the template.
l Choose Administration > Log Management > Query Security Logs from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose Log Management > Query Security Logs from the
main menu (application style). Click Template Filter to set the template.
l Choose Administration > Log Management > Operation Log Statistics from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose Log Management > Operation Log Statistics from
the main menu (application style). Click Template to set the template.
l Choose Administration > Log Management > System Log Statistics from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose Log Management > System Log Statistics from the
main menu (application style). Click Template to set the template.
l Choose Administration > Log Management > Security Log Statistics from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose Log Management > Security Log Statistics from the
main menu (application style). Click Template to set the template.
The operations for setting the log query and statistics templates are similar. The following
provides an example of setting the log query template.
Procedure
Step 1 Choose Administration > Log Management > Query Operation Logs from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose Log Management > Query Operation Logs from the main menu (application
style).
Step 2 In the Filter dialog box, click Cancel.
Step 3 You can perform the following operations in the Query Operation Logs window.
Operation Method
Open a template If a log query and statistics template exists in the U2000, you can
perform the following operations to open the template:
1. Click Template Filter and choose Open.
2. In the Open dialog box, select a template and click Open.
Save a template You can perform the following operations to save and modify a log
query or statistics template:
1. Click Template Filter and choose Save As.
2. In the Save Template dialog box, enter a template name and
click OK.
Operation Method
Delete a template If a log query and statistics template exists in the U2000, you can
perform the following operations to delete the template:
1. Click Template Filter and choose Delete.
2. In the Delete dialog box, select a template.
3. Click Delete.
4. In the Confirm dialog box, click Yes.
5. In the Delete dialog box, click Close.
Export If a query operation logs template exists in the U2000, you can
perform the following operations to export the template:
1. Click Template Filter and choose Export.
2. In the Export dialog box, select a template.
3. On the File Integrity Protection group box, enter the same
password in Password and Confirm password text boxes.
4. Click . In the Select Folder dialog box, select a save path for
the template file to export, and click Save.
5. Click OK.
6. In the Information dialog box, click OK.
----End
Context
l The log query tool supports query of files only in CSV format. If you will use the log
query tool to query security logs, select the CSV format when dumping or exporting
logs.
NOTE
Procedure
Step 1 Choose Administration > Task Schedule > Task Management from the main menu
(traditional style); alternatively, double-click System Management in Application Center
and choose Task Schedule > Task Management from the main menu (application
style)Administration > Task Schedule > Task Management from the main menu
(traditional style); alternatively, double-click System Management in Application Center
and choose Task Schedule > Task Management from the main menu (application style).
Step 2 In the task list of the Task Management window, select the log dump or export task type and
task.
Log dump or export task types are as follows:
l Database Capacity Management: Security Log Dump, Operation Log Dump, System
Log Dump, Device Log Dump (The device logs here indicate access NE Syslog
operation logs.)
l Overflow Dump: Security Log Overflow Dump, Operation Log Overflow Dump,
System Log Overflow Dump
l Manual Dump: Security Log Manual Dump, Operation Log Manual Dump, System Log
Manual Dump
l File Interface: Security Log Export, Operation Log Export, System Log Export
Step 4 In the Attributes dialog box, set the parameters on the Common Parameters and Extended
Parameters tabs.
l The time displayed in the U2000 log record is the start time of an operation. If the start time of the
operation is within the time range for exporting logs, but the operation is not complete when the time
for exporting logs is reached, this log record is not exported to the log file.
l The time for triggering the log dump task in database capacity management, log dump task in
overflow dump, and log export task in file interface depends on Start time and Interval among
common parameters for different tasks.
----End
Result
File path on the Extended Parameters tab page displays the path for saving the log file.
Task Task Default Path for Saving Rules for Naming Dumped/
Type Name Dump/Export File Exported Files
System l YYYYMMDDHHMMSS-
Log Dump system-log-
System dateThreshold_info.xml
Log l YYYYMMDDHHMMSS-
Overflow system-log-
Dump dateThreshold(UTF–8)-
<number>.zip
Task Task Default Path for Saving Rules for Naming Dumped/
Type Name Dump/Export File Exported Files
System l YYYYMMDDHHMMSS-
Log system-log-manual_info.xml
Manual l YYYYMMDDHHMMSS-
Dump system-log-manual(UTF–8)-
<number>.zip
Task Task Default Path for Saving Rules for Naming Dumped/
Type Name Dump/Export File Exported Files
NOTE
l If each file contains more than 5000 rows, the .zip file is split into two or more files. <number> in
the file name continuously increases. Examples: 20140321144204-operation-log-
dateThreshold(UTF-8)-1.zip and 20140321144204-operation-log-dateThreshold(UTF-8)-2.zip.
l If a file is dumped/exported during daylight saving time (DST), its name contains DST. For
example, 20161122174945DST-system-log-dateThreshold_info.xml indicates this system log is
dumped during DST.
l Logs can be dumped/exported to a CSV, XML, TXT, or HTML file and then are compressed to
a .zip package.
Figure 9-2 Position of the log forwarding service in the entire log forwarding system
Topo Service
DB Syslog Forwarding agent Syslog Server
Security Service
... ...
NOTE
l The logs in the U2000 Syslog database (omcDB) are written by each service module (such as the
fault, topology, and security modules). Log data in the OSS database is not deleted after logs are
forwarded.
l Satisfy the following two conditions to implement the log forwarding function:
l Related logs have been written into the Syslog database. For details about the write function
configuration method, see Enabling Logging to U2000 Syslog Database in U2000
Administrator Guide.
l The U2000 and a third-party Syslog server haven been interconnected and can communicate
with each other. For details about the interconnection configuration method, see Setting the
Interconnection Between the U2000 and the Syslog Server.
Context
After this function is enabled, the U2000 logs are written to the Syslog database.
Procedure
Step 1 Log in to the U2000 server.
l Solaris/SUSE Linux: Log in to the server as the ossuser user.
l Windows: Log in to the server as the ossuser user
Step 2 Open the configuration file.
l Solaris/SUSE Linux:
Run the vi command to open the $IMAP_ROOT/etc/conf/IMAP_logsvc.xml file.
vi $IMAP_ROOT/etc/conf/IMAP_logsvc.xml
l Linux:
Open the %IMAP_ROOT%\etc\conf\IMAP_logsvc.xml file using tools such as
UltraEdit or Notepad.
Step 3 Set syslogReportFlag of the log to 1. The function of writing the logs into the Syslog
database is enabled.
The following is an example of writing the system logs, operation logs, and security logs of
the U2000 into the Syslog database.
<syslog name="syslogReport">
<logType name="41">
<!-- Report switch: 0 - Off; 1 - On. This swtich is for system logs. The
switch is turned off by default.-->
<param name="syslogReportFlag">1</param>
<!-- Report level control: Only the logs at the same level or a higher
level are reported. The default value is 2 (Risk). -->
<!-- Log level are 0:warning, 1:minor, 2:risk -->
<param name="syslogReportLevel">2</param>
</logType>
<logType name="42">
<!-- Report switch: 0 - Off; 1 - On. This swtich is for operation logs.
The switch is turned off by default. -->
<param name="syslogReportFlag">1</param>
</logType>
<logType name="43">
<!-- Report switch: 0 - Off; 1 - On. This swtich is for security logs.
The switch is turned off by default. -->
<param name="syslogReportFlag">1</param>
<!-- Report level control: Only the logs at the same level or a higher
level are reported. The default value is 1 (Minor). -->
<!-- Log level are 0:warning, 1:minor, 2:risk -->
<param name="syslogReportLevel">1</param>
</logType>
</syslog>
NOTE
Log level selection is not provided for operation logs (42) because operation logs at all levels are
reported.
Step 4 After the modification is complete, save the file. In the Solaris/SUSE Linux OS, exit from the
VSI editor after the file is saved.
NOTE
l When log service is restarted, all the dependent services will also be restarted.
l View other services that depend on the log service. For details, see 10 Monitoring the U2000
Processes.
----End
Procedure
Step 1 Use the PuTTY to log in to the server as user in SSH mode.
Step 2 Run the following command to open the configuration file /opt/oss/server/etc/conf/
IMAP_syslogsvc.xml:
$ vi /opt/oss/server/etc/conf/IMAP_syslogsvc.xml
Step 3 Based on the format of logs to be forwarded, add or modify configuration items that specify
regular expressions under filterRegexList. By default, the configuration file provides the
following configuration item that specifies the regular expression for filtering and forwarding
NE security logs:
<filterRegexList name="filterRegexList">
<param name="r01">\(s\)(\[[0-9]+\])?:</param>
</filterRegexList>
NOTE
When adding a configuration item, specify a number and a regular expression for the configuration item.
The configuration item number must be unique in the file. For example, to filter and forward NE
operation logs, add <param name="r02">\(l\)(\[[0-9]+\])?:</param> under filterRegexList.
Step 4 Press Esc to switch to the command-line interface (CLI) mode. Run the :wq! command to
save and close the IMAP_syslogsvc.xml file.
Step 5 Run the following command to import the configuration file into the database:
$ SettingTool -cmd import -file /opt/oss/server/etc/conf/IMAP_syslogsvc.xml
Step 6 When setting the interconnection between the U2000 and the Syslog server on a client, set
String filter to a regular expression specified in the configuration file so that logs that match
the regular expression can be forwarded to the specified server. For details, see 9.1.7.4 Setting
the Interconnection Between the U2000 and the Syslog Server. If the value of String filter
on the client is different from the regular expression or the configuration file does not contain
the regular expression, logs are filtered based on the value of String filter, which is used as a
common string. That is, if logs contain the value of String filter, the U2000 forwards the
logs. Otherwise, the U2000 does not forward the logs.
For example, if the regular expression \(s\)(\[[0-9]+\])?: for filtering and forwarding NE
security logs is specified on the server, you can set String filter to \(s\)(\[[0-9]+\])?: on a
client so that the U2000 forwards NE security logs that contain (s): or (s)[n]: (n indicates a
non-negative integer) to the specified server.
----End
9.1.7.4 Setting the Interconnection Between the U2000 and the Syslog Server
The U2000 can forward logs from the Syslog database to the third-party Syslog server only
when the U2000 communicates with the third-party Syslog server properly; therefore, you
need to set the information about the Syslog server on an U2000 client.
Context
The log forwarding server forwards only security logs, operation logs, and system logs.
Procedure
Step 1 Choose Administration > Settings > Log Forwarding Servers from the main menu
(traditional style); alternatively, double-click System Management in Application Center
and choose Settings > Log Forwarding Servers from the main menu (application style) from
from the main menu.
Step 2 You can perform the following operations in the Log Forwarding Servers window.
Refresh After another user updates the information about the log
forwarding server, click Refresh to obtain the updated
information.
----End
9.1.7.5 Monitoring the Connection Between the U2000 and Syslog Server
If the U2000 connects to the Syslog server abnormally, alarms are generated and sent to
U2000 clients. You need to clear the alarms in a timely manner to ensure normal
communication between the U2000 and the Syslog server.
Context
When TCP or Transport Layer Security (TLS) mode is configured for Syslog servers, there
are three situations:
1. If the U2000 successfully connects to the primary Syslog server, it forwards logs only to
this Syslog server.
2. If the U2000 fails to connect to the primary Syslog server, it attempts to connect to the
secondary Syslog server. If the connection is successful, the U2000 forwards logs only to
the secondary Syslog server.
3. If U2000 fails to connect to either of the primary and secondary Syslog servers, log
forwarding is unavailable for the Syslog servers.
The log forwarding service reports the following two alarms to the fault module when the
connection is abnormal:
l ALM-119 Alarm of the Switchover to the Standby Syslog Server: This alarm is
reported when the U2000 fails to connect to the primary Syslog server and attempts to
connect to the secondary Syslog server.
l ALM-118 Alarm of the Failure to Connect the Master and Standby Syslog Servers:
This alarm is reported when the U2000 fails to connect to either of the primary and
secondary Syslog servers.
To ensure proper communication between the U2000 and Syslog server, you must clear the
alarm in a timely manner.
Procedure
l Clear the ALM-119 Alarm of the Switchover to the Standby Syslog Server alarm by
following the procedure provided in ALM-119 Alarm of the Switchover to the Standby
Syslog ServerALM-119 Alarm of the Switchover to the Standby Syslog Server in the
online help.
l Clear the ALM-118 Alarm of the Failure to Connect the Master and Standby Syslog
Servers alarm by following the procedure provided in ALM-118 Alarm of the Failure to
Connect the Master and Standby Syslog ServersALM-118 Alarm of the Failure to
Connect the Master and Standby Syslog Servers in the online help.
----End
Scenario Introduction
If the trust certificates of the third-party Syslog server are changed, you need to update the
trust certificates deployed on the U2000 server. For detailed operations in a specific scenario,
see Table 9-8.
Table 9-8 Managing trust certificates of the Syslog server on the U2000 server
Scenario Operation
The third-party Syslog log 9.1.7.6.1 Deploying Log Forwarding Service Certificates
forwarding server is used NOTE
for the first time. When forwarding logs using the TLS protocol, the U2000 uses the
certificate of the U2000 server by default. The certificate is saved in
the /opt/oss/server/etc/ssl directory. To prevent the certificates from
affecting each other in different scenarios, you are advised to deploy
the certificate in the /opt/oss/server/etc/ssl/syslog directory.
Scenario Operation
The CA granting l If the CAs granting certificates to the U2000 server and to
certificates to the third- the third-party Syslog log forwarding server are the same,
party Syslog log or are two sub-CAs in the same CA, perform the following
forwarding server it not operations:
changed, and the trust 9.1.7.6.2 Updating Log Forwarding Service Certificates
certificates are updated. l If the CAs granting certificates to the U2000 server and to
the third-party Syslog log forwarding server are different,
and are not two sub-CAs in the same CA, perform the
following operations:
1. Delete old trust certificates of the third-party Syslog
log forwarding server by following the instructions
provided in 9.1.7.6.4 Deleting Trust Certificates of
the Third-party Syslog Server from the U2000
Server.
2. Add new trust certificates of the third-party Syslog log
forwarding server by following the instructions
provided in 9.1.7.6.3 Adding Trust Certificates of the
Third-party Syslog Server to the U2000 Server.
The server trusts a new 9.1.7.6.3 Adding Trust Certificates of the Third-party
CA granting certificates to Syslog Server to the U2000 Server
the third-party Syslog log
forwarding server.
The third-party Syslog log Query the file name and issuer of the trust certificate of the
forwarding server is no third-party Syslog log forwarding server by following the
longer used. instructions provided in ssl_adm -cmd queryCA.
l If the file name and issuer of the trust certificate exist,
follow the instructions provided in 9.1.7.6.4 Deleting
Trust Certificates of the Third-party Syslog Server
from the U2000 Server.
l If the file name and issuer of the trust certificate do not
exist, no further action is required.
Prerequisites
The following certificates have been obtained:
l Identity certificate and key of the U2000 server: server.cer and server_key.pem or
server.p12 and its encrypted password
l Trust certificate of the third-party Syslog server
Context
l The authentication mode including unidirectional and bidirectional authentication for the
log forwarding services is configured on the third-party Syslog server. To ensure
security, bidirectional authentication is recommended.
l If the U2000 server and the third-party Syslog server trust the same CA, they can use the
certificate deployed on the U2000 server during the mutual authentication. Certificate
deployment is not required.
l If unidirectional authentication (only the U2000 server authenticates the third-party
Syslog server) is applied and the U2000 server and the third-party Syslog server trust
respective CAs, deploy the trust certificate of the third-party Syslog server and the CRL
issued by an authorized CA on the U2000 server.
l If bidirectional authentication is applied and the U2000 server and the third-party Syslog
server trust respective CAs, deploy the trust certificate of the third-party Syslog server
and the CRL issued by an authorized CA on the U2000 server. In addition, deploy the
trust certificate of the U2000 server and the CRL issued by an authorized CA on the
third-party Syslog server.
l This section describes how to deploy a trust certificate and the CRL for the third-party
Syslog server on the U2000 server.In the local HA environment or the remote HA
environment, run this command only on the primary server.
l Re-log in to the client after deploying the certificates on the server.
l The TLSv1.0 protocol is not secure enough. Disable it. For details, see 5.3.2.5 Enabling
or Forbidding Using TLSv1.0 on the U2000. You are advised to use TLSv1.1 and later.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 2 Run the following commands to create a path for the certificates. In this example, /opt/oss/
server/syslogcertificates is created.
$ cd /opt/oss/server
$ mkdir syslogcertificates
Step 3 Use FileZilla to upload the trust certificate, identity certificate, and CRL to the U2000 server.
For details about how to use the FileZilla tool, see A.2.28 How to Use the FileZilla to
Transfer Files by SFTP. You must set the following information when uploading the
certificates:
l User name and password: name and password of the ossuser user
l File path on the server: /opt/oss/server/syslogcertificates
NOTE
One trust certificate file can contain only one trust certificate, and one CRL file can contain only one
CRL.
Single-Server System:
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
Step 5 Run the following command on the server to back up the certificates. If the certificates have
not been deployed, perform Step 6.
$ cd /opt/oss/server
$ mkdir -p var/backup/deployssl/ssl/syslog
NOTE
l The certificate backup path can be an absolute or relative path. The relative path is relative
to /opt/oss/server.
l Assume that certificates are backed up to /opt/oss/server/var/backup/deployssl/ssl/syslog.
Step 6 Run the following command to deploy the log forwarding service certificates.
NOTE
l Otherwise, certificates fail to be deployed. When this occurs, locate and handle the
failure according to the prompt message, and then restore the deployed certificate by
running the following command:
$ ssl_adm -cmd restore -app syslog -backpath var/backup/deployssl/ssl/syslog
NOTE
In the command, var/backup/deployssl/ssl/syslog is the path to the certificate backup, which can be
an absolute or relative path. The relative path is relative to /opt/oss/server.
Perform Step 6 to deploy certificates after they are restored.
If the failure persists, contact Huawei technical support engineers.
Step 7 Run the following commands to start U2000 processes for the replacement to take effect:
----End
Prerequisites
The following certificates have been obtained:
l Identity certificate and key of the U2000 server: server.cer and server_key.pem or
server.p12 and its encrypted password
l Trust certificate of the third-party Syslog server
l Optional: Certificate revocation list (CRL) issued by CA trusted by the third-party
Syslog server
NOTE
The identify certificate of the U2000 server and the trust certificate of the third-party Syslog server must
be issued by the same CA or two sub-CAs in the same CA. When they are issued by two sub-CAs in the
same CA, the trust certificates of both the CA and the two sub-CAs must be prepared.
Context
l When updating certificates, you must provide identity certificates. If the identity
certificates do not need to be updated, use the original identity certificates.
l In the local HA environment, you need to perform related operations only on the primary
server.
l In the remote HA environment, you need to perform related operations on both the
primary and secondary servers.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 2 Run the following commands to create a path for the certificates. In this example, /opt/oss/
server/syslogcertificates is created.
$ cd /opt/oss/server
$ mkdir syslogcertificates
Step 3 Use FileZilla to upload the trust certificate, identity certificate, and CRL to the U2000 server.
For details about how to use the FileZilla tool, see A.2.28 How to Use the FileZilla to
Transfer Files by SFTP. You must set the following information when uploading the
certificates:
l User name and password: name and password of the ossuser user
l File path on the server: /opt/oss/server/syslogcertificates
NOTE
One trust certificate file can contain only one trust certificate, and one CRL file can contain only one
CRL.
Step 5 Run the following command on the server to back up the certificates.
$ cd /opt/oss/server
$ mkdir -p var/backup/deployssl/ssl/syslog
NOTE
l The certificate backup path can be an absolute or relative path. The relative path is relative
to /opt/oss/server.
l Assume that certificates are backed up to /opt/oss/server/var/backup/deployssl/ssl/syslog.
Step 6 Run the following command to update the log forwarding service certificates.
$ ssl_adm -cmd update_certs -app syslog -dir /opt/oss/server/syslogcertificates
NOTE
In the command, var/backup/deployssl/ssl/syslog is the path to the certificate backup, which can be
an absolute or relative path. The relative path is relative to /opt/oss/server.
After the certificates are restored, perform Step 6 to deploy the certificates again.
If the failure persists, contact Huawei technical support engineers.
Step 7 Run the following commands to start U2000 processes for the replacement to take effect:
Single-Server System (as the ossuser user):
$ cd /opt/oss/server/platform/bin
$ ./startnms.sh
----End
9.1.7.6.3 Adding Trust Certificates of the Third-party Syslog Server to the U2000 Server
To allow the U2000 server to properly communicate with the third-party Syslog server using
SSL or TLS, deploy the trust certificates of the third-party Syslog server on the U2000 server.
If the U2000 server trusts a new CA granting certificates to the third-party Syslog server, or if
the trust certificate is updated, the CA granting certificates to the third-party Syslog server is
not changed but different from that granting certificates to the U2000 server, and the two CAs
are not sub-CAs in the same CA, add the new trust certificate of the third-party Syslog server
to the U2000 server.
Prerequisites
l The new trust certificate granted by the certificate authority (CA) of the peer has been
obtained.
l You have deployed certificates on the U2000 server by running the ssl_adm -cmd
replace_certs command.
Context
l When the U2000 server functions as an SSL client, the peer is authenticated by default.
l The new trust certificate must contain its root certificate. If the root certificate has been
deployed on the U2000 server, delete the root certificate by following the instructions
provided in 9.1.7.6.4 Deleting Trust Certificates of the Third-party Syslog Server
from the U2000 Server, and then add it again.
l In the local HA environment or the remote HA environment, run this command only on
the primary server.
l After a certificate is deployed on the server, you must log in to the client again.
l To update trust certificates of the third-party Syslog server, delete the trust certificate that
is no longer trusted by following the instructions provided in 9.1.7.6.4 Deleting Trust
Certificates of the Third-party Syslog Server from the U2000 Server, and add a trust
certificate again.
l The certificate deployed by running the ssl_adm -cmd replace_certs command must be
updated by running the ssl_adm -cmd update_certs command.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 2 Run the following commands to create a directory for saving certificates. In this example, all
certificates are saved under the /opt/oss/server/certificates directory.
$ cd /opt/oss/server
$ mkdir certificates
NOTE
One trust certificate file can contain only one trust certificate.
Step 5 Run the following commands to add trust certificates of the third-party Syslog server to the
U2000 server.
NOTE
l In the preceding commands, /opt/oss/server/certificates is the directory for saving new trust
certificates.
l After the command is executed, all certificates in the /opt/oss/server/certificates directory are
deployed to /opt/oss/server/etc/ssl/syslog.
l For details about the certificate directory after certificates are added, see Certificate Save Path and
Naming Conventions.
Execution result:
l If the system displays the Operation succeeded. message, the certificates have
been added successfully. Go to Step 6.
l Otherwise, the trust certificates fail to be added. If this occurs, locate the failure and then
restore the trust certificates by running the following command:
$ ssl_adm -cmd restore -backpath var/backup/ssl/YYYYMMDDhhmmss
NOTE
Step 6 Run the following commands to start U2000 processes for the replacement to take effect:
----End
9.1.7.6.4 Deleting Trust Certificates of the Third-party Syslog Server from the U2000
Server
When the U2000 server communicates with the third-party Syslog server using SSL or TLS,
deploy the trust certificate of the third-party Syslog server on the U2000 server. If you no
longer use the third-party Syslog log forwarding server, delete the trust certificates of the
third-party Syslog server from the U2000 server.
Prerequisites
You have run the ssl_adm -cmd addCA command to add trust certificates to the U2000
server. For details, see 9.1.7.6.3 Adding Trust Certificates of the Third-party Syslog
Server to the U2000 Server.
Context
l The certificate deployed by running the ssl_adm -cmd replace_certs command must be
updated by running the ssl_adm -cmd update_certs command.
l In the local HA environment or the remote HA environment, run this command only on
the primary server.
l After a certificate is deployed on the server, you must log in to the client again.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 3 Run the following commands to query file names and issuers of the added trust certificates of
the third-party Syslog server.
$ ssl_adm -cmd queryCA -app syslog
Execution result:
l If the message No trust certificate is incrementally deployed by
running the ssl_adm -cmd addCA command. is displayed, no trust
certificate has been added by running the ssl_adm -cmd addCA command.
l If information similar to the following is displayed, the file name and issuer of the
current trust certificate are 600755ba.0 and C=CN, ST=Guangdong, L=ShenZhen,
O=Huawei, OU=CMC, CN=huawei_root, respectively. Go to Step 4.
Deployed trust certificates are as follows:
name: issuer:
600755ba.0 C=CN, ST=Guangdong, L=ShenZhen, O=Huawei,
OU=CMC, CN=huawei_root
Step 4 Run the following commands to delete trust certificates of the third-party Syslog server from
the U2000 server. The trust certificate 600755ba.0 is used as an example.
$ ssl_adm -cmd deleteCA -name 600755ba.0 -app syslog
Execution result:
l If the system display a message similar to the following, the trust certificates have been
deleted. Go to Step 5.
Operation succeeded.
l Otherwise, the trust certificates fail to be deleted. If this occurs, locate the failure and
then restore the trust certificates by running the following command:
$ ssl_adm -cmd restore -backpath var/backup/ssl/YYYYMMDDhhmmss
NOTE
Step 5 Run the following commands to start U2000 processes for the replacement to take effect:
----End
9.1.7.7 Enabling the U2000 Server to Authenticate NEs Sending Syslog Logs to It
(Solaris, SUSE Linux)
When the U2000 server functions as an SSL server for communication with the U2000 client
and NEs, you are advised to enable authentication of the communication peer on the U2000
server for security concerns. After this function is enabled, you must deploy the required trust
certificates on the U2000 server to ensure normal communication.
Prerequisites
The identity certificates of NEs that need to be authenticated have been deployed.
Context
Before enabling authentication of the communication peer on the U2000 server, stop the
U2000 services. The U2000 services will be interrupted.
Process for Configuring the U2000 Server to Receive Syslog Logs Sent from NEs
1. Check whether the communication mode of the U2000 server is SSL or both.
– If yes, go to 2.
– If no, set the communication mode of the U2000 server.
You can see A.10.27 How to Set the Communication Mode on the U2000 server for
the Single-Server System (Solaris) or A.10.28 How to Set the Communication Mode
on the U2000 server for the Single-Server System (SUSE Linux).
2. Check whether peer authentication has been enabled for the U2000 server by following
the instructions provided in ssl_adm -cmd queryAuthPeer.
– If yes, go to 3.
– If no, go to 9.1.7.7.2 Enabling the U2000 Server to Authenticate Its Peer.
3. On the U2000 server, deploy the trust certificates and CRLs of NEs sending Syslog logs
to this server by following the instructions provided in 9.1.7.7.3 Deploying a Certificate
for the U2000 Server to Receive NE Syslog Logs.
NOTE
By default, the U2000 server uses the TLS protocol and the certificates of the U2000 server to
receive NE Syslog logs. The certificate is saved in the /opt/oss/server/etc/ssl directory. To prevent
the certificates from affecting each other in different scenarios, you are advised to deploy the
certificates for receiving NE Syslog logs under /opt/oss/server/etc/ssl/nelog.
Scenarios for Maintaining the U2000 Server to Receive NE Syslog Logs After
Peer Authentication Is Enabled
If the CA granting certificates to the NE is changed, you need to update the trust certificates
deployed on the U2000 server. Table 9-9 shows required operations in various scenarios.
The CA granting l If the CAs granting certificates to the U2000 server and to
certificates to the NE is not the NE are the same, or are two sub-CAs in the same CA,
changed, and trust perform the following operations:
certificates are updated. 9.1.7.7.4 Updating a Certificate for the U2000 Server
to Receive NE Syslog Logs
l If the CAs granting certificates to the U2000 server and to
the NE are different, and are not two sub-CAs in the same
CA, perform the following operations:
1. Delete old trust certificates of the NE by following the
instructions provided in 9.1.7.7.6 Deleting from an
U2000 Server the Trust Certificates of the NE
Sending Syslog Logs to It.
2. Add new trust certificates of the NE by following the
instructions provided in 9.1.7.7.5 Adding to the
U2000 Server the Trust Certificates of the NE
Sending Syslog Logs to It.
The server trusts a new CA 9.1.7.7.5 Adding to the U2000 Server the Trust
granting certificates to the Certificates of the NE Sending Syslog Logs to It
NE.
The server untrusts a CA Query the file name and issuer of the trust certificate of the
granting certificates to the NE by following the instructions provided in ssl_adm -cmd
NE. queryCA.
l If the file name and issuer of the trust certificate exist,
follow the instructions provided in 9.1.7.7.6 Deleting
from an U2000 Server the Trust Certificates of the NE
Sending Syslog Logs to It.
l If the file name and issuer of the trust certificate do not
exist, no further action is required.
Context
l You can query only the logs of the devices in your own domains.
l The users in the admin and Administrators groups can query device logs of all users.
Procedure
Step 1 Choose Administration > NE Security Management > NE Syslog Operation Logs from
the main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose Log Management > NE Syslog Operation Logs from the
main menu (application style) from from the main menu.
Step 2 In the Filter dialog box, set filter criteria and click OK.
NOTE
You can also query device logs by performing the following steps:
1. In the Filter dialog box, click Cancel.
2. In the NE Syslog Operation Logs window, click Filter.
3. In the Filter dialog box, set filter criteria and click OK. Click Reset to reset all the parameters.
Step 3 In the NE Syslog Operation Logs window, double-click a record to view the log details.
l Click a field in the column header of the query result table to sort the query results by
field.
l The white upward triangular icon indicates that you can sort the results by field. The
black upward triangular icon indicates that the results are sorted in ascending order of
the field. The black downward triangular icon indicates that the results are sorted in
descending order of the field.
l Click Device name or Access Method. Different from other table header fields, these
fields are displayed in groups. Therefore, they are not sorted in alphabetical order.
----End
Prerequisites
The trust certificate of the peer has been deployed on the U2000 server.
Context
l In the local HA environment, you need to perform related operations only on the active
server.
l In the remote HA environment, you need to perform related operations on both the active
and standby servers.
l If peer authentication is enabled for the U2000 server, to allow the U2000 server to
properly communicate with multiple peers, deploy required certificates on the peers, and
deploy the trust certificates and CRLs of all the peers on the U2000 server.
If peer authentication is enabled for the U2000 server, to allow the U2000 server to properly
communicate with multiple peers, deploy required certificates on the peers, and deploy the
trust certificates and CRLs of all the peers on the U2000 server.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Single-Server System:
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
Step 3 Run the following commands to enable the U2000 server to authenticate its communication
peer.
If information similar to the following is displayed, the U2000 server has been enabled to
authenticate its communication peer:
Operation succeeded.
NOTE
l The U2000 server uses the certificate (certificate of the U2000 server) under the /opt/oss/
server/etc/ssl directory to receive NE Syslog logs by default. If you use a new certificate in this
scenario, run the following command to enable peer authentication:
$ ssl_adm -cmd enableAuthPeer -app common -file Path for deploying the certificate used for the
U2000 server to receive NE Syslog logs/option.xml
l The value of SSLCertPath in /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg is the path for
deploying the certificate used for the U2000 server to receive NE Syslog logs.
When the U2000 server is used as an FTP server, perform the following steps to enable the
communication peer authentication function.
1. Run the following command to set environment variables:
$ . /opt/oss/server/svc_profile.sh
2. Run the following command to switch to user root:
$ su - root
Password: password of user root
3. Run the following command to enable the FTP server to authenticate its communication
peer:
# /opt/oss/server/3rdTools/ftp/files/setSSLForFtpSvr.sh enableAuthPeer
4. Exit user root.
# exit
$ ssl_adm -cmd enableAuthPeer -app common -file D:\oss\server\etc\ssl\option.xml
$ ssl_adm -cmd enableAuthPeer -app CORBA -file D:\oss\server\etc\conf\svc_ssl.conf
$ ssl_adm -cmd enableAuthPeer -app CORBA -file D:\oss\server\etc\conf\notify_ssl.conf
$ ssl_adm -cmd enableAuthPeer -app Apache -file D:\oss\server\etc\apache\conf\extra
\httpd-ssl.conf
If information similar to the following is displayed, the U2000 server has been enabled to
authenticate its communication peer:
Operation succeeded.
NOTE
l The U2000 server uses the certificate (certificate of the U2000 server) under the D:\oss\server\etc
\ssl directory to receive NE Syslog logs by default. If you use a new certificate in this scenario, run
the following command to enable peer authentication:
$ ssl_adm -cmd enableAuthPeer -app common -file Path for deploying the certificate used for the
U2000 server to receive NE Syslog logs\option.xml
l The value of SSLCertPath in D:\oss\server\etc\conf\u2ksyslogcollector_init.cfg is the path for
deploying the certificate used for the U2000 server to receive NE Syslog logs.
Step 4 Run the following commands to start U2000 processes for the replacement to take effect:
Single-Server System (as the ossuser user):
$ cd /opt/oss/server/platform/bin
$ ./startnms.sh
----End
Follow-up Procedure
Check whether the U2000 server has been enabled to authenticate its communication peer.
$ . /opt/oss/server/svc_profile.sh
l If information similar to the following is displayed, the U2000 server is not enabled to
authenticate its peer set in /opt/oss/server/etc/ssl/option.xml.
The common service end does not authenticate the peer end in the option.xml
file under the /opt/oss/server/etc/ssl directory.
When the iMAP server is used as an FTP server, run the following command as user root to
check whether the FTP server has been enabled to authenticate its communication peer:
# /opt/oss/server/3rdTools/ftp/files/setSSLForFtpSvr.sh queryAuthPeer
l If information similar to the following is displayed, the FTP server has been enabled to
authenticate its peer:
The FTPS service end authenticates the peer.
l If information similar to the following is displayed, the FTP server is not enabled to
authenticate its peer:
The FTPS service end does not authenticate the peer.
Check whether the U2000 server has been enabled to authenticate its communication peer.
$ ssl_adm -cmd queryAuthPeer -app common -file D:\oss\server\etc\ssl\option.xml
l If information similar to the following is displayed, the U2000 server is not enabled to
authenticate its peer set in D:\oss\server\etc\ssl\option.xml.
The common service end does not authenticate the peer end in the option.xml
file under the D:\oss\server\etc\ssl directory.
9.1.7.7.3 Deploying a Certificate for the U2000 Server to Receive NE Syslog Logs
The U2000 server can receive Syslog logs of NEs using the UDP or TLS protocol. TLS is
used by default because it provides higher security. When TLS is used, you must deploy
required NE certificates on the U2000 server.
Prerequisites
l You have obtained the following certificates:
– Identity certificate and key of the U2000 server: server.cer and server_key.pem or
server.p12 and its encrypted password.
– Trust certificates of an NE
– Optional: Certificate revocation list (CRL) granted by the Certificate Authority
(CA) trusted by the NE
l NE authentication has been enabled on the U2000 server. For details about how to check
whether the U2000 server authenticates the communication peer, see ssl_adm -cmd
queryAuthPeer. For details about how to enable peer authentication, see 9.1.7.7.2
Enabling the U2000 Server to Authenticate Its Peer.
Context
l If bidirectional authentication is applied, deploy not only the trust certificates of the NE
and the CRL released by the CA trusted by the NE on the U2000 server but also the trust
certificates of the U2000 and the CRL released by the CA trusted by the U2000 server on
the NE. This section describes how to deploy the trust certificates and CRL of an NE on
the U2000 server.
l In the local HA environment, remote HA environment, and the distribution environment,
you need to perform related operations only on the active server.
l Re-log in to the client after deploying the certificates on the server.
l If the U2000 server needs to receive Syslog logs of multiple NEs, you must deploy all
the trust certificates of these NEs on the U2000 server. You can deploy the certificates of
a single NE on the U2000 server by following the instructions provided in this section
and deploy the certificates of other NEs by following the operations provided in 9.1.7.7.5
Adding to the U2000 Server the Trust Certificates of the NE Sending Syslog Logs to
It.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 2 Run the following commands to create a directory for saving certificates. In this example, all
certificates are saved in the /opt/oss/server/nelogcertificates directory.
$ cd /opt/oss/server
$ mkdir nelogcertificates
Step 3 Use FileZilla to upload the trust certificates, identity certificate, and CRL to the U2000 server.
For details about how to use the FileZilla tool, see A.2.28 How to Use the FileZilla to
Transfer Files by SFTP. Set the following information when uploading the files:
l User name and password: name and password of user ossuser
NOTE
One trust certificate file can contain only one trust certificate, and one CRL file can contain only one
CRL.
Step 5 Run the following command to back up the deployed certificates. If no certificate has been
deployed, perform Step 6.
$ cd /opt/oss/server
$ mkdir -p var/backup/deployssl/ssl/nelog
NOTE
l The certificate backup path can be an absolute or relative path. The relative path is relative
to /opt/oss/server.
l In the example provided in this section, certificates are backed up to /opt/oss/server/var/backup/
deployssl/ssl/nelog.
NOTE
In the command, var/backup/deployssl/ssl/nelog is the path for saving backup certificates. The
path can be an absolute or relative path. The relative path is relative to /opt/oss/server.
After the certificates are restored, perform Step 6 to deploy the certificates again.
If the certificates still fail to be deployed, contact Huawei technical support engineers.
Step 7 Optional: If an NE supports 2048, perform the following operations to set the parameter
length for a secure DH algorithm:
1. Run the vi command to open /opt/oss/server/etc/ssl/option.xml.
$ vi /opt/oss/server/etc/ssl/option.xml
NOTE
By default, the U2000 server uses the certificate (namely, the certificate for the U2000 server) in
the /opt/oss/server/etc/ssl directory to receive NE Syslogs. To use another certificate in such a
scenario, run the following command to open the configuration file:
$ vi Path for deploying the certificate used for the U2000 server to receive NE Syslogs/option.xml
The path for deploying the certificate used for the U2000 server to receive NE Syslogs is the value
of the SSLCertPath configuration item in /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg.
2. Change value in <PARA name="secureDHLen" value="1024"/> to 2048.
NOTE
– 1024: indicates that the DH parameter with 1024 or less bits is used.
– 2048: indicates that the 2048-bit DH parameter is used.
– The DH algorithm with value set to 2048 is more secure than that with value set to 1024.
3. Press Esc to switch to the command mode. Run the :wq! command to save the
option.xml file and exit.
Step 8 Modify the configuration file /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg, and
specify the path for saving the certificates used by the U2000 server to authenticate NEs.
1. Run the following command to open the configuration file:
$ vi /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg
2. Change the value of SSLCertPath to /opt/oss/server/etc/ssl/nelog.
3. Press Esc to switch to the command mode. Run the :wq! command to save
u2ksyslogcollector_init.cfg and exit the command mode.
NOTE
If you do not modify the configuration file, the U2000 server will use the deployed certificates of the
U2000 server to authenticate NEs by default. The certificate is deployed in the /opt/oss/server/etc/ssl
directory.
Step 9 Run the following commands to start U2000 processes for the replacement to take effect:
Single-Server System (as the ossuser user):
$ cd /opt/oss/server/platform/bin
$ ./startnms.sh
----End
9.1.7.7.4 Updating a Certificate for the U2000 Server to Receive NE Syslog Logs
This section describes how to update the certificate of the U2000 server to receive NE Syslog
logs when this server has been deployed with certificates of an NE but the certificates are
about to expire, and the new certificate and existing certificate of an NE are granted by the
same CA or its two sub-CAs. The certificate update function enables you to replace the
original identity certificate and trust certificate and incrementally update the certificate
revocation list (CRL).
Prerequisites
You have obtained the following certificates:
l Identity certificate and key of the U2000 server: server.cer and server_key.pem or
server.p12 and its encrypted password.
l Trust certificates of an NE
l Optional: Certificate revocation list (CRL) granted by the Certificate Authority (CA)
trusted by the NE
Context
l When updating certificates, you must provide identity certificates. If the identity
certificates do not need to be updated, use the original identity certificates.
l In the local HA environment, you need to perform related operations only on the primary
server.
l In the remote HA environment, you need to perform related operations on both the
primary and secondary servers.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 2 Run the following commands to create a directory for saving certificates. In this example, all
certificates are saved in the /opt/oss/server/nelogcertificates directory.
$ cd /opt/oss/server
$ mkdir nelogcertificates
Step 3 Use FileZilla to upload the trust certificates, identity certificate, and CRL to the U2000 server.
For details about how to use the FileZilla tool, see A.2.28 How to Use the FileZilla to
Transfer Files by SFTP. Set the following information when uploading the files:
l User name and password: name and password of user ossuser
l File path on the server: /opt/oss/server/nelogcertificates
NOTE
One trust certificate file can contain only one trust certificate, and one CRL file can contain only one
CRL.
$ mkdir -p var/backup/deployssl/ssl/nelog
NOTE
l The certificate backup path can be an absolute or relative path. The relative path is relative
to /opt/oss/server.
l In the example provided in this section, certificates are backed up to /opt/oss/server/var/backup/
deployssl/ssl/nelog.
NOTE
In the command, var/backup/deployssl/ssl/nelog is the path for saving backup certificates. The
path can be an absolute or relative path. The relative path is relative to /opt/oss/server.
After the certificates are restored, perform Step 6 to deploy the certificates again.
If the certificates still fail to be deployed, contact Huawei technical support engineers.
Step 7 Run the following commands to start U2000 processes for the replacement to take effect:
Single-Server System (as the ossuser user):
$ cd /opt/oss/server/platform/bin
$ ./startnms.sh
----End
9.1.7.7.5 Adding to the U2000 Server the Trust Certificates of the NE Sending Syslog
Logs to It
If peer authentication is enabled for the U2000 server, to allow the U2000 server to properly
communicate with NEs using SSL or TLS, deploy the trust certificates of NEs on the U2000
server. If the server trusts a new CA granting certificates to an NE, or if the trust certificate is
updated, the CA granting certificates to the NE is not changed but different from that granting
certificates to the server, and the two CAs are not sub-CAs in the same CA, add the new trust
certificates of the NE to the server.
Prerequisites
l The new trust certificate granted by the certificate authority (CA) of the peer has been
obtained.
l You have deployed certificates on the U2000 server by running the ssl_adm -cmd
replace_certs command.
Context
l When the U2000 server functions as an SSL server, enable the U2000 server to
authenticate its peer. For details, see 9.1.7.7.2 Enabling the U2000 Server to
Authenticate Its Peer.
l The new trust certificate must contain its root certificate. If the root certificate has been
deployed on the U2000 server, delete the root certificate by following the instructions
provided in 9.1.7.7.6 Deleting from an U2000 Server the Trust Certificates of the NE
Sending Syslog Logs to It, and then add it again.
l In the local HA environment or the remote HA environment, run this command only on
the primary server.
l After a certificate is deployed on the server, you must log in to the client again.
l To update trust certificates of the NE, delete the trust certificates that is no longer trusted
by following the instructions provided in 9.1.7.7.6 Deleting from an U2000 Server the
Trust Certificates of the NE Sending Syslog Logs to It, and add trust certificates
again.
l The certificate deployed by running the ssl_adm -cmd replace_certs command must be
updated by running the ssl_adm -cmd update_certs command.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 2 Run the following commands to create a directory for saving certificates. In this example, all
certificates are saved under the /opt/oss/server/certificates directory.
$ cd /opt/oss/server
$ mkdir certificates
NOTE
One trust certificate file can contain only one trust certificate.
$ su - root
Password: root user password
# hares -offline NMSServer -sys hostname
# exit
Step 5 Run the following commands to add trust certificates of the NE to the U2000 server.
NOTE
l In the preceding commands, /opt/oss/server/certificates is the directory for saving new trust
certificates.
l After the command is executed, all certificates in the /opt/oss/server/certificates directory are
deployed to /opt/oss/server/etc/ssl/nelog.
l For details about the certificate directory after certificates are added, see Certificate Save Path and
Naming Conventions.
Execution result:
l If the system displays the Operation succeeded. message, the certificates have
been added successfully. Go to Step 6.
l Otherwise, the trust certificates fail to be added. If this occurs, locate the failure and then
restore the trust certificates by running the following command:
$ ssl_adm -cmd restore -backpath var/backup/ssl/YYYYMMDDhhmmss
NOTE
Step 6 Run the following commands to start U2000 processes for the replacement to take effect:
----End
9.1.7.7.6 Deleting from an U2000 Server the Trust Certificates of the NE Sending Syslog
Logs to It
When the U2000 server communicates with the NE using SSL or TLS, deploy the trust
certificate of the NE on the U2000 server. When peer authentication is no longer required,
delete the trust certificate of the NE from the U2000 server.
Prerequisites
You have run the ssl_adm -cmd addCA command to add trust certificates to the U2000
server. For details, see 9.1.7.7.5 Adding to the U2000 Server the Trust Certificates of the
NE Sending Syslog Logs to It.
Context
l The certificate deployed by running the ssl_adm -cmd replace_certs command must be
updated by running the ssl_adm -cmd update_certs command.
l In the local HA environment or the remote HA environment, run this command only on
the primary server.
l After a certificate is deployed on the server, you must log in to the client again.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 3 Run the following commands to query file names and issuers of the added trust certificates of
the NE.
$ ssl_adm -cmd queryCA -app nelog
Execution result:
l If the message No trust certificate is incrementally deployed by
running the ssl_adm -cmd addCA command. is displayed, no trust
certificate has been added by running the ssl_adm -cmd addCA command.
l If information similar to the following is displayed, the file name and issuer of the
current trust certificate are 600755ba.0 and C=CN, ST=Guangdong, L=ShenZhen,
O=Huawei, OU=CMC, CN=huawei_root, respectively. Go to Step 4.
Deployed trust certificates are as follows:
name: issuer:
600755ba.0 C=CN, ST=Guangdong, L=ShenZhen, O=Huawei,
OU=CMC, CN=huawei_root
Step 4 Run the following commands to delete trust certificates of the NE from the U2000 server. The
trust certificate 600755ba.0 is used as an example.
$ ssl_adm -cmd deleteCA -name 600755ba.0 -app nelog
Execution result:
l If the system display a message similar to the following, the trust certificates have been
deleted. Go to Step 5.
Operation succeeded.
l Otherwise, the trust certificates fail to be deleted. If this occurs, locate the failure and
then restore the trust certificates by running the following command:
$ ssl_adm -cmd restore -backpath var/backup/ssl/YYYYMMDDhhmmss
NOTE
----End
Definition
l The syslog server is a workstation or a server that stores syslogs of the NEs on the live
network.
l Syslog GNE is an NE that receives syslogs from other NEs and transmits them to the
syslog server.
Networking Solution
Considering system log security, a transmission network must be connected to at least two
syslog servers. The NEs and syslog servers usually communicate with each other by an IP
protocol. NEs can use various methods to communicate. For example, the NEs can
communicate with each other by ECC channels.
Case 1
Figure 9-4 shows the networking for the scenario where core NEs use IP protocols to
communicate with each other and different syslog servers are connected to different NEs.
IP IP IP IP
NE1
NE2 NE3
NE4
IP IP
ECC
ECC ECC
NE5
NE6 NE8
NE7
ECC ECC
NE1, NE2, NE3, and NE4 form an IP network. NE5, NE6, NE7, and NE8 form an ECC
network. NE2 and NE3 use IP protocols to communicate with syslog server 1 and syslog
server 2 respectively. NE4 communicates with NE5 through the ECC channel.
In this situation, NE1, NE2, NE3, and NE4 use IP protocols to communicate with two
different syslog servers. Set the IP address and port ID for the syslog servers for these NEs.
An NE transmits NE syslogs to the syslog servers using IP protocols. You do not need to set
the syslog GNE.
NE5, NE6, NE7, and NE8 cannot communicate with syslog servers directly. Their syslogs are
transmitted to the syslog GNE through the ECC channel and then transmitted to the syslog
servers. Therefore, you need to set the syslog GNE for these NEs. For example, set NE2 as
the syslog GNE for NE5.
Case 2
Figure 9-5 shows the networking in the scenario where core NEs use IP protocols to
communicate with each other and different syslog servers are connected to the same NE. This
type of networking is similar to that shown in Figure 9-4.
IP IP
IP IP
NE1
NE2 NE3
NE4
IP IP
ECC
ECC ECC
NE5
NE6 NE8
NE7
ECC ECC
In this situation, NE1, NE2, NE3, and NE4 can also use IP protocol to communicate with two
different syslog servers. Therefore, all NE settings are the same as that in Table 9-10.
Case 3
Figure 9-6 shows the networking in the scenario where core NEs use ECC protocols to
communicate with each other and different syslog servers are connected to different NEs.
IP ECC ECC IP
NE1
NE2 NE3
NE4
ECC ECC
ECC
ECC ECC
NE5
NE6 NE8
NE7
ECC ECC
NE1, NE2, NE3, and NE4 form an ECC network. NE5, NE6, NE7, and NE8 form another
ECC network. NE2 and NE3 use IP protocols to communicate with syslog server 1 and syslog
server 2 respectively. NE4 communicates with NE5 through the ECC channel.
In this situation, NE2 can only communicate with syslog server 1 directly. NE2 cannot
communicate with syslog server 2 directly. Therefore, you must set the IP address and port ID
for syslog server 1 for NE2 and the syslog GNE which can transmit syslogs to syslog server 2.
Consequently, NE2 uses IP protocols to transmit the syslogs to syslog server 1 and uses the
syslog GNE to transmit system logs to syslog server 2. The setting of NE3 is similar to that of
NE2. Set the IP address and port ID for syslog server 2 and the syslog GNE which can
transmit syslogs to syslog server 1.
All other NEs cannot communicate with two syslog servers directly. Their syslogs are
transmitted to the syslog GNE through the ECC channel. Then, the syslog GNE transmits the
syslogs to the syslog servers. Therefore, you only need to set the syslog GNE for these GNEs.
For example, NE2 and NE3 may be the syslog GNEs for NE5. For details about the
configurations, see Table 9-11.
Related Tasks
9.4.1 Transferring NE Logs to a Syslog Server
NOTE
The SyslogCollectorDM service of the U2000 uses UDP port 514 for receiving remote logs.
On Linux and Windows OSs, port 514 is idle because the function of receiving remote logs is
disabled for the syslog service by default. However, on Solaris OS, the function is enabled by
default and occupies port 514, resulting in a port conflict. To eliminate the conflict, disable
the function of receiving remote logs for the syslog service on Solaris OS. For details, see
How to Resolve the U2000 SyslogCollectorDM Service Startup Failure Due to a Port Conflict
in Administrator Guide.
Context
l After the information center is enabled, the classification and output of information
(especially much information for processing) may affect the system performance to some
extent.
l By default, the information center is enabled. You can run the display info-center
command to view the information center status.
If this information is not displayed, perform the following steps to enable the information
center.
Procedure
Step 1 Telnet or STelnet to an NE. Run the system-view command to enter the system view.
NOTE
Using STelnet (if supported) to log in to the device is recommended. STelnet is more secure.
Step 2 Run the info-center enable command to enable the information center.
----End
Prerequisites
l The selected NE supports the log service function on the U2000.
l The NE is configured with Telnet/STelnet parameters and its configurations are
synchronized to the U2000.
l The syslog source interface and its IP address are known.
Procedure
Step 1 In the topology navigation tree or the topology view, select the NE to be operated and right-
click it. Then select NE Explorer on the shortcut menu.
Step 2 In the Service Tree, choose System Management > NE Channel Management > Syslog
Service.
Step 3 Click Enable or Disable to change the service status of the syslog source interface.
NOTE
If the syslog source of the host is in use, you cannot select the syslog source interface from the drop-
down list. The status button is Disable. Click Disable to disable the log source. Then you can select the
syslog source interface from the drop-down list. The status button changes to Enable.
Step 4 When the syslog source is disabled, select the source interface for sending syslog files and
click Enable.
----End
Prerequisites
The IP address of the log host is known.
Context
To view NE logs on the U2000, set Log Host IP Address to U2000 Server IP Address to set
the U2000 server as the NE syslog receiver.
NOTE
The system supports the configuration of a maximum of eight log hosts to realize backup among log
hosts.
Procedure
Step 1 In the Main Topology, right-click an NE and choose NE Explorer from the shortcut menu.
Step 2 In the Service Tree, choose NE Channel Management > Syslog Service from the navigation
tree.
Step 3 On the Syslog Service tab, right-click in a blank area and choose Create from the shortcut
menu.
Step 4 In the Create Log Host dialog box, set the parameters.
NOTE
l If theU2000 manages NEs in inband VPN networking mode, the VRF name must be specified.
l If the U2000 is a high availability system, the IP addresses of both the primary and secondary sites
must be added to the Log Host IP Address list.
If more than one log host is added, the Create Log Host progress bar is displayed.
After all log hosts are added, click OK.
----End
Procedure
Step 1 In the topology navigation tree or the topology view, select the NE to be operated and right-
click it. Then select NE Explorer on the shortcut menu.
Step 2 In the Service Tree, choose System Management > NE Channel Management > Syslog
Service.
----End
Prerequisites
l You are an NMS user with Guests authority or higher.
l An information center on the NE side is configured so that the NE syslog run logs can be
sent to the U2000. For details about how to configure an information center on the NE
side, see 9.2.1 Configuring the Information Center on the NEs.
l You have configured the U2000 server as the receiver of NE logs and set Log Host IP
Address to that of the U2000 server. For details, see 9.2.1.3 Adding a Syslog Host.
Context
Only user admin can query the NE syslog run logs of all NEs.
Procedure
Step 1 Choose Administration > NE Security Management > NE Syslog Run Log from the main
menu (traditional style); alternatively, double-click Security Management in Application
Center and choose Log Management > NE Syslog Run Log from the main menu
(application style).
Step 2 In the DRL File List navigation tree, double-click an NE syslog run log file, such as
20120601061544. In the right pane, click a record to view log details.
NOTE
l The files in the device run log (DRL) file list are listed by time.
l You can enter the file name in the text box above the DRL File List navigation tree to filter the DRL
files. Only numbers from 0 to 9 are allowed. Then, the matched files are displayed in the DRL File
List navigation tree.
----End
NOTE
This operation is applies to the management of syslog operation log for access NEs.
Prerequisites
You are an NMS user with Guests authority or higher.
The SyslogCollectorDM service of the U2000 uses UDP port 514 for receiving remote logs.
On Linux and Windows OSs, port 514 is idle because the function of receiving remote logs is
disabled for the syslog service by default. However, on Solaris OS, the function is enabled by
default and occupies port 514, resulting in a port conflict. To eliminate the conflict, disable
the function of receiving remote logs for the syslog service on Solaris OS. For details, see
How to Resolve the U2000 SyslogCollectorDM Service Startup Failure Due to a Port Conflict
in Administrator Guide.
Context
l This feature allows users to browse syslog operation logs of all access NEs.
l Common users can query only the logs of the NEs of their own management domains.
l User admin can query NE logs of all users.
Procedure
Step 1 Log in to the System Monitor client, and check whether SyslogCollectorDM is started. If not,
select the process, right-click, and choose Start Process from the shortcut menu.
Step 2 STelnet to the device whose log needs to be viewed, and switch to the privilege mode. Run
the loghost add ip-addr hostname command to add a syslog server.
NOTE
The ip-addr indicates the IP address of the U2000 server, and the hostname parameter indicates the
name of the U2000 server.
Step 3 Run the loghost activate name hostname command to activate the Syslog server.
NOTE
Step 4 Run the display loghost list command. If the returned message includes the IP address and
name of the added syslog server, and Terminal state is Normal, the syslog server is
configured successfully.
Step 7 Choose Administration > NE Security Management > NE Syslog Operation Logs from
the main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose Log Management > NE Syslog Operation Logs from the
main menu (application style).
Step 8 In the NE Syslog Operation Logs window, double-click a record to view the log details.
l Click a field in the header of the query result table to sort the query results by field.
l A white upward triangular icon indicates that you can sort the results by field. A black
upward triangular icon indicates that the results are sorted in the ascending order by
field. The black downward triangular icon indicates that the results are sorted in the
descending order by field.
l Click the Device Name, or Access Method field. Different from other table header
fields, these fields are displayed in groups. Therefore, they are not sorted in alphabetic
order.
----End
Related References
NE Syslog Operation Logs
Prerequisites
You are an NMS user with Guests authority or higher.
Procedure
Step 1 Choose Administration > NE Security Management > LCT User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Fix-Network NE > LCT User Management
from the main menu (application style).
Step 2 On the User Logs tab select the desired device type from the Device Type drop-down list.
Step 3 Click Filter and set the parameters to display the required NE user logs.
Step 4 Select a log record in the user log list and view the details of the log in the lower pane.
----End
Prerequisites
This operation applies to MSTP, WDM and RTN series NEs.
Related Concepts
9.1.8 Syslog Service
Prerequisites
l You are an NMS user with Operator Group authority or higher.
l The NE must be able to directly communicate with the syslog server.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Log Forwarding from the
Function Tree.
Step 2 Click the Syslog Server tab. The syslog server list is displayed.
Step 3 Click Query to load configurations of the syslog server from the NE.
Step 4 Click New. The Add Syslog Server dialog box is displayed.
Step 5 Set IP Address, Send Mode, and Port according to actual networking.
Step 6 Click OK. A message will be displayed indicating that the operation is successful.
----End
Prerequisites
You are an NMS user with Operator Group authority or higher.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Log Forwarding from the
Function Tree.
Step 2 Click the Syslog GNE tab. The syslog GNE list is displayed.
Step 3 Click Query to load the syslog GNE configurations from the NE.
Step 6 Click OK. A message will be displayed indicating that the operation is successful.
----End
Prerequisites
You are an NMS user with Operator Group authority or higher.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Log Forwarding form the
Function Tree.
Step 2 On the Basic Info tab, click Query to load the configurations from the NE.
Step 4 In the Add Basic Info dialog box, set Log Type and Log Severity based on network
requirements.
Step 5 Click OK. A message will be displayed indicating that the operation is successful.
----End
Prerequisites
You are an NMS user with Operator Group authority or higher.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Log Forwarding from the
Function Tree.
Step 2 On the Basic Info tab, click Query to load configurations from the NE.
Step 3 Select the Start the log forwarding service check box.
Step 4 Click Apply to deploy the latest configurations. A message will be displayed indicating that
the operation is successful.
----End
Prerequisites
l This function applies to the MSTP series, WDM series, RTN series, PTN series and
marine series NEs.
l You are an NMS user with Maintenance Group authority or higher.
Context
l NE security logs are saved in the U2000 database by default. You can view information
about NE security on the U2000.
l NE logs are forwarded to the syslog server only and are not saved in the U2000 database.
You can view NE logs on the syslog server only.
Procedure
Step 1 In the NE Explorer, choose Security > NE Security Log from the Function Tree.
Query Operation
Query on Select the Query from the NE check box and click Query.
NEs NOTE
It takes a long time for you to query security logs on NEs.
You can filter the query results to view the desired information.
After the query is complete, information about the NE security-related operations is displayed
in the lower pane of the Browse NE Logs window.
----End
Prerequisites
l Apply to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN series and
marine series NEs.
l You are an NMS user with Guests authority or higher.
Context
NOTE
Operation logs are recorded for all operations except queries.
l Choose Administration > Log Management > Query Operation Logs from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose Log Management > Query Operation Logs from the
main menu (application style). The queried logs display only operations by the current
U2000. Alternatively, in the NE Explorer, you can choose Security > NE Operation
Log from the function tree. Then, logs are displayed indicating operations performed by
all U2000 clients connecting to the NE.
l NE operation logs are forwarded to the syslog server, you can view information about
NE operation security on the syslog server.
Procedure
Step 1 In the NE Explorer, choose Security > NE Operation Log from the Function Tree.
Step 2 In the Log Query Criteria area, specify the time range for the queried NE operation logs.
----End
Follow-up Procedure
Current users can query the operation information on specific U2000 clients by viewing User
Name and NMS IP Address displayed in the window.
This topic describes how to manage the processes on the U2000 server through the system
monitor client. After parameters for server monitoring, hard disk monitoring, database
monitoring, and process monitoring, the U2000 sends a related alarm if the value of a
parameter reaches the associated threshold to prevent sudden unavailability of U2000
functions. In addition, you can learn how to start and stop U2000 services and processes.
10.1 Process Overview
This topic describes the concepts and operations relating to U2000 processes and services,
and the processes list of the U2000.
10.2 Logging In to the System Monitor Client
The U2000 system monitor client adopts the client/server architecture. Before performing
operations on the client, you need to log in to the server on the client.
10.3 Setting the Monitoring Parameters
You can set parameters for server monitoring, hard disk monitoring, database monitoring, and
service monitoring. When a threshold is reached, the U2000 generates an alarm.
10.4 Monitoring the Running Status of the U2000
This topic describes how to monitor the status of the U2000 server. This facilitates you to
view the statuses of the processes, databases, performance, and hard disks of the U2000 server
in the centralized mode.
10.5 Starting and Stopping a Service
If a U2000 service fails to start, you need to manually start it. When rectifying a fault, you
may have to manually start or stop a service. This topic describes how to start and stop a
U2000 service.
10.6 Setting the Startup Mode of a Service
This topic describes how to set the three startup modes of U2000 services, including
Automatic, Manual, and Disabled.
Context
l The default port number of the server is 31080. You are advised not to change the port
number. Otherwise, you cannot log in to the U2000 server.
l The login modes include the Secure Sockets Layer (SSL) mode and the common mode.
In SSL mode, data is encrypted when being transmitted between the client and the server.
In common mode, data is not encrypted during transmission. To ensure the security of
data transmission, you are advised to use the SSL mode.
l The port used for login in common mode is different from that in SSL mode. The port
number is 31030 in common mode and 31080 in SSL mode.
l By default, if you are not an admin user and you do not log in to the U2000 system
monitor client for more than 60 days, your account automatically enters the suspend
state.
l If you never use an account for login after creating it, the U2000 does not suspend or
delete the account.
l If a user logs in to the same server through multiple system monitor clients, and the
number of online accounts of the user on the server exceeds the value of Maximum
number of online users for the user, the current login fails. (Existing sessions of the
server that the user has logged in to are not affected.) To continue the login, contact the
system administrator to change the value of Maximum number of online users for the
user. For details on how to change the value of Maximum number of online users, see
Setting the Maximum Number of Sessions in U2000 Help.
Procedure
Step 1 Double-click the shortcut icon on the desktop to start the system monitor client.
Step 2 In the Login dialog box, select an IP address or host name from the Server drop-down list to
specify a server.
If the list does not contain a server, perform the following steps:
– If you want to continue the connection, click Yes. If you do not want the client to
display the dialog box again upon subsequent logins, select Do not remind me
next time.
NOTE
The IP address of the server being connected is saved to the SysComServer.dat file in
Client installation directory\client\client\plugins\loginui\style\conf\loginui. Therefore, the
Do not remind me next time settings apply only to the connected server. If you want the
client to display the dialog box that indicates the security risks upon subsequent logins,
delete the SysComServer.dat file.
– If you want to terminate the connection, click No. The Login dialog box is
displayed. You can select the matched communication mode.
l If the client does not trust the server, you need to determine whether the server is reliable
using the server certificate.
– If you confirm that the server is reliable, click Yes and log in to the client. If you do
not want the system to display the dialog box again, click Import Certificate to
add the server certificate to the trust certificate list.
After adding the server certificate, run Client installation directory\client\client
\bin\CertConfigurator.bat (Windows OS) or Client installation directory/client/
client/bin/CertConfigurator.sh (SUSE Linux and Solaris OS)Client installation
directory\client\notify\bin\CertConfigurator.bat (Windows OS) or Client
installation directory/client/notify/bin/CertConfigurator.sh (SUSE Linux and
Solaris OS)Client installation directory\client\client\bin\CertConfigurator.bat
(Windows OS) or Client installation directory/client/client/bin/
CertConfigurator.sh (SUSE Linux and Solaris OS) to start the Certificate
Configuration tool and click the TrustCertificate tab page to manage the deployed
certificate.
– If you confirm that the server is not reliable, click No to return to the Login dialog
box and contact the system administrator to process the issue.
For details, see How Do I Handle the Server Authentication Dialog Box Displayed When
Logging In to a Client?How Do I Handle the Server Authentication Dialog Box
Displayed When Logging In to a Client? in the online help.
----End
Context
l The parameter Server usage sampling interval indicates the sampling interval. The
CPU and memory usage is sampled at the specified interval.
l CPU overload indicates that the CPU usage is higher than or equal to the alarm
generation threshold.
l If the CPU usage sampled each time is higher than or equal to the alarm generation
threshold, the CPU is continuously overloaded. In this case, the number of continuous
CPU overload times is equal to that of continuous sampling times.
Procedure
Step 1 Log in to the system monitor client.
Step 2 Choose System > System Monitor > Settings from the main menu (application style).
Step 4 In the System Monitor Settings dialog box, click the Server Monitor tab.
The following figure shows the setting interface of the server running Solaris or SUSE Linux.
The following figure shows the setting interface of the server running Windows.
advised to use the default values. You can perform the following operations to change their
values.
1. Run the following command to view the value of Total Physical Memory.
$ cat /proc/meminfo | grep MemTotal
2. Run the following command to view the swap space size.
$ cat /proc/meminfo | grep SwapTotal
3. Use the following formulas to calculate the values of Alarm Generation Threshold and
Alarm Clearance Threshold. The parameter value is the calculation result rounded up
to an integer. For example, if the calculation result is 66.3, the parameter value is 67.
– Alarm generation threshold = (Total physical memory + 0.7 x Swap space size) /
(Total physical memory + Swap space size)
– Alarm clearance threshold = (Total physical memory + 0.6 x Swap space size) /
(Total physical memory + Swap space size)
On Solaris, the default value of Alarm Generation Threshold and Alarm Clearance
Threshold, both parameters for Swap memory usage, are 95 and 85, respectively. You are
advised to use the default values. You can perform the following operations to change their
values.
1. Run the following command to view the value of Total Physical Memory.
$ prtdiag -v | grep 'Memory size'
2. Run the following command to view the swap space size.
$ swap -l | awk '{ print $4 }'
3. Use the following formulas to calculate the values of Alarm Generation Threshold and
Alarm Clearance Threshold. The parameter value is the calculation result rounded up
to an integer. For example, if the calculation result is 66.3, the parameter value is 67.
– Alarm generation threshold = (Total physical memory + 0.6 x Swap space size) /
(Total physical memory + Swap space size)
– Alarm clearance threshold = (Total physical memory + 0.5 x Swap space size) /
(Total physical memory + Swap space size)
NOTE
In the formulas calculating the values of Alarm Generation Threshold and Alarm Clearance
Threshold, the unit of Total Physical Memory and that of the swap space must be the same.
– 1MB = 1024kB
– 1blocks = 0.5kB
----End
Result
l If the number of consecutive times that the CPU is overloaded reaches the value
specified by Max. consecutive CPU overloads for alarm, a high CPU usage alarm is
generated. When the CPU usage sampled is lower than the alarm clearance threshold, the
high CPU usage alarm is cleared.
l On Windows, when the memory usage is higher than or equal to the alarm generation
threshold, a high memory usage alarm is generated. When the memory usage is lower
than the alarm clearance threshold, the high memory usage alarm is cleared.
l On Solaris or SUSE Linux, when the swap memory usage is higher than or equal to the
alarm generation threshold, a high swap usage alarm is generated. When the swap
memory usage is lower than the alarm clearance threshold, the high swap usage alarm is
cleared.
l When a high usage alarm is generated, the icon in the CPU Usage, Memory Usage
(Windows), or Swap Memory Usage (Solaris or SUSE Linux) column changes from
to on the Server Monitor tab of the System Monitor Browser window. If you have
enabled the function of displaying pop-up messages, you will receive messages on the
status bar of the client, prompting you of performance exceptions.
Procedure
Step 1 Complete Logging In to the System Monitor Client.
Step 2 Choose System > System Monitor > Settings from the main menu (application style).
Step 4 In the System Monitor Settings dialog box, click the Hard Disk Monitor tab.
Step 5 On the Hard Disk Monitor tab, set Hard disk usage sampling interval, Alarm Generation
Threshold, and Alarm Clearance Threshold.
l Under the Default node, set default values shared by all hard disks. Click + before
Default, and then set the thresholds for generating and clearing alarms of each severity.
The threshold specified for generating alarms of a low severity must be smaller than that
for generating alarms of a high severity.
l Under the Custom node, set values specific to a hard disk. Expand Custom and click +
before the server name. You will find that all disks use the default thresholds. To specify
other values for a disk, click + before the disk name, and then click the cell next to the
disk name. In the drop-down list, select Customize value. Now, the threshold for
generating alarms of each severity can be changed. To change a threshold, in the text box
next to the desired alarm severity, enter a value. If you do not want to receive alarms of a
disk, select Disable alarm generation from the drop-down list next to the disk name.
Step 6 Optional: Expand Custom and click + before the server name. Then the disk names are
displayed. In the Show Pop-Up Message column, select Yes or No from the drop-down list
next to the desired disk name.
Step 7 Click OK.
----End
Result
l When the hard disk space usage reaches the threshold for generating an alarm of a
certain severity, the corresponding alarm is generated. When the usage reaches the
threshold for generating an alarm of a higher severity, the alarm of the higher severity is
generated and the existing alarm of a lower severity is automatically cleared. When the
usage is lower than a threshold for clearing alarms of a severity, the alarm of this severity
is cleared.
l When a high disk usage alarm is generated, the icon in the Status column changes from
to on the Hard Disk Monitor tab of the System Monitor Browser window. If you
enable the function of displaying pop-up messages, the message The hard disk
partition is abnormal is displayed on the status bar of the client.
Procedure
Step 1 Log in to the system monitor client.
Step 2 Choose System > System Monitor > Settings from the main menu (application style).
Step 4 In the System Monitor Settings dialog box, click the Database Monitor tab.
Step 5 On the Database Monitor tab, set Database usage sampling interval and the alarm
generation thresholds.
l Under the Default node, set default values shared by all databases. Click + before
Default, and then set the thresholds for generating alarms of each severity. The threshold
specified for generating alarms of a low severity must be smaller than that for generating
alarms of a high severity.
l Under the Custom node, set values specific to a database. Expand Custom, and click +
before the server name and database instance name. You will find that all databases use
the default thresholds. To specify other values for a database, click + before the database
name, and then click the cell next to the database name. In the drop-down list, select
Customize value. Now, the threshold for generating alarms of each severity can be
changed. To change a threshold, in the text box next to the desired alarm severity, enter a
value. If you do not want to monitor the usage of a database, select Disabled
Monitoring from the drop-down list next to the database name.
Step 6 After the setting, click OK.
----End
Result
l When the database usage of the U2000 server reaches the threshold for generating an
alarm of a certain severity, the corresponding alarm is generated. When the usage
reaches the threshold for generating an alarm of a higher severity, the alarm of the higher
severity is generated and the existing alarm of a lower severity is automatically cleared.
When the usage is smaller than the threshold, the corresponding clear alarm is generated.
l When the condition for generating a high database usage alarm is met, the icon in the
Status column changes from to on the Database Monitor tab of the System
Monitor Browser window.
Procedure
Step 1 Log in to the system monitor client.
Step 2 Choose System > System Monitor > Settings from the main menu (application style).
Step 4 In the System Monitor Settings dialog box, click the Service Monitor tab.
Step 5 On the Service Monitor tab, set Service status sampling interval and specify whether to
display pop-up messages.
Step 6 Click OK.
----End
Result
l The information displayed on the Service Monitor tab of the System Monitor Browser
window is refreshed at the specified interval.
l If you enable the function of display pop-up messages for some services, a status
indicator is displayed on the status bar in the lower-right corner of the client. When all of
these services are running, the status indicator turns green. When one or some of these
services is stopped, the status indicator turns red and a pop-up message is displayed.
The information displayed on the Service Monitor tab of the System Monitor Browser
window is refreshed at the specified interval.
Note that you can view the details of only one service each time.
– Refresh: It is used to refresh the information about the selected services.
– Start the Service: It is used to start the selected services that are not started.
– Stop the Service: It is used to stop the selected services.
– Startup Mode: It is used to set the required startup modes for the selected services,
including Automatic, Manual, and Disabled.
– Details: It is used to view the details of the services.
3. Select one record, right-click, and choose Refresh to refresh the selected components
information.
Prerequisites
Other services that depend on the service to be stopped must be stopped.
Context
l When Start Mode is set to Disabled, the services cannot be started automatically or
manually.
l When the system starts, the services in automatic start mode start automatically.
l The system does not automatically start the manually stopped service.
Stopping a service affects the functions of the U2000. Therefore, perform this operation with
caution.
Procedure
Step 1 On the System Monitor, click the Service Monitor tab.
Step 2 Select a service, right-click, and choose Start Service or Stop Service.
----End
Context
l Automatic: When a service stops due to a fault, the U2000 automatically attempts to start
the service.
l Manual: starts the service manually after the U2000 is restarted.
l Disabled: You can manually set the startup mode of a stopped service to Disabled.
Procedure
Step 1 Log in to the system monitor client.
Step 3 On the Service Monitor tab page, right-click a service record and choose a submenu of
Startup Mode.
NOTE
You can set Startup Mode to Disabled only for services that have been stopped.
----End
This topic describes how to use the Veritas Cluster Server (VCS) tool, and Veritas commands
to view the server status, perform the switchover, and manage and maintain objects such as
resource groups, resources, and replication volumes.
11.1 HA System Status Overview
Based on the primary and secondary site faults, the U2000 HA system (Veritas hot standby)
has different status. This topic describes the status.
11.2 Principle of HA System Status Conversion
The HA system status changes along with fault occurrence and rectification. This topic
describes the principle of common HA system status conversion.
11.3 Causes of Failover on an HA System
This topic describes the causes of failover on an HA system. If the primary site does not
function properly, services are automatically switched to the secondary site and the secondary
site takes over the monitoring and management of networks. This ensures service protection.
11.4 Restrictions on Using a High Availability System
This topic describes the restrictions on using a high availability system. Some improper
operations lead to high availability system failures.
11.5 Managing Resource Groups
This topic describes how to manage resource groups using commands for routine maintenance
on resource groups.
11.6 Managing Resources
This topic describes how to manage resources in resource groups using commands for routine
maintenance on resources.
11.7 Managing Replication Volumes
This topic describes how to manage replication volumes using commands.
11.8 Manual Switchover Between Active and Standby Sites
This topic describes how to manually switch over the U2000 applications from the active site
to the standby site and then from the standby site to the active site. In this way, you can check
the system reliability and maintain the system.
Normal The The AppService application runs on the primary site, the heartbeat
state primary connection is normal, the replication is from the primary site to the
site secondary site, and the secondary site works to protect the primary
works site.
properly
.
The
seconda
ry site
works
properly
.
Fault The The AppService application runs on the secondary site. The status
switchin primary details are as follows:
g state site is l Resource fault on the primary site: The heartbeat connection is
faulty. normal and the replication is from the secondary site to the
The primary site.
seconda l Primary site failure: The heartbeat connection is torn down and
ry site the replication is interrupted.
works
properly
.
Primary- The The AppService application runs on both the primary and secondary
primary primary sites. The heartbeat connection is torn down and the replication is
state site interrupted. This status is usually caused by a communication
works failure between the primary and secondary sites. The two sites may
properly force each other to log out of a transport NE.
.
The
seconda
ry site
works
properly
.
Protectio The The AppService application runs on the primary site, and the
n failure primary secondary site does not work to protect the primary site. The status
state site details are as follows:
works l If the status occurs because the sources on the secondary site are
properly faulty or the resource groups on the primary and secondary sites
. are frozen, the heartbeat connection is normal and the replication
The is from the primary site to the secondary site.
seconda l If the status is caused by a secondary site failure, the heartbeat
ry site is connection is torn down and the replication is interrupted.
faulty.
l If the status occurs because the SRL data exceeds the threshold,
the heartbeat connection is normal, the replication is from the
primary site to the secondary site, and data is not being
replicated.
System The Both the primary and secondary sites are faulty, no AppService
failure primary application runs, the heartbeat connection is torn down, and the
state site is replication is interrupted.
faulty.
The
seconda
ry site is
faulty.
NOTE
Read 11.1 HA System Status Overview before this topic.
If the HA system is in Normal state, the primary site acts as the active site, the secondary site
acts as the standby site, and the U2000 runs on the primary site. Figure 11-1 shows the
conversion relationship between HA system status.
Table 11-2 shows the conversion relationship between and trigger factors for HA system
status.
NOTE
(3) Fault switching After the primary site fault is rectified, the HA
state→Recovery state system enters the Recovery state.
(4) Normal state →Primary- The communication between the primary and
primary state secondary site has stopped for more than about
600 seconds.
NOTE
For Solaris HA system, if a separate heartbeat
network and a separate replication network have
been configured, the heartbeat between the primary
and secondary sites uses the replication network if
the communication on the heartbeat network is
interrupted. In this scenario, the HA system status
changes from Normal state to Primary-primary state
only if the communication on both the heartbeat and
replication networks has been stopped for more than
about 600 seconds.
(5) Primary-primary After the DCN fault between the primary and
state→Recovery state secondary site is rectified, the HA system
enters the Recovery state.
l After the switching, the U2000 may not receive alarms. It is recommended that the client
be reconnected and the primary site be configured on the U2000 again based on the the
primary site's IP address after switching.
l After the switching, the FTP account may be unavailable. You are advised to reconnect the
client and server. To reconfigure the FTP account, including the sever IP address, user
name, and password, choose Administrator > Settings > FTP Account Information
Management from the main menu.
l Cause 1: A resource in the AppService resource group does not function properly. After
the failover is complete, the HA system enters the Fault switching state.
NOTE
l If you manually stop the following resources, the HA system switchover is not triggered.
l BackupServer is used to monitor the backup database server process. If the backup database
server is faulty, the HA system switchover is not triggered.
RVGPrimary Used to monitor the RVG on the local site. If the RVG on the local
site does not function properly, a failover occurs on the HA system.
Resource Description
Name
appNIC Used to monitor the NIC associated with the U2000 application IP
(Solaris) address. If the NIC does not function properly, a failover occurs on
APPBOND (PC the HA system.
Linux) NOTE
l For Solaris HA system, if an independent NMS application IP address
without IPMP has been configured, the VCS does not monitor this
resource.
l For Solaris HA system, if the system IP address without IPMP is used
as the NMS application IP address, not the heartbeat or replication IP
address, the VCS does not monitor this resource.
l Cause 2: The U2000 on the primary site abnormally powers off, has a hardware fault, or
is broken down. A hardware fault may occur because of disasters such as earthquake,
tsunami, or flood. The U2000 may be broken down because the operating system is
damaged. After the failover is complete, the HA system enters the Fault switching state.
l Cause 3: The interval for interruption of heartbeat connections between the primary and
secondary sites exceeds 600 seconds, the HA system enters the Primary-primary state.
NOTE
For Solaris HA system, if a separate heartbeat network and a separate replication network have
been configured, the heartbeat between the primary and secondary sites uses the replication
network if the communication on the heartbeat network is interrupted. In this scenario, the HA
system status changes from Normal state to Primary-primary state only if the communication on
both the heartbeat and replication networks has been stopped for more than about 600 seconds.
1 The direction of data synchronization between Take the server where a client is
the primary and secondary sites must be recently logged in as the source
correct. If data is supposed to be synchronized server for data synchronization.
from the primary site to the secondary site but You can also force the local server
the data synchronization direction is incorrect, as the primary server to perform
data on the primary site will be overwritten and data synchronization.
cannot be restored.
5 Manually changing the IP address and host The IP address and host name are
name of a high availability system is stored in both the U2000 database
prohibited. Use the MSuite to change the IP and configuration file. The
address and host name of a high availability manual mode leads to incomplete
system. modification; as a result, an IP
address and host name
inconsistency occurs.
Prerequisites
The resource group must be enabled and not be frozen.
NOTE
l If the resource group is disabled, you must enable the resource group. For details, see 11.5.5
Enabling a Resource Group.
l If the resource group is frozen, you must unfreeze the resource group. For details, see 11.5.4
Unlocking a Resource Group.
Procedure
l Using the Command Lines
– In the Solaris or SUSE Linux OS:
hagrp -online <service_group_name> -sys <hostname>
Command example:
hagrp -online AppService -sys Primaster
----End
Prerequisites
The resource group is not frozen.
Procedure
l Run the following command:
– hagrp -offline <service_group_name> -sys <hostname>
Command example:
hagrp -offline AppService -sys Primaster
----End
Context
You need to lock resource groups for system maintenance. If a resource group is locked, you
cannot bring it online, take it offline, or carry out the switchover.
Procedure
l Using the Command Line
a. hagrp -freeze <service_group_name> [-persistent]
Command example:
----End
Procedure
l Run the following command:
a. hagrp -unfreeze <service_group_name> [-persistent]
Command example:
----End
Procedure
l Using the Command Line
a. haconf -makerw
b. hagrp -enable <service_group_name> [-sys hostname]
Command example:
----End
Procedure
l Run the following commands:
a. haconf -makerw
b. hagrp -disable <service_group_name> [-sys hostname]
Command example:
----End
Procedure
Step 1 Using the Command Line
Command example:
----End
Procedure
l Using the Command Line
a. hagrp -clear <service_group_name> [-sys hostname]
Command example:
hagrp -clear AppService
----End
Prerequisites
The resource status is enabled, and all the dependent resources are online.
Procedure
l Using the Command Line
a. hares -online <resource_name> -sys <hostname>
Command example:
hares -online NMSServer -sys Secmaster
----End
Prerequisites
The dependent resources are offline.
Procedure
l Using the Command Line
a. hares -offline <resource_name> [-ignoreparent] -sys <hostname> or hares -
offprop <resource_name> [-ignoreparent] -sys <hostname>
Command example:
Procedure
l Using the Command Line
a. hares -modify <resource_name> Enabled 1
Command example:
i. Assign the read/write right to the resource:
# haconf -makerw
----End
Context
If a resource is disabled, you cannot bring it online.
Procedure
l Using the Command Line
a. hares -modify <resource_name> Enabled 0
Command example:
i. Assign the read/write right to the resource:
# haconf -makerw
----End
Context
You can detect resources to check whether the resources are configured and started in the
VCS.
Procedure
l Run the following command :
a. hares -probe <resource_name> -sys <hostname>
Command example:
hares -probe NMSServer -sys Primaster
----End
Procedure
l Run the following command:
a. hares -clear <resource_name> [-sys hostname]
Command example:
hares -clear NMSServer
----End
Prerequisites
The VxVM process must be started.
NOTE
To check whether VxVM process has been started, run the ps -ef | grep vx command.
Context
Generally, the disk group has been imported when the VxVM starts and this operation is not
required in this case. Perform this operation when the disk group fails to be automatically
imported.
Procedure
l In the Solaris or SUSE Linux OS:
vxdg import <diskgroupname>
vxrecover -g <diskgroupname> -sb
Command example:
Context
Run the vxprint -v command to check the status of a disk volume.
Check if STATE is ACTIVE and KSTATE is ENABLED. If not, it indicates that the disk
volume is abnormal. Perform the following operations to restore the disk volume.
Procedure
Step 1 Run the following commands to recover and start the disk volume.
vxrecover -g <diskgroupname> -sb
vxvol -g <diskgroupname> start <volumename>
----End
Example
vxrecover -g datadg -sb
vxvol -g datadg start lv_nms_data
NOTE
You can run the vxdg list command to query the <diskgroupname>, and run the vxprint -v command to
query the <volumename>.
Context
Run the vxprint -Vl command to check the RVG status.
Check if state is ACTIVE and kernel is ENABLED. If not, it indicates that the RVG is
abnormal. Perform the following operations to restore the RVG.
Procedure
Step 1 Run the following commands to recover and start the RVG.
vxrvg -g <diskgroupname> recover <rvgname>
vxrvg -g <diskgroupname> start <rvgname>
Command example:
NOTE
You can run the vxdg list command to query the <diskgroupname>, and run the vradmin printrvg
command to query the <rvgname>.
----End
Context
Run the vxprint -Pl command to check the RLink Status.
Check if state is ACTIVE. If not, it indicates that the RLink is abnormal. Perform the
following operations to restore the RLink.
Procedure
Step 1 Run the following commands to recover the RLink.
vxrlink -g <diskgroupname>
recover <rlinkname>
Command example:
----End
Prerequisites
Ensure that the following prerequisites are met before performing the operation.
l The heartbeat connection between the active site and the standby site is normal.
l The data replication between the active site and the standby site is normal.
l The active site and the standby site are normal and no fault occurs. If there is a fault tag,
clear it by running the following command:
hares -clear <resource_name> [-sys hostname]
Command example:
hares -clear NMSServer
Context
After the active site is switched over to the standby site, the original standby site in the cluster
changes to the active site. In addition, the replication relation between the active site and the
standby site is repaired and the replication direction is specified again.
l After the switching, the U2000 may not receive alarms. It is recommended that the client
be reconnected and the primary site be configured on the U2000 again based on the the
primary site's IP address after switching.
l After the switching, the FTP account may be unavailable. You are advised to reconnect the
client and server. To reconfigure the FTP account, including the sever IP address, user
name, and password, choose Administrator > Settings > FTP Account Information
Management from the main menu.
Procedure
Step 1 Run the following command to check the replication status.
Command example:
Secondary:
Host name: 10.71.210.76
RVG name: datarvg
DG name: datadg
Data status: consistent, up-to-date
Replication status: replicating (connected)
Current mode: asynchronous
Logging to: SRL
Timestamp Information: behind by 0h 0m 0s
NOTE
You can perform the active/standby replication switchover only when Data status is consistent, up-to-
date.
Step 2 To perform manual switchover between the primary and secondary sites.
Use commands:
l To switch over the U2000 and database applications from the primary site to the
secondary site, run the following command on the secondary site as the root user:
# hagrp -switch AppService -any -clus localclus
l To switch over the U2000 and database applications from the secondary site to the
primary site, run the following command on the primary site as the root user:
# hagrp -switch AppService -any -clus localclus
NOTE
Run the hastatus -sum command as the root user to check the service status and service group status.
Use GUI:
1. Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
2. Choose Deploy > Monitor HA Status from the main menu. The Monitor the Status
dialog box is displayed.
3. Optional: Click View to view the historical records of the primary and secondary sites.
NOTE
The status of each HA system indicator is displayed. You can click detail info to view details or
restoration suggestions.
4. Click check now to view the current information about the primary and secondary sites.
NOTE
----End
If network configurations change, you must use the MSuite to change the IP address, host
name, and route of the server.
l In the scenario of a high availability system, you must separate the primary site from the
secondary site and then change the host names and IP addresses for the primary site and
secondary site.
l The U2000 processes must be stopped.
l The database must be running.
l The new host name must comply with the host name naming rule.
– The host name of the U2000 server must be unique on the network.
– On Solaris/SUSE Linux OS.
n host name must be a string consisting of no more than 24 characters that can
only be letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
n The first character must be a letter and the last character cannot be a hyphen.
n The host name cannot contain --.
n The host name cannot contain only one character.
– On Windows OS, the host name must be a string consisting of no more than 30
characters that can only be letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
– The host name must be case-sensitive.
– The host name cannot be empty or contain spaces.
– The host name cannot be any of the following keywords in the high availability
system.
action false keylist static after firm local stop requires
remotecluster
system group resource global Start str temp set heartbeat
ArgListValues
System Group boolean hard Name soft before online condition
MonitorOnly
remote start cluster event VCShm type Path offline Signaled
HostMonitor
Probed state Cluster IState int Type State VCShmg NameRule
ConfidenceLevel
l If NBIs instances are deployed before the host name and IP address are changed, you
must re-configure NBIs on the MSuite client after changing the IP address and host
name.
l It is recommended that you back up the database in time after changing the IP address
and host name.
Before using commands to change the IP address and host name, make sure that the preceding
requirements are met. Details are as follows:
if the server configure multiple IP addresses, you can modify the NMS application IP address
through the CLI only.
On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su - ossuser
command to switch to the ossuser user to run the following command.):
l Run the following command to change the IP address:
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy
-ip 127.0.0.1 -port 12212 -username admin modifyip -oldip ipaddress -newip
ipaddress -oldnetmask oldnetmask -newnetmask newnetmask
Enter the MSuite login password[]:
NOTE
NOTE
l The default user name of the MSuite is admin and the default password is Changeme_123. If
the password has been changed, enter the new password. If the password has not been
changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l The application IP address parameter indicates the application IP address of the U2000. The
variable ipaddress indicates the IP address associated with the host name to be changed. The
variable hostname indicates the modified host name. After the preceding commands are
executed, restart the OS to make the host name take effect.
Answer
l Do not change an IP address and a host name at the same time. Otherwise, the U2000 fails
to be started.
l Using virtual network interfaces is prohibited.
l Modifying IP addres information may result in network interruption. Perform this
operation only if you fully understand network conditions.
Step 2 Shut down the NMS server and all NMS clients.
In the directory of the NMS software after the installation, for example, the D:\oss\server
\platform\bin directory, run the stopnms.bat file to end the NMS processes.
NOTE
5. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box that is displayed,
enter the new IP address, subnet mask, and default gateway address, and perform the
related modification. Click OK.
Step 6 Login the NMS server with the new IP address.
Step 7 Change the IP address information in the nic.cfg configuration file as required.
NOTE
l The prerequisite to perform this step is that the server communication NIC needs to be replaced or
the NIC name needs to be modified. If you do not need to replace the communication NIC or modify
the NIC name, do not perform this step.
l During U2000 installation, the server IP address must be set to the IP address for external
communication. A loopback IP address, such as 127.0.0.1, is not allowed.
1. Navigate to D:\oss\engr\engineering\conf, copy nic.cfg, and save it as nic_bak.cfg.
NOTE
If the U2000 is not installed in disk D, change D to the actual drive letter.
2. Double-click nic.cfg.
3. Change the IP address information in nic.cfg as required, Ensure that all NIC names in
the file are the same as names of actual NICs on the host, Change physical addresses of
all network interface cards (NIC) to thoses of actual hosts in nic.cfg as follows:
In the CLI, run the ipconfig command to view the associated IP addresses.
– Choose Start > Run. The Run window will be displayed.
– Enter cmd and click OK.
– In the CLI, run the ipconfig -all command to view the associated IP addresses.
HOST01_PublicNIC_NAME=localhost
HOST01_PublicNIC_MAC=00-0C-29-8F-DD-3F
HOST01_PrivateNIC_NAME=localhost
HOST01_PrivateNIC_MAC=00-0C-29-8F-DD-3F
The Login dialog box that is displayed after the Network Management System
Maintenance Suite is logged out of cannot be used for login. Otherwise, network
configuration synchronization fails.
2. Set the related login parameters and click OK. The Management System Maintenance
Suite window is displayed.
– IP Address: Indicates the system IP address of the computer where the MSuite
server is installed.
– Port No.: The default port number is 12212. You do not need to change the default
value during login.
– User Name and Password: The default user name of the MSuite is admin and the
default password is Changeme_123. If the password has been changed, enter the
new password. If the password has not been changed, for system security, modify
the default password and remember the new password. For details, see C.3.1
Changing the Password of the MSuite.
NOTE
A dialog box may be displayed during the process of logging in to the MSuite client. Click OK
according to the prompt.
Step 10 On the Server tab page, right-click the server to be configured and choose Synchronize
Network Configuration from the shortcut menu. Click OK.
Step 11 Manually shut down the MSuite server and the database. Then, restart the OS.
1. Shut down the MSuite server. For details, see Step 3.
2. Shut down the database. For details, see A.7.3 How to Shut Down the SQL Server
Database.
3. Restart the OS.
NOTE
– If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
– The changed IP address will be used for re-configure an NBI. For details, see the related NBI
user guide.
----End
Answer
NOTE
l Do not change an IP address and a host name at the same time. Otherwise, the U2000 fails
to be started.
l Using virtual network interfaces is prohibited.
l Modifying IP addres information may result in network interruption. Perform this
operation only if you fully understand network conditions.
NOTE
Step 3 Perform the following operations to change the host name of the server:
1. Click Start. Right-click Computer on the desktop and choose Properties from the
shortcut menu.
2. In the Computer name, domain, and workgroup settings area, click Change settings.
3. In the Computer Name tab, click Change.
4. In the dialog box that is displayed, change the computer name, and then click OK.
NOTE
– Ensure that you change the host name in the work group.
– The host name must be a string consisting of no more than 30 characters that can only be
letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
– The host name must be case-sensitive.
– The host name cannot be empty or contain spaces.
5. The You must restart your computer to apply these changes dialog box will be
displayed, click OK.
6. Click Close.
7. The You must restart your computer to apply these changes dialog box will be
displayed, click Restart Now to restart the OS.
Step 4 Refer to Step 2 to shut down the NMS server and client.
The Login dialog box that is displayed after the Network Management System
Maintenance Suite is logged out of cannot be used for login. Otherwise, network
configuration synchronization fails.
2. Set the related login parameters and click OK. The Management System Maintenance
Suite window is displayed.
– IP Address: Indicates the system IP address of the computer where the MSuite
server is installed.
– Port No.: The default port number is 12212. You do not need to change the default
value during login.
– User Name and Password: The default user name of the MSuite is admin and the
default password is Changeme_123. If the password has been changed, enter the
new password. If the password has not been changed, for system security, modify
the default password and remember the new password. For details, see C.3.1
Changing the Password of the MSuite.
NOTE
A dialog box may be displayed during the process of logging in to the MSuite client. Click OK
according to the prompt.
Step 7 On the Server tab page, right-click the server to be configured and choose Synchronize
Network Configuration from the shortcut menu. Click OK.
----End
12.1.3 How to Change the IP Address and Host Name for the
Single-Server System (Solaris)
Question
How to change the IP address and host name for the single-server system (Solaris)?
Answer
To change the IP address and host name, do as follows:
1. Stop U2000 server processes.
2. Use the MSuite to change the IP address and host.
3. Restart the OS to make the modifications take effect.
Only the IP address instead of the networking solution can be modified.
Modifying IP addres information may result in network interruption. Perform this operation
only if you fully understand network conditions.
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, see A.8.1.2 How to Start
the Sybase Database Service.
Step 3 After the processes are ended, on the NMS server. For details, see A.9.4 How to Start the
MSuite Client.
Step 4 On the MSuite client, click the Server tab.
2. In the Change IP Address And Hostname dialog box, enter the new IP address, host
name, and subnet mask. The IP address cannot be set to 127.X.X.X.
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
l If the server IP address is changed, you must manually configure the hardware alarm monitoring
function. For details about the replacement procedure, see Configuring the Monitoring Function
for an OceanStor 5500 V3 Disk Array, Configuring the Monitoring Function for an S3900
Disk Array and Configuring the Monitoring Function for an S2600 Disk Array in the U2000
Single-Server System Software Installation and Commissioning Guide (Solaris) manual.
----End
12.1.4 How to Change the IP Address and Host Name for the
Single-Server System (SUSE Linux)
Question
How to change the IP address and host name for the single-server system (SUSE Linux)?
Answer
NOTE
Modifying IP addres information may result in network interruption. Perform this operation
only if you fully understand network conditions.
Step 2 Open a terminal window and run the following commands to end U2000 processes.
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, see A.8.1.2 How to Start
the Sybase Database Service.
Step 3 After the processes are ended, log in to the NMS Maintenance Suite client.
2. In the Change IP Address And Hostname dialog box, enter the new IP address, host
name, and subnet mask. The IP address cannot be set to 127.X.X.X.
NOTE
Multiple IP addresses cannot share the same host name. You must set a host name for each IP address.
3. Click OK. The progress bar is displayed. Wait patiently.
4. After the configuration is complete, the Prompt dialog box is displayed, asking you to
restart the OS. click OK.
Step 6 Optional: If the IP address is changed to one on another network segment, reconfigure the
route according to C.5.2 Configuring Routes.
Step 7 Switch to root user, restart the OS for the settings to take effect. Otherwise, the database and
U2000 will function incorrectly.
$ su - root
Password: root user password
# sync;sync;sync;sync
# shutdown -r now
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
----End
12.1.5 How to Change the IP Address and Host Name for the High
Availability System (Solaris)
Question
How do I change the IP address and host name for the High Availability System (Solaris)?
Answer
To change the IP address and host name, do as follows:
1. Use the MSuite to separate the primary site from the secondary site.
2. Ensure that the NMSServer resource is in offline state and other resources are in online
state on the primary site.
3. Use the MSuite to change the IP address and host name for the primary site. Then, restart
the OS.
4. Ensure that the NMSServer resource is in offline state and other resources are in online
state on the secondary site.
5. Use the MSuite to change the IP address and host name for the secondary site. Then,
restart the OS.
6. Use the MSuite to reconnect the primary and secondary sites.
Only the IP address instead of the networking solution can be modified.
Modifying IP addres information may result in network interruption. Perform this operation
only if you fully understand network conditions.
2. Make the NMSServer resource is in the OFFLINE state and other resources are in the
ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer
resource offline only after all resources are online.
– The command to check all resources group: # hagrp -state -localclus
– The command to online a resource group: # hagrp -online Group -sys hostname
– The command to offline a resource group: # hagrp -offline Group -sys hostname
2. In the Change IP Address And Hostname dialog box, enter the new IP address, host
name, and subnet mask. The IP address cannot be set to 127.X.X.X.
Step 9 Check the status of all resources on the secondary site. Ensure that the NMSServer resource
is in the offline state and other resources are in the online state on the secondary site.
1. Check the status of all resources.
# hares -state -localclus
2. Make the NMSServer resource is in the offline state and other resources are in the
online state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer resource
offline only after all resources are online.
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
# sync;sync;sync;sync
# shutdown -y -g0 -i6
Step 16 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
l If the server IP address is changed, you must manually configure the hardware alarm monitoring
function. For details about the replacement procedure, see Configuring the Monitoring Function
for an OceanStor 5500 V3 Disk Array, Configuring the Monitoring Function for an S3900
Disk Array and Configuring the Monitoring Function for an S2600 Disk Array in the U2000
HA System Software Installation and Commissioning Guide (Solaris) manual.
----End
12.1.6 How to Change the IP Address and Host Name for the
Local High Availability System (SUSE Linux)
Question
How do I change the IP address and host name for the Local High Availability System (SUSE
Linux)?
Answer
To change the IP address and host name, do as follows:
1. Use the MSuite to separate the primary site from the secondary site.
2. Ensure that the NMSServer and the FloatIP resources are in OFFLINE state and other
resources are in ONLINE state on the primary site.
3. Use the MSuite to change the IP address and host name for the primary site. Then, restart
the OS.
4. Ensure that the NMSServer and the FloatIP resources are in OFFLINE state and other
resources are in ONLINE state on the secondary site.
5. Use the MSuite to change the IP address and host name for the secondary site. Then,
restart the OS.
6. Use the MSuite to reconnect the primary and secondary sites.
Only the IP address instead of the networking solution can be modified.
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 4 Check the status of all resources. Ensure that the NMSServer and the FloatIP resources of
the primary site are in the OFFLINE state and other resources are in the ONLINE state.
1. Check the status of all resources.
# hares -state -localclus
Information similar to the following is displayed:
#Resource Attribute System Value
APPBOND State Primaster ONLINE
BackupServer State Primaster ONLINE
DatabaseServer State Primaster ONLINE
FloatIP State Primaster OFFLINE
NMSServer State Primaster OFFLINE
RVGPrimary State Primaster ONLINE
datarvg State Primaster ONLINE
mountRes State Primaster ONLINE
wac State Primaster ONLINE
2. Make the NMSServer and the FloatIP resources are in the OFFLINE state and other
resources are in the ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer and
FloatIP resource offline after all resources are online.
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
Step 7 Optional: If the IP address is changed to one on another network segment, reconfigure the
route according to C.5.2 Configuring Routes.
Step 8 Perform the following operations on the server on which the host name and IP address are
changed to make the change take effect. Otherwise, the database and U2000 will function
incorrectly.
# hastart -onenode
# hagrp -offline AppService -sys hostname
If the host name is changed, the hostname in the above command is the host name modified.
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 10 Check the status of all resources. Ensure that the NMSServer and the FloatIP resources of
the secondary site are in the OFFLINE state and other resources are in the ONLINE state.
1. Check the status of all resources.
# hares -state -localclus
2. Make the NMSServer and the FloatIP resources are in the OFFLINE state and other
resources are in the ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer and
FloatIP resource offline after all resources are online.
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
If the host name is changed, the hostname in the above command is the host name modified.
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
Step 16 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
----End
12.1.7 How to Change the IP Address and Host Name for the
Remote High Availability System (SUSE Linux)
Question
How do I change the IP address and host name for the Remote High Availability System
(SUSE Linux)?
Answer
To change the IP address and host name, do as follows:
1. Use the MSuite to separate the primary site from the secondary site.
2. Ensure that the NMSServer resource is in offline state and other resources are in online
state on the primary site.
3. Use the MSuite to change the IP address and host name for the primary site. Then, restart
the OS.
4. Ensure that the NMSServer resource is in offline state and other resources are in online
state on the secondary site.
5. Use the MSuite to change the IP address and host name for the secondary site. Then,
restart the OS.
6. Use the MSuite to reconnect the primary and secondary sites.
l If the six-NIC scheme is used, configuring the system IP address and application IP
address to different network segments is recommended in order to ensure network fault
isolation. If the application IP address is modified, the application IP address and system
IP address are still on different network segments after the modification. Changing the
system IP address using commands is prohibited.
l Modifying IP addres information may result in network interruption. Perform this
operation only if you fully understand network conditions.
Step 2 Separate the primary site from the secondary site. For details, see C.6.2 Separating the
Primary Site from the Secondary Site.
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 4 Check the status of all resources. Ensure that the NMSServer resource of the primary site is
in the offline state and other resources are in the online state.
1. Check the status of all resources.
# hares -state -localclus
2. Make the NMSServer resource is in the OFFLINE state and other resources are in the
ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer
resource offline only after all resources are online.
– The command to check all resources group: # hagrp -state -localclus
– The command to online a resource group: # hagrp -online Group -sys hostname
– The command to offline a resource group: # hagrp -offline Group -sys hostname
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
Step 7 Optional: If the IP address is changed to one on another network segment, reconfigure the
route according to C.5.2 Configuring Routes.
Step 8 Perform the following operations on the server on which the host name and IP address are
changed to make the change take effect. Otherwise, the database and U2000 will function
incorrectly.
# hastart -onenode
# hagrp -offline AppService -sys hostname
If the host name is changed, the hostname in the above command is the host name modified.
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 10 Check the status of all resources. Ensure that the NMSServer resource of the secondary site is
in the offline state and other resources are in the online state.
1. Check the status of all resources.
# hares -state -localclus
2. Make the NMSServer resource is in the OFFLINE state and other resources are in the
ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer
resource offline only after all resources are online.
– The command to check all resources group: # hagrp -state -localclus
– The command to online a resource group: # hagrp -online Group -sys hostname
– The command to offline a resource group: # hagrp -offline Group -sys hostname
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
Step 14 Optional: If the IP address is changed to one on another network segment, reconfigure the
route according to C.5.2 Configuring Routes.
Step 15 Perform the following operations on the server on which the host name and IP address are
changed to make the change take effect. Otherwise, the database and U2000 will function
incorrectly.
# hastart -onenode
# hagrp -offline AppService -sys hostname
If the host name is changed, the hostname in the above command is the host name modified.
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
Step 16 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
----End
Question
How do I change the IP address of a U2000 cloud host created in the SC window?
Answer
Step 1 Configure the OS network.
1. Use a VDC service user account to log in to the ServiceCenter through the tenant view.
For detail, see Logging in to ServiceCenter.
2. Choose Console > Computing > Cloud Host. Then, choose More > VNC Login on the
right of the mapping cloud host to log in to the VNC operation window.
NOTE
NOTE
Do not stop the database. If the database is not running, start it. For details, seeA.8.1.2 How
to Start the Sybase Database Service.
c. After the processes are ended, A.9.4 How to Start the MSuite Client.
d. On the MSuite client, click the Server tab.
e. Do as follows to change the IP address.
i. Right-click the server name and chooseChange IP Address And Hostname
from the shortcut menu.
ii. In the Change IP Address And Hostname dialog box, enter the new IP
address and subnet mask. The IP address cannot be set to 127.X.X.X.
NOTE
Multiple IP addresses cannot share the same host name. You must set a host name for each
IP address.
iii. Click OK. The progress bar is displayed. Wait patiently.
iv. After the configuration is complete, the Prompt dialog box is displayed, asking
you to restart the OS. click OK.
f. Optional: If the IP address is changed to one on another network segment,
reconfigure the route according to C.5.2 Configuring Routes.
g. Switch to root user,shutdown the OS for the settings to take effect. Otherwise, the
database and U2000 will function incorrectly.
$ su - root
Password: root user password
# sync;sync;sync;sync
# shutdown -h now
NOTE
n If NBIs instances are deployed before the host name and IP address are changed, you
must re-configure NBIs on the MSuite client after changing the IP address and host
name.
n The changed IP address will be used for re-configure an NBI. For details, see the related
NBI user guide.
3. Change its IP address,click OK. In the Confirm dialog box, click OK.
Change the host IP address to be the same as the OS network IP address.
4. Use a VDC administrator account to log in to the ServiceCenter. For details, see
Logging in to ServiceCenter.
5. Choose Services > Apply > My To-Dos, view the application task submitted by the
VDC service user, and click Approve.
6. Select Agree, and click Submit.
7. Choose VDC > All Orders.
If the Status value of the application is Succeeded, the system has successfully allocated
resources.
----End
Question
How do I change the Hostname of a U2000 cloud host created in the SC window?
Answer
Step 1 Change the host name.
1. Use a VDC service user account to log in to the ServiceCenter through the tenant view.
For detail, see Logging in to ServiceCenter.
2. Choose Console > Computing > Cloud Host. Then, choose More > VNC Login on the
right of the mapping cloud host to log in to the VNC operation window.
NOTE
NOTE
Do not stop the database. If the database is not running, start it. For details, seeA.8.1.2 How
to Start the Sybase Database Service.
c. After the processes are ended, A.9.4 How to Start the MSuite Client.
d. On the MSuite client, click the Server tab.
e. Do as follows to change the IP address.
i. Right-click the server name and chooseChange IP Address And Hostname
from the shortcut menu.
ii. In the Change IP Address And Hostname dialog box, enter the new host
name..
NOTE
Multiple IP addresses cannot share the same host name. You must set a host name for each
IP address.
iii. Click OK. The progress bar is displayed. Wait patiently.
iv. After the configuration is complete, the Prompt dialog box is displayed, asking
you to restart the OS. click OK.
f. Switch to root user,restart the OS for the settings to take effect. Otherwise, the
database and U2000 will function incorrectly.
$ su - root
Password: root user password
# sync;sync;sync;sync
# shutdown -r now
NOTE
n If NBIs instances are deployed before the host name and IP address are changed, you
must re-configure NBIs on the MSuite client after changing the IP address and host
name.
n The changed IP address will be used for re-configure an NBI. For details, see the related
NBI user guide.
----End
A FAQs
This topic provides answers to the most frequent questions concerning the installation.
A.1 Windows OS
This topic provides answers to FAQs about clients installed on Windows OS.
A.2 SUSE Linux OS
This topic provides the FAQs occurred in the SUSE Linux OS.
A.3 Solaris OS
This topic provides answers to FAQs about clients installed on Solaris OS.
A.4 System Settings of the Huawei RH series rack server
This topic covers FAQs about Huawei RH series rack server system settings.
A.5 System Settings of the IBM Server
This topic covers FAQs about IBM Server system settings.
A.6 Veritas HA System
This topic covers FAQs about the Veritas HA system.
A.7 SQL Server Database
This topic describes the FAQs about the SQL server database.
A.8 Sybase Database
This topic covers FAQs about the Sybase database.
A.9 MSuite
This topic covers FAQs about the NMS maintenance suite.
A.10 U2000 System
This topic covers FAQs about the U2000 system.
A.11 VMware Virtual Machine(VMware vSphere Client)
This topic provides answers to the most frequent questions concerning the VMware virtual
machine.
A.12 VMware Virtual Machine(vSphere Web Client)
This topic describes operations related to VMware 6.5 where the VCSA is logged in through
the vSphere Web Client.
A.1 Windows OS
This topic provides answers to FAQs about clients installed on Windows OS.
Question
If the network connection is unstable, intermittently disconnected, or unreachable, the static
route may be not added. How do I add a static route?
If there are multiple network interfaces and their IP addresses are within different network
segments, the static route can be configured on only one of these network interfaces. To
prevent the failure of one network interface from causing the disconnection of the entire
network, the static route needs to be added on other network interfaces.
Answer
Step 1 Run the following command on the command prompt window to view the existing routes:
C:\> route print
----End
Question
How to change the password of the OS administrator?
Answer
Step 1 Log in to the OS as the administrator user.
l If the database is not started, manually start it. Otherwise, login to the database fails after the
password is changed.
l If the password of the administrator is changed when the SQL server database is not started, login
to the database fails. In this case, you need to change the password to the original one, start the SQL
server database, and then change the password of the administrator. To ensure the security of the
U2000, passwords must be complex enough. For example, a password must contain eight or more
characters of two types. The allowed characters are digits, letters, and special characters. Remember
to change passwords regularly.
Step 5 In the dialog box that is displayed, enter the old password and the new password, and confirm
the new password.
Step 7 Choose Start > All Programs > Microsoft SQL Server 2008 > SQL Server Management
Studio. The Connect to Server window is displayed. Enter the server name, and then click
Connect.
Step 8 Right-click the database server node for the local server from the navigation tree and choose
Properties from the shortcut menu. In the dialog box that is displayed, click the Security tab,
and then change the administrator password in the Enable server proxy account area.
----End
Question
How to configure the remote login to the Windows OS?
Answer
Step 1 Log in to the OS as the administrator.
Step 2 Right-click Computer and choose Properties from the shortcut menu.
Step 3 In the System dialog box, click the Remote settings tab.
Step 4 In the System Properties dialog box, set the remote login right through the option button as
required.
Step 6 To connect a local PC to the Windows server remotely, apply for a digital certificate that uses
SHA256 encryption. The applied certificate has to be stored on the local computer. The
following describes how to load and query a digital certificate:
1. All applied digital certificates must be stored in the certificate management container for
further loading.
a. Choose Start > Run. In the Run window, enter mmc.exe.
b. In the Console1 window, choose File > Add or Remove Snap-ins.
c. In the Add or Remove Snap-ins dialog box, double-click Certificates in Available
snap-ins.
d. In the Certificates snap-in dialog box, select computer account and click Next.
e. In the Select Computer dialog box, select Local computer:(the computer this
console is running on) and click Finish.
f. In the Add or Remove Snap-ins,click OK.
g. In the Console1 window, chooseConsole Root > Certificates(Local computer) >
Personal, right-click and choose All Tasks > Import in the Object Type.
h. In the Certificate Import Wizard, clickNext.
i. In the File to Import dialog box, click Browse, select All Files ,select a digital
certificate, click Open, click Next.
j. In the Password dialog box, Input the private key password when applied digital
certificates Obtained, click Next.
k. In the Certificate Store dialog box, click Next.
l. ClickFinish, the The import was successful dialog box is displayed, click OK.
m. In the Console1 window, chooseConsole Root > Certificates(Local computer) >
Personal > Certificates to check whether the certificate has been stored in the
certificate management container.
2. Load a digital certificate.
a. Choose StartAll ProgramsAdministrative ToolsRemote Desktop
ServicesRemote Desktop Session Host Configuration.
b. In the Remote Desktop Session Host Configuration window, select RDP-Tcp in
the Connections list, right-click and choose Properties from the shortcut menu.
c. In the RDP-Tcp Properties dialog box, click the General tab and then Select to
load a certificate.
d. In the Windows Security dialog box, click OK.
e. In the RDP-Tcp Properties dialog box, click OK.
----End
A.1.4 How to Set the Virtual Memory to the System Managed Size
Question
How to set the virtual memory to the system managed size?
Answer
Step 1 Click Start. Right-click Computer on the desktop and choose Properties from the shortcut
menu.
Step 2 In the System dialog box, click the Advanced system settings tab.
Step 3 In the System Properties dialog box, click the Advanced tab.
Step 5 In the Performance Options dialog box, click the Advanced tab.
Step 7 In the Virtual Memory dialog box, deselect Automatically manage paging file size for all
drives and click the System managed size option button.
Step 8 Click Set.
----End
Answer
Step 1 Choose Start > Run. In the Run dialog box, enter cmd to open the command line interface
(CLI) window.
Step 2 Run the ipconfig /all command and check whether multiple pieces of IP Address information
are displayed.
l If only one piece of IP Address is displayed, the NIC is assigned only one IP address.
l If multiple pieces of IP Address information are displayed, the NIC is assigned multiple
IP addresses.
----End
Answer
Step 1 For details about how to check whether unnecessary IP addresses have been set, see A.1.5
How to Check Whether an NIC Is Assigned Multiple IP Addresses (Windows).
Step 2 If the NIC is assigned multiple IP addresses, perform the following steps to delete
unnecessary IP address:
Windows 2008:
1. Click Start, Right-click Network and choose Properties from the shortcut menu.
----End
Question
Two types of Windows OSs is available for Windows 2008: 64-bit OS. How to query the type
of a Windows OS?
Answer
Step 1 Perform the following steps for Windows 2008:
1. Log in to the OS as the ossuser.
2. Right-click Computer and choose Properties from the shortcut menu.
3. In the System dialog box, view the value of System type, as shown in the following
figure.
----End
Question
Some system commands, such as ipconfig, can be run in the CLI on Windows. How do I log
in to the CLI on Windows?
Answer
Step 1 Choose Start > Run on Windows.
To query the IP address and gateway information about the PC, enter ipconfig and press Enter.
----End
Answer
Step 1 Log in to the OS as the administrator.
Step 2 Choose Start > All Programs > Administrative Tools > Services.
Step 3 Right-click Windows Update service and choose Properties from the shortcut menu.
Step 4 On the General tab, change the value of Startup type to Disabled.
----End
Answer
Step 1 Log in to the OS as a user with ossuser rights.
Step 2 Choose Start > Run. The Run window will be displayed.
Step 4 Run the ipconfig -all command in the CLI. Information similar to the following is displayed:
Windows IP Configuration
Connection
Physical Address. . . . . . . . . :
00-25-9E-81-29-5B
Dhcp Enabled. . . . . . . . .
Yes . . :
Autoconfiguration Enabled . .
Yes . . :
IP Address. . . . . . . . . . . . :
10.187.220.199
Subnet Mask . . . . . . . . . . . :
255.255.255.0
Default Gateway . . . . . . . . .
10.187.220.1:
DHCP Server . . . . . . . . . . .
10.187.220.1:
DNS Servers . . . . . . . . . . .
10.187.17.24:
10.172.255.100
10.198.248.39
Lease Obtained. . . . . . . . . . : 2012.6.8 15:49:04
Lease Expires . . . . . . . . . . : 2012.6.8 19:49:04
The network connection name associated with 10.187.220.199 is Local Area Connection 3.
----End
Question
How do I manually enable and disable the FTP service on a server?
Answer
l Enable and Disable the FTP service.
– Enable the FTP service.
i. Log in to the operating system with the ossuser rights.
ii. Access the D:\oss\server\3rdTools\ftp path and rename the
Start_Apache_ftp.bat script under the ftp folder. For example, change the
script name to Start_Apache_ftp_win.bat.
iii. Execute the Start_Apache_ftp_win.bat script.
NOTE
NOTE
Answer
Step 1 Log in to the Windows OS as the ossuser.
Step 2 Run the following command in the command line window to enter the directory of the script:
C:\Users>cd /d D:\oss\server\3rdTools\ftp\minasshd\modifyAlgorithm\
All mac_algorithms:
HMACSHA256;HMACSHA512;HMACSHA1;HMACMD5;HMACSHA196;HMACMD596
;HMACSHA196;HMACMD596
Current configured mac_algorithms: Cipher = AES128CTR;AES128CBC;TripleDESCBC
NOTE
If the system prompts that the python command is not available, use the python of the U2000. To
access the python of the U2000, run D:\oss\server\3rdTools\ftp\minasshd\modifyAlgorithm and
D:\oss\server\3rdTools\python\bin\python.exe modifyminasshd.py in the command line
window.
2. The system prompts you whether to modify macs algorithms. Type y or Y and press
Enter. If you do not want to modify it, press Enter to skip. After you type y and press
Enter, the following information is displayed:
Please input mac_algorithms for minasshd separated by a ';'. For example:
HMACSHA256;HMACSHA512;HMACSHA1
:
After you type y and press Enter, the following information is displayed:
please input your modify MACs Algorithm with ';' separate
:
Enter the target mac_algorithms, It is recommended that
HMACSHA256;HMACSHA512;HMACSHA1 be entered and press Enter.
NOTE
Before selecting a secure algorithm, ensure that the system interconnected to the U2000 supports this
algorithm; otherwise, this system cannot connect to the U2000 server over minasshd.
3. The system prompts you whether to modify cipher_algorithms. Type y or Y and press
Enter. If you do not want to modify it, press Enter to skip.
Input Y or y to modify cipher_algorithms,otherwise,exit the modification of
cipher_algorithms.
:
After you type y and press Enter, the following information is displayed:
Please input cipher_algorithms for minasshd separated by a ';'. For example:
AES128CTR;AES256CTR
:
Enter the target cipher_algorithms, It is recommended that
AES128CTR;AES128CBC;TripleDESCBC be entered and press Enter.
NOTE
Before selecting a secure algorithm, ensure that the system interconnected to the U2000 supports this
algorithm; otherwise, this system cannot connect to the U2000 server over minasshd.
4. Check the configuration result. The configuration is successful is the following
information is displayed:
End modify the mimasshd algorithms, please restart minasshd in U2000 System
Monitor
Step 4 Open the System Monitor and restart the minasshd process for the new algorithms to take
effect.
----End
Answer
Step 1 Perform the following operations:
l Log in to the Windows OS as ossuser to change the password:
a. Log in the operating system as the ossuser user.
b. Choose Start > Control Panel > User Accounts > Change your Windows
password > Change your password.
c. In the Change Your Password window, enter the old and new passwords of
ossuser and the new password again for verification, and click Change Password.
l Log in to the Windows OS as administrator to change the password:
a. Log in to the OS as administrator.
b. Choose Start > Control Panel > User Accounts > Add or remove user accounts
> ossuser > Change the password.
c. In the Change Password window, enter the new password of ossuser and the new
password again for verification, and click Change password.
NOTE
Step 2 Choose Start > Run. In the Run dialog box, enter services.msc and click OK.
Step 3 In the Services window, right-click iMapService and choose Properties from the shortcut
menu.
Step 4 Click the Log On tab, enter Password and Confirm password values, and click OK.
----End
Question
How to change the password for the windows OS user dbuser?
Answer
Step 1 Perform the following operations:
l Log in to the Windows OS as dbuser to change the password:
a. Log in the OS as dbuser.
b. Choose Start > Control Panel > User Accounts > Change your Windows
password > Change your password.
c. In the Change Your Password window, enter the old and new passwords of
dbuser and the new password again for verification, and click Change Password.
l Log in to the Windows OS as administrator to change the password:
a. Log in to the OS as administrator.
b. Ensure that the SQL server database is started.
NOTE
n If the database is not started, manually start it; otherwise, the database cannot be logged
in to after the password is changed.
n If the dbuser password is changed in case the database is not started, logging in to the
SQL server database will fail. In this case, restore the original password, start the SQL
server database, and then change the dbuser password.
c. Choose Start > Control Panel > User Accounts > Add or remove user accounts
> dbuser > Change the password.
d. In the Change Password window, enter the new password of dbuser and the new
password again for verification, and click Change password.
e. Choose Start > Run. In the Run dialog box, enter services.msc and click OK.
f. In the Services window, right-click SQL Server (MSSQlSERVER) and choose
Properties from the shortcut menu.
g. Click the Log On tab, enter Password and Confirm password values, and click
OK.
NOTE
----End
Question
How to change the password for the Windows OS user ftpuser?
Answer
l Log in to the Windows OS as ftpuser to change the password:
a. Log in the OS as the ftpuser user.
b. Choose Start > Control Panel > User Accounts > Change your Windows
password > Change your password.
c. In the Change Your Password window, enter the old and new passwords of
ftpuser and the new password again for verification, and click Change Password.
l Log in to the Windows OS as administrator to change the password:
a. Log in to the OS as administrator.
b. Choose Start > Control Panel.
c. In the Control Panel window, set View by to Category and click User Accounts.
d. In the User Accounts window, click Change your Windows password and then
click Manage another account.
e. In the Manage Accounts window, click ftpuser.
f. In the Change an Account window, click Change the password.
g. In the Change Password window, enter the new password of ftpuser and the new
password again for verification, and click Change password.
NOTE
Answer
Step 1 Start the IE Explorer, click Tools in the right corner, and select Internet Options.
Step 2 In the Internet Options dialog box displayed, select the Advanced tab. In Settings, deselect
Use SSL 2.0, Use SSL 3.0, Use TLS 1.0 and select Use TLS 1.1, Use TLS 1.2. See
.
Step 3 Click OK.
----End
Answer
Step 1 Right-click and choose Control Panel from the shortcut menu. Then choose Program >
Set your default programs.
Step 2 In the Set Default Programs window, select Internet Explorer in Programs and click
Choose defaults for this program.
Step 3 In the Set Program Associations window, click Select All and Save.
----End
Answer
l Method 1:
a. Log in to the OS as the user whose password needs to be changed, for example,
root, ossuser, or webuser.
NOTE
c. Enter the current ossuser user password as prompted, the default password is
Changeme_123.
d. Enter a new password as prompted, for example, Changeme_123.
To ensure the security of the U2000, passwords must be complex enough. For
example, a password must contain eight or more characters of two types. The
allowed characters are digits, letters, and special characters. Remember to change
passwords regularly.
NOTE
Any character that you enter using the keyboard will be considered a password component,
including Backspace. For example, if you enter the string cBackspaceChangeme_123, the
password is cBackspaceChangeme_123, but not Changeme_123.
e. Enter the new password again as prompted. Press Enter to make the change take
effect.
After the new password takes effect, do not close the CLI.
Open another CLI and log in using the new password to verify the new password. If
the new password is correct, close all the CLIs. If the new password is incorrect,
repeat the preceding steps to change the password again.
l Method 2 (Change the passwords for other OS users, as the root user):
a. Log in to the OS as the root user.
b. Open the command terminal, run the following command to set the OS user
password:
# passwd OS user
After the new password takes effect, do not close the CLI.
Open another CLI and log in using the new password to verify the new password. If
the new password is correct, close all the CLIs. If the new password is incorrect,
repeat the preceding steps to change the password again.
----End
Question
How do I start/stop the FTP/SFTP/Telnet service in the SUSE Linux OS?
NOTE
Using SFTP is recommended, operations in this topic applies to the following scenarios:
l See operations in this topic on the U2000 server when files, such as the installation package and
license file, need to be uploaded to the U2000 server during U2000 installation.
l See operations in this topic on the SUSE Linux server before U2000 data is backed up or restored.
Answer
Step 1 Use the remote login software such as PuTTY to log in to the OS by means of SSH as the
root user.
NOTE
If the SetSuse policy has been enabled, you can log in to the OS only by means of SSH. Because after
the SetSuse policy has been enabled, only the SSH service for the ossuser user has the login right. The
PuTTY is recommended.
Run the following command to switch to the root user:
$ su - root
Enter a login password for the root user.
Step 2 Start and stop the FTP/SFTP (more secure, recommended)/Telnet service.
l Starting and stopping the FTP service:
– NMS is not installed, do as the following:
n Run the following command to start the FTP service:
# service vsftpd start
----End
A.2.3 How to Enable and Disable the FTP Authority of the root
User in the SUSE Linux OS
Question
How to enable and disable the FTP authority of the root user in the SUSE Linux OS?
Answer
l The method of enable the FTP authority of the root user is as follow:
a. Log in to the SUSE Linux OS as the root user.
b. Run the vi /etc/ftpusers command to open the ftpusers file in the /etc directory.
Add the comment tag (#) to the beginning of the following line in the ftpusers file
to comment out this line:
root
c. Run the command wq! to save and close the ftpusers file.
l The method of disable the FTP authority of the root user is as follow:
a. Log in to the SUSE Linux OS as the root user.
b. Run the vi /etc/ftpusers command to open the ftpusers file in the /etc directory and
delete the comment tag (#) to the beginning of the following line in the ftpusers
file:
root
c. Run the command wq! to save and close the ftpusers file.
----End
Question
How do I add the default route in the SUSE Linux OS?
Answer
Step 1 Log in to the system as user root.
Step 4 Write the default route configurations into the /etc/sysconfig/network/routes file.
l Format:
default gateway IP address - -
NOTE
gateway IP address: network management IP address for the network on which the U2000 server
is located.
l Example:
default 10.9.1.254 - -
Step 5 Press Esc and run the command :wq to save and close the file.
Step 6 Run the following command to make the route take effect:
# /etc/init.d/network restart
Step 7 Run the netstat -nr command to view the default route of the system.
----End
Question
How do I add a static route in the SUSE Linux OS?
NOTE
If a static route exists and a new static route needs to be added, use the MSuite to add a static route after
the U2000 is installed. Using yast2 to add a static route is prohibited to prevent several-second network
disconnection and service interruption.
Answer
Step 1 Log in to the system as user root.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 3 Run the following command to view the existing routes in the system:
# netstat -nr
Step 5 Write the static route configurations into the /etc/sysconfig/network/routes file.
l Format:
NOTE
– destination network segment address: The network segment of the IP address of the computer
connected to the U2000 server.
– gateway IP address: network management IP address for the network on which the U2000
server is located.
– destination network segment subnet mask: subnet mask of the network segment on which the
computer connected to the U2000 server is located.
l Example:
10.16.1.0 10.9.1.254 255.255.255.0
Press Esc and run the command :wq to save and close the file.
Step 6 Run the following command to make the route take effect:
# /etc/init.d/network restart
----End
NOTE
If a static route exists and a new static route needs to be added, use the MSuite to add a static route after
the U2000 is installed. Using yast2 to add a static route is prohibited to prevent several-second network
disconnection and service interruption.
Answer
Step 1 Ensure that the MSuite servers on the primary and secondary sites have been started.
Run the following command as the root user to check whether the MSuite servers are started:
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
# ps -ef | grep java
com.huawei.u2000.inventory.webserver.JettyStarter
...
NOTE
If the displayed information contains /opt/oss/OSSJRE/jre_sol/bin/java -server in the Solaris system
and /opt/oss/OSSJRE/jre_linux/bin/java -server in SUSE Linux system, the MSuite servers have been
started.
If the MSuite servers have not been started, switch to the ossuser and run the following
commands as the root user to start the MSuite servers:
# su - ossuser
$ cd /opt/oss/engr/engineering
$ ./startserver.sh
Step 2 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 4 Right-click the target server and choose Configure Route from the shortcut menu. The
Configure Route dialog box is displayed.
Step 5 In the dialog box that is displayed, click Add or Delete according to actual route conditions to
configure the route.
Before adding a route, ensure that the server and the router are directly connected. Otherwise,
the route cannot be took effect immediately.
For example, the procedure for adding a route from a client (IP address: 10.70.73.77) to a
server (IP address: 10.71.224.12) is as follows, with the IP address of the intermediate router
being 10.71.224.1:
1. Ensure that the server and the router are directly connected.
Step 7 After the configurations are complete, run the netstat -nr command to view route
configurations.
----End
Question
How do I check the remaining space of a disk?
Answer
Run the df -hk command to check the remaining space of a disk.
For example, run the df -hk /opt command to check the remaining space of the /opt partition.
Question
How to monitor system processes and application ports after the SUSE Linux OS is installed?
Answer
l Choose Computer > More Applications > System > GNOME System Monitor to
manage processes.
l Opens the terminal, use ps -ef | grep process name command to view processes. You can
run the vmstat or top command to view the usage of the CPU, memory, and I/O bus.
Question
What should I do when I fail to log in to the SUSE Linux OS through the remote login tools?
Answer
Step 1 Log in to the SUSE Linux OS as user root through remote login software or the Windows OS
CLI.
Step 3 Use the remote login tools to log in to the U2000 server again.
----End
Question
How do I query the process status?
Answer
Run the ps -ef | grep process name command to query the process status.
For example, run the ps -ef | grep sysmonitor command to query the status of the sysmonitor
process. The following message will be displayed:
ossuser 17156 17032 0 22:13:59 pts/3 0:00 grep sysmonitor
ossuser 11972 1 0 04:38:10 pts/2 13:00 imap_sysmonitor -cmd start
l imap_sysmonitor indicates information about the process, where 11972 is the process
ID.
NOTE
Question
How do I forcibly end a process?
Answer
Run the kill -9 process ID command to forcibly end a process.
Question
How do I use the vi editor?
Answer
Run the following command to open the vi editor:
vi file name
l If a file with the same filename exists, run the vi command to open and edit the file.
l If a file with the same filename does not exist, run the vi command to create and edit a
file.
ESC Press ESC to exit the text input mode and enter the
command mode.
l The commands for inserting text are as follows (must be run in command mode).
Command Function
o Adds text at the beginning of the next line where the cursor
locates (open).
l The commands for moving the cursor are as follows (must be run in command mode).
Command Function
Command Function
l The commands for deleting texts are as follows (must be run in command mode).
Command Function
l The commands for quitting the vi editor are as follows and must be run in command
mode. You are recommended to press ESC before running any command listed in Table
A-1.
A.2.13 How to Change the Time and Time Zone of the SUSE
Linux OS
Question
How to change the time and time zone of a SUSE Linux OS where the U2000 is not installed
yet?
NOTE
For how to change the time and time zone of a SUSE Linux OS after the U2000 has been installed, see C.4.1
Setting the System Time and Time Zone.
Answer
Step 1 Log in to the graphical desktop system of the SUSE Linux OS as the root user.
Step 2 Open the CLI and run the following command to start the YaST2 control center.
# yast2
Step 4 In the dialog box that is displayed, set the area and time zone.
Step 5 To change the time, click Change. In the dialog box that is displayed, set the date and time,
and then click Accept.
Step 6 Click OK.
Step 7 Run the following commands to restart the OS. It takes approximately 5 to 8 minutes to
restart the system.
# sync;sync;sync;sync
# shutdown -r now
Step 8 Optional: For Suse 11 OS, ensure that the time and time zone has been correctly modified
after restart the OS, or run the following commands.
1. Run the following commands to synchronize the hardware time.
# . /etc/sysconfig/clock
# /sbin/hwclock --systohc $HWCLOCK
3. Run the following commands to restart the OS. It takes approximately 5 to 8 minutes to
restart the system.
# sync;sync;sync;sync
# shutdown -r now
----End
Answer
The virtual network computing (VNC) is a component of SUSE Linux. It is a typical thin
client software. The graphics processor service runs on the server and multiple instances can
be created.
l Advantage: A remote computer can access the server using the Internet Explorer. If the
connection is torn down, the desktop can be held by logging in with the same user name
and port number. The remotely run applications will not be interrupted due to the
network disconnection.
l Disadvantage: The shortcut options in the VNC window conflicts with those on the
Windows and applications. As a result, some shortcut options are unavailable in the
VNC window. Table A-2 shows the usage of the commonly seen shortcut options in the
VNC window.
NOTE
l It is recommended that you log in to the OS in SSH (recommended) or Telnet mode, instead of the
Java desktop mode. Then run the commands to enable the VNC services.
l The VNC service is automatically disabled after the OS is restarted to ensure the security of the
U2000. To use the VNC to remotely log in to SUSE Linux, reconfigure the VNC service.
l The VNC can be configured and used on NM, EM, and IS nodes in a distributed system.
l After installing U2000, the scripts to enable and disable VNC is in the in the /opt/oss/engr/
tools/VNC directory. Before installing U2000, the scripts to enable and disable VNC is in the in
the /opt/install/OSSICMR/tools/VNC directory. The following example describes how to use the
VNC after installing U2000.
l Configure the VNC service as the root user.
a. Use the PuTTY tool to log in to the server as a root user.
b. Optional: Run the following command as user root to set the password for user
root to log in to the VNC. If the VNC login password for user root already exists or
is known, skip this step.
# vncpasswd
l Remember the password that will be used for VNC login as user root.
l If the password is forgotten, log in to the OS as user root, run the vncpasswd command,
and set a new password according to the message.
# cd /opt/oss/engr/tools/VNC
# sh start_vnc_root.sh
If the command output contains successfully, the VNC service corresponding to the
root user is started. The port ID is 5802 for the root user.
NOTE
l During operations on the GUI, do not close the PuTTY dialog box. Otherwise, the
connection to the VNC client becomes abnormal. If the PuTTY dialog box is closed,
refer to this FAQ to reconfigure the VNC service.
l If a message is displayed asking you to set the password, run the vncpasswd command
as the root user to set the password.
l If information similar to the following is displayed:
The vnc for root is already running and port is 2.
Run the following commands to stop the VNC service and close the port:
# sh stop_vnc_root.sh
# su - ossuser
$ vncserver -kill :2
$ exit
Run command sh start_vnc_root.sh to start the VNC service for the root user.
l If information similar to the following is displayed:
start vncserver :2 failed
Run the following commands to enable the VNC services.
# vncserver :2
l If information similar to the following is displayed:
Warning: X3650-SEC1:2 is taken because of /tmp/.X11-unix/X2
Remove this file if there is no X server X3650-SEC1:2
A VNC server is already running as :2
X3650-SEC1 is the server name.
Run ps -ef |grep vnc to check whether the VNC service corresponding to the root user
has started.
l If no information is displayed, the VNC service corresponding to the root user has
not started.
Run cd /tmp. If the .X2-lock file exists, run rm .X2-lock to delete the .X2-lock
file.
Run cd /tmp/.X11-unix. If the X2 file exists, run rm X2 to delete the X2 file.
Repeat Step 3 to start the VNC service for the root user.
l If information is displayed, the VNC service corresponding to the root user has
started.
d. Perform the following operations to create an SSH tunnel so that the
communication between the server and VNC client is more secure. In the following
example, the PuTTY is saved in the D:\PuTTY path and the server IP address is
10.9.1.1.
i. On a PC or laptop, choose Start > Run. In the dialog box that is displayed,
enter cmd to open a CLI.
ii. Run the following command to navigate to the path where the PuTTY is
located:
C:\> cd /d D:\PuTTY\
iii. Run the following command to create an SSH tunnel for the root user:
D:\PuTTY> putty -L 5902:localhost:5902 -L 5802:localhost:5802
10.9.1.1
NOTE
l During operations on the GUI, do not close the PuTTY dialog box. Otherwise, the
connection to the VNC client becomes abnormal. If the PuTTY dialog box is
closed or SSH tunnel is disconnected due to an exception, refer to this FAQ to
reconfigure the VNC service.
l If the security hardening policy is enabled on the system, enter the user name and
password of the ossuser user in the PuTTY window to complete the creation of
the SSH tunnel.
e. Open the Internet Explorer of a PC or laptop. Enter http://localhost:5802 in the
address bar. Then press Enter.
NOTE
If a message is displayed indicating that the application is prohibited to run, choose Start >
Control Panel and click Java. In the Java Control Panel dialog box, click the Security tab,
Edit Site List, and Add, and enter http://localhost:5802. Click OK, Continue, and then
OK. Restart the Internet Explorer and enter http://localhost:5802 in the address bar.
f. Enter the password and click OK to access SUSE Linux.
l Remember the password that will be used for VNC login as user ossuser.
l If the password is forgotten, log in to the OS as user ossuser, run the vncpasswd
command, and set a new password according to the message.
c. Run the following commands to enable the VNC service for the ossuser user.
$ su - root
Password: root user password
# cd /opt/oss/engr/tools/VNC
# sh start_vnc_oss.sh
If the command output contains successfully, the VNC service corresponding to the
ossuser user is started. The port ID is 5803 for user ossuser.
NOTE
l If a message is displayed asking you to set the password, run the vncpasswd command
as the ossuser user to set the password.
l If information similar to the following is displayed:
The vnc for ossuser is already running and port is 3.
Run the following commands to stop the VNC service and close the port:
# sh stop_vnc_oss.sh
# vncserver -kill :3
Run command sh start_vnc_oss.sh to start the VNC service for the ossuser user.
l If information similar to the following is displayed:
start vncserver :3 failed
Run the following commands to enable the VNC service.
# vncserver :3
l If information similar to the following is displayed:
Warning: X3650-SEC1:3 is taken because of /tmp/.X11-unix/X3
Remove this file if there is no X server X3650-SEC1:3
A VNC server is already running as :3
X3650-SEC1 is the server name.
Run ps -ef |grep vnc to check whether the VNC service corresponding to the ossuser
user has started.
l If no information is displayed, the VNC service corresponding to the ossuser user
has not started.
Run cd /tmp. If the .X3-lock file exists, run rm .X3-lock to delete the .X3-lock
file.
Run cd /tmp/.X11-unix. If the X3 file exists, run rm X3 to delete the X3 file.
Repeat Step 3 to start the VNC service for the ossuser user.
l If information is displayed, the VNC service corresponding to the ossuser user has
started.
d. Perform the following operations to create an SSH tunnel for the ossuser user so
that the communication between the server and VNC client is more secure. In the
following example, the PuTTY is saved in the D:\PuTTY path and the server IP
address is 10.9.1.1.
i. On a PC or laptop, choose Start > Run. In the dialog box that is displayed,
enter cmd to open a CLI.
ii. Run the following command to navigate to the path where the PuTTY is
located:
C:\> cd /d D:\PuTTY\
iii. Run the following command to create an SSH tunnel for the ossuser user:
D:\PuTTY> putty -L 5903:localhost:5903 -L 5803:localhost:5803
10.9.1.1
NOTE
NOTE
During operations on the GUI, do not close the PuTTY dialog box. Otherwise, the
connection to the VNC client becomes abnormal. If the PuTTY dialog box is closed or
SSH tunnel is disconnected due to an exception, refer to this FAQ to reconfigure the
VNC service.
e. Open the Internet Explorer of a PC or laptop. Enter http://localhost:5803 in the
address bar. Then press Enter.
NOTE
If a message is displayed indicating that the application is prohibited to run, choose Start >
Control Panel and click Java. In the Java Control Panel dialog box, click the Security tab,
Edit Site List, and Add, and enter http://localhost:5803. Click OK, Continue, and OK,
restart the Internet Explorer, and enter http://localhost:5803 in the address bar.
f. Enter the password and click OK to access SUSE Linux.
If you still cannot use the VNC on a PC or laptop to log in to the server after the VNC is
configured, perform the following operations to locate the fault:
a. Check whether the VNC port is occupied.
For a root user, the VNC port is 5802. For an ossuser user, the VNC port is 5803.
For the U2000 V100R008SPC300 or later, port forwarding must be configured on
Windows. VNC ports may be occupied.
On a PC or laptop running on Windows, if a root user cannot use the VNC to log in
to the server, run the netstat -a |findstr 5802 command to check whether the VNC
port is occupied. If an ossuser user cannot use the VNC to log in to the server, run
the netstat -a |findstr 5803 command to check whether the VNC port is occupied.
The following information is displayed (a root user is used as an example)
TCP 127.0.0.1:5802 SZXY1X001776702:0 LISTENING
If the command output contains 5802 and LISTENING, port 5802 is occupied. For
an osssuer user, check whether the command output contains 5803 and
LISTENING.
If the VNC port is occupied, shut down all in-use VNCs on the current PC or
laptop. Verify that no user is using the VNC on the PC or laptop running on
Windows.
b. If the problem persists, close all IE web browsers and restart the IE.
c. If the problem still exists after the IE is restarted, restore the IE to default
configurations, if applicable. To restore the IE to default configurations, choose
Tools > Internet Options > Advanced > Restore Defaults. If the Internet Explorer
cannot be reconfigured, try another browser, PC, or laptop.
Table A-2 Usage of commonly seen shortcut options in the VNC window
Scenar Availabil Shortcut Description
io ity Option/
Operation
1 A user fails to run The VNC has been running for a long time
commands in the without being restarted, resulting in environment
CLI after logging variable failures. To resolve this problem, restore
in to the GUI the environment variables and run the related
through the VNC. commands.
Restore the environment variables:
1. Log in to the GUI as the root user.
2. Run the following commands to restore
environment variables:
# . /.profile-EIS
2 If the VNC service There is a low probability that this issues occurs
has been running if the VNC service has been running for a certain
for a long period period of time. If this issue occurs, restart the
of time, the GUI VNC service as the root or ossuser user.
desktop may stop
responding when a
user logs in to the
GUI desktop in
vnc mode.
----End
Answer
l Using the Yast2 to set IP addresses is not recommended because intermittent network
disconnection may occur and the NMS may fail to function properly.
l The IP address cannot be located in a network segment on which the IP addresses of some
used network interfaces are located. Otherwise, a network fault occurs.
NOTE
– If the command output contains information similar to ifcfg-bond0, bond has been configured
for the network interface. Perform Step 2.2 to view the IP address of the used network
interface.
– If the command output contains information similar to ifcfg-eth0, bond has not been
configured for the network interface. Perform Step 2.3 to view the IP address of the used
network interface.
2. Optional: If bond has been configured for the network interface, run the following
command to view the IP address of the used network interface:
# cat ifcfg-bond0
NOTE
The value 10.9.1.1/24 of the IPADDR parameter is the IP address of network interface bond0.
Record the value. If information similar to ifcfg-bond0 is displayed, repeatedly perform Step 2.2
and record the IP address.
3. Optional: If bond has not been configured for the network interface, run the following
command to view the IP address of the used network interface:
# cat ifcfg-eth0
IPADDR='10.9.1.2/24'
MTU=''
NETWORK=''
REMOTE_IPADDR=''
NOTE
The value 10.9.1.2/24 of the IPADDR parameter is the IP address of network interface eth0.
Record the value. If information similar to ifcfg-eth0 is displayed, repeatedly perform Step 2.3
and record the IP address.
Step 3 Run the following operation to configure the IP address for the network interfaces that are not
used in the SUSE Linux OS.
Configuring the logical network interface eth2 is used as an example.
1. Run the following command to start the AddIPForSuse.sh script:
# cd /opt/sudobin/engr/engineering/tool/OSSICMR/tools
# ./AddIPForSuse.sh
NOTE
3. Enter an IP address, such as 10.78.225.28, for the network interface eth2. Then press
Enter.
A message similar to the following will be displayed:
Please input the subnet mask:
NOTE
The IP address cannot be located in the same network segment as a recorded IP address.
Otherwise, a network fault occurs.
4. Enter the subnet mask of the network segment on which the IP address resides, such as
255.255.255.0. Then press Enter.
A message similar to the following will be displayed:
Please input the hostname:
5. Enter a host name, such as hostname01, for the IP address. The host name must be
unique. Then press Enter.
A message similar to the following will be displayed:
Configured the NIC successfully.
NOTE
If the preceding information is displayed, the IP address of the eth2 network interface is
configured successfully. To configure IP addresses for other network interfaces, repeat Step 3.
Step 4 Run the following commands to restart the OS to make the configurations take effect.
# sync;sync;sync;sync
# shutdown -r now
----End
Question
How do I capture snapshot on SUSE Linux?
Answer
l Method 1: Use the keyboard.
a. Press Print Screen.
b. Rename the file and click Save.
----End
Question
How do I check whether bond is configured?
Answer
l Method 1:
a. Use the remote GUI software to log in to the server as the root user.
b. On the desktop, right-click and choose Open Terminal from the shortcut menu to
display a CLI.
c. Run the following command to log in to the YaST2 Control Center.
# yast2
d. In the YaST2 Control Center dialog box, choose Network Devices > Network
Card.
e. In the Network Setup Method dialog box, select Traditional Method with ifup
and click Next.
f. The Network Card Configuration Overview dialog box is displayed.
NOTE
If bond is configured, the Bond Network option is available. If bond is not configured, the Bond
Network is unavailable.
l Method 2:
a. On the CLI, run the following command:
# ifconfig -a
NOTE
If bond is configured, the command output contains bond0.
----End
Question
How do I configure the resolution on SUSE Linux?
Answer
Step 1 Log in to the GUI of the SUSE Linux OS as the root user.
Step 2 Open a CLI and run the following command to start the YaST2 control center:
# yast2
NOTE
If the Automatic Graphics System Setup dialog box is displayed, click Change Configuration.
Step 4 In the SaX2: X11 Configuration dialog box, click Change to modify the monitor properties.
Step 5 In the Monitor Settings dialog box, choose VESA. Select the resolution to be modified based
on the monitor size and individual habit. The commonly used resolution is 1024×768@60HZ.
NOTE
The IBM server does not support the resolution of 16:10, for example, 1440×900.
The newly configured resolution is displayed in Resolution. You can click it to modify the resolution too.
The resolution value should be less than or equal to the resolution set for Monitor.
Step 9 If no error is displayed during the test, click Save. The Message dialog box is displayed.
Step 11 Run the following commands to restart the OS to make the configurations take effect. The
restart process takes about 5 to 8 minutes.
# sync;sync;sync;sync
# shutdown -r now
----End
Question
How do I install the 7-zip software on the SUSE Linux OS?
Answer
Step 1 Download the 7-zip software package p7zip_9.20.1_src_all.tar.bz2 from http://
sourceforge.net/projects/p7zip/.
Step 2 Use SFTP to upload the 7-zip software package to the /opt directory on the server as the root
user. For details about how to use SFTP to upload the software package, see A.2.28 How to
Use the FileZilla to Transfer Files by SFTP.
Step 3 Use Telnet or SSH to log in to the server as the root user. The SSH mode is recommended
because it is more secure.
Step 4 Switch to the path where the software package is stored and assign permissions to the
software package.
# cd /opt
# chmod 750 /opt/p7zip_9.20.1_src_all.tar.bz2
2. Use up and down arrow keys to search for statements similar to the following:
PATH=/sbin:/usr/sbin:/usr/local/sbin:$PATH
3. Add /usr/local/bin/ to the environment variable PATH. For details about using the vi
editor, see A.2.12 How to Use the vi Editor.
After the operation is performed, information similar to the following is displayed:
PATH=/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin/:$PATH
4. Press Esc and run the :wq command to save the /etc/profile file and exit from the Vi
editor.
----End
Question
To ensure system security, the SUSE Linux OS supports the file change audit function that
can record relevant file change information. How do I enable the file change audit function on
SUSE Linux OS?
Answer
Enabling the file change audit function of the SUSE Linux OS may affect the system space
occupation and system performance. It is advised not to enable the function.
In an HA system, perform the following operations on the primary and secondary sites.
NOTE
NOTE
The preceding information indicates that no audit rules have been configured.
d. Run the following command to create audit rules for the relevant U2000 directory
or file to be audited. The following uses the /opt/oss/engr directory as an example:
# auditctl -w /opt/oss/engr -p wa
NOTE
NOTE
The preceding information indicates that the audit rules of the /opt/oss/engr directory have
been created. The OS will audit the permission changes of files in the /opt/oss/engr
directory.
f. Run the following command to enable the creation of the audit rules of the /opt/oss/
engr directory to take effect:
# auditctl -e 1
NOTE
To query the audit log and learn the detailed file change information, run the ausearch -
f /opt/oss or /var/log/audit/audit.log command. For details, see the SUSE Linux OS
documentation. For example, https://www.suse.com/documentation/sles11/.
g. Optional: To delete the audit rules of the /opt/oss/engr directory, perform the
following operations:
i. Run the following command to delete the audit rules of the /opt/oss/engr
directory:
# auditctl -W /opt/oss/engr -p wa
NOTE
/opt/oss/engr is the directory to be audited.
ii. Run the following command to query whether the audit rules of the /opt/oss/
engr directory are deleted:
# auditctl -l
NOTE
If no information like LIST_RULES: exit,always dir=/opt/oss/engr (0x8) perm=wa
is displayed, the audit rules of the /opt/oss/engr directory have been deleted.
iii. Run the following command to enable the deletion of the audit rules of
the /opt/oss/engr directory to take effect:
# auditctl -e 1
c. Run the following command to query whether the auditd service is running:
# service auditd status
NOTE
NOTE
Some audit rules are enabled by default after OS security hardening.
e. Perform the following operations to create audit rules for the relevant U2000
directory or file to be audited. The following uses the /opt/oss/engr directory as an
example:
i. Run the vi command to open the audit.rules file.
# vi /etc/audit/audit.rules
-w /var/log/sudo.log -p wa -k actions
-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-e 2
ii. Add the audit rules of the /opt/oss/engr directory to the audit.rules file, as
follows:
# This file contains the auditctl rules that are loaded
......
-w /var/log/sudo.log -p wa -k actions
-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-w /opt/oss/engr -p a
-e 2
NOTE
For high-availability system running on SUSE Linux, please run the following
commands.
# hastart -onenode
# hagrp -offline AppService -sys hostname
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
NOTE
l The preceding information indicates that the audit rules of the /opt/oss/engr directory
have been created. The OS will audit the permission changes of files in the /opt/oss/engr
directory.
l To query the audit log and learn the detailed file change information, run the ausearch -
f /opt/oss or /var/log/audit/audit.log command. For details, see the SUSE Linux OS
documentation. For example, https://www.suse.com/documentation/sles11/.
k. Optional: To delete the audit rules of the /opt/oss/engr directory, perform the
following operations:
i. Run the vi command to open the audit.rules file.
# vi /etc/audit/audit.rules
-w /var/log/sudo.log -p wa -k actions
-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-w /opt/oss/engr -p a
-e 2
NOTE
/opt/oss/engr is the directory to be audited.
ii. Delete the audit rules of the /opt/oss/engr directory from the audit.rules file,
as follows:
# This file contains the auditctl rules that are loaded
......
-w /var/log/sudo.log -p wa -k actions
-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-e 2
iii. Run the :wq command to save the modification and exit the vi editor.
iv. Powering off the U2000 and the database.
For the Single Server System (SUSE Linux), see Stopping the U2000 Server
Processes and Shutting Down the Database in 3.4 Shutting Down the
U2000 Server (Single Server System, SUSE Linux).
For the High Availability System (SUSE Linux), see Stopping the U2000
Server Processes and Shutting Down the Database in 3.6 Shutting Down
the U2000 Server in a High Availability System (PC Linux).
v. Run the following commands to restart the OS:
For single-server system running on SUSE Linux, please run the following
commands.
# sync;sync;sync;sync
# shutdown -r now
For high-availability system running on SUSE Linux, please run the following
commands.
# hastart -onenode
# hagrp -offline AppService -sys hostname
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
vi. Run the following command to query whether the audit rules of the /opt/oss/
engr directory are deleted:
# auditctl -l
NOTE
If no information like LIST_RULES: exit,always dir=/opt/oss/engr (0x8) perm=wa
is displayed, the audit rules of the /opt/oss/engr directory have been deleted.
----End
Question
How do I set an encryption algorithm for OpenSSH?
Answer
Step 1 Log in to the SUSE Linux OS as the ossuser user through SSH by using PuTTY.
Step 4 Perform the following operations to set an encryption algorithm for OpenSSH.
1. Run the following command:
# python modifysshdalg.py
All mac_algorithms:
1: hmac-md5-etm@openssh.com 2:hmac-sha1-etm@openssh.com
3: umac-64-etm@openssh.com 4:umac-128-etm@openssh.com
5: hmac-sha2-256-etm@openssh.com 6:hmac-sha2-512-
etm@openssh.com
7: hmac-ripemd160-etm@openssh.com 8:hmac-sha1-96-
etm@openssh.com
9: hmac-md5-96-etm@openssh.com 10:hmac-md5
11: hmac-sha1 12:umac-64@openssh.com
13: umac-128@openssh.com 14:hmac-sha2-256
15: hmac-sha2-512 16:hmac-ripemd160
17: hmac-ripemd160@openssh.com 18:hmac-sha1-96
19: hmac-md5-96
All cipher_algorithms:
1: aes128-cbc 2:3des-cbc
3: blowfish-cbc 4:cast128-cbc
5: arcfour128 6:arcfour256
7: arcfour 8:aes192-cbc
9: aes256-cbc 10:rijndael-cbc@lysator.liu.se
11: aes128-ctr 12:aes192-ctr
13: aes256-ctr
All Kex_algorithms:
1: ecdh-sha2-nistp256 2:ecdh-sha2-nistp384
3: ecdh-sha2-nistp521 4:diffie-hellman-group-
exchange-sha256
5: diffie-hellman-group-exchange-sha1 6:diffie-hellman-group14-sha1
7: diffie-hellman-group1-sha1
3. Select the secure MACs algorithm for OpenSSH based on actual situations and press
Enter. It is recommended that 11 be entered.
NOTE
– The new algorithm will replace the previous OpenSSH algorithm, you need to ensure that the
new algorithm contains all the algorithms that OpenSSH needs to use. Otherwise, some
connected systems cannot connect to the U2000 server through OpenSSH.
– Before selecting a secure algorithm, ensure that the system interconnected to the U2000
supports this algorithm; otherwise, this system cannot connect to the U2000 server over
OpenSSH.
– If need support multi secure algorithms, select the number before the secure algorithms and
separate them with commas (,).
The command output is as follows:
Input Y or y to modify cipher_algorithms,otherwise,exit the modification of
cipher_algorithms.
5. Select the secure Ciphers algorithm for OpenSSH based on actual situations and press
Enter. It is recommended that 11,12,13 be entered.
NOTE
– The new algorithm will replace the previous OpenSSH algorithm, you need to ensure that the
new algorithm contains all the algorithms that OpenSSH needs to use. Otherwise, some
connected systems cannot connect to the U2000 server through OpenSSH.
– Before selecting a secure algorithm, ensure that the system interconnected to the U2000
supports this algorithm; otherwise, this system cannot connect to the U2000 server over
OpenSSH.
– If need support multi secure algorithms, select the number before the secure algorithms and
separate them with commas (,).
The command output is as follows:
Input Y or y to modify kex_algorithms,otherwise,exit the modification of
kex_algorithms.
:
7. Select the secure Kex algorithm for OpenSSH based on actual situations and press
Enter. It is recommended that 4 be entered.
NOTE
– The new algorithm will replace the previous OpenSSH algorithm, you need to ensure that the
new algorithm contains all the algorithms that OpenSSH needs to use. Otherwise, some
connected systems cannot connect to the U2000 server through OpenSSH.
– Before selecting a secure algorithm, ensure that the system interconnected to the U2000
supports this algorithm; otherwise, this system cannot connect to the U2000 server over
OpenSSH.
– If need support multi secure algorithms, select the number before the secure algorithms and
separate them with commas (,).
The command output is as follows:
Operation succeeded. Please restart Openssh for the settings to take effect.
Please input Y or y to restart OpenSSH,inputing others will exit directly and
no restart OpenSSH!
input :
NOTE
If the message "Restarting OpenSSH is successful." is displayed, the OpenSSH encryption
algorithm is successfully set.
----End
Answer
Step 1 Optional: Perform the following operations on the primary and secondary IS nodes, NM,
primary and secondary NBI_GW nodes, primary and secondary Float IP nodes, as well as the
PM and Backup nodes.
1. Log in to the SUSE Linux OS as the ossuser user.
2. Run the following command to switch to the root user:
$ su - root
Password:Password of root
4. Copy the modifysshdalg.py script from the EM node to the directory /opt/oss/server/
common/openssh. If you want to use the SFTP mode, see A.2.28 How to Use the
FileZilla to Transfer Files by SFTP for the specific operation method.
5. Go to Step 3 to configure the OpenSSH encryption algorithm.
Step 2 Optional: Perform the following operations on the EM node:
1. Log in to the SUSE Linux OS as the ossuser user.
2. Run the following command to switch to the root user:
$ su - root
Password:Password of root
All mac_algorithms:
1: hmac-md5-etm@openssh.com 2:hmac-sha1-
etm@openssh.com
3: umac-64-etm@openssh.com 4:umac-128-
etm@openssh.com
5: hmac-sha2-256-etm@openssh.com 6:hmac-sha2-512-
etm@openssh.com
7: hmac-ripemd160-etm@openssh.com 8:hmac-sha1-96-
etm@openssh.com
9: hmac-md5-96-etm@openssh.com 10:hmac-
md5
11: hmac-sha1
12:umac-64@openssh.com
13: umac-128@openssh.com 14:hmac-
sha2-256
15: hmac-sha2-512 16:hmac-
ripemd160
17: hmac-ripemd160@openssh.com 18:hmac-
sha1-96
19: hmac-md5-96
All cipher_algorithms:
1: aes128-cbc 2:3des-
cbc
3: blowfish-cbc 4:cast128-
cbc
5: arcfour128
6:arcfour256
7: arcfour 8:aes192-
cbc
9: aes256-cbc 10:rijndael-
cbc@lysator.liu.se
11: aes128-ctr 12:aes192-
ctr
13: aes256-ctr
All Kex_algorithms:
1: ecdh-sha2-nistp256 2:ecdh-sha2-
nistp384
3: ecdh-sha2-nistp521 4:diffie-hellman-group-
exchange-sha256
5: diffie-hellman-group-exchange-sha1 6:diffie-hellman-group14-
sha1
7: diffie-hellman-group1-sha1
3. Select the secure MACs algorithm for OpenSSH based on actual situations and press
Enter. It is recommended that 11 be entered.
NOTE
– The new algorithm will replace the previous OpenSSH algorithm, you need to ensure that the
new algorithm contains all the algorithms that OpenSSH needs to use. Otherwise, some
connected systems cannot connect to the U2000 server through OpenSSH.
– Before selecting a secure algorithm, ensure that the system interconnected to the U2000
supports this algorithm; otherwise, this system cannot connect to the U2000 server over
OpenSSH.
– If need support multi secure algorithms, select the number before the secure algorithms and
separate them with commas (,).
5. Select the secure Ciphers algorithm for OpenSSH based on actual situations and press
Enter. It is recommended that 11,12,13 be entered.
NOTE
– The new algorithm will replace the previous OpenSSH algorithm, you need to ensure that the
new algorithm contains all the algorithms that OpenSSH needs to use. Otherwise, some
connected systems cannot connect to the U2000 server through OpenSSH.
– Before selecting a secure algorithm, ensure that the system interconnected to the U2000
supports this algorithm; otherwise, this system cannot connect to the U2000 server over
OpenSSH.
– If need support multi secure algorithms, select the number before the secure algorithms and
separate them with commas (,).
The command output is as follows:
Please input numbers of kex_algorithms separated by a ',' . For example: 4,5,6
6. Select the secure Kex algorithm for OpenSSH based on actual situations and press
Enter. It is recommended that 4,5,6 be entered.
NOTE
– The new algorithm will replace the previous OpenSSH algorithm, you need to ensure that the
new algorithm contains all the algorithms that OpenSSH needs to use. Otherwise, some
connected systems cannot connect to the U2000 server through OpenSSH.
– Before selecting a secure algorithm, ensure that the system interconnected to the U2000
supports this algorithm; otherwise, this system cannot connect to the U2000 server over
OpenSSH.
– If need support multi secure algorithms, select the number before the secure algorithms and
separate them with commas (,).
The command output is as follows:
Operation succeeded. Please restart Openssh for the settings to take effect.
Please input Y or y to restart OpenSSH,inputing others will exit directly and
no restart OpenSSH!
input :
NOTE
If the message "Restarting OpenSSH is successful." is displayed, the OpenSSH encryption
algorithm is successfully set.
----End
Prerequisites
Based on the IP address of the SFTP server to be added or modified on the U2000 client, find
the SFTP server the client connects to. Perform the following operations on the SFTP server.
Context
l The third-party SFTP server runs the Linux or Solaris operating system.
l If you choose to check the server public key when configuring a third-party SFTP server
on the U2000 client, the system compares the third-party SFTP server public key entered
by users on the client with the third-party SFTP server public key. If the public key are
different, the SFTP function used for communications between the third-party SFTP
server and the U2000 client is unavailable.
Procedure
Step 1 Log in to the third-party SFTP server.
Step 2 Run the following command to switch to user root.
$ su - root
Password:Password of root
Step 3 Run the following command to obtain the public key content of the SFTP server:
# cat /etc/ssh/ssh_host_rsa_key.pub
If information similar to the following is displayed, the public key content has been obtained.
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwjUbMhStgUyeFrEzMGrBFCnQYGsQBcLAGC18NBF78I3I9W0SE4fcoQ
ujhTAAVG1+jkvQiaqylSYUWnlUbd/lF/
l9GDkWUhCH1RWYDbdypgMHHKIANwrxLKnIoyaCpLvfz75aWQFP4IKaSMdiV6BKvFXSAUa00V8yoQttOq5x
FwU= root@linux
----End
Answer
Step 1 Obtain the MD5 code or SHA information that is used to check the downloaded software
package integrity.
l Download the iManager U2000 version MD5 CODE(English) file from http://
support.huawei.com/carrier. The iManager U2000 version MD5 CODE(English) file
contains MD5 code information after all software and document packages are
decompressed. Please contact a Huawei engineer to download the file.
– For carrier, log in to http://support.huawei.com/carrier. Search for U2000 and
select iManager U2000 in the search box on the Software tab. Then select a
desired version. Download the file in the Version Documentation column.
– For enterprise, log in to http://support.huawei.com/enterprise. Search for U2000
and select iManager U2000 in the search box on the Support tab. Then click
Documentation tab. Select a desired version and download the file.
NOTE
Take the following method to obtain the iManager U2000 version MD5 CODE(English) file. Only
Huawei engineers can download the file. If the customer requires using the file, please contact Huawei
engineers for help.
l The files in the ServiceCD of the Huawei RH series rack server are archived in Support
website. Perform the following operations to obtain the ISO files:
a. Log in to http://enterprise.huawei.com.
b. Choose Support > Server.
c. Choose Server Management Software > FusionServer Tools > Downloads >
V100R002C00 > V100R002C00SPC300.
d. Download the FusionServer Tools-ServiceCD2.0-V109.zip software packages.
e. Use the PGPverify to verify correctness of the software packages. For details, see
A.2.25 How Do I Verify Downloaded Software Packages Using the PGPVerify
Software.
l For other third-party software, obtain the MD5 code or SHA information from the
corresponding official websites.
Step 2 Navigate to http://www.nirsoft.net/utils/hash_my_files.html and download the
HashMyFiles. For more information about software operation, see the software Help or go to
the official website of the software http://www.nirsoft.net/utils/hash_my_files.html for
technical support.
Step 3 Run the HashMyFiles.
Step 4 Choose Files > Add Folder from the main menu to access the Select Folder dialog box.
NOTE
You can also drag each local downloaded software package to the running window of the HashMyFiles.
Step 5 Select the folder in which the compression packages are stored and click OK.
Step 6 After uploading is complete, the MD5 code information of the local downloaded packages is
automatically generated. Choose View > HTML Report All Items to export the MD5 code
information and compare it with that in the MD5 code file obtained from Step 1.
Option Description
If the exported MD5 code information is the same as that in packages are correctly
the MD5 code file obtained from Step 1, downloaded.
If the exported MD5 code information is the different from download software
that in the MD5 code file obtained from Step 1, packets again.
----End
Question
How do I verify downloaded software packages using the PGPVerify software?
Answer
l Software packages and signature files correspond to each other and are stored in the
same directory. A software package corresponds to a signature file. Signature files are
released with products and their software packages.
l The extension of signature files is .asc. Generally, the names of signature files are the
same as the names of software packages. That is, when the software package name is
V200R016C60.zip, the corresponding signature file name is V200R016C60.zip.asc.
NOTE
The asc files will need to click the PGP after software packages to
download.
l Obtain the PGPVerify tool that is used to verify the completeness of downloaded
software packages and its public key file KEYS.
a. Download and decompress the PGPVerify tool.
n For carrier: visit http://support.huawei.com/carrier/digitalSignatureAction
to download the OpenPGP Signature Verification Guide package and
decompress it. Continue to decompress the VerificationTools.zip package in
the current folder.
n For enterprise: visit http://support.huawei.com/enterprise/en/tool/software-
digital-signature-validation-tool--pgp-verify--TL1000000054 to download
and decompress the VerificationTools.zip package.
b. Go to the VerificationTools folder that is generated after decompression and obtain
different versions of PGPVerify software for different OSs.
n Windows: PGPVerify.exe (in the Windows directory)
n Solaris: PGPVerify-sparc.tar.bz2 (in the solaris\PGPVerify TOOL directory)
n Linux: PGPVerify-x86_64.tar.gz (in the linux\X86\bit64\PGPVerify TOOL
directory)
c. On Solaris/Linux OSs, use SFTP as the root user to upload the obtained PGPverify
software and public key file KEYS to the server. For details about the SFTP transfer
method, see A.2.28 How to Use the FileZilla to Transfer Files by SFTP.
d. Windows OS supports GUI-based verification and CLI-based verification. Solaris
and Linux OSs support CLI-based verification only.
e. KEYS is the public key file.
l PGPVerify is a digital signature verification tool released by Huawei. Users can select
third-party openPGP verification tools based on actual needs.
l D:\oss\ indicates the directory that stores the signature file. Change it based on site
requirements. The signature file and software package must be stored in the same
directory.
l To verify a single file, click Single Verify and select the file to be verified.
n The green item indicates passed verification, that is, [PASS].
n The yellow item indicates unsupported verification, that is, [WARN]. For
example, the signature file or software version does not exist.
n The red item indicates failed verification, that is, [FAIL].
If no "WARN" or "FAIL" character is displayed, the signature file is valid. All items
are displayed in green.
If a version has multiple signature files to be verified, the version is secure only
when the verification results of all files are "PASS". If the verification results
contain "WARN" or "FAIL", the verification is not passed and security risks exist.
In that event, re-download the software package.
NOTE
l Assume that the signature file and software package are stored in the D:\oss\ directory, and
the PGPVerify tool and public key file are stored in the C:\ directory.
l To verify a single file, run the C:\PGPVerify.exe" -k "C:\KEYS" -f "D:\oss
\V200R016C60.zip.asc command.
NOTE
In the preceding characters in bold, the RSA key ID is consistent with the public key ID. For a
certain file, if no "WARN" or "FAIL" character is contained in other information, the signature
file is valid.
If a version has multiple signature files to be verified, the version is secure only
when the verification results of all files are "PASS". If the verification results
contain "WARN" or "FAIL", the verification is not passed and security risks exist.
In that event, re-download the software package.
Solaris:
# cd /opt
# bzip2 -d PGPVerify-sparc.tar.bz2
# tar xvf PGPVerify-sparc.tar
Linux:
# cd /opt
# tar xvfz PGPVerify-x86_64.tar.gz
NOTE
To verify a single file, run the following commands:
# cd /opt
# ./PGPVerify -k KEYS -f install/plugins-cloudtask-C01.zip.asc
NOTE
In the preceding characters in bold, the RSA key ID is consistent with the public key ID. For a
certain file, if no "WARN" or "FAIL" character is contained in other information, the signature
file is valid.
If a version has multiple signature files to be verified, the version is secure only
when the verification results of all files are "PASS". If the verification results
contain "WARN" or "FAIL", the verification is not passed and security risks exist.
In that event, re-download the software package.
----End
NOTE
l Using the PuTTY or the server terminal window is recommended because local terminals that do not
support the character set configuration. For example, the CLI window of a Windows OS does not support
handling of garbled characters in a command output.
l If the ls command output contains garbled characters, the directory that contains the garbled characters is
created using another type of character set. After the character set is modified, the directory that contains
the garbled characters is normally displayed. Directories that do not contain garbled characters may
include garbled characters after the character set is modified. This does not affect operations on the
U2000. You need to pay attention only to the directory displayed in the current character set.
l If the length of displayed Chinese characters exceeds the CLI window width, garbled characters may
occur.
Answer
l Scenario 1: If you use PuTTY to fix the garbled characters, perform the following
operations to set the PuTTY character set.
a. Right-click on the PuTTY toolbar in the CLI window, choose Change Settings.
The PuTTY Reconfiguration window is displayed.
b. Choose Window > Translation to view the set from the Received data assumed
to be in which character set drop-down list.
NOTE
For PuTTY, a root user should use the Use font encoding character set, and an ossuser
should use the UTF-8 character set. If the current user uses the mapping character set but the
garbled characters are displayed, perform the following operations to modify the character se
l If the current character set is Use font encoding, change it to UTF-8.
l If the current character set is UTF-8, change it to Use font encoding.
l Scenario 3: If you fix the garbled characters using the server terminal window, perform
the following operations to modify the character set in the server terminal window:
Choose Terminal > Set Character Encoding in the server terminal window to view the
character set.
NOTE
For the Solaris, a root user should use the GB18030 character set, and an ossuser should use the
Unicode(UTF-8) character set.
For the SUSE Linux OS, a root user should use the GB2312 character set, and an ossuser should
use the Unicode(UTF-8) character set.
If the current user uses the mapping character set but the garbled characters are displayed, perform
the following operations to modify the character set:
For the Solaris OS:
l If the current character set is GB18030, change it to Unicode(UTF-8).
l If the current character set is Unicode(UTF-8), change it to GB18030.
For the SUSE Linux OS:
l If the current character set is GB2312, change it to Unicode(UTF-8).
l If the current character set is Unicode(UTF-8), change it to GB2312.
If the used OS has no mapping character set, choose Terminal > Set Character Encoding to add
the mapping character set and select it.
----End
Context
l You can run the rcntp status command as user root to check the running status of the
NTP service.
– If the command output contains running, the NTP service has started.
Checking for network time protocol daemon (NTPD):
running
NOTE
l If the NTP service has been started, port 123 corresponding to the service will also be
enabled. Run the netstat -an |grep 10.185.166.48:123 command to check whether port
123 used by the NTP service has been enabled on the current U2000 server.
10.185.166.48 is the ip address of the current U2000 server.
Information similar to the following is displayed means the port 123 has been enabled.
udp 0 0 10.185.166.48:123
0.0.0.0:* 5695/ntpd
l If no information displayed, means the port 123 has not been enabled. Run the service
ntp restart command to restart the NTP service and port 123 corresponding to the
service will also be enabled.
– If unused is displayed, the NTP service is not started.
Checking for network time protocol daemon (NTPD):
unused
NOTE
If the NTP service is not started, run the service ntp start command to start the NTP service.
l You can run the date command as user root.
– Check whether the medium-level NTP server time and the upper-level NTP
server time are the same.
– Check whether the NTP client time and the upper-level NTP server time are the
same.
If they are the same, the NTP service is in the normal state.
l In the ntpq -p command output, the remote field specifies the address of the reference
clock source. in the return message of the ntpq -p command is the IP address of the
reference time source. It indicates the status of the reference time source.
l The ntptrace command traces the entire NTP synchronization link from the local
machine to the NTP server at the highest level.
Procedure
Step 1 Log in to OS as user root.
Step 2 In a command line interface (CLI), run the ntpq -p command to view the NTP clock source.
Step 3 Run the ntptrace command to view the NTP synchronization link.
----End
Result
l If the server has been configured as the NTP server with the highest stratum, information
similar to the following is displayed.
# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
LOCAL(0) .LOCL. 10 l 1 64 1 0.000 0.000 0.001
NOTE
l The preceding information indicates that the current server is the NTP server with the highest
stratum and is tracing the local time.
l The check of the NTP service takes about 5 minutes after the NTP server and NTP clients have
been started. In the ntpq -p command output, the remote field is not marked with an asterisk
(*). In the ntptrace command output, Timeout or Not Synchronized is displayed. Wait
5 minutes and then run the ntpq -p command or ntptrace command.
l If the server running on SUSE Linux is configured as the medium-level NTP server,
information similar to the following is displayed.
# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*10.71.224.140 .LOCL. 16 u - 64 0 0.000 0.000
0.000
+LOCAL(0) 10 l 6 64 1 0.000 0.000
0.001
# ntptrace
localhost: stratum 2, offset 0.000049, synch distance 0.02863
10.71.224.140: stratum 1, offset -0.001166, synch distance 0.01024
NOTE
l In the ntpq -p command output, *10.71.224.140 specifies that the IP address of the NTP
server on which the host performs time synchronization is 10.71.224.140. The asterisk (*)
indicates that the status is normal. The value in the st column indicates that 10.71.224.140 is at
stratum 1.
l In the ntptrace command output, localhost: stratum 2 specifies that the host is at
stratum 2, and the IP address of the host at the upper level is 10.71.224.140 at stratum 1.
l The check of the NTP service takes about 5 minutes after the NTP server and NTP clients have
been started. In the ntpq -p command output, the remote field is not marked with an asterisk
(*). In the ntptrace command output, Timeout or Not Synchronized is displayed. Wait
5 minutes and then run the ntpq -p command or ntptrace command.
l If the server running on SUSE Linux is configured as an NTP client, information similar
to the following is displayed.
# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*10.71.224.140 LOCAL(0) 2 u - 64 0 0.000 0.000
0.000
# ntptrace
localhost:stratum 3, offset 0.000035, sycnh distance 0.08855
10.71.224.140: stratum 2, offset 0.000224, synch distance 0.07860
10.161.94.212: stratum 1, offset 0.060569, synch distance 0.01036,
refid 'LCL'
NOTE
l In the ntpq -p command output, *10.71.224.140 specifies that the IP address of the NTP
server on which the host performs time synchronization is 10.71.224.140. The asterisk (*)
indicates that the status is normal. The value in the st column indicates that 10.71.224.140 is at
stratum 2.
l In the ntptrace command output, localhost: stratum 3 specifies that the host is at
stratum 3, the IP address of the host at stratum 2 is 10.71.224.140, and the IP address of the
host at stratum 1 is 10.161.94.212.
l The check of the NTP service takes about 5 minutes after the NTP server and NTP clients have
been started. In the ntpq -p command output, the remote field is not marked with an asterisk
(*). In the ntptrace command output, Timeout or Not Synchronized is displayed. Wait
5 minutes and then run the ntpq -p command or ntptrace command.
Question
How do I use the FileZilla to transfer files by SFTP?
NOTE
l Before the U2000 is installed, use SFTP as the root user to transfer files.
l If the U2000 has been installed without security hardening, use SFTP as the ftpuser, ossuser, root
or another OS user to transfer files. This topic uses the root user as an example.
l If the U2000 has been installed with security hardening, use SFTP as the ftpuser user to upload files
to the /opt/backup/ftpboot directory under the root directory of the ftpuser user and then copy the
files to the specified directory. The operations of downloading files are similar.
Answer
Step 1 On a PC or laptop, double-click the shortcut icon of FileZilla client to open the FileZilla.
NOTE
You can go to http://filezilla-project.org to download the latest version of FileZilla. For more
information about software operation, see the software Help or go to the official website of the software
https://wiki.filezilla-project.org/Documentation for technical support.
6. Enter a user password in the Password text box, and ensure Remember password for
this session selected. Click OK.
Step 4 After the file is successfully uploaded, a success message is displayed, as shown in Figure
A-5.
----End
Answer
Step 1 Log in to the real-time desktop of a blade.
1. Logging in to the GUI of the MM910 management module.
2. Click KVM via MM. The Security Warning dialog box is displayed.
NOTE
– This step needs to be performed in an environment with JRE 1.7 or later installed.
– A 32-bit browser uses the 32-bit JRE, and a 64-bit browser uses the 64-bit JRE; otherwise, the
KVM window fails to be accessed through a browser.
– If the next page cannot be displayed on the Internet Explorer, switch to another browser or
close the current browser and log in to the controller card.
3. Click Yes. The blade management window is displayed.
– Private Mode allows only one user to access and perform operations on the server.
– Shared Mode allows two users to access and perform operations on the server simultaneously.
One user can view the operations performed by the other user.
Step 3 Perform the following operations to log in to the SUSE Linx GUI Desktop:
1. When the start window is displayed, move the cursor to Failsafe - SUSE Linux
Enterprise Server 11 SP3 - 3.0.101-0.47.105-default .
2. Press Esc. The Exiting… dialog box is displayed.
3. Press Tab to select OK and press Enter to enter the GRUB window.
4. Press c to enter the CLI window.
5. Enter the following commands that the system is started in CLI mode.
grub> root (hd0,0)
grub> cat /grub/menu.lst
grub> kernel /vmlinuz-3.0.101-0.47.105-default root=/dev/vg_root/lv_root
vga=0x314 3
grub> initrd /initrd-3.0.101-0.47.105-default
grub> boot
6. When the following information is displayed, enter the root user name and password to
log in to the operating system.
Float166251 login: root
Password:
4. Exit the Software Repositories window. Choose Software > Software Management to
enter the Software Management window.
5. Enter login into the text box on the Search tab. The list of related software packages will
be displayed in the right pane. Click the login software package to reinstall the login
service.
6. Run the following command to check runlevel. Ensure that its value is 5.
# cat /etc/inittab
The default runlevel is defined here
Id:5:initdefault:
----End
A.3 Solaris OS
This topic provides answers to FAQs about clients installed on Solaris OS.
A.3.1.1 How to Make the Devices Directly Connected to the two NICs of the
Server Communicate with Each Other
Question
How do I make the devices directly connected to the two NICs of the server communicate
with each other?
Answer
Step 1 Log in the OS as user root.
Step 2 Run the following command to enable the route forwarding function:
# ndd -set /dev/ip ip_forwarding 1
Step 3 To prevent the command from being invalid after the workstation is restarted, create a file
whose filename begins with an S in the /etc/rc3.d directory, and type ndd -set /dev/ip
ip_forwarding 1 into the file. Use the Srouter file as an example:
# vi /etc/rc3.d/Srouter
NOTE
When creating a file whose filename begins with an S in the /etc/rc3.d directory, run the following
command to view the existing files in the /etc/rc3.d directory. Ensure that the filename is unique in the
path.
# ls /etc/rc3.d
----End
Question
How do I add the default route?
Answer
Step 1 Log in the OS as user root.
Step 4 Enter an IP address as the default route in the file, for example, 10.9.1.254.
Step 5 Press Esc. Then, run the :wq command to save the file and exit the vi editor.
Step 7 Log in to the Solaris OS as the root user. Run the netstat -nr command to view the default
route of the system.
----End
Question
How do I add a static route?
Answer
1. Log in to the server as the root user and run the following command to add a static route:
# route -p add destination network segment address -netmask destination
network segment subnet mask gateway IP address
NOTE
l destination network segment address: network segment on which the IP address of the
computer connecting to the U2000 server is located
l destination network segment subnet mask: subnet mask of the network segment on which the
IP address of the computer connecting to the U2000 server is located
l gateway IP address: gateway IP address of the network on which the U2000 server is located
For example, add a static route from the U2000 server (IP address: 10.9.1.1; subnet
mask: 255.255.255.0; gateway IP address: 10.9.1.254) to a remote computer (IP address:
10.67.56.226; subnet mask: 255.255.254.0; gateway IP address: 10.67.56.1).
# route -p add 10.67.56.0 -netmask 255.255.254.0 10.9.1.254
2. Run the following command in the CLI to check that the route has been added:
# netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
10.67.56.0 10.9.1.254 UG 1 61
If the preceding information is displayed, the static route has been added. Otherwise, add
a static route again.
Question
How do I query the gateway of a Sun workstation?
Answer
Step 1 Log in to the OS as user root and open the terminal window.
NOTE
l The contents displayed on the terminal will vary according to the route configuration.
l The gateway with UG listed in the Flags is the gateway of the workstation. In this example, the IP
address of the workstation gateway is 10.71.224.1. There are five flags (UGHDM) for a specified
route.
----End
Question
How do I configure the DNS on Solaris OS?
Answer
Step 1 Log in to the OS as user root.
Step 2 Run the following command to open the nsswitch.conf file:
# vi /etc/nsswitch.conf
Step 3 In the nsswitch.conf file in the /etc directory, add dns to the end of the line where hosts:file
is located. The following message will be displayed:
hosts:
files dns
Step 4 Create the /etc/resolv.conf file and add contents in the following format:
domain domain name address nameserver DNS IP address
For example:
domain huawei.com nameserver 10.15.1.3
----End
Question
How do I check the NIC type of a server?
Answer
You can run the more /etc/path_to_inst | grep network command as user root to check the
NIC type of a server.
Question
How to check whether an NIC has multiple IP addresses on Solaris?
Answer
Step 1 Log in to the Solaris OS as the root user.
Step 2 To check whether an NIC has multiple IP addresses, run the following command:
# ifconfig -a
NOTE
In NIC name: x, NIC name specifies the name of an NIC and x is a digit. If x is 1, the NIC has 2 IP addresses;
if x is n, the NIC has n+1 addresses. NIC name and x vary according to the machine model and IP addresses.
In this example, the NIC has two IP addresses, and bge0 and bge0:1 specify two IP addresses.
----End
Question
How to delete excess IP addresses of an NIC on Solaris?
Answer
If an NIC has multiple IP addresses, run the following command to delete excess IP
addresses. For details about how to check whether excess IP addresses have been set for an
NIC, see A.3.1.7 How to Check Whether an NIC Has Multiple IP Addresses on Solaris.
# ifconfig NIC name:x unplumb
NOTE
In the command, NIC name and x vary according to the machine model and set IP addresses.
For example, if NIC name is bge0 and x is 1, run the following command to delete IP addresses
corresponding to bge0: 1:
# ifconfig bge0:1 unplumb
Question
How do I set IP addresses for unused NICs on a workstation after a Solaris OS is installed and
before installing the U2000 software?
Answer
On Solaris, the common method of setting IP addresses is to modify the following files:
l /etc/hostname.NIC name
l /etc/hosts
l /etc/inet/ipnodes
l /etc/netmasks
Step 2 Perform the following operations to configure the /etc/hostname.NIC name file:
1. Run the following command to add and edit the /etc/hostname.NIC name file:
# vi /etc/hostname.NIC name
NOTE
NIC name indicates the name of an NIC for which an IP address is to be set, for example.
e1000g1.
2. Enter a host name, for example, NMSserver, in the file.
If multiple network interfaces need to be configured, host names for the network
interfaces must be different.
The host names configured in the /etc/hosts and /etc/hostname.port name must be the same.
2. Add a line to the file, and enter an IP address and host name, for example, 10.9.9.1
NMSserver.
If the IP addresses of multiple network interfaces must be configured, ensure that the IP
addresses of different network interfaces must be located on different network segments.
The host names and IP addresses configured in the /etc/inet/ipnodes and /etc/hosts files must
be the same.
2. Add a line to the file, and enter an IP address and host name, for example, 10.9.9.1
NMSserver.
2. Add a line to the file and enter a routing segment, for example, 10.9.9.0 255.255.255.0.
NOTE
10.9.9.0 is the network segment of 10.9.9.1 and 255.255.255.0 is the subnet mask.
3. Save and exit the file.
Step 6 Run the following commands to restart the workstation:
NOTE
When the U2000 is installed, before running the following commands, please stop the U2000 server
processes , shut down the database, and stop the VCS service (for a High Availability System ) in
sequence by referring to descriptions in Chapter Shutting Down a U2000.
# sync;sync;sync;sync
# shutdown -y -g0 -i6
Step 7 After the workstation is restarted, log in to Solaris as the root user and run the ifconfig -a
command to view the configured IP addresses.
----End
Question
How do I enable IPv4 forwarding between NICs after Solaris is installed?
Answer
Step 1 Log in to the Solaris OS as the root user.
Step 3 Run the following command to check whether the configuration is successful:
# routeadm
If the IPv4 configurations are displayed and the system status is enabled, the configuration is
successful.
----End
Question
On Solaris 10, how do I configure a workstation NIC to work in full-duplex mode?
Answer
Step 1 Run the following command to get in the directory by root user.
# cd /etc/rc3.d
Step 2 Run the vi editor create the S99setbge file, input the following commands and save it:
# vi S99setbge
ndd -set /dev/bge0 adv_1000fdx_cap 0
ndd -set /dev/bge0 adv_1000hdx_cap 0
ndd -set /dev/bge0 adv_100fdx_cap 1
ndd -set /dev/bge0 adv_100hdx_cap 0
ndd -set /dev/bge0 adv_10fdx_cap 0
ndd -set /dev/bge0 adv_10hdx_cap 0
ndd -set /dev/bge0 adv_autoneg_cap 0
ndd -set /dev/bge0 adv_pause_cap 0
ndd -set /dev/bge0 adv_asym_pause_cap 0
NOTE
The meanings of the preceding commands are as follows:
ndd -set /dev/bge0 adv_1000fdx_cap 0 (off 1000M Full Duplex)
ndd -set /dev/bge0 adv_1000hdx_cap 0 (off 1000M Half Duplex)
ndd -set /dev/bge0 adv_100fdx_cap 1 (on 100M Full Duplex)
ndd -set /dev/bge0 adv_100hdx_cap 0 (off 100M Half Duplex)
ndd -set /dev/bge0 adv_10fdx_cap 0 (off 10M Full Duplex)
ndd -set /dev/bge0 adv_10hdx_cap 0 (off 10M Half Duplex)
ndd -set /dev/bge0 adv_autoneg_cap 0 (off Auto-negotiation)
Here, bge0 indicates the name of the NIC to be configured. Enter a value as required.
Step 3 Run the following command to modify the S99setbge file attribute:
# chmod 744 S99setbge
# chgrp sys S99setbge
Step 4 Run the following command to check the S99setbge file attribute:
# ls -l S99setbge
Step 5 Run the following command to restart the system, make the configuration be succeed:
# sync;sync;sync;sync;
# shutdown -y -g0 -i6
Step 6 Run the following command to check the network card attribute:
# kstat -p bge | grep link_
If the following information is displayed, the 100M full-duplex mode has been successfully
configured for bge0:
......
bge:0:parameters:link_duplex 2
......
bge:0:parameters:link_speed 100
......
Here, the mappings between link_duplex values and attributes are as follows:
l The value 0 indicates Down.
l The value 1 indicates Half Duplex.
l The value 2 indicates Full Duplex.
----End
Question
How do I boot up the workstation from the CD-ROM drive?
Answer
Step 1 At the # prompt, run the following command to display the OK prompt (OK>):
# init 0
Step 2 After the OK prompt is displayed, insert the installation DVD of Solaris OS into the CD-ROM
drive.
Step 3 Run the following command and press Enter. The workstation starts from the CD-ROM
drive.
l If the server model is Netra T4-1/Oracle T4-1/M4000/M5000, run the following
command:
ok boot cdrom
l If the server model is Oracle T4-2/Netra T4-2, run the following command:
ok boot dvd
Press Enter. The system will restart. After five minutes, the system will prompt you to select
the language for the installation program.
----End
Question
How do I set the interface language of Solaris OS?
Answer
Step 1 Power on the workstation, and start Solaris OS.
Step 2 Choose Options > Language. A dialog box will be displayed prompting you to select a
language.
Step 3 Select the system language from the list box according to the conditions at your site.
----End
Question
How do I start the snapshoot tool if the snapshot tool is unavailable by right-clicking on the
GUI desktop?
Answer
Step 1 The snapshot tool is attached to Solaris OS. Generally, it is available using the shortcut
application. If the snapshot tool is unavailable in the shortcut application, run the following
command to start it:
# /usr/dt/bin/sdtimage -snapshot
----End
Question
How do I switch to the multi-user mode or single-user mode?
Answer
Step 1 Optional: Display the ok prompt using the controller.
l If the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 server is used, perform the
following operations to display the OK prompt:
a. Log in to the system controller in SSH mode.
NOTE
The Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 server does not support login
through Telnet. Log in to the system controller performing the following:
n Install the tool software of the SSH client on the Windows terminal to log in to the
system controller, for example: Putty.
n Run the ssh SC_IP_Address command on the terminals of other Sun servers. If the
following message is displayed, enter yes:
The authenticity of host '10.9.1.20 (10.9.1.20)' can't be
established.
RSA key fingerprint is 0b:23:07:0c:27:72:44:3f:d1:aa:
12:99:ed:dd:c0:5a.
Are you sure you want to continue connecting (yes/no)?
b. In the CLI, enter the user name and password of the system controller. The default
user name and password are root and changeme.
c. Optional:
Perform the following operations to check whether the system controller of the
server needs to be upgraded:
-> cd /HOST
-> ls
If sysfw_version shows that the version is 8.3.0 or later, perform the next step.
If sysfw_version shows that the version is earlier than 8.3.0, you must upgrade
the system controller. For details, see A.3.4.13 How to Upgrade the System
Controller Firmware of the Netra T4-1/Oracle T4-1/Oracle T4-2 Server.
d. Run the following command:
-> set /HOST/bootmode state=reset_nvram script="setenv auto-boot? false"
NOTE
Enter show /HOST status repeatedly to check the system status. After a message
containing status = Powered off is displayed, proceed with the next step.
Run the following command:
-> start /SYS
The following message will be displayed:
Are you sure you want to start /SYS (y/n)?
auto-boot? = false
{0} ok
l If the M4000/M5000 server is used, perform the following to display the OK prompt:
a. Log in to the system controller through Telnet. Run the telnet Controller IP
Address command on the controller.
The following message will be displayed:
Login:
d. Enter showdomainmode -d 0.
The following message will be displayed:
Host-ID : 8501c2de
Diagnostic Level : min
Secure Mode : off (host watchdog: unavailable Break-signal:
receive)
Autoboot : on
CPU Mode : auto
NOTE
If the Secure Mode item is in the on state, perform the following:
1. Enter setdomainmode -d 0 -m secure=off.
The following message will be displayed:
Diagnostic Level :min -> -
Secure Mode : on -> off
Autoboot : on -> -
CPU Mode : auto
The specified modes will be changed.
Continue? [y|n]
2. Enter y.
The following message will be displayed:
configured.
Diagnostic Level : min
Secure Mode : off (host watchdog: unavailable Break-
signal: receive)
Autoboot : on (autoboot:on)
CPU Mode : auto
n If the command output shows that the status is not running, the system is
normal and you need to enter reset -d 0 xir.
The following message will be displayed:
DomainID to reset:00
Continue? [y|n]
f. Enter y.
g. Enter console -d 0 -f.
The following message will be displayed:
Connect to DomainID 0? [y|n]
Step 2 Run the following command to switch to the Multi-user Mode or Single-user Mode.
l Run the following command to switch to the multi-user mode:
ok boot
l Run the following command to switch to the single-user mode:
ok boot -s
----End
A.3.2.5 How to Open the Terminal Window on the Desktop in the Java Desk
System
Question
How do I open the terminal window on the desktop in the Java Desk System (JDS)?
Answer
Step 1 Open the desktop in the JDS.
1. Enter the user name for login, such as root.
2. Choose Options > Session > Java Desktop System to select the JDS.
3. Click OK. Enter the password for the user.
4. Click OK to log in to the desktop in the JDS.
Step 2 Right-click on the desktop in the JDS and choose Open Terminal from the shortcut menu to
open a terminal window.
----End
A.3.2.6 How to Query the Drive of the Default Startup Disk of the Workstation
Question
On the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server, the system starts from hard
disk PhyNum 0 by default. How do I query the drive of hard disk PhyNum 0?
Answer
After the system enters the OK mode, run the following command to query the drive of the
startup disk:
{0} ok probe-scsi-all
/pci@400/pci@2/pci@0/pci@c/LSI,sas@0
/pci@400/pci@2/pci@0/pci@8/SUNW,qlc@0,1
QLogic QLE2562 Host Adapter FCode(SPARC): 2.03 06/30/08
Firmware version 4.03.02
Fibre Channel Link down
Possible causes: No cable, incorrect connection mode or data rate
SFP state: 8Gb Present
/pci@400/pci@2/pci@0/pci@8/SUNW,qlc@0
QLogic QLE2562 Host Adapter FCode(SPARC): 2.03 06/30/08
Firmware version 4.03.02
Fibre Channel Link down
Possible causes: No cable, incorrect connection mode or data rate
SFP state: 8Gb Present
/pci@400/pci@2/pci@0/pci@4/scsi@0
FCode Version 1.00.61, MPT Version 2.00, Firmware Version 9.00.00.00
Target 9
Unit 0 Disk HITACHI H106060SDSUN600G A2B0 1172123568 Blocks, 600 GB
SASDeviceName 5000cca0253b71ac SASAddress 5000cca0253b71ad PhyNum 0
Target a
Unit 0 Removable Read Only device TEAC DV-W28SS-V 1.0B
SATA device PhyNum 6
/pci@400/pci@1/pci@0/pci@8/SUNW,qlc@0,1
QLogic QLE2562 Host Adapter FCode(SPARC): 2.03 06/30/08
Firmware version 4.03.02
Fibre Channel Link down
Possible causes: No cable, incorrect connection mode or data rate
SFP state: 8Gb Present
/pci@400/pci@1/pci@0/pci@8/SUNW,qlc@0
QLogic QLE2562 Host Adapter FCode(SPARC): 2.03 06/30/08
Firmware version 4.03.02
Fibre Channel Link down
Possible causes: No cable, incorrect connection mode or data rate
SFP state: 8Gb Present
/pci@400/pci@1/pci@0/pci@4/scsi@0
FCode Version 1.00.61, MPT Version 2.00, Firmware Version 9.00.00.00
Target 9
NOTE
l pci@1 specifies the first controller and pci@2 specifies the second controller.
l If PhyNum 0 is available on the first controller but not on the second controller, the system by
default starts from the hard disk of the first controller. Record 5000cca0253d1400 corresponding to
PhyNum 0 on the first controller as the drive of the startup disk.
l If PhyNum 0 is available on the second controller but not on the first controller, the system by
default starts from the hard disk of the second controller. Record 5000cca0253b71ac corresponding
to PhyNum 0 on the second controller as the drive of the startup disk.
l If PhyNum 0 is available on both the first and second controllers, the system by default starts from
the hard disk of the first controller. Record 5000cca0253d1400 corresponding to PhyNum 0 on the
first controller as the drive of the startup disk.
Question
How do I operate the CD-ROM?
Answer
Step 1 If the Sun workstation has a built-in CD-ROM drive, perform the following operation:
The system automatically installs the CD-ROM to the /cdrom directory after startup. If there
is a CD-ROM in the CD-ROM drive, view the contents of the CD-ROM after accessing the /
cdrom directory.
Step 2 If the Sun workstation has an external CD-ROM drive, perform the following operation:
Power on the CD-ROM drive after the SCSI wire is connected. Then, power on the
workstation. The system automatically identifies and installs the CD-ROM to the /cdrom
directory after startup.
Step 3 Use appropriate commands to open the CD-ROM drive.
If there is a CD-ROM in the CD-ROM drive, run appropriate commands to open the CD-
ROM drive.
Verify that the CD-ROM is not being used by any program and exit the directory for the CD-
ROM. Run the following command as user root:
# eject
NOTE
If the DVD cannot be ejected after the eject command is executed, you must add the drive mounting
position next to the command, You can run the df -h command to query the drive mounting position.
# df -h
...
/vol/dev/dsk/c2t6d0/solaris
2.8G 2.8G 0k 100% /cdrom/solaris
The drive mounting position is solaris. Run the eject solaris command to eject the DVD.
NOTE
If the system prompts "Device busy" and the CD-ROM cannot be ejected, run the following command
as user root:
# svcadm disable volfs
Press the eject button on the drive panel to take out the CD-ROM.
The drive becomes unavailable in this situation. Run the following command:
# svcadm enable volfs
The CD-ROM drive can then be used.
l If the server model is Oracle T4-2/Netra T4-2, run the following command:
ok boot dvd
Press Enter. The system will restart. After five minutes, the system will prompt you to select
the language for the installation program.
By doing this, you can install or start the system from the CD-ROM.
Step 5 Check the SCSI device mounted on the workstation.
Enter the following command at the ok prompt:
ok probe-scsi
By doing this, you can check the SCSI device mounted on the workstation. This command is
usually used to verify that the CD-ROM drive is correctly mounted.
----End
A.3.2.8 How to Solve the Problem that the Current File System Is Not in the UFS
Format
Question
In Solaris 10, if the file system is not in the UFS format, How to solve this problem?
Answer
l Contact Huawei technical support engineers to assist in reinstalling the operating system
and U2000. Change the file system format to UFS during reinstallation of the operating
system.
l If the live network does not allow reinstallation of the operating system or U2000,
perform the following operations:
a. Log in to the operating system of the server as the ossuser user.
b. Run the following command to view the current file system format:
$ cat /etc/vfstab
NOTE
The column to which FS type belongs indicates the format of the current file system. In this
example, the file system is in the UFS format.
c. Run the following commands to add the type of disks to be monitored:
$ SettingTool -cmd setparam -path /imap/common/monitor/monitorgroup/
SupportFS -value "zfs;vxfs;ufs"
NOTE
l The following disk types are supported: VxFS, UFS, and ZFS.
l Different disk types are separated by columns (;).
l The default disk type is UFS.
d. Run the following command to check whether desired disks are added:
$ SettingTool /imap/common/monitor/monitorgroup/SupportFS
If the following information is displayed, the desired disks have been successfully
added.
zfs;vxfs;ufs
ii. Run the following command to shut down the ResourceMonitor process:
$ kill -9 process ID
In this example, run the kill -9 9252 command to shut down the
ResourceMonitor process.
f. Wait about 1 minute. The ResourceMonitor process automatically starts.
----End
Question
How do I use the VNC to remotely access a workstation?
Answer
The VNC is a component of Solaris. It is a typical thin client software. The graphics processor
service runs on the server and multiple instances can be created. The VNC advantage is that a
remote computer can access the server using the Internet Explorer. If the connection is torn
down, the desktop can be held by logging in with the same user name and port number. The
remotely run applications will not be interrupted due to the network disconnection.
l After the following operations are performed, you can remotely log in to Solaris as a
specified OS user and retain the session. If the connection is torn down and you log in
using the same port as the same user, the session will be retained.
l If the use of the VNC to remotely log in to the Solaris OS needs to be performed as the
root user, the login user must be root. If the use of the VNC to remotely log in to the
Solaris OS needs to be performed as the ossuser user, log in to the Solaris OS as the
ossuser user after the U2000 is installed.
l Do not use the Java desktop mode to log in to the OS. Using Telnet/SSH (more secure,
recommended) to log in to the OS is recommended. After login succeeds, run the
associated commands to start the VNC service.
l After installing U2000, the scripts to enable and disable VNC is in the /opt/oss/engr/
tools/VNC directory. Before installing U2000, the scripts to enable and disable VNC is in
the /opt/install/OSSICMR/tools/VNC directory. The following example describes how to
use the VNC after installing U2000.
If the command output contains online, you do not need to run the following commands. If
the command output contains maintenance or offline, run the following commands to change
the status of svc:/milestone/network:default to online.
# svcadm clear svc:/milestone/network:default
# svcadm enable svc:/milestone/network:default
# svcs |grep svc:/milestone/network:default
# vncpasswd
l Enter the same password again. The system begins to check whether the passwords
are the same. If so, the password is set successfully. If not, set the password again.
l Remember the password that will be used for VNC login as user root.
l If the password is forgotten, log in to the OS as user root, run the vncpasswd
command, and set a new password according to the message.
c. Run the following commands to enable the VNC services.
# cd /opt/oss/engr/tools/VNC
# sh stop_vnc_root.sh
If the command output contains successfully, the VNC service corresponding to the
root user is stopped. Run the following command:
# sh start_vnc_root.sh
If the command output contains successfully, the VNC service corresponding to the
root user is started. The port ID is 5802 for the root user.
NOTE
user for the two servers. You must ensure that the VNC service corresponding to the
root user has been started for both of the two servers.
i. On a PC or laptop, choose Start > Run. In the dialog box that is displayed,
enter cmd to open a CLI.
ii. Run the following command to navigate to the path where the PuTTY is
located:
C:\>cd /d D:\PuTTY\
iii. Run the following command to create an SSH tunnel for the root user:
D:\PuTTY>putty -L 5902:localhost:5902 -L 5802:localhost:5802 10.9.1.1
D:\PuTTY>putty -L 5904:localhost:5902 10.9.1.2
NOTE
l If the VNC needs to be connected to only one server, only the first command needs
to be executed. If the VNC needs to be connected to two servers, both of the two
commands need to be executed.
l Establish a connection with the server. In the PuTTY Security Alert dialog box,
click Yes to confirm the connection to the server.
l 10.9.1.1 and 10.9.1.2 specify the IP addresses of server 1 and server 2.
iv. In the PuTTY dialog box, enter the user name and password of the root user.
The SSH tunnel for the root user is created.
NOTE
l During operations on the GUI, do not shut down the PuTTY dialog box.
Otherwise, the connection to the VNC client becomes abnormal.
l If the security hardening policy is enabled on the system, enter the user name and
password of the ossuser user in the PuTTY window to complete the creation of
the SSH tunnel.
e. Open the Internet Explorer of a PC or laptop. Enter http://localhost:5802 in the
address bar. Then press Enter.
f. Perform the following operations to access the Solaris OS of the two servers:
n Ensure that the value of Server in the VNC Viewer dialog box is localhost:2.
Click OK. In the dialog box that is displayed, enter a password and click OK
to access the Solaris OS of server 1.
n Repeat Step 1e and change the value of Server to localhost:4 in the VNC
Viewer dialog box. Click OK. In the dialog box that is displayed, enter a
password and click OK to access the Solaris OS of server 2.
l After the GUI process is completed, run the following command to shut down
the VNC service in order to ensure security:
cd /opt/oss/engr/tools/VNC
# sh stop_vnc_root.sh
NOTE
l Enter the same password again. The system begins to check whether the passwords
are the same. If so, the password is set successfully. If not, set the password again.
l Remember the password that will be used for VNC login as user ossuser.
l If the password is forgotten, log in to the OS as user ossuser, run the vncpasswd
command, and set a new password according to the message.
c. Run the following commands to enable the VNC services.
$ su - root
Password: root user password
# cd /opt/oss/engr/tools/VNC
# sh stop_vnc_oss.sh
# sh start_vnc_oss.sh
If the command output contains successfully, the VNC service corresponding to the
ossuser user is started. The port ID is 5803 for user ossuser
NOTE
If a message is displayed asking you to set the password, run the vncpasswd password as the
ossuser user to set the password.
d. Perform the following operations to create an SSH tunnel for the ossuser user so
that the communication between the server and VNC client is more secure. If the
PuTTY is stored in the D:\PuTTY path, the IP address of server 1 is 10.9.1.1, and
the IP address of server 2 is 10.9.1.2, the VNC service can be implemented as the
ossuser user for the two servers. You must ensure that the VNC service
corresponding to the ossuser user has been started for both of the two servers.
i. On a PC or laptop, choose Start > Run. In the dialog box that is displayed,
enter cmd to open a CLI.
ii. Run the following command to navigate to the path where the PuTTY is
located:
C:\>cd /d D:\PuTTY\
iii. Run the following command to create an SSH tunnel for the ossuser user:
D:\PuTTY>putty -L 5903:localhost:5903 -L 5803:localhost:5803 10.9.1.1
D:\PuTTY>putty -L 5905:localhost:5903 10.9.1.2
NOTE
l If the VNC needs to be connected to only one server, only the first command needs
to be executed. If the VNC needs to be connected to two servers, both of the two
commands need to be executed.
l Establish a connection with the server. In the PuTTY Security Alert dialog box,
click Yes to confirm the connection to the server.
l 10.9.1.1 and 10.9.1.2 specify the IP addresses of server 1 and server 2.
iv. In the PuTTY dialog box, enter the user name and password of the ossuser
user. The SSH tunnel for the ossuser user is created.
NOTE
During operations on the GUI, do not shut down the PuTTY dialog box. Otherwise,
the connection to the VNC client becomes abnormal.
e. Open the Internet Explorer of a PC or laptop. Enter http://localhost:5803 in the
address bar. Then press Enter.
f. Perform the following operations to access the Solaris OS of the two servers:
n Ensure that the value of Server in the VNC Viewer dialog box is localhost:3.
Click OK. In the dialog box that is displayed, enter a password and click OK
to access the Solaris OS of server 1.
n Repeat Step 2e and change the value of Server to localhost:5 in the VNC
Viewer dialog box. Click OK. In the dialog box that is displayed, enter a
password and click OK to access the Solaris OS of server 2.
l After the GUI process is completed, run the following command to shut down
the VNC service in order to ensure security:
# cd /opt/oss/engr/tools/VNC
# sh stop_vnc_oss.sh
If you still cannot use the VNC on a PC or laptop to log in to the server after the
VNC is configured, perform the following operations to locate the fault:
i. Check whether the VNC port is occupied.
For a root user, the VNC port is 5802. For an ossuser user, the VNC port is
5803. For the U2000 V100R008SPC300 or later, port forwarding must be
configured on Windows. VNC ports may be occupied.
On a PC or laptop running on Windows, if a root user cannot use the VNC to
log in to the server, run the netstat -a |findstr 5802 command to check
whether the VNC port is occupied. If an ossuser user cannot use the VNC to
log in to the server, run the netstat -a |findstr 5803 command to check
whether the VNC port is occupied.
The following information is displayed (a root user is used as an example)
TCP 127.0.0.1:5802 SZXY1X001776702:0 LISTENING
Table A-4 Usage of commonly seen shortcut options in the VNC window
Scenar Availabil Shortcut Description
io ity Option/
Operation
1 A user fails to run The VNC has been running for a long time
commands in the without being restarted, resulting in environment
CLI after logging variable failures. To resolve this problem, restore
in to the GUI the environment variables and run the related
through the VNC. commands.
Restore the environment variables:
1. Log in to the GUI as the root user.
2. Run the following commands to restore
environment variables:
# . /.profile-EIS
2 If the VNC service There is a low probability that this issues occurs
has been running if the VNC service has been running for a certain
for a long period period of time. If this issue occurs, restart the
of time, the GUI VNC service as the root or ossuser user.
desktop may stop
responding when a
user logs in to the
GUI desktop in
vnc mode.
----End
Question
How do I set an encryption algorithm for OpenSSH?
Answer
Step 1 Log in to the Solaris OS as the ossuser user through SSH by using PuTTY.
Step 4 Perform the following operations to set an encryption algorithm for OpenSSH.
1. Run the following command:
# python modifysshdalg.py
All mac_algorithms:
1: hmac-md5-etm@openssh.com 2:hmac-sha1-etm@openssh.com
3: umac-64-etm@openssh.com 4:umac-128-etm@openssh.com
5: hmac-ripemd160-etm@openssh.com 6:hmac-sha1-96-etm@openssh.com
7: hmac-md5-96-etm@openssh.com 8:hmac-md5
9: hmac-sha1 10:umac-64@openssh.com
11: umac-128@openssh.com 12:hmac-ripemd160
13: hmac-ripemd160@openssh.com 14:hmac-sha1-96
15: hmac-md5-96 16:hmac-sha2-256-
etm@openssh.com
17: hmac-sha2-512-etm@openssh.com 18:hmac-sha2-256
19: hmac-sha2-512
All cipher_algorithms:
1: aes128-ctr 2:aes192-ctr
3: aes256-ctr 4:arcfour256
5: arcfour128 6:chacha20-
poly1305@openssh.com
7: aes128-cbc 8:3des-cbc
9: blowfish-cbc 10:cast128-cbc
11: aes192-cbc 12:aes256-cbc
13: arcfour 14:rijndael-cbc@lysator.liu.se
All kex_algorithms:
1: diffie-hellman-group-exchange-sha256 2:diffie-hellman-group-
exchange-sha1
3: diffie-hellman-group14-sha1 4:diffie-hellman-group1-sha1
ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
cbc,aes256-cbc,arcfour
3. Select the secure MACs algorithm for OpenSSH based on actual situations and press
Enter. It is recommended that 9 be entered.
NOTE
– The new algorithm will replace the previous OpenSSH algorithm, you need to ensure that the
new algorithm contains all the algorithms that OpenSSH needs to use. Otherwise, some
connected systems cannot connect to the U2000 server through OpenSSH.
– Before selecting a secure algorithm, ensure that the system interconnected to the U2000
supports this algorithm; otherwise, this system cannot connect to the U2000 server over
OpenSSH.
– If need support multi secure algorithms, select the number before the secure algorithms and
separate them with commas (,).
The command output is as follows:
Input Y or y to modify cipher_algorithms,otherwise,exit the modification of
cipher_algorithms.
:
5. Select the secure Ciphers algorithm for OpenSSH based on actual situations and press
Enter. It is recommended that 1,2,3 be entered.
NOTE
– The new algorithm will replace the previous OpenSSH algorithm, you need to ensure that the
new algorithm contains all the algorithms that OpenSSH needs to use. Otherwise, some
connected systems cannot connect to the U2000 server through OpenSSH.
– Before selecting a secure algorithm, ensure that the system interconnected to the U2000
supports this algorithm; otherwise, this system cannot connect to the U2000 server over
OpenSSH.
– If need support multi secure algorithms, select the number before the secure algorithms and
separate them with commas (,).
The command output is as follows:
Input Y or y to modify kex_algorithms,otherwise,exit the modification of
kex_algorithms.
:
7. Select the secure Kex algorithm for OpenSSH based on actual situations and press
Enter. It is recommended that 4 be entered.
NOTE
– The new algorithm will replace the previous OpenSSH algorithm, you need to ensure that the
new algorithm contains all the algorithms that OpenSSH needs to use. Otherwise, some
connected systems cannot connect to the U2000 server through OpenSSH.
– Before selecting a secure algorithm, ensure that the system interconnected to the U2000
supports this algorithm; otherwise, this system cannot connect to the U2000 server over
OpenSSH.
– If need support multi secure algorithms, select the number before the secure algorithms and
separate them with commas (,).
The command output is as follows:
Operation succeeded. Please restart Openssh for the settings to take effect.
Please input Y or y to restart OpenSSH,inputing others will exit directly and
no restart OpenSSH!
input :
NOTE
If the message "Restarting OpenSSH is successful." is displayed, the OpenSSH encryption
algorithm is successfully set.
----End
Question
How do I start/stop the SSH service?
Answer
Use the following methods to start/stop the SSH service.
l Start the SSH service as follows:
a. Log in to Solaris OS as user root through Telnet by using PuTTY.
NOTE
You can also log in to the system controller in SSH mode and then follow A.3.4.9 How to
Access the OS from the Controller to perform subsequent operations.
b. Run the following command to check whether the U2000 or OS SSH service is
used:
# ps -ef|grep ssh
n If the queried directory is /user/lib/ssh/sshd, the OS SSH service is used.
n If the queried directory is /user/local/sbin/sshd, the U2000 SSH service is
used.
c. Start the SSH service:
n If the U2000 SSH service used, run the following command to start the U2000
SSH service:
# /etc/init.d/opensshd start
n If the OS SSH service used, run the following commands to start the OS SSH
service:
1) # svcadm restart ssh
2) # svcadm enable ssh
l Stop the SSH service as follows:
a. Log in to Solaris OS as user root through Telnet by using PuTTY.
NOTE
You can also log in to the system controller in SSH mode and then follow A.3.4.9 How to
Access the OS from the Controller to perform subsequent operations.
b. Run the following command to check whether the U2000 or OS SSH service is
used:
# ps -ef|grep ssh
n If the queried directory is /user/lib/ssh/sshd, the OS SSH service is used.
n If the queried directory is /user/local/sbin/sshd, the U2000 SSH service is
used.
c. Run the following command to stop the SSH service:
n If the U2000 SSH service used, run the following command to stop the U2000
SSH service:
# /etc/init.d/opensshd stop
n If the OS SSH service used, run the following commands to stop the OS SSH
service:
# svcadm disable ssh
Question
How do I start/stop the FTP, SFTP, and Telnet services?
NOTE
Answer
Use the following methods to start/stop the FTP, SFTP, and Telnet services. You are
recommended to restore the original settings afterwards.
l Start the FTP, SFTP, and Telnet services as follows:
– when NMS is not installed, starting the FTP service
i. Log in to Solaris OS as user root.
ii. Run the following command to start the FTP service:
# svcadm enable ftp
– when NMS is installed, starting the FTP service
i. Use the PuTTY to log in to the iMAP server as user ossuser in SSH mode.
ii. Run the following command to set environment variables.
$ . /opt/oss/server/svc_profile.sh
– Starting the SFTP service (The default installation starts and OpenSSH
(recommended) is enabled.)
n Use the OpenSSH.
1) Log in to Solaris OS as user root.
2) Run the following commands to enable OpenSSH:
# /etc/init.d/opensshd start
n Use the SFTP service carried by the system.
1) Log in to Solaris OS as user root.
2) Run the following command to start the SFTP service:
# vi /etc/ssh/sshd_config
Modify the "PAMAuthenticationViaKBDInt yes" to
"PAMAuthenticationViaKBDInt no", and run the :wq! command to save
the settings and exit.
# svcadm restart network/ssh
# svcadm enable network/ssh
– Starting the Telnet service
i. Log in to Solaris OS as user root.
ii. Run the following command to start the Telnet service:
# svcadm enable telnet
l Stop the FTP, SFTP, and Telnet services as follows:
– when NMS is not installed, stopping the FTP service
i. Log in to Solaris OS as user root.
ii. Run the following command to stop the FTP service:
# svcadm disable ftp
– when NMS is installed, stopping the FTP service
i. Use the PuTTY to log in to the iMAP server as user ossuser in SSH mode.
ii. Run the following command to set environment variables.
$ . /opt/oss/server/svc_profile.sh
A.3.3.4 How to Enable and Disable the FTP/Telnet Authority of user root on
Solaris OS
Question
How do I enable and disable the FTP/Telnet authority for user root on Solaris OS?
Answer
Step 1 Enable or disable the FTP authority for user root as follows:
l Enabling the FTP authority for user root
a. Log in to Solaris OS as user root.
b. Run the following commands to enable the FTP authority for user root:
# svcadm enable ftp
# sed "/^root/s//#root/g" /etc/ftpd/ftpusers > /tmp/ftpusers
# cp /tmp/ftpusers /etc/ftpd/ftpusers
Step 2 Enable or disable the Telnet authority for user root as follows:
l Enabling the Telnet authority for user root
a. Log in to the Solaris OS as user root.
b. Run the following commands to enable the Telnet authority of user root:
# svcadm enable telnet
# sed "/^CONSOLE/s//#CONSOLE/g" /etc/default/login > /tmp/login
# cp /tmp/login /etc/default/login
b. Run the following commands to disable the Telnet authority of the root user:
# sed "/^#CONSOLE/s//CONSOLE/g" /etc/default/login > /tmp/login
# cp /tmp/login /etc/default/login
----End
A.3.4.1 How to View the Versions and its patches of the Solaris OS
Question
How do I view the versions and its patches of the Solaris OS?
Answer
1. Open a terminal window on Solaris OS.
2. Run the following command to view the version of the system:
# more /etc/release
If the Solaris version is Solaris 10 8/11 if the following message is displayed. The OS
and patches are successfully installed. Otherwise, use a correct installation DVD-ROM
to reinstall the OS or the OS patch.
3. Run the following command to view the version of the system and its patches:
# uname -rv
Question
How do I view hardware configurations for the Sun workstation?
Answer
Log in to the Sun workstation as the root user. Then, run the following commands:
# cd /usr/platform/`uname -i`/sbin
# ./prtdiag
l The following information indicates the system clock frequency. In this example, the
workstation clock frequency is 1012 MHZ.
System clock frequency: 1012 MHz
l The following information indicates the memory configuration for the workstation. In
this example, the memory configuration for the workstation is 32 GB.
Memory size: 32768 Megabytes
l The following information indicates the CPU configuration for the workstation. In this
example, four CPUs are configured for the workstation, each CPU has four threads, and
the workstation has 16 threads in total.
==================================== CPUs ====================================
NOTE
A.3.4.3 How to Check Whether the Hard Disk of the Sun Workstation Is
Damaged
Question
How do I check whether the hard disk of the Sun workstation is damaged?
Answer
During the operation of the Sun workstation, inappropriate powering-off usually causes
damage to the hard disk and even renders the Sybase database unavailable. Run the iostat -E
command to check whether the hard disk of the OS is damaged.
Log in to the Sun workstation as user root and run the following command:
# iostat -En
NOTE
The hard disk is damaged if the information to the rights of Hard Errors is not 0. Send the message
series files in the /var/adm directory to Huawei engineers so that they can apply for a spare part to
replace the hard disk on site.
Question
How do I check the partition of Solaris OS?
Answer
Step 1 Log in to Solaris OS as user root.
Step 2 Run the following command to check all disks of the server:
# format
Step 3 Enter 0 and press Enter to view the information about the c1t0d0 disk. The following
message will be displayed:
selecting c0t0d0
[disk formatted]
/dev/dsk/c0t0d0s1 is in use by dump. Please see dumpadm(1M).
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
!<cmd> - execute<cmd>, then return
quit
format>
Step 4 Enter p and press Enter to select the partition list. The following message will be displayed:
PARTITION MENU:
0 - change `0' partition
1 - change `1'partition
2 - change `2' partition
3 - change `3' partition
4 - change `4' partition
5 - change `5' partition
Step 5 Enter p and press Enter to view the partition information of disk c1t0d0, including the raw
partition information. The following message will be displayed:
Current partition table (original):
Total disk cylinders available: 14087 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 root wm 0 - 3091 30.01GB (3092/0/0)
62928384
1 swap wu 3092 - 6389 32.01GB (3298/0/0)
67120896
2 backup wm 0 - 14086 136.71GB (14087/0/0)
286698624
3 - wu 0- 14086 136.71GB (14087/0/0)
286698624
4 - wu 14083 - 14086 39.75MB (4/0/0) 81408
5 unassigned wm 6390 - 10511 40.00GB (4122/0/0)
83890944
6 var wm 10512 - 13603 30.01GB (3092/0/0) 62928384
7 unassigned wm 0 0 (0/0/0) 0
partition>
Step 6 Enter q to exit the c1t0d0 disk directory. The following message will be displayed:
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label -write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
!<cmd> - execute<cmd>, then return
quit
format>
Step 8 Repeat Step 2 to Step 7, and select other disks to check the partitions.
----End
A.3.4.5 How to Check the IP Address and Routing Information for a Workstation
Question
How to check the IP address and routing information for a workstation?
Answer
Step 1 Log in to the Solaris OS as user root.
Step 2 Run the following command to view the IP address of the host:
# ifconfig -a
NOTE
In the previous output, the IP address of the displayed host is 10.9.169.143, and the logical IP address is
10.6.253.136. In the Solaris or SUSE Linux system, a network adapter can bind several logical IP
addresses, which realizes communications between different network segments.
Step 3 Run the following command to view the information about the routing tables:
# netstat -rn
A router can be in any of the following five different flags: U, G, H, D, and M, as described in
Table A-6.
Flag Description
H H indicates a route destined for a host. That is, the destination address is a
complete host address.
NOTE
l If this flag is not set, you can infer that the route leads to a network and that the
destination address is a network address: either a network number or a network.
The part in the address for the host is 0.
l When you search the routing table for an IP address, the host address must exactly
match the destination address.
l The network address, however, is required to match only the network number and
subnet number of the destination address.
The Ref (Reference count) column lists the number of routing progresses. The protocol for
connection, such as TCP, requires a fixed route when a connection is established. If the telnet
connection is established between the host svr4 and the host slip, the Ref is 1. If another telnet
connection is established, its value is changed to 2.
The next column (Use) displays the number of packets sent through a specified route. After
you run the ping command as the unique user of this route, the program sends five groups and
the number of packets is displayed as 5. The last column (Interface) indicates the name of
the local interface.
The name of the loop-back interface is permanent set to lo0. Flag G is not set because the
route is not destined for a gateway. Flag H indicates that the destination address, 127.0.0.1, is
a host address and not a network address. Because flag G is not set, the route here is a direct
route and the gateway column shows the outgoing IP address.
Each host has one or multiple default routes. That is, if a particular route is not found in the
table, the packet is sent to the router. In addition, the current host can access other systems
through the Sun router (and the slip link) on the internet, based on the settings of the routing
table. The flag UG refers to the gateway.
----End
A.3.4.6 How to View the Controller IP Addresses for the Sun Workstation
Question
How to view the controller IP addresses for the Sun workstation?
Answer
l Check the controller IP address for the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle
T4-2/T5220 server.
a. Connect the computer and the server physically.
i. Use a serial port (DB9-RJ45) to connect the serial port of the local console and
the serial port (SERIAL MGT) of the server.
Use an RJ45 connector at one end of the serial port cable to connect to the
serial port (SERIAL MGT) of the server and use a DB-9 connector at the other
end of the cable to connect to the serial port (COM1 or COM2) of the
computer.
ii. Use a network cable to connect the network management port (NET MGT) of
the system controller and the switch.
Figure A-6 Connections between the Netra T4-1 server and the controller
Figure A-7 Connections between the Netra T4-2 server and the controller
Figure A-8 Connections between the Oracle T4-1 server and the controller
Figure A-9 Connections between the Oracle T4-2 server and the controller
iii. In the right-hand pane, set parameters as follows for an interface, such as
COM1:
Attribute Attribute Value
Speed(baud) 9600
Data bits 8
Stop bits 1
Parity None
iv. Choose Session from the navigation tree. In the right-hand pane, set
Connection type to Serial and use the default values for other parameters.
v. Click Open.
c. Enter the user name and password. The default user name is root and the default
password is changeme.
NOTE
The OS will be started after this step is complete if the OS is installed on the workstation.
Run the #. command to display the prompt of the controller.
d. Perform the following operations to configure hardware at the -> prompt:
i. Enter cd /SP/network.
The following message will be displayed:
/SP/network
Properti
commitpending = (Cannot show
property)
dhcp_server_ip = none
ipaddress = 10.9.1.20
ipdiscovery = static
ipgateway = 10.9.1.1
ipnetmask = 255.255.255.0
macaddress = 00:21:28:3F:
9F:E9
pendingipaddress =
10.9.1.20
pendingipdiscovery =
static
pendingipgateway =
10.9.1.1
pendingipnetmask =
255.255.255.0
state = enabled
Commands:
cd
set
show
NOTE
Speed(baud) 9600
Data bits 8
Stop bits 1
Parity None
iv. Choose Session from the navigation tree. In the right-hand pane, set
Connection type to Serial and use the default values for other parameters.
v. Click Open.
c. Enter the user name. Enter the default user name (default) if the system is being
logged in to for the first time.
login: default
d. Within 5 to 10 seconds, insert the key into the key slot in the front panel of the
M4000/M5000. Turn the switch to Service labeled with and press Enter.
A message similar to the following will be displayed:
Leave it in that position for at least 5 seconds. Change the panel mode
switch to Locked, and press return...
e. Within 5 to 10 seconds, turn the switch to Locked labeled with and press
Enter.
A message similar to the following will be displayed:
XSCF>
NOTE
If the event that XSCF> is not displayed (which means that login has failed), attempt to log
in again.
f. Run the following command to check the controller IP address:
XSCF>shownetwork -a
xscf#0-lan#1
Link encap:Ethernet HWaddr 00:21:28:A7:70:5B
NOTE
In the preceding information, the controller IP address is 10.9.1.21, which is shown to the
right of inet addr. The controller broadcast address is 10.9.1.255, which is shown to the
right of Bcast. The controller subnet mask is 255.255.255.0, which is shown to the right of
Mask.
g. Enter exit to close the serial port-based login window.
----End
Question
Compressed files are usually in *.tar, *.tar.gz, or *.zip format. How do I decompress these
files?
Answer
l To decompress a *.tar file, perform the following operation:
The following uses the abc.tar file as an example. Run the following command:
The following uses the abc.zip file as an example. Run the following command:
# unzip abc.zip
----End
Question
Remote login fails after the system is restarted. How do I remotely log in to the system as user
root?
Answer
Step 1 Log in to the server from the controller. Ensure that the server is running.
Step 2 Check whether user root has rights to log in to the server. Ensure that user root has rights to
log in to the server.
Step 3 Verify the routing information about the server. Ensure that the route is reachable.
----End
Question
How to use a controller to access the OS when login to the OS from the system IP address
fails or security hardening does not take effect and remote login to the OS as the root user
fails?
Answer
Step 1 Log in to the controller.
l For M4000/M5000 servers, log in to the controller by means of Telnet or SSH (more
secure, recommended).
l For Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 servers, log in to the
controller in SSH mode.
----End
Question
How do I switch between the console, OK prompt, and # prompt?
NOTE
The switching method varies based on the type of the Sun server used.
Answer
l Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 Servers
– Switch from the console to the OK prompt.
NOTE
When you switch from the console to the OK prompt, the OS will be shut down. If the
U2000 is already running during switching, ensure that the U2000 and database have been
shut down.
i. Log in to the IP address of the system controller in Secure Shell (SSH) mode.
Perform the following operations to display the OK prompt:
NOTE
The Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 server does not support
the login to the system controller in Telnet mode. Log in to the system controller by
performing the following operation:
l Install the SSH client tool, such as the PuTTY, in the console on Windows. Then,
you can log in to the system controller through the tool.
l Run the ssh IP address of the system controller command on the terminal console
of another Sun server to log in to the system controller. If a message similar to the
following is displayed, enter yes to continue:
The authenticity of host '10.71.35.12 (10.71.35.12)' can't be
established.
RSA key fingerprint is 0b:23:07:0c:27:72:44:3f:d1:aa:
12:99:ed:dd:c0:5a.
Are you sure you want to continue connecting (yes/no)?
ii. In the command line interface (CLI) that is displayed, enter the user name and
password of the system controller. By default, the user name is root and the
default password is changeme.
iii. Run the following command:
-> set /HOST/bootmode state=reset_nvram script="setenv auto-boot?
false"
NOTE
Enter show /HOST status repeatedly to check the system status. After a
message containing status = Powered off is displayed, proceed with the next
step.
Run the following command:
auto-boot? = false
{0} ok
NOTE
NOTE
If the message auto-boot? true is displayed, the parameters have taken effect.
Variable Name Value Default Value
...
auto-boot? true true
...
Run the following command to enable the system to perform another self-check:
ok reset-all
The system will display the OK prompt. Enter boot. If # is displayed, the system
has successfully switched to the # prompt.
ok boot
NOTE
Enter # and ..
l M4000/M5000 Servers
– Switch from the console to the OK prompt.
NOTE
When you switch from the console to the OK prompt, the OS will be shut down. If the
U2000 is already running during switching, ensure that the U2000 and database have been
shut down.
i. Run the telnet IP address of the controller command on the console to log in
to the controller IP address by means of Telnet.
The following message will be displayed:
Login:
NOTE
If Secure Mode is on, perform the following:
1. Run the following command:
XSCF> setdomainmode -d 0 -m secure=off
The following message will be displayed:
Diagnostic Level :min -> -
Secure Mode :on -> off
Autoboot :on -> -
CPU Mode :auto
The specified modes will be changed.
Continue? [y|n]
2. Enter y.
The following message will be displayed:
configured.
Diagnostic Level :min
Secure Mode :off (host watchdog: unavailable Break-
signal:receive)
Autoboot :on (autoboot:on)
CPU Mode :auto
vi. Enter y.
vii. Run the following command:
XSCF> console -d 0 -f
NOTE
Run the following command to enable the system to perform another self-check:
ok reset-all
The system will display the OK prompt. Enter boot to display the # prompt.
ok boot
NOTE
Enter # and ..
– Switch from the # prompt to the OK prompt.
Run the following command:
# init 0
NOTE
NOTE
ok printenv
Run the following command to enable the system to perform another self-check:
ok reset-all
The system will display the OK prompt. Enter boot to display the # prompt.
ok boot
NOTE
Enter # and ..
– Switch from the # prompt to the OK prompt.
Run the following command:
# init 0
----End
Question
How do I use the text editor?
NOTE
Answer
Run the following command to open the text editor:
dtpad file name
l If a file with the same filename exists, run the dtpad command to open and edit the file.
l If a file with the same filename does not exist, run the dtpad command to create and edit
a file.
Question
How do I query the process status?
Answer
Run the ps -ef | grep process name command to query the process status.
For example, run the ps -ef | grep sysmonitor command to query the status of the sysmonitor
process. The following message will be displayed:
ossuser 17156 17032 0 22:13:59 pts/3 0:00 grep sysmonitor
ossuser 11972 1 0 04:38:10 pts/2 13:00 imap_sysmonitor -cmd start
l imap_sysmonitor indicates information about the process, where 11972 is the process
ID.
NOTE
A.3.4.13 How to Upgrade the System Controller Firmware of the Netra T4-1/
Oracle T4-1/Oracle T4-2 Server
Question
If the version of the Netra T4-1/Oracle T4-1/Oracle T4-2 server is earlier than 8.3.0, alarms
about the power module and fan module cannot be reported. Therefore, the Netra T4-1/Oracle
T4-1/Oracle T4-2 server must be upgraded. During the upgrade, the system controller must be
shut down. How do I upgrade the version of the system controller firmware of the Netra T4-1/
Oracle T4-1/Oracle T4-2 server?
Answer
Step 1 Log in to http://support.huawei.com/carrier and enter Software. Choose Tool > Mini-tool
Software > Network OSS&Service > Universal OS & Patches > Solaris and download
patch packages based on the server type. Only Huawei engineers have the permissions to
download software packages. If the installation using software packages is required, contact
Huawei engineers to obtain software packages.
l Netra T4-1 server:Netra_T4-1_SC_patch-8_3_0_solaris_SPARC.zip
l Oracle T4-1 server:T4-1_SC_patch-8_3_0_solaris_SPARC.zip
l Oracle T4-2 server:T4-2_SC_patch-8_3_0_solaris_SPARC.zip
Step 3 Run the following command to start the HTTP service of the system controller firmware:
-> cd /SP/services/https
-> set servicestate=enabled
If information similar to the following is displayed, the HTTP service is started successfully.
Set 'servicestate' to 'enabled'
Step 4 On the computer where the Windows OS has been installed, open the Internet Explorer.
Step 5 On the address bar, enter the IP address of the workstation controller.
Step 6 In the login dialog box that is displayed, enter the user name and password of the controller
and click Log In.
NOTE
l A message indicating an issue about the security certificate may be displayed. Ignore the message.
l The default user name of the Netra T4-1/Oracle T4-1/Oracle T4-2 controller is root.
l The default password of the Netra T4-1/Oracle T4-1/Oracle T4-2 controller is changeme.
Step 7 After successful login to the server, power off the server. If the server has been powered off,
skip the following operations:
Netra T4-1/Oracle T4-1 Server:
1. Choose Remote Control > Remote Power Control.
2. On the Server Power Control page, select Immediate Power Off and click Save.
Oracle T4-2 Server:
1. Choose Host Management > Power Control.
2. On the Server Power Control page, select Immediate Power Off and click Save.
4. Click Browse and select the patch package based on the server type.
– Netra T4-1 server: Navigate to the 150417-02 directory in the decompression
directory of the patch package. Select the Sun_System_Firmware-8_3_0_c-
Netra_SPARC_T4-1.pkg patch package.
– Oracle T4-1 server: Navigate to the 150413-02 directory in the decompression
directory of the patch package. Select the Sun_System_Firmware-8_3_0_c-
SPARC_T4-1.pkg patch package.
– Oracle T4-2 server: Navigate to the 150414-02 directory in the decompression
directory of the patch package. Select the Sun_System_Firmware-8_3_0_c-
SPARC_T4-2.pkg patch package.
5. Click Upload to upload the patch package of the system controller firmware. Then click
Start Upgrade to start upgrading the system controller firmware.
Step 9 Log in to the controller of the server as the root user. Run the following command to view the
version of the system controller firmware:
-> cd /HOST
-> ls
View the sysfw_version information in the command output. For example, sysfw_version =
Sun System Firmware 7.4.6.c 2012/03/14 10:49.
If sysfw_version = Sun System Firmware 7.4.6.c is displayed, the version of sysfw_version
is later than 7.4.6.c and the system controller firmware is upgraded successfully.
l Netra T4-1/Oracle T4-1/Oracle T4-2 server:
View the sysfw_version information in the command output. For example,
sysfw_version = Sun System Firmware 8.3.0.b 2012/08/03 11:58.
If sysfw_version = Sun System Firmware 8.3.0 is displayed, the version of
sysfw_version is later than 8.3.0 and the system controller firmware is upgraded
successfully.
NOTE
If an OS has been installed, access the OS and restart it after the system controller firmware is upgraded.
Netra T4-1/Oracle T4-1/Oracle T4-2 Server:
l Perform Step4 to Step6 to login to the server.
l Choose Host Management > Power Control.
l On the Server Power Control page, select Power On and click Save.
----End
A.3.4.14 How to Solve the Problem Where the OS Fails to Start After the Netra
T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 Server Is Abnormally Powered
Off
Question
After the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 server is abnormally
powered off, the control card displays the message "System faults or hardware configuration
prevents power on" during OS startup. How do I address this problem?
Answer
Step 1 On the computer where the Windows OS has been installed, open the Internet Explorer.
Step 2 On the address bar, enter the IP address of the workstation controller.
Step 3 In the login dialog box that is displayed, enter the user name and password of the controller
and click Log In.
NOTE
l A message indicating an issue about the security certificate may be displayed. Ignore the message.
l The default user name of the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 controller is
root.
l The default password of the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 controller is
changeme.
Step 5 Perform the following operations to start components in the Disabled state:
1. Select Component State: Disabled from Filter to filter out components in the Disabled
state.
l If components in the Disabled state are unavailable, all components are normal.
l If the components still fail to be started after Enable Component is selected, a hardware fault
occurs. Contact Oracle engineers to address the issue.
NOTE
If the fault persists after Clear Faults is selected, a hardware fault occurs. Contact Oracle engineers to
address the issue.
Step 7 After the preceding operations are complete, shut down the Internet Explorer.
Step 8 Perform the following operations to restart the workstation:
1. If the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 server is used, perform the
following operations to display the OK prompt:
a. Log in to the system controller in SSH mode.
NOTE
The Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 server does not support login
through Telnet. Log in to the system controller performing the following:
n Install the tool software of the SSH client on the Windows terminal to log in to the
system controller, for example: Putty.
n Run the ssh SC_IP_Address command on the terminals of other Sun servers. If the
following message is displayed, enter yes:
The authenticity of host '10.71.35.12 (10.71.35.12)' can't be
established.
RSA key fingerprint is 0b:23:07:0c:27:72:44:3f:d1:aa:
12:99:ed:dd:c0:5a.
Are you sure you want to continue connecting (yes/no)?
b. In the CLI, enter the user name and password of the system controller. The default
user name and password are root and changeme.
c. Enter set /HOST/bootmode state=reset_nvram script="setenv auto-boot?
false".
NOTE
ii. Enter y.
The following message will be displayed:
Stopping /SYS
iii. Enter show /HOST status repeatedly to check the system status.
Proceed with the subsequent operations until the following message is
displayed:
status = Powered off
auto-boot? = false
{0} ok
----End
Question
A server is equipped with four hard disks, two of which are in use. How to deploy a Solaris
single-server system without impacting data on the two hard disks?
Answer
Step 1 Remove the two hard disks from the server.
Step 2 Use the other two hard disks for U2000 installation and quick system installation.
For details, see the U2000 Single-Server System Software Installation and Commissioning
Guide (Solaris).
If the two hard disks are mounted but the vfstab file is not modified, data on the two hard
disks can be viewed and used only this time. After the server is restarted, data on the two hard
disks cannot be viewed.
Step 4 To ensure proper use, mount the two hard disks.
Run the following commands:
# mkdir data1
# mkdir data2
Step 5 Modify the vfstab file to ensure that data on the two hard disks can still be viewed after the
server is restarted.
Run the following command:
# vi /etc/vfstab
Press ESC. Then, press Shift+;, enter wq!, and press Enter.
----End
A.3.4.16 How to Solve the Problem Where the Monitor or KVM Cannot Access
the GUI After the OS Is Installed on the Netra T4-1/Netra T4-2/Oracle T4-1/
Oracle T4-2/T5220 Server
Question
The OS was installed by using the quick installation DVD. After the Netra T4-1/Netra T4-2/
Oracle T4-1/Oracle T4-2/T5220 is connected to the KVM, the GUI cannot be opened. How
do I rectify this fault?
Answer
Step 1 To set the I/O mode, run the following commands:
# eeprom output-device=screen
# eeprom input-device=keyboard
Step 2 To set the screen resolution and refresh rate, perform the following operations:
1. To view information about the current video board, run the following command:
# fbconfig -list
NOTE
The value of /dev/fbs/ast0 differs according to on-site requirements.
2. Optional: If Config Program is displayed as program not available, run the following
commands:
# ln -s /dev/fbs/ast0 /dev/fb
4. To view the current configurations for the video board, run the following command:
# fbconfig -dev /dev/fbs/ast0 -propt
Screen Information:
Remote Screen: Not set
5. The screen resolution and refresh rate are not set if Video Mode is set to not set. To set
the screen resolution and refresh rate, run the following commands:
# fbconfig -dev /dev/fbs/ast0 -res 1024x768x60 now
Enter y, and then press Enter. A message similar to the following will be displayed:
Setting 1024x768x60
6. To view the current configurations for the video board, run the following command:
# fbconfig -dev /dev/fbs/ast0 -propt
The setting has taken effect if a message similar to the following is displayed.
Screen Information:
Remote Screen: Not set
Step 3 To restart the OS, run the following command. After the OS is restarted, connect the Netra
T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2/T5220 to the KVM.
NOTE
If a message asking you to enter a user name is displayed on the monitor or KVM during the restart of
the OS, ignore the message. The OS automatically accesses the login window.
# sync;sync;sync;sync
----End
A.3.4.17 How Do I Enable the SSH Service for the XSCF on the M4000/M5000
Server
Question
How do I enable the SSH service for the XSCF?
Answer
Step 1 Use the serial port cable to connect the serial port of the XSCF to that of the PC.
Insert the RJ-45 connector of the serial port cable into the XSCF serial port; then insert the
DB-9 connector into a serial port on the PC (COM1 or COM2), as shown in Figure A-11.
Figure A-11 Serial port connection between the M4000 server and the PC
1 Serial port of the XSCF 2 Ethernet port 1 of the XSCF 3 Ethernet port 0 of the XSCF
4 XSCF unit - -
Figure A-12 Serial port connection between the M5000 server and the PC
1 Serial port of the XSCF 2 Ethernet port 1 of the XSCF 3 Ethernet port 0 of the XSCF
4 XSCF unit - -
For details about the cable sequence of the serial port cables and related signals, see Table
A-7.
Table A-7 Wire sequence standards for the serial port cables between the XSCF and the PC
RJ-45 Signal DB-9 Socket
3 TXD/RXD 2
4 REF/GND 5
5 REF/GND 5
6 RXD/TXD 3
After the PC and the XSCF are connected, the physical connection between the PC and the
Sun M4000/M5000 server is set up.
Step 2 Set up a logical connection between the computer and the server
1. Start the computer and enter Windows OS.
2. Run the PuTTY tool. In the dialog box that is displayed, choose Serial from the
navigation tree.
3. In the right-hand pane, set parameters as follows for an interface, such as COM1:
Attribute Attribute Value
Speed(baud) 9600
Data bits 8
Stop bits 1
Parity None
4. Choose Session from the navigation tree. In the right-hand pane, set Connection type to
Serial and use the default values for other parameters.
5. Click Open.
Step 3 If the following information is displayed in the PuTTY window, enter the user name eis-
installer and the password.
login: eis-installer
Password:
Step 4 Run the following command to enable the SSH service for the XSCF:
Step 5 When the system displays the following message, type y and press Enter:
Continue? [y|n] :y
Step 6 When the system displays Please reset the XSCF by rebootxscf to apply the ssh settings.,
run the following command to restart the XSCF for the settings to take effect:
XSCF> rebootxscf
Step 7 When the system displays the following message, type y and press Enter:
The XSCF will be reset. Continue? [y|n] :y
NOTE
----End
Question
Packet headers obtain may be required for fault locating. How do I obtain packet headers on
Solaris?
Answer
To ensure security of customers' networks, obtain customers' written authorization before you
obtain packet headers. In addition, comply with laws of associated countries or user privacy
policies of Huawei and take effective measures to ensure that personal data is fully protected.
Step 2 Run the snoop command to obtain packet headers. The common format of the snoop
command is snoop -d NIC name -o Generated file name IP address.
NOTE
l snoop is a command provided by Solaris. For more information about how to use this command, run
the man snoop command.
l To stop capturing packets, press Ctrl+C.
l Command description:
– NIC name: name of the NIC communicating with the destination IP address.
– Generated file name: usually in the format of xxxx.cap.
– IP address: IP address of the packet headers obtain target. It is usually the IP
address of an NE.
Command use example: For example, it is assumed that the IP address of an NE is
10.71.212.13, the name of the NIC that the server uses to communicate with the NE is
bge0, and the name of the file generated after packet headers obtain is complete is /opt/
123.cap.
Run the following command to obtain packet headers:
# snoop -d bge0 -o /opt/123.cap 10.71.212.13
----End
Figure A-13 Mappings between physical and logical network interfaces on the Netra T4-1
Example 2: In Figure A-14, the mappings between the physical and logical network
interfaces for the Oracle T4-1 are described as follows:
l The Oracle T4-1 is integrated with one NIC. The associated logical network interfaces
on the integrated NIC are named igb0, igb1, igb2, and igb3.
l If an NIC is inserted to the PCI slot, the logical network interfaces on the NIC are
numbered from right to left in ascending order.
Figure A-14 Mappings between physical and logical network interfaces on the Oracle T4-1
Example 3: In Figure A-15, the mappings between the physical and logical network
interfaces for the Oracle T4-2 are described as follows:
l One NIC is integrated to the Oracle T4-2. The four logical network interfaces on the NIC
are identified as follows from left to right and from top to bottom:igb2, igb3, igb0, and
igb1.
l If an NIC is inserted to the PCI slot, the logical network interfaces on the NIC are
numbered from top to bottom in descending order.
Figure A-15 Mappings between physical and logical network interfaces on the Oracle T4-2
Example 4: In Figure A-16, the mappings between the physical and logical network
interfaces for the Netra T4-2 are described as follows:
l One NIC is integrated to the Netra T4-2. The four logical network interfaces on the NIC
are identified as follows from left to right and from top to bottom:igb2, igb3, igb0, and
igb1.
Figure A-16 Mappings between physical and logical network interfaces on the Netra
T4-2
l If an NIC is inserted to the PCI slot, the logical network interfaces on the NIC are
numbered from top to bottom in descending order.
l If an expansion NIC is installed in a PCI slot, perform the following operations to check
the mapping between logical and physical network interfaces:
a. Access the operating system from the console.
i. Log in to the controller as the root user.
ii. Run the following command to start the operating system:
-> start /SYS
The following information is displayed:
Are you sure you want to start /SYS (y/n)?
5.0GTx4
/pci@400/pci@2/pci@0/pci@4/network@0,3
/SYS/MB/NET0 PCIE network-pciex8086,10c9
2.5GTx4
/pci@400/pci@2/pci@0/pci@f/network@0
/SYS/MB/NET1 PCIE network-pciex8086,10c9
2.5GTx4
/pci@400/pci@2/pci@0/pci@f/network@0,1
/SYS/MB/NET2 PCIE network-pciex8086,10c9
2.5GTx4
/pci@500/pci@1/pci@0/pci@5/network@0
/SYS/MB/NET3 PCIE network-pciex8086,10c9
2.5GTx4
/pci@500/pci@1/pci@0/pci@5/network@0,1
c. Compare the outputs of the two commands to determine the physical network
interface that matches the planned logical network interface. Then insert a network
cable into this physical network interface.
NOTE
The logical network interface used in factory installation is igb0. Ensure that the network cable is
inserted into the physical network interface that matches igb0.
Figure A-17 Description about the interfaces connecting to the S3900 disk array.
Figure A-18 is an example of the interfaces connecting to the 5500 V3 disk array.
Figure A-18 Description about the interfaces connecting to the 5500 V3 disk array.
Question
How do I enable the function of auditing Solaris OS commands?
l The function helps users to monitor changes of the file system. Users can learn the file
modification time, person who perform the modification, and the modified process. The
information provides reference for system management, system security improvement, and
system fault location.
l Enabling commands audit function of the Solaris OS may affect the system space
occupation and system performance. It is advised not to enable the function.
Answer
Step 1 Log in to the OS as the root user.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 Run the following command to check whether the log function has been enabled:
# lastcomm
NOTE
l If the log function has not been enabled, the following information is displayed:
/var/adm/pacct: No such file or directory
l If up-to-date information can be queried, the log function has been enabled.
l If the amount of log information is huge, you can run the lastcomm command to save the log
information as a file for viewing. For example:
# lastcomm >testAccount.log
# more testAccount.log
Step 3 If the log function has not been enabled, run the following command to enable it:
# /usr/lib/acct/accton /var/adm/pacct
Step 4 Check the log information. If you use the lastcomm command to query the log information, a
long list of log information may be displayed. To narrow down the scope of log information,
run the command with specified parameters.
l To query changes by chmod commands:
# lastcomm | grep chmod
NOTE
If you want to check the background audit log to learn the detailed system file changes, see the Saloris
documentation.
Step 5 Optional: (Optional) Run the following command to disable the log function:
# /usr/lib/acct/accton
----End
Prerequisites
Based on the IP address of the SFTP server to be added or modified on the U2000 client, find
the SFTP server the client connects to. Perform the following operations on the SFTP server.
Context
l The third-party SFTP server runs the Linux or Solaris operating system.
l If you choose to check the server public key when configuring a third-party SFTP server
on the U2000 client, the system compares the third-party SFTP server public key entered
by users on the client with the third-party SFTP server public key. If the public key are
different, the SFTP function used for communications between the third-party SFTP
server and the U2000 client is unavailable.
Procedure
Step 1 Log in to the third-party SFTP server.
$ su - root
Password:Password of root
Step 3 Run the following command to obtain the public key content of the SFTP server:
# cat /usr/local/etc/ssh_host_rsa_key.pub
If information similar to the following is displayed, the public key content has been obtained.
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwjUbMhStgUyeFrEzMGrBFCnQYGsQBcLAGC18NBF78I3I9W0SE4fcoQ
ujhTAAVG1+jkvQiaqylSYUWnlUbd/lF/
l9GDkWUhCH1RWYDbdypgMHHKIANwrxLKnIoyaCpLvfz75aWQFP4IKaSMdiV6BKvFXSAUa00V8yoQttOq5x
FwU= root@linux
----End
Question
How do I use iMana/iBMC IP to log in to a remote Huawei RH series rack server?
Answer
Step 1 Open the Internet Explorer and enter the IP address of the iMana/iBMC module in the address
bar. The iMana/iBMC login window is displayed.
NOTE
l Choose Tools > Internet option before logging in to the Huawei RH series rack server. Click the
Connection tab to clear settings of the proxy server of the Internet Explorer.
l The default IP of iMana/iBMC is 192.168.2.100. The subnet mask is 255.255.255.0. See A.4.2 How
to View the IP Address of the iMana/iBMC on the Huawei RH series rack server if the default
IP of iMana/iBMC changes.
Step 2 Enter the user name and the password of iMana/iBMC and click Log In.
NOTE
l If log in to the Huawei RH5885H V3 server through iBMC, display the following page:
l If log in to the Huawei RH2288H V3 server through iBMC, display the following page:
Step 3 Choose Remote Control from the navigation tree to open the remote control window. The
remote control window displays the KVM property and the virtual media property.
l If log in to the Huawei RH5885H V3 server through iBMC, display the following page:
l If log in to the Huawei RH2288H V3 server through iBMC, display the following page:
Step 4 Click Remote Virtual Console (shared mode) or Remote Virtual Console (private mode)
as required to enter the virtual console window.
l Remote Virtual Console (shared mode): Two users can log in to the remote virtual
console concurrently. The server responds to commands of each user.
l Remote Virtual Console (private mode): Only one user can log in to the remote virtual
console.
NOTE
----End
Answer
Step 1 Install the KVM on the server.
Step 2 Press the power button on the server and restart the server.
Step 3 During server restart, press Delete until the BIOS configuration window is displayed.
NOTE
If a dialog box is displayed asking you to enter a password, enter the desired password and then press
Enter.
l If log in to the Huawei RH2288H V2 server through iMana, perform the following
operations:
a. Choose Advanced > IPMI BMC Configuration, and press Enter. The IPMI
BMC Configuration page is displayed.
b. Select BMC Configuration, and press Enter to access the BMC Configuration
window to view the IP address.
l If log in to the Huawei RH5885H V3 server through iBMC, perform the following
operations:
a. Choose Server Mgmt tab.
b. Choose BMC network configuration, and press Enter to access the BMC
network configuration window to view the IP address.
l If log in to the Huawei RH2288H V3 server through iBMC, perform the following
operations:
a. Choose Advanced > IPMI iBMC Configuration, and press Enter. The IPMI
iBMC Configuration page is displayed.
b. Select iBMC Configuration, and press Enter to access the iBMC Configuration
window to view the IP address.
----End
Question
How do I mount the ISO file or the U2000 quick installation DVD to a drive (Huawei RH
series rack server)?
Answer
Step 1 Insert the quick installation DVD-ROM (Terminal Physical Software, iManager U2000,
iManager U2000 version_server_sles, Physical Software Package For Linux Network
Management System, CD) to the drive on a PC or laptop. If an ISO image file is used to
install the operating system, save the ISO image file to any directory on the PC or laptop.
Step 2 Log in to the server. For details, see A.4.1 How Do I Use iMana/iBMC IP to Log In to a
Remote Huawei RH series rack server.
Step 3 Click on the toolbar which is right above Remote Virtual Console.
b. In the Open dialog box, select the ISO file of the quick RAID configuration DVD
U2000version_server_os_sles11_x64_dvd1.iso and click Open.
c. In the virtual disk dialog box, click Connect. If the virtual drive has successfully
connected to the server, the Connect changes to Disconnect.
Step 5 Click on the toolbar which is right above Remote Virtual Console and select Reset,
Cold Reset or Forced System Reset.
Step 6 In the dialog box that is displayed, click Yes to restart the server.
----End
Answer
Step 1 Open Internet Explorer. Enter the IP address of the iMana/iBMC module in the address bar.
The window for logging in to iMana is displayed.
NOTE
The default IP address of iMana/iBMC is 192.168.2.100. The subnet mask is 255.255.255.0. See A.4.2
How to View the IP Address of the iMana/iBMC on the Huawei RH series rack server if the default
IP of iMana/iBMC changes.
Step 2 Enter the user name and the password of iMana/iBMC and click Log In.
NOTE
Step 3 Choose Configuration > User from the left navigation tree, and click the of user root.
Step 4 In the Modify User Information dialog box, enter new user information, and click OK.
NOTE
Requirements on the user password are different when the function of checking the password complexity is
enabled or disabled:
l If the function is disabled, you can leave the password blank or enter a string whose length is shorter than
20 characters.
l If this function is enabled, the password must meet the following requirements:
– The password contains a minimum of 8 characters and a maximum of 20 characters.
– At least one space or one special character: `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
– At least two of the following combinations: lowercase letters a to z, uppercase letters A to Z, and
digits 0 to 9.
– The password cannot be the same as the user name or the reverse of the user name.
l If log in to the Huawei RH5885H V3 server through iBMC, choose Config > Local
User from the navigation tree. Click corresponding to the root user.
l If log in to the Huawei RH2288H V3 server through iBMC, choose Config > User
Settings from the navigation tree. Click corresponding to the root user.
l If log in to the Huawei RH5885H V3 server through iBMC, enter the current password
for the root user in the Current User Password text box. Select You can change the
password only after selecting the check box. Enter the new password for the root user
in the Password and Confirm text boxes. Click Save.
l If log in to the Huawei RH2288H V3 server through iBMC, enter the current password
for the root user in the Current User Password text box. Select You can change the
password only after selecting the check box. Enter the new password for the root user
in the Password and Confirm text boxes. Click Save.
----End
NOTE
l The Ethernet interfaces on an Huawei RH series rack server consist of integrated network interfaces
and extended network interfaces. The integrated network interfaces are recommended.
l An Huawei RH series rack server running SUSE Linux supports only the Broadcom and Intel
NICs.
Example 1: In Figure A-19, the mappings between the physical and logical network
interfaces for the Huawei RH2288H V2 server are described as follows:
l The Huawei RH2288H V2 server is integrated with one NIC. The associated logical
network interfaces on the integrated NIC are named eth0, eth1, eth2, and eth3.
l eth4, eth5, eth6, and eth7 are network interfaces on the extended NICs. The associated
logical network interfaces are named eth4, eth5, eth6, and eth7.
Figure A-19 Mappings between physical and logical network interfaces on the Huawei
RH2288H V2 server
Example 2: In Figure A-20, the mappings between the physical and logical network
interfaces for the Huawei RH5885H V3 server are described as follows:
l eth0, eth1, eth2, and eth3 are network interfaces on the integrated NIC. The associated
logical network interfaces are named eth0, eth1, eth2, and eth3.
l eth4, eth5, eth6, and eth7 are network interfaces on the extended NICs. The associated
logical network interfaces are named eth4, eth5, eth6, and eth7.
NOTE
The Huawei RH5885H V3 server supports twelve extended NICs with four interfaces. For the six NICs
on the right, the mapping logical interfaces from top down are: eth8 to eth11, eth4 to eth7, eth12 to
eth15, eth16 to eth19, eth20 to eth23, and eth24 to eth27. For the six NICs in the middle, the mapping
logical interfaces from top down are: eth28 to eth31, eth32 to eth35, eth36 to eth39, eth40 to eth43,
eth44 to eth47, and eth48 to eth51.
Figure A-20 Mappings between physical and logical network interfaces on the Huawei
RH5885H V3 server
Example 1: In Figure A-21, the mappings between the physical and logical network
interfaces for the Huawei RH2288H V3 server are described as follows:
l The Huawei RH2288H V3 server is integrated with one NIC. The associated logical
network interfaces on the integrated NIC are named eth0, eth1, eth2, and eth3.
l eth4, eth5, eth6, and eth7 are network interfaces on the extended NICs. The associated
logical network interfaces are named eth4, eth5, eth6, and eth7.
Figure A-21 Mappings between physical and logical network interfaces on the Huawei
RH2288H V3 server
Prerequisites
l If the disks are to be formatted in local mode, you must ensure that the server is
connected to the KVM.
l If the disks are to be formatted in remote mode, you must ensure that the following
preparations are ready:
– A PC or laptop on which the Internet Explorer browser is installed is ready.
– Internet Explorer browsers do not support a proxy server.
Procedure
Step 1 Start the server.
l In local mode, press the power button to restart the PC server.
l In remote mode, perform the following operations:
a. Log in to the server. For details, see A.4.1 How Do I Use iMana/iBMC IP to Log
In to a Remote Huawei RH series rack server.
b. Click on the toolbar which is right above Remote Virtual Console and select
Cold Reset.
c. In the dialog box that is displayed, click Yes to restart the server.
Step 2 On Huawei RH5885H V3 server, ignore the following operations; If log in to the Huawei
RH2288H V2 server through iMana, perform the following operations:
1. When the BIOS start page appears, press Delete until the BIOS Setup Utility program is
started.
NOTE
If the BIOS password has been modified, a dialog box asking you to enter a password will be
displayed during startup. Enter the required password to access the Setup Utility application.
2. Choose Exit > Load Optimal Defaults, and press Enter.
3. In the Load Optimal Defaults? dialog box, click Yes and press Enter.
4. Choose Exit > Exit Saving Changes, and press Enter.
5. In the Exit Saving Changes? dialog box, click Yes and press Enter.
Step 3 After the basic input/output system (BIOS) check is completed, the BIOS information about
the RAID is displayed, as shown in the following figure.
NOTE
This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on the screen. If
Ctrl+H is not pressed, restart the system.
Step 6 Click Configuration Wizard to access the RAID configuration wizard window, as shown in
the following figure.
After you select Clear Configuration, all RAID configurations will be deleted; as a result,
hard disk data will be damaged or lost. Check whether hard disk data can be deleted before
selecting Clear Configuration.
Step 8 Click Yes to clear the configuration, and return to the WebBIOS window.
Step 10 Click Exit to exit the WebBIOS window. The Exit Application dialog box is displayed.
a. Click on the toolbar which is right above Remote Virtual Console and select
Cold Reset.
b. In the dialog box that is displayed, click Yes to restart the server.
----End
Prerequisites
l If the disks are to be formatted in local mode, you must ensure that the server is
connected to the KVM.
l If the disks are to be formatted in remote mode, you must ensure that the following
preparations are ready:
– A PC or laptop on which the Internet Explorer browser is installed is ready.
– Internet Explorer browsers do not support a proxy server.
Procedure
Step 1 Start the server.
l In local mode, press the power button to restart the PC server.
l In remote mode, perform the following operations:
a. Log in to the server. For details, see A.4.1 How Do I Use iMana/iBMC IP to Log
In to a Remote Huawei RH series rack server.
b. Click on the toolbar which is right above Remote Virtual Console and select
Reset or Forced System Reset.
c. In the dialog box that is displayed, click Yes to restart the server.
Step 2 After the basic input/output system (BIOS) check is completed, the BIOS information about
the RAID is displayed, as shown in the following figure.
NOTE
This screen stays for a short period of time. Press Ctrl+R the moment you see Ctrl+R on the screen. If
Ctrl+R is not pressed, restart the system.
Step 4 Place the cursor over SAS3108 (Bus 0x01, Dev 0x00) by using up and down arrow keys and
press F2. The configuration tab is displayed.
Step 5 Select the Clear Configuration tab by using up and down arrow keys and press Enter. A
page asking whether to clear configurations is displayed.
Clear Configuration will clear the previous RAID configurations, resulting in data damage
or loss in hard disks. Therefore, before performing this operation, determine whether the data
in hard disks can be cleared.
Step 6 Select YES and press Enter. The following page is displayed after RAID configurations are
cleared.
a. Click on the toolbar which is right above Remote Virtual Console and select
Reset or Forced System Reset.
b. In the dialog box that is displayed, click Yes to restart the server.
----End
Prerequisites
l If the hard disk information is to be viewed in local mode, you must ensure that the
server is connected to the KVM.
l If the hard disk information is to be viewed in remote mode, you must ensure that the
following preparations are ready:
– A PC or laptop on which the Internet Explorer browser is installed is ready.
– Internet Explorer browsers do not support a proxy server.
Procedure
Step 1 Start the server.
l In local mode, press the power button to restart the PC server.
l In remote mode, perform the following operations:
a. Log in to the server. For details, see A.4.1 How Do I Use iMana/iBMC IP to Log
In to a Remote Huawei RH series rack server.
b. Click on the toolbar which is right above Remote Virtual Console and select
Cold Reset.
c. In the dialog box that is displayed, click Yes to restart the server.
Step 2 After the basic input/output system (BIOS) check is completed, the BIOS information about
the RAID is displayed, as shown in the following figure.
NOTE
This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on the screen. If
Ctrl+H is not pressed, restart the system.
Step 5 Click Physical View to access the Physical View window, as shown in the following figure.
NOTE
l In the navigation tree, the Physical View node automatically changes to Logical View.
l In the following example, RAID has not been configured for hard disks. The displayed information
displayed in the scenario where RAID has been configured is different from that in the scenario
where RAID has not been configured. Pay attention to only slot information in Physical View and
check whether the slot information meets the following conditions:
– IDs of eight slots from Slot: 0 to Slot: 7 are displayed.
– The description for every slot ID has three available options: Unconfigured Good, Online,
and Global Hot Spare.
If any two of the preceding three conditions are met, the eight hard disks on the server are available.
Otherwise, an unavailable hard disk exists on the server.
l On Huawei H2288H V2 server, the following window is displayed.
Step 6 Click Exit to exit the WebBIOS window. The Exit Application dialog box is displayed.
Step 7 Click Yes, A dialog box is displayed.
a. Click on the toolbar which is right above Remote Virtual Console and select
Cold Reset.
b. In the dialog box that is displayed, click Yes to restart the server.
----End
Prerequisites
l If the disks are to be formatted in local mode, you must ensure that the server is
connected to the KVM.
l If the disks are to be formatted in remote mode, you must ensure that the following
preparations are ready:
– A PC or laptop on which the Internet Explorer browser is installed is ready.
– Internet Explorer browsers do not support a proxy server.
Procedure
Step 1 Start the server.
l In local mode, press the power button to restart the PC server.
l In remote mode, perform the following operations:
a. Log in to the server. For details, see A.4.1 How Do I Use iMana/iBMC IP to Log
In to a Remote Huawei RH series rack server.
b. Click on the toolbar which is right above Remote Virtual Console and select
Reset or Forced System Reset.
c. In the dialog box that is displayed, click Yes to restart the server.
Step 2 After the basic input/output system (BIOS) check is completed, the BIOS information about
the RAID is displayed, as shown in the following figure.
NOTE
This screen stays for a short period of time. Press Ctrl+R the moment you see Ctrl+R on the screen. If
Ctrl+R is not pressed, restart the system.
a. Click on the toolbar which is right above Remote Virtual Console and select
Reset or Forced System Reset.
b. In the dialog box that is displayed, click Yes to restart the server.
----End
Question
This topic describes how to upgrade the controller iMana fireware version of Huawei
RH5885H V3 and RH2288H V2 servers. When the controller iMana firmwave version of
Huawei RH5885H V3 or Huawei RH2288H V2 is so early that alarms fail to be reported. A
controller has to be closed during an upgrade.
Answer
Step 1 Download the patch package.
NOTE
The following uses Huawei RH5885H V3 server as an example (The method of downloading the patch
package and upgrading the firmware version for Huawei RH5885H V3 server is the same as that for
Huawei RH2288H V2 server):
1. Log in to http://support.huawei.com/carrier. Enter RH5885H V3 in the search box on
the Product Support to access the Search Results page.
2. Choose Carrier IT > Server > Fusion Server > Rack Server > RH5885H V3 from
Filter by Product in the navigation tree. Click Software to access the Software page.
Step 2 Open the Internet Explorer of a PC. Enter the iMana IP address in the address bar to access
the iMana login page. Enter the user name and password to log in to the control card page.
Step 3 Choose Configuration > Firmware Upgrade to access the Firmware Upgrade page.
Step 4 On the Firmware Upgrade tab, click Browse of Upgrade File Name and select the local
directory where the firmware upgrade package is stored.
NOTE
The firmware upgrade package to be uploaded must be an *.hpm file.
Step 6 Click Upgrade and click Yes. The system starts to upload the firmware upgrade package to
the server and then starts to perform the upgrade.
After the upgrade is complete, the server automatically restarts.
----End
Question
This topic describes how to upgrade the controller fireware version of Huawei RH2288H V3
server and Huawei RH5885H V3 server. When the controller iBMC firmwave version of
Huawei RH2288H V3 server and Huawei RH5885H V3 server is so early that alarms fail to
be reported. A controller has to be closed during an upgrade.
Answer
Step 1 Download the patch package.
NOTE
The following uses Huawei RH2288H V3 server as an example (The method of downloading the patch
package and upgrading the firmware version for Huawei RH5885H V3 server is the same as that for
Huawei RH2288H V3 server server):
1. Log in to http://support.huawei.com/carrier. Enter RH2288H V3 in the search box on
the Product Support to access the Search Results page.
2. Choose Carrier IT > Server > Fusion Server > Rack Server > RH2288H V3 from
Filter by Product in the navigation tree. Click Software to access the Software page.
3. Select the firmware upgrade package RH2288H V3-iBMC-V206.zip to download it and
the mapping PGP file.
4. Use the PGPverify to verify correctness of the firmware upgrade package. For details,
see A.2.25 How Do I Verify Downloaded Software Packages Using the PGPVerify
Software.
Step 2 Open the Internet Explorer of a PC. Enter the iMana IP address in the address bar to access
the iBMC login page. Enter the user name and password to log in to the control card page.
Step 3 Choose System > Firmware Upgrade to access the Firmware Upgrade page.
Step 4 On the Firmware Upgrade tab, click Browse of Upgrade File Name and select the local
directory where the firmware upgrade package is stored.
NOTE
The firmware upgrade package to be uploaded must be an *.hpm file.
Step 5 Set Select iBMC Boot Mode Used After the iBMC Firmware of the Target Version Is
Uploaded to Immediately restart automatically.
Step 6 Click Start Upgrade and click Yes. The system starts to upload the upgrade package to the
server and then starts to perform the upgrade.
After the upgrade is complete, the server automatically restarts.
----End
Question
How do I solve the problem where the remote control desktop appears and then disappears
immediately?
Answer
Step 1 On the Internet Explorer, choose Tools > Internet Options > Security > Trusted sites >
Sites, the Trusted sites dialog is displayed.
Step 2 Clear the selection of the Require server verification (https:) for all sites in this zone check
box.
Step 3 Add website address to the Add this website to the zone.
NOTE
If the Would you like to move it to the Trusted sites zone? dialog is displayed, click Yes.
The IE browser has different versions. Select the lowest level from the Reset to drop-down list.
----End
Question
How do I use an IMM IP address to remotely log in to an IBM server (IBM X3650 M4)?
Answer
Step 1 Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar to
access the page for logging into the IMM.
NOTE
The default IP address of the IMM is 192.168.70.125 and the default subnet mask is 255.255.255.0. If
the default IP address of the IMM is changed, see A.5.4 How to View the IMM IP Address on the
IBM Server.
Step 2 Enter an IMM user name and a password, and click Log In.
NOTE
Step 3 Click Remote Control, select Use the ActiveX Client > Start remote control in single-user
mode to access the remote control desktop.
NOTE
l When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog box
asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you whether to
trust this site.
l Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box cannot
be displayed.
l If the remote control desktop appears and then disappears immediately, see A.5.1 How to Solve the
Problem Where the Remote Control Desktop Appears and Then Disappears Immediately to
solve the problem.
l If Use the ActiveX Client is unavailable, just click Start remote control in single-user mode to
access the remote control desktop.
l Keep the default values of other parameters unchanged.
l For the IBM X3650 M4 server, if CAPS is displayed in the lower right corner of the Video Viewer
window, letters are entered in upper case; if CAPS is not displayed in the lower right corner of the
Video Viewer window, letters are entered in lower case. The Caps indicator on the keyboard cannot
indicate whether letters are entered in upper or lower case.
l For the IBM X3650 M4 server, if NUM is displayed in the lower right corner of the Video Viewer
window, digits can be entered; if NUM is not displayed in the lower right corner of the Video
Viewer window, digits cannot be entered. The Num indicator on the keyboard cannot indicate
whether the number keypad is available.
l If a message is displayed indicating that the application is prohibited to run, choose Start > Control
Panel and click Java. In the Java Control Panel dialog box, click the Security tab, Edit Site List,
and Add, enter an iMana/iBMC IP address, such as http://192.168.2.100, and click OK. Click OK,
restart the IE Explorer, and log in to iMana/iBMC again.
----End
Question
How do I use an IMM IP address to remotely log in to an IBM server?
Answer
Step 1 Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar to
access the page for logging into the IMM.
NOTE
The default IP address of the IMM is 192.168.70.125 and the default subnet mask is 255.255.255.0. If
the default IP address of the IMM is changed, see A.5.4 How to View the IMM IP Address on the
IBM Server.
Step 2 Enter an IMM user name and a password, and click Login.
NOTE
Step 3 Click Continue to access the Integrated Management Module web page.
NOTE
You do not need to set Inactive session timeout value. Keep the default value no timeout.
Step 4 Enable remote control. Choose Tasks > Remote Control from the navigation tree. In the
right-hand pane, click Use the ActiveX Client with Microsoft Internet Explorer > Start
Remote Control in Single User Mode to access the remote control desktop.
The remote control desktop consists of two parts: virtual media window and desktop display
window.
NOTE
l When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog box
asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you whether to
trust this site.
l If the remote control desktop appears and then disappears immediately, see A.5.1 How to Solve the
Problem Where the Remote Control Desktop Appears and Then Disappears Immediately to
solve the problem.
l If Use the ActiveX Client with Microsoft Internet Explorer is unavailable, just click Start
Remote Control in Single User Mode to access the remote control desktop.
l Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box cannot
be displayed.
l If a message is displayed indicating that the application is prohibited to run, choose Start > Control
Panel and click Java. In the Java Control Panel dialog box, click the Security tab, Edit Site List,
and Add, enter an iMana/iBMC IP address, such as http://192.168.2.100, and click OK. Click OK,
restart the IE Explorer, and log in to iMana/iBMC again.
----End
Answer
Step 1 Install the KVM on the IBM server.
NOTE
A common monitor is enough.
Step 2 Press the power button of the IBM server to restart it.
Step 3 Wait about 1 minute after the IBM System X window is displayed. The <F1> Setup option is
displayed.
Step 5 Use arrow keys to select System Settings, and press Enter.
l For IBM X3650 M3 or IBM X3850 X5, show as follows:
Step 6 Use arrow keys to select Integrated Management Module, and press Enter.
l For IBM X3650 M3 or IBM X3850 X5, show as follows:
Step 7 Use arrow keys to select Network Configuration press Enter and access the page for
modifying the IMM IP address.
l For IBM X3850 X5, show as follows:
----End
Answer
Step 1 Insert the quick installation DVD-ROM (Terminal Physical Software, iManager U2000,
iManager U2000 version_server_sles, Physical Software Package For Linux Network
Management System, CD) to the drive on a PC or laptop. If an ISO image file is used to
install the operating system, save the ISO image file to any directory on the PC or laptop.
Step 2 Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar to
access the page for logging in to the IMM.
NOTE
l You must clear settings for the proxy server before logging in to the browser.
l The default IP address of the IMM is 192.168.70.125 and the default subnet mask is 255.255.255.0.
If the default IP address of the IMM is changed, see A.5.4 How to View the IMM IP Address on
the IBM Server.
Step 3 Enter an IMM user name and a password, and click Log In.
NOTE
Step 4 Click Remote Control, select Use the ActiveX Client > Start remote control in single-user
mode to access the remote control desktop.
NOTE
l When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog box
asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you whether to
trust this site.
l Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box cannot
be displayed.
l If the remote control desktop appears and then disappears immediately, see A.5.1 How to Solve the
Problem Where the Remote Control Desktop Appears and Then Disappears Immediately to
solve the problem.
l If Use the ActiveX Client is unavailable, just click Start remote control in single-user mode to
access the remote control desktop.
l Keep the default values of other parameters unchanged.
l For the IBM X3650 M4 server, if CAPS is displayed in the lower right corner of the Video Viewer
window, letters are entered in upper case; if CAPS is not displayed in the lower right corner of the
Video Viewer window, letters are entered in lower case. The Caps indicator on the keyboard cannot
indicate whether letters are entered in upper or lower case.
l For the IBM X3650 M4 server, if NUM is displayed in the lower right corner of the Video Viewer
window, digits can be entered; if NUM is not displayed in the lower right corner of the Video
Viewer window, digits cannot be entered. The Num indicator on the keyboard cannot indicate
whether the number keypad is available.
l If a message is displayed indicating that the application is prohibited to run, choose Start > Control
Panel and click Java. In the Java Control Panel dialog box, click the Security tab, Edit Site List,
and Add, enter an iMana/iBMC IP address, such as http://192.168.2.100, and click OK. Click OK,
restart the IE Explorer, and log in to iMana/iBMC again.
Step 5 The desktop windows Video Viewer is displayed. Choose Virtual Media > Activate from
the main menu.
Step 6 Click Virtual Media > Map CD/DVD, The virtual media window is displayed.
l Do not close the virtual media window Virtual Media Session until the SUSE Linux OS
is installed. If Map is not selected, or the virtual media window Virtual Media Session is
closed, the installation fails and the message An error occurred during the installation
is displayed.
l Do not close the desktop display window Video Viewer until all operations in the chapter
are completed. You can operate the server using the desktop display window.
Step 8 Click Map Device to mount the ISO image file of the quick installation DVD-ROM to the
IMM. If Virtual Media has the disk mounted, the mount operation succeeds.
Step 9 Choose Tools > Power > Reboot from the main menu to reboot the IBM server.
NOTE
----End
Answer
Step 1 Insert the quick installation DVD-ROM (Terminal Physical Software, iManager U2000,
iManager U2000 version_server_sles, Physical Software Package For Linux Network
Management System, CD) to the drive on a PC or laptop. If an ISO mirroring file is used to
install the operating system, save the ISO mirroring file to any directory on the PC or laptop.
Step 2 Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar to
access the page for logging in to the IMM.
NOTE
The default IP address of the IMM is 192.168.70.125 and the default subnet mask is 255.255.255.0. If
the default IP address of the IMM is changed, see A.5.4 How to View the IMM IP Address on the
IBM Server.
Step 3 Enter an IMM user name and a password, and click Login.
NOTE
Step 4 Click Continue to access the Integrated Management Module web page.
NOTE
You do not need to set Inactive session timeout value. Keep the default value no timeout.
Step 5 Enable remote control. Choose Tasks > Remote Control from the navigation tree. In the
right-hand pane, click Use the ActiveX Client with Microsoft Internet Explorer > Start
Remote Control in Single User Mode to access the remote control desktop.
The remote control desktop consists of two parts: virtual media window and desktop display
window.
NOTE
l When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog box
asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you whether to
trust this site.
l If the remote control desktop appears and then disappears immediately, see A.5.1 How to Solve the
Problem Where the Remote Control Desktop Appears and Then Disappears Immediately to
solve the problem.
l If Use the ActiveX Client with Microsoft Internet Explorer is unavailable, just click Start
Remote Control in Single User Mode to access the remote control desktop.
l Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box cannot
be displayed.
l If a message is displayed indicating that the application is prohibited to run, choose Start > Control
Panel and click Java. In the Java Control Panel dialog box, click the Security tab, Edit Site List,
and Add, enter an iMana/iBMC IP address, such as http://192.168.2.100, and click OK. Click OK,
restart the IE Explorer, and log in to iMana/iBMC again.
Step 6 The desktop window Video Viewer is displayed, choose Tools > Launch Virtual Media
from the main menu. The virtual media window is displayed.
l Do not close the virtual media window Virtual Media Session until the SUSE Linux OS
is installed. If Map is not selected, or the virtual media window Virtual Media Session is
closed, the installation fails and the message An error occurred during the installation
is displayed.
l Do not close the desktop display window Video Viewer until all operations in the chapter
are completed. You can operate the server using the desktop display window.
Step 8 Click Mount Selected to mount the SUSE Linux operating system DVD-ROM file to the
IMM.
Step 9 Choose Tools > Power > Reboot from the main menu to reboot the system.
NOTE
----End
Answer
Step 1 Enter the default IMM IP address on the Internet Explorer of the PC to access the IMM Web
login window.
NOTE
The default IP address of the IMM is 192.168.70.125 and the default subnet mask is 255.255.255.0. If
the default IP address of the IMM is changed, see A.5.4 How to View the IMM IP Address on the
IBM Server.
Step 2 Enter an IMM user name and a password, and click Log In.
NOTE
Step 4 In the displayed User Accounts page, click Global Login Settings. Select Custom security
settings from Account security level, and set the Password expiration period (days)to 0
and other parameters to the maximum value. Then click OK.
Step 6 Enter a new password, such as Changeme_123, in Password. Enter the password again in
Confirm password. To ensure the security of the U2000, passwords must be complex
enough. For example, a password must contain eight or more characters of two types. The
allowed characters are digits, letters, and special characters. Remember to change passwords
regularly.
----End
Answer
Step 1 Enter the default IMM IP address on the Internet Explorer of the PC to access the IMM Web
login window.
NOTE
The default IP address of the IMM is 192.168.70.125 and the default subnet mask is 255.255.255.0. If
the default IP address of the IMM is changed, see A.5.4 How to View the IMM IP Address on the
IBM Server.
Step 2 Enter an IMM user name and a password, and click Login.
NOTE
Step 3 Click Continue to access the Integrated Management Module web page.
NOTE
You do not need to set Inactive session timeout value. Keep the default value no timeout.
Step 4 Choose Login Profiles from the navigation tree and click Global Login Settings. Select
Custom security settings from Account security level, and set the Maximum Password
Age to 0 and other parameters to the maximum value. Then click Save.
Step 5 Choose Login Profiles from the navigation tree and click USERID.
Step 6 Enter a new password, such as Changeme_123, in Password. To ensure the security of the
U2000, passwords must be complex enough. For example, a password must contain eight or
more characters of two types. The allowed characters are digits, letters, and special characters.
Remember to change passwords regularly.
Step 8 Click Save. A message indicating that the password will take effect is displayed. Click OK.
----End
NOTE
l The Ethernet interfaces on an IBM server consist of integrated network interfaces and extended
network interfaces. The integrated network interfaces are recommended.
l An IBM server running SUSE Linux supports only the Broadcom and Intel NICs.
Example 1: In Figure A-22, the mappings between the physical and logical network
interfaces for the IBM X3650 M4 are described as follows:
l The IBM X3650 M4 is integrated with one NIC. The associated logical network
interfaces on the integrated NIC are named eth0, eth1, eth2, and eth3.
l eth4, eth5, eth6, and eth7 are network interfaces on the extended NICs. The associated
logical network interfaces are named eth4, eth5, eth6, and eth7.
Figure A-22 Mappings between physical and logical network interfaces on the IBM X3650
M4
Example 2: In Figure A-23, the mappings between the physical and logical network
interfaces for the IBM X3850 X5 are described as follows:
l eth0 and eth1 are network interfaces on the integrated NIC. The associated logical
network interfaces are named eth0 and eth1.
l eth2, eth3, eth4, eth5, eth6, and eth7 are network interfaces on the extended NICs. The
associated logical network interfaces are named eth2, eth3, eth4, eth5, eth6, and eth7.
Figure A-23 Mappings between physical and logical network interfaces on the IBM X3850
X5
Example 3: In Figure A-24, the mappings between the physical and logical network
interfaces for the IBM X3650 M3 are described as follows:
l The IBM X3650 M3 is integrated with two NICs. The NIC on the right is integrated NIC
1 and the NIC on the left is integrated NIC 2. The associated logical network interfaces
are named eth0, eth1, eth2, and eth3.
l eth4, eth5, eth6, and eth7 are network interfaces on the extended NICs. The associated
logical network interfaces are named eth4, eth5, eth6, and eth7.
Figure A-24 Mappings between physical and logical network interfaces on the IBM X3650
M3
Prerequisites
You must ensure that the server is connected to the KVM.
Context
NOTE
l The operation snapshots in this topic vary according to the IBM WebBIOS versions and do not
affect the RAID configuration. During the RAID configuration, use actual snapshots.
l If no window is displayed after you click a button during the configuration, move the mouse and try
again.
Procedure
Step 1 Start the IBM server. After the basic input/output system (BIOS) check is completed, the
BIOS information about the RAID is displayed, as shown in the following figure.
NOTE
This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on the screen. If
Ctrl+H is not pressed, restart the system.
Step 4 Click Physical View to access the Physical View window, as shown in the following figure.
NOTE
l In the navigation tree, the Physical View node automatically changes to Logical View.
l In the following example, RAID has not been configured for hard disks. The displayed information
displayed in the scenario where RAID has been configured is different from that in the scenario
where RAID has not been configured. Pay attention to only slot information in Physical View and
check whether the slot information meets the following conditions:
– If configuring eight hard disks for the IBM server with standard delivery configurations, IDs
of eight slots from Slot: 0 to Slot: 7 are displayed. If configuring two hard disks for the IBM
server (X3850 X5) with standard delivery configurations, IDs of two slots from Slot: 0 to
Slot: 1 are displayed.
– The description for every slot ID has three available options: Unconfigured Good, Online,
and Global Hot Spare.
If any two of the preceding three conditions are met, all hard disks on the server are available.
Otherwise, an unavailable hard disk exists on the server. As shown in the following figure, the eight hard
disks are used as an example.
----End
Prerequisites
l A PC or laptop on which the Internet Explorer browser is installed is ready.
Context
NOTE
l The operation snapshots in this topic vary according to the IBM WebBIOS versions and do not
affect the RAID configuration. During the RAID configuration, use actual snapshots.
l If no window is displayed after you click a button during the configuration, move the mouse and try
again.
Procedure
Step 1 Perform the following operations to access the RAID configuration window.
1. Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar
to access the page for logging into the IMM.
2. Enter an IMM user name and a password, and click Login.
NOTE
3. Click Remote Control and select Use the ActiveX Client > Start remote control in
single-user mode to access the remote control desktop.
NOTE
– When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog
box asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you
whether to trust this site.
– Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box
cannot be displayed.
– If the remote control desktop appears and then disappears immediately, see A.5.1 How to
Solve the Problem Where the Remote Control Desktop Appears and Then Disappears
Immediately to solve the problem.
– If Use the ActiveX Client is unavailable, just click Start remote control in single-user mode
to access the remote control desktop.
– Keep the default values of other parameters unchanged.
– For the IBM X3650 M4 server, if CAPS is displayed in the lower right corner of the Video
Viewer window, letters are entered in upper case; if CAPS is not displayed in the lower right
corner of the Video Viewer window, letters are entered in lower case. The Caps indicator on
the keyboard cannot indicate whether letters are entered in upper or lower case.
– For the IBM X3650 M4 server, if NUM is displayed in the lower right corner of the Video
Viewer window, digits can be entered; if NUM is not displayed in the lower right corner of the
Video Viewer window, digits cannot be entered. The Num indicator on the keyboard cannot
indicate whether the number keypad is available.
4. Choose Tools > Power > Reboot from the main menu to reboot the system.
NOTE
This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on the
screen. If Ctrl+H is not pressed, restart the system.
Two pointers will be displayed. You can choose Tools > Single Cursor from the main menu to
change to the single pointer mode. Select the pointer mode according to individual operation
habits.
To quit single pointer mode, press F12.
Step 2 Click Physical View to access the Physical View window, as shown in the following figure.
NOTE
l In the navigation tree, the Physical View node automatically changes to Logical View.
l In the following example, RAID has not been configured for hard disks. The displayed information
displayed in the scenario where RAID has been configured is different from that in the scenario
where RAID has not been configured. Pay attention to only slot information in Physical View and
check whether the slot information meets the following conditions:
– IDs of eight slots from Slot: 0 to Slot: 7 are displayed.
– The description for every slot ID has three available options: Unconfigured Good, Online,
and Global Hot Spare.
If any two of the preceding three conditions are met, the eight hard disks on the server are available.
Otherwise, an unavailable hard disk exists on the server.
Step 3 Click Exit to exit the WebBIOS window. The Exit Application dialog box is displayed,
asking you whether to exit.
Step 4 Click Yes and choose Tools > Power > Reboot to restart the server. It takes approximately 5
to 8 minutes to restart the system.
NOTE
If a message asking you whether to continue is displayed, click Yes.
----End
Prerequisites
l A PC or laptop on which the Internet Explorer browser is installed is ready.
l Internet Explorer browsers do not support a proxy server.
Context
NOTE
l The operation snapshots in this topic vary according to the IBM WebBIOS versions and do not
affect the RAID configuration. During the RAID configuration, use actual snapshots.
l If no window is displayed after you click a button during the configuration, move the mouse and try
again.
Procedure
Step 1 Perform the following operations to access the RAID configuration window.
1. Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar
to access the page for logging into the IMM.
2. Enter an IMM user name and a password, and click Login.
NOTE
You do not need to set Inactive session timeout value. Keep the default value no timeout.
4. Enable remote control. Choose Tasks > Remote Control from the navigation tree. In the
right-hand pane, click Use the ActiveX Client with Microsoft Internet Explorer >
Start Remote Control in Single User Mode to access the remote control desktop.
The remote control desktop consists of two parts: virtual media window and desktop
display window.
NOTE
5. Choose Tools > Power > Reboot from the main menu to reboot the system.
NOTE
This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on the
screen. If Ctrl+H is not pressed, restart the system.
Two pointers will be displayed. You can choose Tools > Single Cursor from the main menu to
change to the single pointer mode. Select the pointer mode according to individual operation
habits.
To quit single pointer mode, press F12.
Step 2 Click Physical View to access the Physical View window, as shown in the following figure.
NOTE
l In the navigation tree, the Physical View node automatically changes to Logical View.
l In the following example, RAID has not been configured for hard disks. The displayed information
displayed in the scenario where RAID has been configured is different from that in the scenario
where RAID has not been configured. Pay attention to only slot information in Physical View and
check whether the slot information meets the following conditions:
– If configuring eight hard disks for the IBM server with standard delivery configurations, IDs
of eight slots from Slot: 0 to Slot: 7 are displayed. If configuring two hard disks for the IBM
server (X3850 X5) with standard delivery configurations, IDs of two slots from Slot: 0 to
Slot: 1 are displayed.
– The description for every slot ID has three available options: Unconfigured Good, Online,
and Global Hot Spare.
If any two of the preceding three conditions are met, all hard disks on the server are available.
Otherwise, an unavailable hard disk exists on the server. As shown in the following figure, the eight hard
disks are used as an example.
Step 3 Click Exit to exit the WebBIOS window. The Exit Application dialog box is displayed,
asking you whether to exit.
Step 4 Click Yes and choose Tools > Power > Reboot to restart the server. It takes approximately 5
to 8 minutes to restart the system.
NOTE
If a message asking you whether to continue is displayed, click Yes.
----End
Prerequisites
You must ensure that the server is connected to the KVM.
Context
NOTE
l The operation snapshots in this topic vary according to the IBM WebBIOS versions and do not
affect the RAID configuration. During the RAID configuration, use actual snapshots.
l If no window is displayed after you click a button during the configuration, move the mouse and try
again.
Procedure
Step 1 After the server is restarted, press F1 to access the BIOS window as prompted.
Step 2 Select Load Default Settings to restore default settings. Press Enter. The following dialog
box is played.
Step 3 Select Boot Manager, press Enter, and then choose Add Boot Option.
Step 4 Optional: For IBM X3650 M3 or IBM X3850 X5, select Legacy Only. Press Enter.
Step 5 Optional: For IBM X3650 M4, select Generic Boot Option and then Legacy Only by arrow
keys. Press Enter.
Step 7 Select Change Boot Order. Press Enter. The following dialog box is played.
Step 8 Press Enter, and select Legacy Only using the arrow key ↓.
Step 9 Press Shift and + to set the startup precedence to Legacy Only.
Step 10 Press Enter. Select Commit Changes using the arrow keys and press Enter to save the
settings.
Step 11 Restart the server manually.
Step 12 After the basic input/output system (BIOS) check is completed, the BIOS information about
the RAID is displayed, as shown in the following figure.
NOTE
This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on the screen. If
Ctrl+H is not pressed, restart the system.
Step 15 Click Configuration Wizard to access the RAID configuration wizard window, as shown in
the following figure.
After you select Clear Configuration, all RAID configurations will be deleted; as a result,
hard disk data will be damaged or lost. Check whether hard disk data can be deleted before
selecting Clear Configuration.
Step 17 Click Yes to clear the configuration, and return to the WebBIOS window.
Step 18 Initialize RAID configurations.
1. Click Configuration Wizard to access the RAID configuration wizard window
2. Select New Configuration and click Next.
3. Click Yes to delete RAID configurations.
4. Select Automatic Configuration and click Next. The Preview dialog box is displayed.
NOTE
Use the default value, Redundancy when possible, for Redundancy.
5. Click Accept.
6. Click Yes to save RAID configurations.
7. Click Yes to initialize RAID configurations.
8. Click Home to return to the WebBIOS window.
After the initialization is complete, the WebBIOS window is displayed. As shown in the
following figure, the eight hard disks are used as an example.
----End
Prerequisites
l A PC or laptop on which the Internet Explorer browser is installed is ready.
l Internet Explorer browsers do not support a proxy server.
l The IMM IP address has been set.
Context
NOTE
l The operation snapshots in this topic vary according to the IBM WebBIOS versions and do not
affect the RAID configuration. During the RAID configuration, use actual snapshots.
l If no window is displayed after you click a button during the configuration, move the mouse and try
again.
Procedure
Step 1 Perform the following operations to access the RAID configuration window.
1. Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar
to access the page for logging into the IMM.
2. Enter an IMM user name and a password, and click Login.
NOTE
3. Click Remote Control, select Use the ActiveX Client, and click Start remote control
in single-user mode to access the remote control desktop.
NOTE
– When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog
box asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you
whether to trust this site.
– Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box
cannot be displayed.
– If the remote control desktop appears and then disappears immediately, see A.5.1 How to
Solve the Problem Where the Remote Control Desktop Appears and Then Disappears
Immediately to solve the problem.
– If Use the ActiveX Client is unavailable, just click Start remote control in single-user mode
to access the remote control desktop.
– Keep the default values of other parameters unchanged.
– For the IBM X3650 M4 server, if CAPS is displayed in the lower right corner of the Video
Viewer window, letters are entered in upper case; if CAPS is not displayed in the lower right
corner of the Video Viewer window, letters are entered in lower case. The Caps indicator on
the keyboard cannot indicate whether letters are entered in upper or lower case.
– For the IBM X3650 M4 server, if NUM is displayed in the lower right corner of the Video
Viewer window, digits can be entered; if NUM is not displayed in the lower right corner of the
Video Viewer window, digits cannot be entered. The Num indicator on the keyboard cannot
indicate whether the number keypad is available.
4. Choose Tools > Power > Reboot from the main menu to reboot the system.
NOTE
8. Select Boot Manager and press Enter. Then select Add Boot Option and press Enter.
9. Select Generic Boot Option and then select Legacy Only by arrow key ↓. Press
Enter.
10. Press Esc to return to Boot Manager.
11. Press Esc twice to return to Boot Manager.
12. Select Change Boot Order. Press Enter. The following dialog box is played.
13. Press Enter, and select Legacy Only using the arrow key ↓.
14. Press Shift and + to set the startup precedence to Legacy Only.
15. Press Enter. Select Commit Changes using the arrow keys and press Enter to save the
settings.
16. Choose Tools > Power > Reboot from the main menu to reboot the system.
NOTE
– Wait about 5 minutes until BIOS information about the RAID is displayed. Do not perform
any operation when the IBM System X window is displayed.
– This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on
the screen. If Ctrl+H is not pressed, restart the system.
NOTE
Two pointers will be displayed. You can choose Tools > Single Cursor from the main menu to
change to the single pointer mode. Select the pointer mode according to individual operation
habits.
To quit single pointer mode, press F12.
Step 2 Click Configuration Wizard to access the RAID configuration wizard window, as shown in
the following figure.
After you select Clear Configuration, all RAID configurations will be deleted; as a result,
hard disk data will be damaged or lost. Check whether hard disk data can be deleted before
selecting Clear Configuration.
Step 4 Click Yes to clear the configuration, and return to the WebBIOS window.
NOTE
Use the default value, Redundancy when possible, for Redundancy.
5. Click Yes in the dialog box showing the message Are you sure you want to disable
data protection?.
6. Click Accept.
7. Click Yes to save RAID configurations.
8. Click Yes in the dialog box showing the message All data on the new Virtual Drivers
will be lost. Want to Initialize? to initialize RAID configurations.
9. Click Home to return to the WebBIOS window.
The following figure shows the WebBIOS window after the initialization is complete.
Step 6 Click Exit to exit the WebBIOS window. The Exit Application dialog box is displayed,
asking you whether to exit.
Step 7 Click Yes, and the following window is displayed.
Step 8 Choose Tools > Power > Reboot to restart the server. It takes approximately 5 to 8 minutes to
restart the system.
NOTE
If a message asking you whether to continue is displayed, click Yes.
----End
Prerequisites
l A PC or laptop on which the Internet Explorer browser is installed is ready.
l Internet Explorer browsers do not support a proxy server.
l The IMM IP address has been set.
Context
NOTE
l The operation snapshots in this topic vary according to the IBM WebBIOS versions and do not
affect the RAID configuration. During the RAID configuration, use actual snapshots.
l If no window is displayed after you click a button during the configuration, move the mouse and try
again.
Procedure
Step 1 Perform the following operations to access the RAID configuration window.
1. Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar
to access the page for logging into the IMM.
2. Enter an IMM user name and a password, and click Login.
NOTE
You do not need to set Inactive session timeout value. Keep the default value no timeout.
4. Enable remote control. Choose Tasks > Remote Control from the navigation tree. In the
right-hand pane, select Use the ActiveX Client with Microsoft Internet Explorer and
click Start Remote Control in Single User Mode to access the remote control desktop.
The remote control desktop consists of two parts: virtual media window and desktop
display window.
NOTE
NOTE
9. Select Boot Manager and press Enter. Then select Add Boot Option and press Enter.
10. Select Legacy Only. Press Enter.
11. Press Esc to return to Boot Manager.
12. Select Change Boot Order. Press Enter. The following dialog box is played.
13. Press Enter, and select Legacy Only using the arrow key ↓.
14. Press Shift and + to set the startup precedence to Legacy Only.
15. Press Enter. Select Commit Changes using the arrow keys and press Enter to save the
settings.
16. Choose Tools > Power > Reboot from the main menu to reboot the system.
NOTE
17. After the basic input/output system (BIOS) check is completed, the BIOS information
about the RAID is displayed, as shown in the following figure.
NOTE
This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on the
screen. If Ctrl+H is not pressed, restart the system.
Two pointers will be displayed. You can choose Tools > Single Cursor from the main menu to
change to the single pointer mode. Select the pointer mode according to individual operation
habits.
To quit single pointer mode, press F12.
Step 2 Click Configuration Wizard to access the RAID configuration wizard window, as shown in
the following figure.
After you select Clear Configuration, all RAID configurations will be deleted; as a result,
hard disk data will be damaged or lost. Check whether hard disk data can be deleted before
selecting Clear Configuration.
Step 4 Click Yes to clear the configuration, and return to the WebBIOS window.
Step 6 Click Exit to exit the WebBIOS window. The Exit Confirmation dialog box is displayed,
asking you whether to exit.
Step 7 Click Yes, and the following window is displayed.
Step 8 Choose Tools > Power > Reboot to restart the server. It takes approximately 5 to 8 minutes to
restart the system.
NOTE
If a message asking you whether to continue is displayed, click Yes.
----End
Question
The HTTPS is recommended for remotely accessing the server to ensure system security.
How do I configure the HTTPS on the IMM?
Answer
Step 1 Enter the default IMM IP address on the Internet Explorer of the PC to access the IMM Web
login window.
NOTE
The default IP address of the IMM is 192.168.70.125. If the default IP address of the IMM has been
changed, see A.5.4 How to View the IMM IP Address on the IBM Server.
Step 2 Enter an IMM user name and a password, and click Log In.
NOTE
Step 3 Click IMM Management > Security. Ensure that the value of HTTPS Server certificate
status is A signed certificate is installed. As shown in the following figure.
If the value of HTTPS Server certificate status is not A signed certificate is installed,
perform the following operations to install SSL authentication:
1. Click Generate a New Key and a Self-signed Certificate.
2. Set the related parameters in Generate New Key and Self-signed Certificate dialog
box.
NOTE
– Set parameters in the Required SSL Certificate Data area as prompted. The following figure
shows examples of the parameter settings.
– The Optional SSL Certificate Data parameter does not need to be set.
3. Click OK. After automatic authentication is complete, the value of HTTPS Server
certificate status changes to A signed certificate is installed.
Step 4 Ensure that Enabled HTTPS server is selected. As shown in the following figure.
NOTE
l During restart of the IMM, run the ping IMM IP address -t command on the CLI of the PC or
laptop. If the IMM IP address can be pinged through, the IMM is successfully restarted. Restarting
IMM takes about 3 minutes.
l If HTTPS needs to be disabled and HTTP needs to be used, clear the selection of the select Enabled
HTTPS server. Then execute Step 4.2 through Step 4.3.
Step 5 Enter the default IMM IP address on the Internet Explorer of the PC to access the IMM Web
login window.
NOTE
If a security certificate error is displayed when HTTPS is used for web page access, ignore it and
continue the operation.
----End
Question
The HTTPS is recommended for remotely accessing the server to ensure system security.
How do I configure the HTTPS on the IMM?
Answer
Step 1 Enter the default IMM IP address on the Internet Explorer of the PC to access the IMM Web
login window.
NOTE
The default IP address of the IMM is 192.168.70.125. If the default IP address of the IMM has been
changed, see A.5.4 How to View the IMM IP Address on the IBM Server.
Step 2 Enter an IMM user name and a password, and click Login.
NOTE
Step 3 Click Continue to access the Integrated Management Module web page.
NOTE
You do not need to set Inactive session timeout value. Keep the default value no timeout.
Step 4 Choose Security from the navigation tree. Ensure that the value of HTTPS Server
certificate status is A self-signed Certificate is installed.
If the value of HTTPS Server certificate status is not A self-signed Certificate is installed,
perform the following operations to install SSL authentication:
1. Click Generate a New Key and a Self-signed Certificate.
2. Set the related parameters.
NOTE
– Set parameters in the Certificate Data area as prompted. The following figure shows
examples of the parameter settings.
– The Optional Certificate Data parameter does not need to be set.
If the value of HTTPS Server is not Enabled, perform the following operations:
1. Select Enabled from the HTTPS Server drop-down list.
2. Click Save. A message asking you to restart the IMM is displayed.
3. Click OK.
4. Choose Restart IMM from the navigation tree.
5. On the Restart IMM page, click Restart. A message indicating that the IMM will be
restarted is displayed.
6. Click OK. A message asking you to shut down the Internet Explorer or tabs is displayed.
7. Click Yes.
NOTE
l During restart of the IMM, run the ping IMM IP address -t command on the CLI of the PC or
laptop. If the IMM IP address can be pinged through, the IMM is successfully restarted. Restarting
IMM takes about 3 minutes.
l If HTTPS needs to be disabled and HTTP needs to be used, select Disabled from the HTTPS
Server drop-down list. Then execute Step 5.2 through Step 5.7.
Step 6 Enter the default IMM IP address on the Internet Explorer of the PC to access the IMM Web
login window.
NOTE
If a security certificate error is displayed when HTTPS is used for web page access, ignore it and
continue the operation.
----End
Prerequisites
l GTS rights for ESDP login are available.
l The license confirmation form or contact number has been obtained.
NOTE
The license confirmation form is delivered in paper format along with the DVD. The license
confirmation form functions as the license file and should be kept properly on site.
Procedure
Step 1 Obtain information used for license download.
l If the license confirmation form has been obtained, send the information to related
Huawei engineers or the local office of Huawei.
l If the license confirmation form has not been obtained, obtain the contract number and
send it to related Huawei engineers or the local office of Huawei.
Step 2 Huawei engineers log in to the ESDP website http://w3.huawei.com/sdp/ (Huawei intranet)
or http://app.huawei.com/isdp/ (Internet) according to the obtained information.
Step 3 In Carrier Navigation, select the ESDP product module.
Step 4 Choose Order Management > Entitlement Management from the left-hand navigation tree.
The Entitlement Management page is displayed.
Step 5 On the Entitlement Management page, enter the following conditions and click Search.
l Entitlement Type: Select The 3rd Party Software.
l Huawei Contract No.: Enter the 14-digit Huawei Contract No..
Step 6 View license information, select the required license, and click Download The 3rd Party
License.
Step 7 Download the license according to the right-hand button status.
l If the Download License button is orange, the license can be downloaded.
l If the Download License button is gray, the requirement has not been confirmed, and
you must wait for a period of time to download the license.
l If the Download License button is unavailable, the license cannot be downloaded.
l If the Reapply button is available, the license has been downloaded, and you can re-
apply for license download. After clicking this button, enter the approver and application
reason and sign a letter of commitment on the Reapply page. Then click Sure to
Download to download the license.
Step 8 After clicking the download button, verify that the information is consistent with information
about installed software. Select I have read already and enter Receiving E-mail address.
Then click Sure to Download.
Step 9 The related Huawei engineer sends the Veritas license obtained by email to the user.
NOTE
Keep the license properly. If the license is lost, you can re-download it only after being approved.
----End
Question
How to check the Veritas license?
Answer
Step 1 Run the following commands as root user to query the details about the Veritas license.
# vxlicrep -e|egrep 'Global|VVR|Product Name|KEYLESS|VxVM'
NOTE
----End
Question
How do I query the disk status during the maintenance of the HA system?
Answer
Step 1 Run the following command to view the disk status:
# vxdisk list
Assume there are two disks. The following message will be displayed on Solaris OS:
DEVICE TYPE DISK GROUP STATUS
c1t0d0s2 auto:sliced disk01 datadg online
c1t1d0s2 auto:sliced disk02 datadg online
Assume there are eight disks. The following message will be displayed on SUSE Linux OS:
DEVICE TYPE DISK GROUP STATUS
sda auto:none - - online invalid
sdb auto:sliced disk03 datadg online
sdc auto:sliced disk04 datadg online
Step 2 Check whether the disk status is online. If not, the disk status is abnormal.
NOTE
If the value of STATE of sda is online invalid and the values of STATE of sdb and sdc are online, the
disk group status is correct on SUSE Linux OS.
----End
Question
How do I query the status of the disk group during the maintenance of the HA system?
Answer
Step 1 Run the following command to view the status of the disk group:
# vxdg list
Step 2 Check whether the status of the disk group is enabled. If not, the disk group is abnormal.
On Solaris OS, in normal cases, a disk group such as the proceeding one rootdg must exist.
Otherwise, the disk group is partitioned incorrectly.
----End
A.6.2.3 How to Query the Status of the Disk Volume (Solaris & SUSE Linux)
Question
How do I query the status of the disk volume during the maintenance of the HA system?
Answer
Step 1 Run the following command to view disk volume names:
# vxprint -v
Information similar to the following is displayed:
Disk group: datadg
NOTE
The lv_backup, lvdata, and srl under NAME are disk volume names.
Step 2 Run the following command to view the status of the disk volume:
# vxprint -l VolumeName
For example, run the following command to view the status of the disk volume:
# vxprint -l lvdata
A message similar to the following will be displayed:
Disk group: datadg
Volume: lvdata
info: len=209715200
type: usetype=fsgen
state: state=ACTIVE kernel=ENABLED cdsrecovery=0/0 (clean)
assoc: rvg=datarvg
plexes=lvdata-01,lvdata-02
exports=(none)
policies: read=SELECT (round-robin) exceptions=GEN_DET_SPARSE
flags: open writecopy writeback
logging: type=DCM loglen=512 serial=0/0 mapalign=256 (enabled)
apprecov: seqno=0/0
recovery: mode=default
recov_id=0
device: minor=25001 bdev=199/25001 cdev=199/25001 path=/dev/vx/dsk/datadg/lvdata
perms: user=root group=root mode=0600
guid: {41ad6708-b94f-11e2-875a-1a5d1918d772}
mediatype: hdd
In the command, VolumeName indicates the name of the disk volume. The name of the
current disk volume can be obtained through the vxprint -v command.
Table A-8 describes all fields about the status of the disk volume.
Disk group Indicates the disk group to which the disk volume belongs.
state Indicates the status of the disk volume. In normal cases, the situations
are as follows:
l state is ACTIVE.
l kernel is ENABLED.
Field Description
logging Indicates the log of the disk volume. In normal cases, type is DCM.
----End
Procedure
l In the Solaris or SUSE Linux OS:
a. Log in to the active site as the root user.
b. Run the following command to check the data replication status of the active and
standby sites.
# vradmin -g datadg repstatus datarvg
The following information appears.
Replicated Data Set: datarvg
Primary:
Host name: 10.71.210.78
RVG name: datarvg
DG name: datadg
RVG state: enabled for I/O
Data volumes: 4
VSets: 0
SRL name: lv_srl
SRL size: 3.00 G
Total secondaries: 1
Secondary:
Check whether the displayed information about the Data status is consistent, up-
to-date and that of Replication status is replicating (connected). If yes, it
indicates that the replication relation between the active site and the standby site is
normal. Otherwise, you need to create the replication relation again.
----End
Procedure
Step 1 Log in to the primary site OS as the root user.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 Run the following command to check the resource group status in the primary site:
# hagrp -state
Step 3 Run the following command to check the heartbeat status in both primary and secondary sites:
# hares -state
According to the displayed information, one wac is ONLINE and the other wac is OFFLINE
for localclus in System, which indicates that the heartbeat status between the primary and
secondary sites is normal.
#Resource Attribute System Value
APPBOND State linux216154Cluster:linux216154 ONLINE
APPBOND State localclus:linux216212 ONLINE
BackupServer State linux216154Cluster:linux216154 OFFLINE
BackupServer State localclus:linux216212 ONLINE
DatabaseServer State linux216154Cluster:linux216154 OFFLINE
DatabaseServer State localclus:linux216212 ONLINE
NMSServer State linux216154Cluster:linux216154 OFFLINE
NMSServer State localclus:linux216212 ONLINE
RVGPrimary State linux216154Cluster:linux216154 OFFLINE
Step 4 Log in to the secondary site OS as the ossuser user using the Putty and run the following
command to switch to the root user:
$ su - root
Step 5 Run the following command to check the resource group status in the secondary site:
# hagrp -state
Step 6 Run the following command to check the heartbeat status in both primary and secondary sites:
# hares -state
According to the displayed information, one wac is OFFLINE and the other wac is ONLINE
for localclus in System, which indicates that the heartbeat status between the primary and
secondary sites is normal.
#Resource Attribute System Value
APPBOND State linux216212Cluster:linux216212 ONLINE
APPBOND State localclus:linux216154 ONLINE
BackupServer State linux216212Cluster:linux216212 ONLINE
BackupServer State localclus:linux216154 OFFLINE
DatabaseServer State linux216212Cluster:linux216212 ONLINE
DatabaseServer State localclus:linux216154 OFFLINE
NMSServer State linux216212Cluster:linux216212 ONLINE
NMSServer State localclus:linux216154 OFFLINE
RVGPrimary State linux216212Cluster:linux216212 ONLINE
RVGPrimary State localclus:linux216154 OFFLINE
datarvg State localclus:linux216154 ONLINE
mountRes State linux216212Cluster:linux216212 ONLINE
mountRes State localclus:linux216154 OFFLINE
wac State linux216212Cluster:linux216212 ONLINE
wac State localclus:linux216154 OFFLINE
----End
Prerequisites
Ensure that the following prerequisites are met before performing the operation.
l The heartbeat connection between the active site and the standby site is normal.
l The data replication between the active site and the standby site is normal.
l The active site and the standby site are normal and no fault occurs. If there is a fault tag,
clear it by running the following command:
hares -clear <resource_name> [-sys hostname]
Command example:
hares -clear NMSServer
Context
After the active site is switched over to the standby site, the original standby site in the cluster
changes to the active site. In addition, the replication relation between the active site and the
standby site is repaired and the replication direction is specified again.
l After the switching, the U2000 may not receive alarms. It is recommended that the client
be reconnected and the primary site be configured on the U2000 again based on the the
primary site's IP address after switching.
l After the switching, the FTP account may be unavailable. You are advised to reconnect the
client and server. To reconfigure the FTP account, including the sever IP address, user
name, and password, choose Administrator > Settings > FTP Account Information
Management from the main menu.
Procedure
Step 1 Run the following command to check the replication status.
Command example:
Secondary:
Host name: 10.71.210.76
RVG name: datarvg
DG name: datadg
Data status: consistent, up-to-date
Replication status: replicating (connected)
Current mode: asynchronous
Logging to: SRL
Timestamp Information: behind by 0h 0m 0s
NOTE
You can perform the active/standby replication switchover only when Data status is consistent, up-to-
date.
Step 2 To perform manual switchover between the primary and secondary sites.
Use commands:
l To switch over the U2000 and database applications from the primary site to the
secondary site, run the following command on the secondary site as the root user:
# hagrp -switch AppService -any -clus localclus
l To switch over the U2000 and database applications from the secondary site to the
primary site, run the following command on the primary site as the root user:
# hagrp -switch AppService -any -clus localclus
NOTE
Run the hastatus -sum command as the root user to check the service status and service group status.
Use GUI:
1. Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
2. Choose Deploy > Monitor HA Status from the main menu. The Monitor the Status
dialog box is displayed.
3. Optional: Click View to view the historical records of the primary and secondary sites.
NOTE
The status of each HA system indicator is displayed. You can click detail info to view details or
restoration suggestions.
4. Click check now to view the current information about the primary and secondary sites.
NOTE
----End
Question
What are the reasons for automatic switching?
Answer
Generally, the causes of a failover on an HA system are as follows:
l Cause 1: A resource in the AppService resource group does not function properly. After
the failover is complete, the HA system enters the Fault switching state.
NOTE
l If you manually stop the following resources, the HA system switchover is not triggered.
l BackupServer is used to monitor the backup database server process. If the backup database
server is faulty, the HA system switchover is not triggered.
Resource Description
Name
RVGPrimary Used to monitor the RVG on the local site. If the RVG on the local
site does not function properly, a failover occurs on the HA system.
appNIC Used to monitor the NIC associated with the U2000 application IP
(Solaris) address. If the NIC does not function properly, a failover occurs on
APPBOND (PC the HA system.
Linux) NOTE
l For Solaris HA system, if an independent NMS application IP address
without IPMP has been configured, the VCS does not monitor this
resource.
l For Solaris HA system, if the system IP address without IPMP is used
as the NMS application IP address, not the heartbeat or replication IP
address, the VCS does not monitor this resource.
l Cause 2: The U2000 on the primary site abnormally powers off, has a hardware fault, or
is broken down. A hardware fault may occur because of disasters such as earthquake,
tsunami, or flood. The U2000 may be broken down because the operating system is
damaged. After the failover is complete, the HA system enters the Fault switching state.
l Cause 3: The interval for interruption of heartbeat connections between the primary and
secondary sites exceeds 600 seconds, the HA system enters the Primary-primary state.
NOTE
For Solaris HA system, if a separate heartbeat network and a separate replication network have
been configured, the heartbeat between the primary and secondary sites uses the replication
network if the communication on the heartbeat network is interrupted. In this scenario, the HA
system status changes from Normal state to Primary-primary state only if the communication on
both the heartbeat and replication networks has been stopped for more than about 600 seconds.
Question
How do I query the RVG status?
Answer
Step 1 Log in to the primary site as user root.
Step 2 Run the following command to view the RVG status of the active site:
# vxprint -Vl
Disk group Indicates the disk group where the RVG is located.
state Indicates the status of the RVG. In normal cases, the situations are as
follows:
l state is set to ACTIVE.
l kernel is set to ENABLED.
flags Indicates the flag of the RVG. In normal cases, the value is closed primary
enabled attached.
Field Description
device Indicates the device information of the RVG, including the device ID and
path.
Step 4 Run the following command to view the RVG status at the secondary site:
# vxprint -Vl
Rvg: datarvg
info: rid=0.1269 version=4 rvg_version=30 last_tag=3
state: state=ACTIVE kernel=ENABLED
assoc: datavols=lv_nms_data
srl=srl_vol
rlinks=datarlk
exports=(none)
vsets=(none)
att: rlinks=datarlk
flags: closed secondary enabled attached
device: minor=31004 bdev=315/31004 cdev=315/31004 path=/dev/vx/dsk/datadg/
datarvg
perms: user=root group=root mode=0600
For the description of the RVG status on the secondary site, see Table A-10. Normally, flags
on the secondary site is closed secondary enabled attached.
----End
Question
How do I query the Rlink status?
Answer
Step 1 Log in to the primary site as the root user.
Rlink: datarlk
info: timeout=500 packet_size=8400 rid=0.1113
latency_high_mark=10000 latency_low_mark=9950
bandwidth_limit=none
state: state=ACTIVE
synchronous=off latencyprot=off srlprot=autodcm
assoc: rvg=datarvg
remote_host=192.168.10.82 IP_addr=192.168.10.82 port=4145
remote_dg=datadg
remote_dg_dgid=1356843347.7.linux
remote_rvg_version=30
remote_rlink=datarlk
remote_rlink_rid=0.1113
local_host=192.168.10.137 IP_addr=192.168.10.137 port=4145
protocol: UDP/IP
flags: write enabled attached consistent connected
NOTE
The datarlk in Rlink is an Rlink name.
Disk group Indicates the disk group where the Rlink is located.
Field Description
state Indicates the status of the Rlink. In normal cases, the situations are as
follows:
l state is set to ACTIVE.
l synchronous is set to off.
l latencyprot is set to off.
l srlprot is set to autodcm.
protocol Indicates the protocol for synchronizing data. The protocols configured on
the primary and secondary sites must be the same.
flags Indicates the flag of the Rlink. Normally, the value is write enabled
attached consistent connected asynchronous.
For example, run the following command to query the datarlk status:
Rlink: datarlk
info: timeout=500 rid=0.1405
latency_high_mark=10000 latency_low_mark=9950
bandwidth_limit=none checksum=on
state: state=ACTIVE
synchronous=off latencyprot=off srlprot=autodcm
assoc: rvg=datarvg
remote_host=192.168.1.10 IP_addr=192.168.1.10 port=4145
remote_dg=datadg
remote_dg_dgid=1160936853.6.T522022448
remote_rvg_version=30
remote_rlink=datarlk
remote_rlink_rid=0.1414
local_host=192.168.1.11 IP_addr=192.168.1.11 port=4145
protocol: UDP/IP
flags: write enabled attached consistent connected
For the description of the Rlink status on the secondary site, see Table A-11.
----End
Question
How do I query the VVR status during the maintenance of the Veritas HA system?
Answer
Step 1 Run the following command to view the rvg name of the replication system:
# vradmin printrvg
A message similar to the following will be displayed:
Replicated Data Set: datarvg
Primary:
HostName: 10.71.224.48
RvgName: datarvg
DgName: datadg
Secondary:
HostName: 10.71.224.50
RvgName: datarvg
DgName: datadg
Rvg: datarvg
info: rid=0.1451 version=5 rvg_version=30 last_tag=4
state: state=ACTIVE kernel=ENABLED
assoc: datavols=lv_nms_data
srl=srl_vol
rlinks=datarlk
exports=(none)
vsets=(none)
att: rlinks=datarlk
flags: closed primary enabled attached
device: minor=129007 bdev=309/129007 cdev=309/129007 path=/dev/vx/dsk/datadg/
datarvg
perms: user=root group=root mode=0600
----End
A.6.4.5 How to check whether the VCS service has been started
Question
How to check whether the VCS service has been started?
Answer
Step 1 Run the following command to check whether the VCS service has been started:
# ps -ef | grep had
NOTE
If the displayed information contains /opt/VRTSvcs/bin/hashadow and /opt/VRTSvcs/bin/had -
onenode, the VCS service has been started.
----End
Question
How do I manually start the VCS service?
Answer
Step 1 Log in to the OS as user root.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
----End
Question
How do I manually start the VVR?
Answer
Step 1 Log in to the OS as user root.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
# cd /etc/init.d
# ./vras-vradmind.sh start
----End
Question
How do I manually stop the VCS service (Solaris & SUSE Linux)?
Answer
Step 1 Log in to the OS as user root.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 Run the following command to check whether the VCS service has been started:
# ps -ef | grep had
NOTE
If the displayed information contains /opt/VRTSvcs/bin/hashadow and /opt/VRTSvcs/bin/had -
onenode, the VCS service has been started. Perform Step 3. Otherwise, the follow-up operation is not
required.
Step 3 Optional: Run the following command to stop the VCS service:
# hastop -all -force
----End
A.6.4.9 How to Solve the Problem Where the Communications between the
Primary Site and the Secondary Site Are Interrupted After the HA System Is Set
Up
Question
After the HA system is set up, the communications between the primary site and secondary
site are interrupted. As a result, the primary-primary state occurs and the replication status
between the primary site and the secondary site is abnormal. How do I restore the normal HA
system relationship?
Answer
Step 1 Check the connection status of the network port or network cables of the primary site. Then,
restore the normal communications at the primary site.
Step 3 Run the following commands to clear resource group error information:
# hagrp -clear ClusterService -sys Primary
# hagrp -clear VVRService -sys Primary
NOTE
The format of the command used to clear resource group error information is as follows:
# hagrp -clear resource group name -sys host name
NOTE
The format of the command used to get a resource group online is as follows:
# hagrp -online resource group name -sys host name
Step 5 In the secondary site, log in to the MSuite client and choose Deploy > Force local site be
primary.
Step 6 Click OK. In this case, the primary and secondary relationship in the HA system has been
restored, and the U2000 programs are running in the secondary site.
----End
A.6.4.10 How to Start/Stop the NMS Before Synchronizing the Primary and
Secondary Sites (Solaris, PC Linux)
Question
How to start/stop the NMS before synchronizing the primary and secondary sites of a high
availability system (Solaris, PC Linux)?
Answer
l CLI mode:
a. Log in to the OS as the root user through Putty.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root
command and enter the root user password to switch to the root user.
b. Run the following commands to start the U2000 server:
# haconf -makerw > /dev/null 2>&1
# hares -modify datarvg Enabled 1
# hares -modify DatabaseServer Enabled 1
# hares -modify BackupServer Enabled 1
# haconf -dump -makero
# hagrp -online AppService -sys hostname
NOTE
To stop the U2000 service, run the following command:
# hagrp -offline AppService -sys hostname
----End
A.6.4.11 How Do I Ensure Proper Connections to VVR and MSuite Ports on the
Primary and Secondary Sites?
Question
How do I ensure proper connections to VVR and MSuite ports on the primary and secondary
sites?
Answer
Step 1 Check whether a firewall has been set on the network between the primary and secondary
sites. If a firewall has been set, permit VVR and MSuite ports into the firewall.
Step 2 On the primary and secondary sites, log in to the OS as the root user.
Step 3 On the primary and secondary sites, verify that the SFTP port and VVR ports used by the peer
site can be connected.
NOTE
1. Run the following commands to check whether the SFTP port and VVR ports used by
the peer site can be connected:
# cd /opt/oss/engr/engineering/tool/OSSICMR/bin
Enter the password for the ossuser user used by the peer site.
– Information similar to the following is displayed, SFTP port and VVR ports
connected successfully.
The SFTP service is normal.
-----------------------------
Connection closed by foreign host.
Port 4145 is connected successfully.
......
– If ports 22, 4145, 8199, and 8989 all fail to be connected, go to step Step 3.2.
2. Run the following commands to view the PID of the process that uses the port:
– On Linux OS, run the following command:
# netstat -ntlp | grep -w 8199
O_WRONLY|O_CREAT|O_TRUNC
/opt/oss/server/conf/log/DmsSyslogCollector20080226_133400.log
O_RDWR
SOCK_DGRAM
SO_SNDBUF(57344),SO_RCVBUF(57344)
Stop the process only after you confirm that it can be stopped. Otherwise, the U2000
may fail to run properly.
Step 4 On the primary and secondary sites, verify that the MSuite ports can be connected.
NOTE
1. Run the following commands to check whether MSuite ports are occupied:
– On Linux OS, run the following command:
# netstat -ntlp | grep -w 12212
n If no command output is returned, the ports are not occupied and can be
connected.
n If a command output is returned and contains the information below, the ports
are occupied by process 979. Then go to step Step 4.2.
tcp 0 0 :::12212 :::*
LISTEN 979/
n If a command output is returned but does not contain the information below,
the ports are not occupied and can be connected.
n If a command output is returned and contains the information below, the ports
are occupied by process 979. Then go to step Step 4.2.
979: /opt/oss/server/conf/../bin/DmsSyslogCollector
O_WRONLY|O_CREAT|O_TRUNC
/opt/oss/server/conf/log/DmsSyslogCollector20080226_133400.log
O_RDWR
SOCK_DGRAM
SO_SNDBUF(57344),SO_RCVBUF(57344)
Stop the process only after you confirm that it can be stopped. Otherwise, the U2000
may fail to run properly.
----End
Question
How to change the sa password if you forget to set the password during the installation or if
you want to change the password?
NOTE
l U2000 has been installed, you must use the MSuite instead of the Sybase database to manually
change the sa user password.
l The NMS processes are ended. See A.10.8 How to End the Processes of the U2000 Single-Server
System on Windows to end the NMS processes if they are running.
l The database is running. See A.7.4 How to Start the SQL Server Database to start the database if
it is not running.
Answer
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Deploy > Change Database Administrator Password. The
Change Password dialog box is displayed.
Step 3 Enter the old password and new password.
l Be sure to remember the password of user sa. If this password is missed, database-related
operations may fail to be performed.
l The database sa user password must meet the following requirements, please set the new
password as required:
– The password contains a minimum of eight characters and a maximum of 30
characters.
– The password must contain at least four of the following combinations:
n At least one lower-case letter
n At least one upper-case letter
n At least one digit
n At least one special character ~@#^*-_+[{}]:./?
Other special characters are not supported. Do not include other special
characters, such as ()|<>&`!$\"%'=;,space in passwords.
– The password must be different from the user name or the user name in reverse order
and cannot contain the complete user name (case-insensitive).
NOTE
l If the following information is displayed, the database administrator password has been changed
successfully.
Succeeded in changing the password.
After changing the database administrator password, start U2000 server processes.
l In Windows 2008 OS, if the above operations are right, but the message Change the password
failed. or a message indicating that the password is too newest is displayed, Please log in Windows
2008 OS. Then, click Start > All Programs > Microsoft SQL Server 2008 > SQL Server
Management Studio, connect the server as sa user. Select the Security > Logins from the
navigation tree, double-click sa. Clear the selection of the Enforce password policy in the Login
Properties dialog box.
----End
Answer
Step 1 Choose Start > All Programs > Microsoft SQL Server 2008 > SQL Server Management
Studio. The Connect to Server window is displayed. Set parameters according to the
following information and then click Connect.
l Server type: Database Engine
l Server name: DBSVR
l Authentication: Windows Authentication
Step 2 In the Enterprise Manager of the SQL server, select the master database, right-click, and then
choose Properties.
Step 3 In the dialog box that is displayed, click the Data Files tab, modify the database size in the
Space allocated(MB) area, and then select the Unrestricted file growth option button.
Step 4 Click the Transaction Log tab, modify the database size in the Space allocated(MB) area,
and then select the Unrestricted file growth option button.
Step 5 Check whether the modified database size is proper, and click OK.
Step 6 Restart the database.
----End
Answer
Step 1 Choose Start > All apps > Microsoft SQL Server 2008 > SQL Server Configuration
Manager > SQL Server Services.
Step 2 Perform the following operations to ensure that the SQL Server database has been stopped.
Right-click SQL Server (MSSQLSERVER) and check whether the shortcut menu option
Stop is grayed out.
----End
Question
How do I start the SQL server database?
Answer
Step 1 Choose Start > All apps > Microsoft SQL Server 2008 > SQL Server Configuration
Manager > SQL Server Services.
Step 2 Perform the following operations to ensure that the SQL Server database has been started.
Right-click SQL Server (MSSQLSERVER) and check whether the shortcut menu option
Start is grayed out.
----End
Question
How to change the sa user password if the U2000 is not installed?
NOTE
The following method applies to the scenario where the U2000 is not installed. If the operating system
has the U2000 installed and a user forgets the sa user password, contact Huawei technical support
engineers.
Answer
Step 1 Choose Start > All Programs > Microsoft SQL Server 2008 > SQL Server Management
Studio. The Connect to Server window is displayed. Set parameters according to the
following information and then click Connect.
l Server type: Database Engine
l Server name: DBSVR
l Be sure to remember the password of user sa. If this password is missed, database-related
operations may fail to be performed.
l The database sa user password must meet the following requirements, please set the new
password as required:
– The password contains a minimum of eight characters and a maximum of 30
characters.
– The password must contain at least four of the following combinations:
n At least one lower-case letter
n At least one upper-case letter
n At least one digit
n At least one special character ~@#^*-_+[{}]:./?
Other special characters are not supported. Do not include other special
characters, such as ()|<>&`!$\"%'=;,space in passwords.
– The password must be different from the user name or the user name in reverse order
and cannot contain the complete user name (case-insensitive).
----End
Answer
Step 1 Perform the following operations to ensure that the SQL Server database has been started.
Choose Start > All apps > Microsoft SQL Server 2008 > SQL Server Configuration
Manager, choose SQL Server Services from the navigation tree, right-click SQL Server
(MSSQLSERVER) in the right pane, check whether the shortcut menu option Start is grayed
out.
l If Start is grayed out, the SQL Server database is started.
l If Start is not grayed out, the SQL Server database is stopped. Right-click SQL Server
(MSSQLSERVER) and choose Start from the shortcut menu.
Step 2 Run the following commands at the command prompt:
C:\> isql -Usa -SDBSVR
NOTE
In order to enhance the security of the database after the U2000 is installed, the sa user may be manually
disabled and replaced with a customized administrator name, such as dbadmin.
Password:
1> sp_helpsort
2> go
NOTE
Step 3 If the displayed information includes binary sort, the database is sorted in binary mode. If the
displayed information does not include binary sort, the database is not sorted in binary mode.
----End
A.7.7 How to Check the Name of the SQL Server Database Server
Question
How to check the name of the SQL Server database server?
Answer
Step 1 Choose Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL
Server Configuration Manager > SQL Native Client 10.0 Configuration.
Step 2 Click the Aliases tab page to check the name of the SQL Server database server.
----End
Question
How to Check the Version of the SQL Server Database Server?
Answer
Step 1 Choose Start > Run. The Run window will be displayed.
Step 3 In the CLI, run the following commands to check the database version information:
C:\> isql -Usa -SDBSVR
NOTE
l In Windows Server 2008, if the database version is correct, information similar to the
following is displayed:
----------------------------------------------------------------- Microsoft
SQL Server 2008 (SP4) - 10.0.6241.0 (X64) Apr 17 2015 10:56:08 Co pyright (c)
1988-2008 Microsoft Corporation Enterprise Edition (64-bit) on Windows NT 6.1
<X64> (Build 7601: Service Pack 1) (1 row affected)
If the database version is not 10.0.6241.0, you must reinstall the database patch or
contact Huawei technical support engineers.
----End
A.7.9 How to Create a Replacement User for the SQL Server 2008
Database Administrator sa User
This topic describes how to disable the SQL Server 2008 database administrator (sa user by
default) and create a replacement user for the database administrator. Disabling the default
database administrator reduces potential security risks.
Prerequisites
l The database administrator sa has exited from the connection.
l The U2000 is stopped. For details about how to check whether the U2000 is stopped, see
3.2.1 Stopping the U2000 Server Processes.
l The database is started. For details about how to check whether the database is started,
see 2.1.2 Starting the Database.
l The MSuite is stopped.For details about how to end processes on the MSuite
server,seeA.9.3 How to End Processes on the MSuite Server
Context
l To reduce the probability of security threats, you can disable the database administrator,
create a new database user to replace the database administrator, and assign the new user
with the same permissions as the database administrator.
l You can only manually disable the sa user and create a replacement user for the sa user
only after the U2000 is installed or upgraded.
Procedure
Step 1 Log in to the OS as a user with administrator rights.
Step 2 Choose Start > Run. The Run window will be displayed.
NOTE
2. Input yes.
Information similar to the following is displayed:
Enter the password of the sa user:
NOTE
The new database administrator dbadmin uses the same password as the sa user. In fact, the sa
user is renamed without resetting the password.
----End
Result
Check whether the replacement user for the sa user is successful.
1. Log in to the OS as a user with administrator rights.
2. Choose Start > Run. The Run window will be displayed.
3. Enter cmd and click OK.
4. Run the following commands to check whether the sa user is disabled.
> isql -Usa -SDBSVR
5. In the CLI, run the following commands to check whether the dbadmin user is created
successfully:
If information similar to the following is displayed, enter the password of the dbadmin
user.
Password:
If the database can be connected properly, the dbadmin user is created successfully.
Follow-up Procedure
If the database administrator sa needs to be restored, refer to the preceding operations to
disable the existing database administrator and use the sa user as the new database
administrator.
If the password of the new database administrator has been changed after the sa user is
disabled, restore the password to the one used when the sa user is still enabled. Otherwise, the
database may be unavailable after the database administrator sa is restored.
Answer
Step 1 Log in to the OS on which Microsoft SQL Server runs.
Step 2 Choose Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL
Server Installation Center(64 bit).
Step 3 In the SQL Server Installation Center dialog box, choose Maintenance from the navigation
pane and click Editor Upgrade in the right pane.
Step 4 After the SQL Server 2008 Setup dialog box is displayed, wait for 5 minutes. Then click
OK. In the Product Key dialog box, enter the product key you have obtained.
Step 5 Click Next. Keep the default settings until the installation is finished.
----End
Answer
Step 1 Log in to the OS as an administrator. Choose Start > All Programs > Microsoft SQL
Server 2008 > Configuration Tools > SQL Server Configuration Manager > SQL Server
Network Configuration > Protocols for MSSQLSERVER.
Step 3 Click the Protocol tab. Select No for Listen All under General.
Step 4 Click the IP Address tab. Select Yes for Enabled under the IP address of 127.0.0.1.
Step 5 Click OK. In the Warning dialog box displayed indicating that the settings take effect only
after the database is restarted, click OK.
– If no command output is displayed, the U2000 process is not started. You can run
the D:\oss\server\platform\bin\startnms.bat command in the CLI to start the
U2000 process.If information similar to the following is displayed, the database has
to be started. For details, see 2.1.2 Starting the Database. Then, execute the
startnms.bat file to start the U2000 process.
Service MSSQLSERVER does not running,please start it first.
NOTE
----End
Question
How do I disable the Sybase database service?
Answer
Step 1 Perform the following operations to disable the Sybase database service in the single-server
system:
1. Log in to the OS as user ossuser.
2. Run the following commands to disable the Sybase database service:
# su - dbuser
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
3. Run the following command to check whether the Sybase database service is disabled:
# ps -ef | grep sybase
If the following message is displayed, the Sybase database service has been disabled:
root 9629 14603 0 07:46:52 pts/3 0:00 grep sybase
Step 2 Perform the following operations to disable the Sybase database service at the primary site in
the HA system:
NOTE
By default, the Sybase database service at the secondary site is not running.
1. Log in to the primary site as user ossuser through Putty. Run the following command to
switch to the root user.
$ su - root
Password: password for the root user
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
4. Run the following command to check whether the Sybase database service is disabled:
----End
Question
How do I start the Sybase database service?
Answer
l Perform the following operations to start the Sybase database service in the single-server
system:
a. Log in to the OS as user ossuser.
b. Run the following commands to start the Sybase database service:
# su - dbuser
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/ASE*/install
$ ./startserver -f ./RUN_DBSVR &
$ ./startserver -f ./RUN_DBSVR_back &
c. Run the following command to check whether the Sybase database service is
running:
$ ./showserver
NOTE
RVGPrimary Primary
datarvg Primary
wac Primary
c. Run the hagrp -autoenable AppService -sys hostname command to set the
AppService group to autoenable. Run the hares -modify resource name Enabled
1 command to change the status of all Veritas resources to Enabled. Use the
resource names displayed in the previous command output as an example. Run the
following commands to change the status of all the Veritas resources to Enabled:
For example, execute the following commands in a Solaris high availability system:
# hares -modify BackupServer Enabled 1
# hares -modify DataFilesystem Enabled 1
# hares -modify DatabaseServer Enabled 1
# hares -modify NMSServer Enabled 1
# hares -modify RVGPrimary Enabled 1
# hares -modify datarvg Enabled 1
# hares -modify wac Enabled 1
NOTE
hostname specifies the server name. You can run the hostname command to view the server
name.
d. Run the following command to start the Sybase database service:
NOTE
hostname specifies the server name. You can run the hostname command to view the server
name.
----End
Question
How do I verify that the Sybase database is running?
Answer
Step 1 Log in to the OS as user ossuser.
Step 2 Enter the CLI and run the following commands to check the Sybase process status:
# su - dbuser
$ cd /opt/sybase/ASE*/install
$ ./showserver
NOTE
----End
Question
How do I perform the required check on the Sybase database version to see if it is correct
after the Sybase database is installed?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
NOTE
Step 3 Run the following commands to check the Sybase database version:
2> go
2> go
NOTE
There must be a space between select and @ in the select @@version command.
(1 row affected)
1>
The preceding message indicates that Sybase database version is SYBASE 15.7.
NOTE
EBF 26390 indicates the latest Sybase patch. The earlier Sybase patches are not displayed.
(1 row affected)
The preceding message indicates that Sybase database version is SYBASE 15.7.
NOTE
EBF 26397 indicates the latest Sybase patch. The earlier Sybase patches are not displayed.
----End
Question
How do I view the server name of the Sybase database?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
Step 2 Run the following command to view the server name of the Sybase database:
$ more /opt/sybase/interfaces
DBSVR_back
master tcp ether 10.71.225.89 4200
query tcp ether 10.71.225.89 4200
master tcp ether 10.71.225.89 4200
query tcp ether 10.71.225.89 4200
master tcp ether 127.0.0.1 4200
query tcp ether 127.0.0.1 4200
----End
A.8.2.3 How to Change the sa User Password for the Sybase Database If the
U2000 Is Not Installed
Question
How to change the sa user password for the Sybase database if the U2000 is not installed?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
NOTE
Step 3 Run the following commands to change the sa user password for the Sybase database:
1> sp_password "old password","new password"
2> go
l Be sure to remember the password of user sa. If this password is missed, database-related
operations may fail to be performed.
l The database sa user password must meet the following requirements, please set the new
password as required:
– The password contains a minimum of eight characters and a maximum of 30
characters.
– The password must contain at least four of the following combinations:
n At least one lower-case letter
n At least one upper-case letter
n At least one digit
n At least one special character ~@#^*-_+[{}]:./?
Other special characters are not supported. Do not include other special
characters, such as ()|<>&`!$\"%'=;,space in passwords.
– The password must be different from the user name or the user name in reverse order
and cannot contain the complete user name (case-insensitive).
l Leave a space between sp_password and old password.
l The "new password" and "old password" must be marked with double quotation marks
during password modification.
----End
A.8.2.4 How to Change the Database Administrator Password for the Sybase
Database If the U2000 Is Installed
Question
How to change the database administrator user password for the Sybase database if the U2000
is installed?
l In the high availability system (Veritas hot standby), change the password of the
administrator of the database only on the MSuite server at the primary site. The passwords
of the administrator of the databases at both the primary and secondary sites are changed.
l After the U2000 is installed, using the MSuite to change the password of the database
administrator is recommended. Do not manually change the password. Otherwise, the
U2000 may fail to be started properly. If the password of the database administrator is
changed manually, you must use the MSuite to change the password again to ensure the
normal operation of the U2000.
Answer
Step 1 Shut down the NMS server and client.
Log in to the single system as user ossuser and run the following commands to end the
U2000 processes:
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
Use the PuTTY to log in to the primary site OS by means of SSH as the root user.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Right-click in the blank area of the desktop and choose Open Terminal from the shortcut
menu to open the CLI, run the following command.
# hares -offline NMSServer -sys hostname
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
Step 2 Ensure that the MSuite servers on the primary and secondary sites have been started.
Run the following command as the root user to check whether the MSuite servers are started:
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
# ps -ef | grep java
NOTE
If the displayed information contains /opt/oss/OSSJRE/jre_sol/bin/java -server in the Solaris system
and /opt/oss/OSSJRE/jre_linux/bin/java -server in SUSE Linux system, the MSuite servers have been
started.
If the MSuite servers have not been started, switch to the ossuser and run the following
commands as the root user to start the MSuite servers:
# su - ossuser
$ cd /opt/oss/engr/engineering
$ ./startserver.sh
Step 3 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 4 On the MSuite client, choose Deploy > Change Database Administrator Password. The
Change Password dialog box is displayed.
Step 5 Enter the old password, new password and confirm password.
NOTE
l The initial password is Changeme_123. To enhance system security, you need to regularly update
the password and keep it well.
– The password contains a minimum of eight characters and a maximum of 30 characters.
– The password must contain at least four of the following combinations:
n At least one lower-case letter
n At least one upper-case letter
n At least one digit
n At least one special character ~@#^*-_+[{}]:./?
Other special characters are not supported. Do not include other special characters, such
as ()|<>&`!$\"%'=;,space in passwords.
– The password must be different from the user name or the user name in reverse order and
cannot contain the complete user name (case-insensitive).
l If the Change Password dialog box is displayed, click OK.
After changing the password of the database administrator, start U2000 server processes.
----End
Question
How do I view the bit number of the Sybase database?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
NOTE
Step 3 Run the following commands to view the bit number of the Sybase database:
2> go
NOTE
There must be a space between select and @ in the select @@version command.
(1 row affected)
1>
(1 row affected)
----End
Question
How do I view the details about the Sybase database during routine maintenance?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
Step 2 Run the following commands to view the details of all databases:
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
1> sp_helpdb
2> go
The information about the Sybase database will be displayed, including the name, size, owner,
and status.
Step 3 Run the following commands to view the details of a specific database:
1> sp_helpdb database_name
2> go
NOTE
In the sp_helpdb database_name command, database_name is the name of the Sybase database.
----End
Question
How do I view the details of data tables of the Sybase database during routine maintenance?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
Step 2 Run the following commands to view all data tables of the database.
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
1>use <dbname>
2>go
1>sp_help
2>go
The data of all data tables in the specified database will be displayed, including name, owner,
and type.
Step 3 To view details about a data table, run the following commands:
1>sp_help <tablename>
2>go
Structure information about the data table is displayed. Ensure that the operations are
performed in the current database. Otherwise, a message is displayed indicating that the data
table is not found.
----End
A.8.2.8 How to Query a Database Table if Only Part of the Table Name Is
Remembered
Question
How do I query a database table if I cannot remember the complete name of a database table?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
Step 2 Run the following commands to view the details of all databases:
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
Step 3 Assume that abc is included in a database table name. Run the following SQL commands to
query the database table after opening the database view:
2> go
----End
Question
How do I identify database errors caused by unexpected powering-off of the workstation?
Answer
Step 1 Log in to the OS as user root.
NOTE
Step 3 Run the following commands to check whether the database server malfunctions by viewing
the Database server name.log file:
$ cd /opt/sybase/ASE*/install
$ tail -100 DBSVR.log
NOTE
l Run the tail -100 DBSVR.log command to view the latest 100 records in the log file. You can adjust
the number of records to be displayed.
l Check whether error or other error symbols are contained in the file. For example, error 926, a
common error, is displayed:
Error: 926, Severity: 14, State: 1 00:00000:00001:2002/05/31
09:26:26.65 server Database 'FaultDB' cannot be opened.
If the preceding message is displayed, the database server FaultDB is faulty.
Step 4 Run the following commands to check whether the database connection is available if the
preceding errors are not displayed:
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
The 1> prompt is displayed. If the 1> prompt is not displayed, verify that the database server
is running and the password of the database administrator is correct.
1>sp_helpdb
2>go
If the system does not prompt any error, the U2000 database works properly. In this case, start
the U2000 again.
NOTE
l If the NMS of Chinese edition is installed, illegible characters may be displayed when you log in to
the system by using the remote terminal login tool (CLI-based). Then, set the encoding scheme of
the remote terminal login tool to UTF-8.
l If the remote terminal login tool does not support the function of setting the encoding scheme, log in
to the system through the GUI.
Step 5 If the system prompts an error, check for database errors according to the error code and
rectify the error. The following uses the FaultDB database as an example to describe how to
rectify error 926.
Run the following commands:
2>go
2>go
2>go
Restart the Sybase database service and register with the Sybase database as the database
administrator.
2>go
2>go
2>go
Check whether the U2000 database works properly. If the database error persists, contact
Huawei technical support engineers.
----End
Question
How do I expand space for the master database when it is full?
Answer
l The NMS processes are ended. Perform the following operations to end the NMS
processes if they are running:
– For the Single-Server System (Solaris), see A.10.11 How to End the Processes of
the U2000 Single-Server System on (Solaris).
– For the Single-Server System (SUSE Linux), see A.10.14 How to End the
Processes of the U2000 Single-Server System on (SUSE Linux).
– For the High Availability System (Solaris/SUSE Linux), see A.10.17 How to End
the U2000 Processes of the High Availability System (Solaris, PC Linux).
l The database is running. Perform the following operations to start the database if it is not
running:
– For the Single-Server System (Solaris), see A.8.1.2 How to Start the Sybase
Database Service.
– For the Single-Server System (SUSE Linux), see A.8.1.2 How to Start the Sybase
Database Service.
– For the High Availability System (Solaris/SUSE Linux), see A.8.1.2 How to Start
the Sybase Database Service.
l In a high availability (HA) system, freeze the AppService resource group. For more
information, see 11.5.3 Locking a Resource Group.
Step 2 Run the sp_helpdevice command to check the space of the master database.
Step 3 Run the following commands to increase space for the master database if the available space
of the database device is sufficient:
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
2>go
Step 4 Run the following commands to back up the master database if the available space of the
database device is insufficient:
$ ./isql -SDBSVR -Usa
NOTE
2>go
Step 5 Run the following commands to clear logs in the master database:
2>go
1>shutdown SYB_BACKUP
2>go
1>shutdown
2>go
Step 7 Optional: In the HA system, run the hagrp -unfreeze AppService command to unfreeze the
AppService resource group.
----End
Question
How do I set up more user connections to a database?
Answer
Step 1 Run the following commands to add the following content at the end of the /etc/system file:
# vi /etc/system
set rlim_fd_max = 4096 (set the maximum number of process file descriptors)
set rlim_fd_cur = 2048 (set the current number of process file descriptors)
Step 2 Restart the system and run the following command to verify that the modification has taken
effect:
The following message will be displayed. The first hexadecimal number indicates the current
value and the one indicates the maximum value.
0x0000000000000800:0x0000000000001000 file descriptors
Step 3 Run the following commands to set the maximum number of user connections:
2>go
----End
A.8.2.12 How to Check for Database Errors Using the dbcc Tool
Question
How do I check for database errors using the dbcc tool?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
Step 2 Run the following commands to view the database error information:
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
Step 3 Run the following commands to view the information about the database table error:
1>use (database name)
2>go
1>dbcc checktable(table name)
2>go
The system will display the check results and the error information about the database table.
Step 4 Run the following commands to restore the database index:
1>dbcc reindex(table name)
2>go
All indexes of the database are automatically recreated.
Step 5 Run the quit command to exit the isql program.
NOTE
----End
Question
How do I set the network transport parameters of databases?
Answer
Step 1 In Solaris 10, the network transmission parameters of databases are set incorrectly if you set
Transport type to tli tcp when installing Sybase 12.5 manually or after you change the
database transmission type to tli tcp in the /opt/sybase/interfaces file.
In Solaris10, set Transport type to tcp while installing Sybase12.5. Perform the following
operations to correct parameter values if the parameters are set incorrectly.
Step 2 Log in to the server as user root. Open the terminal window and run the following commands:
# . /opt/sybase/SYBASE.sh
# dsedit
Step 4 In the dialog box as shown in Figure A-26, select DBSVR and click Modify Server entry.
Step 5 In the dialog box as shown in Figure A-27, select available network transport settings, and
click Modify network transport.
Step 6 In the dialog box as shown in Figure A-28, select tcp from the Transport type drop-down
list.
Step 7 Click OK in turn. The dialog box as shown in Figure A-26 is displayed.
Step 8 Repeat Step 4 to Step 6 and set Transport type of the DBSVR_back database to tcp.
Step 9 Save the settings and close all the windows.
Step 10 Restart the Sybase database to make the settings take effect.
NOTE
Before the operation, run the ps -ef|grep sybase command to check whether the Sybase service is
running. If the Sybase service is running, stop it and restart it. If the Sybase service is not running,
restart it.
----End
Question
How do I delete a suspect database?
Answer
Step 1 A suspect database cannot be deleted by the drop database DBname command. Run the
dbcc dbrepair(DBname, dropdb) command in the isql command mode to delete the
database. Replace DBname with the name of the actual suspect database. If the suspect
database still cannot be deleted, change the database status to 320 and run the dbcc
dbrepair(DBname, dropdb) command.
For example, if you cannot delete the suspect database iMapAlarmDB by running the dbcc
dbrepair(iMapAlarmDB, dropdb) command, perform the following steps.
Step 2 Change the status of the iMapAlarmDB database to 320. Log in to the database as the
database administrator and run the following commands:
1>sp_configure 'allow update', 1
2>go
1>update master..sysdatabases set status = -32768 where name = iMapAlarmDB '
2>go
1>shutdown
2>go
Step 3 Restart the database server, log in to the system as ossuser user, and run the following
commands:
# su - dbuser
$ cd /opt/sybase/ASE*/install
$ . /opt/sybase/SYBASE.sh
$ ./startserver -f ./RUN_DBSVR
Step 4 Log in to the database as the database administrator and run the following commands:
1>sp_configure 'allow update', 1
2>go
1>update master..sysdatabases set status = 320 where name = ' iMapAlarmDB '
2>go
2>go
def_remote_loc
status3 status4
----------- -----------
02/01/14 02/02/07 48
0 0 0 0 NULL
NULL 0 0
(1 row affected)
2>go
Step 6 Restart the database server, log in to the system as user root, and run the following
commands:
# su - dbuser
$ cd /opt/sybase/ASE*/install
$ . /opt/sybase/SYBASE.sh
$ ./startserver -f ./RUN_DBSVR
NOTE
----End
Question
How do I delete a damaged database that cannot be deleted by the drop database command?
Answer
For example, delete database pbus2.
Step 1 In the isql command mode, register with the SQL server as the database administrator.
Step 2 Run the following commands to allow for modifying the system tables:
1>sp_configure "allow updates",1
2>go
Step 3 Run the following commands to set the to-be-deleted user database to the suspect state.
1>use master
2>go
1>begin tran
2>go
2>where name="pubs2"
3>go
1>commit
2>go
1>rollback
2>go
Step 4 Restart the database server and register as the database administartor by running the isql
command.
Step 5 Run the following commands to delete the database:
1>dbcc dbrepair(pubs2,dropdb)
2>go
Step 6 Run the following commands to allow for modifying the system tables:
1>sp_configure "allow updates",0
2>go
----End
Question
How do I delete a database from the Sybase database?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
NOTE
In the preceding command, -SDBSVR indicates that the database instance name is DBSVR.
Enter the password of the database administrator as prompted.
In order to enhance the security of the database after the U2000 is installed, the sa user may be manually
disabled and replaced with a customized administrator name, such as dbadmin.
4> quit
Step 4 In the /opt/Sybase/data directory, delete the ([database name]_dev).dat file and the
([database name]+log_dev).dat file, such as the VpnDB_dev.dat file and the
VpnDBlog_dev.dat file.
----End
Question
How do I view the deadlock information in the Sybase database when errors occur?
Answer
Step 1 Log in to the database server as user dbuser.
NOTE
NOTE
1>sp_lock
2>go
fid
spidloid locktype table_id page
row dbname class context ------ ------
----------- ---------------------------- ----------- -----------
------ --------------- ------------------------------
---------------------------- 0 10 20 Sh_intent
464004684 0 0 master
Non Cursor Lock (1 row affected) (return status = 0)
NOTE
In the preceding information, Non Cursor Lock indicates that no deadlock occurs. The database
name is master; the process ID of the locked table is spid=10; the locked table ID is
table_id=464004684.
1>dbcc traceon(3604)
2>go
After the dbcc command is executed, contact the system administrator if any error
information is displayed.
1>use master
2>go
1>select object_name(464004684)
2>go
------------------------------ spt_values
(1 row affected)
1>dbcc sqltext(10)
2>go
After the dbcc command is executed, contact the system administrator if any error
information is displayed.
NOTE
The previous commands are used to view the sessions of table_id=464004684 and spid=10.
----End
Prerequisites
l The database administrator sa has exited from the connection.
l The MSuite is stopped. For details about how to end processes on the MSuite server, see
How to End Processes on the How to End Processes on the MSuite Server.
l The U2000 is stopped. For details about how to check whether the U2000 is stopped, see
Stopping the U2000 Server Processes.
l The database is started. For details about how to check whether the database is started,
see Starting the Database.
Context
l To reduce the probability of security threats, you can disable the database administrator,
create a new database user to replace the database administrator, and assign the new user
with the same permissions as the database administrator.
l You can only manually disable the sa user and create a replacement user for the sa user
only after the U2000 is installed or upgraded.
l In a high availability system, you need to perform the following operations on both the
primary and secondary sites. Before the operations are performed, ensure that the
primary and secondary sites are separated.
Procedure
Step 1 Log in to the server as the root user.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 Perform the following operations to disable the sa user and create a new user to replace the sa
user.
1. Run the following commands to disable the sa user and create a new administrator:
# cd /opt/oss/engr/engineering/tool/modifyDBAUser/
# ./modifyDBAUser.sh
NOTE
The /opt/oss directory is the U2000 installation directory.
Information similar to the following is displayed:
Please enter old database administrator account:
– The dbadmin user is used as an example of the new administrator of the database. The
administrator name can be customized as required. The customized user name must start with
a letter and can contain lower-case letters, digits, and special character _. The length of the
customized user name must be less than 17 characters.
– If the created user dbadmin already exists, this command assigns permissions to the new
database administrator. If the new password is different from the old password, the user
password is reset.
Information similar to the following is displayed:
Please enter password of new database administrator account:
Please confirm password of new database administrator account:
6. Input yes.
If the following information is displayed, the replacement user for the sa user is created
successfully.
The command is executed successfully.
Success to modify dba user.
NOTE
If the information Success to modify dba user. is displayed, the automatic database growth parameter
is set successfully.
----End
Result
Check whether the replacement user for the sa user is successful.
1. Log in to the server as the dbuser user.
2. In the CLI, run the following commands to check whether the sa user is disabled.
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
3. In the CLI, run the following commands to check whether the dbadmin user is created
successfully:
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Udbadmin
If information similar to the following is displayed, enter the password of the dbadmin
user.
Password:
If the database can be connected properly, the dbadmin user is created successfully.
Follow-up Procedure
If the database administrator sa needs to be restored, refer to the preceding operations to
disable the existing database administrator and use the sa user as the new database
administrator.
l Enter the existing database administrator name (such as dbadmin) and password and then
the database administrator name sa and the password to be restored.
l The password of the database administrator sa to be restored is the one that is not disabled.
The password cannot be set randomly.
A.9 MSuite
This topic covers FAQs about the NMS maintenance suite.
Question
Login to the NMS maintenance suite client is allowed only when the process of the NMS
maintenance suite server is running. How do I verify that process of the NMS maintenance
suite server is running?
Answer
l Log in to the Windows OS as the administrator user, check whether the msdaemon.exe
and msserver.exe processes are started in the Task Manager window. If you can find
the two processes in the process list, the MSuite server is running.
l In Solaris or SUSE Linux OS, run the following command as user ossuser to verify that
the MSuite server is running:
# ps -ef | grep java
The MSuite server is running if /opt/oss/OSSJRE/jre_sol/bin/java -server or /opt/oss/
OSSJRE/jre_linux/bin/java -server is displayed.
Question
Generally, the process of the NMS maintenance suite server is started with the OS startup.
How do I start the process of the NMS maintenance suite server?
Answer
In the high availability system, the MSuite server process must be started on both the primary
and secondary sites.
l Log in to the Windows OS as the administrator user, check whether the msdaemon.exe
and msserver.exe processes are started in the Task Manager window. If you can find
the two processes in the process list, the MSuite server is running. If the two processes
do not exist in the process list, the MSuite server is not running. In this case, perform the
following operations to start the MSuite server:
$ cd /opt/oss/engr/engineering
$ ./startserver.sh
----End
Answer
l On Windows OS, Go to the D:\oss\engr\engineering path, double-click the
stopserver.bat file, and end the MSuite server process.
l On Solaris or SUSE Linux OS, run the following commands as the ossuser user:
$ cd /opt/oss/engr/engineering
$ ./stopserver.sh
Answer
It must meet the following requirements for starting the NMS maintenance suite client:
l The MSuite server must be started.
l Port 12212 on the MSuite server is enabled.
l The MSuite client and the server communicate with each other properly.
l The MSuite server process is started on both the primary and secondary sites during
some operations in the high availability system, and the MSuite client can properly
communicate with the MSuite server on both the primary and secondary sites.
1. Ensure that the MSuite server has been started.
In Windows 2008 OS. Log in to the Windows OS as the administrator user, check
whether the msdaemon.exe and msserver.exe processes are started in the Task
Manager window. If you can find the two processes in the process list, the MSuite
server is running.If the two processes do not exist in the process list, the MSuite server is
not running. In this case, perform the following operations to start the MSuite server:
Go to the D:\oss\engr\engineering path, and double-click the startserver.bat file.
In Solaris OS, run the following command as user root to verify that the MSuite server is
running:
# ps -ef | grep java
In SUSE Linux OS, run the following command as user root to verify that the MSuite
server is running:
2. On a computer where the MSuite client is installed, double-click the U2000 NMS
Maintenance Suite shortcut icon on the desktop and then wait about one minute. The
Login dialog box is displayed.
NOTE
l In Solaris or SUSE Linux OS, log in to the Java desktop system as user ossuser. Otherwise,
the U2000 NMS Maintenance Suite shortcut icon is not displayed on the desktop. To start the
MSuite Client by running commands, log in to the OS as user ossuser through VNC.
$ cd /opt/oss/client/engineering
$ ./startclient.sh
l If a dialog box showing The client and server versions are different. Upgrade the client
using the CAU. is displayed, the method of upgrading the U2000 client by using the CAU is
as follow:
1. Install the U2000 client software in network mode: Enter https://server's IP address/cau/
(recommended for higher security) or http://server's IP address/cau/ in the address box of
the Internet Explorer, and press Enter to access the Web installation page. For details, see
Installing a U2000 Client in CAU ModeInstalling a U2000 Client in CAU Mode in the
U2000 Client Software Installation Guide.
2. If you upgrade the U2000 client software using the CAU, the MSuite client is also
upgraded.
3. Set the login parameters.
– IP Address:
n To log in to the local MSuite server, use the default IP address 127.0.0.1.
n To log in to the remote MSuite server, enter the IP address of the computer
where the MSuite server is installed. If multiple IP addresses are configured
for the computer, use the NMS application IP address.
NOTE
The Login dialog box of the MSuite client has the function to keep the login list. Selecting
an IP address from the IP Address drop-down list is recommended. If the desired IP address
is not displayed in the drop-down list, enter an IP address.
– Port: The default port ID is 12212. There is no need to change the default value
during login but ensure that the port is not occupied.
– User Name: The default user name is admin.
– Password: The initial password of the admin user is Changeme_123. The
password must be changed during the first login to ensure system security. Keep the
password confidential and change it regularly.
4. Click Login.
NOTE
l When you log in to the MSuite client, a progress bar is displayed showing the progress of Refresh
Deployment Information. Wait until the operation is complete.
l The MSuite works in single-user mode. Specifically, only one MSuite client can log in to the
MSuite at one time.
Context
Generally, the process of the MSuite server is not started with the OS startup. If the process is
not started, perform the following operations to start it.In the high availability system, the
MSuite server process must be started on both the primary and secondary sites.
Procedure
l Log in to the Windows OS as the administrator user, check whether the msdaemon.exe
and msserver.exe processes are started in the Task Manager window. If you can find
the two processes in the process list, the MSuite server is running. If the two processes
do not exist in the process list, the MSuite server is not running. In this case, perform the
following operations to start the MSuite server:
Go to the D:\oss\engr\engineering path, and double-click the startserver.bat file.
l In Solaris or SUSE Linux OS, run the following command as user ossuser to verify that
the MSuite server is running:
# ps -ef | grep java
----End
1 After a user enters correct 1. Log in to the server as the root user.
parameter values and 2. Check that the MSuite server has been started.
clicks Login in the login
window of a MSuite l Log in to the Windows OS as the administrator user,
client, a message check whether the msdaemon.exe and msserver.exe
indicating a failure to processes are started in the Task Manager window.
connect to the MSuite If you can find the two processes in the process list,
server is displayed. the MSuite server is running. If the two processes do
not exist in the process list, the MSuite server is not
running. In this case, perform the following
operations to start the MSuite server:
Go to the D:\oss\engr\engineering path, and
double-click the startserver.bat file.
l On the Solaris or SUSE Linux OS, run the following
command as user root to verify that the MSuite
server is running:
# ps -ef | grep java
The MSuite server is running if /opt/oss/OSSJRE/
jre_sol/bin/java -server or /opt/oss/OSSJRE/
jre_linux/bin/java -server is displayed. Run the
following commands to start the MSuite server if it
is not running:
# su - ossuser
$ cd /opt/oss/engr/engineering
$ ./startserver.sh
A.10.1 How to Change the System Time and Time Zone of the
Single-Server System on Windows
Question
How do I change the system time and time zone of the single-server system on Windows?
When the U2000 services are running, do not change the system time.
Answer
Step 1 Stop the U2000 processes and the SQL Server database. Please see A.10.8 How to End the
Processes of the U2000 Single-Server System on Windows and A.7.3 How to Shut Down
the SQL Server Database.
Step 2 Open the Control Panel window. Click the Clock, Language, and Region. Then, click the
Date and Time.
Step 3 In the dialog box that is displayed, click the Date and Time tab. Click the Change date and
time to set the current system date and time. Click OK. Click the Change time zone tab and
select the required time zone from the related drop-down list. Click OK.
Step 5 If the time zone is changed, you need to restart the OS to make the modifications take effect.
Restart the OS according to the displayed prompt.
NOTE
Step 6 If only the time is changed, start the U2000 system. For details, see 2 Starting the U2000
System.
----End
A.10.2 How to Change the System Time and Time Zone of the
Single-Server System (Solaris)
Question
How do I change the system time and time zone of the single-server system (Solaris)?
Answer
Step 1 Log in to the OS of the server as user ossuser.
Step 2 Open a terminal window and run the following commands to end U2000 processes.
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
NOTE
Step 4 After the processes are ended, log in to the NMS Maintenance Suite client.
Step 5 On the MSuite client, choose Deploy > Change Time Zone. The Modify System Time Zone
dialog box is displayed.
Step 6 Set the time zone and system time according to the local time zone and standard time.
NOTE
Perform desired operations according to on-site conditions:
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is a
correct local time, no modification is required.
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is not a
correct local time, correct Time in Current Time Zone. No other modification is required.
l In New Time Zone, if the value of Time Zone is not a local time zone, change it to a local time
zone. The Time below the Time Zone will be changed automatically. If the automatically changed
time is a correct local time, no other modification is required. Otherwise, adjust the value of Time in
Current Time Zone until the value of Time in New Time Zone is a correct local time.
Step 8 If the time zone is changed, you need to restart the OS to make the modifications take effect.
Restart the OS according to the displayed prompt.
l The U2000 system will start while the OS started.
l The OS does not need to be restarted if only the time is changed. It needs to be restarted
if the time zone is changed.
l On Solaris or SUSE Linux, if the time zone is changed and after the OS is restarted, the
time is adjusted according to the new time zone.
# sync;sync;sync;sync
# shutdown -y -g0 -i6
Step 9 If only the time is changed, start the U2000 system. For details, see 2 Starting the U2000
System.
----End
A.10.3 How to Modify the Time and Time Zone on the SUSE
Linux Single-Server System
Question
How do I modify the time and time zone on the SUSE Linux single-server system?
Answer
Step 1 Log in to the server as the ossuser user.
Step 2 Open the CLI. Run the following command to shut down the U2000:
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
NOTE
Step 4 After the database is shut down, start an NMS Maintenance Suite client.
Step 5 On the MSuite client, choose Deploy > Change Time Zone. The Modify System Time Zone
dialog box is displayed.
Step 6 Set the time zone and system time according to the local time zone and standard time.
NOTE
Perform desired operations according to on-site conditions:
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is a
correct local time, no modification is required.
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is not a
correct local time, correct Time in Current Time Zone. No other modification is required.
l In New Time Zone, if the value of Time Zone is not a local time zone, change it to a local time
zone. The Time below the Time Zone will be changed automatically. If the automatically changed
time is a correct local time, no other modification is required. Otherwise, adjust the value of Time in
Current Time Zone until the value of Time in New Time Zone is a correct local time.
NOTE
Step 9 If only the time is changed, start the U2000 system. For details, see 2 Starting the U2000
System.
----End
A.10.4 How to Change the System Time and Time Zone of the
High Availability System (Solaris, SUSE Linux)
Question
How do I change the system time and time zone of the High Availability System (Solaris,
SUSE Linux)?
Answer
Step 1 Log in to the primary site as user root. Open a terminal window and run the following
command to shut down the high availability system:
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
# hagrp -offline AppService -sys host name of active site
For example, if the host name of the primary site is Primaster, run the following command.
# hagrp -offline AppService -sys Primaster
The IP address entered during login is the system IP address of the primary site.
Step 3 On the MSuite client, choose Deploy > Change Time Zone. The Modify System Time Zone
dialog box is displayed.
Step 4 Set the time zone and system time according to the local time zone and standard time.
NOTE
Perform desired operations according to on-site conditions:
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is a
correct local time, no modification is required.
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is not a
correct local time, correct Time in Current Time Zone. No other modification is required.
l In New Time Zone, if the value of Time Zone is not a local time zone, change it to a local time
zone. The Time below the Time Zone will be changed automatically. If the automatically changed
time is a correct local time, no other modification is required. Otherwise, adjust the value of Time in
Current Time Zone until the value of Time in New Time Zone is a correct local time.
Step 6 If the time zone is changed, you need to restart the OS to make the modifications take effect.
Restart the OS according to the displayed prompt.
NOTE
For example, if the host name of the primary site is Primaster, run the # hagrp -online
AppService -sys Primaster command.
l Run the following commands to restart the OS if the time zone is changed.
# hastop -all -force
# sync;sync;sync;sync
Solaris OS:
# shutdown -y -g0 -i6
NOTE
The IP address entered during login is the system IP address of the secondary site.
Step 8 On the MSuite client, choose Deploy > Change Time Zone. The Modify System Time Zone
dialog box is displayed.
Step 9 Set the time zone and system time according to the local time zone and standard time.
NOTE
Perform desired operations according to on-site conditions:
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is a
correct local time, no modification is required.
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is not a
correct local time, correct Time in Current Time Zone. No other modification is required.
l In New Time Zone, if the value of Time Zone is not a local time zone, change it to a local time
zone. The Time below the Time Zone will be changed automatically. If the automatically changed
time is a correct local time, no other modification is required. Otherwise, adjust the value of Time in
Current Time Zone until the value of Time in New Time Zone is a correct local time.
Step 11 If the time zone is changed, you need to restart the OS to make the modifications take effect.
Restart the OS according to the displayed prompt.
NOTE
Solaris OS:
# shutdown -y -g0 -i6
Step 12 If only the time is changed, start the U2000 system. For details, see 2 Starting the U2000
System.
----End
Question
How do I determine whether an installed SUSE Linux system is a local or remote high
availability system?
Answer
Step 1 Log in to the SUSE Linux high availability system on the primary or secondary site as the
root user.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 Run the following command to view the high availability system type on the current server:
# cat /var/ICMR/sles10sp4_sign_file.inf
NOTE
l If the command output contains installtype=1, the system is a single-server system. If the command
output contains installtype=3, the system is a high availability system.
l If the command output contains hatype=1, the system is a local availability system. If the command
output contains hatype=2, the system is a remote system.
For example, if the command output contains installtype=3 and hatype=2, the system is a remote high
availability system.
----End
Question
How do I verify that the processes of the U2000 single-server system are running on
Windows?
Answer
Step 1 Log in to the OS as a user with ossuser rights.
Step 2 View the startup information about the U2000 server processes.
NOTE
If information similar to the following is displayed, the U2000 process also has started.
imapmrb.exe 11116 Services 0
30,392 K
imapeventmgr.exe 11164 Services 0
21,404 K
imapsysd.exe 10236 Services 0
42,116 K
imapwatchdog.exe 8584 Services 0
11,676 K
ResourceMonitor.exe 26056 Services 0
28,184 K
imap_sysmonitor.exe 13168 Services 0
39,632 K
– If no command output is displayed, the U2000 process is not started. You can run
the D:\oss\server\platform\bin\startnms.bat command in the CLI to start the
U2000 process. If information similar to the following is displayed, the database
has to be started. For details, see 2.1.2 Starting the Database. Then, execute the
startnms.bat file to start the U2000 process.
Service MSSQLSERVER does not running,please start it first.
NOTE
----End
Question
How do I start the processes of the U2000 single-server system (Windows)?
Answer
Step 1 Log in to the OS as administrator.
Step 2 If the database does not automatically start along with the OS, run the following command to
manually start it.
Choose Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL
Server Configuration Manager > SQL Server Services, right-click SQL Server
(MSSQLSERVER) and choose Start to start the database. If the database has started, skip
this step.
Step 3 Perform the following operations to ensure that the U2000 server processes have been started.
1. Choose Start > Run. The Run window will be displayed.
2. Enter cmd and click OK.
3. In the CLI, run the daem_ps command to check whether the U2000 process is started.
– If information similar to the following is displayed, the U2000 process has started.
imapmrb.exe 30616 RDP-Tcp#1 3
19,252 K
imapeventmgr.exe 4392 RDP-Tcp#1 3
19,812 K
imapsysd.exe 27224 RDP-Tcp#1 3
39,720 K
imapwatchdog.exe 36812 RDP-Tcp#1 3
14,216 K
ResourceMonitor.exe 29472 RDP-Tcp#1 3
25,024 K
imap_sysmonitor.exe 8368 RDP-Tcp#1 3
36,628 K
python.exe 33732 RDP-Tcp#1 3
21,216 K
httpd.exe 14920 RDP-Tcp#1 3
11,140 K
java.exe 21572 RDP-Tcp#1 3
92,424 K
httpd.exe 15980 RDP-Tcp#1 3
16,476 K
NOTE
If information similar to the following is displayed, the U2000 process also has started.
imapmrb.exe 11116 Services 0
30,392 K
imapeventmgr.exe 11164 Services 0
21,404 K
imapsysd.exe 10236 Services 0
42,116 K
imapwatchdog.exe 8584 Services 0
11,676 K
ResourceMonitor.exe 26056 Services 0
28,184 K
imap_sysmonitor.exe 13168 Services 0
39,632 K
– If no command output is displayed, the U2000 process is not started. You can run
the D:\oss\server\platform\bin\startnms.bat command in the CLI to start the
U2000 process. If information similar to the following is displayed, the database
has to be started. For details, see 2.1.2 Starting the Database. Then, execute the
startnms.bat file to start the U2000 process.
Service MSSQLSERVER does not running,please start it first.
NOTE
----End
You can stop all the services of the NMS, including the system monitoring process.
If you use the Stop All NMS Services function of the System Monitor, the system monitoring
process is not ended. Do not use this method if perform operations for shutting down the
NMS that are associated with the database.
Answer
Step 1 Exit all the U2000 clients.
Step 2 Log in to the OS as a user with ossuser rights.
Step 3 Ensure that the U2000 is not running.
1. Right clickStart > Run. The Run window will be displayed.
2. Enter cmd and click OK.
3. In the CLI, run the daem_ps command to check whether the U2000 process is stopped.
– If no command output is displayed, the U2000 process has stopped.
– If information similar to the following is displayed, the U2000 process is not
stopped. In the CLI, run the D:\oss\server\platform\bin\stopnms.bat command to
stop the U2000 process.
imapmrb.exe 30616 RDP-Tcp#1 3
19,252 K
imapeventmgr.exe 4392 RDP-Tcp#1 3
19,812 K
imapsysd.exe 27224 RDP-Tcp#1 3
39,720 K
imapwatchdog.exe 36812 RDP-Tcp#1 3
14,216 K
ResourceMonitor.exe 29472 RDP-Tcp#1 3
25,024 K
imap_sysmonitor.exe 8368 RDP-Tcp#1 3
36,628 K
python.exe 33732 RDP-Tcp#1 3
21,216 K
httpd.exe 14920 RDP-Tcp#1 3
11,140 K
java.exe 21572 RDP-Tcp#1 3
92,424 K
httpd.exe 15980 RDP-Tcp#1 3
16,476 K
NOTE
n If information similar to the following is displayed, the U2000 process is not stopped.
Switch to the administrator and run the D:\oss\server\platform\bin\stopnms.bat command
to stop the U2000 process.
imapmrb.exe 11116 Services
0 30,392 K
imapeventmgr.exe 11164 Services
0 21,404 K
imapsysd.exe 10236 Services
0 42,116 K
imapwatchdog.exe 8584 Services
0 11,676 K
ResourceMonitor.exe 26056 Services
0 28,184 K
imap_sysmonitor.exe 13168 Services
0 39,632 K
n D:\oss specifies the installation path of the U2000.
n Stopping the U2000 process takes about 3 minutes.
----End
Question
How do I verify that the processes of the U2000 single-server system are running on Solaris?
Answer
Step 1 Log in to the server as user ossuser.
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
----End
Question
How do I start the processes of the U2000 single-server system on Solaris?
Answer
Step 1 Log in to the server as user ossuser.
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
----End
Question
How do I end the processes of the U2000 single-server system on (Solaris)?
Answer
Step 1 Log in to the server as user ossuser.
To check the running status of U2000 processes, run the following command:
$ daem_ps
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
If the U2000 is still running, run the following commands to stop it:
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
----End
Question
How do I verify that the processes of the U2000 single-server system are running on SUSE
Linux?
Answer
Step 1 Log in to the server as user ossuser.
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
----End
Question
How do I start the processes of the U2000 single-server system on SUSE Linux?
Answer
Step 1 Log in to the server as user ossuser.
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
----End
Question
How do I end the processes of the U2000 single-server system on (SUSE Linux)?
Answer
Step 1 Log in to the server as user ossuser.
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
If the U2000 is still running, run the following commands to stop it:
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
----End
Answer
Step 1 Log in to the OS of the active site as the ossuser user.
Step 2 Check the U2000 processes.
Run the following command to check whether the U2000 is running:
$ daem_ps
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start.
----End
Answer
Step 1 Use the PuTTY to log in to the primary site OS by means of SSH as the ossuser user. Run the
following command to switch to the root user.
$ su - root
Password: password for the root user
Step 2 Right-click in the blank area of the desktop and choose Open Terminal from the shortcut
menu to open the CLI, run the following command.
# hares -online NMSServer -sys hostname
----End
Question
How do I end the U2000 processes of the high availability system (Solaris, PC Linux)?
Answer
Step 1 Use the PuTTY to log in to the primary site OS by means of SSH as the ossuser user. Run the
following command to switch to the root user.
$ su - root
Password: password for the root user
Step 2 Right-click in the blank area of the desktop and choose Open Terminal from the shortcut
menu to open the CLI, run the following command.
# hares -offline NMSServer -sys hostname
----End
Question
What factors affect the response speed of the NMS?
Answer
Step 1 Number of gateway NEs and number of NEs managed by a gateway NE.
Step 2 Status of the communication between the NMS and gateway NEs.
----End
Question
How do I resolve the problem that illegible characters occur in the NMS window?
Answer
Step 1 The possible causes are as follows:
l Illegible characters may occur when multiple NMSs of different languages manage the
same NE.
l If the character set is modified by means of commands on the NE side, illegible
characters may occur when you query the information about the NE on the NMS.
l If the character set is configured after the NE is upgraded, illegible characters may occur
when you query the information about the NE on the NMS.
In any of the preceding cases, the problem can be resolved after you restore the original
character set.
----End
Question
When installing the U2000, I uploaded the software package of a single domain and selected
only one domain component (for example, the transport domain). If I need another domain
component later, for example, the IP domain, how do I install it incrementally?
NOTE
The core network component can be incrementally installed only on Solaris OS.
Answer
Step 1 Optional: In a high availability system, you must separate the primary site from the
secondary site. For details, see C.6.2 Separating the Primary Site from the Secondary Site.
NOTE
If the security hardening policy has been enabled in the system, log in to the OS as ossuser and
run the su root command to switch to the root user, enter the password according to prompts.
Otherwise, the GUI for deploying is unavailable.
l In Windows OS, log in to the OS as the administrator user.
Step 3 Verify that the following paths have sufficient remaining space.
l On Solaris or SUSE Linux, verify that the following paths have sufficient remaining
space.
NOTE
– You can run the df -hk command to view the remaining space. For example, to view the
remaining space of the /opt/oss path, run the df -hk /opt/oss command.
– Installing domains incrementally does not affect the current management scale. That is, if the
management scale is medium during U2000 installation, the management scale is still medium
after incremental domain installation.
l On Windows, verify that the following paths have sufficient remaining space.
Step 4 Upload the software package and mapping digital signature file (in .asc format) of a desired
domain to the U2000 server.
l For Solaris and SUSE Linux operating systems,
The software package and mapping digital signature file (in .asc format) must be in
the /opt/install directory, or the software package verification failure.
a. Upload the software package and mapping digital signature file to the /opt/install
directory on the server as the root user.
n If security hardening is not performed on the OS, upload the software package
and mapping digital signature file to the /opt/install directory on the server as
the root user.
n If security hardening is performed on the OS, FTP/SFTP rights of root will be
disabled. In this case, you need to upload files to the backup directory in the
FTP root directory as the ftpuser user (the FTP root directory of ftpuser
is /opt/backup/ftpboot). And then the software packages and mapping
digital signature files must be moved to the directory of /opt/install. For
example,
# cd /opt/backup/ftpboot/ftproot
# mv U2000V200R016C60_server_nmsip_sles_x64* /opt/install/
l If your OS is Windows, upload the software package to D:\oss. If the path space is
insufficient, move all the files stored in the path to another directory with sufficient space
and upload the software packages of the components to be added incrementally to the
new directory (must be a sub-directory of D:\oss) . Such as add.
NOTE
The new directory should be as short as possible. The directory can contain only letters, numbers,
or underlines. Ensure that the directory does not contain any spaces or brackets.
Step 5 The NMS processes are ended. Perform the following operations to end the NMS processes if
they are running:
l For the Single-Server System (Windows), see A.10.8 How to End the Processes of the
U2000 Single-Server System on Windows.
l For the Single-Server System (Solaris), see A.10.11 How to End the Processes of the
U2000 Single-Server System on (Solaris).
l For the Single-Server System (SUSE Linux), see A.10.14 How to End the Processes of
the U2000 Single-Server System on (SUSE Linux).
l For the High Availability System (Solaris/SUSE Linux), see A.10.17 How to End the
U2000 Processes of the High Availability System (Solaris, PC Linux).
Step 6 Verify that the database is running. The database is running. Perform the following operations
to start the database if it is not running:
l For the Single-Server System (Windows), see 2.1.2 Starting the Database.
l For the Single-Server System (Solaris), see 2.2.2 Starting the Database.
l For the Single-Server System (SUSE Linux), see 2.3.2 Starting the Database.
l For the High Availability System (Solaris/SUSE Linux), see 2.4.2 Starting the
Database.
Step 7 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 8 In MSuite client, choose Deploy > Deploy. The Deploy dialog box is displayed.
NOTE
l In the Deploy dialog box, if some domains are gray, the domains have been deployed.
l Cannot deploy the xxxx domain, because the installation package of this domain has not been
correctly or fully decompressed. displays in the Deploy dialog box, click Incremental Install to
install it incrementally. See A.10.20 How Do I Install a Domain Component Incrementally.
Step 9 Click Incremental Install. For Linux/Solaris OS, please input software package name, for
example, U2000version_server_nmsaccess_sles_x64.7z or
U2000version_server_nmsaccess_solaris_SPARC.7z. For Windows OS, please input sub-
directory/software package name, for example, add/
U2000version_server_nmsaccess_win32_x86.7z.
Step 11 If a message is displayed indicating the software package verification success, click OK. Wait
until the space size of the U2000 directory and database directory is checked.
Step 12 Select a domain and click OK. A dialog box is displayed showing the deployment progress.
The time required for the installation depends on the number of domains to be deployed and
the configurations of the server. Wait patiently.
Step 13 If the "The XXX domain has been deployed. Restart the NMS" message is displayed, the
domain has been successfully deployed.
During the waiting period, do not start or stop the U2000 server processes. Otherwise, domain
deployment fails.
Single-Server System (Solaris) but in manual mode, the U2000 fails to start. How do I
rectify this fault?
Answer
Step 1 Log in to the OS as user root.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Run the vi command to modify the interfaces configuration file and change the IP address to
the new IP address.
# su - dbuser
$ vi /opt/sybase/interfaces
NOTE
Run the following command to check whether the Sybase database is started:
$ ./showserver
----End
Question
How do I view the U2000 and Sybase database installation paths?
Answer
Generally, the U2000 installation path is /opt/oss and the Sybase database installation path
is /opt/sybase.
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 Check the ICMR_conf.xml configuration file to confirm the installation paths.
<CONFIGITEMS>
<SYBASEUSERNAME>dbuser</SYBASEUSERNAME>
<DBDEVICEPATH>/opt/sybase/data</DBDEVICEPATH>
<IFCONFIGSYSNET>no</IFCONFIGSYSNET>
<INSTALLTYPE>1</INSTALLTYPE>
<SYBASEDBSERVERNAME>DBSVR</SYBASEDBSERVERNAME>
<LANG>C</LANG>
<DEBUGLEVEL>9</DEBUGLEVEL>
<SYBASEBACKUPSERVERPORT>4200</SYBASEBACKUPSERVERPORT>
<DATABASEINSTALLPATH>/opt/sybase</DATABASEINSTALLPATH>
<SYBASEBACKUPSERVERNAME>DBSVR_back</SYBASEBACKUPSERVERNAME>
<REUSEDB>no</REUSEDB>
<NMSINSTALLPATH>/opt/oss</NMSINSTALLPATH>
<FINISHTASKLIST>tasks::installtype_request,tasks::instSybase_request,tasks::
instNMS_request,tasks::single_network_request,tasks::modify_sys_paras,tasks::ena
ble_multipath,tasks::mirrorDisk,tasks::mount_array_disks,tasks::install_sybase,t
asks::build_server</FINISHTASKLIST>
<NETCONFIGFILE>/etc/ICMR/netCfg/OS/os_net_config.cfg</NETCONFIGFILE>
<SYBASEGROUPNAME>dbgroup</SYBASEGROUPNAME>
<SYBASEDBSERVERPORT>4100</SYBASEDBSERVERPORT>
----End
Answer
NOTE
The following uses viewing configurations for the primary site as an example. Viewing configurations for the
secondary site is similar to that for the primary site.
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 View the vcs_net_config.cfg file. Saving this file to a local disk is recommended.
Run the following commands to view the vcs_net_config.cfg file:
# cd /etc/ICMR/netCfg/VCS/
# more vcs_net_config.cfg
...
HBCFG=no
HBIP=10.78.218.52
HBHostname=primary
HBNetmask=255.255.255.0
...
# To use another NIC to back up PHBNic, configure the following parameters.
HBIsIPMP=no
HBStandbyNic=
HBStandbyIP=
HBStandbyNetmask=255.255.255.0
HBStandbyHostname=HBSlave
VVRIP=
VVRHostname=VVRService
VVRNetmask=255.255.255.0
VVRMasterNic=
VVRMasterIP=
VVRMasterHostname=VVRMaster
VVRMasterNetmask=255.255.255.0
VVRStandbyNic=
VVRStandbyIP=
VVRStandbyHostname=VVRSlave
VVRStandbyNetmask=255.255.255.0
APPIP=10.78.218.52
APPHostname=primary
APPNetmask=255.255.255.0
APPMasterNic=bge0
APPMasterIP=
APPMasterHostname=APPMaster
APPMasterNetmask=255.255.255.0
# To use anther NIC to back up the HBNic, configure the following
parameters.
APPIsIPMP=no
APPStandbyNic=
APPStandbyIP=
APPStandbyNetmask=255.255.255.0
APPStandbyHostname=APPSlave
The preceding information shows the system IP address, the host name, the subnet mask, the
default route, and the relationships between the system IP address and the heartbeat network,
replication network, and NMS application network. Details are as follows:
l SystemIP=10.78.218.52: The system IP address is 10.78.218.52.
l SystemHostname=primary: The system host name is primary.
l HBCFG=no: The system IP address is used as the heartbeat IP address (there is no need
to set a heartbeat IP address).
l HBIsIPMP=no: IPMP is not configured for the heartbeat IP address.
l VVRCFG=no: The heartbeat IP address is used as the replication IP address (there is no
need to set a replication IP address).
l APPCfg=yes: The application IP address needs to be set.
Step 3 Run the following command to view and record routing information:
# netstat -rn
----End
Answer
NOTE
The following uses viewing configurations for the primary site as an example. Viewing configurations for the
secondary site is similar to that for the primary site.
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 View the vcs_net_config.cfg file. Saving this file to a local disk is recommended.
Run the following commands to view the vcs_net_config.cfg file:
# cd /etc/ICMR/netCfg/VCS/
# more vcs_net_config.cfg
...
HBCFG=yes
HBIP=10.168.10.10
HBNic=eth1
HBHostname=Primary
HBNetmask=255.255.255.0
HBMAC=34:40:b5:b1:11:0a
...
# To use another NIC to back up PHBNic, configure the following parameters.
HBIsIPMP=yes
HBStandbyNic=eth2
HBStandbyIP=10.9.1.2
HBStandbyNetmask=255.255.255.0
HBStandbyHostname=HBSlave
HBStandbyMAC=90:e2:ba:17:94:84
HBBondName=bond1
VVRIP=10.168.10.10
VVRNic=eth1
VVRHostname=VVRService
VVRNetmask=255.255.255.0
VVRMAC=34:40:b5:b1:11:0a
VVRMasterNic=eth1
VVRMasterIP=10.168.10.10
VVRMasterHostname=VVRMaster
VVRMasterNetmask=255.255.255.0
VVRMasterMAC=34:40:b5:b1:11:0a
VVRMasterRouter=
VVRStandbyNic=eth2
VVRStandbyIP=10.168.10.11
VVRStandbyHostname=VVRSlave
VVRStandbyNetmask=255.255.255.0
VVRStandbyMAC=90:e2:ba:17:94:84
VVRBondName=bond1
#APP network configure, support the ipmp
APPCfg=yes
APPIP=10.9.1.1
APPNic=eth0
APPHostname=Primary
APPNetmask=255.255.255.0
APPMAC=34:40:b5:b1:11:08
APPMasterNic=eth0
APPRouter=
APPMasterIP=10.9.1.1
APPMasterHostname=APPMaster
APPMasterNetmask=255.255.255.0
APPMasterMAC=34:40:b5:b1:11:08
# To use anther NIC to back up the HBNic, configure the following parameters.
APPIsIPMP=yes
APPStandbyNic=eth0
APPStandbyIP=10.9.1.2
APPStandbyNetmask=255.255.255.0
APPStandbyHostname=APPSlave
APPStandbyMAC=90:e2:ba:17:94:85
APPBondName=bond0
FLOATAPPIP=10.9.1.3
FLOATIP=10.9.1.3
FLOATHostname=null
FLOATNetmask=255.255.255.0
FLOATMasterNic=34:40:b5:b1:11:08
...
The preceding information shows the system IP address, the host name, the subnet mask, the
default route, and the relationships between the system IP address and the heartbeat network,
replication network, and NMS application network. Details are as follows:
l SystemIP=10.9.1.1: The system IP address is 10.9.1.1.
l SystemHostname=Primary: The system host name is Primary.
l HBCFG=yes: It needs to set a heartbeat IP address. The heartbeat IP address is
10.168.10.10.
l VVRCFG=yes: It needs to set a replication IP address. The replication IP address is
10.168.10.10. The replication IP address is used as the heartbeat IP address.
l VVRBondName=bond1: The bone name of the replication bond solution is bond1.
l APPCfg=yes: The application IP address needs to be set. The application IP address is
10.9.1.1. The application IP address is used as the system IP address (It needs to set an
application IP address). The application IP address is used as the system IP address.
Step 3 Run the following command to view and record routing information:
# netstat -rn
----End
Question
In the U2000 single-server system, the U2000 may need to be reinstalled on or migrated to
another computer from the currently running U2000 server for some reasons, such as a fault
on the original U2000 or hardware replacement. This topic describes how to reinstall or
migrate the U2000.
Answer
l Reinstalling the U2000 may interrupt the U2000 services and management. Therefore, you
need to ensure that networks are not affected due to the shutdown of the U2000.
l Reinstalling or migrating the U2000 may cause data loss of some configurations. Thus, re-
configuration is required.
l NE login conflicts may occur during the U2000 migration if the current U2000 is not
stopped.
Step 1 Back up the license file. If the machine has been replaced, the license must be applied for
again. This is because the license is associated with the MAC address of the NIC. For details
about how to apply for a license, see U2000 License User Guide.
Step 2 Back up the U2000 database to a specified position. Note that the database data cannot be
deleted after the U2000 is reinstalled.
NOTE
Before backing up the SQL Server database, see A.7.6 How to Check Whether the SQL Server
Database Can Be Sorted in Binary Mode to check whether the collation sort order of the old SQL
Server database is in binary mode.
Step 3 Manually record other information about the U2000. Some data, such as the IP address, host
name, commonly used items, and NBIs, is not backed up during U2000 database backup.
l Perform the following operations to view commonly used system items:
Enter the IP address of the server, for example, https://127.0.0.1:13231. The four octets
127.0.0.1 is the access address of the local server computer in integrated system or the NM
server computer in distributed system, The 13231 is the port number.
b. Choose the NBIs from the navigation tree on the left.
c. Manually record configurations about all NBI instances. Back up the snapshots of
the configurations.
Step 4 Refer to the installation guide to reinstall the U2000. Before reinstalling the U2000, ensure
that the U2000 version (including the patch version), and database version are the same as
those of the old U2000.
Step 5 Restore U2000 database data. For details, see C.11 Managing Databases.
Step 6 Refer to Step 3 to restore the U2000 configurations and commonly used system items. If NBIs
are available, reconfigure the NBIs.
----End
Answer
Step 1 Log in to the OS on the U2000 server as an administrator and do as follows to query the
communication mode in use:
Choose Start > Run. In the Run dialog box, enter cmd to open the command line interface
(CLI). Enter ssl_adm -cmd query to query the communication mode that the U2000 server is
using.
Step 2 Stop U2000 processes.
In the U2000 software installation path, for example, D:\oss\server\platform\bin, run the
stopnms.bat file to stop U2000 processes.
Step 3 Set the communication mode for the U2000 server and client.
Choose Start > Run. In the Run dialog box, enter cmd to open the CLI. Enter ssl_adm -cmd
setmode mode parameter and set the communication mode for the U2000 server and client.
NOTE
The available options for mode parameter are common, ssl, and both.
l common: common mode. If mode parameter is set to common, the U2000 server and client can
communicate only in common mode, and http protocol must be used to download the U2000 client
in CAU mode.
l ssl: security mode. If mode parameter is set to ssl, the U2000 server and client can communicate
only in security mode, and https protocol must be used to download the U2000 client in CAU
mode. The security mode is recommended to ensure security for communication between the
U2000 server and client.
l both: indicates that the U2000 server and client can communicate with each other in either
common or SSL mode.
If the following information is displayed, the communication mode of the server has been set
successfully.
Operation succeeded. Please restart all services for the settings to take effect.
Step 4 If you need to install the client in CAU mode after the server communication mode is set, you
must perform the following operations as the administrator user:
In the U2000 software installation path, for example, D:\oss\cau\bin, run the cau.bat file to
update the CAU. If the following information is displayed, the operation has been set
successfully.
CAU is now updating resource, please wait...
Script is executed successfully.
----End
Answer
Step 1 Log in to the OS on the U2000 server as ossuser user and do as follows to query the
communication mode in use:
$ ssl_adm -cmd query
Step 3 Set the communication mode for the U2000 server and client.
$ ssl_adm -cmd setmode mode parameter
NOTE
The available options for mode parameter are common, ssl, and both.
l common: common mode. If mode parameter is set to common, the U2000 server and client can
communicate only in common mode, and http protocol must be used to download the U2000 client
in CAU mode.
l ssl: security mode. If mode parameter is set to ssl, the U2000 server and client can communicate
only in security mode, and https protocol must be used to download the U2000 client in CAU
mode. The security mode is recommended to ensure security for communication between the
U2000 server and client.
l both: indicates that the U2000 server and client can communicate with each other in either
common or SSL mode.
NOTE
You can ignore messages displayed before this message because they do not affect the operation result.
Step 4 If you need to install the client in CAU mode after the server communication mode is set, you
must perform the following operations as the ossuser user:
$ cd /opt/oss/cau/bin
$ bash cau.sh
----End
Question
The U2000 server and client can communicate with each other in common or Security Socket
Layer (SSL) mode. How to set the common or SSL mode?
Answer
Step 1 Log in to the OS on the U2000 server as ossuser user and do as follows to query the
communication mode in use:
$ ssl_adm -cmd query
Step 3 Set the communication mode for the U2000 server and client.
$ ssl_adm -cmd setmode mode parameter
NOTE
The available options for mode parameter are common, ssl, and both.
l common: common mode. If mode parameter is set to common, the U2000 server and client can
communicate only in common mode, and http protocol must be used to download the U2000 client
in CAU mode.
l ssl: security mode. If mode parameter is set to ssl, the U2000 server and client can communicate
only in security mode, and https protocol must be used to download the U2000 client in CAU
mode. The security mode is recommended to ensure security for communication between the
U2000 server and client.
l both: indicates that the U2000 server and client can communicate with each other in either
common or SSL mode.
NOTE
You can ignore messages displayed before this message because they do not affect the operation result.
Step 4 If you need to install the client in CAU mode after the server communication mode is set, you
must perform the following operations as the ossuser user:
$ cd /opt/oss/cau/bin
$ bash cau.sh
----End
Question
The server in a high availability system (Solaris, SUSE Linux) has two communication
modes, namely, common and Security Socket Layer (SSL). How to set the common or SSL
mode?
If the primary and secondary sites have been connected to each other, change the
communication mode on the primary site and perform a primary/secondary switchover. Then
the communication mode used on the primary site will be synchronized to the secondary site.
If the primary and secondary sites have not been connected to each other, change the
communication mode on them separately.
Answer
Step 1 Log in to the OS as the ossuser user and run the following commands to query the
communication mode in use:
$ ssl_adm -cmd query
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
2. Ensure that the U2000 is not running.
a. Run the following command to change to ossuser user.
# su - ossuser
b. Run the following command to check the running status of the U2000 process:
$ daem_ps
d. Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE
Step 3 Run the following commands to set the communication mode of the server:
$ ssl_adm -cmd setmode mode parameter
NOTE
The available options for mode parameter are common, ssl, and both.
l common: common mode. If mode parameter is set to common, the U2000 server and client can
communicate only in common mode, and http protocol must be used to download the U2000 client
in CAU mode.
l ssl: security mode. If mode parameter is set to ssl, the U2000 server and client can communicate
only in security mode, and https protocol must be used to download the U2000 client in CAU
mode. The security mode is recommended to ensure security for communication between the
U2000 server and client.
l both: indicates that the U2000 server and client can communicate with each other in either
common or SSL mode.
If the following information is displayed, the communication mode of the server has been set
successfully.
Operation succeeded. Please restart all services for the settings to take effect.
NOTE
Ignore information that is displayed before this information because the operation result is not impacted.
Step 4 If you need to install the client in CAU mode after the server communication mode is set, you
must perform the following operations as the ossuser user:
$ cd /opt/oss/cau/bin
$ bash cau.sh
NOTE
Step 6 Optional: If the primary and secondary sites have been connected to each other, follow A.
6.3.3 Manual Switchover Between Active and Standby Sites to perform a primary/
secondary switchover. Then the communication mode used on the primary site will be
synchronized to the secondary site.
----End
NOTE
The default key process mode of the Solaris and PC Linux HA system is the standard mode.
With the differentiation of key processes and non-key processes, the HA system will not fail over due to
non-key process failure and the server will not be marked faulty and fail to protect the system against
server faults. Non-key process failure must be rectified in time.
Answer
Step 1 Log in to the server on the primary site as the ossuser user.
Step 2 Run the following commands to choose a key process mode:
$ cd /opt/oss/engr/OSSApp
$ ./changePrcMoniModel.sh
======
=============================================================================
======
To run this script , process monitor model will be changed, some NMS process ex
ception will not sensitive.
Please choose monitor model: (1) standard protect model (2) maximum protect mod
el.
To choose the standard mode, enter 1. To choose the maximum mode, enter 2.
NOTE
To view non-key processes in standard mode and maximum mode, run the following command:
$ cd /opt/oss/engr/OSSApp/process
To view non-key processes in standard mode, run the following command:
$ cat process_std
To view non-key processes in maximum mode, run the following command:
$ cat process_max
Step 3 Log in to the server at the secondary site as the ossuser user. Change the key process mode of
the secondary site to the same as that of the primary site.
----End
Answer
Step 1 Perform the following operations to modify the configuration file:
1. Use SFTP to download the loginuiconfig.xml file in the U2000 installation path/client/
client/plugins/U2000_EM/style/productstyle/loginui/conf/loginui path to the local
disk as the ossuser user.
On Solaris or Linux, ensure that you download the file using SFTP as the ossuser user. If
security hardening is performed on the OS, FTP/SFTP rights of ossuser will be disabled.
In this case, you need to upload files to the backup directory in the FTP root directory as
the ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot).
On Solaris or Linux, ensure that you upload the file using SFTP as the ossuser user.
If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this
case, you need to upload files to the backup directory in the FTP root directory as the
ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy
files to the target directory as the ossuser user.
Step 2 Log in to the client again. Then enter the IP addresses of both the primary and secondary
servers.
NOTE
After login to the server where a client is located, the client determines whether the primary or
secondary server is started and automatically connects to the started server. By default, the primary
server is connected. If the client has been connected to a started server and the server performs active/
standby switchover, a message is displayed on the client indicating that the connection fails and you
mustrelog in to the client. The client then automatically connects to the started server.
----End
NOTE
l Start the U2000 server on both the primary and secondary sites.
l This configuration will not take effect if the U2000 server has been upgraded, and you need to
perform this configuration again after the U2000 server is upgraded.
Answer
Step 1 Log in to the server OS as the root user.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 Run the following commands to configure the U2000 server to start automatically:
# haconf -makerw
NOTE
----End
Question
How do I confirm the encoding format of the U2000 license file?
Answer
The encoding format of the U2000 license file must be UNIX, not DOS.
l If the Solaris OS is used, perform the following operations to confirm the encoding
format for the U2000 license file:
a. Log in to the OS as the root user.
b. Run the vi command to open the U2000 license file. For example, assume that the
U2000 license file name is license.dat.
c. # vi license.dat
n Normally, the U2000 license file is in UNIX format and information similar to
the following is displayed:
Huawei Technologies Co., Ltd.
All rights reserved.
LicenseSerialNo=LIC2011083100E710
Creator=Huawei Technologies Co., Ltd.
CreatedTime=2011-08-31 15:03:05
Country=China
n In some special cases (for example, the U2000 license file has an error during
file transfer), the encoding format of the U2000 license file is changed to DOS.
Huawei Technologies Co., Ltd.^M
All rights reserved.^M
^M
LicenseSerialNo=LIC2011083100E710^M
Creator=Huawei Technologies Co., Ltd.^M
CreatedTime=2011-08-31 15:03:05^M
^M
Country=China^M
Run the dos2unix command to change the encoding format of the U2000
license file from DOS to UNIX.
# dos2unix license.dat license.dat
NOTE
The U2000 license file is properly displayed after the format conversion.
l If the SUSE Linux OS is used, perform the following operations to confirm the encoding
format of the U2000 license file:
a. Log in to the OS as the root user.
b. Run the cd License file save path command to access the path where the license file
is stored.
c. Run the vi License file name.dat command to open the U2000 license file.
For example, assume that the U2000 license file name is license.dat, run the vi
license.dat command.
n If dos is contained in the last line of the window for viewing license.dat, for
example,
"license.dat" [noeol][dos] 163L, 13496C
The file is in the DOS format. Run the :q command and press Enter to exit
from the vi command. Then run the following command to change the format
of the U2000 license file from DOS to UNIX.
# dos2unix license.dat license.dat
n If dos is not displayed in the last line of the license.dat file, for example,
"license.dat" [noeol] 163L, 13496C
The file is in the UNIX format.
----End
Question
How do I transfer files by means of FTP?
NOTE
Answer
Step 1 Run the following command to connect to the server by means of FTP:
ftp server IP address
Enter the user name and password of the server.
Step 2 Set the FTP transfer mode.
l To use the ASCII mode, run the ascii command.
l To use the binary mode, run the bin command.
Step 3 Go to the path to files to be transferred.
lcd path of files to be transferred
Step 5 Optional: Run the hash command to view the file uploading progress.
hash
Step 7 After the files are transferred, run the quit command to break the FTP connection.
----End
Question
Before the U2000 is installed, you must check whether the OS uses a U2000 user ID. How do
I check and change an OS user ID?
Answer
Step 1 Log in to the OS as the root user.
Step 2 Run the following commands to query the database user ID and U2000 user ID in the system:
l Run the following command to check whether a database user ID exists in the system.
800 specifies a database user ID.
# grep x:800: /etc/passwd
l Run the following command to check whether a U2000 user ID exists in the system. 900
specifies a U2000 user ID.
# grep x:900: /etc/passwd
Step 3 If no command output is displayed, the current system does not use any U2000 user ID. If a
command output is displayed, the current system uses a U2000 user ID, and the installation of
the U2000 may fail. Perform the following operations to back up the user ID and then delete
it. The testuser user ID is used as an example.
# userdel testuser
If the user is a login user, the execution of the userdel command fails to delete the user. A
message will be displayed indicating that the user is being used.
Step 4 After the U2000 is installed, create the user and restore the backup user data.
In system, create a new user named testuser. The testuser user belongs to the testgroup user
group.
----End
Question
After the U2000 is installed on the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server, a
user uses the ifconfig -a command to find that the system contains information about
usbecm0, an extra NIC, and a temporary IP address is automatically configured for the NIC.
How do I deal with the temporary IP address?
Answer
Step 1 Log in to the system controller IP address
Step 2 At the -> prompt, run the following commands to configure hardware:
Step 9 Log in to the OS as the root user. Run the following command to restart the OS:
# sync;sync;sync;sync
# shutdown -y -g0 -i6
----End
Answer
l The network is interrupted when the primary and secondary sites are connected to each
other.
a. Handle the network interruption problem and restore the network connection.
b. Log in to the primary site as the root user, and run the following command to check
the data replication relationship:
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root
command and enter the root user password to switch to the root user.
# vradmin -g datadg repstatus datarvg
Secondary:
Host name: 10.9.1.2
RVG name: datarvg
DG name: datadg
Data status: consistent, up-to-date
Replication status: replicating (connected)
Current mode: asynchronous
Logging to: SRL
Timestamp Information: behind by 0h 0m 0s
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root
command and enter the root user password to switch to the root user.
# vradmin -g datadg repstatus datarvg
Secondary:
Host name: 10.9.1.2
RVG name: datarvg
DG name: datadg
Data status: consistent, up-to-date
Replication status: replicating (connected)
Current mode: asynchronous
Logging to: SRL
Timestamp Information: behind by 0h 0m 0s
----End
Question
How do I burn the ISO file to DVD?
Prerequisites
l The desired ISO file is obtained.
l The DVD recorder has been installed on a Windows PC.
l The burning software has been obtained and installed.
NOTE
The commonly used burning software is Nero, which is a paid software. Purchase Nero from its
official website and then use it. Nero 8 is used as an example in this topic. For more information
about the software, see the software Help or log in to the official website http://
www.nero.com/enu/support/ of the software for technical support.
l An empty DVD is available.
Answer
Step 1 See A.2.25 How Do I Verify Downloaded Software Packages Using the PGPVerify
Software to verify correctness of the obtained ISO file.
The Copy Entire CD, Copy Entire DVD, and Disc Image or Saved Project dialog box is
displayed.
Step 5 Select the ISO file to be burnt to DVD and click Open.
Step 7 Choose the desired recorder from the Current Recorder drop-down list and select the Verify
data on disc after burning check box.
This step aims at ensuring that the contents burnt to DVD are the same as those in the ISO
file.
The Burning Process dialog box is displayed, showing the burning progress. After the ISO
file is burnt to DVD, the Nero Express dialog box is displayed, and a message about the
printing result is displayed.
----End
Question
How to check the U2000 version?
Answer
l In Solaris and Linux, run the following commands as the ossuser user:
$ cd /opt/oss/engr/install/etc/conf
$ cat MacroFileNW.properties
NOTE
Only the U2000 SPC version number can be viewed on this way. If the version has been installed
with a CP patch, perform View the CP version of the U2000 to view more version information
about the U2000 software.
l In Windows, check the U2000 version.
a. Log in to the OS as a user with ossuser rights.
b. Choose Start > Run.
The Run window will be displayed.
c. Enter cmd and click OK.
d. In the CLI, run the following command:
type D:\oss\engr\install\etc\conf\MacroFileNW.properties
...
@{U2000Product_Server_VersionName}=V200R016C60SPCxxx
...
NOTE
Only the U2000 SPC version number can be viewed on this way. If the version has been
installed with a CP patch, perform View the CP version of the U2000 to view more version
information about the U2000 software.
l If the version has been installed with a CP patch, you can use the following method to
view the CP version of the U2000.
The version information is stored on the U2000 server as a configuration file named the
version number. Access the following directory to view all version information:
In Windows: %IMAP_ROOT%\patch, such as D:\oss\server\patch.
In Solaris and Linux: $IMAP_ROOT/patch, such as /opt/oss/server/patch.
NOTE
The CP version number can be obtained only by accessing the directory. One version can have
either 0 patch or multiple CP patches.
Prerequisites
l To use the service of a third-party tool for file transfer, make sure that the third-party tool
configured as the FTP or SFTP service is started, and stop the FTP/SFTP service of the
U2000 server.
NOTE
The way of stop the FTP/SFTP service of the U2000 server is Stop the XftpDm process in the task
manager, configure the third-party FTP service, and then restart the ftpdaemon process.
l The file transfer parameters set on the U2000 must be the same as the parameters set on
the FTP or SFTP service.
l If FTP is used, peform operations as required. SFTP is recommended because it provides
better security.
– If the U2000 is not installed on the server, log in to http://mina.apache.org/
ftpserver-project/downloads.html to download the latest apache-ftpserver
compression package and refer to the documents on the website to configure the
FTP service. For more information about software operation, see the software Help
or go to the official website of the software http://mina.apache.org/ftpserver-
project/documentation.html for technical support. In addition to the apache-
ftpserver, the wftpd32.exe is another third-party tool used to configured the FTP
service. The wftpd32.exe cannot be used to configure the FTP service. Otherwise,
an abnormality occurs during remote database backup.
– If the U2000 has been installed on the server, apache-ftpserver will be
automatically installed along with U2000 installation. Therefore, you do not need to
manually configure the FTP service after the U2000 is installed.
Context
l The SFTP service is recommend because it provides better security.
l See operations in this topic on the windows server before U2000 data is backed up or
restored.
l User created for minasshd SFTP services is ftpuser by default and the default password
is Changeme_123. To ensure the security of the NMS, change the password for the
ftpuser user periodically.
NOTE
The password must meet the following rules:
l The password consists of 8 to 32 characters.
l The password must be a combination of three types of characters: digit, letter, and special character.
l Configuring the SFTP service key method is as follows, assuming the SFTP root
directory is D: .
a. Log in to the NMS server as a NMS administrator account.
b. Copy the key file authorized_keys to the SFTP root directory.
c. Copy and paste the public key information to the .ssh file in the SFTP root
directory. If the .ssh file does not exist, run the following commands to create the
file and copy key information:
> cd d:
> mkdir .ssh
> copy authorized_keys .ssh
Procedure
l Optional: Configure the SFTP service.The SFTP service needs to be configured only
when SFTP is used on a server where the U2000 is not installed.
The minasshd software is automatically installed along with U2000 installation. The
SFTP services is automatically installed, and the user ftpuser is automatically created
for the services.
l Starting the SFTP service
a. Log in to the System Monitor client as a system administrator account.
b. Click the Service Monitor tab, right-click minasshd and choose Start the Service
from the shortcut menu to start the minasshd SFTP service.
l Stopping the SFTP service
a. Log in to the System Monitor client as a system administrator account.
b. Click the Service Monitor tab, right-click minasshd and choose Stop the Service
from the shortcut menu to stop the minasshd SFTP service.
----End
Context
By default, SFTP uses password authentication (that is, the account used for connecting to the
sftp server, and the corresponding password are used for authentication), but does not use
public key authentication.
Procedure
Step 1 Configure SFTP public key authentication on the server.
1. Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.Log in to the
U2000 server as user ossuser.
2. Run the following command to switch to user root.
$ su - root
Password:Password of root
3. Run the following command to allow user ftpuser to log in to the operating system in
shell mode.
# mkdir -p /opt/backup/ftpboot/.ssh
# su - ftpuser
6. Run the following commands to create key files and specify the password for the private
key file:
$ ssh-keygen -t rsa
NOTE
– After commands are executed, id_rsa.pub and id_rsa are generated under the /opt/backup/
ftpboot/.ssh directory.
– The names of the public key file and the private key file can be customized. The default names
are used as an example in this document.
– It is recommended that the private key file is updated periodically to ensure data security. The
updating period can be customized. The recommended period for updating the private key file
is one month.
– The password must contain at least 6 characters and is recommended to contain a maximum of
64 characters. It must contain at least three types of the following characters: lowercase letter
(a–z), uppercase letter (A–Z), digit (0–9), and special characters (~!@#%*-_=+[{}]:,./?).
7. Run the following commands to import id_rsa.pub to authorized_keys.
$ cd /opt/backup/ftpboot/.ssh
$ exit
8. Run the following command to prohibit user ftpuser from logging in to the operating
system in shell mode.
# usermod -s $FTP_SHELL ftpuser
NOTE
– Try password authentication specifies whether to use password authentication when public
key authentication fails. When it is selected, if public key authentication fails, the U2000
attempts at password authentication. When it is cleared, if public key authentication fails, the
U2000 does not attempt at password authentication and immediately displays an authentication
failure message.
– The password must contain at least 6 characters and is recommended to contain a maximum of
64 characters. It must contain at least three types of the following characters: lowercase letter
(a–z), uppercase letter (A–Z), digit (0–9), and special characters (~!@#%*-_=+[{}]:,./?).
4. Click OK.
----End
Question
The UDP port 514 is used by the syslogd service in the Solaris OS/the syslog service in the
SUSE Linux OS to receive remote logs. After you install the U2000 on the operating system,
the SyslogCollectorDM service of the U2000 also uses port 514 to receive remote logs. If the
syslogd service is enabled in the Solaris OS/the syslog service is enabled in the SUSE Linux
OS before an upgrade, a port conflict occurs after the upgrade. As a result, the
SyslogCollectorDM service is disabled and the attempt to start the SyslogCollectorDM
service fails.
Answer
To ensure that the NE logs are properly displayed on the U2000 client, disable the remote log
receiving function for the syslogd service in the Solaris OS/the syslog service in the SUSE
Linux OS, and allow the U2000 SyslogCollectorDM service instead of the OS receives the
remote logs. Perform the following operations on the nodes where the SyslogCollectorDM
service has been deployed to ensure that UDP port 514 is not used by the OS.
1. Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.Log in to the
U2000 server as user ossuser.
2. Run the following command to set environment variables.
$ . /opt/oss/server/svc_profile.sh
3. Run the following command to enable the U2000 SyslogCollectorDM service:
$ svc_adm -cmd enable -svcname SyslogCollectorDM
– If the SyslogCollectorDM service is started, the problem is not caused by the port
conflict. The procedure ends.
– If the SyslogCollectorDM service is not started, perform .4.
4. Run the following command to switch to user root.
$ su - root
Password: Password of root
5. Run the following command to view the usage of port UDP 514:
In the Solaris OS:
# netstat -an -P udp |grep 514
If the following information is displayed, port UDP 514 has been occupied by the
syslogd service:
*.514 Idle
6. Disable the remote log receiving function for the syslogd service in the Solaris OS/the
syslog service in the SUSE Linux OS.
In the Solaris OS:
a. Run the following command to stop the syslogd service on the OS:
# svcadm disable system-log
b. Run vi to modify the /etc/default/syslogd file.
Change LOG_FROM_REMOTE=YES that is in the last row of the file to
LOG_FROM_REMOTE=NO, and delete # of this line. Run :wq! to save the file
and exit.
c. Run the following command to start the syslogd service:
# svcadm enable system-log
In the SUSE Linux OS:
a. Run the following command to stop the syslog service on the OS:
#
# uncomment to process log messages from network:
#
# udp<ip<"0.0.0.0"> port<514>>;
13. Take this step if you use the SUSE Linux OS. Run the following command to view the
usage of port UDP 514 again:
# lsof -i:514
If the following information is displayed, the U2000 SyslogCollectorDM service has
occupied this port.
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
SyslogCol 11101 root 31u IPv4 8519207 UDP *:syslog
Question
After the secondary site in a HA system fails, separating the primary site from the secondary
site is performed on the primary site. However, the primary site fails to deliver commands to
the secondary site to separate the primary site from the secondary site. As a result, this
separation succeeds on the primary site but fails on the secondary site. In this situation, the
secondary site is in the unilateral separation status. (If the primary site in a HA system fails in
the preceding scenario, it will also be in the unilateral separation status.)
This example illustrates how to restore the secondary site to an independent site after this
secondary site recovers from the unilateral separation status.
Answer
Step 1 Ensure that the primary site has exited from the MSuite client. For details, see C.2.3 Exiting
from the MSuite client.
Step 2 Separate the primary site from the secondary site on the secondary site. For details, see C.6.2
Separating the Primary Site from the Secondary Site.
----End
Question
How do I obtain third-party software and hardware materials?
Answer
The U2000 running depends on third-party software and hardware. To help you better
maintain third-party software and hardware, handle related faults, and acquire knowledge, you
can obtain corresponding materials from third-party websites. Table A-14 lists the URLs of
commonly seen third-party software and hardware.
NOTE
Websites of third-party materials may vary with different reasons. The correct URLs are subject to the
official release.
Windows 10 http://
windows.microsoft.com/en
-us/windows/windows-
help#windows=windows-1
0
X3850 X5 http://www-947.ibm.com/
support/entry/portal/
documentation_expanded_
list/hardware/systems/
system_x/system_x3850_x5
RH2288H V2 http://support.huawei.com/
enterprise/
productsupport?
lang=en&pid=9581539&id
AbsPath=7919749|
9856522|9856792|9581539
RH2288H V3 http://support.huawei.com/
enterprise/
productsupport?
lang=en&pid=9901881&id
AbsPath=7919749|
9856522|9856792|9901881
RH5885H V3 http://support.huawei.com/
enterprise/
productsupport?
lang=en&pid=9768163&id
AbsPath=7919749|
9856522|9856792|9768163
M5000 http://www.oracle.com/
technetwork/
documentation/sparc-
mseries-
servers-252709.html
T4-1 http://docs.oracle.com/cd/
E22985_01/index.html
T4-2 http://docs.oracle.com/cd/
E23075_01/index.html
l If the device is connected to the network through the server's application IP address, the
server's application IP addresses should communicate normally with their interconnected
devices, and the server's application IP address should add to the southbound IP address
list.
l The server's application IP address should communicate normally with all client networks.
l The U2000 will be restarted in the IP address configuration process, thus interrupting the
communication between the U2000 and southbound NEs.
l In the HA system, see C.6.2 Separating the Primary Site from the Secondary Site to
separate the primary and secondary sites. then perform the following operations on the
master and slave servers.
Answer
Step 1 Configure an IP address on an unused network interface for the communication between the
U2000 and southbound NEs.
l If the Linux OS is used, see A.2.15 How to Set IP Addresses for Unused NICs on
SUSE Linux.
l If the Solaris OS is used, see A.3.1.9 How to Set IP Addresses for Unused NICs on a
Workstation.
l If the Windows OS is used, configure an IP address on an unused network interface for
the communication between the U2000 and southbound NEs.
NOTE
l The configured IP address can be used only for the communication between the U2000 and
southbound NEs.
l If in the environment, needs separately in the host prepares on the server to carry out the following
step.
Step 2 Log in to the U2000 as the ossuser user. Run the following commands to configure an IP
address for the communication between the U2000 and southbound NEs. For example, on the
U2000 that runs the Solaris OS, configure the IP address 10.9.9.1.
l In Linux&Solaris OS, perform the following operations:
$ cd /opt/oss/server/tools/configSouthIP
$ ./configsouthip.sh -set 10.9.9.1
NOTE
l To configure more than one such IP address, the specified IP addresses must be in the following
format:
"IP1;IP2;IP3..."
For example, to configure 10.9.9.1 and 10.9.9.2, run the ./configsouthip.sh -set "10.9.9.1;10.9.9.2"
command.
l IP addresses for the communication between the U2000 and southbound NEs must be on the same
network as the IP address of the U2000. If a southbound communication IP address is on a different
network segment, perform an NAT operation to convert the IP address. For details about how to
convert an IP address using NAT, see Working with the NMS > Setting Parameters for the
Communication Between the U2000 and NEs > Configuring the xFTP Service > Configuring
the NAT Address Translation in the Help.
Step 3 Run the following command to check the IP address is configured successfully.
l In Linux&Solaris OS, perform the following operations:
$ ./configsouthip.sh -get
Step 4 Stop the U2000 service. For details, see operations of stopping the U2000 server in 3
Shutting Down a U2000.
Step 5 Start the U2000 service. For details, see operations of starting U2000 server in 2 Starting the
U2000 System.
----End
Context
l You can run the svcs svc:/network/ntp:default command to check the running status of
the NTP service.
– If the command output contains online, the NTP service has started.
STATE STIME FMRI
online 11:00:06 svc:/network/ntp:default
NOTE
l If the NTP service has been started, port 123 corresponding to the service will also be
enabled. Run the netstat -an |grep 10.185.166.48.123 command to check whether port
123 used by the NTP service has been enabled on the current U2000 server.
10.185.166.48 is the ip address of the current U2000 server.
Information similar to the following is displayed means the port 123 has been enabled.
10.185.166.48.123 Idle
l If no information displayed, means the port 123 has not been enabled. Run the svcadm
restart ntp command to restart the NTP service and port 123 corresponding to the
service will also be enabled.
– If maintenance is displayed, run svcadm clear svc:/network/ntp:default and
check again.
STATE STIME FMRI
maintenance 14:50:17 svc:/network/ntp:default
– If disabled is displayed, the NTP service is not started.
STATE STIME FMRI
disabled 11:00:06 svc:/network/ntp:default
NOTE
If the NTP service is not started, run the svcadm enable svc:/network/ntp:default command to
start the NTP service.
l You can run the date command.
– Check whether the medium-level NTP server time and the upper-level NTP
server time are the same.
– Check whether the NTP client time and the upper-level NTP server time are the
same.
If they are the same, the NTP service is in the normal state.
l In the ntpq -p command output, the remote field specifies the address of the reference
clock source. in the return message of the ntpq -p command is the IP address of the
reference time source. It indicates the status of the reference time source.
l The ntptrace command traces the entire NTP synchronization link from the local
machine to the NTP server at the highest level.
Procedure
Step 1 Log in to OS as user root.
Step 2 In a command line interface (CLI), run the ntpq -p command to view the NTP clock source.
Step 3 Run the ntptrace command to view the NTP synchronization link.
----End
Result
l If the server running on Solaris is configured as the NTP server at the top level, the
command outputs are as follows:
# ntpq -p
remote refid st t when poll reach delay
offset disp
==============================================================================
==
*local(0) .LOCL. 1 29 64 377
0.000 0.000 0.000
NOTE
l The preceding information indicates that the current server is the NTP server with the highest
stratum and is tracing the local time
l The check of the NTP service takes about 5 minutes after the NTP server and NTP clients have
been started. In the ntpq -p command output, the remote field is not marked with an asterisk
(*). In the ntptrace command output, Timeout or Not Synchronized is displayed. Wait
5 minutes and then run the ntpq -p command or ntptrace command.
l If the server running on Solaris is configured as the NTP server at the intermediate level,
the command outputs are as follows:
# ntpq -p
remote refid st t when poll reach delay
offset disp
==============================================================================
==
*10.161.94.212 .LCL. 1 u 165 512 377
0.406 61.294 0.111
+local(0) Local(0) 3 1 29 64 377
0.000 0.000 0.000
# ntptrace
localhost: stratum 2, offset 0.000049, synch distance 0.02863
10.161.94.212: stratum 1, offset -0.001166, synch distance 0.01024
NOTE
l In the ntpq -p command output, *10.161.94.212 specifies that the IP address of the NTP
server on which the host performs time synchronization is 10.161.94.212. The asterisk (*)
indicates that the status is normal. The value in the st column indicates that 10.161.94.212 is at
stratum 1.
l In the ntptrace command output, localhost: stratum 2 specifies that the host is at
stratum 2, and the IP address of the host at the upper level is 10.161.94.212 at stratum 1.
l The check of the NTP service takes about 5 minutes after the NTP server and NTP clients have
been started. In the ntpq -p command output, the remote field is not marked with an asterisk
(*). In the ntptrace command output, Timeout or Not Synchronized is displayed. Wait
5 minutes and then run the ntpq -p command or ntptrace command.
l If the clients running on Solaris are configured as NTP clients at the intermediate level,
the command outputs are as follows:
# ntpq -p
remote refid st t when poll
reach delay offset disp
==============================================================================
=
*10.161.94.214 10.161.94.212 2 u 58 64
377 0.37 0.217 0.05
# ntptrace
localhost:stratum 3, offset 0.000035, sycnh distance 0.08855
10.161.94.214: stratum 2, offset 0.000224, synch distance 0.07860
10.161.94.212: stratum 1, offset 0.060569, synch distance 0.01036,
refid 'LCL'
NOTE
l In the ntpq -p command output, *10.161.94.214 specifies that the IP address of the NTP
server on which the host performs time synchronization is 10.161.94.214. The asterisk (*)
indicates that the status is normal. The value in the st column indicates that 10.161.94.214 is at
stratum 2.
l In the ntptrace command output, localhost: stratum 3 specifies that the host is at
stratum 3, the IP address of the host at stratum 2 is 10.161.94.214, and the IP address of the
host at stratum 1 is 10.161.94.212.
l The check of the NTP service takes about 5 minutes after the NTP server and NTP clients have
been started. In the ntpq -p command output, the remote field is not marked with an asterisk
(*). In the ntptrace command output, Timeout or Not Synchronized is displayed. Wait
5 minutes and then run the ntpq -p command or ntptrace command.
Context
If the NTP service is stopped, the U2000 server fails to synchronize the time with that of the
NTP server. This may result in a time deviation.
Procedure
Step 1 Use the PuTTY to log in to the Solaris OS as user ossuser in SSH mode.
Step 3 Run the following command to check the running status of the NTP service.
# svcs svc:/network/ntp:default
l If the command output contains online, the NTP service has started.
STATE STIME FMRI
online 11:00:06 svc:/network/ntp:default
If the NTP service has been started, port 123 corresponding to the service will also be
enabled. Run the netstat -an |grep 123 command to check whether port 123 used by the
NTP service has been enabled on the current server.
l If maintenance is displayed, run svcadm clear svc:/network/ntp:default and check
again.
STATE STIME FMRI
maintenance 14:50:17 svc:/network/ntp:default
Step 4 Run the following command to start or stop the NTP service.
l Run the following command to start the NTP service.
# svcadm enable svc:/network/ntp:default
l Run the following command to stop the NTP service.
# svcadm disable svc:/network/ntp:default
NOTE
The command needs to be run only once. After the command is run, the NTP service does not
automatically start each time the system is restarted.
----End
Context
If the NTP service is stopped, the U2000 server fails to synchronize the time with that of the
NTP server. This may result in a time deviation.
Procedure
Step 1 Use the PuTTY to log in to the SUSE Linux OS as user ossuser in SSH mode.
Step 3 Run the following command to check the running status of the NTP service.
# rcntp status
NOTE
l If the command output contains running, the NTP service has started.
Checking for network time protocol daemon (NTPD):
running
If the NTP service has been started, port 123 corresponding to the service will also be enabled. Run
the netstat -an |grep 123 command to check whether port 123 used by the NTP service has been
enabled on the current server.
l If unused is displayed, the NTP service is not started.
Checking for network time protocol daemon (NTPD): unused
Step 4 Run the following command to start or stop the NTP service.
l Run the following command to start the NTP service.
# service ntp start
l Run the following command to stop the NTP service.
# service ntp stop
----End
Answer
Step 1 Log in to http://texpert.huawei.com/TExpert/Pages/PageContainer.htm.
NOTE
l The following assumes that an engineer queries and installs a server on which the SUSE Linux OS is
installed.
l Only Huawei engineers have permission to log in to the system. Customers can contact Huawei
engineers to obtain information as needed.
Step 2 In the HUMEP iTestCommander page that is displayed, set Domain to FT and FT Data
Browse to By SN.
Step 3 Enter the obtained bar code number next to the Serial Number text box and click Search.
NOTE
You can obtain the bar code number from the server shelf.
Step 4 On the tab that is displayed, select the row whose SubSequence is 5 and has the latest
TransactionTime. Click SerialNumber.
Step 5 The query result page is displayed. View information about the software and hardware
installation and ESNs on the Result Two tab.
----End
Question
What should I do if the data restoration on the secondary site fails because of missing
databases?
NOTE
The failure occurs if the xxDB file is missing from backup files on the primary site or the xxDB file is
missing from the database of the secondary site.
Answer
Step 1 Check for the xxDB file of the Sybase or SQL Server database of the primary site.
To check for the xxDB file of the Sybase database, perform the following steps:
– If you log in as another user, you can run su - dbuser to switch to the dbuser user.
– By default, the password of the dbuser is Changeme_123 after system installation.
2. Run the following command to check the database information:
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
To check for the xxDB file of the SQL Server database, perform the following steps:
1. Log in to the OS as the dbuser.
2. Run the following command at the command prompt:
C:\> isql -Usa -SDBSVR
NOTE
In order to enhance the security of the database after the U2000 is installed, the sa user may be
manually disabled and replaced with a customized administrator name, such as dbadmin.
Password:
1> sp_helpdb
2> go
NOTE
The database information includes the database name, size, owner, and status.
Step 2 Optional: Add the xxDB file if it is missing from the database.
NOTE
You can add the xxDB file by means of domain deployment. If the method does not work, contact
Huawei technical support engineers.
Step 3 Check whether xxDB information exists in the ../server/etc/conf/sysconfigure.xml file on the
site where the xxDB file is missing.
l If xxDB information does not exist on the primary site, use the following workaround:
delete xxDB information from the ../server/etc/conf/sysconfigure.xml file on the
secondary site. The database is not restored in the cold backup scheme.
l If xxDB information does not exist on the secondary site, use the following workaround:
add xxDB information to the ../server/etc/conf/sysconfigure.xml file on the secondary
site. The database is restored in the cold backup scheme.
This operation is critical and may affect services. Back up related files before the adding or
deleting information in the files.
----End
Answer
l Import an SSL certificate for the U2000 and an NE through the GUI.
a. Log in to the MSuite client from the U2000 server. For details, see C.2.2 Logging
In to the MSuite Client.
b. Choose Certificate File Management > SBI Certificate.
c. In the Certificate Configuration dialog box, click Import.
d. In the Import Certs dialog box, click the ID Certificate tab and configure the SSL
Client and SSL Server identity certificates.
NOTE
ii. In the SSL Client Cert area, click next to File Name. In the Select Certs
dialog box, select a certificate and click OK.
iii. In the SSL Client Cert area, enter the encryption password of an SSL client
identity certificate in the PFX Password text box.
iv. In the SSL Server Cert area, click next to File Name. In the Select Certs
dialog box, select a certificate and click OK.
v. In the SSL Server Cert area, enter the encryption password of an SSL server
identity certificate in the Password text box.
vi. In the text box on the right of Certs backup path, enter the directory name.
e. Click the Trust Certificate tab, and click Add. In the Select Certs dialog box,
select the trust certificate and click OK.
f. Optional: Click the Certificate Revocation List tab and click Add. In the Select
Certs dialog box, select the revocation certificate and click OK.
If the SSL certificate is revoked, the U2000 cannot communicate with NEs in SSL
mode after the U2000 is restarted. Exercise caution.
○ certType: certpr_pem
○ certFile: CERTNE.CRT
○ authCode: password for encrypting the authentication certificate
○ keyType: keytype_rsa
○ keyFile: CERTNE.KEY
vii. Click the sslTrustCALoad tab and click Create. Configure the trust
certificate.
○ caType: catype_pem-ca
○ caFile: CA.CRT
○ authCode: password for encrypting the trust certificate
viii. In the NE Explorer, choose Communication > Communication Parameters
from the navigation tree.
ix. Set SSL Policy-Name, for example, to u2000.
x. Click Apply.
xi. Choose Administration > DCN Management from the main menu
(traditional style); alternatively, double-click Fix-Network NE Configuration
in Application Center and choose Administration > DCN Management
from the main menu (application style). Click the GNE tab.
xiii. Click next to SSL Certificate. In the Select SSL Certificate dialog box,
select the desired certificate and click OK.
xiv. Log in to the NE.
l Import an SSL certificate for the U2000 and NE using commands.
a. Start importing the identity certificate and trust certificate scripts.
n Solaris/SUSE Linux (as the ossuser user):
$ . /opt/oss/server/svc_profile.sh
$ cd /opt/oss/server/tools/trans_cert_tool
$./ssl_cert_adm.sh -cmd import user -client_cert client.p12 [-pfxpwd
password1] -server_cert server.p12 [-pfxpwd password2] -trust trust.cer
NOTE
user indicates the name of the folder in which SSL certificates are stored. password1
and password2 indicate the encrypted password for the SSL Client and SSL Server
certificates.
n Windows:
>cd /d d:\oss\server\tools\trans_cert_tool
>ssl_cert_adm.bat -cmd import user -client_cert client.p12 [-pfxpwd
password1] -server_cert server.p12 [-pfxpwd password2] -trust trust.cer
NOTE
user indicates the name of the folder in which SSL certificates are stored. password1
and password2 indicate the encrypted password for the SSL Client and SSL Server
certificates.
b. Optional: Start the CRL configuration script.
n Solaris/SUSE Linux (as the ossuser user):
$ . /opt/oss/server/svc_profile.sh
$ cd /opt/oss/server/tools/trans_cert_tool
$ ./ssl_cert_adm.sh -cmd add_revoke user revoke.crl
NOTE
user indicates the name of the folder in which SSL certificates are stored.
n Windows:
>cd /d d:\oss\server\tools\trans_cert_tool
>ssl_cert_adm.bat -cmd add_revoke user revoke.crl
NOTE
user indicates the name of the folder in which SSL certificates are stored.
c. Check that the U2000 generates the necerts folder in the certificate directory and
this folder contains the CA.CRT, CERTNE.CRT, CERTNE.KEY, and
SSLCFG.KEY certificates.
d. Load and deploy the four certificates on the NE.
Load and deploy certificates.
i. Log in to the U2000 client.
ii. Open the NE Explorer and choose Security > SSL Certificate Management
> SSL Certificate Download from the navigation tree.
iii. Select CA.CRT, CERTNE.CRT, and CERTNE.KEY certificates and click
File Upload to load them.
iv. Click the SSL Policy Management tab and click Create.
v. Set ssl-policy-name, for example, to u2000.
vi. Click the sslCertLoad tab and click Create. Configure the authentication
certificate.
○ certType: certpr_pem
○ certFile: CERTNE.CRT
○ authCode: password for encrypting the authentication certificate
○ keyType: keytype_rsa
○ keyFile: CERTNE.KEY
vii. Click the sslTrustCALoad tab and click Create. Configure the trust
certificate.
○ caType: catype_pem-ca
○ caFile: CA.CRT
○ authCode: password for encrypting the trust certificate
viii. In the NE Explorer, choose Communication > Communication Parameters
from the navigation tree.
ix. Set SSL Policy-Name, for example, to u2000.
x. Click Apply.
xi. Choose Administration > DCN Management from the main menu
(traditional style); alternatively, double-click Fix-Network NE Configuration
in Application Center and choose Administration > DCN Management
from the main menu (application style). Click the GNE tab.
xiii. Click next to SSL Certificate. In the Select SSL Certificate dialog box,
select the desired certificate and click OK.
xiv. Log in to the NE.
----End
Answer
Step 1 Log in to the desired server's OS as the root user over SSH using the PuTTY.
NOTE
You can then run the cat /root/.ssh/known_hosts command to check the result of buffer clearance.
----End
Answer
Step 1 Change the private key of the SNMPv3 user in disk array.
If multiple disk arrays are configured, you need to perform the operation on every disk array
and ensure that the private keys for the disk arrays are the same.
1. Use PuTTY to log in to U2000 serverprimary IS node in SSH mode as user ossuser. In
an HA system, a remote HA system, log in to any U2000 server.
2. Run the following command to log in to controller A or controller B of the disk array as
user admin in SSH mode.
$ ssh admin@@IP address of controller A or controller B
Password: password of user admin
NOTE
The default password for the user admin is Admin@storage and password set after
preinstallation is Changeme_123.
3. Run the following command to modify the environment variables for the lib library.
$export LD_LIBRARY_PATH=/usr/sfw/lib
4. Run the following command to change the password for the default user Kaimse of the
disk array SNMP service.
– OceanStor 5500 V3 disk array:
> change snmp usm user_name=Kaimse authenticate_protocol=SHA
private_protocol=AES
Enter the old and new passwords for user Kaimse according to the system prompt.
Please input your authenticate password: new authenticate password
Please input your authenticate password again: new authenticate password
Please input your private password: new private password
Please input your private password again: new private password
NOTE
The default password and password set after preinstallation for the user Kaimse is
ism@Storage.
The new authenticate password and the new private password must be different.
The private key can contain 6 to 32 characters, including digits 0 to 9, lowercase letters a to
z, uppercase letters A to Z, and special characters @%-=_.]{}. To improve private key
security, please use the following private key policies:
n Must contain special characters and at least two types of following characters:
uppercase letters, lowercase letters and digits when password complex is normal.
n Must contain special characters, uppercase letters, lowercase letters and digits when
password complex is high.
n Must contain any types of the following characters: special characters, uppercase
letters, lowercase letters and digits when password complex is low.
n Be different from the user name or reversed used name.
n Repeated character strings whose unit length is common fractor of 64 (1, 2, 4, 8, etc.)
are not allowed in the passwords, for example, abab and abcdabcd.
To enhance the system security, periodically update the key.
The system displays the following information:
CAUTION: You are advised to set the USM account using secure
authentication protocol SHA and data encryption protocol AES.
Do you wish to continue?(y/n)
Enter y and press Enter. When the system displays the following information, the
password of user Kaimse has been changed successfully:
Command executed successfully.
Enter the old and new passwords for user Kaimse according to the system prompt.
Old password: old key
New password: new key
Re-enter new password: new key
NOTE
The default password and password set after preinstallation for the user Kaimse is
Kaimse@storage.
The private key can contain 6 to 32 characters, including digits 0 to 9, lowercase letters a to
z, uppercase letters A to Z, and special characters @%-=_.]{}. To improve private key
security, please use the following private key policies:
n Must contain special characters and at least two types of following characters:
uppercase letters, lowercase letters and digits when password complex is normal.
n Must contain special characters, uppercase letters, lowercase letters and digits when
password complex is high.
n Must contain any types of the following characters: special characters, uppercase
letters, lowercase letters and digits when password complex is low.
n Be different from the user name or reversed used name.
n Repeated character strings whose unit length is common fractor of 64 (1, 2, 4, 8, etc.)
are not allowed in the passwords, for example, abab and abcdabcd.
To enhance the system security, periodically update the key.
When the system displays the following information, enter y and press Enter to
restart the SNMP service of the disk array.
This operation will lead to reboot the snmp service!
Do you want to continue? y or n: y
When the system displays the following information, the password of user Kaimse
has been changed successfully:
command operates successfully
If the system displays the following information, type y to log out of the disk array.
Are you sure to exit?(y/n): y
Step 2 Change the private key of the SNMPv3 user in U2000 server. In an HA system or a remote
HA system, you must perform this operation on every server.
1. Use PuTTY to log in to U2000 server in SSH mode as user ossuser.
2. Run the following command to switch to user root.
$ su - root
Password:password of user root
3. Run the following commands to start the tool for changing the private key.
# cd /opt/oss/engr/engineering/tool/
# ./modifyUSMvalue.sh
NOTE
For OceanStor 5500 V3 disk array, the default password and password set after preinstallation is
ism@Storage.
For OceanStor S3900 disk array, the default password and password set after preinstallation is
Kaimse@storage.
The private key can contain 8 to 30 characters, including digits 0 to 9, lowercase letters a to z,
uppercase letters A to Z, and special characters @%-=_.]{}. To improve private key security,
please use the following private key policies:
– The private key contains at least one uppercase letter.
– The private key contains at least one lowercase letter.
– The private key contains at least one digit.
– The private key contains at least one special character.
– The key cannot be composed of duplicate character strings, for example, Te_1Te_1.
To enhance the system security, periodically update the key.
6. Change the key of the SNMPv3 to the new authenticate password you have set in Step
1.4 as prompted.
When the system displays the
Operation succeeded...,
message, the private key of the SNMPv3 user is changed successfully.
Operation succeeded...
=============================================================
Please select a operation type
1--authpasswd
2--privpasswd
R--Return
=============================================================
Please make a choice : r
7. If the 5500 V3 disk array is used, privpasswd needs to be modified. If the other disk
array is used, please ignore this step to perform Step 2.8.
Type 2 to choose privpasswd and press Enter.
The system displays the following information.
Old key: old key
New key: new key
Re-enter new Key: new key
Change the key of the SNMPv3 to the new private password you have set in Step 1.4 as
prompted.
When the system displays the
Operation succeeded...,
message, the private key of the SNMPv3 user is changed successfully.
Operation succeeded...
=============================================================
Please select a operation type
1--authpasswd
2--privpasswd
R--Return
=============================================================
Please make a choice :
8. Type r to choose Return and press Enter to back to the previous menu.
The system displays the following information.
=============================================================
Please select a operation type
1--S2600/S3900
2--5500v3
Q--Exit
=============================================================
Please make a choice : q
9. Type q to choose Exit and press Enter to exit the tool for changing the private key.
In the command output, the second row of the ResourceMonitor -cmd start line
displays the ID of ResourceMonitor.
# kill -9 13382
NOTE
In the preceding command, 13382 is the process ID of ResourceMonitor. Replace it with the
actual value.
# su - ossuser
$ . /opt/oss/server/svc_profile.sh
$ exit
# ResourceMonitor -cmd start
Step 3 Log in to the centralized maintenance management tool. For details, see Logging In to the
U2000 Centralized Maintenance Management Tool.
Step 4 Choose Maintenance > Alarm Configuration > Set Disk Array Alarm Receiving
Parameters.
Step 5 Click after the alarm receiving parameters to modify Authentication Password and
Encryption Password.
----End
Question
How can I change the password of the H2 database?
NOTE
The default user name of the H2 database is ossuser and the default password is Changeme_123. The
default password of H2 database file is Changeme_123. To ensure system security, change passwords
immediately after installation, update it periodically, and save it properly.
Answer
Step 1 Use PuTTY to log in to the OS as the ossuser user in SSH mode.
Step 3 Run the following commands to start the H2 user management tool.
$ cd /opt/oss/server/tools/h2UserManager
$ ./H2SqlExecTool.sh
Step 4 Enter the database user name and press Enter. The default user name is ossuser.
Information similar to the following is displayed.
Please input your user password:
Step 5 Enter the database user password and press Enter. The default password is Changeme_123.
Information similar to the following is displayed.
Please input your file password:
Step 6 Enter the database file password and press Enter. The default password is Changeme_123.
NOTE
This script can be used to modify the database user password but not the database file password.
Step 8 Enter the new planned database user password according to the prompted password rule and
press Enter.
Information similar to the following is displayed.
Please confirm your new user password:
Step 9 Enter the new planned database user password according to the prompted password rule again
and press Enter.
If "success" is displayed similar to the following, the password is changed successfully.
User: Modify password success.
----End
NOTE
The default user name of the H2 database is ossuser and the default password is Changeme_123. The
default password of H2 database file is Changeme_123. To ensure system security, change passwords
immediately after installation, update it periodically, and save it properly.
Answer
Step 1 Use PuTTY to log in to the OS as the ossuser user in SSH mode.
Step 4 Run the following commands to start the tool to change the H2 database file password.
$ cd /opt/oss/server/tools/h2UserManager
$ ./H2FilePWDChange.sh
NOTE
This script can be used to modify the database file password but not the database user password.
Step 5 Enter the database user name and press Enter. The default user name is ossuser.
Information similar to the following is displayed.
Please input your user password:
Step 6 Enter the database user password and press Enter. The default password is Changeme_123.
Information similar to the following is displayed.
Please input your old file password:
Step 7 Enter the old database file password and press Enter. The default password is
Changeme_123.
Information similar to the following is displayed.
The password of the database must meet the following requirements:
At least one lowercase letter
At least one uppercase letter
At least one digit
At least one special character: ~@#^*--+[{}]:./?
Other special characters, such as \()|<>&`!$"%'=;, and space, are not
supported
Please input your new file password:
Step 8 Enter the new planned database user password according to the prompted password rule and
press Enter.
Information similar to the following is displayed.
Please input your new file password again:
Step 9 Enter the new planned database user password according to the prompted password rule again
and press Enter.
If "success" is displayed similar to the following, the password is changed successfully.
Test DB success. The file password write to file success.
----End
NOTE
The default user name of the H2 database is ossuser and the default password is Changeme_123. The
default password of H2 database file is Changeme_123. To ensure system security, change passwords
immediately after installation, update it periodically, and save it properly.
Answer
Step 1 Log in to the operating system as the administrator user.
Parameter Description
Step 4 Click Change user password. If the Info dialog box showing the following message is
displayed, the password has been successfully changed.
----End
Answer
NOTE
Stop the Sysguard process on the U2000 before changing the password of the U2000 Guard's H2
database.
l Perform the following operations to change the password of an H2 database user on the
Solaris/SUSE Linux-based U2000:
NOTE
In a HA system, the H2 database user's password must be changed in both primary and secondary
sites to ensure consistency.
a. Log in to the OS as the ossuser user over SSH using the PuTTY.
b. Run the following command to start the tool used to manage passwords of H2
database users:
$ cd /opt/oss/server/base_service/sysguard/H2Manager
$ ./H2Manager.sh
c. Enter the password of the database user dbuser and press Enter. The default
password is Changeme_123. The password must be changed during the first login
to ensure system security. Keep the password confidential and change it regularly.
Information similar to the following is displayed:
if you want to change the password,please input the old password:
--------------------------------password
requirements---------------------------------------
--1: Length between 8 to 30. --
--2: At least one lowercase letter. --
--3: At least one uppercase letter. --
--4: At least one digit. --
--5: At least one special character: ~@#^-_+[{}]:./? --
--6: Other special characters, such as ()|<>&\`!$"%'=;, and space, are
not supported. --
-------------------------------------------------------------------------
-------------------
e. Enter the planned database user password again and press Enter.
If the last line of the command output is as follows, the password has been
successfully changed:
Changing the dbuser's password succeeded.
l Perform the following operations to change the password of a H2 database user on the
Windows-based U2000:
a. Log in to the Windows OS as a user with the administrator rights.
b. Assess the D:\oss\server\base_service\sysguard\H2Manager directory where the
tool used to manage H2 database user passwords resides.
NOTE
The tool resides in the U2000 installation directory, which may be different from the
preceding directory. You can modify the U2000 installation directory based on actual
situations.
c. Double-click H2Manager.bat to start the tool.
Information similar to the following is displayed:
please input dbuser's password:
d. Enter the password of the database user dbuser and press Enter. The default
password is Changeme_123.
Information similar to the following is displayed:
if you want to change the password,please input the old password:
--------------------------------password
requirements---------------------------------------
--1: Length between 8 to 30. --
--2: At least one lowercase letter. --
--3: At least one uppercase letter. --
--4: At least one digit. --
--5: At least one special character: ~@#^-_+[{}]:./? --
--6: Other special characters, such as ()|<>&\`!$"%'=;, and space, are
not supported. --
-------------------------------------------------------------------------
-------------------
f. Enter the planned database user password again and press Enter.
If the following information is displayed, the password has been successfully
changed.
Changing the dbuser's password succeeded.
Question
How do I import a U2000 key store?
Answer
l For the Windows OS:
a. Log in to the OS as the ossuser user.
b. Run the following command to import the key store.
> cd /d D:\oss\engr\tools\crypto
> import.bat import_path
NOTE
l import_path is the directory that stores the backup key store, for example, the backup
file path is D:\oss\engr\tools\crypto\cryptoInfo.zip.
l By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in
this directory, replace the directory in the preceding command with the actual installation
directory.
NOTE
l import_path is the directory that stores the backup key store, for example, the backup
file path is /opt/oss/engr/tools/crypto/cryptoInfo.zip.
l By default, the U2000 is installed in the /opt/oss directory. If the U2000 is not installed
in this directory, replace the directory in the preceding command with the actual
installation directory and navigate to the actual installation directory to execute the
mapping script.
----End
Prerequisites
l The U2000 application and southbound IP addresses have been obtained.
NOTE
l To query the U2000 server IP address, run the # ifconfig -a command for the SUSE Linux and
Solaris OSs and the > ipconfig command for a Windows OS.
l To query the U2000 southbound IP address.
l SUSE Linux or Solaris OS:
Log in the OS as the ossuser user.
$ cd /opt/oss/server/tools/configSouthIP
$ ./configsouthip.sh -get
By default, the U2000 is installed in the /opt/oss directory. If the U2000 is not installed
in this directory, replace the directory in the preceding command with the actual
installation directory and navigate to the actual installation directory to execute the
mapping script.
l Windows OS:
Log in the OS as the ossuser user.
> cd /d D:\oss\server\tools\configSouthIP
> configsouthip.bat -get
By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in
this directory, replace the directory in the preceding command with the actual installation
directory.
l If the southbound IP address is configured:
– If the device is connected to the network through the server's application IP address,
the server's application IP address should add to the southbound IP address list, see
A.10.45 How Can I Configure an IP Address for the Communication Between
the U2000 and Southbound NEs.
– The southbound IP addresses should communicate normally with their
interconnected devices. If the device is connected to the network through the
server's application IP address, the application IP addresses should communicate
normally with their interconnected devices.
– The server's application IP address should communicate normally with all client
networks.
– On the NBI Config Tools query the North IP address which the upper-layer OSS
connected to the network management server, the North IP address should
communicate normally with the upper-layer OSS.
l If the southbound IP address is not configured:
– The server's application IP address should communicate normally with all client
networks.
– The server's application IP address should communicate normally with managed
devices.
– On the NBI Config Tools query the North IP address which the upper-layer OSS
connected to the network management server, the North IP address should
communicate normally with the upper-layer OSS.
NOTE
Log in to the server OS as user root, run the command ping -S NMS_application_IP Destination_IP to
ensure that NMS application IP address can be normal communicated.
Context
l For a distributed system, the operations need to be performed only on the NM and EM
nodes.
l For a HA system, the operations need to be performed only on the primary site. Related
data will be automatically synchronized to the secondary site using the VCS.
NOTE
In a HA system, after data is synchronized to the secondary site, the NMS process at the secondary site
has to be restarted to enable all-zero IP address monitoring.
Procedure
l For the Windows OS:
a. Log in the OS as the ossuser user.
b. Stop the U2000 process.
c. Run the following command to disable all-zero IP address monitoring on the CML:
> cd /d D:\oss\server\platform\bin\special > sec_adm -cmd
disableListenAllIP
NOTE
By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in this
directory, replace the directory in the preceding command with the actual installation
directory.
If information similar to the following is displayed, all-zero IP address monitoring
is successfully disabled:
Operation succeeded. Please restart all services for the settings to
take effect.
d. Start the U2000 process.
l For the SUSE Linux or Solaris OS:
a. Log in the OS as the ossuser user.
b. Stop the U2000 process.
c. Run the following command to disable all-zero IP address monitoring on the CML:
$ ./opt/oss/server/svc_profile.sh
$ cd /opt/oss/server/platform/bin/special
$ sec_adm -cmd disableListenAllIP
NOTE
By default, the U2000 is installed in the /opt/oss directory. If the U2000 is not installed in
this directory, replace the directory in the preceding command with the actual installation
directory and navigate to the actual installation directory to execute the mapping script.
If information similar to the following is displayed, all-zero IP address monitoring
is successfully disabled:
Operation succeeded. Please restart all services for the settings to
take effect.
d. Start the U2000 process.
----End
Follow-up Procedure
When the U2000 server functions as an SNMP client and assesses devices, the specified IP
address and interface must be configured on the firewall to reduce attacks because the
interfaces on the SNMP client monitor only the all-zero IP address. The following describes
how to configure the firewall embedded in the Linux OS:
NOTE
For details about the interfaces in the following tables, see iManager U2000 Communication Port
Matrix.
Table A-16 IP addresses and interfaces configured on the firewall in a centralized system
Public U2000 14901 to Used by the U2000 to communicate with NEs over
SBI IP 15900 SNMP.
address
Table A-17 IP addresses and interfaces configured on the firewall in a distributed system
Object Configur Interface Description
ation Number
Item
The following describes how to configure the specified IP address and interface for the
centralized performance management system (the configuration methods in other scenarios
are similar):
1. Log in to the U2000 OS as the root user.
2. For the NM node in a distributed system or a centralized NMS, run the following
command to set service_ip1 and the interface
NOTE
l For the Solaris OS, the configuration command is ipf, for details, see http://
docs.oracle.com/cd/E19253-01/816-5166/ipf-1m/index.html.
l In the following command, service_ip1 indicates the U2000 SBI IP address, which should be
replaced with the mapping U2000 IP address in the preceding tables.
l The following describes how to open the access to the IP address specified for service_ip1.
l For transport NE search (IP auto discovery), the command used to open the access to
Ethernet ports is similar to the following:# iptables -A INPUT -i eth0 -p udp --dport 8001 -j
ACCEPT. eth0 corresponds to the Configuration Item column in 1 and 2.
ii. Run the following command to open the access to interfaces 14421:
# iptables -A INPUT -p udp -d service_ip1 --dport 14421 -j ACCEPT
ii. Run the following command to restrict the access to interfaces 14421:
# iptables -A INPUT -p udp --dport 14421 -j DROP
NOTE
For transport NE search (IP auto discovery), the command is # iptables -L -nv.
If information similar to the following is displayed, the configuration succeeds:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 10.67.172.24 udp dpts:
14001:14101
ACCEPT udp -- 0.0.0.0/0 10.67.172.24 udp dpts:
14421
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14001:14101
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14421
3. Optional: For the NM node in a distributed system or a centralized NMS, to open the
access to the IP address specified for service_ip2 (U2000 server's another IP address),
delete the DROP rules, add the IP address specified for service_ip2, and add DROP
rules again.
NOTE
l For the Solaris OS, the configuration command is ipf, for details, see http://
docs.oracle.com/cd/E19253-01/816-5166/ipf-1m/index.html.
l In the following command, service_ip2 indicates the U2000 SBI IP address, which should be
replaced with the mapping U2000 IP address in the preceding tables.
l The following describes how to open the access to the IP address specified for service_ip2:
l If an interface has multiple IP addresses, open the access to the interfaces mapping to the IP
addresses one by one. Then, restrict the access to them one by one. For example, open the
access to the interfaces mapping to service_ip1 and service_ip2 values and then restrict the
access to these interfaces one by one.
l For transport NE search (IP auto discovery), the command used to open the access to
Ethernet ports is similar to the following:# iptables -A INPUT -i eth1 -p udp --dport 8001 -j
ACCEPT. eth0 corresponds to the Configuration Item column in 1 and 2.
a. Run the following command to check the line numbers of DROP rules:
# iptables -L -n
NOTE
For transport NE search (IP auto discovery), the command is # iptables -L -nv.
Information similar to the following is displayed:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 10.67.172.25 udp dpts:
14001:14101
ACCEPT udp -- 0.0.0.0/0 10.67.172.25 udp dpts:
14421
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14001:14101
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14421
Chain FORWARD (policy ACCEPT)
target prot opt source destination
b. According to the command output, the DROP rules exist in lines 3 and 4. Run the
following command to delete the DROP rules starting from line 4:
# iptables -D INPUT 4
# iptables -D INPUT 3
ii. Run the following command to open the access to interfaces 14421:
# iptables -A INPUT -p udp -d service_ip2 --dport 14421 -j ACCEPT
iii. Run the following command to restrict the access to interfaces 14001 to
14101:
# iptables -A INPUT -p udp --dport 14001:14101 -j DROP
iv. Run the following command to restrict the access to interfaces 14421:
# iptables -A INPUT -p udp --dport 14421 -j DROP
NOTE
For transport NE search (IP auto discovery), the command is # iptables -L -nv.
If information similar to the following is displayed, the configuration succeeds:
Procedure
Step 1 Log in the OS as the ossuser user.
l After all-zero IP address monitoring is enabled, the U2000 client can use any NIC IP
address to log in to the U2000 server, which poses security risks. Exercise caution when
performing this operation.
l Before all-zero IP address monitoring is enabled, the Huawei technical support engineers
needs to apply for and obtain written authority from the customer and comply with local
laws and regulations.
NOTE
By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in this
directory, replace the directory in the preceding command with the actual installation
directory.
c. Start the U2000 process. For details, see A.10.7 How to Start the Processes of the
U2000 Single-Server System on Windows.
NOTE
By default, the U2000 is installed in the /opt/oss directory. If the U2000 is not installed in
this directory, replace the directory in the preceding command with the actual installation
directory and navigate to the actual installation directory to execute the mapping script.
c. Start the U2000 process. For details, see A.10.13 How to Start the Processes of
the U2000 Single-Server System on SUSE Linux or A.10.10 How to Start the
Processes of the U2000 Single-Server System on Solaris.
----End
Question
How do I perform a rollback after the H2 key replacement fails?
Answer
Step 1 Log in to the OS as the ossuser user.
NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
l Windows OS:
a. Go to the D:\oss\server\etc\oss_cfg\frame\is_server\data directory and delete the
isdb.h2.db file.
b. Rename the isdb.h2.db.bak file to isdb.h2.db.
NOTE
The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
----End
Prerequisites
You have obtained all non-NMS-application IP addresses that need to be configured.
Procedure
Step 1 Log in to the OS as the ossuser user.
Step 2 Stop the MSuite server processes. For details, see A.9.3 How to End Processes on the
MSuite Server.
NOTE
– Multiple IP addresses are supported, as long as they are separated from each other by
semicolons (;).
– For the SUSE Linux and Solaris OSs, set the file permission to 600 and the owner and group
to ossuser:ossgroup after the engr.cfg file is created.
– This method only applies to the configuration of local IP addresses.
4. Save the configuration file after modification and close it.
Step 4 Start the MSuite server processes. For details, see A.9.2 How to Start the Process of the
MSuite Server.
----End
Procedure
Step 1 Log in the OS as the ossuser user.
l After all-zero IP address monitoring is enabled, the U2000 client can use any NIC IP
address to log in to the U2000 server, which poses security risks. Exercise caution when
performing this operation.
l Before all-zero IP address monitoring is enabled, the Huawei technical support engineers
needs to apply for and obtain written authority from the customer and comply with local
laws and regulations.
NOTE
By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in this
directory, replace the directory in the preceding command with the actual installation
directory.
c. Start the U2000 process. For details, see A.10.7 How to Start the Processes of the
U2000 Single-Server System on Windows.
l For the SUSE Linux or Solaris OSs:
a. Stop the U2000 process. For details, see A.10.14 How to End the Processes of the
U2000 Single-Server System on (SUSE Linux) or A.10.11 How to End the
Processes of the U2000 Single-Server System on (Solaris).
b. Run the following command to enable all-zero IP address monitoring on the CML:
$ . /opt/oss/server/svc_profile.sh
$ cd /opt/oss/server/platform/bin/special
$ sec_adm -cmd enableListenAllIP
NOTE
By default, the U2000 is installed in the /opt/oss directory. If the U2000 is not installed in
this directory, replace the directory in the preceding command with the actual installation
directory and navigate to the actual installation directory to execute the mapping script.
c. Start the U2000 process. For details, see A.10.13 How to Start the Processes of
the U2000 Single-Server System on SUSE Linux or A.10.10 How to Start the
Processes of the U2000 Single-Server System on Solaris.
----End
monitor the default network adapters (eth0 and eth1) of the U2000 distributed system.
Therefore, users can access each distributed node only through the default network adapters
(eth0 and eth1).
Procedure
Step 1 Log in to the OS of each distributed node as the root user.
Step 2 Run the following commands to monitor the default network adapters (eth0 and eth1) of the
U2000 distributed system:
# cd /opt/oss/manager/adapter/network
# ./setDistributedIptables.sh -add
NOTE
l If the preceding commands are run, users can access each distributed node only through eth0 and
eth1.
l The preceding commands enable only eth0 and eth1 to be monitored. If a new network adapter (for
example, eth2) is added on a distributed node, users must clean up the preceding configuration to
ensure the valid use of the new network adapter. For details, see Follow-up Procedure.
----End
Follow-up Procedure
Perform the following operations to clean up the function of monitoring default network
adapters (eth0 and eth1) of the U2000 distributed system:
1. Log in to the OS of each distributed node as the root user.
2. Run the following commands to clean up the function of monitoring default network
adapters of the U2000 distributed system:
# cd /opt/oss/manager/adapter/network
# ./setDistributedIptables.sh -clear
Question
How to configure an SSH listening IP address?
Answer
Step 1 Log in to the OS as the ossuser user using the PuTTY.
Step 2 Run the following command to configure or rollback an SSH listening IP address:
Run the following command to configure an SSH listening IP address:
$ cd /opt/oss/engr/engineering/script/
$ ./LockIPForLogin.sh -add newIP
NOTE
NOTE
----End
Question
After an SSH listening IP address is configured, a user can access the U2000 over SSH only
using this IP address, thereby enhancing access security.How do I configure an SSH listening
IP address?
Answer
Step 1 Log in to the Windows OS as a user with administrator rights.
Step 2 Choose Start > Control Panel > System and Security > Windows Firewall > Turn on or
off Windows Firewall and click Customize Settings and then OK.
Step 3 Configure an SSH listening IP address.
l Add an SSH listening IP address.
– Manually add an SSH listening IP address (all listening IP addresses can be added).
i. Choose Start > Control Panel > System and Security > Windows Firewall
and click Advanced Setting.
ii. In the Windows Firewall With Advanced Security window, right-click
Inbound rules and choose New Rule from the shortcut menu.
iii. In the Rule Type dialog box, select Port and click Next.
iv. In the Protocol and Ports dialog box, set Specific local ports to 22 and click
Next.
v. In the Action dialog box, click Next.
vi. In the Profile dialog box, click Next.
vii. In the Name dialog box, set Name to a value such as minasshd (Description
is optional) and click Finish.
viii. In the Windows Firewall With Advanced Security window, click Inbound
rules. Right-click minasshd and choose Properties from the shortcut menu.
ix. In the minasshd Properties dialog box, click the Scope tab.
x. In Remote IP address, select These IP addresses and click Add.
----End
Context
l After the primary and secondary sites are associated, iptables listening can be configured
based on actual situations.
l If iptables listening has been added, the related command should be executed to clear the
replication/heartbeat IP addresses monitored by iptables before they are modified.
l If iptables listening has been added, the related command should be executed to clear the
replication/heartbeat IP addresses monitored by iptables after the primary and secondary
sites are separated.
l Log in to both primary and secondary sites as the ossuser user to execute the commands.
Procedure
l Run the following command to add the peer end's heartbeat and replication IP addresses
to be monitored by iptables:
$ cd /opt/oss/engr/engineering/conf/ha/script/veritas/vcs
$ ./setiptables.sh -add
l Run the following command to clear the peer end's heartbeat and replication IP addresses
monitored by iptables:
$ cd /opt/oss/engr/engineering/conf/ha/script/veritas/vcs
$ ./setiptables.sh -clear
l Run the following command to check whether the peer end's heartbeat and replication IP
addresses to be monitored by iptables are added:
– Run the following command for a Linux HA system:
$ su - root
# cd /opt/oss/engr/engineering/conf/ha/script/veritas/vcs
# iptables -L -nv
If information similar to the following is displayed, iptables monitoring has been
added:
Chain INPUT (policy ACCEPT 628 packets, 80590 bytes)
pkts bytes target prot opt in out source destination
628 80590 engr_firewall all -- * * 0.0.0.0/0 0.0.0.0/0
----End
Question
How do I modify the ossuser or dbuser ID at the secondary site to be the same as that at the
primary site?
Answer
Step 1 Log in to the OS at the primary site as the root user using the PuTTY.
Step 2 Run the following command to view the uid and gid values of the ossuser or dbuser user:
# id username
NOTE
l To view the uid and gid values of the ossuser user, set username to ossuser.
l To view the uid and gid values of the dbuser user, set username to dbuser.
Step 3 Log in to the OS at the secondary site as the root user using the PuTTY.
Step 4 Run the following command to modify the uid and gid values of the ossuser or dbuser user:
# cd /opt/oss/engr/tools
# ./ModifyUserID.sh -U username -UID uid -GID gid
NOTE
l dbuser
Modify ID for dbuser successfully!
----End
Question
How to change the password for the user ftpuser?
Answer
l For the Windows OS:
a. Change the password for the Windows OS user ftpuser, see A.1.15 How to
Change the Password for the Windows OS User ftpuser?.
b. Log in to the U2000 server operating system as a user with ossuser rights.
c. Choose Start > Run. In the Run dialog box, enter the cmd command to access the
CLI.
d. Perform the following operations to change the password for the ftpuser user.
> cd /d D:\oss\server\3rdTools\ftp\minasshd\usermgr
> SftpUserManager.bat name password rootpath
> cd /d D:\oss\server\3rdTools\ftp\apacheftpserver\bin
> UserManager.bat cfg name password rootpath
NOTE
l In this command, the U2000 is installed on drive D. If the U2000 is installed on another
drive, D in the command must be replaced with this drive letter.
l name specifies the user ftpuser to change the password.
l password specifies the new password for the ftpuser.
l rootpath specifies the root path for the ftpuser.
l After the U2000 is installed, the default ftpuser home directory is D:\. You can
manually change the default ftpuser home directory to another directory such as
D:\ftp.
l Do not set the ftpuser home directory to D:\oss (U2000 installation directory) or
C:\ (system directory).
l For example,
> cd /d D:\oss\server\3rdTools\ftp\minasshd\usermgr
> SftpUserManager.bat ftpuser Changeme_123 D:\
> cd /d D:\oss\server\3rdTools\ftp\apacheftpserver\bin
> UserManager.bat cfg ftpuser Changeme_123 D:\
e. Close the CLI and log in to the system monitor client to restart the
uflight_dispatcher service.
i. Logging in to the system monitor client, see 10.2 Logging In to the System
Monitor Client.
ii. On the System Monitor, click the Service Monitor tab.
iii. Select uflight_dispatcher service, right-click, and choose Start Service.
iv. Select uflight_dispatcher service, right-click, and choose Stop Service.
f. Logging in to a U2000 client, see 2.6 Logging In to a U2000 Client.
g. Choose Administration > Settings > FTP Account Information Management
from the main menu (traditional style); alternatively, double-click System
Management in Application Center and choose Settings > FTP Account
Information Management from the main menu (application style).
h. In the FTP Account Information Management dialog box, click the Configure
FTP Account tab.
i. Right-click Default local FTP account and choose Modify from the shortcut
menu.
j. In the Modify FTP User dialog box, select Change password and input the
Password and Confirm password.
k. Click OK.
l. In the Result dialog box, click Close.
l Run modify_ftp_setting.sh to change the password of the user ftpuser on U2000 server and
OS.
l For HA system, separate the primary and secondary sites and then run the
modify_ftp_setting.sh on both primary and secondary site.
l The following command output is displayed on a Linux OS (used as an example).
l The rules for modifying a password are as follows:
l The password contains a minimum of 8 characters and a maximum of 30 characters.
l The password must contain four of the following combinations:
l At least one lower-case letter
l At least one upper-case letter
l At least one digit
l At least one special character ~!@#$%^&*()-_=+\|[{}];:"',<.>/?
l The password cannot be the same as the user name written in either the forward or
backward format.
l If security hardening is performed on the OS, set the password by referring to the
password policies in Security Hardening Guide.
a. Use the PuTTY tool to log in to the server as a root user.
b. Run the following commands to change the password for the user ftpuser as
prompted.
n SUSE Linux:
# cd /opt/sudobin/imap/ftp/files
# bash modify_ftp_setting.sh -i /opt/oss -u ftpuser -l false
n Solaris:
# cd /opt/oss/server/3rdTools/ftp/files
# bash modify_ftp_setting.sh -i /opt/oss -u ftpuser -l false
Changing the password of user ftpuser...
Changing password for ftpuser.
New password: new password for the ftpuser
Retype new password: new password for the ftpuser
Password changed.
Modifying FTP configurations of OSS...
The password of user ftpuser is required.
Please enter the changed password of user ftpuser: new password for the
ftpuser
If the following message displayed, the password for the user ftpuser modified
successfully.
FTP configurations modified successfully.
----End
Symptom
When users enter Chinese characters on the iMAP client using Sogou Pinyin, the entered
characters are incorrectly displayed in the candidate window of Sogou Pinyin.
Possible Causes
Sogou Pinyin is incompatible with the version (1.8_131) of JRE used by the iMAP client.
Procedure
Step 1 Upgrade Sogou Pinyin to 8.6.
----End
Question
How do I apply for U2000 digital certificates?
NOTE
The following operations apply to Windows OS and use the U2000 server and client certificates as an
example. The application method of other digital certificates is similar.
Answer
Step 1 Generate a certificate request file using the online CSR tool.
1. Enter https://certificatesssl.com/ssl-tools/csr-generator.html in the address bar of the
Chrome browser.
2. On the Generate CSR page, set the following parameters in turn.
The length of This parameter corresponds to the RSA type. Select 2048.
encryption key
5. Click download as a file separately to download and save the CSR and private key file.
NOTE
Save the downloaded private key file private.key to a secure place. After the certificate
application is complete, merge the requested certificate and the private key file to a .p12 file and
then delete the private key file.
6. Rename the downloaded file csr.txt as u2kserver.csr and submit it to the CA of the
customer for certificate issuing.
Step 2 Obtain the identity certificate issued by the CA and the CA certificates.
Assume that the identity certificate issued by the CA of the customer is u2kserver.cer, in the
PEM format. Example:
Assume that the CA of the customer has two levels. The returned CA certificates are
rootca.cer and intermediateca.cer, in the PEM format. Example:
NOTE
The preceding identity certificate and CA certificates have no requirement on the file name extension
and mainly check whether the file is in the PEM format.
NOTE
In consideration of software compatibility, the PBE-SHA1-3DES algorithm is used by default. If
supported, the more secure AES-128-CBC algorithm is recommended.
The following table describes the meaning of each parameter in the preceding command.
Parameter Description
inkey Indicates the private key file. The default file format is
PEM.
NOTE
The encryption password of the identity certificate must meet certain complexity requirements:
– Must contain 8 to 20 characters.
– Contain at least one space or one of the following special characters: `~!@#$%^&*()-_=+\|
[{}];:'",<.>/?
– Must be a combination of at least two of the following characters: lowercase letters (a-z),
uppercase letters (A-Z), and digits (0-9).
– Must be different from the user name or the reverse user name.
b. Run the following command in the CLI to verify the file output after the merge:
> keytool -printcert -v -file trust.cer
If you can view the parsed certificate, the file is merged successfully.
----End
Question
How do I uninstall a mirroring database?
Answer
Step 1 Log in to the OS as the ossuser user through SSH by using PuTTY.
Step 2 Run the following commands to switch to the root user and uninstall the mirroring database.
$ su - root
Password: Password of the root user
# cd /opt/sys_oss/DBSVRBCK/PlantBackDB
# ./uninstall_DBSVRBCK.sh
NOTE
The uninstall_DBSVRBCK.sh stores at /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/
PlantBackDB before U2000 V200R016C60CP2023. While U2000 V200R016C60CP2023 and later
version stores at /opt/sys_oss/DBSVRBCK/PlantBackDB.
Step 3 Run the following command to check whether the mirroring database is successfully
uninstalled:
# crontab -l | grep runtimetask.sh
----End
Question
How to configure an FTP listening IP address?
Answer
To enhance the access security of the U2000 server, FTP listens only to the loopback address
and the U2000 installation IP address by default. You can use the config_ftp_ip.sh script to
configure the IP addresses that FTP listens to.
Step 3 Run the following command with root user to query, configure or rollback an FTP listening
IP address:
l Run the following command to query an FTP listening IP address:
# cd /opt/sudobin/imap/ftp/files
# bash config_ftp_ip.sh query
NOTE
NOTE
– default indicates configuring FTP can listen to loopback IP address, float IP address and
sorthbound IP address.
– listenAllIP indicates network-wide listening.
– add IP1:IP2:IP3... indicates configuring FTP listening IP address, different IP address
separate with :.
l Run the following command to rollback FTP listening IP address:
# cd /opt/sudobin/imap/ftp/files
# bash config_ftp_ip.sh delete IP1:IP2:IP3...
# start_ftp_server.sh
NOTE
delete IP1:IP2:IP3... indicates not configuring FTP listening IP address, different IP address
separate with :.
----End
Procedure
Step 1 Use the restoration server as a file server and establish a remote mounting relationship
between the restoration server and the server where the backup files restored. For details, see
6.1.7.2.3 Mounting the SUSE Linux File Server.
Step 2 Run the following commands to copy the checkEnvironment directory to the restoration
server on the server where the backup files restored.
# cd /opt/ssrbackup_local/backup_Timestamp/
# cp -rp checkEnvironment/ /opt/ssrbackup_local/file_server/
Step 3 Execute the following scripts on the restoration server to obtain the risk level of restoring
services on the restoration server.
# cd /opt/ssrbackup_local/file_server/checkEnvironment/
# chmod 750 *.sh
# ./check_environment.sh
l If the information similar to the following is displayed, the system can be restored.
The system can be restored.
NOTE
l When information is displayed in a table, there are six columns. The first column DriverName
indicates the driver name. The second column RiskLevel indicates the risk level. The third column
CurrentSystemDriverVersion indicates the driver version on the restoration servers. The fourth
column SourceSystemDriverVersion indicates the driver version on the backup server. The fifth
column CurrentSystemDriverSigner indicates the driver vendor of the restoration server. The sixth
column SourceSystemDriverSigner indicates the driver vendor of the backup server.
l If specific contents are displayed in the third and fifth columns, the driver does not exist on the
backup server. If specific contents are displayed in the third and fourth columns, the driver version
on the backup and restoration servers are inconsistent. If specific contents are displayed in the fifth
and sixth columns, the driver vendors of the backup and restoration servers are inconsistent.
l If a message is displayed indicating that restoring services is risky, determine whether to continue
the restoration with caution.
l If it will restore failed is displayed, the partitions on the backup and restoration servers are
inconsistent and the restoration operations cannot be performed.
----End
Answer
Step 1 On the computer installed the virtual machine client VMware vSphere Client, double-click the
VMware vSphere Client shortcut icon on the desktop. The login dialog box is displayed.
Step 2 Set the required login parameters.
l IP address/Name: ESXi host's IP address or name.
l User name: User name of an ESXi host.
l Password: Password of the ESXi host user.
NOTE
Keep the Use Windows session credentials check box unselected, which is the default setting.
----End
Question
How do I log in to the VMware vCenter server?
Answer
Step 1 Optional: Add rights to administrative accounts.
NOTE
l If this is your first-time login to the VMware vCenter Server and security hardening has not been
performed for the OS on which vCenter runs, use the administrator@vsphere.local account to log
in and add rights to the administrator account.
l If this is your first-time login to the VMware vCenter Server and security hardening has been
performed for the OS on which vCenter runs, use the administrator@vsphere.local account to log
in and add rights to the SWMaster account.
1. Double-click the shortcut icon of the VMware vSphere client on the desktop. The login
dialog box is displayed.
2. Set the required login parameters.
6. The Select Users and Groups dialog box is displayed. Select Administrator in the
Users and Groups group box and click Add.
NOTE
To add rights to the SWMaster account, select SWMaster on the Users and Groups tab.
7. Click OK to return to the Assign Permissions dialog box, Click OK. The administrator
rights are added.
8. Close the VMware vSphere client.
Step 2 On the computer installed the virtual machine client VMware vSphere Client, double-click the
VMware vSphere Client shortcut icon on the desktop. The login dialog box is displayed.
Step 3 Set login parameters.
Login-related parameters are set as follows:
l IP address/Name: IP address of the vCenter Server OS or the computer name.
l User name: user name for logging in to the vCenter Server OS.
NOTE
----End
Question
How do I check and create a port group (network label) on a virtual machine?
Answer
Step 1 Log in to the VMware vCenter Server.
Step 2 In the navigation tree, select an ESXi host. Click Configuration and select Networking in
the right window.
NOTE
Requirements of the U2000 on the virtual machine port group (network label): As management and
services are implemented on independent network segments, the service network must be connected to
the external network through a service router. U2000 virtual machines need to be created on the service
router.
l Perform the following operations to view the non-used port groups (network label) on
the virtual machine:
If no information about the virtual machine is displayed in the Virtual Machine Port
Group area, the port group of the virtual machine is not used. Otherwise, the port group
(network label) is used. As shown in the preceding figure, port group VM
Network_U2000 is not used by the virtual machine.
l Perform the following operations to create a virtual machine port group (network label):
a. Click Properites on a standard switch, such as vSwitch2.
b. On the Ports page, click Add.
NOTE
e. Click Next.
f. Click Finish.
g. Click Close.
----End
Question
On the VMware vSphere Client, how do I check whether the available space of the storage on
a virtual machine meets the U2000 requirement?
Answer
Step 1 Log in to the VMware vSphere Client.
Step 2 On the VMware vSphere Client, you can select the IP address of the VMware server from the
navigation tree and click Summary in the right pane and view the available space of the
storage on a virtual machine.
NOTE
l The available space of the storage on the virtual machine must meet the U2000 requirement
(Storage: 400 GB or higher.); otherwise, the U2000 cannot be installed.
l A storage with the available space of 805 GB is used as an example to describe how to check the
available space. You can create virtual hard disks 1 and 2 on the storage.
----End
Question
How do I view the usage of network interfaces on the VMware server?
Answer
vmnic0
vmnic1
vmnic2
...
vmnicN
Step 2 Select the IP address of the VMware vSphere Client and choose Configuration >
Networking. Click Properties of a switch.
Step 3 Click the Network Adapters tab and view all network interfaces of the VMware server. Add
the Network Adapters (network interfaces) column in Table A-18.
Step 4 Click the Ports tab and select all Virtual Machine Port Group one by one. View
information about Active Adapters and Standby Adapters. Add the Whether used as an
active adapter column in Table A-18.
----End
Answer
Step 1 Log in to the VMware vSphere Client.
2. In the Virtual Machine Properties dialog box, choose Hardware > Memory.
----End
Answer
Step 1 Log in to the VMware vSphere Client.
Step 3 Right-click a VM and choose Edit Settings from the shortcut menu.
Step 4 In the Virtual Machine Properties dialog box, choose Hardware > CPUs.
Step 5 Choose a value from the Number of virtual sockets drop-down list and a value from the
Number of cores per socket drop-down list. The resulting total number of cores is a number
equal to or less than the number of logical CPUs on the host.
----End
Answer
Step 1 Log in to the VMware vSphere Client.
Step 3 Right-click a VM and choose Edit Settings from the shortcut menu.
Step 4 In the Virtual Machine Properties dialog box, choose Hardware > Add.
Step 5 In the Device Type dialog box, select Hard Disk and click Next.
Step 6 In the Select a Disk dialog box, select Create a new virtual disk and click Next.
Step 7 In the Create a Disk dialog box, set the capacity to the size of virtual machine disk, select
Thick Provision Lazy Zeroed, and click Next.
Step 8 In the Advanced Options dialog box, keep default values and click Next.
----End
Prerequisites
l The E9000 server has been physically connected to disk arrays.
l ESXi has been installed and configured on the E9000 server. For details, see Installing
and Configuring VMware ESXi.
l A VMware vSphere Client has been installed on a computer. For details, see Installing a
VMware vSphere Client.
Context
All the blades on the E9000 server must establish a connection with the OceanStor 5500 V3
array disk. The following section describes how to establish a connection between blade 2 on
the E9000 server and the OceanStor 5500 V3 array disk.
Procedure
Step 1 Log in to the VMware vSphere Client.
1. Optional: If the virtual machine list is not displayed, choose Home > Inventory from
the main menu to view the virtual machine list.
2. Select the ESXi host's IP address to be configured, click Configuration, and then click
Networking.
3. Click Add Networking. In the Add Network Wizard dialog box, select VMKernel.
4. Click Next. The VMkernel-Network Access window is displayed. Cancel the selection
of vmnic 0, select vmnic 8.
NOTE
IP addresses are learned by VMware through network protocols and are related to the network
environment, not NIC configurations.
6. Click Next and add a blade's IP address used to connect to iSCSI network interface P0 of
the disk array, the IP of iSCSI interface Controller Port 0 are 192.168.0.20 and
192.168.0.21, IP Address must be on the same network segment as the disk array iSCSI
network P0 interface's IP address.
NOTE
9. Click Add Networking. In the Add Network Wizard dialog box, select VMKernel.
10. Click Next. The VMkernel-Network Access window is displayed. Cancel the selection
of vmnic 0, select vmnic 1.
NOTE
IP addresses are learned by VMware through network protocols and are related to the network
environment, not NIC configurations.
11. Click Next. In the VMkernel-Connection Settings window, set the network label name
to VMkernel_iSCSI2.
12. Click Next and add a blade's IP address used to connect to iSCSI network interface P1 of
the disk array, the IP of iSCSI interface Controller Port 1 are 192.168.1.20 and
192.168.1.21, IP Address must be on the same network segment as the disk array iSCSI
network P1 interface's IP address.
NOTE
3. Click OK.
Step 4 Add an iSCSI adapter and establish a connection with the disk array.
1. Select the ESXi host's IP address and click Configuration. On the Configuration tab
page, click Storage Adapters.
2. Click Add in the upper right corner. The Add Storage Adapter dialog box is displayed.
3. Click OK. The Software iSCSI Adapter dialog box is displayed.
4. Click OK. The newly added iSCSI Software Adapter is displayed.
5. Select the newly added iSCSI adapter, such as vmhba39. Right-click and select
Properties from the shortcut menu. The iSCSI Initiator (vmhba39) Properties dialog
box is displayed.
6. Click Dynamic Discovery. On the Dynamic Discovery tab page, click Add. In the Add
Send Target Server dialog box, configure a disk array's iSCSI network interface IP
address for the iSCSI server.
NOTE
– iSCSI Server: uses the IP address of the disk array's iSCSI network interface. For details,
see Network Planning.
– Port: keeps the default settings unchanged.
7. Click OK. Repeat Step 4.6 to configure all disk array's iSCSI network interfaces' IP
addresses for the iSCSI server.
8. Click Static Discovery and check whether dynamic iSCSI targets are discovered.
– XXX.XXX.XXX.XXX indicates the IP address of the management network port of the storage
array controller.
– Port 8088 needs to be enabled when the system provides the web service externally in an
environment with the firewall deployed.
– A message may be displayed indicating that the security certificate of the website brings risks.
In this case, ignore the message and continue to visit the disk array as long as the IP address is
correct.
Step 8 On the Host tab, select the desired blade and click Add Initiator.
Step 9 In the Available Initiators area, select the desired initiator and click .
Step 10 Click OK. In the Danager dialog box, select I have read and understood the consequences
associated with performing this operation. and click OK.
Step 12 Repeat Step 1 to Step 11 to establish a connection between other blades and the array disk.
l After establishing connections between the disk array and computing nodes, the Devices tab displays
new LUNs but the Datastores tab does not display the identities of the new LUNs. You need to add
the identities manually.
l Adding only one E9000 datastore identity is needed. Other E9000 datastore identities will be
automatically added.
1. Select the desired host in the host cluster and click Configuration. On the
Configuration tab, click Storage. The Datastores tab does not display the identities of
the new LUNs.
3. Select Select Disk/LUN and click Next. The Select Disk/LUN dialog box is displayed.
4. Select a disk and click Next. The File System Version dialog box is displayed.
5. Select VMFS-5 and click Next. The Current Disk Layout dialog box is displayed.
NOTE
A datastore name to be entered must map the previously selected LUN name.
7. Enter a datastore name (such as LUN001_U2000) and click Next. The Disk/LUN-
Formatting dialog box is displayed.
----End
Prerequisites
l The E9000 server has been physically connected to disk arrays.
l ESXi has been installed and configured on the E9000 server. For details, see Installing
and Configuring VMware ESXi.
l A VMware vSphere Client has been installed on a computer. For details, see Installing a
VMware vSphere Client.
Context
All the blades on the E9000 server must establish a connection with the OceanStor S3900
array disk. The following section describes how to establish a connection between blade 2 on
the E9000 server and the OceanStor S3900 array disk.
Procedure
Step 1 Log in to the VMware vSphere Client.
3. Click Add Networking. In the Add Network Wizard dialog box, select VMKernel.
4. Click Next. The VMkernel-Network Access window is displayed. Cancel the selection
of vmnic 0, select vmnic 8.
NOTE
IP addresses are learned by VMware through network protocols and are related to the network
environment, not NIC configurations.
6. Click Next and add a blade's IP address used to connect to iSCSI network interface P0 of
the disk array, the IP of iSCSI interface Controller Port 0 are 192.168.0.20 and
192.168.0.21, IP Address must be on the same network segment as the disk array iSCSI
network P0 interface's IP address.
NOTE
9. Click Add Networking. In the Add Network Wizard dialog box, select VMKernel.
10. Click Next. The VMkernel-Network Access window is displayed. Cancel the selection
of vmnic 0, select vmnic 1.
NOTE
IP addresses are learned by VMware through network protocols and are related to the network
environment, not NIC configurations.
11. Click Next. In the VMkernel-Connection Settings window, set the network label name
to VMkernel_iSCSI2.
12. Click Next and add a blade's IP address used to connect to iSCSI network interface P1 of
the disk array, the IP of iSCSI interface Controller Port 1 are 192.168.1.20 and
192.168.1.21, IP Address must be on the same network segment as the disk array iSCSI
network P1 interface's IP address.
NOTE
3. Click OK.
Step 4 Add an iSCSI adapter and establish a connection with the disk array.
1. Select the ESXi host's IP address and click Configuration. On the Configuration tab
page, click Storage Adapters.
2. Click Add in the upper right corner. The Add Storage Adapter dialog box is displayed.
3. Click OK. The Software iSCSI Adapter dialog box is displayed.
4. Click OK. The newly added iSCSI Software Adapter is displayed.
5. Select the newly added iSCSI adapter, such as vmhba39. Right-click and select
Properties from the shortcut menu. The iSCSI Initiator (vmhba39) Properties dialog
box is displayed.
6. Click Dynamic Discovery. On the Dynamic Discovery tab page, click Add. In the Add
Send Target Server dialog box, configure a disk array's iSCSI network interface IP
address for the iSCSI server.
NOTE
– iSCSI Server: uses the IP address of the disk array's iSCSI network interface. For details,
see Network Planning.
– Port: keeps the default settings unchanged.
7. Click OK. Repeat Step 4.6 to configure all disk array's iSCSI network interfaces' IP
addresses for the iSCSI server.
8. Click Static Discovery and check whether dynamic iSCSI targets are discovered.
If "The page cannot be displayed" is displayed on the Internet Explorer, the Windows management
terminal and the disk array controller fail to communicate with each other. Check the network
connection.
The system will navigate to the default login window of the ISM, as shown in the
following figure.
3. Click Click Here to Launch OceanStor ISM. The system will check whether the ISM
is installed on the Windows management terminal.
Before installing the ISM, install the Java runtime environment (JRE). For more
information about JRE versions, refer to information on the homepage of OceanStor
ISM.
If the ISM fails to be displayed on the Internet Explorer, click Internet Options >
Advanced > Reset to reset IE settings.
If the ISM is not installed on the Windows management terminal, the system will
automatically download and install the ISM by means of the Java web start (JWS). If the
ISM is installed on the Windows management terminal, the system will automatically
check the software version. If the version of the ISM is not the latest version, the system
will automatically upgrade the software to the latest version.
4. In the Warning - Security dialog box, select Always trust content from this publisher
and click Run.
5. In the Welcome window of the ISM, click Discover array. The Discover array dialog
box will be displayed, as shown in the following figure.
6. Selects a mode for discovering disk arrays according to the conditions at your site. Table
A-19 describes the parameters for discovering disk arrays.
Parameter Description
Authenticati The associated disk arrays can be found only when the entered user
on name and password are the same as those of the disk arrays.
Username The default user name for logging in to the ISM is admin.
Authenticati Selects a desired authentication mode. Choose Local Device from the
on Mode drop-down list.
Device Selects a desired device type. Choose Storage Unit from the drop-
Type down list.
Discovery Indicates that the discovery range is the IP address subnet segments on
Modes which the ISM client resides. The mode is by default selected.
Parameter Description
Specify an Indicates that disk arrays are discovered according to the IP address of
IP address the management network port on the specified disk array.
When you specify the IP address, the first field on the left ranges from
1 to 223 (except 127), the last field ranges from 1 to 254, and the other
fields range from 0 to 255.
Specify IP Indicates that disk arrays are discovered according to the IP address
Segment segment of the management network port on the specified disk array.
Start IP Address and End IP Address indicate the start and end IP
addresses of disk arrays to be discovered. When setting this parameter,
pay attention to the following points:
– The discovery range is the IP subnet segment of the ISM client.
– The first field on the left ranges from 1 to 223 (except 127), the last
field ranges from 1 to 254, and the other fields range from 0 to 255.
– The start IP address must be less than or equal to the end IP
address.
Local sub- Indicates that the discovery range is the IP subnet segment of the ISM
network client. This mode is the default discovery mode of the system.
7. Click OK. After the system successfully discovers storage arrays, the message Discover
device succeed. is displayed on Task Manager.
If the content in the following red box is the same as that in Step 4.4, the blade has been
successfully connected to the disk array.
If no newly added Initiators exists on the disk array, the blade fails to establish a
connection with the disk array. Repeat Step 4.1 to Step 4.10 to reconfigure the
connection.
3. Select a desired host, click Yes for Enable ALUA, and click OK.
NOTE
A desired host is the computing node that has the disk array mounted.
4. Click OK in the displayed dialog box.
5. Click Close in the Result dialog box.
6. Log in to the VMware vSphere Client, select the ESXi host's IP address, and click
Configuration. On the Configuration tab page, click Storage Adapters.
7. Select the existing iSCSI adapter and right-click. Then select Rescan from the shortcut
menu.
8. Click Devices and check whether the disk array is mounted.
NOTE
If the Devices tab lists one device whose Operational State is Mounted, disks are correctly
mounted.
Step 8 Repeat Step 1 to Step 7 to establish a connection between other blades and the array disk.
You need to log in to the ISM only once.
Step 9 Add E9000 datastore identities.
NOTE
l After establishing connections between the disk array and computing nodes, the Devices tab displays
new LUNs but the Datastores tab does not display the identities of the new LUNs. You need to add
the identities manually.
l Adding only one E9000 datastore identity is needed. Other E9000 datastore identities will be
automatically added.
1. Select the desired host in the host cluster and click Configuration. On the
Configuration tab, click Storage. The Datastores tab does not display the identities of
the new LUNs.
3. Select Select Disk/LUN and click Next. The Select Disk/LUN dialog box is displayed.
4. Select a disk and click Next. The File System Version dialog box is displayed.
5. Select VMFS-5 and click Next. The Current Disk Layout dialog box is displayed.
NOTE
A datastore name to be entered must map the previously selected LUN name.
7. Enter the datastore name LUN001_U2000 and click Next. The Disk/LUN-Formatting
dialog box is displayed.
----End
Prerequisites
l The user name and password used to log in to OceanStor DeviceManager are available.
l The 5500V3 disk array has remaining space that has no LUN divided.
Procedure
Step 1 Log in to the OceanStor DeviceManager at the protected site.
1. Open the Internet Explorer on the Windows management terminal.
2. Enter https://XXX.XXX.XXX.XXX:8088 in the address bar of the Internet Explorer (where
XXX.XXX.XXX.XXX indicates the IP address of the management network port of the
storage array controller). Such as https://192.168.10.30:8088.
NOTE
– Port 8088 needs to be enabled when the system provides the web service externally in an
environment with the firewall deployed.
– A message may be displayed indicating that the security certificate of the website brings risks. In
this case, ignore the message and continue to visit the disk array as long as the IP address is correct.
3. Enter the user name and password and click Log in to log in to the OceanStor
DeviceManager.
In the Welcome to OceanStor DeviceManager dialog box, click Close.
NOTE
2. On the LUN tab, click Create. The Create LUN dialog box is displayed.
3. Enter the LUN name LUN003_U2000.
4. Select Use all the free of the owning storage pool.
5. Click OK.
4. Select Select Disk/LUN and click Next. The Select Disk/LUN dialog box is displayed.
5. Select a disk and click Next. The File System Version dialog box is displayed.
6. Select VMFS-5 and click Next. The Current Disk Layout dialog box is displayed.
----End
Context
A service network must be created on each blade where VMware vSphere ESXi is installed.
Procedure
Step 1 Log in to the VMware vCenter server.
Step 2 Choose the IP address of the ESXi host of a blade from the navigation tree. Then choose
Configuration > Networking in the right pane.
In the following figure, vSwitch0 indicates a switch on the management and maintenance
network, and vSwitch1 and vSwitch2 indicate switches on the data storage network. You
need to create vSwitch3 for the service network.
Step 3 Click Add Networking in the upper right corner. The Add Network Wizard dialog box is
displayed.
Step 4 Select Virtual Machine as the connection type and click Next. In the Virtual Machine-
Network Access window, select vmnic 2 and vmnic 9.
Step 5 Click Next. In the Virtual Machine-Connection Settings dialog box, set a name for the
virtual machine port group, such as VM Network_U2000.
2. Configure vSwitch3. In the vSwitch3 Properties dialog box, select vSwitch and click
Edit. In the vSwitch3 Properties dialog box, click the NIC Teaming tab and check the
parameter settings of vSwitch3.
n Active Adapters: Two or more are required. If there are less than two active
adapters, select an adapter to be moved and use Move Up or Move Down to
set it to an active adapter. For example, set vmnic2 and vmnic9 to Active
Adapters.
n Standby Adapters: If more adapters are available, adding these available
adapters to Standby Adapter is recommended.
3. Click OK.
4. Configure the virtual machine port group (network label). Select the current virtual
machine port group, for example, VM Network_U2000, and click Edit. In the VM
Network_U2000 Properties dialog box, click the NIC Teaming tab and check the
parameter settings of the VM network.
a. Load Balancing: Select Route based on the originating virtual port ID.
b. Network Failover Detection: Select Beacon probing.
c. Notify Switches: Select Yes.
d. Failback: Select Yes.
e. Failover Order: Select Override switch failover order. To endure secure U2000
communication, configure network interface protection for the virtual network to
prevent a single point of failure. The configuration rules are as follows:
n Active Adapters: Set one of the Active Adapters configured in the preceding
step for vSwitch2 to be an active adapter for a VM network, such as vmnic 2.
If vSwitch2 has several VM networks, it is recommended that the server use a
VM network's Active Adapters different from other VM networks' Active
Adapters. For example, Active Adapters of VM Network_U2000 must be
different from those of VMkernel_iSCSI1 or VMkernel_iSCSI2. Select an
adapter to be moved and use Move Up or Move Down to adjust it.
n Standby Adapters: Set another one of the Active Adapters configured in the
preceding step for vSwitch2 to be a standby adapter for a virtual network, such
as vmnic 9. If more adapters are available, adding these available adapters to
Standby Adapter is recommended.
5. Click OK.
6. Click Close.
Step 9 Repeat Step 1 to Step 8 to create a service network on each blade where VMware vSphere
ESXi is installed.
----End
Answer
Step 1 Log in to a networked PC except the ESXI host.
NOTE
Step 3 Press Ctrl+c to stop the command after about 20 periods. In the case of no packet loss, the
average communication time is 10 ms.
The following information is displayed:
> Ping 192.168.10.21 1000(1000) bytes of data.
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=11ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=8ms TTL=60
1000 bytes from 192.168.10.21: time=7ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=8ms TTL=60
1000 bytes from 192.168.10.21: time=7ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=7ms TTL=60
1000 bytes from 192.168.10.21: time=7ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=8ms TTL=60
NOTE
l If packet loss occurs or the average communication time is longer than 10 ms, the real-time network
speed of the ESXI host is low. In this case, reconfigure the network.
l If the average communication time is shorter than or equal to 10 ms, the real-time network speed of
the ESXI host is normal.
l This method is only used to preliminarily determine a network speed. To test a network speed, you
must use professional tools.
----End
Question
How do I replace a physically damaged blade and configure the new blade?
NOTE
After a blade is physically damaged, VMs installed on it will be automatically switched to the failover
host. After the damaged blade is restored, the VMs switched to the failover host will be automatically
switched back to the new blade.
Answer
Step 1 If a damaged blade is powered off, remove the damaged blade from the E9000 chassis.
Step 2 Install a new blade of the same type as that of the damaged blade to the E9000 chassis and
power on the new blade.
Step 3 Install and configure the VMware ESXi. For details, see Installing and Configuring VMware
ESXi.
NOTE
The IP address configured for and the user name and password used to log in to the ESXi host must be
the same as those on the damaged blade. This ensures that the VMs previously installed on the damaged
blade can be automatically switched to the new blade.
Step 4 For details about how to establish connections between the new blade and the disk array, see
A.11.9 Establishing Connections Between the E9000 Server and the OceanStor 5500 V3
Disk Array on the GUI.
Step 6 For details about how to add the new blade to the HA cluster to which the damaged blade
belongs, see 3 in Configuring an HA Cluster for Blades.
Step 7 For details about how to create a service network on the new blade, see A.11.12 Creating a
Service Network on the GUI.
Step 8 Check whether the VMs on the failover host are switched to the new blade that has been
configured.
1. Select the IP address of the ESXi host on which the new blade is installed in the
navigation tree on the VMware client.
2. Click the Virtual Machines tab, as shown in the following figure.
– If the VMs previously installed on the damaged blade are displayed on the Virtual
Machines tab and running properly, the VMs have been successfully switched from
the failover host to the new blade. In this situation, the damaged blade has been
successfully replaced by the new blade.
– If the VMs previously installed on the damaged blade are not displayed on the
Virtual Machines tab, the VMs have not been switched from the failover host to
the new blade. In this situation, check and reconfigure the new blade according to
the FAQ.
----End
A.11.15 How Do I Change the User Passwords for the vCenter and
the OS That Houses the vCenter?
Question
How do I change the user passwords for the vCenter and the OS that houses the vCenter?
Answer
l Changing the Password of the Windows 2008 OS:
a. log in to the Windows 2008 OS.
b. Choose Control Panel > User Accounts > Change your password.
l Changing the vCenter password:
Changing the OS password also takes effect on the vCenter password. For details about
how to change a vCenter password, see Changing the Password of the Windows 2008
OS.
Answer
Step 1 log to the Windows OS,Choose Start > All Programs > Trend Micro OfficeScan Server >
OfficeScan Web Console (HTML). The Web console login page is displayed.
NOTE
l If a security certificate message is displayed, click Continue to this website (not recommended),
and click OK.
l If the Security Alert dialog box for the installation certificate is displayed, click OK to continue the
installation.
l If a message asking you to add the trusted sites is displayed, click Add, and click Add in the
Trusted sites dialog, close the installation window.
l If a message asking you to install the ActiveX control is displayed, click Install.
l If a message is displayed indicating that the ActiveX control download fails, choose Tools >
Internet Options from the main menu of the Internet Explorer. Click Security tab page, click
Trusted sites and click Sites. The Trusted sites dialog is displayed. Add the OfficeScan server
address to Add this website to the zone.
Step 2 Set User name and Password and click Log On.
Step 3 Choose Networked Computers > Client Management from the navigation tree. On the
Client Management page in the right pane, choose Settings > Real-time Scan Settings. In
the Real-time Scan Settings dialog box, check whether the Enable virus/malware scan
check box is deselected.
l If the Enable virus/malware scan check box is deselected, the OfficeScan software has
been shut down.
l If the Enable virus/malware scan check box is selected, deselect it and then click
Apply to All Clients to shut down the OfficeScan software.
----End
Question
How do I change the idle time after logging in to the vCenter through the VMware vSphere
web client?
Answer
Step 1 Log in to the operating system where the vCenter resides as the administrator user.
Step 3 Delete # in front of session.timeout = 120, and change 120 to a desired value (for example,
10).
NOTE
session.timeout is expressed in seconds.
----End
Question
How do I enable or disable access to the ESXi host through Internet Explorer?
Answer
Step 1 Use Putty to log in to the ESXi host as user root.
Step 2 Enable or disable access to the ESXi host through Internet Explorer.
l To disable access to the ESXi host through Internet Explorer:
Run the following command:
# vim-cmd proxysvc/remove_service "/" "httpsWithRedirect"
If
Successfully removed service.
is displayed, the access to the ESXi host through Internet Explorer has been disabled.
l To enable access to the ESXi host through Internet Explorer:
Run the following command:
# vim-cmd proxysvc/add_tcp_service "/" httpsWithRedirect localhost 8309
If
Successfully added service.
is displayed, the access to the ESXi host through Internet Explorer has been enabled.
----End
Question
How do I change the password of the administrator@vsphere.local user?
Answer
Step 1 Enable the vSphere web client function by referring to A.11.20 How Do I Enable or Disable
the vSphere Web Client Function?.
Step 3 Choose System Management > Single Sign-On > Users and Groups from the main menu.
Step 5 Right-click an Administrator and choose Edit User from the shortcut menu.
----End
Question
How do I enable or disable the vSphere web client function?
NOTE
To ensure security, the vSphere web client function is disabled by default during vCenter installation.
Answer
Step 1 Log in to the OS on which the vCenter is installed as the administrator.
Step 3 Right-click Computer and choose Manage from the shortcut menu.
Step 5 Choose vSphere Web Client from the server list, right-click, and choose Start or Stop from
the shortcut menu.
----End
Question
How do I change the Windows OS computer name?
Answer
Step 1 Log in to the Windows OS as the administrator.
5. In the Computer Name/Domain Changes dialog box, set Computer Name to the name
of the new computer where the OS is installed.
6. Click OK. In the System Properties window, click OK.
7. Restart the computer.
Step 3 Optional: To change the computer name of the vCenter OS, perform the following operations
to delete the existing certificate and install the vCenter again.
1. Access C:\ProgramData\VMware\VMware VirtualCenter\SSL and delete all files in
the directory.
2. Choose Start > Control Panel and click uninstall a program to uninstall the VMware
vCenter Server.
3. Restart the OS.
4. Re-install the vCenter server.
----End
Question
How do I rectify an NIC type error for a VM?
Answer
Step 1 Log in to the VMware vCenter server.
4. Set Named network with specified label: to VM Network_U2000 and click Next.
5. Click Finish.
6. Select New NIC (adding) and Manual to paste the copied MAC address in Step 3.
7. Click OK.
The network adapter will be successfully created 5 minutes later.
Step 5 Select the virtual machine, right-click, and choose Power > Power On from the shortcut
menu.
----End
Question
A snapshot is the duplicate of a VM at a certain time point. If system exceptions or failure
occurs, you can use the snapshot to restore the VM. How to manage VM snapshot?
Answer
l Taking a Snapshot
b. On the vCenter client, right-click the VM and choose Snapshot > Take Snapshot
from the shortcut menu.
NOTE
This section describes how to revert to a snapshot. You do not need to shut down the VM
for the reversion. After the reversion, current VM data will be erased.
a. On the vCenter client, right-click the VM and choose Snapshot > Snapshot
Manager from the shortcut menu.
b. In the Snapshots for VM name dialog box, select a snapshot and click Go to. In the
Confirm dialog box, click Yes.
c. Open the Recent Tasks list and verify that the task is completed.
NOTE
If a VM has been running properly, you can delete its snapshot for higher read and write
performance. The deletion does not require the VM to be shut down either.
a. On the vCenter client, right-click the VM and choose Snapshot > Snapshot
Manager from the shortcut menu. In the Snapshots for VM name dialog box,
select a snapshot and click Delete.
b. Open the Recent Tasks list and verify that the task is completed.
NOTE
----End
Answer
Step 1 Log in to the VMware vSphere Client.
Step 2 In the navigation tree, click the IP address of the VMware server. In the right pane, choose
Configuration > Storage.
Step 5 Click Add Storage to access the Add Storage dialog box.
----End
Question
A VMware tools (W) timeout message is displayed during switching of active and standby
SRMs. How do I modify Timeout to avoid this issue?
Answer
Step 1 See A.12.1 How Do I Log In to VCSA? to log in to the VCSA at the primary site.
NOTE
The following operations should be performed on all service nodes (IS, NM, EM, NBI_GW, FloatIP,
Backup, and PM).
Step 3 Select Recovery Plans in the lower left corner and click the created recovery plan.
Step 4 Select a VM and click Configure Recovery. The VM Recovery Properties dialog box is
displayed.
Step 6 Select Startup Action and modify Wait for VMware Tools(W) to 15 minutes.
----End
Procedure
Step 1 Log in to the VMware vCenter server.
Step 2 Add the virtual interface group VM Network_U2000_Replication on the vSwitch3 virtual
switch of U2000 computing node.
1. Select the ESXi host where the U2000 VM resides and click Configuration.
2. Select Networking and click Properties in the Standard Switch: vSwitch3 area.
6. Click OK.
7. Repeat steps Step 3.1 to Step 3.6 to add the other adapter.
----End
Procedure
Step 1 Log in to the VMware vCenter server.
----End
Question
How do I log in to VCSA?
Answer
Step 1 Enter https://VCSA IP address/vsphere-client in the address bar of a browser and press
Enter to access the login page.
l Browser versions supported by the vSphere Web Client include:Mozilla Firefox 34 to 49,
and Google Chrome 39 to 53. For best performance, use Google Chrome.
l vSphere Web Client 6.5 requires Adobe Flash Player 16 to 23. For best performance and
security fixes, use Adobe Flash Player 23.
NOTE
If you encounter any problem related to the Adobe Flash Player, visit http://www.adobe.com/
support/documentation/cn/flashplayer/help/index.html and see the description on this webpage
for troubleshooting.
Step 2 Enter the VMware VCSA administrator name and password and click Log in.
NOTE
l Administrator name and password of the VCSA, for details, see User Account and Password
PlanningCollecting InformationCollecting Information.
l Change the passwords periodically (at an interval of 3 or 6 months) to improve system security and
avoid security risks, such as violent password cracking. For details, see A.12.7 How Do I Change a
VCSA User Password?.
l This manual uses a Google Chrome as an example to describe how to operate the vSphere Web
Client. Operations using a Mozilla Firefox browser may differ slightly.
----End
Answer
Step 1 Start a browser, enter https://IP address of the VMware ESXi host/ui into the address bar
and press Enter.
Supported browser versions include: Mozilla Firefox 15 and later, and Google Chrome 25 and
later.
Step 2 Enter the root user name and password of the ESXi host and click Login.
NOTE
Change the passwords periodically (at an interval of 3 or 6 months) to improve system security and
avoid security risks, such as violent password cracking. For details, seeHow Do I Change the Account
Password for the VMware ESXi OS?.
----End
Answer
Step 1 Enter https://VCSA IP address:5480 in the address bar of a browser and press Enter to
access the login page.
l Supported browser versions include: Mozilla Firefox 15 and later, and Google Chrome
25 and later.
l Ensure that TLS 1.1 and TLS 1.2 are enabled in security settings.
Step 2 Enter the root user name and password and click Login.
The default root user password is the password set during VCSA deployment.
----End
Answer
Step 1 Enter https://VR IP address:5480 in the address bar of a browser and press Enter to access
the login page.
l Supported browser versions include: Mozilla Firefox 15 and later, and Google Chrome
25 and later.
l Ensure that TLS 1.1 and TLS 1.2 are enabled in security settings.
Step 2 Enter the root user name and password and click Login.
l The default root user password is the password set during VR deployment.
l Change the passwords periodically (at an interval of 3 or 6 months) to improve system
security and avoid security risks, such as violent password cracking. For details, see A.
12.8 How to change the Password of the vSphere Replication Appliance.
----End
Answer
Step 1 Log in to the VCSA.
----End
Answer
Before restarting or shutting down the ESXi host, you need to shut down all VMs running on
the ESXi host. This prevents VM OS data from being lost during the power-off of the ESXi
host. VMs can be shut down manually or automatically. If too many VMs are running on the
ESXi host, you are advised to use the automatic VM startup and shutdown function provided
by VMware. For details about the automatic operations, see Step 1. For details about the
manual operations, see A.12.5 How to Power on or Power off the VM. If the host is part of
a vSphere HA cluster, the automatic VM startup and shutdown is disabled by VMware.
Step 1 Configure VMs running on the ESXi host to automatically start or shut down as the ESXi host
is started or shut down.
1. Optional: Select the cluster HA. On the Configure tab on the right, select vSphere
Availability to ensure vSphere HA is Turned OFF.
NOTE
If the host is part of a vSphere HA cluster, the automatic VM startup and shutdown is disabled by
VMware. That is, this step is mandatory only when the following conditions are met:
1. The host to be restarted is located in the vSphere HA cluster.
2. The vSphere HA function has been enabled in the cluster.
2. Click the ESXi host to be restarted, choose ConfigureVirtual Machines > Virtual
Machine Startup and Shutdown, and click Edit.
3. In the Default VM Settings area, select Automatically start and stop the virtual
machines with the system.
4. In the Per-vm Overrides area, use to move all VMs on the ESXi host to Automatic
Startup.
5. Click OK.
Step 2 Right-click the ESXi host to be restarted and choose Power > Shut Down from the shortcut
menu.
VMs on the ESXi host are automatically shut down in reverse order based on the
configuration in Step 1.4.
Step 3 Right-click the ESXi host to be restarted and choose Power > Power On from the shortcut
menu.
VMs on the ESXi host are automatically started in order based on the configuration in Step
1.4.
Step 4 Optional: Select the cluster HA. On the Configure tab on the right, choose vSphere
Availability and ensure vSphere HA is Turned ON.
NOTE
This step is mandatory only when the following conditions are met:
1. The host to be restarted is located in the vSphere HA cluster.
2. The vSphere HA function needs to be enabled again in the cluster.
----End
Answer
l Log in to the VCSA.
l Click the user name in the upper right corner and select Change Password.
l In the Change Password dialog box, change the user password and click OK.
NOTE
A password must meet requirements. For details, click . Choose Home > Administration >
Single Sign-On > Configuration > Policies > Password Policy. To ensure system security, you can
modify password requirements. For example, a password must:
l Contain at least eight characters.
l Be different from the latest five passwords.
l Contains at least two letters.
l Contains at least one special character.
l Contains at least one uppercase letter.
l Contains at least one lowercase letter.
l Contains at least one digit.
Change the passwords periodically (at an interval of 3 or 6 months) to improve system security and avoid
security risks, such as violent password cracking.
Answer
Step 1 Log in to the VR Management Page.
Step 3 Type the current password in the Current Password text box.
Step 4 Type the new password in the New Password and the Confirm New Password text boxes.
The password must be a minimum of eight characters. vSphere Replication does not support
blank passwords.
Step 5 Click Apply to change the password.
----End
A.12.9 How Do I Change the Host Name and User Password for
the Windows
Question
How Do I Change the User and User Passwords for the Windows?
NOTE
Change the passwords periodically (at an interval of 3 or 6 months) to improve system security and avoid
security risks, such as violent password cracking.
Answer
l Change the user name of the Windows.
a. Log in to the Windows as the administrator.
b. Choose Start > Computer.
c. Right-click Computer and choose Properties from the shortcut menu.
d. Click Change settings.
e. In the System Properties window, click Change on the Computer Name tab.
f. In the Computer Name/Domain Changes dialog box, set Computer Name to the
name of the new computer where the OS is installed.
g. Click OK. In the System Properties window, click OK.
h. Restart the computer.
l Change the user password of the Windows.
a. Log in to the Windows as the administrator.
b. Choose Control Panel > User Accounts > Change your password.
----End
Answer
Step 1 Log in to the VCSA.
Step 2 In the navigation tree, select an ESXi host. Click Configure > Networking > Virtual
switches.
NOTE
Requirements of the U2000 on the virtual machine port group (network label): As management and
services are implemented on independent network segments, the service network must be connected to
the external network through a service router. U2000 virtual machines need to be created on the service
router.
l Perform the following operations to view the non-used port groups (network label) on
the virtual machine:
If no information about the virtual machine is displayed in the Virtual Machine Port
Group area, the port group of the virtual machine is not used. Otherwise, the port group
(network label) is used. As shown in the preceding figure, port group VM
Network_U2000 is not used by the virtual machine.
l Perform the following operations to create a virtual machine port group (network label):
a. Select a vSwitch, such as vSwitch2. Click and the Add Networking dialog
box is displayed.
b. Select Virtual Machine Port Group for a Standard Switch and click Next.
c. Select Select an existing standard switch and click Next.
d. In the Network Label area, set the name of the new label and set VLAND ID to
the default value None.
e. Click Next.
f. Click Finish.
----End
Answer
Step 1 Log in to the VCSA.
Step 2 On the VMware vSphere Client, you can select the IP address of the VMware server from the
navigation tree and click Summary in the right pane and view the available space of the
storage on a virtual machine.
NOTE
l The available space of the storage on the virtual machine must meet the U2000 requirement
(Storage: 3.77 TB or higherStorage: 400 GB or higherStorage: 400 GB or higher); otherwise, the
U2000 cannot be installed.
l A storage with the available space of 4.61 TB is used as an example to describe how to check the
available space. You can create virtual hard disks 1 and 2 on the storage.
----End
Answer
vmnic0
vmnic1
vmnic2
...
vmnicN
Step 2 Select an ESXi host from the navigation tree. Choose Configure > Networking > Virtual
switches.
Step 3 Select a virtual switch and click . The Manage Physical Network Adapters for
vSwitch dialog box is displayed. Check all network interfaces of the virtual switch and
manually enter them into the Network Adapters (network interfaces) column in Table
A-20.
Step 4 Select the virtual switch. In the details area, click on the right of network labels one by
one. Choose All > Teaming and failover to check information of Active adapters and
Standby adapters and supplement the Virtual Machine PortGroup (network label)
column in Table A-20.
----End
Question
How do I configure the memory of a virtual machine?
Answer
Step 1 Log in to the VCSA.
1. Click the VM name. Choose Configure > VM Hardware and click Edit in the upper
right corner.
2. In the Edit Settings dialog box, click Memory.
NOTE
Set the parameters as follows:
– Shares: Select Custom and set the memory value as predefined
– Reservation: Input 0 MB.
– Reserve all guest memory (All locked): Clear the selection of the check box.
– Limit: Unlimited.
3. Click OK.
----End
Question
How do I change the number of CPUs in a virtual machine?
Answer
Step 1 Log in to the VCSA.
Step 3 Right-click a VM and choose Edit Settings from the shortcut menu.
Step 4 In the Edit Settings dialog box, choose Virtual Hardware > CPU.
Step 5 Choose the number of CPUs from the CPU drop-down list.
NOTE
l The available virtual CPUs of a VM depends the number of CPUs supported by a host and that supported
by the VM OS.
l After parameter settings are complete, you can select the number of CPUs for each slot from the Cores
per Socket drop-down list.
----End
Answer
Step 1 Log in to the VCSA.
Step 2 Power off the virtual machine to be configured.
Step 3 Right-click a VM and choose Edit Settings from the shortcut menu.
Step 4 In the Edit Settings dialog box, choose Virtual Hardware tab.
Step 5 In the Virtual Hardware dialog box, choose New Hard Disk from the New Device drop-
down list and click Add.
Step 6 Expand the new hard disk. Enter a size for the virtual hard disk to be configured, choose
Thick provision lazy zeroed from the Disk Provisioning drop-down list, and use default
settings for other parameters.
----End
Prerequisites
ESXi has been installed and configured on the E9000 server. For details, see Installing and
Configuring VMware ESXi.
Context
l All the related networks must be configured on each ESXi host on the E9000 server.
l Table A-21 lists the network parameters planned in the default delivery scenario. The
vmnicX number may be different from the planned value due to different ESXi and
E9000 versions. You are advised to re-match the mapping by following the operations
described in How Do I Query the Corresponding Relationship Between Ports and
vmnicX Numbers.
Procedure
Step 1 Log in to the VMware ESXi.
6. Choose Port groups in the right pane, click Add port group.
7. In the Add port group - New port group dialog box, set Name to VM
Network_Management, VLAN ID to 3015, Virtual switch to vSwitch0, retain the
default settings of other parameters, click Add.
4. Choose Port groups in the right pane, click Add port group.
5. In the Add port group - New port group dialog box, set Name to VMkernel_iSCSI1,
VLAN ID to 3012, Virtual switch to vSwitch1, retain the default settings of other
parameters, click Add.
6. Choose VMkernel NICs in the right pane, click Add VMkernel NIC.
7. In the Add VMkernel NIC dialog box, set Port group to VMkernel_iSCSI1, IP
version to IPv4 only, IPv4 setting to static, TCP/IP stack to Default TCP/IP stack,
click Create.
4. Choose Port groups in the right pane, click Add port group.
5. In the Add port group - New port group dialog box, set Name to VMkernel_iSCSI2,
VLAN ID to 3012, Virtual switch to vSwitch2, retain the default settings of other
parameters, click Add.
6. Select the Networking from the navigation tree, choose VMkernel NICs in the right
pane, click Add VMkernel NIC.
7. In the Add VMkernel NIC dialog box, set Port group to VMkernel_iSCSI2, IP
version to IPv4 only, IPv4 setting to static, TCP/IP stack to Default TCP/IP stack,
click Create.
6. Choose Port groups in the right pane, click Add port group.
7. In the Add port group - New port group dialog box, set Name to VM
Network_U2000, VLAN ID to 3014, Virtual switch to vSwitch3, retain the default
settings of other parameters, click Add.
Step 6 Repeat Step 1 to Step 5 to create communication networks for other ESXi hosts.
----End
Prerequisites
l The E9000 server has been physically connected to disk arrays.
l ESXi has been installed and configured on the E9000 server. For details, see Installing
and Configuring VMware ESXi.
Context
All the blades on the E9000 server must establish a connection with the OceanStor 5500 V3
array disk.
Procedure
Step 1 Log in to the VMware ESXi.
NOTE
– Address: must be on the same network segment as the disk array iSCSI network P0 interface's
IP address. The IP of iSCSI interface Controller A Port 0 and Controller B Port 0 are
192.168.0.20 and 192.168.0.21 respectively.
– Subnet Mask: must be the same as the subnet mask of the disk array iSCSI network interface
P0. The subnet mask of iSCSI interface Controller A Port 0 and Controller B Port 0 are
255.255.255.0.
3. Select the Networking from the navigation tree, choose VMkernel NICs in the right
pane, click Add VMkernel NIC.
4. In the Add VMkernel NIC dialog box, set Port group to VMkernel_iSCSI2, IP
version to IPv4 only, IPv4 setting to static, TCP/IP stack to Default TCP/IP stack,
and set the Address and Subnet mask by referring to Table A-24Table A-25, click
Create.
NOTE
– IP Address: must be on the same network segment as the disk array iSCSI network P1
interface's IP address. The IP of iSCSI interface Controller A Port 1 and Controller B Port 1
are 192.168.1.20 and 192.168.1.21 respectively.
– Subnet Mask: must be the same as the subnet mask of the disk array iSCSI network interface
P1. The subnet mask of iSCSI interface Controller A Port 1 and Controller B Port 1 are
255.255.255.0.
Step 4 Configure an iSCSI adapter and establish a connection with the disk array.
1. Select the Storage from the navigation tree, choose Adapters in the right pane.
2. Select the vmhba64, click the Configure iSCSI.
3. In the Configure iSCSI - vmhba64 dialog box, click Add dynamic target in Dynamic
targets to add all disk array's iSCSI network interfaces' IP addresses for the iSCSI
server.
NOTE
– iSCSI Server: uses the IP address of the disk array's iSCSI network interface.
– Port: keeps the default settings unchanged.
4. Click Save configuration.
5. Select the vmhba64, click Rescan to rescan the adapter.
NOTE
Open the Configure iSCSI - vmhba64 dialog box after the rescan, check the Static targets. The
Static targets are discovered automatically after configuring the Dynamic targets and rescaning.
– Port 8088 needs to be enabled when the system provides the web service externally in an
environment with the firewall deployed.
– A message may be displayed indicating that the security certificate of the website brings risks.
In this case, ignore the message and continue to visit the disk array as long as the IP address is
correct.
3. Enter the user name and password and click Log in to log in to the OceanStor
DeviceManager.
In the Welcome to OceanStor DeviceManager dialog box, click Close.
NOTE
1. Click Provisioning.
2. Click Host in the Provisioning window.
3. On the Host tab, select the desired blade and click Add Initiator.
4. In the Available Initiators area, select the initiator for the iSCSI adapter in Step 4 and
click .
5. Click OK. In the Danager dialog box, select I have read and understood the
consequences associated with performing this operation. and click OK.
6. In the Execution Result dialog box, click Close.
Step 7 Repeat Step 1 to Step 6 to establish a connection between other blades and the array disk.
l After establishing connections between the disk array and computing nodes, the Devices tab displays
new LUNs but the Datastores tab does not display the identities of the new LUNs. You need to add
the identities manually.
l Adding only one E9000 datastore identity is needed. Other E9000 datastore identities will be
automatically added.
1. Select the Storage from the navigation tree, choose Datastores in the right pane.
2. Click the New datastore.
3. In the New datastore dialog box, select Create new VMFS datastore, click Next.
4. Enter the LUN name LUN001_U2000, select a storage device, click Next.
5. In the Select partitioning options page, select VMFS 5, click Next.
6. In the Ready to complete page, verify parameter settings and click Finish.
NOTE
If the result of data storage task creation is Completed successfully in the Recent Tasks column, the
LUN is successfully added.
Step 10 After the configuration is complete, IDs of new LUNs are displayed in the Datastores area.
----End
Prerequisites
l The user name and password used to log in to OceanStor DeviceManager are available.
l The 5500V3 disk array has remaining space that has no LUN divided.
Procedure
Step 1 Log in to the OceanStor DeviceManager at the protected site.
– Port 8088 needs to be enabled when the system provides the web service externally in an
environment with the firewall deployed.
– A message may be displayed indicating that the security certificate of the website brings risks. In
this case, ignore the message and continue to visit the disk array as long as the IP address is correct.
3. Enter the user name and password and click Log in to log in to the OceanStor
DeviceManager.
In the Welcome to OceanStor DeviceManager dialog box, click Close.
NOTE
2. On the LUN tab, click Create. The Create LUN dialog box is displayed.
3. Enter the LUN name LUN003_U2000.
4. Select Use all the free of the owning storage pool.
5. Click OK.
Step 5 After the configuration is complete, IDs of new LUNs are displayed in the Datastores area.
----End
Question
How do I create a network on the GUI through vSphere Web Client?
Answer
For example, create and configure a service network for the ESXi host by referring to Table
A-26.
3. Click .
4. On the Select connection type tab page of the Add Networking window, choose
Virtual Machine PortGroup for a Standard Switch, then clickNext.
5. On the Select target device tab page, choose New standard switch, then clickNext.
2. On the Teaming and failover tab page of the Edit Setting window, set the following
parameters.
a. Load balancing: Use Route based on the originating virtual port by default.
b. Network failover detection: Select Beacon probing.
c. Notify Switches: Use Yes by default.
d. Failback: Use Yes by default.
2. On the Teaming and failover tab page of the Edit Settings window, make sure the
settings are the same as those in Step 3.2.
3. Click OK to finish.
----End
Answer
Step 1 Log in to a networked PC except the ESXI host.
Step 2 Run the following command in the command line window:
> ping -l 1000 ESXI host IP address -t
NOTE
Step 3 Press Ctrl+c to stop the command after about 20 periods. In the case of no packet loss, the
average communication time is 10 ms.
The following information is displayed:
> Ping 192.168.10.21 1000(1000) bytes of data.
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=11ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=8ms TTL=60
1000 bytes from 192.168.10.21: time=7ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=8ms TTL=60
1000 bytes from 192.168.10.21: time=7ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=7ms TTL=60
1000 bytes from 192.168.10.21: time=7ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=6ms TTL=60
1000 bytes from 192.168.10.21: time=8ms TTL=60
NOTE
l If packet loss occurs or the average communication time is longer than 10 ms, the real-time network
speed of the ESXI host is low. In this case, reconfigure the network.
l If the average communication time is shorter than or equal to 10 ms, the real-time network speed of
the ESXI host is normal.
l This method is only used to preliminarily determine a network speed. To test a network speed, you
must use professional tools.
----End
Answer
Step 1 Powered off the damaged blade, then remove the damaged blade from the E9000 chassis.
Step 2 Install a new blade of the same type as that of the damaged blade to the E9000 chassis and
power on the new blade.
Step 3 Install and configure the VMware ESXi on the new blade, see Installing and Configuring
VMware ESXi.
NOTE
The IP address configured for and the user name and password used to log in to the ESXi host must be
the same as those on the damaged blade.
Step 4 Establish connections between the new blade and the disk array, see Create a Connection
Between the E9000 Server and Disk Array in the CLI.
Step 5 Log in to the VCSA.
Step 6 Select the damaged blade from the cluster, right-click, and choose Remove from Inventory
from the shortcut menu.
Step 7 Add the new blade to the cluster to which the damaged blade belongs, see Configuring an HA
Cluster for Blades.
Step 8 Create networks on the new blade, see Configure Networks in the CLI.
Step 9 Switch VMs to the new blade.
1. In the navigation tree on the vSphere Web Client, select the VMs on the failover host,
choose Migrate.
2. On the Select the migration type tab of the Migrate page, choose Change compute
resource only, click Next.
3. On the Select compute resourcetab, choose the new balde, click Next.
4. On the Select networks tab, the Destination Network must be the same as that of
Source Network, click Next.
5. On the Select vMotion prioritytab, choose Schedule vMotion with high priority, click
Next.
6. On the Ready to complete tab, click Finish.
7. Repeat Step 9.1 to Step 9.6 to switch all VMs back to the corresponding new blade.
8. In the navigation tree on the vSphere Web Client, right-click the new blade.
9. Select VMs > Virtual Machines.
– If the VMs previously installed on the original damaged blade are displayed on the
Virtual Machines tab and running properly, the VMs have been successfully
switched from the failover host to the new blade. In this situation, the damaged
blade has been successfully replaced by the new blade.
– If the VMs previously installed on the damaged blade are not displayed on the
Virtual Machines tab, the VMs have not been switched from the failover host to
the new blade. In this situation, check and reconfigure the new blade and switch the
VMs according to the FAQ.
----End
NOTE
Rectify the fault as soon as possible, ensuring that the VM corresponding to the host in the DRS rules
can be properly restored during the SRM switchover.After the damaged blade is replaced, the VMs
switched to the failover host need to be manually switched back to the new blade.
Answer
Step 1 Powered off the damaged blade, then remove the damaged blade from the E9000 chassis.
Step 2 Install a new blade of the same type as that of the damaged blade to the E9000 chassis and
power on the new blade.
Step 3 Install and configure the VMware ESXi on the new blade, see Installing and Configuring
VMware ESXi.
NOTE
The IP address configured for and the user name and password used to log in to the ESXi host must be
the same as those on the damaged blade.
Step 4 Establish connections between the new blade and the disk array, see Create a Connection
Between the E9000 Server and Disk Array in the CLI.
Step 6 Select the damaged blade from the cluster, right-click, and choose Remove from Inventory
from the shortcut menu.
Step 7 Add the new blade to the cluster to which the damaged blade belongs, see Configuring an HA
Cluster for Blades.
Step 8 Create networks on the new blade, see Configure Networks in the CLI.
the new blade. In this situation, check and reconfigure the new blade and switch the
VMs according to the FAQ.
----End
Question
How Do I Change the Idle Time After Logging In to the VCSA Through the VMware
vSphere Web Client?
Answer
Step 1 Log in to the VCSA.
Step 2 Select the VCSA's IP address from the navigation tree. Choose Configure > Settings >
General in the right pane.
Step 4 In the Edit vCenter Server Setting dialog box, select Timeout setting.
Step 5 In Normal operations, enter a timeout interval, in seconds, for normal operations.
Step 6 In Long operations, enter a timeout interval, in minutes, for long-time operations.
1. Click in the upper right corner and click Home to access the Home page.
2. Choose Administrator > Deployment > System Configuration.
3. Choose System Configuration > Services from the navigation tree and expand the
Services list.
4. Select VMware vSphere Web Client in the service list, right-click, and choose Restart
from the shortcut menu to restart it.
----End
Question
How do I enable SSH for the VMware ESXI hosts?
Answer
Step 1 Log in to the VMware ESXi.
Step 2 Choose Host > Manage > Services, ensure that the SSH process of Services is displayed as
Running
Step 3 Optional: If the SSH process is displayed as Stopped, click Start to enable SSH.
NOTE
To disable SSH, click Stop to disable SSH.
----End
Question
How do I rectify an NIC type error for a VM?
Answer
Step 1 Log in to the VCSA.
Step 2 Select the VM with an NIC Type Error, right-click, and choose Power > Power Off to stop
the VM.
Step 3 Remove the adapter with an NIC type error, for example, Network adapter 1.
1. Select the desired VM and click Edit Settings. The Edit Settings window is displayed.
2. Choose Virtual Hardware > Network adapter 1. Expand Network adapter 1, copy
the MAC Address value and click Remove to delete Network adapter 1.
3. Click OK, the Edit Settings closed.
----End
Question
How to manage VM snapshots?
Answer
l A VM snapshot is an image of a VM disk file at a specific time point and is used to back
up the current system status.
l VM snapshots need to be generated only before system upgrade or patch installation.
When VM system upgrade or patch installation fails and cannot be recovered, you can
restore the VM to the previous status using snapshots.
l It is recommended that the number of snapshots on a VM be no more than two and the
stored time of each snapshot be no more than three days.
l Log in to the VCSA.
l Taking a Snapshot
It is recommended that a maximum of 2 snapshots be taken; otherwise, the VM OS
performance will be compromised. To ensure data consistency between VMs and shorten
the snapshot-taking time, perform the following operations:
a. Right-click the VM and choose Power > Power Off to power off the VM.
b. Right-click the VM and choose Snapshots > Take Snapshot.
c. Set Name and Description and click OK.
d. Open the Recent Tasks list and verify that the task is completed.
NOTE
b. In the Snapshots for VM name dialog box, select a snapshot and click . In the
Confirm dialog box, click Yes.
c. Open the Recent Tasks list and verify that the task is completed.
d. After the reversion, right-click the VM and choose Power > Power On to power on
the VM.
l Deleting a Snapshot
If a VM has been running properly, you can delete its snapshot for higher read and write
performance. The deletion does not require the VM to be shut down either.
a. Right-click the VM and choose Snapshot > Snapshot Manager from the shortcut
menu. In the Snapshots for VM name dialog box, select a snapshot and click
Delete.
b. Open the Recent Tasks list and verify that the task is completed.
NOTE
----End
Question
How do I upgrade a VM hardware version?
Answer
l A VM compatibility level determines virtual hardware available to VMs. Virtual
hardware on a VM maps physical hardware on a host. A compatibility level upgrade will
upgrade a VM hardware version.
l Virtual hardware includes BIOS and EFI, number of available virtual PCI slots,
maximum number of CPUs, maximum memory configurations, and other features. Table
A-28 shows function differences of various hardware versions.
NVMe controller 4 N N
PCI passthrough 16 16 6
Serial port 32 32 4
l Select a VM from the navigation tree in vSphere Web Client and click the Summary tab
to check its hardware versions.
Step 2 Power off the VM to be upgraded. For details, see A.12.5 How to Power on or Power off the
VM.
Step 4 Select a desired ESXi version. Table A-29 shows the mapping of VM compatibility and
hardware versions.
----End
Question
How do I configure the default method for enabling VM remote control?
Answer
Use vSphere Web Client to start the VM remote console and access the virtual desktop. The
VM remote console allows you to perform various tasks on VMs. The tasks include installing
an OS, setting OS parameters, running an application, and monitoring performance. vSphere
Web Client supports two VM remote consoles.
NOTE
l Remote Console: The VMware Remote Console (VMRC) application is opened in an independent
window. This application is used to connect to clients and start the VM console on a remote host.
l Web remote console: This console is opened in a browser. When the web remote console is used, some
functions are unavailable.
Step 2 Select a VM from the navigation tree. Click on the Summary tab.
Step 4 In the Change Default Console dialog box, select the default method of opening the VM
remote console and click OK.
NOTE
If Remote Console is used, the VMRC must be installed.
1. Click install from here in Change Default Console. The message There is a problem with this
website's security certificate. is displayed.
2. Click Continue to this website (not recommended). to download the VMRC installation software.
3. Double-click the software to start VMRC installation.
----End
Question
How do I check and add a storage device?
Answer
Step 1 Log in to the VCSA.
Step 2 In the navigation tree, click the IP address of the VMware server. In the right pane, choose
Configure > Storage > Datastores.
Step 4 Click .
Step 5 In the New Datastore dialog box, select VMFS and click Next.
l If the Name list is empty, no storage device is added.
l If the Name list is not empty, add a storage device.
Step 6 Enter the datastore name, select a storage device and click Next.
Step 7 In the VMFS version dialog box, select VMFS-5 and click Next.
Step 8 In the Partition configuration dialog box, click Next.
Step 9 In the Ready to complete dialog box, verify partition parameter settings and click Finish.
NOTE
If in the Recent Tasks column, Status is displayed as Completed for the data storage task, the storage is
added successfully.
----End
Context
VMware Tools installation may cause temporary network disconnections. You need to restart
the OS to make the installed VMware Tools take effect. Therefore, exercise caution when
performing this operation.
Procedure
Step 1 Log in to the VCSA.
Step 2 Check drive configurations.
1. Right-click a VM and choose Edit Settings... from the shortcut menu. The Edit Settings
dialog box is displayed.
2. On the Virtual Hardware tab, click CD/DVD drive 1. Ensure that CD/DVD drive 1 is
set to Client Device and Device Mode is set to Passthrough CD-ROM.
3. Click OK.
Step 3 Install the VMware Tools (applicable to service nodes).
1. Right-click the VM and choose Guest OS > Install VMware Tools from the shortcut
menu. The Install VMware Tools dialog box is displayed.
2. Click Mount to mount the VMware Tools software.
3. Right-click the VM, and choose Open Console from the shortcut menu. The console
dialog box is displayed.
The VM's remote console is enabled in two methods. To switch to default method of
opening the remote console, see A.12.28 How Do I Configure the Default Method for
Enabling the VM Remote Console?.
NOTE
– If you use a Chrome, if the Invalid security certificate dialog box is displayed after you
choose Open Console, select Allow.
– If you want to exit from the console, press Ctrl+Alt.
– The number pad keyboard is not recommended. This is because Num Lock may fail to work
normally when the OS is installed on certain machines.
4. Log in to the SUSE Linux as the root user.
5. On the desktop, right-click and choose Open in Terminal from the shortcut menu to
access the command line interface (CLI).
6. Run the following commands to determine whether the virtual machine automatically
mounted the VMware Tools virtual CD-ROM image.
# mount
NOTE
If the virtual machine has not automatically mounted the VMware Tools virtual CD-ROM image, please
run the following commands.
# mkdir /media/VMware\ Tools # mount /dev/cdrom /media/VMware\ Tools
Then perform Step 3.6 again.
8. Run the following commands to create a vmtools folder, copy the VMware Tools
software package to this folder, and decompress this package:
# mkdir /opt/vmtools # cp /media/VMware\ Tools/VMwareTools-*.tar.gz /opt/
vmtools # cd /opt/vmtools/ # tar xf VMwareTools*
Wait about 3 minutes. If the following information is displayed on the screen, the
VMware Tools have been installed.
Enjoy,
Found VMware Tools CDROM mounted at /media/VMware Tools. Ejecting device /dev/
sr0 ...
Step 4 Install the VMware Tools (applicable to the Windows Server 2008 VM or the SRM VM).
NOTE
Due to restrictions of the VMware software, it is normal that the system does not respond to mouse
operations before VMware Tools is installed on the Windows VM.
NOTE
Due to restrictions of the VMware software, it is normal that the Windows Server 2008 OS does not
respond to mouse operations before VMware Tools is installed on the VM.
1. Right-click the VM and choose Guest OS > Install VMware Tools from the shortcut
menu. The Install VMware Tools dialog box is displayed.
2. Click Mount to mount the VMware Tools software.
3. Right-click the VM, and choose Open Console from the shortcut menu. The console
dialog box is displayed.
The VM's remote console is enabled in two methods. To switch to default method of
opening the remote console, see A.12.28 How Do I Configure the Default Method for
Enabling the VM Remote Console?.
NOTE
– If you use a Chrome, if the Invalid security certificate dialog box is displayed after you
choose Open Console, select Allow.
– If you want to exit from the console, press Ctrl+Alt.
– The number pad keyboard is not recommended. This is because Num Lock may fail to work
normally when the OS is installed on certain machines.
4. Log in to the Windows OS.
5. On the desktop, use Tab, up and down arrow keys and press Enter to select Start >
Computor, then select DVD Driver with the VMware Tools mounted. The VMware
Tools installation wizard is displayed.
Step 5 Right-click a VM and choose Edit from the shortcut menu. In the displayed window, choose
VM Options > VMware tools and select Synchronize guest time with host.
----End
Question
A VMware tools timeout message is displayed during switching of sites on the SRM solution.
How do I modify Timeout to avoid this issue?
Answer
NOTE
The following procedues need to be performed on all service nodes on the protected site.
Step 4 Choose the created recovery plan from the navigator tree.
Step 5 On the right pane, choose Related Objects > Virtual Machines.
Step 7 On the VM Recovery Properties dialog box, select Shutdown Action and set Timeout
under Shutdown guest OS before power off(requires VMware Tools) to 15 minutes.
Step 8 Select Startup Action and set Timeout under Wait for VMware Tools to 15 minutes.
----End
Procedure
Step 1 Log in to the VCSA.
Step 2 Add the virtual interface group VM Network_U2000_Replication on the vSwitch3 virtual
switch of U2000 computing node.
1. Select the ESXi host where the U2000 VM resides and click Configuration.
2. Click Configure > Networking > Virtual switches.
3. Select the vSwitch3. Click and the Add Networking dialog box is displayed.
4. Select Virtual Machine Port Group for a Standard Switch and click Next.
5. Select Select an existing standard switch and click Next.
6. In the Network Label area, set the name VM Network_U2000_Replication of the new
label and set VLAND ID (Optional) to 3011.
7. Click Next.
8. Click Finish.
Step 3 Add two U2000 VM-specific network adapters.
1. In the navigation tree, right-click the U2000 VM and choose Edit Settings from the
shortcut menu. The VM Name - Edit Settings dialog box is displayed.
2. In the New device area in the lower pane, select Network, click Add.
3. Select VM Network_U2000_Replication in the New Network area and select Connect.
4. Click OK.
5. Repeat steps Step 3.1 to Step 3.4 to add the other adapter.
----End
Procedure
Step 1 Log in to the VCSA.
3. Select the vSwitch3. Click and the Add Networking dialog box is displayed.
4. Select Virtual Machine Port Group for a Standard Switch and click Next.
5. Select Select an existing standard switch and click Next.
6. In the Network Label area, set the name VM Network_U2000_Replication of the new
label and set VLAND ID (Optional) to 3011.
7. Click Next.
8. Click Finish.
9. Repeat steps Step 2.1 to Step 2.8 to add the virtual interface group VM
Network_U2000_Application and set VLAND ID (Optional) to 3010.
----End
B U2000 Utilities
This topic describes the common applications of the U2000. The U2000 provides certain
simple applications so that you can conveniently perform operations on the U2000.
Table B-1 shows the common applications provided by the U2000 in the Windows OS.
Table B-2 shows the common applications provided by the U2000 in the Solaris OS.
Table B-3 shows the common applications provided by the U2000 in the SUSE Linux OS.
C MSuite
This topic describes the related concepts and common operations of the MSuite.
C.1 Overview
This topic describes the system structure, functions, features, and certain basic concepts of the
MSuite.
C.2 Starting and Stopping the MSuite
This topic describes how to start and stop the MSuite.
C.3 System Management
This topic describes how to use the system management functions of the MSuite.
C.4 U2000 Deployment
This topic describes how to deploy the U2000. After the U2000 is installed, you can maintain
or adjust the deployment of the U2000 through the MSuite.
C.5 Adjusting the NMS
This topic describes how to adjust the NMS. After the U2000 is installed, you can adjust the
U2000 server parameters through the MSuite.
C.6 Management of the High Availability System (Veritas hot standby)
This topic describes the frequently used operations of managing and maintaining the high
availability system (Veritas hot standby) through the MSuite.
C.7 Managing Certificate File
If the SSL certificate has expired or a specific SSL certificate is required, replace the current
SSL certificate.
C.8 Commissioning Tool
This topic describes the scenarios where a U2000 is commissioned. To enable a U2000 to
manage networks, you must commission the U2000 before using it to manage NEs and
configure services. The commissioning tool is used only after the initial installation of the
U2000 is complete. Do not use the commissioning tool after the U2000 has running for a
period of time. If the U2000 need to be commissioned after the initial installation of the
U2000 is complete, see section Commissioning the U2000 in the software installation and
commissioning guide.
C.9 Modify U2000 Configuration Items
Some function items of the U2000 can be controlled by the configuration items in the
configuration file. The U2000 provides a GUI-based tool that allows you to view and modify
configuration item settings through graphical user interfaces (GUIs).
C.1 Overview
This topic describes the system structure, functions, features, and certain basic concepts of the
MSuite.
Terms
l MSuite: The MSuite is a graphical maintenance tool developed for the Huawei iManager
U2000 (U2000), a type of Huawei network product. The MSuite is used to debug,
maintain, and redeploy the U2000. For the system architecture of the MSuite, see C.1.2
System Architecture. For the functions and features of the MSuite, see C.1.3 Function
Overview.
l Server: Usually, a computer running the server program is called a server. Here, the
server refers to a computer that runs the U2000 server program.
l Domain: It is the software unit deployed on a computer.
The MSuite works in single-user mode. That is, only one MSuite client is allowed to log in to
the MSuite server at one time. For example, in the Figure C-1, maintenance engineers 1 and 2
cannot log in to the MSuite client at the same time to operate the U2000.
NOTE
Managing the Changing the password For details, see C.3.1 Changing the Password
NMS of the MSuite.
Logging out of the For details, see C.2.3 Exiting from the MSuite
MSuite client client.
Exiting from the For details, see C.2.3 Exiting from the MSuite
MSuite client client.
Deploying Modifying the system For details, see C.4.1 Setting the System Time
and time and time zone and Time Zone.
maintaining
the NMS Changing the password For details, see C.4.2 Changing the Password
of the administrator of the Database Administrator.
user of the database
Changing the password For details, see C.4.3 Changing the Password
of the NMS user of the of the User of the Database.
database
Configuring the local For details, see C.6.3 Configuring the Current
site as the primary site Server as the Active Server Forcibly.
forcibly
Monitoring the Status For details, see C.6.4 Monitoring the Status of
of the HA System the HA System.
Updating the veritas For details, see C.6.6 Updating the Veritas
Licenses (Solaris) Licenses (Solaris).
Updating the veritas For details, see C.6.7 Updating the Veritas
Licenses (SUSE Licenses (SUSE Linux).
Linux)
Managing the Backing up the system For details, see C.11.1 Backing Up the System
database database Database.
Initializing the U2000 For details, see C.11.7 Initializing the U2000
database Database.
Adjusting the Changing the host For details, see C.5.1 Changing the Host
NMS name and IP address Name and IP Address.
Main Window
Figure C-2 shows the GUI of the MSuite client.
GUI Components
Component Meaning
Component Meaning
Maintenance list column l On the Domain tab page, you can view
the names, types, descriptions, and
number of instances of all Domains.
l On the Server tab page, you can view
the Server Name, OSS Application IP
Address, Server Type, and Server Status
of all servers.
l Before you perform operations through the CLI, make sure that the NMS maintenance
suite server is started.
In Solaris or SUSE Linux OS, run the following command as user root to verify that the
MSuite server is running:
# ps -ef | grep java
l The maximum number of characters in a CLI command line is 255. Try to make the
command strings simple and convenient.
l When using the command lines of the MSuite, you need to run the cd /opt/oss/client/
engineering command to switch to the directory where the MSuite client is installed.
l Run the command lines of the MSuite as user ossuser. If you have logged in as the root
user, relog in to the OS as user ossuser, you cannot run the su - ossuser command to
switch to the ossuser user to run the following command.
./startclient.sh deploy -ip 127.0.0.1 -port Synchronize the primary and secondary
12212 -username admin buildHA - sites.
secondaryip Application IP address of the
peer site
./startclient.sh deploy -ip 127.0.0.1 -port Separate the primary site from secondary
12212 -username admin splitHA sites.
./startclient.sh deploy -ip 127.0.0.1 -port Change the float IP address (PC Linux HA
12212 -username admin modifyfloatip - system).
newip ipaddress -netmask netmask NOTE
l The new floating IP address must be on the
same network segment as the application IP
address.
l If the original IP address and modified IP
address are in the same network segment,
you can choose to change both the
application IP address and floating IP address
or only one of them as required. You can
change either the application IP address or
the floating IP address first.
l If the original IP address and modified IP
address are not in the same network segment,
both the application IP address and floating
IP address need to be changed and the
application IP address needs to be changed in
prior to the floating IP address.
l If the six-NIC scheme is used, the system IP
address and application IP address must be
on different network segments. If the
application IP address is modified, the
application IP address and system IP address
must be still on different network segments
after the modification. Changing the system
IP address using commands is prohibited.
./startclient.sh deploy -ip 127.0.0.1 -port Change the password of the database
12212 -username admin administrator or the database user.
changedbpassword -username username
./startclient.sh deploy -ip 127.0.0.1 -port Change the password of the MSuite.
12212 -username admin
changemsuitepassword
NOTE
The information in italic type in the following table indicates the variable parameters that can be
changed as required.
NOTE
Context
Generally, the process of the MSuite server is not started with the OS startup. If the process is
not started, perform the following operations to start it.In the high availability system, the
MSuite server process must be started on both the primary and secondary sites.
Procedure
l Log in to the Windows OS as the administrator user, check whether the msdaemon.exe
and msserver.exe processes are started in the Task Manager window. If you can find
the two processes in the process list, the MSuite server is running. If the two processes
do not exist in the process list, the MSuite server is not running. In this case, perform the
following operations to start the MSuite server:
----End
Prerequisites
l The MSuite server must be started.
l Port 12212 on the MSuite server is enabled.
l The MSuite client and the server communicate with each other properly.
l The MSuite server process is started on both the primary and secondary sites during
some operations in the high availability system, and the MSuite client can properly
communicate with the MSuite server on both the primary and secondary sites.
Context
l If you consecutively enters incorrect passwords three times, the IP address of the PC on
which the MSuite client is installed will be locked by the U2000. The U2000 will unlock
this IP address 5 minutes later.
l The password of the admin user of the MSuite has a validity period of 90 days. If the
password expires, change the password as prompted after you log in to the MSuite.
l After you have logged in to the MSuite client, if the MSuite client has not been used for
over 10 minutes, the MSuite client will be automatically locked, and you must enter the
login password again to lock the MSuite client out.
Procedure
Step 1 Ensure that the MSuite server has been started.
1. Log in to the Windows OS as the administrator user, check whether the msdaemon.exe
and msserver.exe processes are started in the Task Manager window. If you can find
the two processes in the process list, the MSuite server is running. If the two processes
do not exist in the process list, the MSuite server is not running. In this case, perform the
following operations to start the MSuite server:
3. In Solaris or SUSE Linux OS, run the following command as user ossuser to verify that
the MSuite server is running:
# ps -ef | grep java
Step 2 On a computer where the MSuite client is installed, double-click the U2000 NMS
Maintenance Suite shortcut icon on the desktop and then wait about one minute. The Login
dialog box is displayed.
NOTE
l In Solaris or SUSE Linux OS, log in to the Java desktop system as user ossuser. Otherwise, the
U2000 NMS Maintenance Suite shortcut icon is not displayed on the desktop. To start the MSuite
client by running commands, log in to the OS as user ossuser through VNC.
$ cd /opt/oss/client/engineering
$ ./startclient.sh
l If a dialog box showing The client and server versions are different. Upgrade the client using
the CAU. is displayed, the method of upgrading the U2000 client by using the CAU is as follow:
1. Install the U2000 client software in network mode: Enter https://server's IP address/cau/
(recommended for higher security) or http://server's IP address/cau/ in the address box of the
Internet Explorer, and press Enter to access the Web installation page. For details, see U2000
Client Software Installation Guide in the U2000 Client Software Installation Guide.
2. If you upgrade the U2000 client software using the CAU, the MSuite client is also upgraded.
l When you log in to the MSuite client, a progress bar is displayed showing the progress of Refresh
Deployment Information. Wait until the operation is complete.
l The MSuite works in single-user mode. Specifically, only one MSuite client can log in to the MSuite at
one time.
----End
Procedure
Step 1 On the MSuite client, choose System > Exit. The Exit dialog box is displayed.
----End
Procedure
l Log in to the Windows OS as the administrator user, check whether the msdaemon.exe
and msserver.exe processes are started in the Task Manager window. If you can find
the two processes in the process list, the MSuite server is running. If the MSuite server is
running, run the following commands to stop the MSuite server:
Go to the D:\oss\engr\engineering path, double-click the stopserver.bat file, and end
the MSuite server process.
l In Solaris or SUSE Linux OS, run the following command as user ossuser to verify that
the MSuite server is running:
$ ps -ef | grep java
The MSuite server is running if /opt/oss/OSSJRE/jre_sol/bin/java -server or /opt/oss/
OSSJRE/jre_linux/bin/java -server is displayed. If the MSuite server is running, run
the following commands to stop the MSuite server:
$ cd /opt/oss/engr/engineering
$ ./stopserver.sh
----End
Prerequisites
MSuite processes are running. If they are not running, start them by following the steps
provided in C.2.1 Starting the Process of the MSuite Server.
Context
In the high availability system, you only need to log in to the MSuite server on the primary
site and change the password of the MSuite. The password of the MSuite on the secondary
site is then automatically changed.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose System > Change Password from the main menu. The Change
Password dialog box is displayed.
----End
On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su - ossuser
command to switch to the ossuser user to run the following command.):
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy
-ip 127.0.0.1 -port 12212 -username admin changemsuitepassword
Enter the MSuite login password[]:
Enter the old MSuite server password[]:
Enter the new MSuite server password[]:Enter the new MSuite server password
according to the prompted password rule.
Enter the confirm MSuite server password[]:
NOTE
Procedure
Step 1 On the MSuite client, choose System > Log Out. The Confirm dialog box is displayed.
----End
Prerequisites
The U2000 and database must be shut down when setting the system time and time zone. For
details, see 3 Shutting Down a U2000.
Context
l In a high availability system (Veritas hot standby), you need to log in to the MSuite
server of the primary and secondary sites to respectively change the time and time zones
of the primary and secondary sites. The time of the primary site and the time of the
secondary site can be in different time zones and different time. Make sure that the time
is consistent with the standard date and time zone of the local area.
l In the Windows OS, the MSuite does not support this function. Open Date and Time on
the Control Panel. In the Date and Time Properties dialog box, set the time zone, date
and time.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Deploy > Change Time Zone. The Modify System Time Zone
dialog box is displayed.
Step 3 Set the time zone and system time according to the local time zone and standard time.
NOTE
Perform desired operations according to on-site conditions:
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is a
correct local time, no modification is required.
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is not a
correct local time, correct Time in Current Time Zone. No other modification is required.
l In New Time Zone, if the value of Time Zone is not a local time zone, change it to a local time
zone. The Time below the Time Zone will be changed automatically. If the automatically changed
time is a correct local time, no other modification is required. Otherwise, adjust the value of Time in
Current Time Zone until the value of Time in New Time Zone is a correct local time.
Step 6 If only the time is changed, start the U2000 system. For details, see 2 Starting the U2000
System.
----End
Otherwise, change the value of Time in Current Time Zone until the value of
Time in New Time Zone is the correct local time.
– Click OK.
– Click OK as prompted. Run the following commands to restart the Solaris
operating system:
# sync;sync;sync;sync
# shutdown -y -g0 -i6
After the Solaris OS is restarted, the local time and time zone will be displayed.
Prerequisites
l The NMS processes are ended. Perform the following operations to end the NMS
processes if they are running:
– For the Single-Server System (Windows), see A.10.8 How to End the Processes of
the U2000 Single-Server System on Windows.
– For the Single-Server System (Solaris), see A.10.11 How to End the Processes of
the U2000 Single-Server System on (Solaris).
– For the Single-Server System (SUSE Linux), see A.10.14 How to End the
Processes of the U2000 Single-Server System on (SUSE Linux).
– For the High Availability System (Solaris/SUSE Linux), see A.10.17 How to End
the U2000 Processes of the High Availability System (Solaris, PC Linux).
l The database is running. Perform the following operations to start the database if it is not
running:
– For the Single-Server System (Windows), see A.7.4 How to Start the SQL Server
Database.
– For the Single-Server System (Solaris), see A.8.1.2 How to Start the Sybase
Database Service.
– For the Single-Server System (SUSE Linux), see A.8.1.2 How to Start the Sybase
Database Service.
– For the High Availability System (Solaris/SUSE Linux), see A.8.1.2 How to Start
the Sybase Database Service.
Context
NOTE
l In the high availability system (Veritas hot standby), change the password of the administrator of the
database only on the MSuite server at the primary site. The passwords of the administrator of the
databases at both the primary and secondary sites are changed.
l After the U2000 is installed, using the MSuite to change the password of the database administrator
is recommended. Do not manually change the password. Otherwise, the U2000 may fail to be started
properly. If the password of the database administrator is changed manually, you must use the
MSuite to change the password again to ensure the normal operation of the U2000.
Changing the password of a database user may cause the database login failure.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Deploy > Change Database Administrator Password. The
Change Password dialog box is displayed.
Step 3 Enter the old password, new password and confirm password.
NOTE
l The initial password is Changeme_123. To enhance system security, you need to regularly update
the password and keep it well.
– The password contains a minimum of eight characters and a maximum of 30 characters.
– The password must contain at least four of the following combinations:
n At least one lower-case letter
n At least one upper-case letter
n At least one digit
n At least one special character ~@#^*-_+[{}]:./?
Other special characters are not supported. Do not include other special characters, such
as ()|<>&`!$\"%'=;,space in passwords.
– The password must be different from the user name or the user name in reverse order and
cannot contain the complete user name (case-insensitive).
l If the Change Password dialog box is displayed, click OK.
l If the following information is displayed, the database administrator password has been changed
successfully.
Succeeded in changing the password.
After changing the database administrator password, start U2000 server processes.
l In Windows 2008 OS, if the above operations are right, but the message Change the password
failed. or a message indicating that the password is too newest is displayed, Please log in Windows
2008 OS. Then, click Start > All Programs > Microsoft SQL Server 2008 > SQL Server
Management Studio, connect the server as sa user. Select the Security > Logins from the
navigation tree, double-click sa. Clear the selection of the Enforce password policy in the Login
Properties dialog box.
----End
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy
-ip 127.0.0.1 -port 12212 -username admin changedbpassword -username username
Enter the MSuite login password[]:
Enter the old database password[]:
Enter the new database password[]:Enter the new database password according to
the prompted password rule.
Enter the confirm database password[]:
NOTE
l username: the user name of the database administrator. The default user name of the database
administrator is sa. If created a replacement user for the database administrator sa user, input the
new user name of the database administrator.
l The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for
system security, modify the default password and remember the new password. For details, see C.
3.1 Changing the Password of the MSuite.
l If the new database password does not meet the verification rules, a message will be displayed
asking you whether to continue. If you want to continue, enter Y. If you do not want to continue,
enter N.
l If the following information is displayed, the database administrator password has been changed
successfully.
Succeeded in changing the password.
After changing the database administrator password, start U2000 server processes.
Prerequisites
l The NMS processes are ended. Perform the following operations to end the NMS
processes if they are running:
– For the Single-Server System (Windows), see A.10.8 How to End the Processes of
the U2000 Single-Server System on Windows.
– For the Single-Server System (Solaris), see A.10.11 How to End the Processes of
the U2000 Single-Server System on (Solaris).
– For the Single-Server System (SUSE Linux), see A.10.14 How to End the
Processes of the U2000 Single-Server System on (SUSE Linux).
– For the High Availability System (Solaris/SUSE Linux), see A.10.17 How to End
the U2000 Processes of the High Availability System (Solaris, PC Linux).
l The database is running. Perform the following operations to start the database if it is not
running:
– For the Single-Server System (Windows), see A.7.4 How to Start the SQL Server
Database.
– For the Single-Server System (Solaris), see A.8.1.2 How to Start the Sybase
Database Service.
– For the Single-Server System (SUSE Linux), see A.8.1.2 How to Start the Sybase
Database Service.
– For the High Availability System (Solaris/SUSE Linux), see A.8.1.2 How to Start
the Sybase Database Service.
Context
l In Solaris/SUSE Linux OS, the Sybase database is installed and the database user is
dbuser.
l In Windows OS, the SQL Server database is installed and the database user is dbuser.
NOTE
l In the high availability system (Veritas hot standby), change the password of the user of the database
only on the MSuite server at the primary site. The passwords of the users of the databases at both the
primary and secondary sites are changed.
l After the U2000 is installed, using the MSuite to change the password of the dbuser user is
recommended. Do not manually change the password. Otherwise, the U2000 may fail to be started
properly. If the password of the dbuser user is changed manually, you must use the MSuite to
change the password again to ensure the normal operation of the U2000.
Changing the password of a database user may cause a database login failure.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Deploy > Change Database User Password. The Change
Password dialog box is displayed.
Step 3 Enter the old password, new password and confirm new password.
NOTE
l The initial password is Changeme_123. To enhance system security, you need to regularly update
the password and keep it well.
– The password contains a minimum of eight characters and a maximum of 30 characters.
– The password must contain at least four of the following combinations:
n At least one lower-case letter
n At least one upper-case letter
n At least one digit
n At least one special character ~@#^*-_+[{}]:./?
Other special characters are not supported. Do not include other special characters, such
as ()|<>&`!$\"%'=;,space in passwords.
– The password must be different from the user name or the user name in reverse order and
cannot contain the complete user name (case-insensitive).
l If the Change Password dialog box is displayed, click OK.
In Windows 2008 OS, if the above operations are right, but the message Failed to change the
password, because the new password does not meet the password security policy. or a message
indicating that the password is too newest is displayed, Please log in Windows 2008 OS. Then, click
Start > All Programs > Microsoft SQL Server 2008 > SQL Server Management Studio, connect the
server as dbuser user. Select the Security > Logins from the navigation tree, double-click dbuser. Clear
the selection of the Enforce password policy in the Login Properties dialog box.
----End
On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su - ossuser
command to switch to the ossuser user to run the following command.):
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy
-ip 127.0.0.1 -port 12212 -username admin changedbpassword -username username
Enter the MSuite login password[]:
Enter the old database password[]:
Enter the new database password[]:Enter the new database password according to
the prompted password rule.
Enter the confirm database password[]:
NOTE
Prerequisites
l The NTP client and server must conform to the local standard date and time zone. The
time difference between the NTP client or server and the local standard time must be less
than 2 minutes.
– On Windows, click Date and Time in Control Panel. In the Date and Time dialog
box, view the OS time zone, date, and time.
– On Solaris, run the # echo $TZ command to view the OS time zone, and run the #
date command to view the OS date and time. Run the tzselect command and
perform operations based on the command output to view the time zone identifier of
each country.
– On SUSE Linux, run the # yast2 timezone command to view the OS time zone,
date, and time. Run the tzselect command and perform operations based on the
command output to view the time zone identifier of each country.
If the date, time zone, or time of the workstation does not meet requirements, refer to C.
4.1 Setting the System Time and Time Zone to correct it.
l If the time difference between the NTP client and NTP server is large, for example, tens
of minutes, the time on the NTP client cannot be synchronized with that on the NTP
server at once. In this case, you need to adjust the time difference for several times.
Thus, it is recommended that the time difference between the NTP client and the NTP
server is less than 5 minutes. In this manner, the influence imposed by major time
adjustment can be avoided on the application.
NOTE
If the time zones of the NTP client and server are different, change the time to the UTC time and
check the time zones. For example, the Beijing time is UTC+8.0. If the current Beijing time is
14:00, the UTC time is 6:00.
Context
l Here, you can only configure a server as an NTP client. To configure a server as an
intermediate or highest-level NTP server, invoke the commissioning tool to configure the
NTP service. For details about how to invoke the commissioning tool, see the chapter
Configuring System Commissioning Parameters in the associated installation guide.
l In a high availability system (Veritas hot standby), you need to log in to the MSuite
server of the primary and secondary sites to respectively configure NTP serive of the
primary and secondary sites.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Deploy > Configure NTP. The Configure NTP dialog box is
displayed.
Step 3 Enter the IP address of the NTP server, and then click OK.
NOTE
l If external clock sources are not traced, set NTP server IP to 127.127.1.0.
l If external clock sources are traced, set NTP server IP to the IP address of the server that is traced.
l Click Add and enter the IP addresses of the primary and secondary NTP servers. A maximum of 10
secondary NTP server IP addresses can be added at a time. Click Delete to delete IP addresses of the
primary and secondary NTP servers.
----End
Follow-up Procedure
l On Solaris, see A.10.46 Checking the NTP Service on Solaris to check whether the
NTP service is correctly configured. If you want to stop the NTP, see A.10.47 Starting
or Stopping the NTP Service on Solaris.
l On SUSE Linux, see A.2.27 Checking the NTP Service on Linux to check whether the
NTP service is correctly configured. If you want to stop the NTP, see A.10.48 Starting
or Stopping the NTP Service on SUSE Linux.
Prerequisites
l The database is running.
Context
In the high availability (HA) system, you need to perform operations described here only on
the MSuite server on the primary site. The deployed domains on the secondary site are
updated after data replication and synchronization are completed between the primary and
secondary sites.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 In MSuite client, choose Deploy > Deploy. The Deploy dialog box is displayed.
NOTE
l In the Deploy dialog box, if some domains are gray, the domains have been deployed.
l Cannot deploy the xxxx domain, because the installation package of this domain has not been
correctly or fully decompressed. displays in the Deploy dialog box, click Incremental Install to
install it incrementally. See A.10.20 How Do I Install a Domain Component Incrementally.
Step 3 Select a domain and click OK. A dialog box is displayed showing the deployment progress.
The time required for the installation depends on the number of domains to be deployed and
the configurations of the server. Wait patiently.
Step 4 If the "The XXX domain has been deployed. Restart the NMS" message is displayed, the
domain has been successfully deployed.
During the waiting period, do not start or stop the U2000 server processes. Otherwise, domain
deployment fails.
Step 7 Log in to the U2000 client again to cause the new domain to take effect.
NOTE
If the U2000 client is running, stop it and log in to it again.
Step 8 Replace the U2000 key store. For details, see 7.1 U2000 Key Solution Introduction.
----End
Enter the MSuite login password as prompted. The following information is displayed:
Deploy option: deploydomain
Progress:0%
......
NOTE
l domain_name indicates the domain name, which can be Access, Trans, or IP. The domain name is
case-insensitive. If multiple domains need to be deployed, separate them using commas.
l The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for
system security, modify the default password and remember the new password. For details, see C.
3.1 Changing the Password of the MSuite.
l During incremental domain deployment in CLI mode, if a domain has already been deployed, a
message is displayed indicating the deployment status.
After incremental domain deployment is complete, the message "The domain_name domain
has been deployed. Restart the NMS." is displayed.
Restart the U2000 as prompted.
1. Stop the U2000 server. For details about the procedure, see the 3 Shutting Down a
U2000.
2. Start the U2000 server. For details about the procedure, see 2 Starting the U2000
System.
Prerequisites
l U2000 processes have been stopped. According to the OS and the deployment schemes,
choose to refer to 3 Shutting Down a U2000.
l The MSuite server has been started.
Context
In the high availability (HA) system, you need to perform operations described here only on
the MSuite server on the primary site. The deployed domains on the secondary site are
updated after data replication and synchronization are completed between the primary and
secondary sites.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 In MSuite client, choose Deploy > Undeploy. The Undeploy dialog box is displayed.
Step 3 Select a domain and click OK. A dialog box is displayed showing the message "Undeploying
a domain will delete all its data on the NMS irreversibly. Are you sure you want to
continue?".
l In the Undeploy dialog box, do not select all the domains because there must be at least
one domain deployed.
l In the Undeploy dialog box, if some domains are gray, the domains have not been
deployed. Refer to C.4.5 Deploying Domains to deploy the domains.
Step 4 Click OK. A dialog box is displayed showing the undeployment progress. The time required
for the uninstallation depends on the number of domains to be undeployed and the
configurations of the server. Wait patiently.
Step 5 If the "The XXX domain has been undeployed." message is displayed, the domain has been
successfully undeployed.
During the waiting period, do not start or stop the U2000 server processes. Otherwise, domain
undeployment fails.
Step 7 Start the U2000. For details, see Starting the U2000 Server Processes of the chapter
Starting the U2000 Server in 2 Starting the U2000 System.
----End
Enter the MSuite login password as prompted. The following information is displayed. Enter
y and continue with the operations.
Deploy option: undeploydomain
NOTE
l domain_name indicates the domain name, which can be Access, Trans, or IP. The domain name is
case-insensitive. If multiple domains need to be undeployed, separate them using commas.
Undeploying all domains is not required. There must be at least one domain deployed.
l The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for
system security, modify the default password and remember the new password. For details, see C.
3.1 Changing the Password of the MSuite.
l During domain undeployment in CLI mode, if the domain_name domain has not been deployed, the
message Cannot undeploy the domain_name domain, because this domain
has not been deploy before. is displayed.
Start the U2000. For details, see Starting the U2000 Server Processes of the chapter
Starting the U2000 Server in 2 Starting the U2000 System.
you must use the MSuite to change the IP address, host name, and route of the server in
compliance with the following rules:
l In the scenario of a high availability system, you must separate the primary site from the
secondary site and then change the host names and IP addresses for the primary site and
secondary site.
l The U2000 processes must be stopped.
l The database must be running.
l The new host name must comply with the host name naming rule.
– The host name of the U2000 server must be unique on the network.
– On Solaris/SUSE Linux OS.
n host name must be a string consisting of no more than 24 characters that can
only be letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
n The first character must be a letter and the last character cannot be a hyphen.
n The host name cannot contain --.
n The host name cannot contain only one character.
– On Windows OS, the host name must be a string consisting of no more than 30
characters that can only be letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
– The host name must be case-sensitive.
– The host name cannot be empty or contain spaces.
– The host name cannot be any of the following keywords in the high availability
system.
action false keylist static after firm local stop requires
remotecluster
system group resource global Start str temp set heartbeat
ArgListValues
System Group boolean hard Name soft before online condition
MonitorOnly
remote start cluster event VCShm type Path offline Signaled
HostMonitor
Probed state Cluster IState int Type State VCShmg NameRule
ConfidenceLevel
l If NBIs instances are deployed before the host name and IP address are changed, you
must re-configure NBIs on the MSuite client after changing the IP address and host
name.
l It is recommended that you back up the database in time after changing the IP address
and host name.
Single-Server System (Windows 2008) and 12.1.2 How to Change the Host Name of
the Single-Server System (Windows 2008).
l For information on how to change the IP address and host name on a GUI for a single-
server system (Solaris), see 12.1.3 How to Change the IP Address and Host Name for
the Single-Server System (Solaris).
l For information on how to change the IP address and host name on a GUI for a single-
server system (SUSE Linux), see 12.1.4 How to Change the IP Address and Host
Name for the Single-Server System (SUSE Linux).
l For information on how to change IP addresses and host names on a GUI for a high
availability system (Solaris), see 12.1.5 How to Change the IP Address and Host
Name for the High Availability System (Solaris).
l For information on how to change IP addresses and host names on a GUI for a local high
availability system (SUSE Linux), see 12.1.6 How to Change the IP Address and Host
Name for the Local High Availability System (SUSE Linux).
l For information on how to change IP addresses and host names on a GUI for a remote
high availability system (SUSE Linux), see 12.1.7 How to Change the IP Address and
Host Name for the Remote High Availability System (SUSE Linux).
if the server configure multiple IP addresses, you can modify the NMS application IP address
through the CLI only.
On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su - ossuser
command to switch to the ossuser user to run the following command.):
l Run the following command to change the IP address:
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy
-ip 127.0.0.1 -port 12212 -username admin modifyip -oldip ipaddress -newip
ipaddress -oldnetmask oldnetmask -newnetmask newnetmask
Enter the MSuite login password[]:
NOTE
NOTE
l The default user name of the MSuite is admin and the default password is Changeme_123. If
the password has been changed, enter the new password. If the password has not been
changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l The application IP address parameter indicates the application IP address of the U2000. The
variable ipaddress indicates the IP address associated with the host name to be changed. The
variable hostname indicates the modified host name. After the preceding commands are
executed, restart the OS to make the host name take effect.
Question
How do I change the IP address of the single-server system (Windows 2008)?
Answer
l Do not change an IP address and a host name at the same time. Otherwise, the U2000 fails
to be started.
l Using virtual network interfaces is prohibited.
l Modifying IP addres information may result in network interruption. Perform this
operation only if you fully understand network conditions.
Step 2 Shut down the NMS server and all NMS clients.
In the directory of the NMS software after the installation, for example, the D:\oss\server
\platform\bin directory, run the stopnms.bat file to end the NMS processes.
NOTE
Step 5 Perform the following operations to change the IP address of the server:
1. Choose Start > Control Panel > Network and Internet > Network and Sharing
Center > Change adapter settings to access the Network Connections window.
2. In the Network and Sharing Center dialog box, click Change adapter settings.
3. In the Network Connections dialog box that is displayed, right-click the network
connection to be configured and choose Properties from the shortcut menu.
4. In the Local Area Connection Properties dialog box, click Internet Protocol Version
4 (TCP/IPv4) and then Properties.
5. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box that is displayed,
enter the new IP address, subnet mask, and default gateway address, and perform the
related modification. Click OK.
Step 6 Login the NMS server with the new IP address.
Step 7 Change the IP address information in the nic.cfg configuration file as required.
NOTE
l The prerequisite to perform this step is that the server communication NIC needs to be replaced or
the NIC name needs to be modified. If you do not need to replace the communication NIC or modify
the NIC name, do not perform this step.
l During U2000 installation, the server IP address must be set to the IP address for external
communication. A loopback IP address, such as 127.0.0.1, is not allowed.
1. Navigate to D:\oss\engr\engineering\conf, copy nic.cfg, and save it as nic_bak.cfg.
NOTE
If the U2000 is not installed in disk D, change D to the actual drive letter.
2. Double-click nic.cfg.
3. Change the IP address information in nic.cfg as required, Ensure that all NIC names in
the file are the same as names of actual NICs on the host, Change physical addresses of
all network interface cards (NIC) to thoses of actual hosts in nic.cfg as follows:
In the CLI, run the ipconfig command to view the associated IP addresses.
– Choose Start > Run. The Run window will be displayed.
– Enter cmd and click OK.
– In the CLI, run the ipconfig -all command to view the associated IP addresses.
HOST01_PublicNIC_NAME=localhost
HOST01_PublicNIC_MAC=00-0C-29-8F-DD-3F
HOST01_PrivateNIC_NAME=localhost
HOST01_PrivateNIC_MAC=00-0C-29-8F-DD-3F
The Login dialog box that is displayed after the Network Management System
Maintenance Suite is logged out of cannot be used for login. Otherwise, network
configuration synchronization fails.
2. Set the related login parameters and click OK. The Management System Maintenance
Suite window is displayed.
– IP Address: Indicates the system IP address of the computer where the MSuite
server is installed.
– Port No.: The default port number is 12212. You do not need to change the default
value during login.
– User Name and Password: The default user name of the MSuite is admin and the
default password is Changeme_123. If the password has been changed, enter the
new password. If the password has not been changed, for system security, modify
the default password and remember the new password. For details, see C.3.1
Changing the Password of the MSuite.
NOTE
A dialog box may be displayed during the process of logging in to the MSuite client. Click OK
according to the prompt.
Step 10 On the Server tab page, right-click the server to be configured and choose Synchronize
Network Configuration from the shortcut menu. Click OK.
Step 11 Manually shut down the MSuite server and the database. Then, restart the OS.
1. Shut down the MSuite server. For details, see Step 3.
2. Shut down the database. For details, see A.7.3 How to Shut Down the SQL Server
Database.
3. Restart the OS.
NOTE
– If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
– The changed IP address will be used for re-configure an NBI. For details, see the related NBI
user guide.
----End
C.5.1.2 How to Change the Host Name of the Single-Server System (Windows
2008)
Question
How to change the host name of the single-server system (Windows 2008)?
Answer
NOTE
l Do not change an IP address and a host name at the same time. Otherwise, the U2000 fails
to be started.
l Using virtual network interfaces is prohibited.
l Modifying IP addres information may result in network interruption. Perform this
operation only if you fully understand network conditions.
NOTE
Step 3 Perform the following operations to change the host name of the server:
1. Click Start. Right-click Computer on the desktop and choose Properties from the
shortcut menu.
2. In the Computer name, domain, and workgroup settings area, click Change settings.
3. In the Computer Name tab, click Change.
4. In the dialog box that is displayed, change the computer name, and then click OK.
NOTE
– Ensure that you change the host name in the work group.
– The host name must be a string consisting of no more than 30 characters that can only be
letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
– The host name must be case-sensitive.
– The host name cannot be empty or contain spaces.
5. The You must restart your computer to apply these changes dialog box will be
displayed, click OK.
6. Click Close.
7. The You must restart your computer to apply these changes dialog box will be
displayed, click Restart Now to restart the OS.
Step 4 Refer to Step 2 to shut down the NMS server and client.
The Login dialog box that is displayed after the Network Management System
Maintenance Suite is logged out of cannot be used for login. Otherwise, network
configuration synchronization fails.
2. Set the related login parameters and click OK. The Management System Maintenance
Suite window is displayed.
– IP Address: Indicates the system IP address of the computer where the MSuite
server is installed.
– Port No.: The default port number is 12212. You do not need to change the default
value during login.
– User Name and Password: The default user name of the MSuite is admin and the
default password is Changeme_123. If the password has been changed, enter the
new password. If the password has not been changed, for system security, modify
the default password and remember the new password. For details, see C.3.1
Changing the Password of the MSuite.
NOTE
A dialog box may be displayed during the process of logging in to the MSuite client. Click OK
according to the prompt.
Step 7 On the Server tab page, right-click the server to be configured and choose Synchronize
Network Configuration from the shortcut menu. Click OK.
----End
C.5.1.3 How to Change the IP Address and Host Name for the Single-Server
System (Solaris)
Question
How to change the IP address and host name for the single-server system (Solaris)?
Answer
To change the IP address and host name, do as follows:
1. Stop U2000 server processes.
2. Use the MSuite to change the IP address and host.
3. Restart the OS to make the modifications take effect.
Modifying IP addres information may result in network interruption. Perform this operation
only if you fully understand network conditions.
Step 2 Open a terminal window and run the following commands to end U2000 processes.
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, see A.8.1.2 How to Start
the Sybase Database Service.
Step 3 After the processes are ended, on the NMS server. For details, see A.9.4 How to Start the
MSuite Client.
Step 4 On the MSuite client, click the Server tab.
2. In the Change IP Address And Hostname dialog box, enter the new IP address, host
name, and subnet mask. The IP address cannot be set to 127.X.X.X.
# sync;sync;sync;sync
# shutdown -y -g0 -i6
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
l If the server IP address is changed, you must manually configure the hardware alarm monitoring
function. For details about the replacement procedure, see Configuring the Monitoring Function
for an OceanStor 5500 V3 Disk Array, Configuring the Monitoring Function for an S3900
Disk Array and Configuring the Monitoring Function for an S2600 Disk Array in the U2000
Single-Server System Software Installation and Commissioning Guide (Solaris) manual.
----End
C.5.1.4 How to Change the IP Address and Host Name for the Single-Server
System (SUSE Linux)
Question
How to change the IP address and host name for the single-server system (SUSE Linux)?
Answer
NOTE
Modifying IP addres information may result in network interruption. Perform this operation
only if you fully understand network conditions.
NOTE
Do not stop the database. If the database is not running, start it. For details, see A.8.1.2 How to Start
the Sybase Database Service.
Step 3 After the processes are ended, log in to the NMS Maintenance Suite client.
Step 4 On the MSuite client, click the Server tab.
Step 5 Do as follows to change the IP address.
1. Right-click the server name and choose Change IP Address And Hostname from the
shortcut menu.
2. In the Change IP Address And Hostname dialog box, enter the new IP address, host
name, and subnet mask. The IP address cannot be set to 127.X.X.X.
NOTE
Multiple IP addresses cannot share the same host name. You must set a host name for each IP address.
3. Click OK. The progress bar is displayed. Wait patiently.
4. After the configuration is complete, the Prompt dialog box is displayed, asking you to
restart the OS. click OK.
Step 6 Optional: If the IP address is changed to one on another network segment, reconfigure the
route according to C.5.2 Configuring Routes.
Step 7 Switch to root user, restart the OS for the settings to take effect. Otherwise, the database and
U2000 will function incorrectly.
$ su - root
Password: root user password
# sync;sync;sync;sync
# shutdown -r now
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
----End
C.5.1.5 How to Change the IP Address and Host Name for the High Availability
System (Solaris)
Question
How do I change the IP address and host name for the High Availability System (Solaris)?
Answer
To change the IP address and host name, do as follows:
1. Use the MSuite to separate the primary site from the secondary site.
2. Ensure that the NMSServer resource is in offline state and other resources are in online
state on the primary site.
3. Use the MSuite to change the IP address and host name for the primary site. Then, restart
the OS.
4. Ensure that the NMSServer resource is in offline state and other resources are in online
state on the secondary site.
5. Use the MSuite to change the IP address and host name for the secondary site. Then,
restart the OS.
6. Use the MSuite to reconnect the primary and secondary sites.
Only the IP address instead of the networking solution can be modified.
Modifying IP addres information may result in network interruption. Perform this operation
only if you fully understand network conditions.
2. Make the NMSServer resource is in the OFFLINE state and other resources are in the
ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer
resource offline only after all resources are online.
– The command to check all resources group: # hagrp -state -localclus
– The command to online a resource group: # hagrp -online Group -sys hostname
– The command to offline a resource group: # hagrp -offline Group -sys hostname
2. In the Change IP Address And Hostname dialog box, enter the new IP address, host
name, and subnet mask. The IP address cannot be set to 127.X.X.X.
Step 9 Check the status of all resources on the secondary site. Ensure that the NMSServer resource
is in the offline state and other resources are in the online state on the secondary site.
1. Check the status of all resources.
# hares -state -localclus
2. Make the NMSServer resource is in the offline state and other resources are in the
online state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer resource
offline only after all resources are online.
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
# sync;sync;sync;sync
# shutdown -y -g0 -i6
Step 16 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
l If the server IP address is changed, you must manually configure the hardware alarm monitoring
function. For details about the replacement procedure, see Configuring the Monitoring Function
for an OceanStor 5500 V3 Disk Array, Configuring the Monitoring Function for an S3900
Disk Array and Configuring the Monitoring Function for an S2600 Disk Array in the U2000
HA System Software Installation and Commissioning Guide (Solaris) manual.
----End
C.5.1.6 How to Change the IP Address and Host Name for the Local High
Availability System (SUSE Linux)
Question
How do I change the IP address and host name for the Local High Availability System (SUSE
Linux)?
Answer
To change the IP address and host name, do as follows:
1. Use the MSuite to separate the primary site from the secondary site.
2. Ensure that the NMSServer and the FloatIP resources are in OFFLINE state and other
resources are in ONLINE state on the primary site.
3. Use the MSuite to change the IP address and host name for the primary site. Then, restart
the OS.
4. Ensure that the NMSServer and the FloatIP resources are in OFFLINE state and other
resources are in ONLINE state on the secondary site.
5. Use the MSuite to change the IP address and host name for the secondary site. Then,
restart the OS.
6. Use the MSuite to reconnect the primary and secondary sites.
Only the IP address instead of the networking solution can be modified.
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 4 Check the status of all resources. Ensure that the NMSServer and the FloatIP resources of
the primary site are in the OFFLINE state and other resources are in the ONLINE state.
1. Check the status of all resources.
# hares -state -localclus
Information similar to the following is displayed:
#Resource Attribute System Value
APPBOND State Primaster ONLINE
BackupServer State Primaster ONLINE
DatabaseServer State Primaster ONLINE
FloatIP State Primaster OFFLINE
NMSServer State Primaster OFFLINE
RVGPrimary State Primaster ONLINE
datarvg State Primaster ONLINE
mountRes State Primaster ONLINE
wac State Primaster ONLINE
2. Make the NMSServer and the FloatIP resources are in the OFFLINE state and other
resources are in the ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer and
FloatIP resource offline after all resources are online.
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
Step 7 Optional: If the IP address is changed to one on another network segment, reconfigure the
route according to C.5.2 Configuring Routes.
Step 8 Perform the following operations on the server on which the host name and IP address are
changed to make the change take effect. Otherwise, the database and U2000 will function
incorrectly.
# hastart -onenode
# hagrp -offline AppService -sys hostname
If the host name is changed, the hostname in the above command is the host name modified.
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 10 Check the status of all resources. Ensure that the NMSServer and the FloatIP resources of
the secondary site are in the OFFLINE state and other resources are in the ONLINE state.
1. Check the status of all resources.
# hares -state -localclus
2. Make the NMSServer and the FloatIP resources are in the OFFLINE state and other
resources are in the ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer and
FloatIP resource offline after all resources are online.
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
If the host name is changed, the hostname in the above command is the host name modified.
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
Step 16 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
----End
C.5.1.7 How to Change the IP Address and Host Name for the Remote High
Availability System (SUSE Linux)
Question
How do I change the IP address and host name for the Remote High Availability System
(SUSE Linux)?
Answer
To change the IP address and host name, do as follows:
1. Use the MSuite to separate the primary site from the secondary site.
2. Ensure that the NMSServer resource is in offline state and other resources are in online
state on the primary site.
3. Use the MSuite to change the IP address and host name for the primary site. Then, restart
the OS.
4. Ensure that the NMSServer resource is in offline state and other resources are in online
state on the secondary site.
5. Use the MSuite to change the IP address and host name for the secondary site. Then,
restart the OS.
6. Use the MSuite to reconnect the primary and secondary sites.
l If the six-NIC scheme is used, configuring the system IP address and application IP
address to different network segments is recommended in order to ensure network fault
isolation. If the application IP address is modified, the application IP address and system
IP address are still on different network segments after the modification. Changing the
system IP address using commands is prohibited.
l Modifying IP addres information may result in network interruption. Perform this
operation only if you fully understand network conditions.
Step 2 Separate the primary site from the secondary site. For details, see C.6.2 Separating the
Primary Site from the Secondary Site.
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 4 Check the status of all resources. Ensure that the NMSServer resource of the primary site is
in the offline state and other resources are in the online state.
1. Check the status of all resources.
# hares -state -localclus
2. Make the NMSServer resource is in the OFFLINE state and other resources are in the
ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer
resource offline only after all resources are online.
– The command to check all resources group: # hagrp -state -localclus
– The command to online a resource group: # hagrp -online Group -sys hostname
– The command to offline a resource group: # hagrp -offline Group -sys hostname
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
Step 7 Optional: If the IP address is changed to one on another network segment, reconfigure the
route according to C.5.2 Configuring Routes.
Step 8 Perform the following operations on the server on which the host name and IP address are
changed to make the change take effect. Otherwise, the database and U2000 will function
incorrectly.
# hastart -onenode
# hagrp -offline AppService -sys hostname
If the host name is changed, the hostname in the above command is the host name modified.
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 10 Check the status of all resources. Ensure that the NMSServer resource of the secondary site is
in the offline state and other resources are in the online state.
1. Check the status of all resources.
# hares -state -localclus
2. Make the NMSServer resource is in the OFFLINE state and other resources are in the
ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer
resource offline only after all resources are online.
– The command to check all resources group: # hagrp -state -localclus
– The command to online a resource group: # hagrp -online Group -sys hostname
– The command to offline a resource group: # hagrp -offline Group -sys hostname
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
Step 14 Optional: If the IP address is changed to one on another network segment, reconfigure the
route according to C.5.2 Configuring Routes.
Step 15 Perform the following operations on the server on which the host name and IP address are
changed to make the change take effect. Otherwise, the database and U2000 will function
incorrectly.
# hastart -onenode
# hagrp -offline AppService -sys hostname
If the host name is changed, the hostname in the above command is the host name modified.
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
Step 16 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
----End
Prerequisites
l U2000 processes must have been stopped.
– For the Single-Server System (Windows), see A.10.8 How to End the Processes of
the U2000 Single-Server System on Windows.
– For the Single-Server System (Solaris), see A.10.11 How to End the Processes of
the U2000 Single-Server System on (Solaris).
– For the Single-Server System (SUSE Linux), see A.10.14 How to End the
Processes of the U2000 Single-Server System on (SUSE Linux).
– For the High Availability System (Solaris/SUSE Linux), see A.10.17 How to End
the U2000 Processes of the High Availability System (Solaris, PC Linux).
l The MSuite server and client are installed on the same computer or communicate with
each other properly.
Context
l In the high availability system (Veritas hot standby), if you need to modify the routes of
the primary and secondary sites, you need to log in to the MSuite servers of the primary
and secondary sites to perform the operation.
l On Solaris, if the MSuite client is not installed and you need to modify the default route,
see A.3.1.2 How to Add the Default Route. If the MSuite client is not installed and you
need to modify a static route, see A.3.1.3 How to Add a Static Route.
l On SUSE Linux, if the MSuite client is not installed and you need to modify the default
route, see A.2.4 How to manually Add the Default Route (SUSE Linux). If the
MSuite client is not installed and you need to modify a static route, see A.2.5 How to
manually Add a Static Route (SUSE Linux).
Modifying routing information may result in network interruption. Perform this operation
only if you fully understand network conditions.
NOTE
Configuring routes on Solaris OS is used as an example.
Procedure
Step 1 Ensure that the MSuite servers on the primary and secondary sites have been started.
Run the following command as the root user to check whether the MSuite servers are started:
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
# ps -ef | grep java
NOTE
If the displayed information contains /opt/oss/OSSJRE/jre_sol/bin/java -server in the Solaris system
and /opt/oss/OSSJRE/jre_linux/bin/java -server in SUSE Linux system, the MSuite servers have been
started.
If the MSuite servers have not been started, switch to the ossuser and run the following
commands as the root user to start the MSuite servers:
# su - ossuser
$ cd /opt/oss/engr/engineering
$ ./startserver.sh
Step 2 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 4 Right-click the target server and choose Configure Route from the shortcut menu. The
Configure Route dialog box is displayed.
Step 5 In the dialog box that is displayed, click Add or Delete according to actual route conditions to
configure the route.
Before adding a route, ensure that the server and the router are directly connected. Otherwise,
the route cannot be took effect immediately.
For example, the procedure for adding a route from a client (IP address: 10.70.73.77) to a
server (IP address: 10.71.224.12) is as follows, with the IP address of the intermediate router
being 10.71.224.1:
1. Ensure that the server and the router are directly connected.
2. Click Add. Set Destination to 10.70.73.0, Subnet Mask to 255.255.255.0, and
Gateway to 10.71.224.1.
Prerequisites
l Ensure that no client logins on the NMS server.
l Ensure that the NMS server programs are already stopped. For details, see Shutting
Down the U2000 Server in the relevant 3 Shutting Down a U2000 solution.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 3 Right-click the server whose network configuration needs to be synchronized and choose
Synchronize Network Configuration from the shortcut menu. A dialog box is displayed for
you to confirm the operation.
Step 4 Click OK. A progress bar showing the synchronization progress is displayed.
NOTE
If a message is displayed indicating that you confirm no client logins on the NMS server and stop the NMS
service manually, click OK to stop the configuration synchronization. Synchronize network configurations
after the prerequisites are met.
Step 5 When the system displays "Synchronize network configuration success", click OK.
----End
Follow-up Procedure
In a high availability system, reestablish the high availability relationship between the primary
and secondary sites after synchronizing network configurations.
1. On the primary and secondary sites, do as follows to check whether the VCS service has
been started:
# ps -ef | grep had
NOTE
If the displayed information contains /opt/VRTSvcs/bin/hashadow and /opt/VRTSvcs/bin/had -
onenode, the VCS service has been started. If the VCS service has not been started, run the
hastart -onenode command on the primary and secondary sites to start the VCS service.
2. Reestablish the high availability relationship between the primary and secondary sites.
For details, see C.6.1 Establishing the HA Relationship Between the Primary and
Secondary Sites.
Prerequisites
l A laptop computer or PC is available. A laptop computer or PC on which the remote
GUI desktop software has been installed is recommended. If no GUI desktop software is
available, you can only use commands to adjust network configurations.
l A network cable is available.
Context
For example, Table C-3 shows the server IP address and routing information after
preinstallation, as well as the server IP address and routing information that is required after
the server reaches the site.
Procedure
Step 1 Connect the laptop computer or PC to the U2000 server with the network cable.
NOTE
The IP addresses for the ETHERNET 0 interface on the M4000 or M5000 server are set by default during
the preinstallation.
Step 2 Change the IP address and subnet mask of the laptop computer or PC so that this IP address is
on the same network segment as the IP address of the U2000 server. For example, the IP
address is 10.71.224.13 and subnet mask is 255.255.254.0.
Step 3 Power on the U2000 server.
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, see A.8.1.2 How to
Start the Sybase Database Service.
3. After the processes are ended, log in to the MSuite client.
4. On the MSuite client, click the Server tab.
5. Right-click the server name and choose Change IP Address And Hostname from the
shortcut menu.
6. In the Change IP Address And Hostname dialog box, enter the new IP address and
subnet mask.
When changing the IP address, do not change the host name. Otherwise, the U2000 fails
to be started.
NOTE
If no GUI desktop software is available, you can only use commands to change the IP address.
1. Open a CLI on the PC or laptop connected to the server, and run the telnet command to log in to the
U2000 server OS as the ossuser user.
2. Run the following command to shut down the U2000:
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
3. Run the following command to change the IP address:
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy
-ip 127.0.0.1 -port 12212 -username admin modifyip -oldip ipaddress -newip
ipaddress -oldnetmask oldnetmask -newnetmask newnetmask
Enter the MSuite login password[]:
– The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for
system security, modify the default password and remember the new password. For details, see C.
3.1 Changing the Password of the MSuite.
– In this example, the value of ipaddress is 10.71.224.12, the value of ipaddress is 10.70.67.17, and
the value of netmask is 255.255.254.0.
4. Enter an IP address as the default route in the file. In this example, the default route is
10.70.67.1.
5. Run the :wq command to save and close the file.
Step 7 Log in to the Solaris OS as the root user. Run the netstat -nr command to view the default
route of the system.
Step 8 Disconnect the PC from the U2000 server and connect the U2000 server to the network.
----End
Prerequisites
l A laptop computer or PC is available.
l A network cable is available.
Context
For example, Table C-4 shows the server IP address and routing information after
preinstallation, as well as the server IP address and routing information that is required after
the server reaches the site.
Procedure
Step 1 On the rear board on the U2000 server, select a network interface configured with system IP
and use a network cable to connect the network interface and the PC.
NOTE
During preinstallation, the system IP is configured for network interfaces marked as 1 by default.
Step 2 Change the IP address and subnet mask of the laptop computer or PC so that this IP address is
on the same network segment as the IP address of the U2000 server. For example, the IP
address is 10.71.224.13 and subnet mask is 255.255.254.0.
Step 3 Power on the U2000 server.
Step 4 Perform the following operations to modify the IP address:
1. On the PC or laptop directly connected to the U2000 server, use VNC to log in to the OS
as the ossuser user.
2. Open a terminal window and run the following commands to end U2000 processes.
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, see A.8.1.2 How to
Start the Sybase Database Service.
3. After the processes are ended, log in to the MSuite client.
4. On the MSuite client, click the Server tab.
5. Right-click the server name and choose Change IP Address And Hostname from the
shortcut menu.
6. In the Change IP Address And Hostname dialog box, enter the new IP address and
subnet mask.
When changing the IP address, do not change the host name. Otherwise, the U2000 fails
to be started.
4. Enter an IP address as the default route in the file. In this example, the default route is
10.70.67.1.
5. Run the :wq command to save and close the file.
Step 6 Run the following commands to restart the server:
# sync;sync;sync;sync
# shutdown -r now
Step 7 Log in to the SUSE Linux OS as the root user. Run the netstat -nr command to view the
default route of the system.
Step 8 Disconnect the PC from the U2000 server and connect the U2000 server to the network.
----End
Prerequisites
l A laptop computer or PC is available. A laptop computer or PC on which the remote
GUI desktop software has been installed is recommended. If no GUI desktop software is
available, you can only use commands to adjust network configurations.
l A network cable is available.
Context
For example, Table C-5 shows the server IP address and routing information after
preinstallation, as well as the server IP address and routing information that is required after
the server reaches the site.
Procedure
Step 1 Connect the laptop computer or PC to the U2000 server with the network cable.
NOTE
The IP addresses for the ETHERNET 0 interface on the M4000 or M5000 server are set by default during
the preinstallation.
Step 2 Change the IP address and subnet mask of the laptop computer or PC so that this IP address is
on the same network segment as the IP address of the U2000 server. For example, the IP
address is 10.71.224.13 and subnet mask is 255.255.254.0.
Ensure that the U2000 is shut down. If the U2000 has been started, shut it down by referring to
3.5.1 Stopping the U2000 Server Processes.
3. Start the MSuite client.
4. On the MSuite client, click the Server tab.
5. Right-click the server name and choose Change IP Address And Hostname from the
shortcut menu.
6. In the Change IP Address And Hostname dialog box, enter the new IP address and
subnet mask.
When changing the IP address, do not change the host name. Otherwise, the U2000 fails
to be started.
If no GUI desktop software is available, you can use commands to change the IP address. Details are as
follows:
1. Open a CLI on the PC or laptop connected to the server, Use the PuTTY to log in to the U2000 server OS
as the root user.
2. Run the following command to start the database:
# hares -online BackupServer -sys hostname
3. Switch to the ossuser user.
# su - ossuser
4. Run the following command to change the IP address:
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy
-ip 127.0.0.1 -port 12212 -username admin modifyip -oldip ipaddress -newip
ipaddress -oldnetmask oldnetmask -newnetmask newnetmask
Enter the MSuite login password[]:
– The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for
system security, modify the default password and remember the new password. For details, see C.
3.1 Changing the Password of the MSuite.
– In this example, the value of ipaddress is 10.71.224.12, the value of ipaddress is 10.70.67.17, and
the value of netmask is 255.255.254.0.
4. Enter an IP address as the default route in the file. In this example, the default route is
10.70.67.1.
5. Run the :wq command to save and close the file.
# sync;sync;sync;sync
Step 7 Log in to the Solaris OS as the root user. Run the netstat -nr command to view the default
route of the system.
Step 8 Disconnect the PC from the U2000 server and connect the U2000 server to the network.
Step 9 Perform Step 1 to Step 8 on the secondary site to change the IP address and route of the
secondary site.
Step 10 Log in to the primary site and connect the primary and secondary sites to establish a high
availability system. For details, see C.6.1 Establishing the HA Relationship Between the
Primary and Secondary Sites.
----End
Prerequisites
l A laptop computer or PC is available. A laptop computer or PC on which the remote
GUI desktop software has been installed is recommended. If no GUI desktop software is
available, you can only use commands to adjust network configurations.
l A network cable is available.
Context
For example, Table C-6 shows the server IP address and routing information after
preinstallation, as well as the server IP address and routing information that is required after
the server reaches the site.
Procedure
Step 1 On the rear board on the U2000 server, select a network interface configured with system IP
and use a network cable to connect the network interface and the PC.
NOTE
During preinstallation, the system IP is configured for network interfaces marked as 1 by default.
Step 2 Change the IP address and subnet mask of the laptop computer or PC so that this IP address is
on the same network segment as the IP address of the U2000 server. For example, the IP
address is 10.78.217.110 and subnet mask is 255.255.254.0.
Ensure that the U2000 is shut down. If the U2000 has been started, shut it down by referring to
3.6.1 Stopping the U2000 Server Processes.
3. Start the MSuite client.
4. On the MSuite client, click the Server tab.
5. Right-click the server name and choose Change IP Address And Hostname from the
shortcut menu.
6. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.
If no GUI desktop software is available, you can use commands to change the IP address. Details are as
follows:
1. Open a CLI on the PC or laptop connected to the server, Use the PuTTY to log in to the U2000 server OS
as the root user.
2. Run the following command to start the database:
# hares -online BackupServer -sys hostname
3. Switch to the ossuser user.
# su - ossuser
4. Run the following command to change the IP address:
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy
-ip 127.0.0.1 -port 12212 -username admin modifyip -oldip ipaddress -newip
ipaddress -oldnetmask oldnetmask -newnetmask newnetmask
Enter the MSuite login password[]:
– The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for
system security, modify the default password and remember the new password. For details, see C.
3.1 Changing the Password of the MSuite.
– In this example, the value of ipaddress is 10.78.217.138, the value of ipaddress is 10.70.67.17, and
the value of netmask is 255.255.254.0.
4. Enter an IP address as the default route in the file. In this example, the default route is
10.70.67.1.
5. Run the :wq command to save and close the file.
Step 6 Optional: In the 6-NIC scheme, the system IP address and application IP address are on
different network segments, and the default route for the OS is the application route. For
details about how to add a route for the system IP address, see C.5.2 Configuring Routes.
Step 7 Restart the OS to make the settings take effect.
# hares -offline BackupServer -sys hostname
# hares -offline DatabaseServer -sys hostname
----End
Prerequisites
l The preceding steps for installing the primary and secondary sites must be complete.
l Database administrator password, and database NMS user password must be the same on
the primary and secondary sites.
l The user id of the ossuser must be the same on the primary and secondary sites and the
user id of the dbuser must be the same on the primary and secondary sites. If not, see A.
10.68 How Do I Modify the ossuser or dbuser ID at the Secondary Site to Be the
Same as that at the Primary Site.
l The operations on the primary and secondary sites must be the same.
l Ensure that the network between the primary and secondary sites is smooth.
l MSuite client on the secondary site must be logged out of.
l Ensure that the host names of primary and secondary sites are different.
l Ensure that VVR and Msuit ports can be connected.
l If the firewall is deployed on the network between the primary and secondary sites in a
HA system or between the U2000 server and NEs, configure the firewall in advance to
permit ICMP packets.
l If the firewall is deployed on the network between the primary and secondary sites in a
HA system, bidirectional interfaces must be enabled, that is, related interfaces that
forward traffic from the primary to secondary site and vise versa must be enabled to
ensure normal connections between two sites.
Context
Log in to only the MSuite server at the primary site to perform the operation described in this
topic.
Procedure
Step 1 Ensure that the MSuite server on the primary and secondary sites have been started.
Run the following command as the root user to check whether the MSuite servers are started:
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
# ps -ef | grep java
NOTE
If the displayed information contains /opt/oss/OSSJRE/jre_sol/bin/java -server in the Solaris system
and /opt/oss/OSSJRE/jre_linux/bin/java -server in SUSE Linux system, the MSuite servers have been
started.
If the MSuite servers have not been started, switch to the ossuser and run the following
commands as the root user to start the MSuite servers:
# su - ossuser
$ cd /opt/oss/engr/engineering
$ ./startserver.sh
Step 2 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 3 Choose Deploy > Synchronize Primary and Secondary Sites from the main menu. The
Synchronize the primary and secondary sites dialog box is displayed.
Step 4 Enter the IP address and the MSuite password of the remote site, and then click OK.
NOTE
Step 5 Click OK. A progress bar is displayed indicating the synchronization progress between the
primary and secondary sites. Wait approximately 20 minutes until a dialog box is displayed
indicating that the synchronization is completed.
Step 6 Click OK to set up a connection between the primary and secondary sites.
Step 7 During data replication, run the following command repeatedly to check the status of data
replication. If the MSuite prompts Replication status:finish, data replication is complete.
In Solaris or SUSE Linux OS, run the following command:
# vradmin -g datadg repstatus datarvg
Replicated Data Set: datarvg
Primary:
Host name: 10.9.1.1
RVG name: datarvg
DG name: datadg
RVG state: enabled for I/O
Data volumes: 1
VSets: 0
SRL name: srl_vol
SRL size: 1.00 G
Total secondaries: 1
Secondary:
Host name: 10.9.1.2
RVG name: datarvg
DG name: datadg
Data status: inconsistent
Replication status: resync in progress (autosync)
Current mode: asynchronous
Logging to: DCM (contains 28742784 Kbytes) (autosync)
Timestamp Information: N/A
NOTE
----End
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin buildHA -
secondaryip Application IP address of the peer
site
Enter the MSuite login password[]:
Enter the remote node maintenance suite password[]:
NOTE
The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for
system security, modify the default password and remember the new password. For details, see C.
3.1 Changing the Password of the MSuite.
Prerequisites
l Ensure the installation directory has enough available space. In the Solaris or SUSE
Linux OS, you can run the df -hk /opt command to view the remaining space of the /opt
directory.
l On Solaris or SUSE Linux OS, you must ensure that the U2000 and the database have
been shut down.
a. Ensure that the U2000 is not running.
i. Run the following command to change to ossuser user.
# su - ossuser
ii. Run the following command to check the running status of the U2000 process:
$ daem_ps
iv. Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE
NOTE
hostname specifies the server name. You can run the hostname command to view the
server name.
iii. Run the following command to check whether the Sybase database service is
disabled:
# ps -ef | grep sybase
If the following message is displayed, the Sybase database service has been
disabled:
root 9629 14603 0 07:46:52 pts/3 0:00 grep sybase
l Data duplication is complete between the primary or secondary site in the high
availability system.
On the primary or secondary site, run the following command to check the system status:
# vradmin -g datadg repstatus datarvg
l Ensure that the MSuite server on the primary site and secondary site have started.
Context
If either the primary or secondary site needs to be restored as an independent one, start the
MSuite server only on the involved site and then perform the separation operation.
After this operation is performed for a U2000 HA system, HA fails and the U2000 application
running on the primary and secondary sites preempt to be the active one.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 Choose Deploy > Separate Primary Site from Secondary Site. The Warning dialog box is
displayed.
Step 3 Click Yes. Then click Yes in the Warning dialog boxes displayed. The progress bar is
displayed indicating the status of separating the primary and secondary sites. Wait until the
dialog box is displayed indicating that the separation is complete.
----End
On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su - ossuser
command to switch to the ossuser user to run the following command.):
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin splitHA
Enter the MSuite login password[]:
NOTE
The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for system
security, modify the default password and remember the new password. For details, see C.3.1 Changing
the Password of the MSuite.
Follow-up Procedure
l If iptables listening has been added, the related command should be executed to clear the
replication/heartbeat IP addresses monitored by iptables after the primary and secondary
sites are separated. To check whether the IP addresses to be monitored by iptables are
added or not, and to clear the peer end's heartbeat and replication IP addresses monitored
by iptables, seeA.10.67 How Do I Configure iptables Listening for a Solaris/Linux
HA System.
l To re-establish the high availability system, you must perform synchronization between
the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites..
Prerequisites
l If the system is in the primary-primary state, ensure that the communication between the
primary and secondary sites has recovered before your perform this operation.
Context
l Do not perform this operation if the HA system works in the normal state. Otherwise, an
exception may occur in the HA system.
l Do not perform this operation if the resource group AppService at the primary and
secondary sites are in starting the online process. Otherwise, an exception may occur in
the HA system.
l If you log in to the MSuite server of the primary site to perform this operation, the
primary site becomes the active site after the operation. If you log in to the MSuite server
of the secondary site to perform this operation, the secondary site becomes the active site
after the operation.
Forcibly configuring the current server as the primary site will close the secondary site. If the
secondary site is monitoring the primary site and a fault occurs on the primary site, this
configuration will fail, during which the network cannot be monitored for a short period of
time.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 3 Click OK. Then, the current server is configured to function as the active server.
----End
On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su - ossuser
command to switch to the ossuser user to run the following command.):
$ cd /opt/oss/client/engineering
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin forcePrimary
Enter the MSuite login password[]:
NOTE
The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for system
security, modify the default password and remember the new password. For details, see C.3.1 Changing
the Password of the MSuite.
Prerequisites
The HA system is running properly. The primary and secondary sites are connected.
Context
Data replication status can only be checked on the MSuite of the primary site.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 Choose Deploy > Monitor HA Status from the main menu. The Monitor the Status dialog
box is displayed.
Step 3 Optional: Click View to view the historical records of the primary and secondary sites.
NOTE
l Only the last 30 pieces of historical records are reserved in the U2000.
l The status of each HA system indicator is displayed. You can click detail info to view details or
restoration suggestions.
Step 4 Click check now to view the current information about the primary and secondary sites.
NOTE
l You are advised to perform an active/standby switchover after checking that the HA system status is
normal.
l When the HA system status is abnormal, you can click Yes in the Prompt dialog box to forcibly perform
an active/standby switchover.
----End
Context
Veritas cluster management provides the following functions:
l Bring a resource online
l Taking a resource offline
l Locking or unlocking a resource
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 Choose Deploy > Veritas Cluster Manager. The Veritas Cluster Manager dialog box is
displayed.
NOTE
l You can check the status of a resource or a resource group according to the preceding figure.
l Messages triggered during an operation and the operation result will be displayed in the lower part.
----End
Prerequisites
The formal Veritas License must be obtained.
Context
You need to replace the demo licenses on the NMS servers at both the primary and secondary
sites with formal Veritas licenses. When the primary and secondary sites are separated, update
the Veritas license on the primary and secondary sites and then connect the primary and
secondary sites.
To ensure network security, obtain written authorization from the customer before collecting
fault information. In addition, you must obey local laws or Huawei user privacy policies and
take appropriate measures to ensure that user privacy data is fully protected.
Procedure
l Through the GUI:
a. Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite
Client.
b. Choose Deploy > Update VRTS Licenses.
c. In the Update VRTS Licenses dialog box, enter the new licenses.
d. Click OK.
NOTE
A message asking you to restart the OS and indicating that the Veritas licenses must be updated at
both the primary and secondary sites is displayed.
e. Click OK.
f. Choose System > Exit from the main menu. The Exit dialog box is displayed.
g. Click OK.
h. See 3.5.1 Stopping the U2000 Server Processes and 3.5.2 Shutting Down the
Database to power off the U2000 and the database.
i. Log in to the OS as the ossuser user.
j. Run the following command to switch to the root user
$ su - root
Password: Password of the root user
l. To check whether the VCS service is stopped, run the following command:
# ps -ef|grep had
NOTE
If the had and hadshadow processes are not displayed, the VCS service is successfully
stopped; otherwise, run the kill -9 process ID command to stop the associated processes.
m. To restart the OS, run the following commands:
# sync;sync;sync;sync
# shutdown -y -g0 -i6
n. After the secondary site is restarted, repeat the preceding operations at the primary
site to replace the Veritas licenses at the primary site.
o. Refer to Connecting the Primary and Secondary Sites to connect the primary and
secondary sites.
l Through the CLI:
a. Log in to the OS as the ossuser user.
b. Run the following command to switch to the root user
$ su - root
Password: Password of the root user
c. To back up all the License files in the /etc/vx/licenses/lic path, run the following
commands:
# mkdir /export/home/licenses
# cp /etc/vx/licenses/lic/*.vxlic /export/home/licenses
e. Enter the new License key. The new License key is in the format of XXXX-XXXX-
XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-X. Then, press Enter.
NOTE
h. See 3.5.1 Stopping the U2000 Server Processes and 3.5.2 Shutting Down the
Database to power off the U2000 and the database.
i. To stop the VCS service, run the following commands:
# cd /opt/VRTSvcs/bin
# hastop -local -force
j. To check whether the VCS service is stopped, run the following command:
# ps -ef|grep had
NOTE
If the had and hadshadow processes are not displayed, the VCS service is successfully
stopped; otherwise, run the kill -9 process ID command to stop the associated processes.
k. To restart the OS, run the following commands:
# sync;sync;sync;sync
# shutdown -y -g0 -i6
l. After the secondary site is restarted, repeat the preceding operations at the primary
site to replace the Veritas licenses at the primary site.
m. Refer to Connecting the Primary and Secondary Sites to connect the primary and
secondary sites.
----End
Prerequisites
The formal Veritas License must be obtained.
The primary and secondary sites have been separated.
Context
You need to replace the demo licenses on the NMS servers at both the primary and secondary
sites with formal Veritas licenses. When the primary and secondary sites are separated, update
the Veritas license on the primary and secondary sites and then connect the primary and
secondary sites.
To ensure network security, obtain written authorization from the customer before collecting
fault information. In addition, you must obey local laws or Huawei user privacy policies and
take appropriate measures to ensure that user privacy data is fully protected.
Procedure
l Through the GUI:
a. Log in to the MSuite client on the secondary site. For details, see C.2.2 Logging In
to the MSuite Client.
b. Choose Deploy > Update VRTS Licenses.
c. In the Update VRTS Licenses dialog box, enter the new licenses.
d. Click OK.
NOTE
A message asking you to restart the OS and indicating that the Veritas licenses must be updated at
both the primary and secondary sites is displayed.
e. Click OK.
f. See 3.6.1 Stopping the U2000 Server Processes and 3.5.2 Shutting Down the
Database to power off the U2000 and the database.
g. To restart the OS, run the following commands:
After performing the preceding step, wait for about 5 minutes and perform this step.
# hastart -onenode
# hagrp -offline AppService -sys hostname
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
h. After the secondary site is restarted, repeat the preceding operations at the primary
site to replace the Veritas licenses at the primary site.
i. Refer to Connecting the Primary and Secondary Sites to connect the primary and
secondary sites.
l Through the CLI:
a. Log in to the OS as the root user.
b. To back up all the License files in the /etc/vx/licenses/lic path, run the following
commands:
# mkdir /export/home/licenses
# cp /etc/vx/licenses/lic/*.vxlic /export/home/licenses
d. Enter the new License. The new License key is in the format of XXXX-XXXX-
XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-X. Then, press Enter.
NOTE
g. See 3.6.1 Stopping the U2000 Server Processes and 3.5.2 Shutting Down the
Database to power off the U2000 and the database.
h. To restart the OS, run the following commands:
After performing the preceding step, wait for about 5 minutes and perform this step.
# hastart -onenode
# hagrp -offline AppService -sys hostname
# cd /opt/VRTSvcs/bin
# hastop -local -force
# sync;sync;sync;sync
# shutdown -r now
i. After the secondary site is restarted, repeat the preceding operations at the primary
site to replace the Veritas licenses at the primary site.
j. Refer to Connecting the Primary and Secondary Sites to connect the primary and
secondary sites.
----End
Context
You can use the MSuite only on the primary site to monitor the data replication status.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 Choose Deploy > Monitor Replication Status. The Monitor Replication Status window is
displayed and the MSuite starts querying the data replication status.
l After the data replication, the The rlink status is displayed as Data staus: consistent,
up-to-date.
l If the message Data replication between the primary and secondary sites is
interrupted. Possible causes are as follows: is displayed, run the following command
as the root user and determine the cause of the problem based on the echo information.
# vradmin -g datadg repstatus datarvg
l If close the Monitor Replication Status window, the MSuite stops querying the data
replication status.
----End
After using the SSL encryption mechanism, an encrypted communication channel is set up
between the client and the server. An SSL certificate provides the following functions:
l Data encryption: After a key is negotiated using a handshake protocol, all the transmitted
messages are encrypted using a single-key encryption algorithm, such as AES or 3DES.
l Identity authentication: A public key encryption algorithm, such as Revest-Shamir-
Adleman Algorithm (RSA) or Digital Signature Standard (DSS), is used to add
signatures to all the involved communication parties.
l Data integrity guarantee: A hash algorithm, such as Secure Hash Algorithm (SHA) or
Message Digest Algorithm 5 (MD5), is used to generate a digest and Message
Authentication Code (MAC) and add digital signatures to all messages transmitted. This
guarantees the data integrity of the messages.
The U2000 server can be an SSL client or an SSL server based on different roles for SSL
communication.
OSS
SSL/HTTPS
Network Management Layer
SSL/HTTPS
U2100/T2100
U2000 Server
SSL/HTTPS
l .p12/.pfx: Identity certificate of the PKCS12 type. (It describes the syntax of packaging
users' public keys, private keys, certificates, and other related information and the public
key encryption standards.) The key library and private keys are protected by using the
same password. The file contains certificates and private keys and is protected by
password. When obtaining an identity certificate in this format, users must obtain the
password for the certificate at the same time.
l .jks/.ks: Identity certificate of the JKS type. (It is the Java version of the key library.) The
key library and private keys are protected by using different passwords.
l .cer/.crt: Trust certificate, that is, the identity certificate of the CA. It indicates the
original format of certificates or private keys. Identity certificates and trust certificates
in .cer/.crt format are automatically saved to PEM files (in ASCII format).
l .crl: Certificate revocation list file that describes which identity certificates are revoked.
The identity certificate (.cer) and certificate revocation list file (.crl) of the CA are
trustworthy, which need to be added to the trust certificate list and certificate revocation
list of the server and client respectively.
VeriSign. The reason is that the validity period of public network certificates is short, and you
need to purchase the certificates again after they expire, resulting in large cost. Public network
certificates are not applicable to internal network applications.
By default, the U2000 uses Huawei preconfigured digital certificates that are used only for
temporary communications and are not recommended for commercial use. If you need to
replace the preconfigured certificates of the U2000, determine which applications use SSL for
communication and obtain the desired replacement certificates in any of the following
methods. Ensure that the SSL client and server certificates are all replaced.
l Method 1: If a carrier has its own CA, apply for a general SSL client and server identity
certificate from the CA and obtain the corresponding CA trust certificate.
l Method 2: Use tools, such as OpenSSL and xCa to make digital certificates required by
the U2000.
When the U2000 is interconnected with third-party systems, to keep compatible with old
systems, the signature algorithm of the preconfigured certificate which poses security risks.
You are advised to replace the preconfigured certificates on the U2000 and NEs.
l Use RSA keys. Currently, the U2000 does not support DSA or ECDSA keys.
l It is recommended that the length of the SSL client and server keys be 2048 bits and the
length of CA keys be 4096 bits.
l The signature algorithm sha256RSA is recommended.
l For internal systems, it is recommended that the validity period of the CA trust
certificate be greater than 50 years and the validity period of the SSL client and server
identity certificates be set to 25 years. Generally, the validity period must be greater than
the equipment life cycle, avoiding frequent certificate replacement after the certificates
expire.
For security hardening concerns, the U2000 does not support some weak algorithms, for
example, RC2. If you use OpenSSL to combine certificates and private keys to a .p12 file,
you need to add the descert parameter to the command used for exporting the .p12 file. That
is because OpenSSL by default uses the RC2-40 algorithm to encrypt digital certificates and
the 3DES algorithm to encrypt private keys. The following shows a command example:
Prerequisites
l You have obtained the trust certificate (rootCA.cer, subCA1.cer) and identity certificate
(server.p12) used by the server and the encryption password for the identity certificate.
l The SSL certificates have been backed up.
l Use the FTP to upload the new SSL certificate files (server.p12, rootCA.cer and
subCA1.cer) to the following directory on the U2000 server as the ossuser user before
you replace the SSL certificate of server.
– Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris or SUSE Linux OS is installed in /opt/
oss. If the U2000 is not installed in partition /opt, change the partition in the directory
accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this
case, you need to upload files to the backup directory in the FTP root directory as the
ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy
files to the target directory as the ossuser user.
– Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is
not installed in partition D, change the partition in the directory accordingly.
Place only the certificate files server.p12, rootCA.cer and subCA1.cer in this directory.
Do not place other files in it. Otherwise, the certificate replacement script will fail to be
executed.
Context
l By default, the U2000 client authenticates the U2000 server, but the U2000 server does
not authenticate the U2000 client.
l The Huawei-predefined SSL certificates used to safeguard communication between the
U2000 server and client are located in the following directory:
– On Solaris or SUSE Linux OS: /opt/oss/server/etc/ssl.
– On Windows OS: D:\oss\server\etc\ssl.
l The MSuite and the U2000 use the same SSL certificates.
l In a high availability system (Veritas hot standby) scheme, replace certificates on the
servers of the primary and secondary sites.
l The following script-based replacement procedure assumes that your OS is Solaris or
SUSE Linux OS. If your OS is Windows, replace the certificates for the U2000 server in
a similar way.
After SSL Certificates for the U2000 server have been replaced, you may fail to log in to
the MSuite.
Procedure
l Replace SSL certificates for the U2000 server through the GUI.
a. Log in to the MSuite client from the U2000 server. For details, see C.2.2 Logging
In to the MSuite Client.
b. Choose Certificate File Management > Internal NMS Certificate.
c. In the Certificate Configuration dialog box, select the SSL certificates to be
replaced and click ReplaceAll.
d. In the Information Confirmation dialog box, enter the PFX password.
NOTE
The new encryption password for the identity certificate must meet the following
requirements:
l The password contains a minimum of 8 characters and a maximum of 20 characters.
l At least one space or one special character: `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
l At least two of the following combinations: lowercase letters a to z, uppercase letters
A to Z, and digits 0 to 9.
l The password cannot be the same as the user name or the reverse of the user name.
e. Click OK.
f. Because the MSuite reuses the U2000 digital certificates, restart the MSuite server
for the certificates to take effect.
l Replace SSL certificates for the U2000 server using a script.
a. Use the PuTTY to log in to the U2000 server in SSH mode as the ossuser user.
b. Run the following command to end the U2000 processes:
Single-Server System:
$ cd /opt/oss/server/platform/bin
$ ./stopnms.sh
NOTE
The certificates can be backed up to an absolute or relative directory. The following steps
assume that the certificates are backed up to /opt/backup/dbbackup/ssl.
e. Run the following command to replace the certificates used by the U2000 server (as
the root user):
$ ssl_adm -cmd replace_certs -dir /opt/oss/server/certs
NOTE
f. Enter the new identity certificate old password, the new identity certificate new
password and reenter the new identity certificate new password, press Enter.
NOTE
g. Optional: If you need to use the iNBIXMLSoapAgent process, run the following
commands to change the certificate password for the process:
$ cd /opt/oss/server/nemgr/nemgr_access/scriptsinstall
$ ./postRepalceCert.sh
NOTE
If you do not perform this step, the iNBIXMLSoapAgent process will fail to start up after
certificates are replaced on the U2000 server.
h. After the certificates are successfully replaced, run the following commands to
import environment variables and update the CAU configuration data (as the
ossuser user).
$ cd /opt/oss/cau/bin/
$ ./cau.sh
i. Run the following commands to start U2000 processes for the replacement to take
effect:
Single-Server System (as the ossuser user):
$ cd /opt/oss/server/platform/bin
$ ./startnms.sh
----End
Follow-up Procedure
l After the SSL digital certificates on the server and clients are replaced, delete the
webrenderer cache directory C:\Users\%username%\thirdparty\webrender manually
on all clients and restart the client processes. Otherwise, functions depending on
webrenderer may fail.
NOTE
If the C:\Users\%username%\thirdparty\webrender directory does not exist, skip this step.
l After the trust and identity certificates used by the U2000 server are successfully
replaced, delete certificate files from /opt/oss/server/certs on the U2000 server.
l After the trust and identity certificates used by the U2000 server are successfully
replaced, replace the trust and identity certificates used by the U2000 client as well.
Prerequisites
l You have obtained the trust certificate (rootCA.cer, subCA1.cer) used by the client.
l The identity certificate (client.p12) used by the client and the encryption password for
the identity certificate have been obtained. This point must be met if the default settings
have been modified to make the U2000 server authenticate the U2000 client.
l The certificate revocation list file revoke.crl has been obtained. This point must be met
if the certificate revocation list also needs to be replaced.
l The SSL certificates of U2000 server have been replaced and the U2000 client is not
running.
Context
l By default, the U2000 client authenticates the U2000 server, but the U2000 server does
not authenticate the U2000 client. Therefore, the U2000 client is equipped with the trust
certificate but not equipped with the identity certificate.
l The SSL certificates predeployed by Huawei for the U2000 client are stored in the
following paths: client\client\style\defaultstyle\conf\ssl.
Procedure
Step 1 Copy the certificate files to be replaced to a directory (for example, D:\certs) on the U2000
client.
Step 3 Optional: Click the ID Certificate tab and click next to File Name. In the dialog box
that is displayed, select the identity certificate client.p12 and click Open. In the PFX
Password text box, enter the encryption password for the identity certificate.
NOTE
By default, the U2000 server does not authenticate the U2000 client, which eliminates the need to
replace the identity certificate used by the U2000 client after the replacement of trust and identity
certificates for the server. If the U2000 server is enabled to authenticate the U2000 client, the identity
certificate used by the U2000 client must be replaced after the replacement of trust and identity
certificates for the server.
Step 4 Click the Trust Certificate tab and click Add. In the dialog box that is displayed, select trust
certificate and click Open.
Step 5 Optional: Click the Certificate Revocation List tab and click Add. In the dialog box that is
displayed, select the certificate revocation list file and click Open.
----End
Follow-up Procedure
Start the client and log in to the client in SSL mode to verify that certificates are updated
successfully.
l If the login is successful, certificates are updated successfully.
l If the login fails, certificates fail to be updated. Contact Huawei technical engineers for
assistance.
Prerequisites
l You have obtained the SSL certificates and encryption passwords from a trusted institute.
– The client.p12 contains the client certificate file and key file. The password for
encrypting the file needs to be obtained.
– The server.p12 contains the server certificate file and key file. The password for
encrypting the file needs to be obtained.
– The rootCA.cer and subCA1.cer contains the files issued by the client, server, and
upper-layer system.
l Use the FTP to upload the new SSL certificate files (server.p12, rootCA.cer and
subCA1.cer) to the following directory on the U2000 server as the ossuser user before
you import the SSL certificate.
– Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/
oss. If the U2000 is not installed in partition /opt, change the partition in the directory
accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this
case, you need to upload files to the backup directory in the FTP root directory as the
ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy
files to the target directory as the ossuser user.
– Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is
not installed in partition D, change the partition in the directory accordingly.
Context
l The U2000 communicates with NEs. The U2000 is on the SSL client side and uses the
client certificate. NEs are on the SSL server side and use the server certificate. The SSL
certificate for NEs needs to be deployed through the U2000.
l The SSL certificate predeployed by Huawei for the communication between the U2000
and NEs are stored in the following paths:
– In Solaris or SUSE Linux OS: /opt/oss/server/etc/ssl/nemanager/default
– In Windows OS: D:\oss\server\etc\ssl\nemanager\default
l The SSL certificate deployment for VRP8-based OSN 9800s need to see How Do I
Deploy Security Certificates for VRP8-based OSN 9800s.
l In a high availability system scheme, import certificates on the servers of the primary
sites.
Procedure
l Import an SSL certificate for the U2000 and NE through the GUI.
a. Log in to the MSuite client from the U2000 server. For details, see C.2.2 Logging
In to the MSuite Client.
b. Choose Certificate File Management > SBI Certificate.
c. In the Certificate Configuration dialog box, click Import.
d. In the Import Certs dialog box, click the ID Certificate tab and configure the SSL
Client and SSL Server identity certificates.
ii. In the SSL Client Cert area, click next to File Name. In the Select Certs
dialog box, select a certificate and click OK.
iii. In the SSL Client Cert area, enter the encryption password of an SSL client
identity certificate in the PFX Password text box.
iv. In the SSL Server Cert area, click next to File Name. In the Select Certs
dialog box, select a certificate and click OK.
v. In the SSL Server Cert area, enter the encryption password of an SSL server
identity certificate in the Password text box.
vi. In the text box on the right of Certs backup path, enter the directory name.
e. Click the Trust Certificate tab, and click Add. In the Select Certs dialog box,
select the trust certificate and click OK.
f. Optional: Click the Certificate Revocation List tab and click Add. In the Select
Certs dialog box, select the revocation certificate and click OK.
If the SSL certificate is revoked, the U2000 cannot communicate with NEs in SSL
mode after the U2000 is restarted. Exercise caution.
j. Load these certificates to the NE using the DC board-level software and activate
them.
By default, the DC accounts of NEs are blank, after enter the Board Software
Upgrade, the navigator tree cannot automatically filter the NE list of the subnet. You
need to configure the DC account of the NE in the DC Login User Management
(Choose Administration > NE Security Management > NE Login Management)
first, then enter the Board Software Upgrade again, the navigator tree will filter the
specific NEs.
iii. Right-click a desired NE in the navigation tree and choose Login NE from the
shortcut menu.
NOTE
You can also choose Set Login Account from the shortcut menu and set Login User
and Password in the dialog box that is displayed.
iv. Right-click the NE and choose Query Board from the shortcut menu. Then
board information about the NE is displayed.
NOTE
It may take a period of time for the board information to display, which is normal.
vi. Select the check box before the desired main control board and click
to add the board to the operation list.
vii. In the Upgrade Version field, click . The Board software setting window
is displayed.
viii. Set the software load type to Certificate and click Add Software. The Choose
File window is displayed.
NOTE
You can click Add Software to add multiple files at the same time.
ix. In the Choose File dialog box, select the CA.CRT, CERTNE.CRT,
CERTNE.KEY, and SSLCFG.KEY certificates.
NOTE
l If you want to load these certificates to the NE, please remember to copy them to
the root directory for the FTP.
l If the file path contains non-alphanumeric characters, you may fail to access the
file.
l Enter the correct IP address of the SFTP/FTP server, user name, password, and
port. Then, click . After the successful connection, you can access the files on
the FTP server. To use the FTP protocol, enter port 21. To use the SFTP (more
secure, recommended) protocol, enter port 22.
x. In the Board software setting dialog box, click OK. The upgrade software
selection is complete.
xi. Select a board in the Operation List, and click Start.
NOTE
During the process, you can click Stop to stop the loading.
xii. When the loading is complete, click Activate. The Warning dialog box is
displayed. Confirm whether to activate the software.
xiii. Click Yes to start activating the software.
xiv. After the activation, the Operation Result dialog box is displayed indicating
that the activation succeeds. Click Close.
l Import an SSL certificate for the U2000 and NE using commands.
a. Start importing the identity certificate and trust certificate scripts.
n Solaris/SUSE Linux (as the ossuser user):
$ . /opt/oss/server/svc_profile.sh
$ cd /opt/oss/server/tools/trans_cert_tool
$ ./ssl_cert_adm.sh -cmd import user -client_cert client.p12 -pfxpwd
password1 -server_cert server.p12 -pfxpwd password2 -trust trust.cer
NOTE
user indicates the name of the folder in which SSL certificates are stored. password1
and password2 indicate the encrypted password for the SSL Client and SSL Server
certificates.
n Windows:
>cd /d d:\oss\server\tools\trans_cert_tool
>ssl_cert_adm.bat -cmd import user -client_cert client.p12 -pfxpwd
password1 -server_cert server.p12 -pfxpwd password2 -trust trust.cer
NOTE
user indicates the name of the folder in which SSL certificates are stored. password1
and password2 indicate the encrypted password for the SSL Client and SSL Server
certificates.
b. Optional: Start the CRL configuration script.
n Solaris/SUSE Linux (as the ossuser user):
$ . /opt/oss/server/svc_profile.sh
$ cd /opt/oss/server/tools/trans_cert_tool
$ ./ssl_cert_adm.sh -cmd add_revoke user revoke.crl
NOTE
user indicates the name of the folder in which SSL certificates are stored.
n Windows:
>cd /d d:\oss\server\tools\trans_cert_tool
>ssl_cert_adm.bat -cmd add_revoke user revoke.crl
NOTE
user indicates the name of the folder in which SSL certificates are stored.
c. Check that the U2000 generates the necerts folder in the certificate directory and
this folder contains the CA.CRT, CERTNE.CRT, CERTNE.KEY, and
SSLCFG.KEY certificates.
d. Load these certificates to the NE using the DC board-level software and activate
them.
Load certificates and activate them.
i. Log in to the U2000 client.
ii. Choose Administration > NE Software Management > Board Software
Upgrade
NOTE
By default, the DC accounts of NEs are blank, after enter the Board Software
Upgrade, the navigator tree cannot automatically filter the NE list of the subnet. You
need to configure the DC account of the NE in the DC Login User Management
(Choose Administration > NE Security Management > NE Login Management)
first, then enter the Board Software Upgrade again, the navigator tree will filter the
specific NEs.
iii. Right-click a desired NE in the navigation tree and choose Login NE from the
shortcut menu.
NOTE
You can also choose Set Login Account from the shortcut menu and set Login User
and Password in the dialog box that is displayed.
iv. Right-click the NE and choose Query Board from the shortcut menu. Then
board information about the NE is displayed.
NOTE
It may take a period of time for the board information to display, which is normal.
vi. Select the check box before the desired main control board and click
to add the board to the operation list.
vii. In the Upgrade Version field, click . The Board software setting window
is displayed.
viii. Set the software load type to Certificate and click Add Software. The Choose
File window is displayed.
NOTE
You can click Add Software to add multiple files at the same time.
ix. In the Choose File dialog box, select the CA.CRT, CERTNE.CRT,
CERTNE.KEY, and SSLCFG.KEY certificates.
NOTE
l If you want to load these certificates to the NE, please remember to copy them to
the root directory for the FTP.
l If the file path contains non-alphanumeric characters, you may fail to access the
file.
l Enter the correct IP address of the SFTP/FTP server, user name, password, and
port. Then, click . After the successful connection, you can access the files on
the FTP server. To use the FTP protocol, enter port 21. To use the SFTP (more
secure, recommended) protocol, enter port 22.
x. In the Board software setting dialog box, click OK. The upgrade software
selection is complete.
xi. Select a board in the Operation List, and click Start.
NOTE
During the process, you can click Stop to stop the loading.
xii. When the loading is complete, click Activate. The Warning dialog box is
displayed. Confirm whether to activate the software.
xiii. Click Yes to start activating the software.
xiv. After the activation, the Operation Result dialog box is displayed indicating
that the activation succeeds. Click Close.
----End
Result
If U2000 processes are properly started, the U2000 can be connected to NEs by means of
Security SSL and SSL certificates have been successfully imported.
Follow-up Procedure
After SSL certificates are successfully imported, delete certificate files from the following
directory on the U2000 server:
l Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/oss. If
the U2000 is not installed in partition /opt, change the partition in the directory accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this case, you
need to upload files to the backup directory in the FTP root directory as the ftpuser user (the
FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy files to the target
directory as the ossuser user.
l Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
CA and use it to replace the temporary certificate in the commissioning phase, to improve the
communication security of U2000. Perform the following operations to replace Security
Socket Layer (SSL) certificates used for the communication between the U2000 and NE.
Prerequisites
l You have obtained the SSL certificates and encryption passwords from a trusted institute.
– The client.p12 contains the client certificate file and key file. The password for
encrypting the file needs to be obtained.
– The server.p12 contains the server certificate file and key file. The password for
encrypting the file needs to be obtained.
– The rootCA.cer and subCA1.cer contains the files issued by the client, server, and
upper-layer system.
l Use the FTP to upload the new SSL certificate to the following directory on the U2000
server as the ossuser user before you replace the SSL certificate.
– Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/
oss. If the U2000 is not installed in partition /opt, change the partition in the directory
accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this
case, you need to upload files to the backup directory in the FTP root directory as the
ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy
files to the target directory as the ossuser user.
– Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is
not installed in partition D, change the partition in the directory accordingly.
l The SSL certificates have been backed up.
l The time between the U2000 and the NE have been synchronized.
Context
l The U2000 communicates with NEs. The U2000 is on the SSL client side and uses the
client certificate. NEs are on the SSL server side and uses the server certificate. The SSL
certificate for NEs need to be deployed through the U2000.
l The SSL certificates predeployed by huawei for the communication between the U2000
and NEs are stored in the following paths:
– In Solaris or SUSE Linux OS:/opt/oss/server/etc/ssl/nemanager/default
– In Windows OS:D:\oss\server\etc\ssl\nemanager\default
l The SSL certificate deployment for VRP8-based OSN 9800s need to see How Do I
Deploy Security Certificates for VRP8-based OSN 9800s.
l In a high availability system scheme, replace certificates on the servers of the primary
sites.
Procedure
l Replace an SSL certificate for the U2000 and NE through the GUI.
a. Log in to the MSuite client from the U2000 server. For details, see C.2.2 Logging
In to the MSuite Client.
i. In the SSL Client Cert area, click next to File Name. In the Select Certs
dialog box, select a certificate and click OK.
ii. In the SSL Client Cert area, enter the encryption password of an SSL client
identity certificate in the PFX Password text box.
iii. In the SSL Server Cert area, click next to File Name. In the Select Certs
dialog box, select a certificate and click OK.
iv. In the SSL Server Cert area, enter the encryption password of an SSL server
identity certificate in the Password text box.
e. Click the Trust Certificate tab, and click Add. In the Select Certs dialog box,
select the trust certificate and click OK.
f. Optional: Click the Certificate Revocation List tab and click Add. In the Select
Certs dialog box, select the revocation certificate and click OK.
If the SSL certificate is revoked, the U2000 cannot communicate with NEs in SSL
mode after the U2000 is restarted. Exercise caution.
i. Load these certificates to the NE using the DC board-level software and activate
them.
NOTE
By default, the DC accounts of NEs are blank, after enter the Board Software
Upgrade, the navigator tree cannot automatically filter the NE list of the subnet. You
need to configure the DC account of the NE in the DC Login User Management
(Choose Administration > NE Security Management > NE Login Management)
first, then enter the Board Software Upgrade again, the navigator tree will filter the
specific NEs.
iii. Right-click a desired NE in the navigation tree and choose Login NE from the
shortcut menu.
NOTE
You can also choose Set Login Account from the shortcut menu and set Login User
and Password in the dialog box that is displayed.
iv. Right-click the NE and choose Query Board from the shortcut menu. Then
board information about the NE is displayed.
NOTE
It may take a period of time for the board information to display, which is normal.
vi. Select the check box before the desired main control board and click
to add the board to the operation list.
vii. In the Upgrade Version field, click . The Board software setting window
is displayed.
viii. Set the software load type to Certificate and click Add Software. The Choose
File window is displayed.
NOTE
You can click Add Software to add multiple files at the same time.
ix. In the Choose File dialog box, select the CA.CRT, CERTNE.CRT,
CERTNE.KEY, and SSLCFG.KEY certificates.
NOTE
l If you want to load these certificates to the NE, please remember to copy them to
the root directory for the FTP.
l If the file path contains non-alphanumeric characters, you may fail to access the
file.
l Enter the correct IP address of the SFTP/FTP server, user name, password, and
port. Then, click . After the successful connection, you can access the files on
the FTP server. To use the FTP protocol, enter port 21. To use the SFTP (more
secure, recommended) protocol, enter port 22.
x. In the Board software setting dialog box, click OK. The upgrade software
selection is complete.
xi. Select a board in the Operation List, and click Start.
NOTE
During the process, you can click Stop to stop the loading.
xii. When the loading is complete, click Activate. The Warning dialog box is
displayed. Confirm whether to activate the software.
xiii. Click Yes to start activating the software.
xiv. After the activation, the Operation Result dialog box is displayed indicating
that the activation succeeds. Click Close.
l Replace an SSL certificate for the U2000 and NE using commands.
a. Start the identity certificate replacement script.
e. Load these certificates to the NE using the DC board-level software and activate
them.
Load certificates and activate them.
i. Log in to the U2000 client.
ii. Choose Administration > NE Software Management > Board Software
Upgrade
NOTE
By default, the DC accounts of NEs are blank, after enter the Board Software
Upgrade, the navigator tree cannot automatically filter the NE list of the subnet. You
need to configure the DC account of the NE in the DC Login User Management
(Choose Administration > NE Security Management > NE Login Management)
first, then enter the Board Software Upgrade again, the navigator tree will filter the
specific NEs.
iii. Right-click a desired NE in the navigation tree and choose Login NE from the
shortcut menu.
NOTE
You can also choose Set Login Account from the shortcut menu and set Login User
and Password in the dialog box that is displayed.
iv. Right-click the NE and choose Query Board from the shortcut menu. Then
board information about the NE is displayed.
NOTE
It may take a period of time for the board information to display, which is normal.
vi. Select the check box before the desired main control board and click
to add the board to the operation list.
vii. In the Upgrade Version field, click . The Board software setting window
is displayed.
viii. Set the software load type to Certificate and click Add Software. The Choose
File window is displayed.
NOTE
You can click Add Software to add multiple files at the same time.
ix. In the Choose File dialog box, select the CA.CRT, CERTNE.CRT,
CERTNE.KEY, and SSLCFG.KEY certificates.
NOTE
l If you want to load these certificates to the NE, please remember to copy them to
the root directory for the FTP.
l If the file path contains non-alphanumeric characters, you may fail to access the
file.
l Enter the correct IP address of the SFTP/FTP server, user name, password, and
port. Then, click . After the successful connection, you can access the files on
the FTP server. To use the FTP protocol, enter port 21. To use the SFTP (more
secure, recommended) protocol, enter port 22.
x. In the Board software setting dialog box, click OK. The upgrade software
selection is complete.
xi. Select a board in the Operation List, and click Start.
NOTE
During the process, you can click Stop to stop the loading.
xii. When the loading is complete, click Activate. The Warning dialog box is
displayed. Confirm whether to activate the software.
xiii. Click Yes to start activating the software.
xiv. After the activation, the Operation Result dialog box is displayed indicating
that the activation succeeds. Click Close.
----End
Result
Restart the U2000.
l If U2000 processes are properly started, the U2000 can be connected to NEs by means of
Security SSL and SSL certificates have been successfully loaded. You can manually
delete the backup SSL digital certificates for U2000 and NEs.
l If the U2000 process fails to start, you must replace backup certificates and save the
target certificates to the specified path.
Follow-up Procedure
After SSL certificates used for the communication between the U2000 and NE are
successfully replaced, delete certificate files from the following directory on the U2000
server:
l Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/oss. If
the U2000 is not installed in partition /opt, change the partition in the directory accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this case, you
need to upload files to the backup directory in the FTP root directory as the ftpuser user (the
FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy files to the target
directory as the ossuser user.
l Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
Prerequisites
l You have obtained the SSL certificates and encryption passwords from a trusted institute.
– The client.p12 contains the client certificate file and key file. The password for
encrypting the file needs to be obtained.
– The server.p12 contains the server certificate file and key file. The password for
encrypting the file needs to be obtained.
– The rootCA.cer and subCA1.cer contains the files issued by the client, server, and
upper-layer system.
l Use the FTP to upload the new SSL certificate to the following directory on the U2000
server as the ossuser user before you replace the SSL certificate.
– Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/
oss. If the U2000 is not installed in partition /opt, change the partition in the directory
accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this
case, you need to upload files to the backup directory in the FTP root directory as the
ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy
files to the target directory as the ossuser user.
– Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is
not installed in partition D, change the partition in the directory accordingly.
l The SSL certificates have been backed up.
Context
l The predeployed SSL certificates for the communication between the U2000 and
uTraffic are stored in the following paths:
– Solaris or SUSE Linux: /opt/oss/server/etc/ssl/solution
– Windows: D:\oss\server\etc\ssl\solution
l The certificate replacement script is stored in the /opt/oss/server/common/pms/share/
tools/ssl path (Use Solaris/SUSE Linux as an example. The path on Windows is
similar.). Run the ./replace_certs.sh command as the ossuser user in this path.
Information similar to the following is displayed:
NOTE
l -type indicates the certificate type, -file indicates the certificate path, and -pfxpass indicates
the encrypted password for the identity certificate.
l certificate type:
l 1: client identity certificate
l 2: server identity certificate
l 3: trust certificate
l 4: revocation certificate list
l certificate file: path in which the certificate is stored.
l Example:
l ./replace_certs.sh -type 1 -file client.p12 -pfxpass
l ./replace_certs.sh -type 2 -file server.p12 -pfxpass
l ./replace_certs.sh -type 3 -file trust.cer
l ./replace_certs.sh -type 4 -file revoke.crl
l To ensure the security of the system, remember to change passwords regularly and passwords
must be complex enough.
l A password cannot be short and a password is recommended containing eight or more
characters.
l At least two types of the following characters: digits, letters, and special characters
Procedure
l Replace an SSL certificate for the U2000 and uTraffic using a script.
a. Log in to the OS as the ossuser user.
b. Start the identity certificate replacement script.
n Solaris or SUSE Linux :
$ cd /opt/oss/server/common/pms/share/tools/ssl
$ ./replace_certs.sh -type certificate type -file certificate file -pfxpass
NOTE
l The identify certificates on the server and client must be replaced separately. For
example:
l replace_certs.bat -type 1 -file client.p12 -pfxpass
l replace_certs.bat -type 2 -file server.p12 -pfxpass
l To ensure the security of the system, remember to change passwords regularly and
passwords must be complex enough.
l A password cannot be short and a password is recommended containing
eight or more characters.
l At least two types of the following characters: digits, letters, and special
characters
n Windows:
>cd /d d:
> cd \oss\server\common\pms\share\tools\ssl
> replace_certs.bat -type certificate type -file certificate file -pfxpass
NOTE
l The identify certificates on the server and client must be replaced separately. For
example:
l replace_certs.bat -type 1 -file client.p12 -pfxpass
l replace_certs.bat -type 2 -file server.p12 -pfxpass
l To ensure the security of the system, remember to change passwords regularly and
passwords must be complex enough.
l A password cannot be short and a password is recommended containing
eight or more characters.
l At least two types of the following characters: digits, letters, and special
characters
c. Start the trust certificate replacement script.
n Solaris or SUSE Linux (as the ossuser user):
$ cd /opt/oss/server/common/pms/share/tools/ssl
$ ./replace_certs.sh -type certificate type -file certificate file
NOTE
For information about variables, see the background information. For example, ./
replace_certs.sh -type 3 -file trust.cer.
n Windows:
>cd /d d:
> cd \oss\server\common\pms\share\tools\ssl
> replace_certs.bat -type certificate type -file certificate file
NOTE
For information about variables, see the background information. For example,
replace_certs.bat -type 3 -file trust.cer.
d. Optional: Start the CRL configuration script.
n Solaris or SUSE Linux (as the ossuser user):
$ cd /opt/oss/server/common/pms/share/tools/ssl
$ ./replace_certs.sh -type certificate type -file certificate file
NOTE
For information about variables, see the background information. For example, ./
replace_certs.sh -type 4 -file revoke.crl.
n Windows:
>cd /d d:
> cd \oss\server\common\pms\share\tools\ssl
> replace_certs.bat -type certificate type -file certificate file
NOTE
For information about variables, see the background information. For example,
replace_certs.bat -type 4 -file revoke.crl.
e. Restart the U2000 service.
----End
Result
l If U2000 processes are properly started, the U2000 can be connected to uTraffic by
means of Security SSL and SSL certificates have been successfully loaded. You can
manually delete the backup SSL digital certificates for U2000 and uTraffic.
l If the U2000 process fails to start, you must replace backup certificates and save the
target certificates to the default certificates path.
Follow-up Procedure
After SSL certificates used for the communication between the U2000 and uTraffic are
successfully replaced, delete certificate files from the following directory on the U2000
server:
l Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/oss. If
the U2000 is not installed in partition /opt, change the partition in the directory accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this case, you
need to upload files to the backup directory in the FTP root directory as the ftpuser user (the
FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy files to the target
directory as the ossuser user.
l Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
Prerequisites
l The new SSL certificate and its encryption password have been obtained.
– client.p12 contains the client certificates and private key files. The encrypted
passwords of these files must be obtained.
– server.p12 contains the server certificates and private key files. The encrypted
passwords of these files must be obtained.
– rootCA.cer and subCA.cer indicates the trust certificate.
– revoke.crl indicates the revocation certificate, which is optional.
l Before replacing an SSL digital certificate, upload the newly applied SSL certificate to
the following directory on the U2000 server using the FTP tool (the default user is
ossuser:
– Solaris/SUSE Linux: /opt/oss/server/certs
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/
oss. If the U2000 is not installed in partition /opt, change the partition in the directory
accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this
case, you need to upload files to the backup directory in the FTP root directory as the
ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy
files to the target directory as the ossuser user.
l The directory stores only the client.p12, server.p12, rootCA.cer, subCA.cer, and
revoke.crl certificate files for the U2000 server. Do not store other files in the directory;
otherwise, the script for replacing certificates will fail to be executed.
– Windows: D:\oss\server\certs.
NOTE
l The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the
U2000 is not installed in partition D, change the partition in the directory accordingly.
l The directory stores only the client.p12, server.p12, rootCA.cer, subCA.cer, and
revoke.crl certificate files for the U2000 server. Do not store other files in the directory;
otherwise, the script for replacing certificates will fail to be executed.
l The SSL certificates have been backed up.
Context
l For details about internal ports on the U2000 server, see ports whose Authentication
Mode is Digital Certificate in the Ports for Local Processes and Ports of the
Distributed System sheets of the U2000 Communication Port Matrix.
l By default, the authentication certificates of internal ports are stored in the following
directory on the U2000 server:
– Solaris/SUSE Linux: /opt/oss/server/etc/ssl/server
– Windows: D:\oss\server\etc\ssl\server
Procedure
l For the Windows OS:
a. Log in to the OS as the administrator user.
b. Run the following command in the CLI to end the U2000 process:
> D:\oss\server\platform\bin\stopnms.bat
NOTE
The certificates can be backed up to an absolute or relative directory. The following steps
assume that the certificates are backed up to D:\backup\dbbackup\ssl.
e. Run the following command as the administrator user in the CLI to replace
certificates on the U2000 server:
> ssl_adm -cmd replace_certs -app "server" -dir D:\oss\server\certs -
oldpfxpwd Changeme_123 -newpfxpwd Changeme_123 -client
Enter the encryption password for the identity certificate based on the prompt.
NOTE
NOTE
The new encryption password for the identity certificate must meet the following
requirements:
l The password contains a minimum of 8 characters and a maximum of 20 characters.
l At least one space or one special character: `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
l At least two of the following combinations: lowercase letters a to z, uppercase letters
A to Z, and digits 0 to 9.
l The password cannot be the same as the user name or the reverse of the user name.
If the certificates fail to be replaced, resolve the problem based on the prompt and run the
following command to restore the certificates before replacing them again:
> ssl_adm -cmd restore -app "server" -backpath D:\backup\dbbackup\ssl
g. Run the following command as the administrator user in the CLI to start U2000
processes for the replacement to take effect:
> D:\oss\server\platform\bin\startnms.bat
NOTE
The certificates can be backed up to an absolute or relative directory. The following steps
assume that the certificates are backed up to /opt/backup/dbbackup/ssl.
e. Run the following command to replace the certificates used by the U2000 server (as
the ossuser user):
$ ssl_adm -cmd replace_certs -app "server" -dir /opt/oss/server/certs -
oldpfxpwd Changeme_123 -newpfxpwd Changeme_123 -client
Enter the encryption password for the identity certificate based on the prompt.
NOTE
NOTE
The new encryption password for the identity certificate must meet the following
requirements:
l The password contains a minimum of 8 characters and a maximum of 20 characters.
l At least one space or one special character: `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
l At least two of the following combinations: lowercase letters a to z, uppercase letters
A to Z, and digits 0 to 9.
l The password cannot be the same as the user name or the reverse of the user name.
If the certificates fail to be replaced, resolve the problem based on the prompt and run the
following command to restore the certificates before replacing them again:
$ ssl_adm -cmd restore -app "server" -backpath /opt/backup/
dbbackup/ssl
h. Run the following commands to start U2000 processes for the replacement to take
effect:
Single-Server System (as the ossuser user):
$ cd /opt/oss/server/platform/bin
$ ./startnms.sh
----End
Follow-up Procedure
After the SBI authentication certificate on the U2000 server are successfully replaced, delete
the certificate in the following directory on the U2000 server.
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/oss. If
the U2000 is not installed in partition /opt, change the partition in the directory accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this case, you
need to upload files to the backup directory in the FTP root directory as the ftpuser user (the
FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy files to the target
directory as the ossuser user.
l Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
Prerequisites
l You have obtained the SSL certificates and encryption passwords from a trusted institute.
– The client.p12 contains the client certificate file and key file. The password for
encrypting the file needs to be obtained.
– The server.p12 contains the server certificate file and key file. The password for
encrypting the file needs to be obtained.
– The rootCA.cer and subCA1.cer contains the files issued by the client, server, and
upper-layer system.
l Use the FTP to upload the new SSL certificate files (server.p12, rootCA.cer and
subCA1.cer) to the following directory on the U2000 server as the ossuser user before
you replace the SSL certificate of server.
– Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris or SUSE Linux OS is installed in /opt/
oss. If the U2000 is not installed in partition /opt, change the partition in the directory
accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this
case, you need to upload files to the backup directory in the FTP root directory as the
ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy
files to the target directory as the ossuser user.
– Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is
not installed in partition D, change the partition in the directory accordingly.
l The SSL certificates have been backed up.
Context
l The U2000 communicates with U2100. The U2000 is on the SSL server side and uses
the server certificate. U2100 are on the SSL client side and uses the client certificate.
l The SSL certificates predeployed by huawei for the communication between the U2000
and U2100 are stored in the following paths:
– In Solaris or SUSE Linux OS:/opt/oss/server/etc/ssl/solution/mml
– In Windows OS:D:\oss\server\etc\ssl\solution\mml
Procedure
Step 1 Log in to the MSuite client from the U2000 server. For details, see C.2.2 Logging In to the
MSuite Client.
Step 2 Choose Certificate File Management > U2100 Certificate.
Step 3 Click the Identity Certificate tab and configure the SSL Server identity certificates.
1. In the SSL Server Cert area, click next to File Name. In the Select Certs dialog
box, select a certificate and click OK.
2. In the SSL Server Cert area, enter the encryption password of an SSL server identity
certificate in the PFX Password text box.
Step 4 click OK.
Step 5 Click the Trust Certificate tab and click next to File Name. In the dialog box that is
displayed, select a trust certificate and click OK. Then click Add.
----End
Result
Restart the U2000.
l If U2000 processes are properly started, the U2000 can be connected to U2100 by means
of Security SSL and SSL certificates have been successfully loaded. You can manually
delete the backup SSL digital certificates for U2000 and U2100.
l If the U2000 process fails to start, you must replace backup certificates and save the
target certificates to the specified path.
Follow-up Procedure
After SSL certificates used for the communication between the U2000 and U2100 are
successfully replaced, delete certificate files from the following directory on the U2000
server:
l Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris or SUSE Linux OS is installed in /opt/oss. If
the U2000 is not installed in partition /opt, change the partition in the directory accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this case, you
need to upload files to the backup directory in the FTP root directory as the ftpuser user (the
FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy files to the target
directory as the ossuser user.
l Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
Context
The trust certificate preconfigured by Huawei consists of the root certificate
huaweiossCA.crt and intermediate certificate networkossCA.crt. All of the certificates need
to be deployed on the Internet Explorer.
Procedure
Step 1 Open the Internet Explorer of the U2000 client and choose Tool > Internet Options from the
main menu.
Step 2 In the Internet Options dialog box, select Content tab and click Certificates.
Step 3 In the Certificates dialog box, deploy the root certificate huaweiossCA.crt.
1. Select the Trusted Root Certification Authorities tab and click Import.
2. In the Certificate Import Wizard dialog box, click Next.
3. Click Browse..., select the trusted root certificate huaweiossCA.crt, and click Next.
NOTE
The trust root certificate preconfigured by Huawei, huaweiossCA.crt , is stored in the oss\client
\client\style\defaultstyle\conf\ssl\trust\PEM directory.
4. Click Next, and then click Finish.
5. In the Security Warning dialog box that is displayed, click Yes.
6. In the Certificate Import Wizard dialog box, click OK.
NOTE
----End
Follow-up Procedure
l If the U2000 GUI is displayed abnormally, the SSL certificate fails to be uploaded. Refer
to the preceding operations to redeploy a digital certificate.
l If the dialog which prompted you need trusted certification is displayed in the U2000 NE
management, right-click Continue to this website (not recommended), and then click
Open in the New Window. In the dialog box that is displayed, click OK. If the Security
Alert dialog box for the installation certificate is displayed, click OK to display the
current function GUI. After finish the operation, the U2000 GUI will display normally.
Prerequisites
The OpenSSL is installed on the Windows machine on which the .p12 certificate file is to be
modified. You can go to http://code.google.com/p/openssl-for-windows/downloads/list and
select a desired version based on the system model on the machine to download the OpenSSL.
Context
l The .p12 certificate files are downloaded to the Windows machine on which the
OpenSSL is installed for password modification. After the password is modified, upload
the .p12 certificate file to directory to replace the old certificate file. The Huawei
predeployed certificate used by the U2000 server is used as an example to describe how
to modify the password of the .p12 certificate file. On Solaris or SUSE Linux, you need
to use SFTP to download the Huawei predeployed certificate file to be modified to the
Windows OS, modify the password, and then upload the new certificate file and replace
the old certificate file. The permission value of the new certificate file must be 600, and
the owner is ossuser and the group is ossgroup.
l To modify the password of the SSL certificate predeployed by huawei for the MSuite
server and client, you must replace the certificate. The password is automatically
modified during certificate replacement. For details, see Replacing SSL Certificates
Used for the U2000 Server.
Procedure
Step 1 Modify the password of the .p12 certificate file predeployed by huawei on the U2000 server.
1. Log in to the Windows server as the administrator.
2. Download the server.p12 certificate file predeployed on the U2000 server to a directory
on the Windows machine, such as D:\ssl.
NOTE
The Huawei predeployed certificate used by the U2000 server is default stored in the following
directory:
– Solaris or SUSE Linux: /opt/oss/server/etc/ssl/keyStore/PFX
– Windows: D:\oss\server\etc\ssl\keyStore\PFX
3. Choose Start > Run, enter cmd and click OK.
4. In the CLI, switch to the directory the certificate file is stored.
>cd /d D:\ssl
5. Back up the .p12 file.
>copy server.p12 server.p12.bak
6. Add the directory in which the executable file of the OpenSSL is stored to the path.
>set path=openssl_path;%PATH%
NOTE
openssl_path specifies the directory in which the executable file openssl.exe of the OpenSSL is
stored.
7. Convert the .p12 file to the .pem temporary file.
>openssl pkcs12 -in server.p12 -out temp.pem
Enter the password of the server.p12, the pass phrase of the temp.pem files and the
confirmation pass phrase as prompted. Information similar to the following is displayed:
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
NOTE
NOTE
– The temp.pem file is a temporary file which is converted from the server.p12 file. The
server.p12 file is the newly generated certificate file.
– The password of the server.p12 file must meet password complexity requirements. For
example, the password must contain less than eight characters and contains at least two of the
following types of characters: upper-case letter, lower-case letter, digit, special charater.
9. Rename the server_key.pem file in the U2000 server installation directory D:\oss
\server\etc\ssl\privatekey\PEM\ as server_key.pem.bak, copy the temporary file
temp.pem to the D:\oss\server\etc\ssl\privatekey\PEM\ directory, and remane the
temp.pem file as server_key.pem.
NOTE
If the U2000 server uses Solaris or SUSE Linux OS, log in to the server as the ossuser user, upload the
temp.pem file to the /opt/oss/server/etc/ssl/privatekey/PEM directory in binary mode (for example,
by using FTP), and run the following commands:
$ cd /opt/oss/server/etc/ssl/privatekey/PEM
$ cp -p server_key.pem server key.pem.bak
$ mv temp.pem server_key.pem
$ chown ossuser:ossgroup server_key.pem
$ chmod 600 server_key.pem
10. Upload the server.p12 file in which the password is modified to the default server.p12
file path on the U2000 server.
Step 2 Configure the cipher-text password of the .p12 certificate file on the server to the
configuration file.
1. Log in to the U2000 server.
– Windows: Log in to the server as the administrator.
– Solaris/SUSE Linux: Log in to the server as the ossuser user.
2. Configure the ciphertext of the new password to the configuration file
CertificateConfig.xml.
– Windows:
>ssl_adm -cmd setpassword newpassword
– Solaris/SUSE Linux:
$ssl_adm -cmd setpassword newpassword
NOTE
– newpassword specifies the new password of the server.p12 file which is configured in Step 1.
– For other certificate directories in the etc/ssl path, you must use the ssl_adm -cmd
setpassword -app appname newpassword command to configure the ciphertext password of
the certificate to the configuration file. The appname specifies the name of the directory in
which the certificate is stored.
Step 4 Modify the password of the certificate file client.p12 on the client. The modification
procedure on the client is similar to that on the server. For details, see Step 1.
NOTE
The Huawei predeployed certificate used by the U2000 client is default stored in the following directory:
client\client\style\defaultstyle\conf\ssl\keyStore\PFX
Step 5 Configure the cipher-text password of the .p12 certificate file on the client to the
configuration file.
1. Start the certificate configuration tool.
Double-click the CertConfigurator.bat script in the U2000 client installation directory
client\client\bin and access the certificate configuration window.
2. In the Certificate Configuration window, click the ... buton next to File Name on the
Identity Certificate tab and select the certificate file to be configured.
The path in which the file is stored is displayed in the File Name.
3. Enter the password of the identity certificate in PFX Password and click OK.
----End
Follow-up Procedure
After the certificate password is modified and the ciphertext password is set in the
configuration file, delete the backup certificate file and the .pem file that is generated
temporarily.
Context
The U2000 verifies the validities of the MSuite Certificate, Internal NMS Certificate, SBI
Certificate, Other Certificate, and NBI CORBA Certificate and NBI XML Certificate by
default.
Procedure
Step 1 Log in to the MSuite. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 Choose Certificate File Management > Certificate Validity Period Check.
Step 3 In the dialog box that is displayed, select Check certificate validity period and set Check
period and Threshold for overdue alarm.
NOTE
l The default values of Check period and Threshold for overdue alarm are 1 day and 30 days.
l Threshold for overdue alarm specifies the number of days before a certificate expires and an alarm
indicating that the certificate expires is reported.
----End
Result
After the configuration is performed, the U2000 regularly checks the certificate validity. If the
number of days a certificate keeps available is smaller than that before the certificate expires,
an alarm is reported, reminding users of updating the certificate in time.
Overview
l SSL certificate: a digital certificate configured on the server, which is also called the SSL
server certificate. It is used to improve U2000 security by providing identity
authentication for communication between the U2000 and peripheral systems.
l DH: stands for Diffie-Hellman and is an asymmetric encryption algorithm used by the
SSL certificate.
Usage Scenario
U2000 For newly installed U2000 V200R015C60 or later, the DH value length on
installation the SSL server is 2048 bits by default.
Table C-8 Modifying the DH parameter in the SSL certificate in U2000 interconnection
scenarios
Scenari Description Operation SSL Certificate
o Path
Modification Method
l In CLI mode:
– For the Windows OS:
i. Log in to the OS as administrator.
ii. Run the following command to change the SSL certificate key length:
> cd /d D:\oss\server\tools\ssltool
> python ModifySSLDH.py ssl/XXX/option.xml -2048/-1024
NOTE
NOTE
Prerequisites
Ensure that the U2000 database server is running properly.
Before modifying configuration items, ensure that you have understood the details and
modification effects on every configuration item. The modification of some configuration
items results in a restart of processes, and this may interrupt the monitoring.
Context
The tool supports the modification only of certain common configuration items. For details
about more configuration items, submit application to Huawei.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 Choose Tools > Config Manager from the main menu.
The Config Manager dialog box is displayed, and all configuration items are displayed by
default.
Step 3 Optional: Click Filter, set the filter criteria and click OK to query the information about the
required configuration items.
Step 4 In the Config Manager dialog box, double-click a configuration item. In the Modify Config
Value dialog box, change the value of the configuration item.
NOTE
To view the information about operation failures, navigate to the directory oss\client\logs\deploy
\bundlelog and open the Unitedmgr_client.log file.
----End
SNMPCollector
AGG_MIN_ Dm, PMSDm,
Enable Min Max Aggregation Or
PM MAX_ENA 0 BulkCollectorD
Not. 0-No, 1-Yes, default is 0.
BLE m,
PMDataRefiner
AUTO_INS
TANCE_SY
PM 00:00 Provide the time in HH:MM format PMSDm
NCRONIZA
TION
DATA_LIFE
_CYCLE_A Timer interval for taking the auto
UTO_DUM Dump.Minimim Interval is 1 and
PM 4 PMSDm
P_TIMER_I Maximum Interval is 24.Timer
NTERVAL_ Interval is in Hours
HRS
DUMP_FIL
E_STORE_ Number of days data to keep in hard
PM 7 PMSDm
DAYS_NU drive after backup
M
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
ENABLE_R
Enable Remote manager Or Not. 0-
PM EMOTEMG 0 PMSDm
No, 1-Yes, default is 0.
R
INST_COL
Max. batch size in monitoring
PM L_CREATE 300 PMSDm
instance creation
_BATCH
LIFE_CYCL
Delay after each delete operation (in
PM E_OPER_IN 1 PMSDm
seconds)
TERVAL
PMSDm,BulkC
Maximum time after which day
MaxLargeTa ollectorDm,SN
PM 30 granularity tables will get split
bleDay MPCollectorD
( days )
M
PMSDm,BulkC
Maximum time after which
MaxMedium ollectorDm,SN
PM 4 granularity 60 min tables will get
TableDay MPCollectorD
split ( days )
M
PMSDm,BulkC
MaxTableDa Maximum time after which the ollectorDm,SN
PM 1
y tables will get split ( days ) MPCollectorD
M
RouterMgrDm,
IPCOMMO ,Whether to start scheduled polling. FrameSWMgrD
IP_BA
N_SYNC_P 1 The value 1 indicates that scheduled m,BoxSWMgrD
SE
ollEnable polling will be started. m,SecurityMgr
Dm
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
RouterMgrDm,
IPCOMMO
FrameSWMgrD
IP_BA N_QVShort 18000 Duration of polling all devices, in
m,BoxSWMgrD
SE _Poll_Interv 0 milliseconds
m,SecurityMgr
al
Dm
RouterMgrDm,
IPCOMMO
Time when a polling tasks is started. FrameSWMgrD
IP_BA N_SYNC_P
1 The value is an integer between 0 m,BoxSWMgrD
SE OLLTIMES
and 24 m,SecurityMgr
TART
Dm
RouterMgrDm,
IPCOMMO
Duration of executing a polling FrameSWMgrD
IP_BA N_SYNC_P
3 task, in hours. The value is an m,BoxSWMgrD
SE OLLTIMEL
integer between 0 and 24. m,SecurityMgr
AST
Dm
IPCOMMO RouterMgrDm,
N_DEVSYN Time to wait before configuration FrameSWMgrD
IP_BA
C_REBOOT 30 synchronization after a device is m,BoxSWMgrD
SE
_INTERVA restarted. m,SecurityMgr
L Dm
RouterMgrDm,
IPCOMMO FrameSWMgrD
IP_BA ,Number of devices to which a
N_SYNC_P 2 m,BoxSWMgrD
SE polling task is applied
ollNum m,SecurityMgr
Dm
RouterMgrDm,
IPCOMMO FrameSWMgrD
IP_BA Interval for detecting polling tasks,
N_SYNC_P 30 m,BoxSWMgrD
SE in seconds.
ollInterval m,SecurityMgr
Dm
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
IPCOMMO
IP_BA N_SYNC_D Whether to enable historical RouterMgrDm_
0
SE YNAMIC_R resources 1
ELY
RouterMgrDm,
EML_ROU
FrameSWMgrD
IP_BA TER_RPT_ Interval of the Qasn informing and
3 m,BoxSWMgrD
SE DELAY_TI reporting(unit : s, range: 0-30)
m,SecurityMgr
ME
Dm
RouterMgrDm,
LDP_TUNN FrameSWMgrD
IP_BA LDP virtual Tunnel switch <0:close
EL_SWITC 0 m,BoxSWMgrD
SE 1:open>.
H_STATUS m,SecurityMgr
Dm
CONFIG_C
This item specifies whether service
OMMON_I
Nml_ip 0 authority is enabled. 1: yes 0: Nml_ip
S_AUTHEN
no(default)
ABLED
CONFIG_E
VENT_PAN Display Event In Panel Enable 1:
Nml_ip 0 Nml_ip
EL_ENABL yes 0: no(default)
E
PMSDm,BulkC
Maximum size of the table i.e. No
MaxTableSi 50000 ollectorDm,SN
PM of Data Recorrds in one table
ze 00 MPCollectorD
should be
M
ENABLE_K
Enable KPI Adaptation or not. 0-
PM PI_ADAPT 0 TXTNBIDm
No, 1-Yes, default is 0
ATION
NO_OF_IN
Number of instance for which trend
PM ST_AT_TIM 1000 PMDataRefiner
caculation is required at a time
E
5,10,1
periods PMS support( mins ).
PM PERIODS 5,30,6 TXTNBIDm
comma separated list
0,1440
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PMS_MAXI
MUM_ACT Maximum number of Trend
PM 2000 PMSDm
IVE_TREN instances in PMS
D_LIMIT
PM_DATA_
BACKUP_F Maximum Size of the PM DATA
PM 2 PMSDm
OLDER_M store Folder in GB
AX_SIZE
TREND_AV
Number of days used in calculation
PM G_CALC_D 14 PMSDm
of trend average
AYS
TREND_FO
PM RMULA_T 2 Formula type PMDataRefiner
YPE
TREND_NV
PM 10 fixed value PMDataRefiner
ALUE
PMS_AGG
Data Aggregation Loading enable
REGATION SNMPCollector
PM 0 switch, 0 - No Loading at
_LOADING Dm
SNMPStartup , 1 - Loading
_ENABLE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
SYNCH_RE
S_FOR_AU Synchronize snmp auto task
PM 02:07 PMSDm
TO_TASK_ resource time(server time)
TIME
ENABLE_R
Resource Type Level Task Default
ESTYPE_L
PM 0 is disabled. 0 - Disable ,1 - Enable. PMSDm
EVEL_TAS
Default value is disabled.
K
ENABLE_
Enable mend reason or not . 0-
PM MEND_RE 1 PMSDm
disable, 1-enable
ASON
IPBULK_D
IPBulk Device file delete or not.0 -
PM ELETE_DE 1 PMSDm
Delete,1 - Not Delete
VICE_FILE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NPMS_AUT
O_SYNCH_ NPMS Auto Synch time in 24 hour
PM 04:30 PMSDm
START_TI format
ME
TREND_SU PMDataRefiner,
Enable Trend computation Or Not.
PM PPORTED_ 0 PMSDm,SNMP
0-No, 1-Yes, default is 0.
OR_NOT CollectorDM
PM_SERVE
Enable Manager VPN Mode(1 or BulkCollectorD
PM R_VPN_TY 0
0). 0-No, 1-Yes, default is 0. m
PE
ENABLE_A
UTO_SYNC Enable auto synch for manual
PM H_FOR_MA 0 instance or not. 0-No, 1-Yes, default PMSDm
NUAL_INS is 0.
T
/var/p
ms/
SYNCH_FI this path is for NM to create
PM staticd PMResMgr
LE_PATH staticdata zip file
atasyn
ch
SUPPORT_
Whether require support 1 min SNMPCollector
PM 1MIN_COL 0
collection. 0-No, 1-Yes, default is 0. Dm
LECTION
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
STATICDAT
Timer's task interval when
A_SYNC_T PMDataSynchro
PM 1 synchronizing static data between
IMER_INTE nizer
NM and EMs, its units is day
RVAL
UNICAST_I
PFPM_OA switch for Unicast IPFPM OAM
PM 0 PMSDm
M_ENABL NODE, 0 is disable, other is enable
E
MULTICAS
T_IPFPM_O switch for Multicast IPFPM OAM
PM 0 PMSDm
AM_ENAB NODE, 0 is disable, other is enable
LE
PM_SERVI
Service Type Name for URL based
PM CE_TYPE_ pm PMSDm
Jump
NAME
PM_DATAF
ILE_THRE Thread count of parse Performance PMDataSynchro
PM 1
AD_NUMB file nizer
ER
PMSDm,BulkC
SNMPOVE
time out for SNMPOverQx ollectorDm,SN
PM RQX_TIME 10000
Operation (ms) MPCollectorD
_OUT
M
PMSDm,BulkC
SNMPOVE
retry counts for SNMPOverQx ollectorDm,SN
PM RQX_RETR 3
Operation MPCollectorD
Y_COUNT
M
DLM_FILE
DLM file scan is enabled or not. 0- BulkCollectorD
PM _SCAN_NE 1
No, 1-Yes, default is 1. m
EDED
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
UTRAFFIC
uTraffic Extended QX device info
_NEED_EX
PM 1 required or not 0 :not required PMSDm
T_QX_DEV
1 :required
_INFO
NO_OF_TA
R_FILES_T
O_BE_DEL TAR file number deleted when BulkCollectorD
PM 5
ETED_LO space is low m,TXTNBIDm
WDISK_SP
ACE
PMS_WHE
THER_TO_
Whether to delete rambo temple file BulkCollectorD
PM DELETE_R 0
or not. 0-No, 1-Yes, default is 0. m
AMBO_TE
MPFILE
Router
,
Switch
SCRIPTUP ,VMF,
List of TDTs supporting script
PM GRADE_TD Router PMSDm
upgrade
T_LIST PTN69
00,IM
AP_T
DT
PMS_TWA
TWAMP Feature 0 - Set on Both, 1
MP_SET_S
PM 0 - Set on Source Device only, 2 - Set PMSDm
OURCE_OR
on Destination device only
_DEST
PM_SERVE
R_VPN_TY Enable Manager VPN Mode for
PM 1 PMSDm
PE_PTN790 PTN7900. 0-No, 1-Yes, default is 1.
0
ENABLE_D
Enable Dump to File Or Not, 1 -
PM UMP_TO_F 0 PMSDm
Enable and 0 - Disable
ILE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
ALLOW_D
1044,3 The list of member resource type
ELETION_
010,69 which allow deletion operation in
PM MEMBER_ PMSDm
1044,6 composite resource. Separate by
RESOURCE
93010 comma.
_TYPE
BYPASS_M
EMBER_A
DATION_F Enable Synchronization for member
PM OR_RESTY 0 instance addion Or Not, 1 - Enable PMSDm
PES_DURI and 0 - Disable
NG_SYNC_
ENABLE
/
export/
PMCO home/
BASE_DIR_
LLECT nbinh2 Path for provisio file generation TXTNBIDm
PROVISIO
OR 1/
provisi
o/
/
export/
PMCO
BASE_DIR_ home/ BulkCollectorD
LLECT Path for Rambo file generation
RAMBO nbiram m
OR
bo/
rambo/
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
/
export/
PMCO BASE_RA home/
BulkCollectorD
LLECT MBOTEMP nbiram Path for Rambo temp file generation
m
OR _PATH bo/
tempfil
e/
PMCO BULK_FIL
Checking interval for checking local BulkCollectorD
LLECT E_CHECK_ 1
directory. In seconds m
OR INTERVAL
PMCO
U2000 EMS ID for iManager U2000. It is BulkCollectorD
LLECT EmsID
BMS used for DLM NB file names m
OR
/
export/
PMCO FILELIST_S home/
Path to generate FileList.txt for
LLECT AVED_PAT nbinh2 TXTNBIDm
Provisio files
OR H 1/
provisi
o/
PMDAP_A
PMCO PMDataAggreg
GG_TIME_ Aggregating time every day in
LLECT 12:00 ationProcessorD
EVERYDA HH:MM format
OR m
Y
PMS_DLM_
PMCO Data Storage Mode for DLM.
DATA_STO BulkCollectorD
LLECT 1 1:FILE MODE,2:DATABSE
RAGE_MO m
OR MODE
DE
PMS_NB_D
ATE_TIME_
PMCO DATE_TIME display mode for
USING_DE BulkCollectorD
LLECT 0 data, 1: using Device time, 0: using
VICE_TIME m
OR NMS time. The default value is 0
_OR_NMS_
TIME
PMS_NB_D
PMCO LM_DATA_ the delay seconds to get file from
BulkCollectorD
LLECT COLLECTI 180 device ,the default value is 60
m
OR ON_DEALY seconds.
_SECONDS
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PMS_NB_D
PMCO LM_GENE how long ( in mins ) the DLM file
BulkCollectorD
LLECT RATE_DEL 50 will generate after 1 hour, for
m
OR AY_TIME_ example if 0:50 it will be 50
MINS
PMS_NB_D
For Old data files to be deleted if
PMCO LM_OLD_F
exceeding following number of BulkCollectorD
LLECT ILE_DELET 03
days.default value is 3 days , It m
OR ION_DAYS
should be more than 0.
_LIMIT
PMS_NB_D
LM_SET_T
PMCO
ASK_RUN Value in Minutes. The default value BulkCollectorD
LLECT 7
NING_MIN is 7 m
OR
S_BEFORE
_HOUR
PMS_NB_D
LM_WHET is used to Enable/Disable
PMCO
HER_TO_D functionality of deleting OLD DLM BulkCollectorD
LLECT 0
ELETE_OL CSV Files.values: 0 - Disabled,1 or m
OR
D_CSV_FIL any other number - Enabled
E
PMS_NB_D
PMCO LM_WHET
Whether to delete the DLM device BulkCollectorD
LLECT HER_TO_D 1
temp file. 0-No, 1-Yes, default is 1. m
OR ELETE_TE
MP_FILE
PMS_NB_P
ROVISIO_O For Old data files to be deleted if
PMCO
LD_FILE_D exceeding following number of
LLECT 05 TXTNBIDm
ELETION_ days.default value is 3 days , It
OR
DAYS_LIM should be more than 0
IT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PMCO
Supplier ID for Huawei. It is used BulkCollectorD
LLECT SupplierID HUW
for DLM NB file names m
OR
PMCO
TMPDIR_D Maximum days to keep temporary BulkCollectorD
LLECT 2
EL_DAYS files from device m
OR
PMCO
TMPDIR_D Time to delete temporary files from BulkCollectorD
LLECT 01:00
EL_TIME device m
OR
PMS_Y1731
PMCO _WHETHE Whether to delete the Y1731
BulkCollectorD
LLECT R_TO_DEL 1 temporary device files. 0-No, 1-Yes,
m
OR ETE_TEMP default is 1.
_FILE
Y1731
PMCO PW_FTPDA
_DEF directory to store the temporary BulkCollectorD
LLECT TA_TMP_D
AULT device files from device for y1731 m
OR IR
_DIR
PMS_NB_D
whether to DLM bulk DATA
PMCO LM_BULK_
MENDING feature is on/OFF,0 is BulkCollectorD
LLECT DATA_ME 0
disable(default), 1 is enable, PMS m
OR NDING_SU
will mend the data for last 3 hours.
PPORTED
PMCO
FTP_BASE_ BulkCollectorD
LLECT y1731 Ftp server base directory on device
DIR m
OR
PMCO
PW_BULK_ For PW config enable. 0-No, 1-Yes, BulkCollectorD
LLECT 1
CONFIG default is 1. m
OR
PMCO PW_BULK_
BulkCollectorD
LLECT COLLECT_ 15 For bulk file collected period
m
OR PERIOD
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PMCO VRP_DATA
Data Insert Mode 1- FILE MODE BulkCollectorD
LLECT _INSERT_ 2
2- DATABASE MODE m
OR MODE
PMS_NB_X
XLIN old tar Deletion Timer
PMCO LIN_TAR_
Time,This should be in the format BulkCollectorD
LLECT DELETION 04
HH in 24 hour format. Here default m
OR _TIMER_TI
given is 04.
ME
PMS_NB_X
For Old XLIN OSS NBI tar files to
PMCO LIN_TAR_
be deleted if exceeding following BulkCollectorD
LLECT DELETION 02
number of days.default value is 2 m
OR _DAYS_LI
days,It should be more than 0.
MIT
PMS_NB_X
XLIN old ftp folder Deletion Timer
PMCO LIN_OLD_
Time,This should be in the format BulkCollectorD
LLECT DIR_DELE 18
HH in 24 hour format. Here default m
OR TION_TIM
given is 18.
E
PMS_NB_X
For Old XLIN ftp folders to be
PMCO LIN_OLD_
deleted if exceeding following BulkCollectorD
LLECT DIR_DELE 02
number of days.default value is 2 m
OR TION_DAY
days,It should be more than 0.
S
PMS_NB_X
LIN_WHET is used to Enable/Disable
PMCO
HER_TO_D functionality of deleting OLD XLIN BulkCollectorD
LLECT 0
ELETE_XLI Tar Files.values: 0 - Disabled,1 or m
OR
N_TAR_FIL any other number - Enabled.
E
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PMS_NB_P
PNM old ftp folder Deletion Timer
PMCO NM_OLD_
Time,This should be in the format BulkCollectorD
LLECT DIR_DELE 18
HH in 24 hour format. Here default m
OR TION_TIM
given is 18.
E
PMS_NB_P
For Old PNM ftp folders to be
PMCO NM_OLD_
deleted if exceeding following BulkCollectorD
LLECT DIR_DELE 02
number of days.default value is 2 m
OR TION_DAY
days,It should be more than 0.
S
LIC_ALLO
United license exceed switch(0:Disable,
W_EXCEE 1 UniteUitlDM
Mgr 1:Enable)
D
ADSL2+_S
ACCE Support ADSL2+ line test (0: No, 1:
PEED_FOR 0 BmsTest
SS Yes)
ECAST
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
ADSL_ACT
IVE_DEAC
ACCE Activate and deactivate ADSL ports
TIVE_IGNO 1 TL1NBiDm
SS repeatedly (0: No, 1: Yes)
RE_ERROR
_SWITCH
AG_CHEC
BmsAccess,
ACCE K_H248_AL The interal of check H248
0 BmsCommon,
SS ARM_INTE Alarm(unit:min 0:not check)
FaultService
RVAL
ALARM_A
ACCE Alarm Add ONU NAME Switch(0
DD_ONUN 0 TrapReceiver
SS disable,1 enable,default 0)
AME
ALARM_SE
ACCE Report device alarms (0: No, 1:
ND_SWITC 0 BmsAccess
SS Yes)
H
ALARM_SP
ACCE T_DEV_MA Alarms can be cleared in the NE
0 TrapReceiver
SS NUAL_CLE CLI.(0:disable,1:enable)
AR
AUTO_AD
ACCE Switch of auto add device by
D_DEV_BY 0 BmsAccess
SS trap(0:disable,1:enable)
_TRAP
AUTO_BO
ACCE ARDCONFI Automatically confirm boards (0:
0 BmsAccess
SS RM_SWITC No, 1: Yes)
H
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
When
BMS_TL1_ALARM_SWITCH is 1
AddAuthInf BmsPonEmsTL
or 2, if the switch is enabled, NMS
ACCE oToAlarmLo 1 and
0 will add AUTHINFO to POSITION
SS cationAtPon BmsPonAlarmT
at PON TL1 when addtion has auth
TL1ForCT L1
info. <0: Disable 1:
Enable>(Default: 0)
Switch of compatibility(0:
ACCE BMSNBiVer TL1NBiDm,
0 Enumerated character string, 1:
SS sion inTL1NBiDm
Enumerated number)
BMS_CHIN BmsAccess,TL1
ACCE China Mobile Response Format
AMOBILE_ 0 NBiDm,BmsPo
SS Switch(0: No, 1: Yes)
RSPFMT nEmsTL1
BMS_COPY
ACCE PON Service Handover (0: No, 1:
_BUSINESS 0 BmsAccess
SS Yes)
_SWITCH
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
BMS_DELA
ACCE YRETURN_ Delay after active a VSDL2 port for
0 TL1NBiDm
SS ACT_RESU TL1(unit: ms, 0 indicates no delay)
LT
BMS_DELA
Delay after deactive a VSDL2 port
ACCE YRETURN_
0 for TL1 (unit: ms, 0 indicates no TL1NBiDm
SS DACT_RES
delay)
ULT
BMS_NEIM BmsAccess,
POS Format Switch(0: name like
ACCE ENG_MOBI TL1NBiDm,
0 OLT Name-PosID-Proportion,
SS LE_POSFM BmsPonEmsTL
1:name use the GUI name)
T 1
BMS_NOTI
ACCE FY_ENABL Notify NBI Function Swtich (0: No,
0 BmsAccess
SS E_NBI_SWI 1: Yes)
TCH
BMS_TL1_
Command word change flag for BmsPonEmsTL
ACCE ALARM_F
0 Telecom PON alarm NBI: 1,BmsPonAlarm
SS ORMAT_N
1=Enable, 0=Disable TL1
EW
BMS_TL1_
ACCE Record operations logs for the TL1
OPERLOG_ 1 BmsAccess
SS NBI (0: No, 1: Yes)
SWITCH
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
BMS_USER
UserLabel is consistent between
ACCE LABEL_CO
0 NMS and devices (0: Disabled, 1: BmsAccess
SS NSISTENC
Enabled)
Y_TYPE
BMS_USER
ACCE
LABEL_IS_ 1 Use UserLabel (0: No, 1: Yes) BmsAccess
SS
USED
CMTS_REP
The content of Frame Position
ACCE ORT_FRAM
Name displayed.(Name UserLabel BmsAccess
SS E_POSITIO
Memo.Default:Name)
N
CMTS_REP
ACCE The max rate of ports.unit:M.-1
ORT_MAX_ -1 BmsAccess
SS means invalid value.(default:-1)
RATE
BmsAccess,Bm
DEV_ERRO sCommon,inbx
ACCE tolerance switch for error of
R_TOLERA 0 mlsoap_agent,T
SS device(0:disable, 1:enable)
NCE L1NBiDm,inTL
1NBiDm
DEV_SYSN
ACCE AME_CON Use the device name as the name of
0 BmsAccess
SS TROL_SWI a new NE (0: No, 1: Yes)
TCH
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
ACCE ENCODING
UTF-8 Server Encoding Mode BmsAccess
SS _MODE
ETHOAM_
ACCE Use the standard ETH OAM
STANDAR 1 BmsAccess
SS protocol (0: No, 1: Yes)
D_SWITCH
FRAMEPO
ACCE Synchornize NE data by priority (0:
LL_IS_NEE 0 BmsAccess
SS No, 1: Yes)
D_SUP_PRI
GDM_ADD
ACCE _DEV_ENV Is using SNMPv3 as default(0: No,
1 BmsAccess
SS IRONMENT 1: Yes)
_SWITCH
GPON_POL
If modify password to loid when
ACCE L_MODIFY
0 poll (1:modify,others:not BmsAccess
SS _PASSWOR
modify,default 0)
D2LOID
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
IS_NEED_T
O_REFRES The switch specifies whether the
ACCE H_SP_ACC sliding window refreshes service
0 BmsAccess
SS ORDING_T port data based on the search
O_GRANU granularity(0: off, 1: on)
LARITY
IS_POLL_R BmsPonEmsTL
ACCE ESULT_NE Report synchronization results to 1 and
0
SS ED_NOTIF the NBI(0: No, 1: Yes) (default 0) BmsPonAlarmT
Y_NB L1
BmsAccess,
IS_SHORT_
ACCE Does Show Short Type Name of TL1NBiDm,
ONT_TYPE 1
SS ONT(0: No, 1: Yes) BmsPonEmsTL
_NAME
1
LST_DEV_
ACCE LST-DEV Show Alarm Level In
DSTAT_FU 0 TL1NBiDm
SS DSTAT Switch (0: No, 1: Yes)
NCTION
TL1NBiDm,
ACCE
LoadOffline 0 Offline switch(0: off, 1: on) BmsPonEmsTL
SS
1
MAIN_BAC
KUP_SITE_ 127.0. The IP for Primary and backup
ACCE BmsAccess,Bm
EM_IPADD 0.1,12 server, just for configuring the
SS sCommon
R_MAPPIN 7.0.0.1 traphost ip.
G
MANAGE_
ACCE Switch of fan frame manageing.
FANFRAM 0 BmsAccess
SS (0:disable,1:enable)(default 0)
E_SWITCH
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
MXU_PRE_
ACCE Optimize MxU pre-
DEPLOY_P 0 BmsAccess
SS deployment(0:disable,1:enable)
ERF_OPT
MXU_UNI_
ACCE The E1 port number of the pre
PORT_COU 0 BmsAccess
SS deployment MDU (default 0)
NT_OF_E1
NBI_INVE
Format of the file to which
ACCE NTORY_D
2 inventory data is exported through TL1NBiDm
SS UMP_VERS
the TL1 NBI (2: 2.0, 3: 3.0, 4: 4.0)
ION
NE_FTP_S
ACCE The EMS flag of synchronization BmsAccess,
YNC_EMS_ a
SS with the NE by FTP ([a,c]) BmsCommon
FLAG
NE_NMS_A
ACCE Alarm Relation Swtich (0: No, 1:
LRAM_REL 0 BmsAccess
SS Yes)
ATION
NMS_SYN
Indicates the way in which the NMS
ACCE C_NE_DAT BmsAccess,
0 synchronizes data from NEs. (0:
SS A_PROTOC BmsCommon
file, 1: SNMP)
OL
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
ONUFREE_
ACCE CHECK_O Switch of check ONU for onufree.
0 BmsAccess
SS NU_SWITC (0:disable,1:enable)(default 0)
H
BmsAccess,TL1
ACCE PCCWVER PCCW Version Switch(0: Disabled,
0 NBiDm,BmsCo
SS SION 1: Enabled)
mmon
PING_OPE
ACCE MxU connectivity check by OLT
N_MXUAG 0 BmsAccess
SS agent (0: Disabled, 1: Enabled)
ENT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PING_PRE
CFG_MXU_ Indicates the interval at which the
ACCE RELOAD_H U2000 checks for the pre-
30 BmsAccess
SS AS_PREMD deployment status change of
U_POOL_O MDUs.unit:min range(>0)
K
POLL_ADS
ACCE Synchronize ADSL port status (0:
L_PORTST 0 BmsAccess
SS No, 1: Yes)
ATE
POLL_SHD
ACCE Synchronize SHDSL port status (0:
SL_PORTS 0 BmsAccess
SS No, 1: Yes)
TATE
POLL_SUB
ACCE Minimum concurrency of NE data
SEQUENT_ 1 BmsAccess
SS synchronization (> 0)
NUM
POLL_SUB
ACCE Synchronize NE data concurrently
SEQUENT_ 0 BmsAccess
SS (0: No, 1: Yes)
SWITCH
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
POLL_VDS
ACCE Synchronize VDSL2 port status (0:
L2_PORTST 0 BmsAccess
SS No, 1: Yes)
ATE
OFF:D
SLAM
=MA5
100V1
/
MA51
00V2/
MA53
00V1/
MA56 The output parameter DTYPE of the
PONTL1_A
00V3/ PON TL1 NBI supports two more
LARM_RO BmsPonEmsTL
ACCE UA50 options: DSLAM and AG(switch is
LETYPE_O 1,BmsPonAlarm
SS 00(IP ON or OFF).Users can configure a
F_DEVTYP TL1
MB)/ list of DSLAM devices and a list of
E
MA56 AG devices.
15/
MA56
05/
MA51
05
AG=U
A500
0(PV
MV1)
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PONTL1_S
ACCE Whether to display the ESN column BmsPonEmsTL
HOW_ESN_ 0
SS in the query results. (0: No, 1: Yes) 1
SWITCH
PON_TL1_
PON TL1 add error message in BmsPonAlarmT
ACCE ADD_ERR
0 result Switch (0: No, 1: Yes, default L1,BmsPonEms
SS MSG_SWIT
0) TL1
CH
PON_TL1_ BmsPonEmsTL
ACCE LSTUNREG LST-UNREGONU Show PONID 1 and
0
SS ONU_PONI <0:NO 1:YES> (default 0) BmsPonAlarmT
D_SWITCH L1
PON_TL1_S
Switch flag for whether or not BmsPonEmsTL
ACCE HOW_MA5
0 display MA5683T device type at 1,BmsPonAlarm
SS 683T_SWIT
PON TL1(0:NO,1:YES) TL1
CH
PROCESS_
ACCE The days of history data saved.From
PMS_DATA 60 BmsAccess
SS 0 to 2147483647.(Deafult:60)
_SAVE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
SERVCIE_P
ACCE Show Serviceport ID(0:NO, 1:
ORT_ID_VI 0 BmsAccess
SS YES)
SIBLE
SUPPORT_
ACCE OLD_VERS Is suppopt old version TypeB
0 BmsAccess
SS ION_TYPE function(0: off, 1:on, default:0)
B
SYNC_CO
ACCE MPLETED_ Is synchronization result notify
0 BmsAccess
SS NOTIFY_O TL1(0: No, 1: Yes)
SS
TIME_STA
ACCE MP_OF_CL Interval of judging whether clients
300 BmsAccess
SS IENT_STAT are online (unit: s)
E
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
BmsPonEmsTL
TL1_LSTO ONUTYPE format switch for
ACCE 1 and
NUTYPE_S 0 Telecom PON <0:close 1:open>
SS BmsPonAlarmT
WITCH (default 0)
L1
TL1_MAX_
TASK_COU
The Upper Limit of the Task
ACCE NT_OF_AL
30000 Created by All Users in Two Hours Tl1NBiDm
SS L_USER_IN
in TL1(Default: 30000)
_TWO_HO
URS
TL1_MAX_
ACCE TASK_COU The Upper Limit of the Task
10 TL1NBiDm
SS NT_OF_A_ Created by a Users(Default: 10)
USER
TL1_TIME_
ACCE BEFORE_B The Time Before Bind IGMP RP in
24 TL1NBiDm
SS IND_IGMP_ TL1(Default: 24)
RP
TL1_TIME_
BETWEEN_ The Time Between Bind and
ACCE
BIND_AND 24 Unbind IGMP RP in TL1(Default: TL1NBiDm
SS
_UNBIND_I 24)
GMP_RP
TL1_TOTA
L_TASK_C The Upper Limit of the Task
ACCE 50000
OUNT_OF_ Created by All Users in TL1NBiDm
SS 0
ALL_USER TL1(Default: 500000)
S
TL1NBiDm ,
TL1_USER BmsPonEmsTL
ACCE Record TL1 operations logs(0: No,
OPERLOG_ 1 1 and
SS 1: Yes)
SWITCH BmsPonAlarmT
L1
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
TRAP_FRE
ACCE Whether process the trap of ETH
SH_ETHPO 1 BmsAccess
SS port(0:dose not process, 1:process)
RT_INFO
USERLABE
ACCE Keep UserLabel synchronous with
L_FROM_D 0 BmsAccess
SS devices (0: Yes, 1: No)
EV_FLG
XPON_AUT
ACCE O_REPLAC Automatically replace MxUs with
0 BmsAccess
SS E_MDU_S xPON devices (0: No, 1: Yes)
WITCH
XPON_CHE
ACCE CK_IADIP_ not
Check IADIP Repeat Except IP BmsAccess
SS REPEAT_E config
XCEPTIP
XPON_CHE
ACCE CK_IADIP_ Check IADIP Repeat Swtich(0: No,
0 BmsAccess
SS REPEAT_S 1: Yes)
WITCH
XPON_CHE
ACCE CK_MAC_ Check MAC Repeat Swtich(0: No,
0 BmsAccess
SS REPEAT_S 1: Yes)
WITCH
XPON_CHE
CK_ONTD
ACCE Check ONT DOMAIN Repeat
OMAIN_RE 0 BmsAccess
SS Swtich(0: No, 1: Yes)
PEAT_SWI
TCH
XPON_CHE
CK_PASSW
ACCE Check for GPON authentication
ORD_REPE 0 BmsAccess
SS password conflicts (0: No, 1: Yes)
AT_SWITC
H
XPON_CHE
CK_PHONE
ACCE Check for authentication phone
NUM_REPE 0 BmsAccess
SS number conflicts (0: No, 1: Yes)
AT_SWITC
H
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
XPON_DEF
ACCE AULT_DBA Default DBA template bound to
BmsAccess
SS _WHEN_A Tcont of a new ONU
DDONU
XPON_POS
ACCE Display fake pos:(0-No 1-Yes.
_DISPLAY_ 1 BmsAccess
SS default is 1)
SWITCH
PW_SUPPO
PM RTED_TYP PTN PW supported device types PMSDm
ES
BCPPATH_
Absolute PATHS - Add doubleqoute
PM FOR_DATA PMSDm
after the directory and at the end
DUMP
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Main_NPM PMSDm,AgentI
PM The ip address of main NPMS
S_IP ntegrate
UTRAFFIC
_TROUBLE
The ip address of master Utraffic PMSDm,UTraff
PM SHOOTING
Troubleshooting icAdapter
_MASTER_
IP
CONFIG_V
PLS_VSI_D The count of Deploy VSI(default:
Nml_ip 10 Nml_ip
EPLOY_CO 10)
UNT
CONFIG_V
PLS_ALAR
Configure VPLS alarm merger time,
Nml_ip M_PROCES 3 Nml_ip
the default time is 3S
S_MIN_INT
ERVAL
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_V
PLS_ALAR
M_NOPRO Configure VPLS alarm refurbish
Nml_ip 200 Nml_ip
CESS_MAX time, the default time is 200S
_INTERVA
L
CONFIG_S
The Sort interval of Faulty Service
Nml_ip ORT_TIME 0 Nml_ip
Monitoring
_FAULT
CONFIG_C
OMMON_A This item specifies the interval
Nml_ip UTOEXPO 10 (unit: day) at which the automatic Nml_ip
RT_PERIO export task is executed.
D
CONFIG_T
Whether support calculate the route
UNNEL_BA
Nml_ip 0 with loading balance bandwidth Nml_ip
NDWIDTH_
(Default 0: closed ,1:open).
BALANCE
CONFIG_P
WE3_MSG_
Configure PWE3 alarm merger
Nml_ip PROCESS_ 3 Nml_ip
time, the default time is 3S
MIN_INTE
RVAL
CONFIG_P
WE3_MSG_
Configure PWE3 alarm refurbish
Nml_ip NOPROCES 45 Nml_ip
time, the default time is 45S
S_MAX_IN
TERVAL
VPLS_MIN
The minimum of the SAIs that will
Nml_ip _AGGREG 0 Nml_ip
be aggregated, the default is 0
ATE_NUM
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_L
3VPN_MSG
Configure L3VPN alarm merger
Nml_ip _PROCESS 45 Nml_ip
time, the default time is 45S
_MIN_INTE
RVAL
CONFIG_L
3VPN_MSG
Configure L3VPN alarm refurbish
Nml_ip _NOPROCE 300 Nml_ip
time, the default time is 300S
SS_MAX_I
NTERVAL
CONFIG_P
WE3_CONF Set the merge refresh interval for
Nml_ip IG_NOTIFY 3 PWE3 service configurations, the Nml_ip
_MIN_INTE default time is 3S
RVAL
CONFIG_P
WE3_CONF Set the refresh deadline for PWE3
Nml_ip IG_NOTIFY 45 service configurations, the default Nml_ip
_MAX_INT time is 45S
ERVAL
UTRAFFIC
_ADAPTER 127.0. Peer system IP collection, Most 128
Nml_ip UTrafficAdapter
_SERVER_I 0.1 characters.127.0.0.1(default)
P
CONFIG_T
UNNEL_SU Service interruption analysis tool
Nml_ip PPORT_SR 0 switches (Default 0: closed , Nml_ip
VINTANAL 1:open).
YSIS
CONFIG_V
Specifies whether the service of
PLS_DISCO
Vpls can be set Net Type of HVPLS
Nml_ip VERY_SET 0
after discovey (Default 0: closed ,
_HVPLS_N
1:open).
ETYPE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_V
PLS_OF_PR Specifies the Vpls of private
IVATE_NET network customized by special
Nml_ip 0 Nml_ip
WORK_FO consumer (Default 0: closed ,
R_CONSU 1:open).
MER
CONFIG_T
UNNEL_AC Maximum number of tunnels that
Nml_ip TIVATE_SE 10 can be deployed in batches . The
CURE_MA default value is 10
XNUM
CONFIG_T
UNNEL_PG This item indicates the maximum
_DEACTIV number of protection groups that
Nml_ip 10
ATE_SECU can be undeployed or disabled in a
RE_MAXN batch. The default value is 10.
UM
CONFIG_L
Maximum number of L3VPN
3VPN_DEA
services that can be undeployed in
Nml_ip CTIVATE_S 1
batches, including L3VPN service
ECURE_M
disabling. The default value is 1
AXNUM
CONFIG_L
3VPN_NE_ Maximum number of L3VPN NEs
DEACTIVA that can be undeployed in batches,
Nml_ip 1
TE_SECUR including L3VPN NE disabling.
E_MAXNU The default value is 1.
M
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_L
3VPN_SUB Maximum number of L3VPN sub-
OBJECT_A 10000 objects that can be deployed in
Nml_ip
CTIVATE_S 0 batches, including SAI enabling.
ECURE_M The default value is 100000.
AXNUM
CONFIG_L
3VPN_VRF This item indicates the maximum
_DEACTIV number VRF entries that can be
Nml_ip 1
ATE_SECU deleted in a batch, including NE
RE_MAXN deletion. The default number is 1.
UM
CONFIG_L
3VPN_ROU
Display Route Loopback Detect
Nml_ip TELOOPBA 0
Menu 1: yes 0: no(default)
CKDETECT
_ENABLE
CONFIG_N
ML_TESTC Display Create Test Suite Menu 1:
Nml_ip 0
ASE_ENAB yes 0: no(default)
LE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_V
This item indicates the maximum
PLS_DEAC
number of vpls services that can be
Nml_ip TIVATE_SE 1
disabled in a batch. The default
CURE_MA
value is 1.
XNUM
CONFIG_V
This item indicates the maximum
PLS_VSI_D
number of vpls vsis that can be
Nml_ip EACTIVAT 1
undeployed or disabled or deleted in
E_SECURE
a batch. The default value is 1.
_MAXNUM
CONFIG_V
This item indicates the maximum
PLS_OBJEC
number of vpls Objects include SAI
T_DEACTI
Nml_ip 10 and PW that can be undeployed or
VATE_SEC
disabled or deleted in a batch. The
URE_MAX
default value is 10.
NUM
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_B
GP_DEACT This item indicates the number of
Nml_ip IVATE_PEE 1 BGP peers that can be deleted in a
R_MAXNU batch. The default value is 1.
M
CONFIG_P
WE3_VIEW
Nml_ip 10000 Tunnel Unconfigure Protection.
_TUNNEL_
MAXNUM
CONFIG_L
3VPN_VRF Modify VPN PEER labels of
Nml_ip _STATIC_M 0 L3VPN services. (1: open , Nml_ip
ODIFYPEE 0:closed(default)).
RLABEL
CONFIG_L
3VPN_VRF Modify out tunnel of static route in
Nml_ip _STATIC_M 0 L3VPN services. (1: open , Nml_ip
ODIFYTUN 0:closed(Default)).
NEL
CONFIG_S
UPPORT_N Support Tunnel Network Adjust
Nml_ip 0
ETWORK_ (Default 0: closed ,1:open).
ADJUST
CONFIG_E
TREE_NOD This item indicates the maximum
E_DEACTI number of Etree Node that can be
Nml_ip 1
VATE_SEC undeployed or disabled or deleted in
URE_MAX a batch. The default value is 1.
NUM
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_E
TREE_ETR This item indicates the maximum
EE_OBJEC number of etree Objects include
Nml_ip T_DEACTI 10 SAI and PW that can be undeployed
VATE_SEC or disabled or deleted in a batch.
URE_MAX The default value is 10.
NUM
CONFIG_C
This item specifies the cps service
Nml_c PS_AUTO_
1 auto configure oam's type: 1: Y. Nml_cps
ps CONFIG_O
1711(default) 2:Y.1731
AM
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_E
Maximum number of ERPS
Nml_c RPS_CLOS
10 services that can be deleted in
ommon E_SECURE
batches. The default value is 10.
_MAXNUM
CONFIG_E
Maximum number of ERPS
Nml_c RPS_OPEN
10 services that can be operated in
ommon _SECURE_
batches. The default value is 10.
MAXNUM
CONFIG_N
Nml_n ATIVEETH Maximum number of NativeEth
ativeet _OPEN_SE 10 services that can be deployed in
h CURE_MA batches. The default value is 10.
XNUM
MAX_COU
NT_OF_AU This variables stores the maximum
DC 400 DCServer
TO_CREAT NO. of Mxu Tasks allowed.
E_TASK
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
MAX_COU
This variables stores the maximum
DC NT_OF_AL 800 DCServer
no of Tasks allowed.
L_TASK
RECOVER_
CHECK_DE Recover operation check device
DC 1 DCServer
VICE_VER version.1 check, 0 not check
SION
BMS_DEV_
Specifies whether to query data
ACCE QUERY_SE
0 from NEs.<1:NO, 1:YES>(default: BmsAccess
SS RVICEPOR
0)
T
NEMGR_T
TRAN RANS_6_S Eml_PubSvr,ne
11006 nemgr_trans_6 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_11_S Eml_PubSvr,ne
11061 nemgr_trans_11 sbi ssl port
S BIPROXYS mgr*
SLPORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
TRAN RANS_16_S Eml_PubSvr,ne
11041 nemgr_trans_16 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_21_S
TRAN Eml_PubSvr,ne
BIPROXYT 11096 nemgr_trans_21 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
MaxInstThre
TRAN Number of Thread to be
adNumOfPo 1
S assigned(Large-scale instance).
w
127.0.
TRAN 2510ServerI Indicates the IP address and port ID
0.1:84 Eml_PubSvr
S P of the iManager N2510 server.
43
InventorySer
TRAN
viceHTTPPo 13500 Inventory Service HTTP Port
S
rtNo
PfmCollPars
TRAN Number of Thread to parse
eThreadCou 1 nemgr*
S performance data
nt
PfmCollPers
TRAN Number of Thread to persist
istThreadCo 1 nemgr*
S performance data
unt
PfmCollBatc
TRAN Number of NEs to collect
hCollNeCou 1
S performance data
nt
PfmCollBatc
TRAN Number of NEs to parse
hParseNeCo 1
S performance data
unt
PfmCollBatc
TRAN Number of NEs to persist
hPersistNeC 1
S performance data
ount
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PfmCollBatc
TRAN Waiting time(ms) after persisting
hPersistSlee 100
S batch of NEs
p
TransNmComm
TRAN 1:big slot num (defalut), 0: small on,Nml_ason_ot
slotversion 1
S slot num. n,Nml_ason_sd
h
TransNmComm
TRAN 2: ISO8859-1 , 1:UTF-8 (default), on,Nml_ason_ot
encoding 1
S 0:GBK . n,Nml_ason_sd
h
TransNmComm
1:script file force without nename,
TRAN on,Nml_ason_ot
scriptname 0 0: script file force with
S n,Nml_ason_sd
nename(default).
h
TransNmComm
TRAN NEUserLogi After upgrade set NE user login on,Nml_ason_ot
1
S nflag mode n,Nml_ason_sd
h
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
TRAN RANS_1_S Eml_PubSvr,ne
11001 nemgr_trans_1 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_1_S Eml_PubSvr,ne
11051 nemgr_trans_1 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_1_S Eml_PubSvr,ne
11026 nemgr_trans_1 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_1_S
TRAN Eml_PubSvr,ne
BIPROXYT 11076 nemgr_trans_1 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_1_W Eml_PubSvr,ne
13101 nemgr_trans_1 wnemgr port
S NEMGRHT mgr*
TPPORT
NEMGR_T
TRAN RANS_2_S Eml_PubSvr,ne
11002 nemgr_trans_2 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_2_S Eml_PubSvr,ne
11052 nemgr_trans_2 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_2_S Eml_PubSvr,ne
11027 nemgr_trans_2 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_2_S
TRAN Eml_PubSvr,ne
BIPROXYT 11077 nemgr_trans_2 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_2_W Eml_PubSvr,ne
13102 nemgr_trans_2 wnemgr port
S NEMGRHT mgr*
TPPORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
TRAN RANS_3_S Eml_PubSvr,ne
11003 nemgr_trans_3 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_3_S Eml_PubSvr,ne
11053 nemgr_trans_3 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_3_S Eml_PubSvr,ne
11028 nemgr_trans_3 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_3_S
TRAN Eml_PubSvr,ne
BIPROXYT 11078 nemgr_trans_3 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_3_W Eml_PubSvr,ne
13103 nemgr_trans_3 wnemgr port
S NEMGRHT mgr*
TPPORT
NEMGR_T
TRAN RANS_4_S Eml_PubSvr,ne
11004 nemgr_trans_4 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_4_S Eml_PubSvr,ne
11054 nemgr_trans_4 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_4_S Eml_PubSvr,ne
11029 nemgr_trans_4 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_4_S
TRAN Eml_PubSvr,ne
BIPROXYT 11079 nemgr_trans_4 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_4_W Eml_PubSvr,ne
13104 nemgr_trans_4 wnemgr port
S NEMGRHT mgr*
TPPORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
TRAN RANS_5_S Eml_PubSvr,ne
11005 nemgr_trans_5 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_5_S Eml_PubSvr,ne
11055 nemgr_trans_5 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_5_S Eml_PubSvr,ne
11030 nemgr_trans_5 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_5_S
TRAN Eml_PubSvr,ne
BIPROXYT 11080 nemgr_trans_5 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_5_W Eml_PubSvr,ne
13105 nemgr_trans_5 wnemgr port
S NEMGRHT mgr*
TPPORT
Router NE
TRAN Poll Interval, Range:[5, 360),
PollInterval 180 Manager(VRP
S Unit:s, Default:180
V8)
Router NE
TRAN isSupportMu isSupportMultiLR, true:Support
false Manager(VRP
S ltiLR false:Unsupported, Default:false
V8)
Router NE
TRAN isSupportMu isSupportMultiVR, true:Support
true Manager(VRP
S ltiVR false:Unsupported, Default:true
V8)
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
TRAN RANS_6_S Eml_PubSvr,ne
11056 nemgr_trans_6 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_6_S Eml_PubSvr,ne
11031 nemgr_trans_6 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_6_S
TRAN Eml_PubSvr,ne
BIPROXYT 11081 nemgr_trans_6 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_6_W Eml_PubSvr,ne
13106 nemgr_trans_6 wnemgr port
S NEMGRHT mgr*
TPPORT
NEMGR_T
TRAN RANS_7_S Eml_PubSvr,ne
11007 nemgr_trans_7 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_7_S Eml_PubSvr,ne
11057 nemgr_trans_7 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_7_S Eml_PubSvr,ne
11032 nemgr_trans_7 sbi tl1 port
S BIPROXYT mgr*
L1PORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
RANS_7_S
TRAN Eml_PubSvr,ne
BIPROXYT 11082 nemgr_trans_7 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_7_W Eml_PubSvr,ne
13107 nemgr_trans_7 wnemgr port
S NEMGRHT mgr*
TPPORT
NEMGR_T
TRAN RANS_8_S Eml_PubSvr,ne
11008 nemgr_trans_8 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_8_S Eml_PubSvr,ne
11058 nemgr_trans_8 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_8_S Eml_PubSvr,ne
11033 nemgr_trans_8 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_8_S
TRAN Eml_PubSvr,ne
BIPROXYT 11083 nemgr_trans_8 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_8_W Eml_PubSvr,ne
13108 nemgr_trans_8 wnemgr port
S NEMGRHT mgr*
TPPORT
NEMGR_T
TRAN RANS_9_S Eml_PubSvr,ne
11009 nemgr_trans_9 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_9_S Eml_PubSvr,ne
11059 nemgr_trans_9 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_9_S Eml_PubSvr,ne
11034 nemgr_trans_9 sbi tl1 port
S BIPROXYT mgr*
L1PORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
RANS_9_S
TRAN Eml_PubSvr,ne
BIPROXYT 11084 nemgr_trans_9 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_9_W Eml_PubSvr,ne
13109 nemgr_trans_9 wnemgr port
S NEMGRHT mgr*
TPPORT
NEMGR_T
TRAN RANS_10_S Eml_PubSvr,ne
11010 nemgr_trans_10 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_10_S Eml_PubSvr,ne
11060 nemgr_trans_10 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_10_S Eml_PubSvr,ne
11035 nemgr_trans_10 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_10_S
TRAN Eml_PubSvr,ne
BIPROXYT 11085 nemgr_trans_10 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_10_ Eml_PubSvr,ne
13110 nemgr_trans_10 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_11_S Eml_PubSvr,ne
11011 nemgr_trans_11 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_11_S Eml_PubSvr,ne
11036 nemgr_trans_11 sbi tl1 port
S BIPROXYT mgr*
L1PORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
RANS_11_S
TRAN Eml_PubSvr,ne
BIPROXYT 11086 nemgr_trans_11 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_11_ Eml_PubSvr,ne
13111 nemgr_trans_11 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_12_S Eml_PubSvr,ne
11012 nemgr_trans_12 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_12_S Eml_PubSvr,ne
11062 nemgr_trans_12 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_12_S Eml_PubSvr,ne
11037 nemgr_trans_12 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_12_S
TRAN Eml_PubSvr,ne
BIPROXYT 11087 nemgr_trans_12 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_12_ Eml_PubSvr,ne
13112 nemgr_trans_12 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_13_S Eml_PubSvr,ne
11013 nemgr_trans_13 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_13_S Eml_PubSvr,ne
11063 nemgr_trans_13 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_13_S Eml_PubSvr,ne
11038 nemgr_trans_13 sbi tl1 port
S BIPROXYT mgr*
L1PORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
RANS_13_S
TRAN Eml_PubSvr,ne
BIPROXYT 11088 nemgr_trans_13 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_13_ Eml_PubSvr,ne
13113 nemgr_trans_13 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_14_S Eml_PubSvr,ne
11014 nemgr_trans_14 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_14_S Eml_PubSvr,ne
11064 nemgr_trans_14 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_14_S Eml_PubSvr,ne
11039 nemgr_trans_14 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_14_S
TRAN Eml_PubSvr,ne
BIPROXYT 11089 nemgr_trans_14 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_14_ Eml_PubSvr,ne
13114 nemgr_trans_14 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_15_S Eml_PubSvr,ne
11015 nemgr_trans_15 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_15_S Eml_PubSvr,ne
11065 nemgr_trans_15 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_15_S Eml_PubSvr,ne
11040 nemgr_trans_15 sbi tl1 port
S BIPROXYT mgr*
L1PORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
RANS_15_S
TRAN Eml_PubSvr,ne
BIPROXYT 11090 nemgr_trans_15 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_15_ Eml_PubSvr,ne
13115 nemgr_trans_15 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_16_S Eml_PubSvr,ne
11016 nemgr_trans_16 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_16_S Eml_PubSvr,ne
11066 nemgr_trans_16 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
RANS_16_S
TRAN Eml_PubSvr,ne
BIPROXYT 11091 nemgr_trans_16 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_16_ Eml_PubSvr,ne
13116 nemgr_trans_16 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_17_S Eml_PubSvr,ne
11017 nemgr_trans_17 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_17_S Eml_PubSvr,ne
11067 nemgr_trans_17 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_17_S Eml_PubSvr,ne
11042 nemgr_trans_17 sbi tl1 port
S BIPROXYT mgr*
L1PORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
RANS_17_S
TRAN Eml_PubSvr,ne
BIPROXYT 11092 nemgr_trans_17 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_17_ Eml_PubSvr,ne
13117 nemgr_trans_17 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_18_S Eml_PubSvr,ne
11018 nemgr_trans_18 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_18_S Eml_PubSvr,ne
11068 nemgr_trans_18 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_18_S Eml_PubSvr,ne
11043 nemgr_trans_18 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_18_S
TRAN Eml_PubSvr,ne
BIPROXYT 11093 nemgr_trans_18 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_18_ Eml_PubSvr,ne
13118 nemgr_trans_18 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_19_S Eml_PubSvr,ne
11019 nemgr_trans_19 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_19_S Eml_PubSvr,ne
11069 nemgr_trans_19 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_19_S Eml_PubSvr,ne
11044 nemgr_trans_19 sbi tl1 port
S BIPROXYT mgr*
L1PORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
RANS_19_S
TRAN Eml_PubSvr,ne
BIPROXYT 11094 nemgr_trans_19 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_19_ Eml_PubSvr,ne
13119 nemgr_trans_19 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_20_S Eml_PubSvr,ne
11020 nemgr_trans_20 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_20_S Eml_PubSvr,ne
11070 nemgr_trans_20 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_20_S Eml_PubSvr,ne
11045 nemgr_trans_20 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_20_S
TRAN Eml_PubSvr,ne
BIPROXYT 11095 nemgr_trans_20 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_20_ Eml_PubSvr,ne
13120 nemgr_trans_20 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_21_S Eml_PubSvr,ne
11021 nemgr_trans_21 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_21_S Eml_PubSvr,ne
11071 nemgr_trans_21 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_21_S Eml_PubSvr,ne
11046 nemgr_trans_21 sbi tl1 port
S BIPROXYT mgr*
L1PORT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
TRAN RANS_21_ Eml_PubSvr,ne
13121 nemgr_trans_21 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_22_S Eml_PubSvr,ne
11022 nemgr_trans_22 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_22_S Eml_PubSvr,ne
11072 nemgr_trans_22 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_22_S Eml_PubSvr,ne
11047 nemgr_trans_22 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_22_S
TRAN Eml_PubSvr,ne
BIPROXYT 11097 nemgr_trans_22 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_22_ Eml_PubSvr,ne
13122 nemgr_trans_22 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_23_S Eml_PubSvr,ne
11023 nemgr_trans_23 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_23_S Eml_PubSvr,ne
11073 nemgr_trans_23 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_23_S Eml_PubSvr,ne
11048 nemgr_trans_23 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_23_S
TRAN Eml_PubSvr,ne
BIPROXYT 11098 nemgr_trans_23 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_T
TRAN RANS_23_ Eml_PubSvr,ne
13123 nemgr_trans_23 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_T
TRAN RANS_24_S Eml_PubSvr,ne
11024 nemgr_trans_24 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
TRAN RANS_24_S Eml_PubSvr,ne
11074 nemgr_trans_24 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
TRAN RANS_24_S Eml_PubSvr,ne
11049 nemgr_trans_24 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_24_S
TRAN Eml_PubSvr,ne
BIPROXYT 11099 nemgr_trans_24 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_24_ Eml_PubSvr,ne
13124 nemgr_trans_24 wnemgr port
S WNEMGRH mgr*
TTPPORT
NEMGR_M
TRAN ARINE_1_S Eml_PubSvr,ne
11025 nemgr_marine_1 sbi port
S BIPROXYP mgr*
ORT
NEMGR_M
TRAN ARINE_1_S Eml_PubSvr,ne
11075 nemgr_marine_1 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_M
TRAN ARINE_1_S Eml_PubSvr,ne
11050 nemgr_marine_1 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_M
ARINE_1_S
TRAN Eml_PubSvr,ne
BIPROXYT 11100 nemgr_marine_1 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMGR_M
TRAN ARINE_1_ Eml_PubSvr,ne
13150 nemgr_marine_1 wnemgr port
S WNEMGRH mgr*
TTPPORT
NESVC_V8
TRAN TRANS_1_ Eml_PubSvr,ne
13330 nemgr_v8trans_1 sbi port
S SBIPROXY mgr*
PORT
NESVC_V8
TRAN TRANS_1_ Eml_PubSvr,ne
13331 nemgr_v8trans_1 sbi ssl port
S SBIPROXY mgr*
SSLPORT
NESVC_V8
TRAN TRANS_1_ Eml_PubSvr,ne
13149 nemgr_v8trans_1 wnemgr port
S WNEMGRH mgr*
TTPPORT
MidInstThre
TRAN Number of Thread to be
adNumOfPo 2
S assigned(Middle-scale instance).
w
DC_CONV
Convert configuration upgrade task
ERT_ACCE
DC 0 switch:1 means open switch, other DCServer
SS_CONFI
value means close switch
G
NB_NUMB
ER_OF_OL
How many old device zip can keep BulkCollectorD
PM D_DEVICE 40
in bulk_tbd folder m
_ZIP_FILE_
TO_KEEP
NBRAMBO
Rambo file generation delay in BulkCollectorD
PM _GENERAT 60
minutes m
E_TIME
BMS_PVCE
ACCE XP_TRIGG The number of trigger backup
5 BmsAccess
SS ER_BACKU function when deleting serviceport.
P_NUM
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
BMS_PVCE
ACCE XP_BACNU The day number of reserving
14 BmsAccess
SS PFILE_RES serviceport backup file.
ERVEDAY
XPON_POS
ACCE Display fake pos: 0-No 1-Yes.
_DISPLAY_ 1 BmsAccess
SS default is 1
SWITCH
IS_BATCH_
This item specifies whether to
REFRESH_
Nml_ip 0 refresh service alarms in batches. 1: Nml_ip
SERVICE_
yes 0: no(default)
ALARM
CONFIG_L
3VPN_VRF 10000 The count of Deploy VRF(default:
Nml_ip Nml_ip
_DEPLOY_ 0 100000)
COUNT
CONFIG_L
3VPN_AGG
Display Config Aggregate Route
Nml_ip REGATE_R 0
Button 1: yes 0: no(default)
OUTE_ENA
BLE
CONFIG_N
ETWORK_ This item specifies whether
Nml_ip LAYER_AL 1 network-layer alarm is enabled. 1: Nml_ip
ARM_ENA yes(default) 0: no
BLE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_S
Nml_c The Sort interval of Faulty Service
ORT_TIME 0 Nml_common
ommon Monitoring
_FAULT
PTN_TRAN
S_MAX_IN 10000 Maximum instance count supported
PM PMSDm
STANCE_C 0 for PTN and TRANS
OUNT
PTN_DEV_
TYPE_SUP
1960,1 Maximum 1024 instance count
PM PORT_1024 PMSDm
983 supported for PTN device type
_INSTANC
E
1918,1
919,19
59,196
PTN_DEV_ 8,1969
TYPE_SUP , Maximum 256 instance count
PM PMSDm
PORT_256_ 1970,1 supported for PTN device type
INSTANCE 988,19
95,199
9,1904
,1889
PTN_DEV_
TYPE_SUP
1911,1 Maximum 4094 instance count
PM PORT_4094 PMSDm
912 supported for PTN device type
_INSTANC
E
RouterMgrDm,
FrameSWMgrD
IsSupportLo IP link support logical interface
IP_BA m,BoxSWMgrD
gicalInterfac 0 discovery switch <0:close 1:open>.
SE m,SecurityMgr
e The default value is 0.
Dm,DmsBaseD
m
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
RouterMgrDm,
FrameSWMgrD
IsSupportLld IP link support side by side both
IP_BA m,BoxSWMgrD
pSidebySide 0 discovery switch <0:close 1:open>.
SE m,SecurityMgr
Both The default value is 0.
Dm,DmsBaseD
m
RouterMgrDm,
FrameSWMgrD
IsSupportAu IP link support auto add device
IP_BA m,BoxSWMgrD
toAddDevic 0 discovery switch <0:close 1:open>.
SE m,SecurityMgr
e The default value is 0.
Dm,DmsBaseD
m
RouterMgrDm,
FrameSWMgrD
IP link support 31 mask discovery
IP_BA IsSupportIp m,BoxSWMgrD
0 switch <0:close 1:open>. The
SE Link_31 m,SecurityMgr
default value is 0.
Dm,DmsBaseD
m
RouterMgrDm,
FrameSWMgrD
IP link support lldp discovery
ACCE IsSupportLld m,BoxSWMgrD
1 switch <0:close 1:open>. The
SS pLink m,SecurityMgr
default value is 1.
Dm,DmsBaseD
m
RouterMgrDm,
Specifies a mode for IP NE
FrameSWMgrD
synchronization: 1: FTP 2: SFTP 3:
IPCOMMO m,BoxSWMgrD
IP_BA SFTP/FTP. The default value is 2.
N_SYNC_F 2 m,SecurityMgr
SE FTP is an insecure protocol.
TP_MODE Dm,Router NE
Exercise caution when using this
Manager(VRP
protocol.
V8)
Alarm ID conversion
flag(1=Convert only specified
BMS_TL1_ alarms to Telecom standard-
ACCE
ALARM_S 1 compliant ID format, 2=Convert all PONAlarmTL1
SS
WITCH alarms to Telecom standard-
compliant ID format, 3=Retain the
original ID formats of all alarms.)
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMG Router NE
Poll Interval, Range:[5, 360),
R_VM PollInterval 180 Manager(VRP
Unit:s, Default:180
F V8)
NEMG Router NE
isSupportMu isSupportMultiLR, true:Support
R_VM false Manager(VRP
ltiLR false:Unsupported, Default:false
F V8)
NEMG Router NE
isSupportMu isSupportMultiVR, true:Support
R_VM true Manager(VRP
ltiVR false:Unsupported, Default:true
F V8)
Whether to enable
MULTINMS MultiNmsNanager_Alarm. The
NEMG
MANAGER value 1 indicates that Alarm will be
R_RO 1 RouterMgrDm
_ALARM_E report. The value 0 indicates that
UTER
NABLE Alarm will not be report. The
default value is 1.
MULTINMS
NEMG MultiNmsNanager_Alarm Poll
MANAGER
R_RO 89400 Interval. The default value 89400. RouterMgrDm
_ALARM_I
UTER The min value 14400.
NTERVAL
Whether to enable
INCREMEN INCREMENTSYNC_ENABLE_A
NEMG
TSYNC_EN LARM. The value 1 indicates that
R_RO 1 RouterMgrDm
ABLE_ALA Alarm will be report. The value 2
UTER
RM indicates that Alarm will not be
report. The default value is 1.
Whether to enable
CONFCHANGED_ICON. The
NEMG CONFCHA value 1 indicates that
R_RO NGED_ICO 1 CONFCHANGED_ICON will be RouterMgrDm
UTER N_ENABLE enable. The value 2 indicates that
CONFCHANGED_ICON will be
disable. The default value is 1
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
VOIP_QUE
Specifies whether to query basic
ACCE RY_POTS_
0 information about POTS users (0: BmsAccess
SS USER_BAS
No, 1: Yes)
IC_INFO
HISTORY_
ACCE the days of the history alarm(3 or 7,
ALARM_TI 3 BmsAccess
SS default: 3)
ME_LESS
SYNC_DEV
ACCE sync NE time switch(1 or 0, default:
TIME_BY_ 1 BmsAccess
SS 1)
DEVTYPE
StdCltsiDm,cltsi
Indicates the blacklist masking time ,BmsPonAlarm
NBIFRAME
ACCE of the NBIs in the access domain TL1,BmsPonE
_MAX_BL 180
SS (value range: 1–86400 unit: msTL1,inTL1N
OCK_TIME
second). BIDm,TL1NBi
Dm
BmsPonAlarmT
NBIFRAME Indicates the maximum number of
L1,BmsPonEms
ACCE _MAX_ALL login failures allowed by the NBIs
3 TL1,cltsi,inTL1
SS OWED_LO in the access domain (value range:
NBiDm,StdCltsi
GIN_FAILS 1–10).
Dm,TL1NBiDm
NBIFRAME BmsPonAlarmT
Indicates the login failure statistics
_LOGIN_F L1,BmsPonEms
ACCE period of the NBIs in the access
AIL_COUN 60 TL1,cltsi,inTL1
SS domain (value range: 1–86400
T_INTERV NBiDm,StdCltsi
unit: second).
AL Dm,TL1NBiDm
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CMCNAME
ACCE Support convert name and
_IS_DEV_D 0 BmsAccess
SS alias(0:No 1:Yes)
ESC
CONFIG_E
Whether support Etree Service
TREE_SER
Nml_ip 1 Management(Defalut 1:open, Nml_ip
VICE_MAN
0:closed)
AGEMENT
EXCEPT_S
ACCE Types of ONUs for whom 12-
N_LENGTH BmsAccess
SS character SNs are displayed
_ONUTYPE
NBI_EXPO
RT_AGGD Export NBI Files for Aggregated
PM 0 TXTNBIDm
ATA_ENAB data Default=0 , Enable=1
LE
MOVEAGE
ACCE NT_IS_AUT Is automatically synchronize Topo
0 BmsCommon
SS O_SYN_TO after migrate(0:No, 1:Yes, default:0)
PO
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
This is
PMS_WEB_
default The banner info that show to user
PM BANNER_I PMSWeb
banner by PMSWeb
NFO
info
Q_INTERF
ACCE ACE_TIME The time out of Q interface request
2 BmsAccess
SS OUT_MUL TL1(unit: minute, >1)
TIPLE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_L
3VPN_STA
support choose TE Policy. 1: yes 0:
Nml_ip TIC_SELEC 0 Nml_ip
no(default)
T_TE_POLI
CY
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PONTL1_R
ETURN_SU For LST-ALARM, Whether return
ACCE BmsPonAlarmT
CCESS_WH 0 success when query alarm is null.(0:
SS L1
EN_NO_AL Yes, 1: No, default: 0)
ARM
SHOW_DA
United Specifies whether to show data
TACONSIS 1 UniteUitlDM
Mgr consistence. (0: no 1: yes)
T_MODE
g_AutoSearc
Nml_ot After ason reroute autosearch trail
hTrailInterva 900 Nml_otn
n 300-900 default value:900
lForAson
g_bCreateSt
Whether need create static client
aticClientTra
Nml_ot trails which lack of XC on source or
ilsWhichLac 1 Nml_otn
n sink of the trail, 0: needn't, 1: need,
kOfXCOnSr
default is 1
cOrSnk
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
XPONCOM
MON_THIR Indicates the terminal type of the BmsAccess,TL1
ACCE
DONT_EQ 0 CIGG (0:CIGG 1:The exact type. NBiDm,inTL1N
SS
UIPMENT_ Default 0) BiDm
FORMAT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
ALARM_SP
ACCE Split optical transceiver exceed
LIT_OPTIC 0 TrapReceiver
SS threshold alarm.(0:no,1:yes)
_ALARM
TOTAL_NE
United whether ne capabilitiy is enabled.
_CAPABILI -1 migrate_agent
Mgr (<=0:invalid, >0:the set value).
TY
CONFIG_T
UNNEL_SU
This item specifies whether tunnel
PPORT_FIL
Nml_ip 0 filtering based on PW types is
TERTUNNE
enabled.0: No (default),1: Yes.
L_BYPWT
YPE
CONFIG_T
UNNEL_SU
This item specifies whether using/
PPORT_RE
releasing the tunnel bandwidth
Nml_ip LEASE_OC 0
reserved on rings is enabled.0: No
CUPY_TNL
(default),1: Yes.
BANDWIT
HONRING
CONFIG_T
UNNEL_M This item specifies the maximum
AXNUM_R number of ring tunnels whose
Nml_ip ELEASE_O 200 reserved bandwidth can be used/
CCUPY_TN released. The value ranges from 1 to
LBANDWI 1000, and the default value is 200.
THONRING
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
NEMG
autoDeleteV autoDeleteVNE,true:yes
R_VM false
NE false:no,Default:false
F
NEMG
isSupportVa isSupportVaView,true:Support
R_VM false
View false:Unsupported,Default:false
F
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
1,8,3,1
2,35,3
3,395,
403,39
6,399,
72,66,
75,107
,
71,635
AllInterrupti 98,636
Nml_s the first list of IDs of all the alarms
onAlarmIDL 00,183 Nml_sdh
dh that interrupt services.
ist_1 ,
63599,
63601,
63603,
63577,
9,360,
354,35
3,14,3
65,408
,194
81,77,
AllInterrupti
Nml_s 92,636 the second list of IDs of all the
onAlarmIDL Nml_sdh
dh 02,118 alarms that interrupt services.
ist_2
,201
AllInterrupti
Nml_s the third list of IDs of all the alarms
onAlarmIDL 0 Nml_sdh
dh that interrupt services.
ist_3
SourceInterr
Nml_s 9,107, the first list of IDs of the source
uptionAlarm Nml_sdh
dh 201 alarms that interrupt services
IDList_1
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
1,8,3,1
2,35,3
3,395,
403,39
6,399,
72,66,
75,71,
63598,
63600,
SinkInterrup
Nml_s 183,63 the first list of IDs of the sink
tionAlarmID Nml_sdh
dh 599,63 alarms that interrupt services
List_1
601,63
603,63
577,81
,
77,92,
63602,
118,36
0,354,
353
SinkInterrup
Nml_s the second list of IDs of the sink
tionAlarmID 0 Nml_sdh
dh alarms that interrupt services
List_2
Source/ 14,365
Nml_s SinkInterrup , the first list of IDs of the source or
Nml_sdh
dh tionAlarmID 408,19 sink alarms that interrupt services.
List_1 4
IP_CO
ModelSuppo
MMO Device area of Model Caculate Path PathViewerDm
rt
N
CONFIG_L
3VPN_ALA Configure L3VPN alarm merger
Nml_ip 1 Nml_ip
RM_MERG time, the default time is 45S
ER_TIME
CONFIG_L
3VPN_ALA
Configure L3VPN alarm refurbish
Nml_ip RM_FORCE 300 Nml_ip
time, the default time is 300S
REFRESH_
TIME
BMS_ALA
ACCE
RM_SWITC 2 China telecom scene(1: Yes,2: No ) TrapReceiver
SS
H
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
AlarmReport
NBI 5000 Cache size of alarm report Agent_CORBA
CacheSize
Centra
lized
system
:1
NBI authtype AciveMQ Authentication Mode XMLAgent
Distrib
uted
system
:2
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
bTransSlotC
WDM device multi-shelf slot
NBI ompatibleM 1 Agent_CORBA
compatible mode (Open:1, Close:0 )
ode
BULK_EXP
Compression format of big data
ORT_DATA
files exported at a scheduled time.
NBI _FILE_CO 0 Agent_CORBA
0: gzip 1: not compressed. The
MPRESS_T
default value is 0.
YPE
BULK_EXP
Packaging format of big data files
ORT_DATA
exported at a scheduled time. 0: tar
NBI _FILE_PAC 0 Agent_CORBA
1: zip 2: not packaged. The default
KING_TYP
value is 0.
E
BULK_EXP
ORT_DATA Maximum size of total files stored
NBI _FILE_SAV 5120 on the SFTP server, in MB. The Agent_CORBA
E_MAXSIZ default size is 5 GB.
E
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
BULK_EXP
Whether to enable the scheduled
ORT_DATA
NBI 0 task for exporting big data files. 0: Agent_CORBA
_FILE_SWI
disable 1: enable. Default: 0
TCH
c3E9E
BB890
6768C
24D96
D4DF
BULK_EXP C767E
ORT_DATA 06116 SFTP server password of the big
NBI Agent_CORBA
_FTP_PASS 53D44 data granularity interface
WORD 5409E
66F56
F9E27
A50C1
2EB5
D
BULK_EXP
SFTP server subdirectory of the big
NBI ORT_DATA test Agent_CORBA
data granularity interface
_FTP_PATH
BULK_EXP
ORT_DATA SFTP server root directory of the
NBI Agent_CORBA
_FTP_ROO big data granularity interface
T_PATH
BULK_EXP
ORT_DATA
127.0. SFTP server IP address of the big
NBI _FTP_SERV Agent_CORBA
0.1 data granularity interface
ER_HOST_I
P
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
BULK_EXP
ORT_DATA SFTP protocol connection port of
NBI 22 Agent_CORBA
_FTP_SERV the big data granularity interface
ER_PORT
BULK_EXP
ORT_DATA SFTP protocol connection port of
NBI test Agent_CORBA
_FTP_USER the big data granularity interface
NAME
BULK_EXP
Whether to query LAG member
ORT_DATA
NBI 0 port information. 0: not query 1: Agent_CORBA
_LAGMEM
query. Default: 0
BER
Q7C27
6F3A8
A14D
E0157
420A
BULK_EXP D140C
ORT_DATA 2C408 Session password of the big data
NBI Agent_CORBA
_U2000_PA D6E6 granularity interface
SSWORD DEAE
28093
6582C
6AF30
D3658
422
BULK_EXP
ORT_DATA Session user of the big data
NBI admin Agent_CORBA
_U2000_US granularity interface
ERNAME
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
common →
Specifies whether to filter
param
NBI 0 correlative alarms. The options are SnmpAgent
→SupportR
as follows: 0: not filter 1: filter
ootAlarm
common →
Indicates the maximum length of
NBI param → 4096 SnmpAgent
each reported alarm field.
StringSize
common →
param → Indicates the port to transmit traps.
NBI 6666 SnmpAgent
TrapSendPor The value ranges from 1 to 65535.
t
common →
param→ Indicates the trap sending interval.
NBI 0 SnmpAgent
TrapSendInt The value ranges from 0 to 1000.
erval
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
./cbb/n
bi/
nbicbb configuration file for the
_3p/ notification service (a full path or
NBI conffile Notify_Service
share/b relative path default value:
in/ notify.conf)
notify.
conf
-
ORBD
ottedD
ecimal
CORBAAge tart up parameters of CORBA
NBI Addres Agent_CORBA
nt_Option Agent.
ses 1 -
ORBC
ollocat
ion no
CORBAAge
NBI 12003 Port of CORBAAgent service. Agent_CORBA
nt_Port
CSVMode
→CsvHead
Specifies whether to report the
NBI →Line1 TRUE textagent
performance file generation time.
→FileCreati
onTime
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CSVMode
→CsvHead
→Line1 Specifies whether to report indicator
NBI TRUE textagent
→Indicator group descriptions.
GroupDescri
ption
CSVMode
→CsvHead
Specifies whether to report indicator
NBI →Line1 TRUE textagent
group names.
→Indicator
GroupName
CSVMode
→CsvHead
Specifies whether to report the
→Line1
NBI TRUE amount of performance data textagent
→NumberO
recorded in a performance file.
fDataRecord
s
CSVMode
→ExportDat Indicates the export time format.(0:
NBI 0 textagent
aTimeZoneT UTC time, 1: Local time)
ype
CSVMode
NBI →Filter_N Indicator Filtering Template textagent
W
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CSVMode→
CsvHead→L Specifies whether to report the end
NBI TRUE textagent
ine2→Colle time of performance collection.
ctionTime
CSVMode→
CsvHead→L
NBI TRUE Specifies whether to report NE IDs. textagent
ine2→Devic
eID
CSVMode→
CsvHead→L Specifies whether to report NE
NBI TRUE textagent
ine2→Devic names.
eName
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CSVMode→
CsvHead→L Specifies whether to report the
NBI TRUE textagent
ine2→Granu collection period.
larityPeriod
CSVMode→
CsvHead→L FALS Specifies whether to report the IDs
NBI textagent
ine2→Resou E of measured objects.
rceID
CSVMode→
CsvHead→L Specifies whether to report the
NBI TRUE textagent
ine2→Resou names of measured objects.
rceName
CurrentMEN
NBI 43 Current ME Number Agent_CORBA
umber
Delete
DeletePfmTa Deletes the name of the scheduled
NBI PfmTa textagent
sk→Name performance data collection task.
sk
2009/9
DeletePfmTa Indicates the start time of the task of
/1
NBI sk→StartTi clearing historical performance textagent
0:00:0
me files.
0
EmsLocatio
NBI local the physical location of EMS Agent_CORBA
n
Huawe
NBI EmsName i/ the whole network only id of EMS Agent_CORBA
U2000
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
../conf/
certific
FTP_Client ate/
NBI The client key path for safe FTP Agent_CORBA
Cer corbaa
gent.ce
r
../conf/
certific
FTP_Private ate/
NBI The private key path for safe FTP Agent_CORBA
Key corbaa
gent.ce
r
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Q2419
AB8C
2E76B
15389
4664B
B4F9E
FTPConfig 30F54
NBI Indicates the SFTP user password. textagent
→PassWord 11520
B7E1
B2B85
299D4
B0650
994B5
B
FTPConfig
NBI 22 Indicates the SFTP service port. textagent
→Port
/
FTPConfig
ftptest/
NBI →RemotePa Indicates the FTP file directory. textagent
pfm_o
th
utput/
FTPConfig
Indicates the interval at which
NBI →RetryInter 60 textagent
performance files are re-transferred.
val
FTPConfig
Indicates the SFTP certificate file
NBI →SFTPKey textagent
directory.
Path
FTPConfig
NBI →SFTPMod 1 Indicates the FTP service mode. textagent
e
FTPConfig
NBI root Indicates the SFTP login user. textagent
→UserName
heartbeat →
Indicates the heartbeat period. The
NBI param → 60 SnmpAgent
value ranges from 3 to 300.
Interval
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
inform →
Indicates the informing delay. The
NBI param → 5 SnmpAgent
value ranges from 5 to 120.
Timeout
file:etc
/ssl/nbi
/
keySto
NBI keyStore JMS Authentication Key XMLAgent
re/JKS
/
keysto
re.jks
0x140
NBI logfilesize max capacity of log file Agent_CORBA
0000
switch level:assert/
internal_error,external_error,io,runti
NBI logswitch 1,1,1,0 Agent_CORBA
me_trace, 1 stands for open, 0
stands for close
MAX_USE
NBI 10 the max user number Agent_CORBA
R
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
MaxHugeTa
NBI 20 The huge task number (default:20) Agent_CORBA
skNum
MIB1 →
Indicates the delimiter of alarm
NBI param → SnmpAgent
information.
Delimiter
1.3.6.1
MIB1 → Indicates the OID reported by the
.
param → heartbeat trap. The value can be
NBI 4.1.20 SnmpAgent
KeepAliveV 1.3.6.1.4.1.2011.2.15.1 or
11.2.1
BOID 1.3.6.1.4.1.2011.2.15.1.7.2.1.
5.1
MIB1 →
Specifies whether to support the
param →
NBI 1 T2000 information format. The SnmpAgent
T2000Suppo
options are as follows: 0: no 1: yes
rt
MIB1 →
Specifies whether to support X.733
param
NBI 0 format. The options are as follows: SnmpAgent
→SupportX
0: not support 1: support
733Alarm
MIB1 →
severity → Critica Indicates the MIB1 alarm severity:
NBI SnmpAgent
param → l Critical.
Critical
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
MIB1 →
severity →
Indeter Indicates the MIB1 alarm severity:
NBI param → SnmpAgent
minate Indeterminate.
Indeterminat
e
MIB1 →
severity → Indicates the MIB1 alarm severity:
NBI Major SnmpAgent
param → Major.
Major
MIB1 →
severity → Indicates the MIB1 alarm severity:
NBI Minor SnmpAgent
param → Minor.
Minor
MIB1 →
severity → Unrep Indicates the MIB1 alarm severity:
NBI SnmpAgent
param → ort Unreport.
Unreport
MIB1 →
severity → Warni Indicates the MIB1 alarm severity:
NBI SnmpAgent
param → ng Warning.
Warning
NamingServ
NBI 12001 Port of the naming service. Agent_CORBA
ice_Port
nmsinfon →
alarmlevel→ Indicates the severity of alarms
NBI 1 SnmpAgent
param→Crit reported by a third-party NMS.
ical
nmsinfon →
alarmlevel→ Indicates the severity of alarms
NBI 1 SnmpAgent
param→Maj reported by a third-party NMS.
or
nmsinfon →
alarmlevel→ Indicates the severity of alarms
NBI 1 SnmpAgent
param→Min reported by a third-party NMS.
or
nmsinfon →
alarmlevel→ Indicates the severity of alarms
NBI 1 SnmpAgent
param→War reported by a third-party NMS.
ning
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
nmsinfon →
category→ Indicates the category of alarm
NBI 0 SnmpAgent
param→Ack reporting for a third-party NMS.
nowledge
nmsinfon →
category→ Indicates the category of alarm
NBI 0 SnmpAgent
param→Cha reporting for a third-party NMS.
nge
nmsinfon →
category→ Indicates the category of alarm
NBI 1 SnmpAgent
param→Eve reporting for a third-party NMS.
nt
nmsinfon →
category→ Indicates the category of alarm
NBI 1 SnmpAgent
param→Faul reporting for a third-party NMS.
t
nmsinfon →
category→ Indicates the category of alarm
NBI 1 SnmpAgent
param→Rec reporting for a third-party NMS.
over
nmsinfon →
category→ Indicates the category of alarm
NBI 0 SnmpAgent
param→Una reporting for a third-party NMS.
cknowledge
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
nmsinfon →
Specifies whether to filter
param→Mai
NBI maintenance alarms. The options SnmpAgent
ntenanceAla
are as follows:
rmFilter
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
-
NoNa
meSvc
-
IORou
tput ./v
ar/ extended configuration item (It can
oss_tm be any startup parameters, must be
NBI notifyext p/nbi/ placed in double quotations, and Notify_Service
corba/ will be referenced instead of being
nt.ior - parsed. For example, notifyext=
ORBTi
meout
30 -
ORBR
unThre
ads 5
NotifyServic
NBI 12002 Port of notify service. Agent_CORBA
e_Port
Naming_Servic
NBI port 12001 port of the naming service
e
SHAKEHA
the max failed times while shaking
NBI ND_FAILE 7 Agent_CORBA
hand
D_LIMIT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
SHAKEHA
NBI ND_PERIO 60 shake hand period(second) Agent_CORBA
D
./etc/
oss_cf
g/nbi/
corba/
conf/ configuration file for the naming
ii_corb service in SSL mode (a full path or Naming_Servic
NBI sslconf
aagent relative path default value: e
_bundl naming_ssl.conf)
e/
namin
g_ssl.c
onf
./etc/
oss_cf
g/nbi/
corba/
conf/ configuration file for the
ii_corb notification service in SSL mode (a
NBI sslconf Notify_Service
aagent full path or relative path default
_bundl value: notify_ssl.conf)
e/
notify_
ssl.con
f
Naming_Servic
NBI sslport 22001 SSL port
e
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Export
Pfm_1 Indicates the name of the scheduled
Task_10_N
NBI 0m_Ta 10-minute performance data textagent
W→Name
sk_N collection task.
W
2009/9
Task_10_N Indicates the export start time of the
/1
NBI W→StartTi scheduled 10-minute performance textagent
0:00:0
me data collection task.
0
Export
Pfm_1 Indicates the name of the scheduled
Task_1440_
NBI 440m_ 1440-minute performance data textagent
NW→Name
Task_ collection task.
NW
2009/9
Task_1440_ Indicates the export start time of the
/1
NBI NW→StartT scheduled 1440-minute textagent
3:00:0
ime performance data collection task.
0
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Export
Task_1440_ Pfm_1 Indicates the name of the scheduled
NBI RCN→Nam 440m_ 1440-minute performance data textagent
e Task_ collection task (wireless).
RCN
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Export
Pfm_1 Indicates the name of the scheduled
Task_15_N
NBI 5m_Ta 15-minute performance data textagent
W→Name
sk_N collection task.
W
2009/9
Task_15_N Indicates the export start time of the
/1
NBI W→StartTi scheduled 15-minute performance textagent
0:00:0
me data collection task.
0
Export
Pfm_1 Indicates the name of the scheduled
Task_15_RC
NBI 5m_Ta 15-minute performance data textagent
N→Name
sk_RC collection task (wireless).
N
2009/9
Task_15_RC Indicates the export start time of the
/1
NBI N→StartTim scheduled 15-minute performance textagent
0:00:0
e data collection task (wireless).
0
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Export
Pfm_3 Indicates the name of the scheduled
Task_30_N
NBI 0m_Ta 30-minute performance data textagent
W→Name
sk_N collection task.
W
2009/9
Task_30_N Indicates the export start time of the
/1
NBI W→StartTi scheduled 30-minute performance textagent
0:00:0
me data collection task.
0
Export
Pfm_3 Indicates the name of the scheduled
Task_30_RC
NBI 0m_Ta 30-minute performance data textagent
N→Name
sk_RC collection task (wireless).
N
2009/9
Task_30_RC Indicates the export start time of the
/1
NBI N→StartTim scheduled 30-minute performance textagent
0:00:0
e data collection task (wireless).
0
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Export
Pfm_3 Indicates the name of the scheduled
Task_360_N
NBI 60m_T 360-minute performance data textagent
W→Name
ask_N collection task.
W
2009/9
Task_360_N Indicates the export start time of the
/1
NBI W→StartTi scheduled 360-minute performance textagent
0:00:0
me data collection task.
0
Export
Indicates the name of the scheduled
Task_5_NW Pfm_5
NBI 5-minute performance data textagent
→Name m_Tas
collection task.
k_NW
2009/9
Indicates the export start time of the
Task_5_NW /1
NBI scheduled 5-minute performance textagent
→StartTime 0:00:0
data collection task.
0
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Export
Pfm_6 Indicates the name of the scheduled
Task_60_N
NBI 0m_Ta 60-minute performance data textagent
W→Name
sk_N collection task.
W
2009/9
Task_60_N Indicates the export start time of the
/1
NBI W→StartTi scheduled 60-minute performance textagent
0:00:0
me data collection task.
0
Export
Pfm_6 Indicates the name of the scheduled
Task_60_RC
NBI 0m_Ta 60-minute performance data textagent
N→Name
sk_RC collection task (wireless).
N
2009/9
Task_60_RC Indicates the export start time of the
/1
NBI N→StartTim scheduled 60-minute performance textagent
0:00:0
e data collection task (wireless).
0
file:etc
/ssl/nbi
NBI trustStore /trust/ JMS Certificate? XMLAgent
trustst
ore.jks
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
v3trap→para
Indicates the engine ID in SNMPv3
NBI m→EngineI SnmpAgent
mode.
D
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
AUTO_SYN
CH_MANU Resource type list supporting timer
PM AL_INST_S synchronization(eg:- PMSDm
UPPORTED 1001,1005,1004)
_RESTYPE
41,43,
DLM_BUL 71,75,
K_ACCESS 45,234
DLM BULK supporrted Access
PM _DEV_TYP 0,2350 PMSDm
device type
E_SUPPOR ,
TED 2346,2
339
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
90033,
90060,
90118,
DLM_BUL 90065,
K_ACCESS 90002,
DLM BULK supporrted resource
PM _RES_TYP 90045, PMSDm
type
E_SUPPOR 90046,
TED 90130,
90132,
90161,
90162
CONFIG_S
UPPORT_H
This item specifies whether HVPLS
VPLS_EXP
Nml_c composite services support
AND_DISC 0
ps extended discovery (site
OVERY_LO
customization) 0(default): No 1: Yes
CALCUSTO
M
PAUSE_AU
Pause NE auto backup and auto
TO_BACK
synchronization when NE is in
DC UP_SYNC_ 0 DCServer
upgrading stage. 0:Do not
WHEN_UP
pause(default) 1:Pause.
GRADE
CONFIG_L
Maximum number of L3VPN
3VPN_VRF
Nml_ip 100 services or VRF that can be
_EXPORT_
exported, the default value is 100.
MAXNUM
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
DelayTimeS
TRAN Synchronous service interval time
ynTSDNSer 600 Eml_PubSvr
S to SNC-T.
vice
CONFIG_T
Specifies whether calculator route
UNNEL_RO
Nml_ip 0 twice for Tunnel. 0 (default): No, 1: Nml_ip
UTECAL_T
Yes.
WICE
BMS_SUPP
ORT_ONT_ if xPON service profile can config
ACCE
INTEROPE 0 or display interoperability BmsAccess
SS
RABILITY_ parameters (0:NO, 1: YES)
MODE1
CMTS_MA
ACCE X_DUMP_ The max cmts dump command num
20 BmsAccess
SS NUM_FOR_ for NBI(20 by default)
NBI
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
ENABLE_
IPLink control automatically creates
PM MTN_AUT 0 PMSDm
an instance of the function switch
O_CREATE
BMS_LST_
ACCE DEV_CRTD Whether show GMT when querying TL1NBiDm,
0
SS ATE_SHOW device(0:NO,1:YES) inTL1NBiDm
_GMT
GET_NBI_F
ILE_FROM Enable to get NBI file from uTraffic
PM 0 TXTNBIDm
_NPMS_EN or Not : 0-No, 1-Yes, default is 0.
ABLE
OPERATIO
N_NUM_F Maximum number of tasks for
PM 20
OR_MUTE mutex obtaining
X
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
g_bNeedMer
Nml_ot Whether need to merge optical trail,
geOpticalTra 0 Nml_otn
n 0: disable, 1: enable default is 0
il
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
1911,1
912,19
PROXYCO 13,188 The resource type list that need PMSDm,BulkC
PM LLECTOR_ 4,1888 collected by PMSCollectorProxy, ollectorDm,SN
DEVTYPE , separate by comma. MPCollectorDm
1808,1
809
GDM_AUT
Whether support update devtype
O_UPDATE
ACCE automatically(0:not update,1:update
_DEVTYPE 0 BmsAccess
SS only with same
_SWITCH_
role,OLT=>OLT,MDU=>MDU)
VERSION
VDSL2_SE
RIALNUM_ The VDSL2 Vendor Serial Number
ACCE
COMBINE_ 0 contains Version Number (0: No, 1: BmsAccess
SS
VERSION_ Yes)
GUI
GPON_VEN
ACCE The swith of VENDORID:1:string
DER_ID_S 1 TL1NBiDm
SS 0:int default(1).
WITH
Management
TRAN whether to check management
AbilityChec 1 Eml_PubSvr
S capability of transit instance
k
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
Router
,Switc
h,IP-
PTN,V
MF,VS
M,Rou The TDT name list that support to
RES_TREE
terPT select multiple topo NEs, when
_MULTI_SE
ACCE N6900 getting resource when creat
LECT_SUP PMSDm
SS ,OAM, instance, seperate by comma.
PORTED_T
TRAN (Using client plugin style:
DT
SMISS DefaultPlugin)
ION,V
8TRA
NS,C
MF,V8
PTN
CONFIG_IP
Specifies whether IP Service
_SERVRICE
Nml_ip 0 Expand is Support.(staic Scenario).
_STATIC_E
(default 0: No, 1: Open)
XPAND
CONFIG_IP
_SERVRICE Specifies whether IP Service
Nml_ip _CUTOVER 0 CutOver Management is Support.
_MANAGE (default 0:No,1:Open)
MENT
CONFIG_SI
Specifies whether siwtich service is
Nml_ip WTICH_SE 0
support.(default 0:No,1:Open)
RVICE
CONFIG_A
Specifies whether adjust network is
Nml_ip DJUST_NE 0
support. (default 0:No, 1:Open)
TWORK
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_A
Specifies whether adjust tunnel
DJUST_TU
Nml_ip 0 route is Support. (default 0: No,
NNEL_ROU
1:Open)
TE
AsonAlarm
Whether convert ason alarm object
NBI Convert2Sta Agent_CORBA
name to standard object
ndard
NOTIFY_P
ACCE MS_CMCN If need notify PMS when CMC
0 BmsAccess
SS AME_CHA name Changed(0:NO,1:YES)
NGEM
common →
Local
NBI param → Address for Sending Trap SnmpAgent
ip
Agent_IP
common →
NBI param → Trap Sending Address SnmpAgent
TrapSendIP
AsonAlarm
Whether convert ason alarm object
NBI Convert2Sta Agent_CORBA
name to standard object
ndard
Customized
Whether return all the CTP of
NBI Requirement 01 XMLAgent
different service type.
_002
PMS_INST
ACCE ANCE_RES Whether to show intance name with
1 PMSDm
SS OURCE_RU CMC name(0:No,1:Yes,Default:1)
LE
CMTS_CM_
ACCE MAC_REPE CM query repeat MAC switch.
0 BmsAccess
SS AT_SWITC (0:disable,1:enable)(default 0)
H
PON_TL1_S
Indicates the list of terminal types
ACCE N_LEN_SP
whose SN length needs to retain 16
SS ECIAL_ON
bytes at PON TL1.
UTYPE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
CONFIG_RI
Whether enable supporting add
NG_SUPPO
node or adjust of mpls ring on
Nml_ip RT_ADJUS 0 nml_ip
U2000 client. 0: disable, 1: enable
T_AND_AD
default is 0
DNODE
RASTER_S
The spectrum configuration is
MSO ET_BEGIN_ 02:00
scheduled for delivery
TIME
CONVERT_
Convert Scheduling Center Tab
SCHEDULI
ACCE Description to One-off Tasks, Apply
NGCENTE 0 BmsAccess
SS Interconnection File Task to
R_DESCRIP
Periodic Tasks(0: no, 1: yes)
TION
OMC_ALA
OMC client alarm function enabling
NBI RM_ENAB 0 OMCAgent
status (0: disabled 1: enabled)
LE
SERVER_S
Indicates the alarm listening port.
NBI OCKET_PO 31232 OMCAgent
The default port is 31232.
RT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
OMC_CLIE
OMC client alarm connection mode
NBI NT_SSL_E 1 OMCAgent
(0: non-SSL mode 1: SSL mode)
NABLE
OMC_HOS
NBI 1A OMC host name OMCAgent
T_NAME
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
tcp://
localIP
:
13171
? Indicates the ActiveMQ TCP
NBI openwire wireFo connection mode. localIP indicates ActiveMQ
rmat.m the local IP address.
axInac
tivityD
uration
=0
ssl://
localIP
:
13172
?
transp
ort.ena
bledCi
pherSu
ites=T
LS_RS
A_WI
TH_A
ES_12
8_CB Indicates the ActiveMQ SSL
NBI ssl C_SH connection mode. localIP indicates ActiveMQ
A&tra the local IP address.
nsport.
needCl
ientAu
th=true
&trans
port.en
abledP
rotocol
s=SSL
v2Hell
o,TLS
v1.1,T
LSv1.
2
CONFIG_IP
E2E_COM
IPE2E common operate number
Nml_ip MON_OPE 5000
control.
RATE_NU
M
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
ITEM_L3V
PN_SERVIC limit the link of L3vpn service on
Nml_ip 10000 nml_ip
E_LINK_LI topo
MIT
BMS_LSTS
Specifies whether LST-
ACCE ERVICEPO TL1NBiDm,
1 SERVICEPORT supports the
SS RT_SUP_O inTL1NBiDm
display of ONT IDs. (0: No 1: Yes)
NTID
IS_CONT_
Is continue to operate when
OPER_TPO
TPOAM params inconsisient. 0: Is
Nml_ip AM_PARA 0 Nml_ip
not continue 1: Continue to operate
M_INCONS
Default:0.
ISIENT
XMLNBI_O
ACCE PTICALMO The Format of Optical module inbxmlsoap_age
0
SS DULE_TRA transmission distance(0:0 1:550) nt
NS_DIST
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
RouterMgrDm,
IP links support enabling of the FrameSWMgrD
IP_CO IsSupportPtn
discovery based on PTN private m,BoxSWMgrD
MMO PriProtclLin 0
protocols.<0:close 1:open>. The m,SecurityMgr
N k
default value is 0. Dm,DmsBaseD
m
Huawe
OMC_NAM
NBI i_U20 OMC name OMCAgent
E
00
OMC_TMP
NBI _FILE_SAV 3 Days for reserving tmp dir OMCAgent
E_DATES
OMC_WAIT
NM waits for the EM timeout(unit:
NBI _FOR_EM_ 5 OMCAgent
minute).
MINUTES
OMC_ALA
RM_FILE_S
NBI 5 Days for reserving alarm logs OMCAgent
AVE_DATE
S
OMC_ALA
Minimum number of reserved alarm
NBI RM_FILE_S 10 OMCAgent
log files
AVE_MIN
CHECKRIG
Alarm connection check user rights
NBI HT_ENABL 1 OMCAgent
function (0: disabled 1: enabled)
E
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
SECTION_
sectioncode supports status (1:
NBI CODE_SUP 1 OMCAgent
supported 0: not supported)
PORT
SESSION_H
Session heartbeat timeout (unit:
NBI EARTBEAT 3 OMCAgent
minute)(value:1~480)
_TIMEOUT
INVENTOR
Data volume of OMC one-time
NBI Y_EXPORT 500 OMCAgent
writing
_NUM
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
TLS_E
CDHE
_ECD
SA_W
ITH_A
ES_12
8_CB
C_SH
A256,
TLS_E
CDHE
_RSA
_WIT
H_AE
S_128
_CBC
_SHA
256,T
LS_RS
A_WI
TH_A
ES_12
8_CB
SSLSocketC
C_SH SSLSocket supported encryption
NBI ipherSuitesF OMCAgent
A256, suite
ilter
TLS_E
CDH_
ECDS
A_WI
TH_A
ES_12
8_CB
C_SH
A256,
TLS_E
CDH_
RSA_
WITH
_AES_
128_C
BC_S
HA25
6,TLS
_ECD
HE_E
CDSA
_WIT
H_AE
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
S_128
_CBC
_SHA,
TLS_E
CDHE
_RSA
_WIT
H_AE
S_128
_CBC
_SHA,
TLS_
RSA_
WITH
_AES_
128_C
BC_S
HA,T
LS_E
CDH_
ECDS
A_WI
TH_A
ES_12
8_CB
C_SH
A,TLS
_ECD
H_RS
A_WI
TH_A
ES_12
8_CB
C_SH
A,TLS
_ECD
HE_E
CDSA
_WIT
H_AE
S_128
_GCM
_SHA
256,T
LS_E
CDHE
_RSA
_WIT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
H_AE
S_128
_GCM
_SHA
256,T
LS_RS
A_WI
TH_A
ES_12
8_GC
M_SH
A256,
TLS_E
CDH_
ECDS
A_WI
TH_A
ES_12
8_GC
M_SH
A256,
TLS_E
CDH_
RSA_
WITH
_AES_
128_G
CM_S
HA25
6
TLSv1
SSLSocketE
.
NBI nabledProtoc SSLSocket supported protocols OMCAgent
1,TLS
ols
v1.2
OMC_NUM HWCS
NBI OMC Number OMCAgent
BER A
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
BMS_COM
For Third ONT, Whether
PARE_ONT
ACCE Comparing Current Version and
_VERSION 1 BmsAccess
SS Target Version After ONT
_FOR_UPG
upgraded. (0: No 1: Yes)
RADE
NEMG
UserVlan_M The upper limit of UserVlan
R_SWI 30000 RouterMgrDm
ax_Num number.The default value is 30000
TCH
DATA_REL
PMCO
IABLE_MA SNMPCollector
LLECT 100 Trusted data growth rate
X_VARIATI Dm
OR
ON
ONT_XML_
ACCE INFO_THR Query ont info from xml for
20 BmsAccess
SS EAD_SWIT NBI,default 20
H
WEBREND C:
ER_DIREC \Wind
ENV Webrender directory path setting client
TORY_SET ows
TING \Temp
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
ACCESS_R
ACCE ESSTAT_N Max. batch size in notify stat
3 BmsAccess
SS OTIFY_DE task[1,500]
V_NUM
ACCESS_N
ACCE whether shows NE Migrate BmsAccess,Bm
E_MIGRAT 0
SS interface(0:NO,1:YES) sCommon
E_SWITCH
RecoverTrail
when search trail, recover trail name
Nml_s NameFromN
0 from cross-connection of ne or not, Nml_sdh
dh EWhenSearc
0 from network(default), 1 from ne
h
bSupportMo
Whether modify trail sncp attribute
Nml_s difySNCPAt
0 when modify trail, 0: disable, Nml_sdh
dh tiWhenModi
1:enable
fyTrail
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
MAX_OPE
RATION_F Check the Mart interface to record
NBI 500 xmlagent
LOW_RES the maximum number of operations.
ULT
RouterMgrDm,
NEDIAG_P Process testCase interval,0:no limit FrameSWMgrD
IPCom
ROCESSIN 0 other integer:the interval of the m,BoxSWMgrD
mon
TERVAL testcase Unit:second m,SecurityMgr
Dm
nemgr_trans_*,
AlarmComp
United Alarm Compress Function nemgr_v8trans_
ressFunction 0
Mgr Switch(1:enable , 0:disable) 1,nemgr_v8ptn_
Switch
1,TrapReceiver*
CONFIG_T
UNNEL_N Notice Bind ring after create
Nml_ip 0
OTICE_BA Tunnel.(Default 0: close, 1: open.)
ND_RING
CONFIG_E
XPORT_SE The number of export services is
Nml_ip 1000
RVICE_NU recommended no more than 5000
MBER
ACCESS_S
ACCE HOW_VSG whether show VSG license by olt. BmsAccess,Bm
1
SS _LICENSE_ (0:no,1:yes) sCommon
FOR_OLT
CONFIG_IS
_SUPPORT Specifies whether to enable the
_PORT_IP_ TCAT to change the IP addresses of
Nml_ip 0
ADDRESS_ ports (0: disable 1:enable the default
MODIFY_I value is 0.
N_TCAT
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
PortInvalidS
The period of function port inavlid
TRAN tatusSchedul
0 status schedule.(the valid range nemgr*
S ePeriod_CF
should be:0-23 default:0)
G
COLLECT_
POLICY_D
ACCE resstate init start time(default : BmsAccess,Bm
B_DATA_S 05:00
SS 05:00) sCommon
TART_TIM
E
COLLECT_
ACCE POLICY_D resstate init end time(default : BmsAccess,Bm
05:00
SS B_DATA_E 05:00) sCommon
ND_TIME
BMS_OPEN
ACCE _DEV_PAN
0 Switch of Opening Device Panel. BmsAccess
SS EL_SWITC
H
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
BMS_NOR
ACCE Is support normal data format(0: BmsPonEmsTL
MAL_DAT 0
SS No, 1: Yes, default: 0) 1
A_RSPFMT
ONT_HAR
Whether LST-EPONONT return
ACCE DWARE_V
0 ONT hardware version (0:no,1:yes BmsAccess
SS ERSION_S
default: 0)
WITH
GPON_VEN
The swith of VENDORID about
ACCE DORID_AU TL1NBiDm,inT
0 LST-GPONONTAUTOFIND:
SS TOFIND_S L1NBiDm
1:string 0:int default(0).
WITH
EXPORT_O
ACCE MC_PSG_S OMC of PSG export start BmsAccess,
23:00
SS TART_TIM time(default:23:00). BmsCommon
E
EXPORT_O
ACCE swith of export OMC PSG(0:close BmsAccess,
MC_PSG_S 0
SS 1:open) BmsCommon
WTICH
EXPORT_O
ACCE MC_ONU_S OMC of ONU export start BmsAccess,
23:00
SS TART_TIM time(default:23:00). BmsCommon
E
EXPORT_O
ACCE swith of export OMC ONU(0:close BmsAccess,
MC_ONU_S 0
SS 1:open) BmsCommon
WTICH
EXPORT_O
ACCE BmsAccess,
MC_ONU_I 7 ONU file export interval (in days)
SS BmsCommon
NTERVAL
EXPORT_O
ACCE MC_ONU_ swith of export OMC UNI(0:close BmsAccess,
0
SS UNI_SWTI 1:open) BmsCommon
CH
EXPORT_O
ACCE MC_MG_S OMC of MG export start BmsAccess,
23:00
SS TART_TIM time(default:23:00). BmsCommon
E
EXPORT_O
ACCE swith of export OMC MG(0:close BmsAccess,
MC_MG_S 0
SS 1:open) BmsCommon
WTICH
Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
EXPORT_O
ACCE BmsAccess,
MC_MG_IN 7 MG file export interval (in days)
SS BmsCommon
TERVAL
EXPORT_O
ACCE MC_LINK_ OMC of Link export start BmsAccess,
23:00
SS START_TI time(default:23:00). BmsCommon
ME
EXPORT_O
ACCE swith of export OMC Link(0:close BmsAccess,
MC_LINK_ 0
SS 1:open) BmsCommon
SWTICH
EXPORT_O
ACCE BmsAccess,
MC_LINK_I 7 Link file export interval (in days)
SS BmsCommon
NTERVAL
C.11.1.1 Immediately Backing Up the U2000 Data to a Local Server Through the
MSuite
This topic describes how to immediately back up the U2000 database to a local server through
the NMS maintenance suite (MSuite). After this configuration, the database can be safely and
quickly restored after a fault occurs.
Prerequisites
l The database is running.
l Sufficient disk space is available.
– On Windows, generally, the available disk space of the local temporary directory
and the local backup path is over 1/3 of that for the local database. The default local
– On SUSE Linux, the available disk space of the local backup path is over 3/4 (This
is an empirical value. You can evaluate the space required by each database based
on the value queried in the sp_helpdb command output. The required space is
calculated as follows: Total size = (Remaining date space + Remaining log
space). Then, evaluate the available space of the local backup path.) of that for the
local database, not considering the disk space of the local temporary directory. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
Context
The backup process cannot be canceled once it is started.
The personal information (including personal name, phone numbers and addresses) on the
U2000 and all user names and passwords are also backed up. Therefore, you are obligated to
take considerable measures, in compliance with the laws of the countries concerned and the
user privacy policies of your company, to ensure that the personal data of users is fully
protected.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
NOTE
On a high availability system, log in to the MSuite client on the active site.
Step 2 On the MSuite client, choose Backup and Restore > Backup System Data from the main
menu.
Step 3 Select Data Backup-Binary Mode(Recommended), and then click Next.
NOTE
Data Backup-Text Mode is only used to collect fault information when the U2000 fails to locate and
rectify the fault. This mode is not recommended during routine database backup.
earlier backup files will be deleted automatically. It is recommended that you use the
default value.
2. Set the backup path for storing the backup file. Select Local server and then set the
Backup Path.
– It is recommended that you use the default backup path. If the system asks whether
to create a default backup path, click Yes to create the path.
– If you want to use another backup path, click Browse to select it.
– The Backup Path must be a relative path that contains letters, digits, underscores (_),
or hyphens (-) and excludes the space, bracket, Chinese characters and so on. The
complete path name cannot exceed 60 characters. For Windows, the Backup Path
must be located on the disk drive of the server. You can query or modify the default
database backup root path referring to modifyDefaultBackupPath.
– If Backup Path is not specified, the default backup path is used. For details, see
Backup Path.
– If the entered Backup Path value does not exist, the system displays a message
asking you whether to create the directory. Click Yes.
– On Solaris OS or SUSE Linux OS, if the entered Backup Path value exists, assign
permissions to the Backup Path based on the level as root user.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists,
run the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R
750 /opt/backup/dbbackup/backup
NOTE
If the U2000 is running, the follow box is displayed, please click the Yes and ensure that the NMS is not
performing configuration operations.
Step 6 The system starts the backup preprocessing and backup process. A progress bar is displayed
showing the backup progress. Wait patiently.
----End
l The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
l If the U2000 is running, please stop NMS first, and then backup the U2000 data, or
backup operation fails.
On Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -DumpDB -
StoreMode local -FilePath Backup path
Enter the MSuite login password[]:
NOTE
l The backup directory must be a relative path (the root path is /opt/backup/dbbackup) that contains
letters, digits, underscores (_), or hyphens (-) and excludes the space, bracket, Chinese characters
and so on. The path name cannot exceed 60 characters. For Windows, the backup directory must be
located on the disk drive of the server.
MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password. For
details, see C.3.1 Changing the Password of the MSuite.
Prerequisites
l The database is running.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
l The FTP or SFTP user must have the write permission for the remote FTP/SFTP server,
and the U2000 server and remote FTP server can communicate with each other properly.
l If the network segments for the U2000 and the FTP/SFTP server are on different
firewalls, the FTP/SFTP (more secure, recommended) service from the U2000 to the
FTP/SFTP server must be enabled on the firewalls. For details about how to enable the
FTP/SFTP (more secure, recommended) service, see the firewall guide.
l Sufficient disk space is available. Generally, the disk space of the local temporary
directory is over 2/3 of that for the local database, and the disk space of the remote
backup path is over 1/3 of that for the local database.
– On Windows, the default local temporary directory is D:\tmp, the default local
database path is D:\data in a single-server system. To view the disk space, right-
click Data file path and choose Properties from the shortcut menu.
– On Solaris, the default local temporary directory is /opt/backup/dbbackup/tmp,
the disk space of the local temporary directory (/tmp) is 500 MB or above. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
Context
l The backup process cannot be canceled once it is started.
l On the Solaris OS, if the tmp directory exists in the /opt/backup/dbbackup path, you
need to ensure that the owner and group of the directory are both sybase. Run the
following commands to change the owner and group of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/backup/dbbackup/tmp
# chmod -R 775 /opt/backup/dbbackup/tmp
If the tmp directory doesn't exist in the /opt/backup/dbbackup path, the temporary
directory tmp is created in the /opt/backup/dbbackup path during the backup of the
database.
The personal information (including personal name, phone numbers and addresses) on
the U2000 and all user names and passwords are also backed up. Therefore, you are
obligated to take considerable measures, in compliance with the laws of the countries
concerned and the user privacy policies of your company, to ensure that the personal data
of users is fully protected.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
NOTE
On a high availability system, log in to the MSuite client on the active site.
Step 2 On the MSuite client, choose Backup and Restore > Backup System Data from the main
menu.
Step 3 Select Data Backup-Binary Mode(Recommended), and then click Next.
NOTE
Data Backup-Text Mode is only used to collect fault information when the U2000 fails to locate and
rectify the fault. This mode is not recommended during routine database backup.
NOTE
n Backup Path on the Remote Server can not be null, and in Solaris or SUSE Linux, the
backup directory cannot be /. In Windows, the backup directory cannot be the root
directory for the SFTP or FTP service. The backup directory contains letters, digits,
underscores (_), or hyphens (-) and excludes space brackets, Chinese characters and so
on. The path name cannot exceed 60 characters.
n The backup path on the remote Windows server must be the same as that FTP/SFTP
service on the server provide, otherwise, backup fails.
n In case the ftpuser user is used for remote Solaris and SUSE Linux server backup, log in
to the remote server as the root user using the PuTTY to create the backup directory in
the ftpuser user's root directory (/opt/backup/ftpboot) on the remote server, and modify
the created directory rights (the created backup directory tmp is used as an example in
the following command):
# mkdir /opt/backup/ftpboot/tmp
# chown -R ftpuser:ossgroup /opt/backup/ftpboot/tmp
# chmod -R 700 /opt/backup/ftpboot/tmp
n In case the ossuser user is used for remote Solaris and SUSE Linux server backup, enter
the Backup Path on the Remote Server.
○ If the entered Backup Path on the Remote Server is exist, make sure the
permission is ossuser:ossgroup and more than 700 or the task periodically
backing up the U2000 database to a remote server would failed.
○ If the entered Backup Path on the Remote Server is a relative path but not exist
in the ossuser user's root directory, the system displays a message asking you
whether to create the directory. Click Yes, the system will create the directory.
○ If the entered Backup Path on the Remote Server is an absolute path but failed
created. Log in to the remote server as root user using the PuTTY to create the
backup directory, and modify the created directory rights.
# mkdir Folder that stores backup files
# chown -R ossuser:ossgroup Folder that stores backup files
# chmod -R 700 Folder that stores backup files
NOTE
l If the U2000 is running, the follow box is displayed, please click the Yes and ensure that the NMS is
not performing configuration operations.
l On Windows, if the default temporary directory does not exist or the disk space is insufficient, a
message is displayed asking you to select a temporary directory. Click Browse to select a disk with
enough space. Select only the drive letter, for example, F:\.
l If the entered Backup Path value does not exist, the system displays a message asking you whether
to create the directory. Click Yes.
Step 6 The system starts the backup preprocessing and backup process. A progress bar is displayed
showing the backup progress. Wait patiently.
Step 7 After the backup is complete, click Finish.
----End
l The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
l If the U2000 is running, please stop NMS first, and then backup the U2000 data, or
backup operation fails.
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l IP address of the remote server: IP address of the remote server whether the backup file is stored.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
l Password: Password of the FTP user or SFTP user.
l Backup path: Path for storing the backup file. Ensure that the FTP user or SFTP user have write
permissions for this path.
Prerequisites
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.8 How to End the Processes of the U2000 Single-Server System on Windows.
l The database must be running. If the database is not running, see A.7.4 How to Start the
SQL Server Database.
l If the database of U2000 A needs to restored on U2000 B, ensure that:
– The database file installation paths on U2000 A and U2000 B are the same.
NOTE
For example, if the database file path on U2000 A is D:\data when U2000 A is installed and the
database file path on U2000 B is C:\data when U2000 B is installed, the database file installation
paths on U2000 A and U2000 B are different and the database on U2000 A cannot be restored on
U2000 B. If you create C:\data on U2000 A, copy files in D:\data to C:\data, and use C:\data
on U2000 A to restore the database on U2000 B, the restoration will also fail.
– The OS type and version of U2000 B must be the same as those on U2000 A.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 3 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 4 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 5 After U2000 data is restored, click Finish.
Step 6 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.7 How to Start
the Processes of the U2000 Single-Server System on Windows.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
Prerequisites
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.8 How to End the Processes of the U2000 Single-Server System on Windows.
l The database must be running. If the database is not running, see A.7.4 How to Start the
SQL Server Database.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
l If the database of U2000 A needs to restored on U2000 B, ensure that:
– The database file installation paths on U2000 A and U2000 B are the same.
NOTE
For example, if the database file path on U2000 A is D:\data when U2000 A is installed and the
database file path on U2000 B is C:\data when U2000 B is installed, the database file installation
paths on U2000 A and U2000 B are different and the database on U2000 A cannot be restored on
U2000 B. If you create C:\data on U2000 A, copy files in D:\data to C:\data, and use C:\data
on U2000 A to restore the database on U2000 B, the restoration will also fail.
– The OS type and version of U2000 B must be the same as those on U2000 A.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 3 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 4 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 6 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
Follow-up Procedure
After restoring U2000 data, start the NMS processes, for details, see A.10.7 How to Start the
Processes of the U2000 Single-Server System on Windows.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
C.11.3.1 Restoring U2000 Single-Server System (Solaris) Data from a Local Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped, see A.10.9 How to Verify That the
Processes of the U2000 Single-Server System Are Running on Solaris. If U2000
processes are not stopped, see A.10.11 How to End the Processes of the U2000 Single-
Server System on (Solaris).
l The database must be running, see A.8.1.3 How to Verify That the Sybase Database Is
Running. If the database is not running, see A.8.1.2 How to Start the Sybase Database
Service.
l Ensure that the owner for the path in which restoration data is stored is ossuser and the
user group for the path is ossgroup and the path has the read, write, and execution
permissions. You do not need to change the permission for the /opt directory.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists, run
the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R 750 /opt/
backup/dbbackup/backup
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 3 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 4 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 5 After U2000 data is restored, click Finish.
Step 6 Optional: If sybase 12.5 is used, please do as follows to restart it.
1. Shut down the database service.
2. Start the database service.
Step 7 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
NOTE
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.10 How to Start
the Processes of the U2000 Single-Server System on Solaris.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped, see A.10.9 How to Verify That the
Processes of the U2000 Single-Server System Are Running on Solaris. If U2000
processes are not stopped, see A.10.11 How to End the Processes of the U2000 Single-
Server System on (Solaris).
l The database must be running, see A.8.1.3 How to Verify That the Sybase Database Is
Running. If the database is not running, see A.8.1.2 How to Start the Sybase Database
Service.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
Context
l The temporary directory tmp is created in the /opt path during the database restoration. If
the tmp directory exists in the /opt path, you need to ensure that the owner of the
directory is ossuser, and the user group of the directory is ossgroup. The directory must
have read, write, and execute permissions. Run the following commands to change the
owner, group, and permissions of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/tmp
# chmod -R 775 /opt/tmp
l Ensure that the owner for the path in which restoration data is stored has the read, write,
and execution permissions. Run the following commands to change the permissions:
# chmod -R 775 path
l During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program,
the connection is automatically torn down to ensure successful restoration of the U2000
data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
l During restoration, the ftpuser user can obtain backup files only from the /opt/backup/
ftpboot path on the remote server, and the ossuser user can obtain backup files only
from the /export/home/ossuser path on the remote server. Therefore, ensure that each
path has backup files before restoration.
Procedure
Step 1 Optional: Perform the following operations to check that the mapping path has backup files:
l Access the /opt/backup/ftpboot path to check that the backup files exist for the ftpuser
user.
l Access the /export/home/ossuser path to check that the backup files exist for the
ossuser user.
Step 2 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 3 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 4 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 5 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 8 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode remote -TransMode ftp or sftp -Server IP address of the remote server -
FTPUserName FTP or SFTP user name -FilePath Path where the file to be restored
resides/201201211230
Enter the MSuite login password[]:
Enter the FTP or SFTP user password[]:
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l IP address of the remote server: The IP address of the server where the restoration data is stored.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
Follow-up Procedure
After restoring U2000 data, start the NMS processes, for details, see A.10.10 How to Start
the Processes of the U2000 Single-Server System on Solaris.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
C.11.4.1 Restoring U2000 Single-Server System (SUSE Linux) Data from a Local
Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped, see A.10.12 How to Verify That the
Processes of the U2000 Single-Server System Are Running on SUSE Linux. If
U2000 processes are not stopped, see A.10.14 How to End the Processes of the U2000
Single-Server System on (SUSE Linux).
l The database must be running, see A.8.1.3 How to Verify That the Sybase Database Is
Running. If the database is not running, see A.8.1.2 How to Start the Sybase Database
Service.
l Ensure that the owner for the path in which restoration data is stored is ossuser and the
user group for the path is ossgroup and the path has the read, write, and execution
permissions. You do not need to change the permission for the /opt directory.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists, run
the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R 750 /opt/
backup/dbbackup/backup
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 3 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 4 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 6 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On a Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode local
Enter the MSuite login password[]:
NOTE
Follow-up Procedure
After restoring U2000 data, start the NMS processes, for details, see A.10.13 How to Start
the Processes of the U2000 Single-Server System on SUSE Linux.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped, see A.10.12 How to Verify That the
Processes of the U2000 Single-Server System Are Running on SUSE Linux. If
U2000 processes are not stopped, see A.10.14 How to End the Processes of the U2000
Single-Server System on (SUSE Linux).
l The database must be running, see A.8.1.3 How to Verify That the Sybase Database Is
Running. If the database is not running, see A.8.1.2 How to Start the Sybase Database
Service.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
Context
l The temporary directory tmp is created in the /opt path during the database restoration. If
the tmp directory exists in the /opt path, you need to ensure that the owner of the
directory is ossuser, and the user group of the directory is ossgroup. The directory must
have read, write, and execute permissions. Run the following commands to change the
owner, group and permissions of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/tmp
# chmod -R 775 /opt/tmp
l Ensure that the owner for the path in which restoration data is stored has the read, write,
and execution permissions. Run the following commands to change the permissions:
# chmod -R 775 path
l During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program,
the connection is automatically torn down to ensure successful restoration of the U2000
data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
l During restoration, the ftpuser user can obtain backup files only from the /opt/backup/
ftpboot path on the remote server, and the ossuser user can obtain backup files only
from the /export/home/ossuser path on the remote server. Therefore, ensure that each
path has backup files before restoration.
Procedure
Step 1 Optional: Perform the following operations to check that the mapping path has backup files:
l Access the /opt/backup/ftpboot path to check that the backup files exist for the ftpuser
user.
l Access the /export/home/ossuser path to check that the backup files exist for the
ossuser user.
Step 2 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
Step 3 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 4 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 5 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 6 After U2000 data is restored, click Finish.
Step 7 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l IP address of the remote server: The IP address of the server where the restoration data is stored.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.13 How to Start
the Processes of the U2000 Single-Server System on SUSE Linux.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
C.11.5.1 Restoring U2000 High Availability System (Solaris) Data from a Local
Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.17 How to End the U2000 Processes of the High Availability System (Solaris, PC
Linux).
l Ensure that the owner for the path in which restoration data is stored is ossuser and the
user group for the path is ossgroup and the path has the read, write, and execution
permissions. You do not need to change the permission for the /opt directory.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists, run
the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R 750 /opt/
backup/dbbackup/backup
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Separate the primary site and secondary site. For details, see C.6.2 Separating the Primary
Site from the Secondary Site.
Step 2 Start the database on the primary site, see A.8.1.2 How to Start the Sybase Database
Service.
Step 3 Log in to the MSuite client of the primary site. For details, see C.2.2 Logging In to the
MSuite Client.
Step 4 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 5 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 6 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 9 After U2000 data is restored on the primary site, start the database on the secondary site, see
A.8.1.2 How to Start the Sybase Database Service.
Step 10 Log in to the MSuite client of the secondary site to restore U2000 data on the secondary site.
For details, see step 4 to 9.
NOTE
If the data for restoration is on the primary site, select Remote server for data on the secondary site. If
the data for restoration is on the secondary site, select Local server to restore the data on the secondary
site.
Step 11 On the primary and secondary site, synchronize network configurations. For details, see C.5.3
Synchronizing Network Configurations.
Step 12 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
Step 13 To view data synchronization status, run the following command on the active site:
If the displayed information contains "needs dcm resynchronization", it indicates that the
status is abnormal. Then, run the following command to synchronize data:
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On a Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode local
Enter the MSuite login password[]:
NOTE
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.16 How to Start
the U2000 Processes of the High Availability System (Solaris, PC Linux).
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
C.11.5.2 Restoring U2000 High Availability System (Solaris) Data from a Remote
Server
If the backup U2000 data is stored on a remote server, you can restore U2000 data from the
remote server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.17 How to End the U2000 Processes of the High Availability System (Solaris, PC
Linux).
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
Context
l The temporary directory tmp is created in the /opt path during the database restoration. If
the tmp directory exists in the /opt path, you need to ensure that the owner of the
directory is ossuser, and the user group of the directory is ossgroup. The directory must
have read, write, and execute permissions. Run the following commands to change the
owner, group, and permissions of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/tmp
# chmod -R 775 /opt/tmp
l Ensure that the owner for the path in which restoration data is stored has the read, write,
and execution permissions. Run the following commands to change the permissions:
# chmod -R 775 path
l During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program,
the connection is automatically torn down to ensure successful restoration of the U2000
data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
l During restoration, the ftpuser user can obtain backup files only from the /opt/backup/
ftpboot path on the remote server, and the ossuser user can obtain backup files only
from the /export/home/ossuser path on the remote server. Therefore, ensure that each
path has backup files before restoration.
Procedure
Step 1 Separate the primary site and secondary site. For details, see C.6.2 Separating the Primary
Site from the Secondary Site.
Step 2 Start the database on the primary site, see A.8.1.2 How to Start the Sybase Database
Service.
Step 3 Optional: Perform the following operations to check that the mapping path has backup files:
l Access the /opt/backup/ftpboot path to check that the backup files exist for the ftpuser
user.
l Access the /export/home/ossuser path to check that the backup files exist for the
ossuser user.
Step 4 Log in to the MSuite client of the primary site. For details, see C.2.2 Logging In to the
MSuite Client.
Step 5 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 6 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 8 After U2000 data is restored on the primary site, start the database on the secondary site, see
A.8.1.2 How to Start the Sybase Database Service.
Step 9 Log in to the MSuite client of the secondary site to restore U2000 data on the secondary site.
For details, see step 4 to 9.
NOTE
If the data for restoration is on the primary site, select Remote server for data on the secondary site. If
the data for restoration is on the secondary site, select Local server to restore the data on the secondary
site.
Step 10 On the primary and secondary site, synchronize network configurations. For details, see C.5.3
Synchronizing Network Configurations.
Step 11 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
Step 12 To view data synchronization status, run the following command on the active site:
If the displayed information contains "needs dcm resynchronization", it indicates that the
status is abnormal. Then, run the following command to synchronize data:
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode remote -TransMode ftp or sftp -Server IP address of the remote server -
FTPUserName FTP or SFTP user name -FilePath Path where the file to be restored
resides/201201211230
Enter the MSuite login password[]:
Enter the FTP or SFTP user password[]:
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l IP address of the remote server: The IP address of the server where the restoration data is stored.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.16 How to Start
the U2000 Processes of the High Availability System (Solaris, PC Linux).
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
C.11.6.1 Restoring U2000 High Availability System (SUSE Linux) Data from a
Local Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.17 How to End the U2000 Processes of the High Availability System (Solaris, PC
Linux).
l Ensure that the owner for the path in which restoration data is stored is ossuser and the
user group for the path is ossgroup and the path has the read, write, and execution
permissions. You do not need to change the permission for the /opt directory.
Run the following command as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists, run
the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R 750 /opt/
backup/dbbackup/backup
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 1 Separate the primary site and secondary site. For details, see C.6.2 Separating the Primary
Site from the Secondary Site.
Step 2 Start the database on the primary site, see A.8.1.2 How to Start the Sybase Database
Service.
Step 3 Log in to the MSuite client of the primary site. For details, see C.2.2 Logging In to the
MSuite Client.
Step 4 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 5 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 6 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 9 After U2000 data is restored on the primary site, start the database on the secondary site, see
A.8.1.2 How to Start the Sybase Database Service.
Step 10 Log in to the MSuite client of the secondary site to restore U2000 data on the secondary site.
For details, see step 4 to 9.
NOTE
If the data for restoration is on the primary site, select Remote server for data on the secondary site. If
the data for restoration is on the secondary site, select Local server to restore the data on the secondary
site.
Step 11 On the primary and secondary site, synchronize network configurations. For details, see C.5.3
Synchronizing Network Configurations.
Step 12 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
Step 13 To view data synchronization status, run the following command on the active site:
If the displayed information contains "needs dcm resynchronization", it indicates that the
status is abnormal. Then, run the following command to synchronize data:
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On a Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode local
Enter the MSuite login password[]:
NOTE
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.16 How to Start
the U2000 Processes of the High Availability System (Solaris, PC Linux).
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
C.11.6.2 Restoring U2000 High Availability System (SUSE Linux) Data from a
Remote Server
If the backup U2000 data is stored on a remote server, you can restore U2000 data from the
remote server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
10.17 How to End the U2000 Processes of the High Availability System (Solaris, PC
Linux).
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.10.40 How to Configure the FTP or SFTP Service on Windows OS.
Context
l The temporary directory tmp is created in the /opt path during the database restoration. If
the tmp directory exists in the /opt path, you need to ensure that the owner of the
directory is ossuser, and the user group of the directory is ossgroup. The directory must
have read, write, and execute permissions. Run the following commands to change the
owner, group, and permissions of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/tmp
# chmod -R 775 /opt/tmp
l Ensure that the owner for the path in which restoration data is stored has the read, write,
and execution permissions. Run the following commands to change the permissions:
# chmod -R 775 path
l During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program,
the connection is automatically torn down to ensure successful restoration of the U2000
data.
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
l During restoration, the ftpuser user can obtain backup files only from the /opt/backup/
ftpboot path on the remote server, and the ossuser user can obtain backup files only
from the /export/home/ossuser path on the remote server. Therefore, ensure that each
path has backup files before restoration.
Procedure
Step 1 Separate the primary site and secondary site. For details, see C.6.2 Separating the Primary
Site from the Secondary Site.
Step 2 Start the database on the primary site, see A.8.1.2 How to Start the Sybase Database
Service.
Step 3 Optional: Perform the following operations to check that the mapping path has backup files:
l Access the /opt/backup/ftpboot path to check that the backup files exist for the ftpuser
user.
l Access the /export/home/ossuser path to check that the backup files exist for the
ossuser user.
Step 4 Log in to the MSuite client of the primary site. For details, see C.2.2 Logging In to the
MSuite Client.
Step 5 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.
Step 6 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 8 After U2000 data is restored on the primary site, start the database on the secondary site, see
A.8.1.2 How to Start the Sybase Database Service.
Step 9 Log in to the MSuite client of the secondary site to restore U2000 data on the secondary site.
For details, see step 4 to 9.
NOTE
If the data for restoration is on the primary site, select Remote server for data on the secondary site. If
the data for restoration is on the secondary site, select Local server to restore the data on the secondary
site.
Step 10 On the primary and secondary site, synchronize network configurations. For details, see C.5.3
Synchronizing Network Configurations.
Step 11 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
Step 12 To view data synchronization status, run the following command on the active site:
If the displayed information contains "needs dcm resynchronization", it indicates that the
status is abnormal. Then, run the following command to synchronize data:
----End
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
On Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode remote -TransMode ftp or sftp -Server IP address of the remote server -
FTPUserName FTP or SFTP user name -FilePath Path where the file to be restored
resides/201201211230
Enter the MSuite login password[]:
Enter the FTP or SFTP user password[]:
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l IP address of the remote server: The IP address of the server where the restoration data is stored.
l MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.10.16 How to Start
the U2000 Processes of the High Availability System (Solaris, PC Linux).
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
Prerequisites
l The NMS processes are ended. Perform the following operations to end the NMS
processes if they are running:
– For the Single-Server System (Windows), see A.10.8 How to End the Processes of
the U2000 Single-Server System on Windows.
– For the Single-Server System (Solaris), see A.10.11 How to End the Processes of
the U2000 Single-Server System on (Solaris).
– For the Single-Server System (SUSE Linux), see A.10.14 How to End the
Processes of the U2000 Single-Server System on (SUSE Linux).
– For the High Availability System (Solaris/SUSE Linux), see A.10.17 How to End
the U2000 Processes of the High Availability System (Solaris, PC Linux).
l The database is running. Perform the following operations to start the database if it is not
running:
– For the Single-Server System (Windows), see A.7.4 How to Start the SQL Server
Database.
– For the Single-Server System (Solaris), see A.8.1.2 How to Start the Sybase
Database Service.
– For the Single-Server System (SUSE Linux), see A.8.1.2 How to Start the Sybase
Database Service.
– For the High Availability System (Solaris/SUSE Linux), see A.8.1.2 How to Start
the Sybase Database Service.
l In a high availability (HA) system, freeze the AppService resource group. For more
information, see 11.5.3 Locking a Resource Group.
Context
This operation will delete all U2000 data from the database and restore all U2000 information
to default settings. Therefore, back up the U2000 database and NMS deployment information
before performing initialization.
This operation will:
l Restore the login passwords of admin user for the U2000 client , NE Software
Management and the U2000 System Monitor client to the initial passwords (The initial
password of the admin user is Changeme_123. The password must be changed during
the first login to ensure system security. Keep the password confidential and change it
regularly.).
l Delete all service data that users configured on the U2000 client.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
NOTE
On a high availability system, log in to the MSuite client on the active site.
Step 2 On the MSuite client, choose System > Initialize Database from the main menu. The
initialization wizard and a prompt will be displayed.
Step 4 Click Yes. The system starts initializing the database and displays a progress bar. Wait
patiently.
Step 5 After the initialization is complete, click Finish. A message is displayed indicating that the
U2000 server need to be started manually.
Step 6 Optional: In the HA system, unfreeze the AppService resource group. For more information,
see 11.5.4 Unlocking a Resource Group.
Step 7 Click OK, start the U2000 server manually. For more information, see 2 Starting the U2000
System.
----End
On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su - ossuser
command to switch to the ossuser user to run the following command.):
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -InitDatabase
Enter the MSuite login password[]:
NOTE
The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for system
security, modify the default password and remember the new password. For details, see C.3.1 Changing
the Password of the MSuite.
Follow-up Procedure
l In the HA system, log in to the secondary site as the ossuser user after primary site
initialization is complete and run the following commands to delete flags reported by
hardware alarms or HA system alarms.
$ su - root
Password:root user password
# rm -rf /var/ICMR/alarm/*ERROR
# rm -rf /var/ICMR/alarm/err_*
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000,
you must reconfigure the NBI instance after successfully initializing the database, and
the reconfigured instance must be the same as the instance before the database is
initialized. For details, see the related NBI user manual.
l To ensure system security, log in to the U2000 client and change the password according
to the message displayed upon the first login. For details, see 2.6 Logging In to a U2000
Client.
This describes the utility commands provided by the Solaris or SUSE Linux system, including
the commands for operating directories, the commands for operating folders, the commands
for viewing files, the commands for managing Solaris or SUSE Linux users, the commands
for managing the system resource, and the commands for network communication.
D.1.1 pwd
This topic describes the pwd command used for viewing the current working folder.
Function
View the current working folder.
Example
# pwd
/export/home
D.1.2 cd
This topic describes the cd command used for switching the current folder to another folder.
Function
The cd command is used to switch the current folder to another folder. This command applies
to both absolute and relative paths.
Example
l To switch to the home folder, run the following command:
# cd
# cd /
# cd ..
# cd ../..
l To switch to the /export/home folder by the absolute path, run the following command:
# cd /export/home
NOTE
If you run the cd command that is not followed by any parameter, the system is switched back to the
home folder.
# cd
D.1.3 mkdir
This topic describes the mkdir command used for creating a folder.
Function
The mkdir command is used to create a folder. When the path to the created folder is
determined, absolute and relative paths can be used.
Command Format
mkdir option directory
Option Description
Example
To create a subfolder data in /home1/omc, run the following command:
# mkdir /home1/omc/data
If the current folder is /home1 and the folder omc does not exist, run the following command
to create the folder omc and then the folder dir1:
# mkdir -p /home1/omc/dir1
D.1.4 rmdir
This topic describes the rmdir command used for deleting an empty folder that is no longer
useful.
Function
The rmdir command is used to delete an empty folder.
To delete a non-empty folder, run the rm -r command. For details, see D.2.4 rm.
l After the rmdir command is executed, the corresponding folder is deleted and the
functions of U2000 may become abnormal. Execute this command with caution.
l If the folder to be deleted is not empty, you must delete the files in the folder before
running the rmdir command.
l To delete the current folder, you must switch to the upper-level folder.
Example
To delete the data subfolder in the /home1/omc folder, run the following command:
# rmdir /home1/omc/data
D.1.5 ls
This topic describes the ls command used for listing the files and subfolders in a specific
folder.
Function
The ls command is used to list the files and subfolders in a folder. Run the ls command
without any parameter to list the content of the current folder. Run the ls command with
parameters to list the information about the size, type, and privileges of the file, and the date
when the file was created and modified.
Command Format
ls option Directory or File
Option Description
Several individual options and a combination of options can be used for the ls command.
Place the prefix - before the options. Table D-2 lists some common options.
-a Lists all files including the hidden files, that is, the files starting with a
dot ., for example, the .login file.
Option Description
-l Lists the detailed information about a file, such as the file type, privileges,
number of links, owner, file group, file size, file name, and the date of the
last modification.
If the file is a sign-linking file, after the ls -l command is executed, the -> sign is added at the
end of the file name for pointing to the linked file.
Example
To view the long-form content of the files in the current folder, run the following command:
# ls -l |more
total 11094632
drwxr-xr-x 2 sybase staff 1024 Sep 5 2001 bin
drwxr-xr-x 14 sybase staff 512 Sep 5 2001 charsets
drwxr-xr-x 3 sybase staff 512 Sep 5 2001 collate
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 config
-rw-r--r-- 1 sybase staff 2048000000 Mar 6 09:50 data_dev.dat
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 devlib
drwxr-xr-x 7 sybase staff 512 Sep 5 2001 diag
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 hs_data
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 include
drwxr-xr-x 7 sybase staff 512 Sep 5 2001 init
drwxr-xr-x 3 sybase staff 512 Sep 5 2001 install
-rw-r--r-- 1 sybase staff 268 Sep 5 2001 interf.old
-rw-r--r-- 1 sybase staff 402 Oct 29 15:25 interfaces
drwxr-xr-x 2 sybase staff 1024 Sep 5 2001 lib
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 license
drwxr-xr-x 6 sybase staff 512 Sep 5 2001 locales
-rw-r--r-- 1 sybase staff 2048000000 Mar 6 10:51 log_dev.dat
-rw-r--r-- 1 sybase staff 2048000000 Mar 6 10:36 log_dev1.dat
drwxr-xr-x 5 sybase staff 512 Sep 5 2001 pad
-rw-r--r-- 1 sybase staff 5242880 Feb 19 10:10 phase2.dat
drwxr-xr-x 8 sybase staff 512 Sep 5 2001 sample
--More--
After you run the ls -l command, the result may be displayed in several screens. To view the
file contents, one screen at a time, run one of the following commands:
l # ls -la | more
l $ ls -la>ccc
Save the command output to the ccc file, and then run the following command to view
the output on screen at a time:
# more ccc
After you run the ls -l command, seven columns of information are displayed, which are
described as follows:
l The first column consists of 10 characters. The first character indicates the file type. For
example, the character - refers to a common file and the character d refers to a folder.
The following nine characters are three triplets indicating the access privileges of the file
owner. The first triplet pertains to the owner, the middle triplet pertains to members of
the user group, and the right-most one pertains to other users in the system. For example,
the characters r, w, and x indicate that the user has the privileges to read, write, and
execute a file, whereas the character - indicates that the user does not have any relevant
privileges for the file.
l The second column indicates the number of links of the file.
l The third and fourth columns display information such as the owner of the file, and the
user group to which the file belongs.
l The fifth column shows the size of the file in bytes.
l The sixth column shows the time and date when the file is last modified.
l The seventh column shows the file name.
D.2.1 vi
This topic describes the vi command used for creating and modifying text files.
Function
As a powerful text editing tool, the vi editor is used to create and modify text files.
After the configuration file of U2000 is modified by running the vi command, the functions of
U2000 may become abnormal. Execute this command with caution. You are advised to back
up the configuration file before running this command.
Format
l To start the vi editor, enter the following command:
vi file name
l Table D-3 lists the operations in the text input mode.
Command Function
A Insert text at the end of the line where the cursor is.
I Insert text before the first nonblank character in the line where the
cursor is.
o Insert a new line below the current one and insert text (open).
O Insert a new line above the current one and insert text.
l Table D-4 lists the operations related to moving the cursor in the text input mode.
Table D-4 Operations related to moving the cursor in the text input mode
Command Function
Line No. G Move the cursor to a specified line. For example, 1G means
that the cursor is moved to the first line.
l Table D-5 lists the operation for exiting the text input mode and switching to the
command mode.
Table D-5 Operation for exiting the text input mode and switching to the command
mode
Command Function
ESC Exit the text input mode and switches to the command
mode.
l Table D-6 lists the operations related to deleting characters in the command mode.
Command Function
x Delete a character.
Command Function
dd Delete a line.
Command Function
:q! Exit from the vi editor and discard all the changes.
D.2.2 cp
This topic describes the cp command used for copy the contents of a file to another file.
Function
The cp command is used to copy the contents of a file to another file.
Command Format
cp option source file object file
Option Description
The option -r indicates recursively copying a folder. That is, when copying a folder, copy the
files and subfolders included in the folder, and files and subfolders in the subfolders until the
last level of the folder.
Example
To copy the old_filename file in the current folder to the file new_filename, run the
following command:
# cp old_filename new_filename
D.2.3 mv
This topic describes the mv command used for moving and renaming a file.
Function
The mv command is used to move and rename a file.
l After the mv command is executed, the corresponding file is moved and the functions of
U2000 may become abnormal. Execute this command with caution.
l After you run the mv command, only the target file instead of the source file exists.
l After you run the cp command, the source file still exists and the target file is generated.
Command Format
mv source file object file
Example
To move the old_filename file in the root directory to the /home1/omc folder, and rename the
source file to new_filename, run the following command:
# mv old_filename /home1/omc/new_filename
D.2.4 rm
This topic describes the rm command used for deleting a specific file.
Function
The rm command is used to delete a file.
l In the Solaris or SUSE Linux system, a file, once deleted, cannot be restored. Therefore,
use the -i option to avoid the deletion of a file by mistake.
l To delete a folder, run either of the following commands: rmdir or rm -r. The difference
between the two commands is: rmdir deletes only empty folders but rm -r deletes any
folder.
Command Format
rm option file
Option Description
l -i: refers to interactive operations. Your confirmation is required before a command is
run.
l -r: recursively deletes a folder. That is, when deleting a folder, delete the files and
subfolders included in the folder, and files and subfolders in the subfolders until the root
folder.
l -f: removes all files (whether write-protected or not) in a directory without prompting the
user.
Example
To delete the old_filename file in the current folder, run the following command:
# rm -i old_filename
D.2.5 chmod
This topic describes the chmod command used for changing the access rights of a directory or
a file.
Function
The chmod command is used to change the access rights of a directory or a file.
Exercise this operation with caution, after you run the chmod command, the access rights of a
directory or a file will be changed.
Format
chmod option directory or file
Based on different notation methods of the option in the command, two modes are available:
l Symbol mode
chmod objectoperator rights file
l Digit mode
chmod lmn file
Option Description
l Symbol mode
Table D-8 lists common options in symbol mode of the chmod command.
a All users
- Cancel a right
= Set a right
l Digit mode
The option lmn represents the following digits:
– l: the rights of the owner
– m: the rights of the users sharing the same group with the owner
– n: the rights of other users in the system
The value of each digit is equal to the sum of the values of r (read right), w (write right),
x (execute right), or - (no right) in each group. In each group, r = 4, w = 2, x = 1, and - =
0. In the following example -rwxr-xr-- 1 rms sbsrms 46098432 May 12
16:02 sdh*, the access rights of the file sdh is represented by the symbols rwxr-
xr--. The nine symbols are divided into three groups, with three symbols as a group.
The three groups represent the rights of the file owner, the rights of the users sharing the
same group with the file owner, and the rights of other users in the system. The three
groups can be represented in digits 754, which is calculated according to the formulas: 7
= 4 + 2 + 1, 5 = 4 + 0 + 1, and 4 = 4 + 0 + 0.
Parameter Description
Directory or File: indicates the name of the directory or file whose rights are changed.
Example
l Symbol mode
Authorize the file1 owner with the read, write, and execute rights. Authorize the users
sharing the same group with the file owner with the read and execute rights. Authorize
other users with the read and execute rights. Run the following command:
# chmod u=rwx,go=rx file1
To authorize all the users with the read and write rights, run the following command:
# chmod a=rw file2
l Digit mode
Authorize the file1 owner with the read, write, and execute rights. Authorize the users
sharing the same group with the file owner with the read and execute rights. Authorize
other users without right. Run the following command:
# chmod 750 file1
To authorize all the users with the read and write rights, run the following command:
# chmod 666 file2
NOTE
l To configure the rights of a file for users in a group and other users in the system in symbol mode,
you must authorize these users with the execute right of the directory where a file exists. Run the
following command for the directory that requires you to set rights:
# chmod u=rw,+x .
You can also run the following command:
# chmod u=rwx,go=x .
In this command, the dot (.) indicates the current directory.
l In digit mode, the letters r, w, and x equal 4, 2, and 1 respectively, and the hyphen (-) equals 0.
These mappings are set according to the binary mode. For the three symbols r, w, and x in a group,
which represent the read permission, the write permission, and the execute permission, assign the
binary value 1 if a symbol has the corresponding right and assign the binary value 0 if a symbol
does not have the corresponding rights. Take the previous file sdh as an example. The file rights
are represented by the symbols rwxr-xr--. After converting the symbols into a binary value, you
can obtain "111101100". The binary value is divided into three 3-digit groups, with each group
representing a file right. After converting the binary value of each group into a decimal value, you
can obtain three values: 7, 5, and 4.
D.2.6 chown
This topic describes the chown command used for changing the owner of a file.
Function
The chown command is used to modify the owner of a file. In most Solaris or SUSE Linux
systems, this command can be run only by the root user.
Exercise this operation with caution, after you run the chown command, the owner of a file
will be modified.
Command Format
chown option owner file
Option Description
l -f: runs the command forcibly without displaying errors
l -R: recursive folder
Parameter Description
l Owner: the modified owner
l File: the file of the owner to be modified
Example
l Assume that there is a user new_owner and a file in the system. Run the following
command to change the owner of the file to new_owner:
# chown new_owner file
l Assume that there is a user test in the system. Change the owner of all files in the /
export/home folder and the subfolders to test:
# chown -R test /export/home
D.2.7 chgrp
This topic describes the chgrp command used for moving all files from the user group to
which you belong to another user group.
Function
The chgrp command is used to move all files from the user group to which you belong, to
another user group. That is, you belong to at least two user groups at the same time.
Exercise this operation with caution, after you run the chgrp command, the user group of a
file will be moved to another user group.
Command Format
chgrp option group file
Option Description
l -f: runs the command forcibly without displaying errors
l -R: recursive folder
Parameter Description
l Group: the modified user group
l File: the file the user group of which is to be modified
Example
To change the user group file to new_group, run the following command:
# chgrp new_group file
The new user group to which a file is moved should be created. Run the groups command to
list the groups to which you belong. For details on how to create a user group, see D.4
Commands for Managing Solaris or SUSE Linux Users.
After the owner or group of a folder is changed, the folder does not belong to that user or user
group any more. The attributes of the subfolders and files in the folder, however, are retained.
Run the chown command to modify the owner and the user group of a file at the same time:
# chown omc:staff file1
For example, run the command to modify the owner of file1 to omc and the group to staff.
D.2.8 find
This topic describes the find command used for searching for a file that meets the preset
conditions in the specified folders and subfolders.
Function
The find command is used to search for a file that meets the preset conditions in the specified
folders and subfolders. By using this command, you can find the file even if you forget the
correct path of the file.
Command Format
find folder condition
Parameter Description
l Folder: indicates the folder to be searched. You can enter multiple folder names.
Separate the folder names by using spaces.
l Condition: indicates the conditions for file search, such as the file name, owner, and
time of the last modification.
Table D-9 describes the conditions for file search.
-user user Searches all files of user. The value of user can be a
user name or UID.
-group group Searches all files of the user group. The value of
group can be a user group name or GID.
Condition Description
-exec command {}\; Uses the found file as the object of the command to
be run. Put the parameters to be used in the command
execution between { and }.
and -size +10 -links 3 All the files with more than 10
Condit blocks and with 3 links
ions in
and
relatio
nships
are
separat
ed by
spaces.
In the preceding table, +10 stands for more than 10 blocks and -10 for fewer than 10 blocks.
Example
To search for files in the /tmp folder with the file name starting with c, and then print the
paths, run the following command:
To search the file test in the current folder and then print the paths, run the following
command:
NOTE
l The search may take several minutes. To save time, you can run this command in the background.
That is, the output for the command is exported to a file for later query. End the command line
with & so that the system runs the command in the background. For example:
# find / -name "abc*" -print> abc.file &
l After the search is complete, run the following command to view the result of the search:
# cat abc.file
l Different users may have different privileges for the same file. Therefore, ordinary users may find
only some files of the system. To list all the files that meet the set conditions, log in as the root
user and search from the root directory.
D.2.9 tar
This topic describes the tar command used for combining several files into one archive and
save it to a tape or disk.
Function
The tar command is used to combine several files into one archive and save it to a tape or
disk. When one of the files is required, obtain the file directly from an archive.
Command Format
tar function options modification options file
Option Description
l function options: sets the actions, such as read and write, of the tar command
l modification options: modifies the actions of the tar command
Table D-11 describes the options of the tar command.
Example
l Run the tar command to back up files.
To back up all the files and subfolders in the /export/home folder in the current folder to
the default device and view the file information during the backup, run the following
command:
# tar cv /export/home
In current folder, back up all the files and subfolders in the /export/home folder to the
databak.tar file, and to view the file information during the backup, run the following
command:
# tar cvf databak.tar /export/home
l Use tar to restore files.
To restore the files in the default device to a hard disk, and to view the file information
during the restoration, run the following command:
# tar xv
In current folder, restore the databak.tar file to the /export/home folder, and to view the
file information during the restoration, run the following command:
# tar xvf databak.tar
l Do not enter "-" on the left of the function and modification options in the tar command.
l Run the following tar command to pack several files into a package:
# tar cvf filebak.tar file1 file2 file3
l Run the previous command to pack file1, file2, and file3 into a package named
filebak.tar.
l The names of the disk and tape devices used in file backup and restoration in the tar
command may vary according to the Solaris or SUSE Linux system. Check carefully
before running the command.
D.2.10 gtar
This topic describes the gtar command used for combining multiple files into an archive and
storing it in a tape or disk.
Function
The gtar command can merge multiple files into an archive and store it in tapes or disks. You
can obtain the required files from an archive, if required.
Format
gtar function options modification options file to be backed up or restored
Option Description
l Function option: sets the actions of the gtar command, such as read or write.
l Modification option: modifies the actions of the gtar command.
Table D-12 lists some options.
Modification v Starts the display mode. The gtar command can display all
option names of the processed file. This option is common.
Instance
l Run the gtar command to back up files.
In the current directory, back up all the files and folders in /export/home/sybdev to the
default device. During the backup, the file information is displayed.
# gtar cv /export/home/sybdev
In the current directory, back up all the files and folders in /export/home/sybdev and
save them as databak.tar. During the backup, the file information is displayed.
# gtar cvf databak.tar /export/home/sybdev
l Run the gtar command to restore files.
Restore the files of default devices in the backup files to a hard disk. During the
restoration, the file information is displayed.
# gtar xv
In the current directory, decompress the backup file databak.tar to /export/home/
sybdev. During the restoration, the file information is displayed.
# gtar xvf databak.tar
l There is no - symbol before the function option and modification option of gtar.
l The gtar command can pack multiple files. The command is as follows:
# gtar cvf filebak.tar file1 file2 file3
l This command packs the three files, that is, file1, file2, and file3, into the file named
filebak.tar.
l Under different Solaris systems, when using gtar to back up or restore files, note that
names of the floppy disk and tape are different. Ensure that you use the right names.
D.2.11 compress
This topic describes the compress command used for compressing files.
Function
The compress command is used to compress files and save the memory space. The name of
the compressed files ends with .Z. The command for decompressing such files is
uncompress.
Command Format
compress file
Example
To compress a file, run the following command:
# compress file
The difference between the tar command and the file compressing commands is as follows:
The tar command packs or combines files and packs many folders or files into a package. To
compress the combined files *.tar, use the compress or pack command.
D.2.12 uncompress
This topic describes the uncompress command used for decompressing files.
Function
The uncompress command is used to decompress the compressed files. The command for
compressing files is compress.
Command Format
uncompress compressed file ending with ".Z"
Example
To decompress the file.Z file, run the following command:
# uncompress file.Z
D.2.13 pack
This topic describes the pack command used for compressing files and saving memory space.
Function
Run the pack command to compress files. The name of the compressed files ends with .Z.
The space achieved through compression depends on file types. To extract files, use the
unpack command.
Command Format
pack file
Example
To pack a file, run the following command:
# pack file
l Do not run the pack command to compress files of small sizes. To compress such files,
use the pack command with the option -f for forced compression.
# pack -f filename
l The difference between the tar command and the file compression commands is as
follows:
The tar command packs or combines files and packs many folders or files into a
package. To compress the combined files *.tar, use the compress or pack command.
D.2.14 unpack
This topic describes the unpack command used for extracting files.
Function
The unpack command is used to extract the packed files. To pack files, use the pack
command.
Command Format
unpack compressed file ending with ".Z"
Example
To extract the file.Z file, run the following command:
# unpack file.Z
D.2.15 pkgadd
This topic describes the pkgadd command used for sending a file package to the system for
execution.
Function
The pkgadd command is used to send a file package to the system for execution. To remove a
package from the system, run the pkgrm command.
Command Format
pkgadd option file package name
Option Description
-d device: to install or copy a package from the device. The device can be an absolute path,
the identifier of a tape, or a disk such as /var/tmp or /floppy/floppy_name, or a device name
such as /floppy/floppy.
Example
To send a file package in the current folder to the file1 file, run the following command:
# pkgadd -d . file1
The dot in the command indicates that the folder is the current folder.
D.2.16 pkgrm
This topic describes the pkgrm command used for removing a package from the system.
Function
The pkgrm command is used to remove a package from the system. To pack and send a
package to the system, use the pkgadd command.
After the pkgrm command is executed, the corresponding package is removed from the
system and the functions of U2000 may become abnormal. Execute this command with
caution.
Command Format
pkgrm option file package name
Example
To remove the file1 file, run the following command:
# pkgrm file1
D.3.1 echo
This topic describes the echo command used for sending a character string to a standard
output device such as the monitor screen.
Function
The echo command is used to send a character string to a standard output device such as the
monitor screen.
Command Format
echo character string option
Option Description
Table D-13 lists five options that are frequently used.
Option Description
Example
# echo $HOME
/export/home
/export/home displayed on the screen is the meaning of the character string "$HOME".
To prevent the system from displaying RETURN, run the following command:
# echo $HOME "\c"
/export/home
Or:
# echo "$HOME \c"
/export/home
NOTE
The options \c, \0n, \t, \n, \v are displayed in the character string enclosed in quotation marks. The
quotation marks can quote either one option or multiple options.
D.3.2 cat
This topic describes the cat command used for viewing the contents of a text file.
Function
The cat command is used to view the contents of a text file.
Command Format
cat option file
Option Description
l -n: number of each line of the displayed text
l -v: to view nonprinting characters rather than TAB and RETURN
Example
To view the contents of the cat_Table.txt file, run the following command:
# cat cat_Table.txt
Name Owner
Object_type
------------------------------ ------------------------------
----------------------
tbl128Addr cat
user table
tbl128IP cat
user table
tbl128Name cat
user table
tblAdapterIP cat
user table
tblAdjCell cat
user table
... ... ...
NOTE
To view several files at the same time, run the following command:
# cat file1 file2 file3
D.3.3 more
This topic describes the more command used for displaying the content of a large file in
different pages.
Function
You can use this command to view a file on screen at a time. You can also use this command
to browse the previous screens and to search for character strings.
Command Format
more option file
Option Description
Remember to insert the prefix - before the options when multiple options and combination of
options are used. Table D-14 lists four options that are frequently used.
-w Indicates that the system does not exit at the end of the input but waits for
the prompt.
Example
To view the contents of the cat_Table.txt file on screen at a time, run the following
command:
# more cat_Table.txt
Name Owner
Object_type
------------------------------ ------------------------------
----------------------
tbl128Addr cat
user table
tbl128IP cat
user table
tbl128Name cat
user table
tblAdapterIP cat
user table
tblAdjCell cat
user table
... ... ...
NOTE
l To view a file on screen at a time, press the following keys to perform relevant operations:
Space key: to view the next screen
Enter key: to view the next line
q: to exit
h: to view the online help
b: to switch back to the previous screen
/word: to search the character string "word" backward
l Solaris or SUSE Linux commands can be used in combinations. For example, add |more after
other commands to view relevant results on several screens.
D.3.4 head
This topic describes the function, format, and example of the head command.
Function
The head command is used to view the first few lines of a text file. By default, the first 10
lines are displayed.
Command Format
head value file
Example
To view the first three lines of the Table.txt file, run the following command:
# head -3 Table.txt
Name Owner
Object_type
------------------------------ ------------------------------
D.3.5 tail
This topic describes the tail command used for viewing the last few lines of a text.
Function
The tail command is used to view the last few lines of a text. By default, the last 10 lines are
displayed.
Command Format
tail value file
Example
To view the last ten lines of the cat_Table.txt file, run the following command:
# tail cat_Table.txt
Name Owner
Object_type
------------------------------ ------------------------------
----------------------
tbl128Addr cat
user table
tbl128IP cat
user table
tbl128Name cat
user table
tblAdapterIP cat
user table
tblAdjCell cat
user table
... ... ...
NOTE
A special function of the tail command is to view the latest changes of a log file, because all the latest
changes are added at the end of the log file. The command format is as follows:
# tail -f commdrv.log
The option -f refers to the function of monitoring a file.
D.3.6 clear
This topic describes the clear command used for clearing the contents on the screen.
Function
The clear command is used to clear the contents on the screen.
Example
To clear the screen, run the following command:
# clear
D.3.7 grep
This topic describes the grep command used for searching for a character string in a text file.
Function
The grep command is used to search for a character string in a text file and to print all the
lines that contain the character string.
Command Format
grep character string file
Example
To search the character string operation in the ifconfig.txt file, run the following command:
To search the character string "The following options are supported" in the ifconfig.txt file,
run the following the command:
NOTE
The character string "The following options are supported" includes spaces. Remember to enclose the
character string within quotation marks in the command line.
D.4.1 useradd
The useradd command is used to add a user in the Solaris or SUSE Linux system.
Function
The useradd command is performed to add a user in the Solaris or SUSE Linux system.
Command Format
useradd option new user name
Option Description
You can combine options of the useradd command. Add the prefix - before these options.
Table D-15 lists the common options.
Option Remark
Example
Create a user named omc1 in the Solaris or SUSE Linux system. The user omc1 belongs to
the staff user group and the home folder is /home1/omc that is created automatically. In
addition, the comment is Test User and B shell is applied. To create a user named omc1 in the
Solaris or SUSE Linux system, run the following commands:
After a user is added, set the password for the added user. For details of setting the password,
see D.4.4 passwd. After the password is set, the user can log in as a new user.
D.4.2 userdel
This topic describes the userdel command used for deleting a specific user of the Solaris or
SUSE Linux operating system.
Function
The userdel command is used to delete a user. Some Solaris or SUSE Linux systems do not
allow deleting users completely. Run the userdel command to revoke the privileges granted to
the user.
After the userdel command is executed, the corresponding user is deleted or the privileges
granted to the user are revoked, and the functions of U2000 may become abnormal. Execute
this command with caution.
Command Format
userdel option user name
Option Description
-r: Remove the user's home directory from the system. This directory must exist. The files
and directories under the home directory will no longer be accessible following successful
execution of the command.
l -r: Remove the whole home directory and the mail spool of the specified account. Files
located in other directories will have to be searched for and deleted manually.
l -f: Work with -r. This option is used to force the removal of files, even if not owned by
the account.
Example
Assume that there is user omc1 in the system. To delete the user omc1, run the following
command:
# userdel omc1
If the user has logged in, running the userdel command to delete the user fails. The system
prompts that the user account is in use.
D.4.3 usermod
This topic describes the usermod command used for modifying the user login information.
Function
The usermod command is used to modify the user login information.
After the usermod command is executed, the corresponding user login information is
modified and the functions of U2000 may become abnormal. Execute this command with
caution.
Command Format
usermod option user name
Option Description
The combined option of the usermod command can be used. Add the prefix - before the
options. Table D-16 lists the common options.
Example
In Solaris or SUSE Linux, modify the login information of the user omc1. Run the following
command to change the user name to test, owner group to new_group, main directory to /
home, and comment to Tester:
# usermod -c "Test User" -d /home1 -g new_group -l test omc1
With the different operating system, do not run the usermod command to modify a user when
the user has logged in, or you must reboot operating system for some settings when perform
the command.
D.4.4 passwd
This topic describes the passwd command used for setting or changing a password for a user.
Function
The passwd command is used to set a password for an added user or to change the user
password.
Command Format
passwd user name
Precautions
From the security management aspect, you must change the user password periodically to
ensure the password security.
Example
Assume that the user omc1 is added. To set the password of omc1, run the following
command:
# passwd omc1
NOTE
Enter and confirm the password according to prompts. The entered password is displayed in cipher text.
It is recommended that the password should comply with the following rules:
1. The password contains at least eight characters.
2. The password contains at least two of the following items:
l At least one uppercase letter
l At least one lowercase letter
l At least one digit
l At lease one of the following special characters: ` ~ @ # $ % ^ & * ( ) _ + - = { } [ ] | : \ " ;
' ? , . < > / and spaces
D.4.5 groupadd
This topic describes the groupadd command used for adding a user group in the Solaris or
SUSE Linux system.
Function
The groupadd command is used to add a user group in the Solaris or SUSE Linux system.
Command Format
groupadd user group name
Example
To add the user group staff1 in the Solaris or SUSE Linux system, run the following
command:
# groupadd staff1
D.4.6 groupdel
This topic describes the groupdel command used for deleting a user group in the Solaris or
SUSE Linux system.
Function
The groupdel command is used to delete a user group in the Solaris or SUSE Linux system.
After the groupdel command is executed, the corresponding user group is deleted and the
functions of U2000 may become abnormal. Execute this command with caution.
Command Format
groupdel user group name
Example
To delete the user group staff1, run the following command:
# groupdel staff1
D.4.7 groupmod
This topic describes the groupmod command used for modifying the information about a user
group.
Function
The groupmod command is used to modify the information about a user group.
After the groupmod command is executed, the corresponding user group information is
modified and the functions of U2000 may become abnormal. Execute this command with
caution.
Command Format
groupmod user group name
Parameter Description
-n name: the name of the modified user group
Example
To modify the name of the user group staff1 to staff2, run the following command:
D.5.1 man
This topic describes the man command used for viewing the online help about a command.
Function
The man command is used to view the online help about a command.
Command Format
man option command
Example
To view the online help about the pwd command, run the following command:
# man pwd
Reformatting page. Wait... done
NAME
pwd - return working directory name
SYNOPSIS
/usr/bin/pwd
DESCRIPTION
pwd writes an absolute path name of the current working
directory to standard output.
Both the Bourne shell, sh(1), and the Korn shell, ksh(1),
also have a built-in pwd command.
ENVIRONMENT
See environ(5) for descriptions of the following environment
variables that affect the execution of pwd: LC_MESSAGES and
NLSPATH.
EXIT STATUS
--More--(30%)
NOTE
Not all parameters in the man command are command names. For example, the man ascii command
displays all the ASCII characters and their expressions. The man shell_builtins command displays the
built-in command list and the shell using the commands.
D.5.2 df
This topic describes the df command used for viewing the free disk space.
Function
The df command is used to view the free disk space. The system administrator runs this
command frequently to check the usage of the disk space to avoid disk failure due to data
overflow.
Command Format
df option file system
Option Description
l -l: the local file system
l -k: to view the free disk space (unit: KB)
l -h: to print sizes in human readable format
Example
To check the free disk space, run the following command:
# df -k
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c0t0d0s0 2053605 997684 994313 51% /
/proc 0 0 0 0% /proc
fd 0 0 0 0% /dev/fd
/dev/dsk/c0t1d0s7 35009161 2562019 32097051 8% /export/home
swap 3431792 6664 3425128 1% /tmp
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda4 81242124 31102496 50139628 39% /
udev 3044112 704 3043408 1% /dev
/dev/sda1 136384 8420 127964 7% /boot/efi
/dev/sda3 52434552 53964 52380588 1% /home
D.5.3 du
This topic describes the du command used for viewing the disk space used by a specific
folder or file.
Function
The du command is used to view the disk space used by a specific folder or file.
Command Format
du option folder or file
Option Description
l -a : to view the disk space used by each file
l -s: to view the used total disk space
l -k: to view the result (unit: KB)
l -h: print sizes in human readable format
Example
l To view the disk space used by the files in the /etc folder, run the following command:
# du -k /etc |more
4 /etc/X11/fs
4 /etc/X11/twm
84 /etc/X11/xdm/pixmaps
157 /etc/X11/xdm
721 /etc/X11/xkb/rules
52 /etc/X11/xkb/types
16 /etc/X11/xkb/semantics
8 /etc/X11/xkb/geometry/ibm_vndr
44 /etc/X11/xkb/geometry/digital_vndr
44 /etc/X11/xkb/geometry/sgi_vndr
285 /etc/X11/xkb/geometry
81 /etc/X11/xkb/compat
28 /etc/X11/xkb/symbols/sun_vndr
16 /etc/X11/xkb/symbols/fujitsu_vndr
84 /etc/X11/xkb/symbols/macintosh_vndr
8 /etc/X11/xkb/symbols/nec_vndr
32 /etc/X11/xkb/symbols/digital_vndr
4 /etc/X11/xkb/symbols/sony_vndr
12 /etc/X11/xkb/symbols/xfree68_vndr
4 /etc/X11/xkb/symbols/hp_vndr
4 /etc/X11/xkb/symbols/sgi_vndr
850 /etc/X11/xkb/symbols
40 /etc/X11/xkb/keymap/sun_vndr
8 /etc/X11/xkb/keymap/digital_vndr
93 /etc/X11/xkb/keymap/sgi_vndr
181 /etc/X11/xkb/keymap
16 /etc/X11/xkb/keycodes/digital_vndr
12 /etc/X11/xkb/keycodes/sgi_vndr
108 /etc/X11/xkb/keycodes
2345 /etc/X11/xkb
4 /etc/X11/xsm
4 /etc/X11/lbxproxy
16 /etc/X11/fvwm2
4 /etc/X11/xserver/C/print/ddx-config/raster
4 /etc/X11/xserver/C/print/ddx-config
12 /etc/X11/xserver/C/print/attributes
245 /etc/X11/xserver/C/print/models/PSdefault/fonts
--More-
l To view the disk space used by all file systems in the current folder and send the results
to the sort command for sorting, run the following command:
# du -s * |sort -rn|more
28672 opt
3757 X11
2522 cups
1282 bootsplash
822 xscreensaver
808 sysconfig
661 services
661 init.d
473 postfix
428 apparmor
416 mono
389 joe
193 profile.d
165 ssl
165 apparmor.d
164 ssh
145 pam.d
145 lvm
112 fonts
109 xinetd.d
--More-
l To list the first ten file systems according to the file size, run the following command:
# du -s * |sort -rn|head -10
28672 opt
3757 X11
2522 cups
1282 bootsplash
822 xscreensaver
808 sysconfig
661 services
661 init.d
473 postfix
428 apparmor
D.5.4 ps
This topic describes the ps command used for viewing the status of the processes currently
running in the system.
Function
The ps command is used to view the status of the processes currently running in the system..
Command Format
ps option
Option Description
l -e: to view the status of all the processes that are running in the system
l -l: to view the running processes in a long-form list
l -u user: to view the process status of a specific user
l -f: to view all the status information about the processes that are running in the system
Example
l To view the status of all the running processes controlled by the login device (the
terminal), run the following command:
# ps
PID TTY TIME CMD
13726 pts/5 0:00 ksh
l To view the complete information about the active processes, run the following
command:
# ps -f
UID PID PPID C STIME TTY TIME CMD
sybase 13726 13724 0 08:44:35 pts/5 0:00 -ksh
sy
sagent DEFAULTSYSAGENT -port 31011 -agentid 119
root 22338 1 0 17:49:42 ? 0:02 imapsvcd -name 3gpp_agent -
sy
......
NOTE
l After you run the ps command without any parameters, the screen displays information about all
running processes that are controlled by the login device (terminal).
l After you specify the -f parameter, more information is displayed. The information includes the
user name (UID), process ID (PID), parent process ID (PPID), technical number that indicates the
running time of the process (C), process start time (STIME), name of the terminal that activates the
process (TTY), and the process name (CMD). If TTY displays ?, infer that this process is not
associated with the terminal.
l To view all the processes related to specific characters, for example, the process related to the
U2000, run the grep command with the ps command.
D.5.5 kill
This topic describes the kill command used for terminating one or more processes.
Function
The kill command is used to terminate one or more processes.
Command Format
kill option processID
Option Description
l -l : lists names of all signals. If -l is present, processID is not provided.
l -s signal: sends the signal specified by signal to the process specified by processID.
Parameter Description
processID: the ID of the process to be terminated, that is, the process ID
Example
l To list all the signal names, run the following command:
# kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL
5) SIGTRAP 6) SIGABRT 7) SIGEMT 8) SIGFPE
9) SIGKILL 10) SIGBUS 11) SIGSEGV 12) SIGSYS
13) SIGPIPE 14) SIGALRM 15) SIGTERM 16) SIGUSR1
17) SIGUSR2 18) SIGCHLD 19) SIGPWR 20) SIGWINCH
21) SIGURG 22) SIGIO 23) SIGSTOP 24) SIGTSTP
25) SIGCONT 26) SIGTTIN 27) SIGTTOU 28) SIGVTALRM
l To terminate the process with PID as 256, run the following command:
# kill -s KILL 256
NOTE
D.5.6 who
This topic describes the who command used for reporting the login information about all the
users in the current system.
Function
The who command reports the login information about all the users in the current system.
Command Format
who option
Option Description
l -b : display the system date and time of the last startup
l -m: display the related information about the users who run the command (the same as
the command who with two parameters am i)
Parameter Description
am i: display the login information about the users who run the command
Example
l Display the login information about all the users in the current system:
# who
root pts/3 Feb 4 10:08 (10.129.16.60)
sybase pts/5 Feb 4 08:45 (10.129.28.44)
root pts/6 Feb 4 11:25 (10.129.16.60)
l Display the login information about the users who run the command:
# who am i
sybase pts/5 Feb 4 08:45 (10.129.28.44)
or:
# who -m
sybase pts/5 Feb 4 08:45 (10.129.28.44)
D.5.7 which
This topic describes the which command used for viewing the location where a command is
run.
Function
The which command is used to view the location where a command is run. The result may be
an absolute path or alias of the command found in the user environment variant PATH.
Command Format
which command
Example
To view the position where the commands pwd, who, and which are run, run the following
command:
NOTE
If the command to be located does not exist in the file, the following error messages are displayed after
you run the which command:
# which qqqq
no qqqq in /usr/bin /usr/ucb /etc
D.5.8 hostname
This topic describes the hostname command used for viewing or setting the host name.
Function
The hostname command is used to view or set the host name.
Command Format
hostname host name
Example
To view the host name, run the following command:
# hostname
NOTE
If you run the hostname command without parameters, the host name of the equipment is displayed. If
you run the hostname command with parameters, the host name is set. Only the root user can run the
hostname command.
D.5.9 uname
This topic describes the uname command used for viewing the information about the
operating system.
Function
The uname command is used to view the information about the operating system. If you run
this command without parameters, only the name of the operating system is displayed. If you
run this command with parameters, more details about the operating system are displayed.
Format
uname option
Option Description
The options of the uname command can be combined. Add the prefix - before the options.
Table D-17 lists some frequently used options.
Example
To view the name, version, and serial number of the operating system on the host, run the
following command:
# uname -svr
D.5.10 ifconfig
This topic describes the ifconfig command used for viewing the IP address of the host.
Function
The ifconfig command is used to view the IP address of the host.
Command Format
ifconfig option
Option Description
-a: to view all the address information
Example
To view the IP address of the host, run the following command:
# ifconfig -a
lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232inet 127.0.0.1 netmask
ff000000
hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST>mtu 1500 inet
10.9.169.143 netmask ffff0000 broadcast 10.9.255.255
hme0:1:flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet
10.6.253.136 netmask ffff0000 broadcast 10.6.255.255
NOTE
In the previous output, the IP address of the displayed host is 10.9.169.143, and the logical IP address is
10.6.253.136. In the Solaris or SUSE Linux system, a network adapter can bind several logical IP
addresses, which realizes communications between different network segments.
D.5.11 script
This topic describes the script command used for recording in a script file all the screen input
and output that occur from the time when the script command is run to the time when the exit
command is entered.
Function
Close the script file before running the exit command to terminate the recording of the screen
I/O. If you do not close the script file, the script file builds up and hinders the normal
operation of the system.
Record in a script file all the screen input and output that occur from the time when the script
command is run to the time when the exit command is entered. The script command is
helpful for programming and debugging.
Format
script option file
Option Description
-a: appends the screen I/O content to a file. If you do not set this parameter, the screen I/O
overwrites the content of the file.
Parameter Description
file: the file used to save the screen I/O content. If you do not specify the file name, the screen
I/O content is saved to the typescript file.
Example
To save the screen I/O content in the default destination file typescript, run the following
commands:
# script
Script started, file is typescript
# ps
PID TTY TIME CMD
256 pts/8 0:00 ksh
# pwd
/export/home
# date
Mon Feb 4 19:12:14 GMT 2002
# exit
Script done, file is typescript
To view the content of the typescript file, run the following command:
# cat typescript
Script started on Mon Feb 04 19:11:49 2002
$ ps
PID TTY TIME CMD
256 pts/8 0:00 ksh
$ pwd
/export/home
$ date
Mon Feb 4 19:12:14 GMT 2002
$ exit
exit
script done on Mon Feb 04 19:12:24 2002
D.5.12 date
This topic describes the date command used for viewing the current date and time of the
system.
Function
The date command is used to view the current date and time of the system. The root user can
run the date command to set the system date and time.
Format
date option +format
Option Description
l -u: to use the Greenwich mean time.
l +format: to specify the command output format.
Table D-18 describes the format of the command output.
%H Hour: from 00 to 23
%M Minute: from 00 to 59
%S Second: from 00 to 59
Example
l To view the current date and time of the system, run the following command:
date
Mon Feb 4 20:26:16 GMT 2002
l To view the current system date and time in the Greenwich Mean Time, run the
following command:
date -u
Mon Feb 4 12:27:26 GMT 2002
l To view the current date of the system in the format of month/day/year, run the following
command:
date +%D
02/04/02
D.5.13 bc
This topic describes the bc command used for simple calculation.
Function
The bc command is used to perform a simple calculation.
Example
To multiply 4 by 5, run the following command:
# bc
4*5
20
NOTE
To get the result, run the bc command, and then press Enter. Type the formula 4*5, and then press
Enter. The result is displayed on the screen. Press Ctrl+D to exit from the bc program.
D.5.14 prtconf
This topic describes the prtconf command used for checking the system configuration.
Function
The prtconf command is used to check the system configuration.
Format
prtconf option device path
Instance
l Check all the configuration information about the system.
# prtconf
System Configuration: Oracle Corporation sun4u
Memory size: 32768 Megabytes
System Peripherals (Software Nodes):
SUNW,SPARC-Enterprise
scsi_vhci, instance #0
ssd, instance #0
ssd, instance #1
ssd, instance #2
packages (driver not attached)
SUNW,probe-error-handler (driver not attached)
SUNW,builtin-drivers (driver not attached)
deblocker (driver not attached)
disk-label (driver not attached)
terminal-emulator (driver not attached)
obp-tftp (driver not attached)
ufs-file-system (driver not attached)
hsfs-file-system (driver not attached)
chosen (driver not attached)
openprom (driver not attached)
client-services (driver not attached)
options, instance #0
aliases (driver not attached)
memory (driver not attached)
virtual-memory (driver not attached)
iscsi-hba (driver not attached)
disk (driver not attached)
pseudo-console, instance #0
nvram (driver not attached)
pseudo-mc, instance #0
cmp (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
cmp (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
cmp (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
cmp (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
core (driver not attached)
cpu (driver not attached)
cpu (driver not attached)
pci, instance #0
ebus, instance #0
flashprom (driver not attached)
serial, instance #0
scfc, instance #0
panel, instance #0
pci, instance #0
pci, instance #0
pci, instance #1
pci, instance #3
scsi, instance #0
sd, instance #3
sd, instance #4
sd, instance #5
network, instance #0
network, instance #1
pci, instance #4
pci, instance #2
LSILogic,sas, instance #1
pci, instance #1
network, instance #0
network, instance #1
network, instance #2
network, instance #3
pci, instance #2
SUNW,qlc, instance #0
fp (driver not attached)
disk (driver not attached)
fp, instance #4
SUNW,qlc, instance #1
fp (driver not attached)
disk (driver not attached)
fp, instance #5
pci, instance #3
SUNW,qlc, instance #2
fp (driver not attached)
disk (driver not attached)
fp, instance #6
SUNW,qlc, instance #3
fp (driver not attached)
disk (driver not attached)
fp, instance #7
ramdisk-root (driver not attached)
os-io (driver not attached)
iscsi, instance #0
pseudo, instance #0
D.5.15 prstat
This topic describes the prstat command used for viewing the CPU usage.
Function
The CPU usage may be high when a large number of NE alarms are reported in a short period
or when the performance data is high. This command is used to find out the cause of these
alarms.
Permitted Users
User root and other common users are authorized to run the prstat command.
Example
# prstat
The command result contains the CPU usage of each process.
D.5.16 shutdown
This topic describes the shutdown command used for changing the system status, such as
restart or shut down the system.
Function
The shutdown command is used to change the system status.
After the shutdown command is executed, the system status is changed and the functions of
U2000 may become abnormal. Execute this command with caution.
Command Format
Solaris
SUSE Linux
Parameter Description
Table D-19 describes the parameters of the shutdown command in Solaris. Table D-20
describes the parameters of the shutdown command in SUSE Linux.
Parameter Description
Example
Solaris
l Shut down Solaris and the power supply after 120s without notifying the user.
# shutdown -i5 -g120 -y
l Restart Solaris after 120s without notifying the user.
# shutdown -i6 -g120 -y
SUSE Linux
D.6.1 ping
This topic describes the ping command used for checking the connection of networks.
Function
The ping command is used to check the physical connection of the network when the
communication between a user computer and the hosts in the network is interrupted.
Format
ping IP address of a host
Example
Check the physical connection between the current host and the host whose IP address is
10.9.0.1.
# ping 10.9.0.1
10.9.0.1 is alive
64 bytes from 10.9.0.1: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 10.9.0.1: icmp_seq=2 ttl=64 time=0.021 ms
NOTE
Other methods for using the ping are as follows:
l # ping -s 10.9.0.1
Send messages to the target host (IP address: 10.9.0.1) constantly to test the network connection.
Press Ctrl+C to stop sending messages.
l # ping -s 10.9.0.1 4096
Send messages to the target host (IP address: 10.9.0.1) constantly and specify that the size of the
tested message is 4096 bytes.
l # ping -s 10.9.0.1 4096 4
Send messages to the target host (IP address: 10.9.0.1) constantly, and specify that the size of the
tested message is 4096 bytes and the number sending times is four.
The Internet Control Message Protocol (ICMP) is used through the ping command to check
the network connection. An ICMP echo request message is sent to a specific host to request
an ICMP echo response message. If the response message is not received within a specified
time, the Host unreachable message is displayed on the screen.
To analyze the causes, run the ping command to connect to other hosts in the same network
segment. If the ping command is successful, you can infer that the connection is functional. In
this case, check the physical connection and the operating status of the specified host. If the
ping command fails, check whether the physical network connection of the current host is
secure or whether the TCP/IP protocol is set correctly only for Windows 95 users.
D.6.2 telnet
This topic describes the telnet command used for logging in to the remote Solaris or SUSE
Linux host from the local computer.
Function
Before running the telnet command, ensure that a local computer is connected to the remote
Solaris or SUSE Linux host according to the TCP/IP protocol.
Telnet is the software used to log in to remote Solaris or SUSE Linux hosts through network
connection. Telnet takes the local computer as a simulated terminal of the remote Solaris or
SUSE Linux host and enables you to log in to the remote server from the local computer.
After you log in to the remote Solaris or SUSE Linux host successfully through telnet, you
become a remote simulated terminal user and you can use the local computer as a real Solaris
or SUSE Linux terminal. In this case, the resources and functions available and the operating
mode depend on the settings of the remote host and the access privileges of the login account.
Command Format
telnet IP address or domain name port
Parameter Description
l IP address: the IP address of a remote Solaris or SUSE Linux host
l Domain: the domain name of a remote Solaris or SUSE Linux host
l port: the port number of the listening port of the telnet service. If the port number is
omitted, it indicates that the port with the number of 23 is connected to the telnet service
by default.
Example
Run the telnet command on a local computer and log in to a remote Solaris or SUSE Linux
host. Assume that the IP address of the Solaris or SUSE Linux host is 10.9.169.143.
1. On the local computer, choose Start > Run.
2. Enter telnet 10.9.169.143 and click OK.
NOTE
The telnet command can also be used to test the listening status of a port of a host. For example,
test whether port 22 of the host with the IP address of 10.9.169.143 is in listening status by
running the following command:
telnet 10.9.169.143 22
You can determine whether the port is in listening status according to the displayed message.
3. The Telnet dialog box appears and prompts you to enter the Solaris or SUSE Linux user
name and password.
login: root
Password: root password
NOTE
Enter the password on the right of Password. The entered password is not displayed.
The subsequent operations are the same as those that you perform on the Solaris or
SUSE Linux host.
D.6.3 ftp
This topic describes the ftp command used for transferring files between the local computer
and the remote host.
Function
The ftp command is used to transfer files between the local computer and the remote host.
You can transfer one or multiple files at a time between the remote Solaris or SUSE Linux
system and the local computer.
Format
ftp IP address or domain
Parameter Description
l IP address: the IP address of the remote Solaris or SUSE Linux host
l Domain name: the domain name of the remote Solaris or SUSE Linux host
Example
Run the ftp command on the local computer. Assume that the IP address of the remote Solaris
or SUSE Linux host is 10.9.169.143.
Choose Start > Run on the local computer. In the displayed dialog box, enter ftp
10.9.169.143 and click OK. When the ftp window is displayed, enter the Solaris or SUSE
Linux user name and password.
NOTE
Enter the ftp command behind the prompt ftp>. Table D-21 describes the ftp commands
that are commonly used.
get file1 file2 Copy the remote file1 to the local file2.
put file1 file2 Copy the remote file1 to the local file2.
l Copy all the files in the path C:\mydoc on the local computer to the /usr/local/tmp
folder on the remote host in binary format.
ftp> binary
ftp> lcd c:\mydoc
ftp> cd /usr/local/tmp
ftp> mput *.*
l Copy the .login file in the /usr/home/rms folder on the remote host to the path C:\temp
\from folder on the local computer.
ftp> ascii
ftp> lcd c:\temp\from
ftp> cd /usr/home/rms
ftp> get .login
l Copy all files in the /usr/home/rms folder on the remote computer to the path C:\temp
\from on the local computer in binary format.
ftp> binary
The Telnet and FTP protocols belong to the TCP/IP family. They are the protocols at the
application layer. They work in client/server mode. The telnet/ftp program running on the
local computer is a telnet/ftp client program. The telnet/ftp program connects to the server
program in the remote host through the TCP/IP protocol. Any system installed with the
telnet/ftp server-side software can serve as a remote host. In addition to the default network
protocol TCP/IP, the Solaris or SUSE Linux system supports the Telnet/FTP protocols.
Because a Solaris or SUSE Linux host is installed with both the telnet/ftp server software and
the client software, the Solaris or SUSE Linux host can serve as either a telnet/ftp server or a
telnet/ftp client.
D.6.4 finger
This topic describes the finger command used for viewing the information about the online
users who are using the Solaris or SUSE Linux system.
Function
The finger command is used to view the information about online users of the Solaris or
SUSE Linux system.
Command Format
finger user name@host domain|IP address
Parameter Description
l user name: the user that has currently logged in to the local system.
l host domain: the Solaris or SUSE Linux host domain.
l IP address: the IP address of the Solaris or SUSE Linux host.
Example
Table D-22 lists some common examples of the finger command.
Example Description
D.6.5 netstat
This topic describes the netstat command used for displaying the current network status.
Function
The netstat command is used to display the current network status. The netstat command is
powerful but complex in format. This describes common applications of the netstat
command.
Command Format
netstat [options]
Option Description
l For viewing all the sockets and routing tables (netstat -anv)
– -a: views all socket information.
– -n: views the information by number. If you do not specify this parameter, the
information is displayed by logical name.
– -v: views the information about sockets and routing tables of the additional
information.
l For viewing the IP address of the network adapter (netstat -i -I interface interval)
– -i: views the information about the network interface.
– -I interface: specifies an interface, for example, hme0:1
– interval: indicates a time interval.
l For viewing the routing table status (netstat -r -anv)
– -r: views the information about the routing table.
– -anv: refers to For viewing all the sockets and routing tables.
l For viewing the broadcast information (netstat -M -ns)
– -M: views broadcast routing tables.
– -n: views the information by number. If you do not specify this parameter, the
information is displayed by logical name.
Example 1
Use the command netstat -rn to view the information about the routing tables:
# netstat -rn
Routing Table:
Destination Gateway Flags Ref Use Interface
10.105.28.0 10.105.28.202 U 4 2 hme0
10.0.0.0 10.105.31.254 UG 0 0
127.0.0.1 127.0.0.1 UH 0 896 lo0
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.71.158.0 10.0.0.0 255.255.255.128 U 0 0 0 eth2
10.254.0.0 10.0.0.0 255.255.0.0 U 0 0 0 eth2
127.0.0.0 10.0.0.0 255.0.0.0 U 0 0 0 lo
A router can be in any of the following five different flags: U, G, H, D, and M, as described in
Table D-23.
H H indicates a route destined for a host. That is, the destination address is a
complete host address.
NOTE
l If this flag is not set, you can infer that the route leads to a network and that the
destination address is a network address: either a network number or a network.
The part in the address for the host is 0.
l When you search the routing table for an IP address, the host address must exactly
match the destination address.
l The network address, however, is required to match only the network number and
subnet number of the destination address.
The Ref (Reference count) column lists the number of routing progresses. The protocol for
connection, such as TCP, requires a fixed route when a connection is established. If the telnet
connection is established between the host svr4 and the host slip, the Ref is 1. If another telnet
connection is established, its value is changed to 2.
The next column (Use) displays the number of packets sent through a specified route. After
you run the ping command as the unique user of this route, the program sends five groups and
the number of packets is displayed as 5. The last column (Interface) indicates the name of
the local interface.
The name of the loop-back interface is permanent set to lo0. Flag G is not set because the
route is not destined for a gateway. Flag H indicates that the destination address, 127.0.0.1, is
a host address and not a network address. Because flag G is not set, the route here is a direct
route and the gateway column shows the outgoing IP address.
Each host has one or multiple default routes. That is, if a particular route is not found in the
table, the packet is sent to the router. In addition, the current host can access other systems
through the Sun router (and the slip link) on the internet, based on the settings of the routing
table. The flag UG refers to the gateway.
Example 2
Queries the information about the packet transmitted from the network interface and port.
l Queries the information about network interface lo0.
# netstat -I lo0
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queu
lo0 8232 loopback localhost 2201 0 2201 0 0 0
l Queries the information about the packet transmitted from network interface lo0, and
refreshes the information every 200s.
# netstat -I lo0 -an interval 200
input lo0 output input (Total) output
packets errs packets errs colls packets errs packets errs colls
2201 0 2201 0 0 2937974 0 631699 0 0
D.6.6 route
This topic describes the function, format, parameters, and usage examples of the route
command used for modifying and maintaining the routing table.
Function
The routing table relays IP address between network segments. The route command is used to
modify and maintain the routing table.
Format
l Performing the del, delete or change operation to the route may disconnect the OSS client
from the server, and may even cause NEs to be unreacheable. Exercise caution when you
perform this operation.
l Options are separated using vertical bars (|). Optional parameters are enclosed with square
brackets ([]). Variables are italicized. Set them as needed.
l This section only provides common route commands. For details, run the man route
command in the OS.
route [-n]
Parameter Description
Options of the route command can be combined. Table D-24 lists some common options.
Option Description
netmask Indicate the network mask used for adding a network route.
Authorized Users
In the Solaris or SUSE Linux operating system, user root is authorized to run this command.
Example
In the Solaris OS:
l To query the route table information, run the following command:
# netstat -rn
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.185.188.1 UG 1 618822
10.185.188.0 10.185.188.110 U 1 738 igb0
127.0.0.1 127.0.0.1 UH 131 813573 lo0
# netstat -rn
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.185.188.1 UG 1 621221
10.185.188.0 10.185.188.110 U 1 740 igb0
192.168.0.0 10.185.188.1 UG 1 6
127.0.0.1 127.0.0.1 UH 128 816816 lo0
NOTE
In the preceding command, 192.168.0.0 10.185.188.1 UG 1 6 is the added route.
l To obtain the route information about the 192.168 network segment, run the following
command:
# route -n get 192.168.0.0
route to: 192.168.0.0
destination: 192.168.0.0
mask: 255.255.0.0
gateway: 10.185.188.1
interface: igb0
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,ms rttvar,ms hopcount mtu
expire
0 0 0 0 0 0 1500 0
# netstat -rn
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.185.188.1 UG 1 621300
10.185.188.0 10.185.188.110 U 1 740 igb0
192.168.0.0 10.144.255.66 UG 1 45
127.0.0.1 127.0.0.1 UH 128 817040 lo0
NOTE
In the preceding command, 192.168.0.0 10.144.255.66 UG 1 45 is the route whose
network segment is modified.
l To delete a route, run the following command:
# route delete 192.168.0.0 10.144.255.66
delete net 192.168.0.0: gateway 10.144.255.66
# netstat -rn
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.185.188.1 UG 1 621330
10.185.188.0 10.185.188.110 U 1 740 igb0
127.0.0.1 127.0.0.1 UH 128 817096 lo0
NOTE
In the preceding command, 10.144.252.0 10.144.252.1 255.255.252.0 UG 0 0
0 bond0 is the added route.
l To delete a route, run the following command:
# route del -net 10.144.252.0 netmask 255.255.252.0 gw 10.144.252.1
To query the route table, run the following command:
# route -n
This topic describes the common command reference of the Sybase database, including
command functions and usage examples.
E.1 startserver
This topic describes the startserver command used for starting the Sybase database.
E.2 showserver
This topic describes the showserver command used to view the running status of the Sybase
database.
E.3 isql
This topic describes the isql command used for connecting to the Sybase database.
E.4 shutdown
This topic describes the shutdown command used for shutting down the Sybase database.
E.5 sp_configure
This topic describes the sp_configure command used for viewing and setting the Sybase
database parameters.
E.1 startserver
This topic describes the startserver command used for starting the Sybase database.
Function
The startserver command is used to start the Sybase database instance or corresponding
backup instance.
Syntax
startserver -f parameter
Parameter Description
Table E-1 describes the parameters.
Parameter Description
Examples
Assume that the Sybase database is installed in /opt/sybase, the database instance name is
DBSVR, the corresponding backup instance name is DBSVR_back.
In the command prompt window, run the following commands to start the Sybase database as
the user dbuser.
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/ASE-15_0/install
A large amount of start information is displayed. See E.2 showserver to check whether the
Sybase database is started successfully.
E.2 showserver
This topic describes the showserver command used to view the running status of the Sybase
database.
Function
The showserver command is used to view the running status of the Sybase database.
Syntax
showserver
Parameter Description
None
Examples
Assume that the Sybase database is installed in /opt/sybase, the database instance name is
DBSVR, and backup database instance name is DBSVR_back.
In the command prompt window, run the following command to view the running status of
the Sybase database.
$ cd /opt/sybase/ASE-15_0/install
$ ./showserver
The information similar to the following is displayed. If DBSVR and DBSVR_back are
displayed, it indicates that both the Sybase database instance and the backup database instance
run properly.
UID PID PPID C STIME TTY TIME CMD
dbuser 22364 22363 0 16:59:39 ? 0:00 /opt/sybase/ASE-15_0/bin/backupserver
-SDBSVR_back -e/opt/sybase/ASE-15_0/install
dbuser 22305 22304 0 16:54:38 ? 3:40 /opt/sybase/ASE-15_0/bin/dataserver -
sDBSVR -d/opt/sybase/data/lv_master -e/opt/sybase
If the following information is displayed, it means that no Sybase database is started. See E.1
startserver to start the Sybase database.
UID PID PPID C STIME TTY TIME CMD
E.3 isql
This topic describes the isql command used for connecting to the Sybase database.
Function
The isql command is used to connect to the Sybase database. You can run sql sentences in the
isql command line or configure the Sybase database.
Syntax
isql option1parameter1 option2parameter2...
Parameter Description
Table E-2 describes the parameters.
Option Description
Examples
Assume that the Sybase database is installed in /opt/sybase, the database instance name is
DBSVR, and the password of the sa user is password.
In the command prompt window, run the following commands to connect to the Sybase
database.
NOTE
If the Sybase database administrator sa is disabled, perform the operations as the database user who
replaces the sa user. For details about how to disable the sa user and create a user to replace the sa user,
see sec_adm -cmd modifyDBAUserName.
For an application developed based on the Sybase database, the environment variable of the
Sybase database is usually run automatically when you set the environment variable of the
application (such as U2000). In the condition that the environment variable of the application
does not conflict with that of the Sybase database, use method one to connect to the Sybase
database. Otherwise, use method two to avoid the conflict.
l Method 1:
$ cd /opt/oss/server
$ . svc_profile.sh
# isql -SSYB_server -Usa
Password:
l Method 2:
$ . /opt/sybase/SYBASE.sh
# isql -SSYB_server -Usa
Password:
If connecting to the Sybase database succeeds, the following prompt of the isql command line
is displayed:
1>
If connecting to the Sybase database fails, find out the cause according to the prompt.
E.4 shutdown
This topic describes the shutdown command used for shutting down the Sybase database.
Function
The shutdown command is used to shut down the Sybase database instance or corresponding
backup instance after you use the isql command to connect to the Sybase database.
After the shutdown command is executed, the status of the Sybase database instance or
corresponding backup instance is changed and the functions of U2000 may become abnormal.
Execute this command with caution.
Syntax
shutdown parameter
Parameter Description
Table E-3 describes the parameters.
Examples
Assume that the Sybase database is installed in /opt/sybase, the database instance name is
DBSVR, and the password of the sa user is password.
NOTE
If the Sybase database administrator sa is disabled, perform the operations as the database user who
replaces the sa user. For details about how to disable the sa user and create a user to replace the sa user,
see sec_adm -cmd modifyDBAUserName.
2> go
If the information similar to the following is displayed, it indicates that the backup
instance of the Sybase database is shut down normally. Otherwise, find out the cause to a
failure according to the prompt.
Backup Server: 3.48.1.1: The Backup Server will go down immediately.
Terminating sessions.
E.5 sp_configure
This topic describes the sp_configure command used for viewing and setting the Sybase
database parameters.
Function
The sp_configure command is run in the ISQL CLI and used to view and set the Sybase
database parameters.
Syntax
sp_configure parameter parameter value
Parameter Description
Table E-4 describes the parameters.
Parameter Description
Examples
Assume that the Sybase database is installed in /opt/sybase, the database instance name is
DBSVR, and the password of the sa user is password. The task in this example is to set the
max memory parameter of the Sybase database to 2048 MB.
NOTE
l For details about parameter settings, see the related documents of the Sybase database.
l If the Sybase database administrator sa is disabled, perform the operations as the database user who
replaces the sa user. For details about how to disable the sa user and create a user to replace the sa
user, see sec_adm -cmd modifyDBAUserName.
(1 row affected)
(return status = 0)
l If the prompt contains (1 row affected) and (return status = 0), it indicates that the setting
is successful. In the case of a failure, find out the cause according to the prompt.
l In this sample, the memory unit is 2 KB, so the parameter value is 2097152 (2 KB), that is,
2048 MB x 1024 x 2.
The common commands and their functions for the HA system (Veritas Hot Standby) are
described.
Commands
Command Description
Command Description
F.2.1 vxprint
You can check the statuses of the volume, RLink, and RVG.
Application Scenarios
l Check the statuses of the volume, RLink, and RVG.
l Query the status during routine patrol and fault maintenance.
Command Formats
l View the volume status:vxprint -v.
l View the RVG status:
– vxprint -V
– vxprint -l datarvg
l View the RLink status:
– vxprint -P
– vxprint -l datarlk
TY Type. In general, "dg" indicates the disk group, "dm" indicates the
disk, "v" indicates the volume, "rl" indicates the RLink, and "rv"
indicates RVG. "pl" and "sd" can be neglected.
flags The flag for RLINK, which should be write enabled attached
consistent connected asynchronous in the normal state.
F.2.2 vxdisk
You can check whether the disks managed by Veritas are normal.
Application Scenarios
l Check whether the disks managed by Veritas are normal.
l Check the disks during routine maintenance.
Command Formats
# vxdisk list
F.2.3 vxdg
You can check whether the disk groups managed by Veritas are normal.
Application Scenarios
l Check whether the disk groups managed by Veritas are normal.
l Check the disk groups during routine maintenance.
Command Formats
# vxdg list
NAME Disk group name. It is datadg in the case of two hard disks, and
rootdg in the case of at least three hard disks.
STATE Enabled.
F.2.4 vradmin
You can query the replication status.
Application Scenarios
l Query the replication status.
l Query the status during routine patrol and fault maintenance. In this way, you can
proceed with the next operation according to the current status.
Command Formats
l # vradmin printrvg RVG name
Secondary:
Host name: 10.9.1.2
RVG name: datarvg
DG name: datadg
Data status: consistent, up-to-date
Replication status: replicating (connected)
Current mode: asynchronous
Logging to: SRL
Timestamp Information: behind by 0h 0m 0s
RVG name RVG name of the active site. It is datarvg in this example.
RVG state RVG status. Normally, the it is enabled for I/O in this
status is enabled for I/O. example.
F.2.5 hastatus
You can query the VCS status.
Application Scenarios
l Query the VCS status for the Veritas hot standby system.
l Query the status during routine patrol and fault maintenance. In this way, you can
proceed with the next operation according to the current status.
Command Examples
l # hastatus -sum
View the status of each service group in the VCS.
l # hastatus
View the status of each resource in the VCS.
NOTE
F.3.1 hagrp
You can control the VCS resource groups.
Application Scenarios
Control the VCS resource groups.
Command Formats
l # hagrp -online resource group name -sys host name
Examples
l # hagrp -online AppService -sys Primary
Start the U2000 server on the primary site.
NOTE
Prerequisites:
l All the groups that the resource group depends on are online.
l The resource group is not frozen.
Operation result: The U2000 server is started.
If you perform the online operation the first time, the -force parameter is required. For example:
hagrp -online -force AppService -sys Primary.
l # hagrp -offline AppService -sys Primary
Shut down the U2000 server on the primary site.
NOTE
Prerequisites:
l All the groups that depend on the resource group are offline.
l The resource group is not frozen.
Operation result: The U2000 server is shut down.
l # hagrp -freeze AppService -sys Primary
Freeze the AppService group on the primary site.
NOTE
Prerequisites: None
Operation result: The resource group is locked. The VCS no longer monitors this resource group.
That is, the VCS function is disabled.
l # hagrp -unfreeze AppService -sys Primary
Unfreeze the AppService group on the primary site.
NOTE
Prerequisites: None
Operation result: The resource group is unlocked. The VCS function is enabled.
l # hagrp -clear AppService -sys Primary
Clear faults of the AppService group on the primary site.
NOTE
Prerequisites: The status of a resource group is FAULT. In this case, a resource is usually faulty.
For example, a core dump of the U2000 process occurs.
Operation result: The error tag of the VCS is cleared. In this way, the online operation can be
performed.
F.3.2 hastop
This section describes how to forcibly shut down the VCS server in the Veritas hot standby.
Application Scenarios
Forcibly shut down the VCS server. The VCS server cannot be normally shut down by
running the /etc/rc3.d/S99vcs script.
Command Formats
# hastop -all -force
Examples
# hastop -all -force
Forcibly shut down the VCS server.
NOTE
Prerequisites: None
Operation result: The VCS server is forcibly shut down. The status of VCS resources is not offline.
This topic describes the maintenance tools that are commonly used in the U2000.
Table G-1 show the maintenance tools that are commonly used in the U2000.
NMS Maintenance Tool Deploys the U2000, manages the database, backs up and
restores the database, initializes the database, and maintains
the system.
SetSuse Reinforces the security of the NMS in the SUSE Linux OS.
A
access control list A list of entities, together with their access rights, which are authorized to have access
to a resource.
access control right The level of right granted to a user for his access to certain items.
ACL See access control list
advanced telecom A platform that is used by the hardware of the N2510. To expand the system capacity
application smoothly, you only need to add certain boards to the shelf and need not replace the
environment server. This helps reduce the investments of the customer.
AIS See Alarm Indication Signal
Alarm A message reported when a fault is detected by a device or by the network
management system during the process of polling devices. Each alarm corresponds to
a recovery alarm. After a recovery alarm is received, the status of the corresponding
alarm changes to cleared.
alarm An operation performed on an alarm. Through this operation, the status of an alarm is
acknowledgement changed from unacknowledged to acknowledged, which indicates that the user starts
handling the alarm. The process during which when an alarm is generated, the
operator needs to acknowledge the alarm and take the right step to clear the alarm.
alarm correlation rule A process of analyzing the alarms that meet alarm correlation rules. If alarm 2 is
analyzing generated within 5 seconds after alarm 1 is generated and meets the alarm correlation
analysis rules, the EMS masks alarm 2 or improves its severity level according to the
alarm correlation rules.
alarm delay time The alarm delay time consists of the start delay time and the end delay time. When an
NE detects an alarm for a period, the period is the start delay time. When an NE
detects that the alarm disappears for a period, the period is the end delay time.
Unnecessary alarms that are caused by error reports or jitters can be avoided by setting
the delay time.
alarm indication On the cabinet of an NE, there are four indicators in different colors indicating the
current status of the NE. When the green indicator is on, it indicates that the NE is
powered on. When the red indicator is on, it indicates that a critical alarm is generated.
When the orange indicator is on, it indicates that a major alarm is generated. When the
yellow indicator is on, it indicates that a minor alarm is generated. The ALM alarm
indicator on the front panel of a board indicates the current status of the board. (Metro)
Alarm Indication A code sent downstream in a digital network as an indication that an upstream failure
Signal has been detected and alarmed. It is associated with multiple transport layers. Note:
See ITU-T Rec. G.707/Y.1322 for specific AIS signals.
alarm mask On the host, an alarm management method through which users can set conditions for
the system to discard (not to save, display, or query for) the alarm information meeting
the conditions.
alarm reporting to the On a device, an alarm is reported to the EMS at once after the alarm is generated. On
EMS immediately the EMS client, the corresponding alarm information is displayed on the alarm panel.
alarm severity The significance of a change in system performance or events. According to ITU-T
recommendations, an alarm can have one of the following severities:Critical, Major,
Minor, Warning.
alarm status The devices in the network report traps to the NMS, which displays the alarm statuses
in the topological view. The status of an alarm can be critical, major, minor and
prompt.
alarm synchronization When alarm synchronization is implemented, the EMS checks the alarm information
in its database and on the NEs. If the alarm information on the two locations is
inconsistent, the alarm information on the NEs is synchronized to the EMS database to
replace the original records.
ALC link A piece of end-to-end configuration information, which exists in the equipment
(single station) as an ALC link node. Through the ALC function of each node, it
fulfils optical power control on the line that contains the link.
ARP Proxy When a host sends an ARP request to another host, the request is processed by the
DSLAM connected to the two hosts. The process is called ARP proxy. This protocol
helps save the bandwidth in the networking of a low-rate WAN or helps implement the
layer 3 communication between access devices in the networking of layer 2 isolation.
Asynchronous A data transfer technology based on cell, in which packets allocation relies on channel
Transfer Mode demand. It supports fast packet switching to achieve efficient utilization of network
resources. The size of a cell is 53 bytes, which consist of 48-byte payload and 5-byte
header.
ATAE See advanced telecom application environment
ATM See Asynchronous Transfer Mode
Authority and Domain The function of the NMS for authority management. With this function, you can:
Based Management
1. Partition and control the management authority
2. Manage device nodes and service data by region
3. Allocate users with different management and operation rights for different
regions
auto-negotiation An optional function of the IEEE 802.3u Fast Ethernet standard that enables devices
to automatically exchange information over a link about speed and duplex abilities.
bandwidth A range of transmission frequencies that a transmission line or channel can carry in a
network. In fact, it is the difference between the highest and lowest frequencies the
transmission line or channel. The greater the bandwidth, the faster the data transfer
rate.
BASE A kind of bus or plane used to load software, transmit alarms and maintain
information exchange.
basic input/output A firmware stored in the computer mainboard. It contains basic input/output control
system programs, power-on self test (POST) programs, bootstraps, and system setting
information. The BIOS provides hardware setting and control functions for the
computer.
BFD See Bidirectional Forwarding Detection
Bidirectional A simple Hello protocol, similar to the adjacent detection in the route protocol. Two
Forwarding Detection systems periodically send BFD detection messages on the channel between the two
systems. If one system does not receive the detection message from the other system
for a long time, you can infer that the channel is faulty. Under some conditions, the
TX and RX rates between systems need to be negotiated to reduce traffic load.
BIOS See basic input/output system
board Board refers to an electronic part that can be plugged in to provide new capability. It
comprises chips and electronic components and these components are always on a flat
and hard base and connected through conductive paths. A board provides ports for
upstream connections or service provisioning.
Bond Bond: On the SUSE Linux OS, the bond technology is used to form a virtual layer
between the physical layer and the data link layer. This technology allows two server
NICs connecting to a switch to be bound to one IP address. The MAC addresses of the
two NICs are also automatically bound as one MAC address. In this manner, a virtual
NIC is formed. The bond technology supports two modes: double-live and primary/
secondary. In double-live mode, after receiving request data from a remote server, the
virtual NIC on the server determines data transmission based on an algorithm,
improving network throughput and usability of the server. In primary/secondary mode,
if an NIC does not function properly, services will be automatically switched to the
other NIC, ensuring service protection. The SUSE Linux OS supports the binding of
NICs in primary/secondary mode.
Client/Server The model of interaction in a distributed system in which a program at one site sends a
request to a program at another site and awaits a response. The requesting program is
called a client. The program satisfying the request is called the server. It is usually
easier to build client software than build the server software.
client/server software A message-based and modular software architecture that comprises servers and
architecture clients. Compared with the centralized, mainframe, and time sharing computing, the
client/server software architecture improves the usability, flexibility, interoperability,
and scalability. In this architecture, a client is defined as the party that requires
services and a server is defined as the party that provides services. The client/server
architecture reduces network traffic by providing a query response rather than
transferring all files.
cluster A mechanism adopted to improve the system performance. Several devices of the
same type form a cluster. The exterior of a cluster is some like a kind of equipment. In
the interior of a cluster, the nodes share the load.
committed access rate A traffic control method that uses a set of rate limits to be applied to a router interface.
CAR is a configurable method by which incoming and outgoing packets can be
classified into QoS (Quality of Service) groups, and by which the input or output
transmission rate can be defined.
Committed The rate at which a frame relay network agrees to transfer information in normal
Information Rate conditions. Namely, it is the rate, measured in bit/s, at which the token is transferred to
the leaky bucket.
Common Desktop The Common Desktop Environment (CDE) is an integrated graphical user interface
Environment for open systems desktop computing. It delivers a single, standard graphical interface
for the management of data and files (the graphical desktop) and applications. CDE's
primary benefits -- deriving from ease-of-use, consistency, configurability, portability,
distributed design, and protection of investment in today's applications -- make open
systems desktop computers as easy to use as PCs, but with the added power of local
and network resources available at the click of a mouse.
Common Object A specification developed by the Object Management Group in 1992 in which pieces
Request Broker of programs (objects) communicate with other objects in other programs, even if the
Architecture two programs are written in different programming languages and are running on
different platforms. A program makes its request for objects through an object request
broker, or ORB, and thus does not need to know the structure of the program from
which the object comes. CORBA is designed to work in object-oriented environments.
See also IIOP, object (definition 2), Object Management Group, object-oriented.
Common Object A specification developed by the Object Management Group in 1992 in which pieces
Request Broker of programs (objects) communicate with other objects in other programs, even if the
Architecture two programs are written in different programming languages and are running on
different platforms. A program makes its request for objects through an object request
broker, or ORB, and thus does not need to know the structure of the program from
which the object comes. CORBA is designed to work in object-oriented environments.
See also IIOP, object (definition 2), Object Management Group, object-oriented.
CORBA See Common Object Request Broker Architecture
CORBA See Common Object Request Broker Architecture
D
Data Communication Data Communications Channel. The data channel that uses the D1-D12 bytes in the
Channel overhead of an STM-N signal to transmit information on operation, management,
maintenance and provision (OAM&P) between NEs. The DCC channels that are
composed of bytes D1-D3 is referred to as the 192 kbit/s DCC-R channel. The other
DCC channel that are composed of bytes D4-D12 is referred to as the 576 kbit/s DCC-
M channel.
data communication A communication network used in a TMN or between TMNs to support the data
network communication function.
data replication link A link used for data replication between the production machine and redundancy
machine. It is separated from the network of the primary links.
DCC See Data Communication Channel
DCN See data communication network
DDN See digital data network
Delay An average time taken by the service data to transmit across the network.
DG disk group
DHCP See Dynamic Host Configuration Protocol
digital data network A high-quality data transport tunnel that combines the digital channel (such as fiber
channel, digital microwave channel, or satellite channel) and the cross multiplex
technology.
disk mirroring A technique in which all or part of a hard disk is duplicated onto one or more other
hard disks, each of which ideally is attached to its own controller. With disk mirroring,
any change made to the original disk is simultaneously made to the other disks so that
if the original disk becomes damaged or corrupted, the mirror disks will contain a
current, undamaged collection of the data from the original disk.
Dynamic Host A client-server networking protocol. A DHCP server provides configuration
Configuration Protocol parameters specific to the DHCP client host requesting, generally, information
required by the host to participate on the Internet network. DHCP also provides a
mechanism for allocation of IP addresses to hosts.
E
E1 A European standard for high-speed data transmission at 2.048 Mbit/s. It provides 32
x 64 kbit/s channels.
ECC See embedded control channel
embedded control A logical channel that uses a data communications channel (DCC) as its physical
channel layer, to enable transmission of operation, administration, and maintenance (OAM)
information between NEs.
Equipment Serial A 32-bit number assigned by the mobile station manufacturer, uniquely identifying the
Number mobile station equipment.
ESN See Equipment Serial Number
F
Fabric A kind of bus/plane used to exchange system service data.
File Transfer Protocol A member of the TCP/IP suite of protocols, used to copy files between two computers
on the Internet. Both computers must support their respective FTP roles: one must be
an FTP client and the other an FTP server.
FTP See File Transfer Protocol
G
gateway A device to connect two network segments which use different protocols. It is used to
translate the data in the two network segments.
gateway network A network element that is used for communication between the NE application layer
element and the NM application layer
GE The IEEE standard dubbed 802.3z, which includes support for transmission rates of1
Gbps (gigabit per second)--1,000 Mbps (megabits per second)--over an Ethernet
network.
GMT See Greenwich Mean Time
GNE See gateway network element
graphical user A visual computer environment that represents programs, files, and options with
interface graphical images, such as icons, menus, and dialog boxes, on the screen.
Greenwich Mean Time The mean solar time at the Royal Greenwich Observatory in Greenwich near London
in England, which by convention is at 0 degrees geographic longitude.
GUI See graphical user interface
H
HA See High Availability
HA system See high availability system
half-duplex A transmitting mode in which a half-duplex system provides for communication in
both directions, but only one direction at a time (not simultaneously). Typically, once a
party begins receiving a signal, it must wait for the transmitter to stop transmitting,
before replying.
High Availability The ability of a system to continuously perform its functions during a long period,
which may exceeds the suggested working time of the independent components. You
can obtain the high availability (HA) by using the error tolerance method. Based on
learning cases one by one, you must also clearly understand the limitations of the
system that requires an HA ability and the degree to which the ability can reach.
high availability The high availability system (HA) system indicates that two servers are adopted by a
system same computer. When the primary server is faulty, the secondary server provides the
environment on which the software runs through the related technology.
History alarm The confirmed alarms that have been saved in the memory and other external
memories.
host The computer system that is connected with disks, disk subsystems, or file servers and
on which data is stored and I/Os are accessed. A host can be a large computer, server,
workstation, PC, multiprocessor computer, and computer cluster system.
I
IANA See Internet assigned numbers authority
ICA See independent computing architecture
ICMP See Internet Control Message Protocol
IE See Internet Explorer
IEEE See Institute of Electrical and Electronics Engineers
iMAP See integrated management application platform
independent An architecture that logically separates application execution from user interfaces to
computing transmit only keyboard actions, mouse responses, and screen updates on the network.
architecture
Institute of Electrical A society of engineering and electronics professionals based in the United States but
and Electronics boasting membership from numerous other countries. The IEEE focuses on electrical,
Engineers electronics, computer engineering, and science-related matters.
integrated N/A
management
application platform
International Standard One of two international standards bodies responsible for developing international
Organization data communications standards. International Organization for Standardization (ISO)
works closely with the International Electro- technical Commission (IEC) to define
standards of computing. They jointly published the ISO/IEC SQL-92 standard for
SQL.
International An organization that establishes recommendations and coordinates the development of
Telecommunication telecommunication standards for the entire world.
Union
Telecommunication
Standardization
Internet assigned The organization operated under the IAB. IANA delegates authority for IP address-
numbers authority space allocation and domain-name assignment to the NIC and other organizations.
IANA also maintains a database of assigned protocol identifiers used in the TCP/IP
suite, including autonomous system numbers.
Internet Control A network-layer (ISO/OSI level 3) Internet protocol that provides error correction and
Message Protocol other information relevant to IP packet processing. For example, it can let the IP
software on one machine inform another machine about an unreachable destination.
See also communications protocol, IP, ISO/OSI reference model, packet (definition 1).
Internet Explorer Microsoft's Web browsing software. Introduced in October 1995, the latest versions of
Internet Explorer include many features that allow you to customize your experience
on the Web. Internet Explorer is also available for the Macintosh and UNIX platforms.
Internet Protocol The TCP/IP standard protocol that defines the IP packet as the unit of information sent
across an Internet and provides the basis for connectionless, best-effort packet delivery
service. IP includes the ICMP control and error message protocol as an integral part.
The entire protocol suite is often referred to as TCP/IP because TCP and IP are the
two fundamental protocols. IP is standardized in RFC 791.
Internet Protocol A update version of IPv4. It is also called IP Next Generation (IPng). The
Version 6 specifications and standardizations provided by it are consistent with the Internet
Engineering Task Force (IETF).Internet Protocol Version 6 (IPv6) is also called. It is a
new version of the Internet Protocol, designed as the successor to IPv4. The
specifications and standardizations provided by it are consistent with the Internet
Engineering Task Force (IETF).The difference between IPv6 and IPv4 is that an IPv4
address has 32 bits while an IPv6 address has 128 bits.
inventory A physical inventory in the U2000, that is, a physical resource such as a
telecommunications room, rack, NE, subrack, board, subboard, port, optical module,
fiber/cable, fiber and cable pipe, link resource, interface resource, access service,
ONU, or NE e-label that can be managed on the U2000, and the relationship between
resources.
IP See Internet Protocol
IPv4 The abbreviation of Internet Protocol version 4. IPv4 utilizes a 32bit address which is
assigned to hosts. An address belongs to one of five classes (A, B, C, D, or E) and is
written as 4 octets separated by periods and may range from 0.0.0.0 through to
255.255.255.255. Each address consists of a network number, an optional subnetwork
number, and a host number. The network and subnetwork numbers together are used
for routing, and the host number is used to address an individual host within the
network or subnetwork. IPv4 addresses may also be represented using CIDR
(Classless Inter Domain Routing).
IPv6 See Internet Protocol Version 6
ISO See International Standard Organization
ITU-T See International Telecommunication Union Telecommunication Standardization
J
Java Virtual Machine The environment in which Java programs run. The Java Virtual Machine gives Java
programs a software-based computer they can interact with. Because the Java Virtual
Machine is not a real computer but exists in software, a Java program can run on any
physical computing platform.
JRE Java runtime environment
JVM See Java Virtual Machine
K
keyboard, video, and A hardware device installed in the integrated configuration cabinet. KVM serves as
mouse the input and output device for the components inside the cabinet. It consists of a
screen, a keyboard, and a mouse.
KVM See keyboard, video, and mouse
L
LAN See Local Area Network
LCT See Local Craft Terminal
LDAP See Lightweight Directory Access Protocol
License A permission that the vendor provides for the user with a specific function, capacity,
and durability of a product. A license can be a file or a serial number. Usually the
license consists of encrypted codes, and the operation authority varies with different
level of license.
Lightweight Directory An TCP/IP based network protocol that enables access to a DSA. It involves some
Access Protocol reduced functionality from X.500 DAP specification.
Link Layer Discovery The Link Layer Discovery Protocol (LLDP) is an L2D protocol defined in IEEE
Protocol 802.1ab. Using the LLDP, the NMS can rapidly obtain the Layer 2 network topology
and changes in topology when the network scales expand.
LLDP See Link Layer Discovery Protocol
load balancing The distribution of activity across two or more servers or components in order to
avoid overloading any one with too many requests or too much traffic.
Local Area Network A network formed by the computers and workstations within the coverage of a few
square kilometers or within a single building. It features high speed and low error rate.
Ethernet, FDDI, and Token Ring are three technologies used to implement a LAN.
Current LANs are generally based on switched Ethernet or Wi-Fi technology and
running at 1,000 Mbit/s (that is, 1 Gbit/s).
Local Craft Terminal Local Craft Terminal. The terminal software that is used for local maintenance and the
management of NEs in the singer-user mode, to realize integrated management of
multi-service transmission network. See also U2000.
M
MAN See Metropolitan Area Network
MD5 See Message-Digest Algorithm 5
MDP See message dispatch process
message dispatch N/A
process
Message-Digest A one-way hashing algorithm that produces a 128-bit hash. Both MD5 and Secure
Algorithm 5 Hash Algorithm (SHA) are variations on MD4 and are designed to strengthen the
security of the MD5 hashing algorithm.
Metropolitan Area A metropolitan area network (MAN) is a network that interconnects users with
Network computer resources in a geographic area or region larger than that covered by even a
large local area network (LAN) but smaller than the area covered by a wide area
network (WAN). The term is applied to the interconnection of networks in a city into a
single larger network (which may then also offer efficient connection to a wide area
network). It is also used to mean the interconnection of several local area networks by
bridging them with backbone lines. The latter usage is also sometimes referred to as a
campus network.
modem A device or program that enables a computer to transmit data over, for example,
telephone or cable lines. Computer information is stored digitally, whereas
information transmitted over telephone lines is transmitted in the form of analog
waves. A modem converts between these two forms.
MS Manual Switch
MSTP See multi-service transmission platform
MSuite NMS maintenance suite
multi-service A platform based on the SDH platform, capable of accessing, processing and
transmission platform transmitting TDM services, ATM services, and Ethernet services, and providing
unified management of these services.
N
NBI See northbound interface
NE See network element
network element A network element (NE) contains both the hardware and the software running on it.
One NE is at least equipped with one system control board which manages and
monitors the entire network element. The NE software runs on the system control
board.
network layer The network layer is layer 3 of the seven-layer OSI model of computer networking.
The network layer provides routing and addressing so that two terminal systems are
interconnected. In addition, the network layer provides congestion control and traffic
control. In the TCP/IP protocol suite, the functions of the network layer are specified
and implemented by IP protocols. Therefore, the network layer is also called IP layer.
Network Management A system in charge of the operation, administration, and maintenance of a network.
System
Network Time The Network Time Protocol (NTP) defines the time synchronization mechanism. It
Protocol synchronizes the time between the distributed time server and the client.
new technology file An advanced file system designed for use specifically with the Windows NT operating
system system. It supports long filenames, full security access control, file system recovery,
extremely large storage media, and various features for the Windows NT POSIX
subsystem. It also supports object-oriented applications by treating all files as objects
with user-defined and system-defined attributes.
NMS See Network Management System
northbound interface The interface that connects to the upper-layer device to realize service provisioning,
report alarms and performance statistics.
NTFS See new technology file system
NTP See Network Time Protocol
O
OAM See operation, administration and maintenance
Object Set A collection of managed objects. Object sets are established to facilitate the user right
management. If a user (or user group) is authorized with the operation rights of an
object set, the user (or user group) can perform all the authorized operations on all the
objects within the object set. This saves you the trouble of setting the management
rights for each NE one by one. Object sets can be created by geographical area,
network layer, equipment type and so on.
OMC See Operation and Maintenance Center
ONU See Optical Network Unit
Operation and An Operations and Maintenance Centre is an element within a network management
Maintenance Center system responsible for the operations and maintenance of a specific element or group
of elements. For example an OMC-Radio may be responsible for the management of a
radio subsystem where as an OMC-Switch may be responsible for the management of
a switch or exchange. However, these will in turn be under the control of a NMC
(Network Management Centre) which controls the entire network.
Operation Rights Operation Rights specify the concrete operation that the user can perform. The
operation right aims at the security objects. If one user has no right to manage one
device, he or she cannot operate the device.
Operation Set A collection of operations. Classifying operations into operation sets helps to manage
user operation rights. Operations performed by different users have different impacts
on system security. Operations with similar impacts are classified into an operation
set. Users or user groups entitled to an operation set can perform all the operations in
the operation set. The NMS provides some default operation sets. If the default
operation sets cannot meet the requirements for right allocation, users can create
operation sets as required.
Operation System Operation System is abbreviated to OS. OS is the interface between users and
computers. It manages all the system resources of the computer, and also provides an
abstract computer for users. With the help of OS, users can use the computers without
any direct operation on hardware. For the computer system, OS is a set of programs
used to manage all system resources; for users, OS provides a simple and abstract
method to use the system resources.
operation, A group of network support functions that monitor and sustain segment operation,
administration and activities that are concerned with, but not limited to, failure detection, notification,
maintenance location, and repairs that are intended to eliminate faults and keep a segment in an
operational state and support activities required to provide the services of a subscriber
access network to users/subscribers.
Operations Support A system whose main function is to run applications that manage network elements,
System networks and services.
Optical Network Unit A form of Access Node that converts optical signals transmitted via fiber to electrical
signals that can be transmitted via coaxial cable or twisted pair copper wiring to
individual subscribers.
OS See Operation System
OSS See Operations Support System
P
packet loss ratio The ratio of total lost packet outcomes to total transmitted packets in a population of
interest.
Power and The power and environment monitoring unit is installed at the top of the cabinet of the
environment SDH equipment and is used to monitor the environment variables, such as the power
monitoring unit supply and temperature. With external signal input through the relay, fire alarm,
smoke alarm, burglary alarm, etc. can be monitored as well. With the display on NMS
system, the change of environment can be monitored timely and accurately. For the
equipment installed with a power & environment monitoring board, the following
parameters can be set: relay switch output control, temperature alarm threshold, relay
usage and alarm setting, query of DIP switch status, etc.
PPPoE See Point-to-Point Protocol over Ethernet
private network A network which provides services to a specific set of users only (see
Recommendation I.570).
PSTN See public switched telephone network
PTN See packet transport network
public switched Public Switched Telephone Network. A telecommunications network established to
telephone network perform telephone services for the public subscribers.Sometimes called POTS.
R
RADIUS See remote authentication dial-in user service
RADIUS See Remote Authentication Dial in User Service
RAID See Redundant Arrays of Independent Disks
Redundant Arrays of A data storage scheme that allows data to be stored and replicated in a hardware disk
Independent Disks group (logical hard disk) consisting of multiple hard disks (physical hard disks). When
multiple physical disks are set up to use the RAID technique, they are said to be in a
RAID array. The hard disks in a RAID array provides higher data reliability and input/
output performance. There are various defined levels of RAID, each offering differing
trade-offs among access speed, reliability, and cost. At present, there are seven basic
RAID levels from RAID 0 to RAID 6. These basic RAID levels can be further
combined to form new RAID levels, such as RAID 10 (a combination of RAID 0 and
RAID 1).
Remote Authentication RADIUS was originally used to manage the scattered users who use the serial
Dial in User Service interface and modem, and it has been widely used in NAS. NAS delivers the
information of users on authentication, authorization and accounting to the RADIUS
server. RADIUS stipulates how the user and accounting information is transferred
between NAS and RADIUS. The RADIUS server is responsible for receiving the
connection request from users to complete authentication, and returning the
configurations of the users to NAS.
remote authentication A security service that authenticates and authorizes dial-up users and is a centralized
dial-in user service access control mechanism. RADIUS uses the User Datagram Protocol (UDP) as its
transmission protocol to ensure real-time quality. RADIUS also supports the
retransmission and multi-server mechanisms to ensure good reliability.
replicated volume N/A
group
replication link A link used for data replication between the production machine and redundancy
machine. It is physically separated from the network of the primary links.
Rlink See data replication link
RTN Radio Transmission Node
RVG See replicated volume group
S
Script file It is the text file describing the physical information and configuration information of
the entire network, including the NE configuration file, port naming file, end-to-end
configuration file, NE physical view script file, NMS information file and service
implementation data script file.
SDH See Synchronous Digital Hierarchy
Secure File Transfer A network protocol designed to provide secure file transfer over SSH.
Protocol (SFTP)
Secure Shell (SSH) A set of standards and an associated network protocol that allows establishing a secure
channel between a local and a remote computer. A feature to protect information and
provide powerful authentication function for a network when a user logs in to the
network through an insecure network. It prevents IP addresses from being deceived
and plain text passwords from being captured.
Secure Sockets Layer A protocol for ensuring security and privacy in Internet communications. SSL
supports authentication of client, server, or both, as well as encryption during a
communications session.
Security Log Security logs record the security operations on the NMS, such as logging in to the
server, modifying the password, and exiting from the NMS server.
Serial Line Interface Serial Line Interface Protocol, defines the framing mode over the serial line to
Protocol implement transmission of messages over the serial line and provide the remote host
interconnection function with a known IP address.
server 1. On a local area network, a computer running administrative software that
controls access to the network and its resources, such as printers and disk drives,
and provides resources to computers functioning as workstations on the network.
2. On the Internet or other network, a computer or program that responds to
commands from a client. For example, a file server may contain an archive of
data or program files; when a client submits a request for a file, the server
transfers a copy of the file to the client.
3. A network device that provides services to network users by managing shared
resources, often used in the context of a client-server architecture for a LAN.
T
TCP See Transmission Control Protocol
TCP/IP See Transmission Control Protocol/Internet Protocol
Telecommunication The Telecommunications Management Network is a protocol model defined by ITU-T
Management Network for managing open systems in a communications network.An architecture for
management, including planning, provisioning, installation, maintenance, operation
and administration of telecommunications equipment, networks and services.
Telnet Standard terminal emulation protocol in the TCP/IP protocol stack. Telnet is used for
remote terminal connection, enabling users to log in to remote systems and use
resources as if they were connected to a local system. Telnet is defined in RFC 854.
TFTP See Trivial File Transfer Protocol
Time zone A division of the earth's surface, usually extending across 15 degrees of longitude
devised such that the standard time is the time at a meridian at the centre of the zone.
timing task The system can create a timing task (such as backing up, loading and recovering a
management task), run a timing task automatically, and suspend or resume a timing task.
TMN See Telecommunication Management Network
Transmission Control One of the core protocols of the Internet protocol suite. Using TCP, applications on
Protocol networked hosts can create connections to one another, over which they can exchange
streams of data. TCP guarantees reliable and in-order delivery of data from the sender
to the receiver. TCP also distinguishes data for multiple connections by concurrent
applications running on the same host.
Transmission Control Common name for the suite of protocols developed to support the construction of
Protocol/Internet worldwide internetworks.
Protocol
Trivial File Transfer A small and simple alternative to FTP for transferring files. TFTP is intended for
Protocol applications that do not need complex interactions between the client and server.
TFTP restricts operations to simple file transfers and does not provide authentication.
TFTP is small enough to be contained in ROM to be used for bootstrapping diskless
machines.
U
UDP See User Datagram Protocol
UPS Uninterruptible Power Supply
User Datagram A TCP/IP standard protocol that allows an application program on one device to send
Protocol a datagram to an application program on another. User Datagram Protocol (UDP) uses
IP to deliver datagrams. UDP provides application programs with the unreliable
connectionless packet delivery service. Thus, UDP messages can be lost, duplicated,
delayed, or delivered out of order. UDP is used to try to transmit the data packet, that
is, the destination device does not actively confirm whether the correct data packet is
received.
V
VCS See Veritas Cluster Server
Veritas Cluster Server A High-availability cluster software, for Unix, Linux and Microsoft Windows
computer systems, created by Veritas Software. It provides application cluster
capabilities to systems running Databases, file sharing on a network, electronic
commerce websites or other applications.
Veritas Volume A software product from veritas Inc.. The Veritas Volume Manager is used to manage
Manager disk storage.
Veritas Volume A wide area network data replication solution offered by VERITAS for multiple
Replicator operating systems. These include. AIX, HPUX and Solaris .
Virtual Local Area A logical grouping of two or more nodes which are not necessarily on the same
Network physical network segment but which share the same IP network number. This is often
associated with switched Ethernet.
Virtual Router A protocol used for multicast or multicast LANs such as an Ethernet. A group of
Redundancy Protocol routers (including an active router and several backup routers) in a LAN is regarded as
a virtual router, which is called a backup group. The virtual router has its own IP
address. The host in the network communicates with other networks through this
virtual router. If the active router in the backup group fails, one of the backup routers
become the active one and provides routing service for the host in the network.
VLAN See Virtual Local Area Network
volume A logical unit for disk virtualization management, and basic object for host
applications.
VRRP See Virtual Router Redundancy Protocol
VVM See Veritas Volume Manager
W
WAN See Wide Area Network
wavelength division A technology that utilizes the characteristics of broad bandwidth and low attenuation
multiplexing of single mode optical fiber, uses multiple wavelengths as carriers, and allows
multiple channels to transmit simultaneously in a single fiber.
WDM See wavelength division multiplexing
Wide Area Network A network composed of computers which are far away from each other which are
physically connected through specific protocols. WAN covers a broad area, such as a
province, a state or even a country.
Wireless Local Area A generic term covering a multitude of technologies providing local area networking
Network via a radio link. Examples of WLAN technologies include WiFi (Wireless Fidelity),
802.11b and 802.11a, HiperLAN, Bluetooth, etc.
WLAN See Wireless Local Area Network
work station A terminal or microcomputer, usually one that is connected to a mainframe or to a
network, at which a user can perform applications.
WS See work station