Download as pdf or txt
Download as pdf or txt
You are on page 1of 328

Title page

1350 OMS | 9.6

1350 OMS Administration Guide, Vol 1: Common Tools and Processes
Issue 1 | March 2012
Legal notice

Legal notice

Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective

The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
Copyright © 2012 Alcatel-Lucent. All rights reserved.


Every effort was made to ensure that the information in this document was complete and accurate at the time of printing. However, information is subject to


Alcatel-Lucent provides a limited warranty for this product. For more information, consult your local Alcatel-Lucent customer support team.

Ordering information

The ordering number for this document is 8DG42227LAAA-Vol1. To order 1350 OMS information products, contact your local Alcatel-Lucent customer
support team.

Technical support

For technical support, contact your local customer service support team. You can reach them via the Web at the Alcatel-Lucent Customer Support web site
( or the customer support telephone number listed at the Alcatel-Lucent Contact Us web site (http://www.alcatel-

Information product support

For questions or concerns about this or any other Alcatel-Lucent information product, please contact us at one of the following numbers: (888) 727 3615 (for
the continental United States) · +1 (630) 713 5000 (for all countries).

About this document

Purpose .......................................................................................................................................................................................... xiii

Reason for reissue ...................................................................................................................................................................... xiii


Safety information ..................................................................................................................................................................... xiii


Intended audience ...................................................................................................................................................................... xiii


Conceptual and task content ................................................................................................................................................... xiv


Format of task content .............................................................................................................................................................. xiv


Typographical conventions used for content ..................................................................................................................... xv

Marking conventions used for content ................................................................................................................................ xv

Technical content ......................................................................................................................................................................... xv


Treatment of terms ..................................................................................................................................................................... xvi


Related documentation ............................................................................................................................................................. xvi


Document formats ................................................................................................................................................................... xviii


On-line help ............................................................................................................................................................................... xviii


Ordering information ............................................................................................................................................................. xviii


How to comment ..................................................................................................................................................................... xviii


1 Product and Administration Overview

Overview ...................................................................................................................................................................................... 1-1


1350 OMS Overview ............................................................................................................................................................... 1-2


1350 OMS Modules for System Resiliency and Northbound Communication ................................................. 1-6

ANTP ............................................................................................................................................................................................ 1-7


Common Security and Access .............................................................................................................................................. 1-8


1350 OMS iii
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

System Administrator Responsibilities ........................................................................................................................... 1-10

2 Applications and Their Instances

Overview ...................................................................................................................................................................................... 2-1


Instance Overview .................................................................................................................................................................... 2-2


Remove an Instance of an Application ............................................................................................................................. 2-4


Free System Resources Used by an Application Instance ......................................................................................... 2-6


3 Configurations

Overview ...................................................................................................................................................................................... 3-1


Configuration Preparation ..................................................................................................................................................... 3-2


1350 OMS EML IP Configuration ..................................................................................................................................... 3-3


Static Routing Configurations .............................................................................................................................................. 3-4


Routing Configurations for Client Applications ............................................................................................................ 3-7


Multi-LAN Configurations ................................................................................................................................................... 3-9


4 Node Name Management

Overview ...................................................................................................................................................................................... 4-1


Node Name Management Tool ............................................................................................................................................ 4-2


Establish a Group and Initialize Node Name Management Persistent Data ....................................................... 4-6

Add a New Member to the Group ...................................................................................................................................... 4-7


Add a New External Node to the Group ........................................................................................................................ 4-10


Remove a Member from a Group ..................................................................................................................................... 4-12


List the Database Contents of a Group Member Node ............................................................................................. 4-14


Align All Group Member Nodes to a Specified Member Node ............................................................................ 4-15

Align One Group Member Node to Another Group Member Node .................................................................... 4-16

Open Two Groups for Communication .......................................................................................................................... 4-17


Import Node Information Between Two Different Groups ..................................................................................... 4-19


Merge Nodes in Two Groups into One Group ............................................................................................................. 4-21


Change the IP Address of a Remote Node .................................................................................................................... 4-23


Change the IP Address of the Current/Local Node .................................................................................................... 4-26


iv 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

Change the Hostname of a Remote Node ...................................................................................................................... 4-29

Change the Hostname of the Current/Local Node ..................................................................................................... 4-32


Change the Subnetwork Mask ........................................................................................................................................... 4-35


Change the Gateway IP Address and Hostname ......................................................................................................... 4-36


Add a Server to the Current DNS Configuration ........................................................................................................ 4-38


Change a Server in the Current DNS Configuration ................................................................................................. 4-40


Remove a Server from the Current DNS Configuration .......................................................................................... 4-42


5 System Backup and Restore

Overview ...................................................................................................................................................................................... 5-1


Backup and Restore Overview ............................................................................................................................................. 5-2


scbackup Overview .................................................................................................................................................................. 5-3


Backup Strategies ..................................................................................................................................................................... 5-6


Backup Tape Sets ...................................................................................................................................................................... 5-8


Backup Restrictions and Requirements .......................................................................................................................... 5-10


Troubleshoot a Backup ......................................................................................................................................................... 5-11


Restore and screstore ............................................................................................................................................................ 5-13


Troubleshoot a Restore ......................................................................................................................................................... 5-15


Mirror Configurations ........................................................................................................................................................... 5-20


Run scdisk_read_check to Read and Check the Disk ............................................................................................. 5-21


Perform a Tape Check .......................................................................................................................................................... 5-23


Run scbackup for a Local Disk or an Application Instance Backup ................................................................... 5-24

Run scbackup Using a Disk Directory as the Supporting Output Media ........................................................... 5-29

Verify the Readability of the fbackup Tape .................................................................................................................. 5-33


Boot from the IRT .................................................................................................................................................................. 5-34


Run screstore to Restore Data from the fbackup Media .......................................................................................... 5-36

Run the scmirrorfs Tool to Set Up the Mirrored Configuration ............................................................................ 5-43

6 Mirror Disks

Overview ...................................................................................................................................................................................... 6-1


Mirrored Disk Overview ........................................................................................................................................................ 6-2

1350 OMS v
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

Install the Mirror Disk/UX .................................................................................................................................................... 6-4

Configure Disk Fault Protection with Mirror Disk/UX® .......................................................................................... 6-6


7 Network Depot

Overview ...................................................................................................................................................................................... 7-1


Network Depot Overview ...................................................................................................................................................... 7-2


Run scbuilddepot to Create or Update the Platform Software Depot .................................................................... 7-4

Add Software to the Platform Software Depot .............................................................................................................. 7-7


Create the Application Software Depot ............................................................................................................................ 7-8


Edit the .rhosts file to Authorize Access to the Application Software Depot ................................................... 7-10

8 General Operations

Overview ...................................................................................................................................................................................... 8-1


Restart the HP® Servers ......................................................................................................................................................... 8-2


Decompress a Compressed .gz File ................................................................................................................................... 8-5


Eject a CD-ROM ....................................................................................................................................................................... 8-6


9 Security

Overview ...................................................................................................................................................................................... 9-1


Security Overview .................................................................................................................................................................... 9-2


Security Banners ....................................................................................................................................................................... 9-5


Security Profiles ........................................................................................................................................................................ 9-7


Web Portal Macro Functions and Default User Profiles ............................................................................................ 9-9

PMC Management Macro Functions and Default User Profiles .......................................................................... 9-10

Session Management Macro Functions and Default User Profiles ...................................................................... 9-11

Alarm and FM Related Macro Functions and Default User Profiles .................................................................. 9-12

User Management Macro Functions and Default User Profiles ............................................................................ 9-14

SMF Macro Functions and Default User Profiles ...................................................................................................... 9-15


Audit and Log Files ............................................................................................................................................................... 9-18


Sample security.parms File ................................................................................................................................................. 9-22


System Security Parameters ............................................................................................................................................... 9-24


vi 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

Prepare to Set Up Security .................................................................................................................................................. 9-34

Set Up Security with Any Profile ..................................................................................................................................... 9-36


Change a Manufacturer's Default Passwords ............................................................................................................... 9-38


Verify and Kill Processes ..................................................................................................................................................... 9-40


Remove Security ..................................................................................................................................................................... 9-42


Troubleshoot and Fix Old Password Problems ........................................................................................................... 9-43


Troubleshoot and Fix /etc/passwd File Problems ....................................................................................................... 9-44


Authorize Access to the Depot Machine ........................................................................................................................ 9-45


10 HP® Printer Configurations

Overview ................................................................................................................................................................................... 10-1


Printer Configuration Overview ....................................................................................................................................... 10-2


Configure a Printer in the Local Spooler Queue ......................................................................................................... 10-3


Start the Spooler ..................................................................................................................................................................... 10-8


Configure a Printer Booting upon Booting from the Local System .................................................................... 10-9

11 Troubleshooting

Overview ................................................................................................................................................................................... 11-1


General Troubleshooting

Troubleshooting ...................................................................................................................................................................... 11-3


Ping a Node .............................................................................................................................................................................. 11-6


Activate the KDC Log .......................................................................................................................................................... 11-8


Deactivate the KDC Log ................................................................................................................................................... 11-10


System / Environment

Overview ................................................................................................................................................................................. 11-11


OS Percentage Usage .......................................................................................................................................................... 11-12


Manage Semaphores ........................................................................................................................................................... 11-13


Unlock the Login to the 1350 OMS .............................................................................................................................. 11-14


Add Nodes to the 1350 OMS Kerberos System Configuration .......................................................................... 11-15

1350 OMS vii
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

System Installation and Customization

Overview ................................................................................................................................................................................. 11-17


Troubleshoot 1350 OMS System License Problems ............................................................................................... 11-18


Remove the WDM Component from the 1350 OMS ............................................................................................. 11-20

Product Installation

Troubleshoot Product Installation Failures (no space/file busy) ........................................................................ 11-22


Upgrade the MW-OS Application .................................................................................................................................. 11-25


Configure and Test the Centralized User DB in a Distributed Environment ................................................. 11-27

Product Customization

Overview ................................................................................................................................................................................. 11-31


Customize a 1350 OMS Component while Other Components Are Running ............................................. 11-32

Perform a Manual Customization/De-customization (without using the Install Wizard) .......................... 11-34

Perform a Fast Customization of the MS-GUI Package ........................................................................................ 11-36


Customizing WDM to Exclude the Remote eOMS ................................................................................................. 11-38


System Applications Management

PMC2 Process Monitoring ............................................................................................................................................... 11-39


SAS, UDM, LDAP .............................................................................................................................................................. 11-42


Web Desktop Administration ........................................................................................................................................... 11-45


Cannot Connect to the Authentication Server ........................................................................................................... 11-55


Work Arounds for the MS-GUI ...................................................................................................................................... 11-57


Work Arounds for Database Management .................................................................................................................. 11-61


General Work Arounds for Application Problems ................................................................................................... 11-63


Work Arounds for File System Management ............................................................................................................. 11-65


NMA Basic Debug/Configuration Notes

Logging .................................................................................................................................................................................... 11-67


Configuration ......................................................................................................................................................................... 11-70


12 GSP and MP Configuration

Overview ................................................................................................................................................................................... 12-1


viii 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

GSP and MP Overview ........................................................................................................................................................ 12-2

Configure the GSP ................................................................................................................................................................. 12-3


Verify Access to the GSP LAN Console ...................................................................................................................... 12-11


Access to the GSP Console .............................................................................................................................................. 12-13


Configure the MP ................................................................................................................................................................. 12-15


13 File System Management

Overview ................................................................................................................................................................................... 13-1


File System Management Overview ............................................................................................................................... 13-2


File System Management Tools ........................................................................................................................................ 13-3


A List of Abbreviations

Abbreviations ............................................................................................................................................................................ A-1



1350 OMS ix
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012


x 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
List of tables

9-1 System Security Parameters ................................................................................................................................ 9-25

1350 OMS xi
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
List of tables


xii 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
About this document
About this document

This preface provides an overview of this information product (IP), which is the
Alcatel-Lucent 1350 OMS Administration Guide, Vol 1: Common Tools and Processes.
The purpose of the 1350 OMS Administration Guide, Vol 1: Common Tools and Processes
is to explain to system and network administrators how to administer and to maintain the
1350 OMS 9.6.

Reason for reissue

This document has been reissued on to support the 1350 OMS 9.6.

Safety information
This document does not contain any safety information (cautions or warnings) because
the 1350 OMS is a software product.
Important! When working with any hardware that is associated with any piece of
software, always refer to the safety information that the hardware manufacturer provides
for that particular piece of hardware. For example, when working with an HP® server,
refer to safety information that is provided in the HP® documentation for that server.
When working with any Alcatel-Lucent network element, refer to safety information that
is provided in the Alcatel-Lucent documentation for that particular NE.

Intended audience
The 1350 OMS Administration Guide, Vol 1: Common Tools and Processes is written
primarily for operations personnel who administer and maintain the 1350 OMS. This
document can be used by anyone who needs specific administration information about the
features, applications, and operations of the 1350 OMS. These people are you, its users.

1350 OMS xiii
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
About this document

Conceptual and task content
In the broadest sense, this document contains the following types of content:
• Conceptual content, which is background information, is given so users can better
understand the tasks that must be performed. The presentation of conceptual
information varies according to the topic being explained—sections, subsections,
tables, figures, and screen captures can be commonly found.
• Task content, which includes step-by-step instructions, is provided so users can
administer, provision, and maintain the system. The task information is typically
presented as series of tasks that follows the conceptual information.
The conceptual information complements and enhances the step-by-step instructions that
are found in each task. To optimize the use of the conceptual and task content, users
should consider the following:
• The conceptual information should be used to broaden your general knowledge of the
network management system. It is best if you read all conceptual information and
have a good understanding of the concepts being presented before undertaking the
step-by-step instructions given in any task.
• The conceptual and task portions of the document have extensive hyperlinks. Use
these links to toggle between the two types of information presented so you can
access all pertinent information related to particular concepts and tasks.
• The task information is based on a user needs analysis that has been performed for
each management system user job; therefore, use the task information to get the job at
hand done quickly and with minimal system impact.

Format of task content

Each task consists of sections that are called When to use, Related information, Before
you begin, and Task. The intent of these sections is self-explanatory—they explain when
you should use the task, any related information that you would need to know while doing
the task, and what you need to consider or do before you start the task.
When a task does not have any related information that must be considered before it is
started, the Related information section for that task states the following:
This task does not have any related information.
When a task does not have any conditions that must be considered before it is started, the
Before you begin section for that task states the following:
This task does not have any preconditions.
Each Task section consists of steps. The completion of all steps, which are sequentially
numbered, is required for the entire task to be completed successfully. In some instances,
a step might be prefaced with the wording Optional, which indicates that the step can be
skipped and the task can still be completed successfully. A task is considered to be
completed when all of its steps are completed and when the wording End of Steps

xiv 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
About this document

Many times, the management system affords users with multiple ways to accomplish the
same task. In these instances, this type of task gives the user several Methods of how to
accomplish the same set of steps successfully.

Typographical conventions used for content

This document uses the following typographical conventions:
• User input or path navigation on the administration and application GUIs is
identified with this type.
• User input in the UNIX® environment is identified with this
• System output in the UNIX® environment is identified with
this type..
• GUI fields/parameters and their options are identified with this type.
• Document titles or words that are being defined or emphasized are identified with this

Marking conventions used for content

The following convention is used to indicate a path, which is a flow of buttons and/or
menu items that you must navigated through to arrive at a destination on the GUI:
Actions > EML > Create NE
This same convention is also used to show a path through a series of menu items, for
Click the filtering tool and select Node > Node Type.
All mouse selections are presumed to be left clicks. Right click mouse selections are
indicated as the following:
Right click the highlighted item and follow the path: Search > Clients.
Or, if brevity is needed, the same path could be documented as:
RClick item > Search > Clients.
Occasionally, a set of 1350 OMS features is not supported for all NEs or for all operating
components and/or environments. This set of features is clearly marked to show these

Technical content
In general, the technical content in this document is augmented by technical content that
is provided in other documents in this documentation set and/or in the document set of the
particular network element (NE ) or piece of hardware in the network configuration. It is
the user's responsibility to read all pertinent material in all documentation sets in order to
understand a particular concept or procedure and/or to implement the procedure in his or
her working environment.

1350 OMS xv
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
About this document

This document contains information on the complete line of NEs that the 1350 OMS
supports. Each release of the 1350 OMS and its applications supports certain NEs within
the Alcatel-Lucent family of optical NEs. Mention of NEs or specific NE features in the
text of this document, or any document in the 1350 OMS documentation set, that are not
supported in this particular product release can apply to prior or future product releases.
Such material may not be currently visible or operable on the GUI and/or the server and
has been added only as a convenience for our customers. This material is subject to
change. For a list of NEs that are supported in the 1350 OMS 9.6, contact your
Alcatel-Lucent local customer service support team.
This document, or any document in the 1350 OMS documentation set, may contain
information that is related to features, service packs (SPs), maintenance releases, or other
updates that our product and its applications supported in prior releases or is to support in
the near future. This material may not be visible or operable on the supported servers
and/or GUI, and has been added only as a convenience for our customers. This material is
subject to change. For a list of all supported features for a particular release, contact your
Alcatel-Lucent local customer service support team.

Treatment of terms
A term that is presented in the text of this document, along with any used abbreviation for
the term, is typically defined where the term is initially introduced.
Many of the more generic terms that are defined in this document, along with the terms
that are defined in other documents in this documentation set, are also defined in the
Glossary, which is part of the 1350 OMS Getting Started Guide. We encourage our users
to rely on the Glossary for a comprehensive set of terms and any abbreviations of the

Related documentation
The following documents are related to the 1350 OMS Administration Guide, Vol 1:
Common Tools and Processes, 9.6:
1. The 1350 OMS Installation Guide (8DG42227MAAA) explains how to perform the
installation of the 1350 OMS and its components.
2. The 1350 OMS Getting Started Guide (8DG42227AAAA) explains the look-and-feel
of the 1350 OMS user and administration GUIs to new users. This document contains
a complete explanation of the 1350 OMS information product set and a glossary of
terms that is applicable to the documentation set.
3. The 1350 OMS Administration Guide (8DG42227LAAA) explains how to use the
tools and the administration GUIs to administer and maintain the element
management layer, network management layer, and service management layer of the
1350 OMS.

xvi 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
About this document

This document consists of the following volumes:
• The 1350 OMS Administration Guide, Vol 1: Common Tools and Processes
(8DG42227LAAA-Vol1) explains how to administer and maintain the common
tools and processes that are associated with the 1350 OMS.

The 1350 OMS Administration Guide, Vol 2: Common GUI Functions
(8DG42227LAAA-Vol2) explains how to administer and maintain the common
administration GUIs that are associated with the 1350 OMS.
4. The 1350 OMS EML Guide (8DG42227BAAA) explains how to administer and
provision the 1350 OMS EML application of the 1350 OMS, which is the element
management layer of the 1350 OMS.
5. The 1350 OMS PKT Guide (8DG42227DAAA) explains how to administer and
provision the Packet (PKT) application of the 1350 OMS that provides Ethernet
network management layer support.
6. The 1350 OMS SDH Guide (8DG42227CAAA) explains how to administer and
provision the Synchronous Digital Hierarchy (SDH) network management layer of the
1350 OMS.
7. The 1350 OMS WDM Guide (8DG42227QAAA) explains how to administer and
provision the 1350 OMS WDM, which provides the Wavelength Division
Multiplexing (WDM) and Dense Wavelength Division Multiplexing (DWDM)
network management layer for the 1350 OMS.
8. The 1350 OMS Service Assurance Guide (8DG42227FAAA) explains alarm
management and performance monitoring for the 1350 OMS.
9. 1350 OMS CLI Reference (8DG42227KAAA) provides detailed reference material on
the Command Line Interface for the advanced user of the 1350 OMS.
10. The 1350 OMS eOMS Guide explains how to administer and provision the eOMS.
The document consists of the following volumes:
• The 1350 OMS eOMS Guide, Vol 1: Getting Started (8DG42227RAAA-Vol1)
explains the look-and-feel of the1350 OMS eOMS GUI. In addition, this
document contains a glossary of terms for the 1350 OMS eOMS set of documents.
• The 1350 OMS eOMS Guide, Vol 2: Administration (8DG42227RAAA-Vol2)
explains how to administer the 1350 OMS eOMS.
• The 1350 OMS eOMS Guide, Vol 3: Network Element Management
(8DG42227RAAA-Vol3) explains how to use the 1350 OMS eOMS to provision
and manage network elements.
• The 1350 OMS eOMS Guide, Vol 4: Connection Management (8DG42227RAAA-
Vol4) explains how to provision and manage connections in the 1350 OMS eOMS
environment of the 1350 OMS.
• The 1350 OMS eOMS Guide, Vol 5: Ethernet Management (8DG42227RAAA-
Vol5) explains how to use the Ethernet Management feature to provision and
manage Ethernet connections in the 1350 OMS eOMS environment of the 1350
• The 1350 OMS eOMS Guide, Vol 6: Service Assurance (8DG42227RAAA-Vol6)
explains how to manage and interpret fault and performance monitoring
information that is collected from the 1350 OMS eOMS environment of the 1350
1350 OMS xvii
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
About this document

The 1350 OMS 9.6 also supports modules for system resiliency and northbound
communication. These modules are explained in the following documents:
• The 1350 OMS HA Guide (8DG42227GAAA) explains how to install, administer, and
use the High Availability feature.
• The 1350 OMS OI Guide (8DG42227HAAA) explains how to install, administer, and
use the Open Interfaces that are supported for the 1350 OMS.
In addition, the 1350 OMS 9.6 also supports migration activities with related
documentation. Contact your Alcatel-Lucent local customer service support team for
additional details.

Document formats
This document is available for use in HTML format and PDF.
The on-line HTML version of the document has a search capability, a table of contents in
the front matter of the document, a partial table of contents in each chapter, and an index.
The PDF version can be viewed on-line; or it, or portions of it, can be printed locally at
the user's discretion.

On-line help
The 1350 OMS help systems are designed to consider the task that the user is performing
and to help the user complete the task.
Contact sensitive help, which defines many GUI fields, is available; and other types of
help can be accessed from the GUI menu.

Ordering information
The entire document set that supports the Alcatel-Lucent 1350 OMS 9.6 release can be
ordered on CD-ROM. The ordering number for this CD-ROM is 8DG42228AAAA. The
ordering number for this particular document is 8DG42227LAAA-Vol1. Contact your
local Alcatel-Lucent local customer service support team for details.
In addition, to order the 1350 OMS and/or any of its applications, add-on features or
upgrades, contact your local Alcatel-Lucent local customer service support team.

How to comment
To comment on this document, go to the Online Comment Form (http://infodoc.alcatel- or e-mail your comments to the Comments Hotline

xviii 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
1 1roduct and
Administration Overview

This chapter provides an overview of the 1350 OMS and the system administration
functions provided to maintain the 1350 OMS applications.


1350 OMS Overview 1-2

1350 OMS Modules for System Resiliency and Northbound Communication 1-6
ANTP 1-7
Common Security and Access 1-8
System Administrator Responsibilities 1-10

1350 OMS 1-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Product and Administration Overview 1350 OMS Overview


1350 OMS Overview

1350 OMS and its supported management layers
The 1350 OMS is a network management system that supports several management
layers that can accommodate and grow with a customer's optical network.
The Element Management Layer, or EML, provides the functionality that is needed to
access any Alcatel-Lucent supported network elements (NEs) that are deployed in a
customer network. The EML provides a single access point for communication with an
The Network Management Layer, or NML, provides the functionality that is needed to
commission, provision, and supervise the network that is deployed in a customer premise.
The Service Management Layer, or SML, provides the functionality that is needed to
commission, provision, and supervise a Virtual Private Network (VPN) that an
Alcatel-Lucent customer deploys to its end users or to its customers.

1350 OMS and its applications

The 1350 OMS is the Alcatel-Lucent converged and unified network management
system. It manages the complete portfolio of Alcatel-Lucent's active network elements
(NEs) and it maintains the complete portfolio of Alcatel-Lucent's legacy NEs.
The 1350 OMS consists of the following set of integrated, licensed applications:
• “1350 OMS EML” (p. 1-2)
• “1350 OMS PKT” (p. 1-3)
• “1350 OMS SDH” (p. 1-3)
• “1350 OMS WDM” (p. 1-3)
Refer to the 1350 OMS Getting Started Guide for a more detailed system description.

1350 OMS EML

The 1350 OMS EML application provides element level management (EML) capabilities
for both Alcatel-Lucent ANSI and ETSI NEs. Its set of protocol adapters supports basic
NE functions such as NE MIB backup/restore and software downloads. Because the 1350
OMS provides all of the element layer functions that are required to manage the deployed
network, it requires the 1350 OMS EML application and/or the 1350 OMS eOMS legacy
management system to also be deployed. (See “Legacy management and NE support”
(p. 1-4).)
Refer to the following documents and contact your Alcatel-Lucent local customer service
support team for additional details:
• 1350 OMS EML Guide
• 1350 OMS Service Assurance Guide

1-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Product and Administration Overview 1350 OMS Overview

1350 OMS PKT
The 1350 OMS PKT application provides Ethernet network management layer support
along with provisioning, alarm correlation, and historical PM data services. Ethernet
services include Multi-Protocol Label Switching (MPLS), Transport-Multi-Protocol Label
Switching (T-MPLS), bridging, connection-oriented traffic, and packet rings.
Refer to the following documents and contact your Alcatel-Lucent local customer service
support team for additional details:
• 1350 OMS PKT Guide
• 1350 OMS Service Assurance Guide

1350 OMS SDH

The 1350 OMS SDH application provides the Synchronous Digital Hierarchy (SDH)
network management layer along with provisioning, alarm correlation, and PM
correlation capabilities. The 1350 OMS SDH functions as a client for the 1350 OMS
WDM application and as a server for the 1350 OMS PKT application.
Refer to the following documents and contact your Alcatel-Lucent local customer service
support team for additional details:
• 1350 OMS SDH
• 1350 OMS CLI Reference
• 1350 OMS Service Assurance Guide
For 1350 OMS support of SDH in a legacy system, refer to “Legacy management and NE
support” (p. 1-4) for details.

1350 OMS WDM

The 1350 OMS WDM application provides Wavelength Division Multiplexing (WDM)
and Dense Wavelength Division Multiplexing (DWDM) support along with provisioning,
alarm correlation, and historical PM correlation capabilities.
Refer to the following documents and contact your Alcatel-Lucent local customer service
support team for additional details:
• 1350 OMS WDM Guide
• 1350 OMS Service Assurance Guide
For 1350 OMS support of WDM and DWDM in a legacy system, refer to “Legacy
management and NE support” (p. 1-4) for details.

1350 OMS software and the Web

1350 OMS is run through an Internet browser-based Graphical User Interface (GUI). It
supports the standard web features that a browser offers, such as bookmarks, back,
forward, reload, and print.

1350 OMS 1-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Product and Administration Overview 1350 OMS Overview

The Web Desktop is the available mechanism that both system administrators and users
can use to access the 1350 OMS GUI. It provides a central access point from which both
system administrators and users are authenticated and from which they can navigate to
the Web Portal to access the 1350 OMS applications.
The Web Portal is a Java application that is started when the administrator or user logs in
from the Web Desktop. The Web Portal provides the administrator with a view of all 1350
OMS applications and manages GUI navigation between the subsystem components. The
Web Portal also provides various methods of navigation—such as menus, icons, and a left
tree navigation area—between applications and tools.
From the 1350 OMS Web Portal, administrators can set up each application and its users,
and users can access the network and element level applications that enable the family of
Alcatel-Lucent NEs to be provisioned.
Refer to the 1350 OMS Getting Started Guide for a more detailed description of the look
and feel of the software and for a glossary of terms and acronym list.

Legacy management and NE support

Through its Web Portal, the 1350 OMS provides users with the ease of accessing and
using the familiar embedded Optical Management System (eOMS) to provision the NEs
that are managed through the 1350 OMS eOMS and the NEs that are managed through an
XML-over-socket (XoS) interface (such as TNA, CNA, or ITM-SC).
Refer to the following documents for additional information on the 1350 OMS eOMS:
• 1350 OMS eOMS Guide, Vol 1: Getting Started
• 1350 OMS eOMS Guide, Vol 2: Administration
• 1350 OMS eOMS Guide, Vol 3: Network Element Management
• 1350 OMS eOMS Guide, Vol 4: Connection Management
• 1350 OMS eOMS Guide, Vol 5: Ethernet Management
• 1350 OMS eOMS Guide, Vol 6: Service Assurance
Because the 1350 OMS provides all of the element layer functions that are required to
manage the deployed network, it requires the 1350 OMS EML application and/or the
1350 OMS eOMS legacy management system to also be deployed. (See “1350 OMS
EML” (p. 1-2).)

1350 OMS supported NEs

The 1350 OMS supports the Alcatel-Lucent family of optical network elements (NEs). To
accommodate the world of optical transmission standards, these NEs operate using
different transport structures and they support different native command languages.
Contact your local customer support team for a list of NEs that are supported by the 1350
OMS and its particular applications.
Important! Each release of the 1350 OMS and its applications supports certain NEs
within the Alcatel-Lucent family of optical NEs. Mention of NEs or specific NE features
in the text of this document, or any document in the 1350 OMS documentation set, that
1-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Product and Administration Overview 1350 OMS Overview

are not supported in this particular product release can apply to prior or future product
releases. Such material may not be currently visible or operable on the GUI and/or the
server and has been added only as a convenience for our customers. This material is
subject to change. For a list of NEs that are supported in the 1350 OMS 9.6, contact your
Alcatel-Lucent local customer service support team.

1350 OMS 1-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Product and Administration Overview 1350 OMS Modules for System Resiliency and Northbound

1350 OMS Modules for System Resiliency and Northbound

1350 OMS HA
The 1350 OMS supports High Availability (HA) as an added value module, which is
referred to as the 1350 OMS HA. The 1350 OMS HA software package is installed on top
of an already installed and configured NML and EML platform and independently of any
other application such as the 1350 OMS SDH, 1350 OMS PKT, or 1350 OMS WDM or
any element manager such as the 1350 OMS EML or 1350 OMS eOMS.
As its name suggests, the 1350 OMS HA provides high availability to these applications
whose main task is to manage transport networks. It protects the 1350 OMS applications
and its HP® server platform against hardware and software failures that could be caused
by system failures (such as the failure of the system power supply or a system
component), a site failure (such as a natural disaster or fire), a backplane failure, a
processor failure, or any unplanned outage.
The 1350 OMS HA is explained in detail in the 1350 OMS HA Guide
(8DG42227GAAA). This document includes installation, administration, and user
information for the 1350 OMS High Availability (HA) feature.
Contact your Alcatel-Lucent local customer service support team for additional details.

1350 OMS OI
The 1350 OMS OI software package is installed on top of an already installed and
configured MW-INT platform and independently of any other application such as the
1350 OMS SDH, 1350 OMS PKT, or 1350 OMS WDM any element manager such as the
1350 OMS EML or 1350 OMS eOMS.
The 1350 OMS OI enables the 1350 OMS applications to export or import data to
multiple external operation systems (OSs). The 1350 OMS OI is a flexible, powerful, and
effective set of generic OS-to-OS interfaces (GENOS) that allow an external OS to
synchronize alarms, performance monitoring, network inventory, and remote inventory
data with any of the 1350 OMS applications.
The 1350 OMS OI is explained in detail in the 1350 OMS OI Guide (8DG42227HAAA).
This document includes installation, administration, and user information for the Open
Interfaces (OIs) that are supported for the 1350 OMS.
Contact your Alcatel-Lucent local customer service support team for additional details.

1-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Product and Administration Overview ANTP


ANTP Overview
ANTP is an Alcatel-Lucent proprietary network time protocol (NTP) that enables a
precise, real-time clock alignment between the NEs and a reference clock source, such as
an ANTP server. ANTP is based on an algorithm that NTP implements and uses in the
UNIX® environment.
While NTP functions in TCP/IP environment, ANTP protocol is based on OSI layer 3
(Connectionless Network Protocol, or CLNP) communication services. To synchronize
the NE and the reference source, modifications in the interface and packet format of
standard NTP product enable it to be plugged on top of CLNP.
ANTP is based on a client-server paradigm. The NE functions as the client, while the
ANTP server is typically located on the network manager. The client (the NE)
periodically queries the server to discover the current time and date on the server. This
periodic query enables round trips delays and average statistical values to be calculated
for the best real-time alignment of the client (the NE) and server.

ANTP and RTC distributed system architecture

To guarantee the alignment of the operations systems (OSs) and the NE clocks, ANTP
must keep the NEs synchronized with the reference clock servers, independent of the
reference source; therefore, the network must be synchronized internally and externally.
For example, ANTP gets its clock speed from a UNIX®-based workstation and
distributes the clock speed to the NEs. The native NTP protocol then gets the real-time
clock (RTC) speed from an external device, such as a global positioning satellite (GPS),
and distributes the clock speed to the OSs. The clock is then distributed by one
workstation (likely the OS itself) to the NEs using ANTP protocol.
To guard against DCN or workstation failures, two ANTP servers exist in the
management network. One ATNP server has a higher priority than the other ANTP server.
If one server fails, the NE automatically refers to the other. Only a double ANTP server
failure, or a failure in the related DCN, would force the NEs to function in RTC
free-running clock-mode. In general, the two ANTP servers do not have to be co-located.

1350 OMS 1-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Product and Administration Overview Common Security and Access


Common Security and Access

Platform security
The 1350 OMS affords secure configuration modes that run on existing certified/validated
hardware and software without any, or with acceptable levels of, performance
The hardware vendor of choice guarantees that the platform has built-in protection
mechanisms that avoid security circumvention during setup, re-configuration, start-up,
boot time, or system shut down prior to any applications being operational. The system
hardware configuration is designed to use redundant components such as disks, CPUs,
and memory to ensure data integrity if a system failure should occur.

Operating system security for logins

The operating system requires a non-blank (not null) user ID for successful user login into
the 1350 OMS platform and any default identifiers (user IDs and/or passwords) must be
disabled, including default system users.
Important! Both operating system users and administrators do not have any rights that
are automatically granted or defaulted to them at the application level.

Operating system security restrictions of commands and protocols

The operating system restricts the following:
• The number of ports and services that the application uses.
• The default or purposeful activation of certain UNIX/Linux commands (such as
rlogin, rsh, whois, traceroute, ...) and protocols (such as TFPT, ...).

Operating system and third party software maintenance

Operating system patches for UNIX, Linux, or Windows that are classified as an
emergency or an urgent/recommended patch are evaluated, certified, and validated to
determine the impact, if any, to the 1350 OMS. Contact your Alcatel-Lucent local
customer service support team for details.

Third party application security restrictions

The 1350 OMS restricts the number of ports and services that the third party application
(including databases such as Oracle) uses.
All third party applications must restrict the use of non-blank (not null) user passwords
for platform access. In addition, scripts for third part applications prohibit the use of
passwords in clear text. Any default passwords are changed to customer specific
passwords during installation.

1-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Product and Administration Overview Common Security and Access

System-wide OA&M security
The 1350 OMS affords a single backup and restore capability for all data domains that are
associated with the core applications. In addition, the system supports a central start/stop
of the entire platform, one embedded component, or one process group.
For Disaster Recovery configurations, a system backup facility is available if the security
of a system has been compromised and recovery to a secure state is needed.

Terminal servers, workstations, and client desktop PCs

User desktop PCs are vulnerable components of a network management solution. Even if
dedicated desktops are used, the use of shared corporate PCs as network management
client desktops has become a clear trend. Often, these shared corporate PCs run other
applications and have direct Internet access; consequently, these machines can be attacked
directly, infected with malware, or used as jumping-off points to attack an organization’s
internal network.
To combat the vulnerability of Microsoft products, the 1350 OMS supports both the
Internet Explorer and the Mozilla Firefox browsers.
To separate the PC (the access zone) from the web server (the session zone), the 1350
OMS supports the use of its GUI over Windows, GUI servers (such as GoGlobal),
Workstations, or Citrix terminal servers.
To determine entire system configuration, all software, including 1350 OMS, third party
software, client software, plug-ins, and patches, should be accounted for.
The 1350 OMS supports a Windows terminal server and up to 15 client sessions per
server. The client sessions can originate from HP-UX and/or Windows PC client

1350 OMS 1-9
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Product and Administration Overview System Administrator Responsibilities


System Administrator Responsibilities

The system administrator of the 1350 OMS is responsible for the initial and day-to-day
administration of the 1350 OMS system and its applications and add-on features.
The system administrator must be knowledgeable of the HP® servers and the HP-UX
operating system, which are the platform of the 1350 OMS. The system administrator
must have a working knowledge of UNIX® commands, MS Windows®-based PCs, web
browsers, and network data communications.
Most importantly, the system administrator must be familiar with the documentation that
is provided with each hardware and software component of the 1350 OMS and its
applications and add-on features.

Application management
The system administrator is responsible for managing the 1350 OMS and its applications
and keeping the HP-UX OS up and running, which includes the following:
• Process monitoring and configuration
• Logs management
• Trace management
• Backup and restore operations
• NE maintenance including software downloads and saving TPs
• Reconfigurations (stack and processes)

Preventative Maintenance
The system administrator is responsible for preventative maintenance of the 1350 OMS
and its applications, which includes the following:
• Minimize the consequences of hardware and software failures
• Avoid full file systems

Corrective Maintenance
The system administrator is responsible for corrective maintenance of the 1350 OMS and
its applications, which includes the following:
• Power supplies
• Full file systems
• Hardware failures (disk crashes, SCSI errors)
• Software failures (UNIX® operating system, application bugs)

1-10 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
2 2 pplications and Their

This chapter provides the administrator with the conceptual information and the
associated tasks that pertain to the instances of a particular 1350 OMS application.


Instance Overview 2-2

Remove an Instance of an Application 2-4
Free System Resources Used by an Application Instance 2-6

1350 OMS 2-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Applications and Their Instances Instance Overview


Instance Overview
Instance definition
The 1350 OMS supports the 1350 OMS PKT, 1350 OMS SDH, and 1350 OMS WDM
applications, along with the 1350 OMS eOMS and 1350 OMS EML element level
management systems (EMLs). Each single running occurrence of any of these
applications or EMLs that is installed and customized in the 1350 OMS management
system is referred to as an instance on HP-UX co-hosting environment or as a virtual
machine on an HP-UX co-hosting environment or as a virtual machine on a Red Hat
Enterprise Linux environment.
The MW-INT, which is the Middleware Interface, manages each application or EML

Instance on an HP-UX server

On an HP-UX server, multiple applications can run together sharing the same operating
system. Each occurrence of an application is called instance. Multiple instances of an
application mean that the application has been loaded several times.

Instance naming
In the 1350 OMS, an instance name for an application has this format:
Application is the supported 1350 OMS application, which can be the 1350 OMS PKT,
1350 OMS SDH, or 1350 OMS WDM applications or the 1350 OMS eOMS or 1350
Examples of instance names could be the following:

Instance customization and decustomization

The 1350 OMS allows the addition of and the removal of application instances on an
existing server. Each new application instance must be customized before it can be
configured and used. When the application instance is removed from the 1350 OMS, it
must be removed from MW_INT control via decustomization, which involves invoking
the Decustom tool.

2-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Applications and Their Instances Instance Overview

Types of instances
The 1350 OMS supports the following types of instances:
• A Master instance is that instance of an application that supplies all data concerning
that application.
• A Client instance is that instance of an application that is requesting all data
concerning the application from the master instance.
When configuring a 1350 OMS application, that configuration must be created only on
Master instances. The configuration is not required on client instances.

Related tasks
The following tasks are related to instances:
• “Remove an Instance of an Application” (p. 2-4)
• “Free System Resources Used by an Application Instance” (p. 2-6)
To install an instance of an application, refer to the 1350 OMS Installation Guide.

1350 OMS 2-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Applications and Their Instances Remove an Instance of an Application


Remove an Instance of an Application

When to use
Use this task to remove an instance of an application.

Related information
See the following topic in this document:
• “Instance Overview” (p. 2-2)
For details about how to install an instance of an application, refer to the 1350 OMS
Installation Guide.

Before you begin

When an application instance is being removed from the 1350 OMS is said to be

Complete the following steps to remove the instance of an application.

1 From the Web portal, follow this path to stop the application by selecting the name of the
application instance.
Actions > Stop > Selected item
Result: The application instance is stopped.

2 Log out from application or the 1350 OMS (alcatel) account.


3 Log in as root.

4 Enter the following command line to remove/decustomize the instance from the
…,root> /alcatel/Kernel/script/Decustom <Application_Instance>
/alcatel/Kernel/script/Decustom PKT 1-9.6
The MW-INT no longer manages this instance of the 1350 OMS PKT named PKT 1-9.6.

5 Enter the following command lines to remove all files that are associated with the
application instance:
…,root> cd /usr/Systems [Enter]
2-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Applications and Their Instances Remove an Instance of an Application

…,root> rm -Rf <Application_Instance>/* [Enter]
…,root> rm -f /alcatel/BackupArea/<Application_Instance> [Enter]
…,root> rm -f /alcatel/MirrorArea/<Application_Instance> [Enter]

6 Enter the following command lines to kill any and all process that belong to the
application or the 1350 OMS (alcatel) user:
…,root> ps -efa | grep <application user> [Enter]
Enter the following command to kill all process numbers that the previous command
…,root> kill -<process number> [Enter]
…,root> ps -efa | grep alcatel [Enter]
Carefully identify those processes that belong to the particular application that is to be
removed. Enter the following command to kill all process numbers that the previous
command listed:
…,root> kill -<process number> [Enter]

7 If a new release of the application is to be installed, all current packages for the release
must be removed.
First, enter the following command lines to remove the remaining directories for NMS,
NMA, and NMC:
…,root> cd /alcatel/<release number>/NMS [Enter]
…,root> rm -rf <application> [Enter]
…,root> cd /alcatel/<release>/NMA [Enter]
…,root> rm -rf <application>*/ <release> [Enter]
On the master workstation only, enter the following commands:
…,root> cd /alcatel/<release>/NMC [Enter]
…,root> rm -rf TAO_INT/<release> [Enter]

1350 OMS 2-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Applications and Their Instances Free System Resources Used by an Application Instance


Free System Resources Used by an Application Instance

When to use
Use this task to free the system resources that an instance of application uses.

Related information
See the following topic in this document:
• “Instance Overview” (p. 2-2)
For details about how to install an instance of an application, refer to the 1350 OMS
Installation Guide.

Before you begin

Use this task only to free system resources such as a logical volume and disk space, swap
space, and the UNIX® kernel configuration.

Complete the following steps to free the system resources application instance uses.

1 Log in as root user.

…,root # /SCINSTALL/bin/scmanageswp [Enter]
Result: The SWP (Software Package) main menu outputs its main menu, which is
similar to the following:

---------------- SWP MAIN MENU ----------------

1 - Predispose new SWP
2 - View predisposed SWP
3 - Remove SWP
4 - Create new SWP INSTANCE
5 - View created SWP INSTANCE
a - apply
e - Exit
Insert choice and press [Enter]:

2 Select 6 and press Enter.

Result: The SWP outputs a display that is similar to the following:

---- --------------- ----------- --------------- --------------------
1 <App Name> <Release> 1 <Application>_IM_Medium
Enter 'q' to Quit, 'd' to Display again or the Item Number :

2-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Applications and Their Instances Free System Resources Used by an Application Instance


3 Select the number of the particular application instance to be removed and press Enter.
<application instance number> [Enter]
Result: The SWP outputs a display that is similar to the following:

Selected INSTANCE is candidate to be removed from system:

<application instance> <number selected>
Please confirm your selection ? (y/n)

4 If the number that represents the application instance to be removed is correct, enter y for
yes and press Enter.
y [Enter]
Result: The SWP outputs a display that is similar to the following:

Remove planned for INSTANCE: <Application_Instance>

Press [Enter] to continue.
=>>> WARNING: No more INSTANCE are configured on this system.
Press [Enter] to continue.

5 Press Enter.
Press Enter again.
[Enter] [Enter]
Result: The SWP main menu outputs its main menu again.

6 Select a to Apply:
a [Enter]
Result: The SWP begins the removal. As the logical file system is modified, the
workstation reboots.

1350 OMS 2-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Applications and Their Instances Free System Resources Used by an Application Instance


2-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
3 Configurations

This chapter provides the administrator with the conceptual information and the
associated tasks that pertain to the configuration of the overall 1350 OMS.


Configuration Preparation 3-2

1350 OMS EML IP Configuration 3-3
Static Routing Configurations 3-4
Routing Configurations for Client Applications 3-7
Multi-LAN Configurations 3-9

1350 OMS 3-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Configurations Configuration Preparation


Configuration Preparation
Configuration process
The installed TMN system applications must be configured to run properly; and to run
properly, the following must be created:
• Configuration files
• Databases
The configuration must be created only on master systems. The configuration is not
required on client systems.

1350 OMS EML Configuration

Before starting the configuration of any 1350 OMS EML instance, you must configure all
LAN interfaces that are planned to be used by Retix Stack using the HP® System
Management Homepage (SMH) application. For each LAN interface (including lan0),
you must define an alias name for the SUPERVISION_AREA during the configuration. This
information is used to define the relationship between the Retix Stack and the LAN
Important! The alias name of the interface must be different from the hostname. The
suggested name is the following:
osilan <LAN number>
<LAN number> is the LAN logical number, which allows the LAN card to be readily
identified with Retix Stack configured.
When the LAN interfaces have been configured with the SMH application, you must
remove the unnecessary reference to the hostname added by SMH into the /etc/hosts
(excluding lan0) for a new IP Address definition line.
If you configure the lan1 of host_xx to the address with alias osilan1,
SMH adds the following new line in the /etc/hosts file: host_xx osilan1
You have to change this line by removing the reference to host_xx. It should resemble the
following: osilan1
Save the modified /etc/hosts file.

Master and client integration

If any application client instances exist and the 1350 OMS SDH is not installed, the 1350
OMS EML clients must be integrated with their master. Refer to the for details.

3-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Configurations 1350 OMS EML IP Configuration


1350 OMS EML IP Configuration

IP routing configuration
To guarantee the functioning of the 1350 OMS EML, the internet protocol (IP) routing
must be correctly configured on the following:
• The Industry Standard Architecture (ISA) boards on ADMs.
• Any external client application (for example: USM).

IP routing for the ISA board

With dynamic routing, you can guarantee the service if a single failure occurs. To reach
the ISA boards from the Element manager and USM, the IP routing must be configured
correctly. Since the ISA boards are always in a different subnetwork, a configuration file
must be used to specify how the destination is to be reached.
The configuration file depends on the type of routing to be used.
The different types of routing are the following:
• Static routing
Static routing does not have any impact on the TCP/IP networking; but, if the gateway
goes down, the destinations are unreachable.
• Dynamic routing
With dynamic routing, you can guarantee the service if a single failure occurs.
Important! With both routing methods, the network mask (netmask) must be the same
for all interfaces that belong to the same subnetwork.
If different values of the netmask are set on the interfaces, communication is not
guaranteed and dynamic routing cannot operate.

1350 OMS 3-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Configurations Static Routing Configurations


Static Routing Configurations

Static Routing Configuration Example for the ISA Board
To enable the communication between 1350 OMS EML systems and the ISA boards with
static routing, administrators must use the route command to declare the network where
the ISA boards are located and the relationship with the gateway.
For configuring static routing, the following format of the route command is used:
...,sys,root # route add net <network> netmask <mask> <gateway> 1 [Enter]
network is the IP network address (logical AND IP address of node and netmask) to
which the ISA board IP belongs. For example: an ISA with IP address and
netmask belongs to the network
mask is the bit setting. If the bit is set to 1, it identifies the part of the address that is
related to the network. If the bit is set to 0, it identifies the host in the address.
gateway is the IP address of the router or ADM GNE that allows access to the destination
ISA board.
When the right configuration is reached, add following lines to the
/etc/rc.config.d/netconf file so the information is saved after a system reboot:
..,sys,root # vi /etc/rc.config.d/netconf [Enter]
Type G and insert the following lines:

ROUTE_DESTINATION [<x>]=”net <network>”

ROUTE_MASK [<x>]=<netmask>
ROUTE_GATEWAY [<x>]=<gateway>
ROUTE_ARGS [<x>]=”“
<x> is the last defined ROUTE_DESTINATION number plus 1 or 0 (zero) if a route
destination is not yet defined.
<mask> is the bit setting. If the bit is set to 1, it identifies the part of address related to the
network. If the bit is set to 0, it identifies the host in the address.
<network> is the IP network address (logical AND IP address of node and netmask) to
which the ISA board IP belongs.
<gateway> is the IP address of the router or ADM GNE that allows access to the
destination ISA board.
Save and exit the file by typing x! and press the Enter key.
Important! Remember to add a new routing destination to the routing table for each
new network defined for the ISA board. (Edit the /etc/rc.config.d/netconf file.)

3-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Configurations Static Routing Configurations

Static Routing Configuration Example on the Master Workstation
To configure the 1350 OMS EML master system (Lan0, IP address = and Lan1,
IP address = to reach the ISA board (IP address =, the gateway to
reach the network where the ISA board is located must be defined. Using example
addresses, the ISA board can be reached from a Gateway Network Element (GNE), which
means that the IP address of the GNE is used as the gateway. (Note that in other
configurations, the gateway can be a router.) The ISA board network can be identified by
executing the logical AND between the IP address of the board, which is and
its netmask:

IP address =
Logical AND'd
Netmask =
network =
The configuration is created by defining a GNE IP address ( as a gateway to
reach the ISA board (IP address =, with following command:
..,sys,root # route add network netmask 1 [Enter]
Check network connectivity by executing the ping command from the 1350 OMS EML
master system to the ISA board (IP address =
..,sys,root # ping 64 10 [Enter]
Use the netstat -r command to verify the routing table contents.
When the correct configuration is reached, add the proper configuration lines to the
/etc/rc.config.d/netconf file.
Note: when the gateway GNE fails, the ISA board will become unreachable in this
configuration. To recover, you must modify the routing table to remove the route from
the failed GNE (IP address and to set up a new route from an alternative
GNE (for example, IP address

Static Routing Configuration Example on the 1350 OMS EML Client

The 1350 OMS EML client function includes all machines that run the 1350 OMS EML.
The 1350 OMS EML client (Lan0, IP address = must communicate with the ISA
board (IP through the 1350 OMS EML master system and the GNE.
You must define lan0 of 1350 OMS EML master system as the gateway by entering
following command on the 1350 OMS EML client system:
..,sys,root # route add netmask 1
Check the network connectivity by executing a ping command from the 1350 OMS EML
client to the ISA board:
..,sys,root # ping 64 10 [Enter]

1350 OMS 3-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Configurations Static Routing Configurations

Important! The ping command can fail because the 1350 OMS EML master system is
not yet configured to forward the packages.
When the right configuration is reached, add the following configuration lines to
the/etc/rc.config.d/netconf file:
..,sys,root # vi /etc/rc.config.d/netconf [Enter]
Type G and insert the following lines:
ROUTE_DESTINATION [<x>]=”net <network>”
ROUTE_MASK [<x>]=<netmask>
ROUTE_GATEWAY [<x>]=<gateway>
ROUTE_ARGS [<x>]=”“
<x> is the last defined ROUTE_DESTINATION number, plus 1 or 0 (zero) if a route
destination is not yet defined.
<mask> is the bit setting. If the bit is set to 1, it identifies the part of address related to the
network. If the bit is set to 0, it identifies the host in the address.
<network> is the IP network address (logical AND IP address of node and netmask) to
which the ISA board IP belongs.
<gateway> is the IP address of the router or ADM GNE that allows access to the
destination ISA board.
Save and exit the file by typing x! and press the Enter key.

3-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Configurations Routing Configurations for Client Applications


Routing Configurations for Client Applications

Using the 1350 OMS EML with a multi-stack option requires additional configuring to
enable the correct communication between the client and the master applications. They
must communicate with each other within an environment where the Retix Stacks can be
installed on the 1350 OMS EML master system, and they can be instanced for each LAN
card equipped on the system. The client application can be installed on the 1350 OMS
EML master and presentation instances and also on the 1350 OMS SDH and US.
To enable communication of all the installed applications in the configuration, the
administrator must configure the communication among all LAN cards involved.
For Retix Stacks instances on the lan0 card, additional configurations are not required
because the connectivity and/or the routing has to be guaranteed to allow other
For Retix Stacks instances on a LAN that are different from lan0, the connectivity must
be created and verified.
The most common 1350 OMS EML configuration with a multi-stack option has two or
more LAN cards, each of which is connected to a different LAN segment. This
configuration allows traffic to be shared on different segments, and is used to avoid the
mixing of IP and OSI traffic.
When the Retix Stacks is configured on a LAN board other than lan0, the routing table on
the 1350 OMS EML client machine must be configured.
Examples of the following configuration scenarios are provided:
• Systems that are located in the same site that partially share the same LAN segment;
see “Same site systems sharing same LAN segment” (p. 3-7).
• Systems that are located in different sites that have full router connections; see
“Different site systems with full router connections” (p. 3-8).
• Systems that are located in different sites that do not have full router connections; see
“Different site systems without full router connections” (p. 3-8).

Same site systems sharing same LAN segment

This configuration includes having two systems that are located in the same site partially
share the same LAN segment. In this configuration, the internal routing of the HP-UX
system can set up the communication, which means that the packets from lan0 of the
1350 OMS EML client reach the lan1 of the 1350 OMS EML master through lan0 of the
1350 OMS EML master itself.
For this configuration, enter the following command on the 1350 OMS EML client
..,sys,root # route add <IP address lan1 SHM> <IP address lan0
SHM> 1 [Enter]

1350 OMS 3-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Configurations Routing Configurations for Client Applications

Enter the following command to verify the correct data entry on the 1350 OMS EML
..,sys,root # ping <IP address lan1 SHM> [Enter]
When the right configuration is reached, add following lines to the
/etc/rc.config.d/netconf file so the information is saved after a system reboot:
..,sys,root # vi /etc/rc.config.d/netconf [Enter]
Type G and insert the following lines:
ROUTE_DESTINATION [<x>]=<IP address lanx 1350 OMS EML master>
ROUTE_GATEWAY [<x>]=<IP address lan0 1350 OMS EML master>
<x> is the next available value. Check the already existing ROUTE_GATEWAY in the
<IP address lanx 1350 OMS EML master> is the IP address of the LAN that differs from
lan0, which must be reached by passing through lan0.
<IP address lan0 1350 OMS EML master> is the IP address of lan0 of the 1350 OMS
EML master system.
Save and exit the file by typing x! and press the Enter key.
Important! Before you modify the /etc/rc.config.d/netconf file, copy the original file
by entering (as root) the following command
cp /etc/rc.config.d/netconf /etc/rc.config.d/netconf.orig

Different site systems with full router connections

In this configuration, all involved routers must be configured to route the IP protocol and
to allow the communication among all LAN cards.

Different site systems without full router connections

This configuration includes having two systems that are located in different sites that do
not have full router connections; different LAN segments exist and only the lan0 segment
is connected by way of IP routers. In this configuration, the internal routing of the HP-UX
system can set up the communication.
Important! On the router that is connected to the 1350 OMS EML master lan0, you
must configure the 1350 OMS EML master system as the next hop to reach the lan1.

3-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Configurations Multi-LAN Configurations


Multi-LAN Configurations
When the 1350 OMS EML is installed with HP-UX 11iV3 (Hewlett Packard Unix), all
LANs that are present in configuration—for both master and presentation systems—must
have an IP address, even if they are not being used.
The Retix Stack can be used on more than one LAN board. Every LAN board that is
being used must be configured with an appropriate TCP/IP address. Usually lan0 is
automatically configured by the HP-UX Operating System in the installation phases, but
other LANs must also be configured.

LAN configuration guidelines

The following guidelines apply when configuring a LAN board:
• Other machines that are connected to the Local Area Network (LAN) cannot have the
same IP address.
All used IP addresses must be defined in a specific addressing plan, which the
customer typically provides.
• Other boards cannot be configured on the same machine with an IP address that
belongs to the same subnetwork.
If two LAN boards belong to the same subnetwork on the same system, the UNIX®
routing process cannot determine which way to transmit the messages.
• The first and the last address of each subnetwork is reserved.
• The network IP address cannot be used.
To identify the subnetwork of an IP address, you have to perform the local AND between
the IP address and the netmask.
Two addresses that look similar, but belong to different networks:
IP address with netmask -> Subnet
IP address with netmask -> Subnet
Two addresses that look different, but belong to the same network:
IP address with netmask -> Subnet
IP address with netmask -> Subnet
To check the relationship between IP Address and netmask, enter the ifconfig command
for each LAN board and check the broadcast value. The values must be different.

..,sys,root # ifconfig lan1

inet netmask ffffff00 broadcast
..,sys,root # ifconfig lan2
1350 OMS 3-9
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Configurations Multi-LAN Configurations

inet netmask ffffff00 broadcast
The IP belongs to this ISA board. For example: an ISA board with the IP address of has the netmask of and belongs to the network
<mask> is the bit setting. If the bit is set to 1, the address part that is related to the
network is identified. If the bit is set to 0, the host address is identified.
<gateway> is the IP address of the router or ADM GNE that allows access to the
destination ISA board.
When the right configuration is reached, add following lines to the
/etc/rc.config.d/netconf file so the information is saved after a system reboot:
..,sys,root # vi /etc/rc.config.d/netconf [Enter]
Type G and insert the following lines:
ROUTE_DESTINATION [<x>]=”net <network>”
ROUTE_MASK [<x>]=<netmask>
ROUTE_GATEWAY [<x>]=<gateway>
ROUTE_ARGS [<x>]=”“
<x> is the last defined ROUTE_DESTINATION number plus 1 or 0 (zero) if a route
destination is not yet defined.
<mask> is the bit setting. If the bit is set to 1, the address part that is related to the
network is identified. If the bit is set to 0, the host address is identified.
<network> is the IP network address (logical AND IP address of node and netmask) to
which the ISA board IP belongs.
<gateway> is the IP address of the router or ADM GNE that allows access to the
destination ISA board.
Save and exit the file by typing x! and press the Enter key.
Important! Remember to add a new routing destination to the routing table for each
new network defined for the ISA board. (Edit the /etc/rc.config.d/netconf file.)

3-10 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
4 Node Name Management

This chapter provides the 1350 OMS network administrator with the conceptual
information and the associated tasks that pertain to the Node Name Management tool.


Node Name Management Tool 4-2

Establish a Group and Initialize Node Name Management Persistent Data 4-6
Add a New Member to the Group 4-7
Add a New External Node to the Group 4-10
Remove a Member from a Group 4-12
List the Database Contents of a Group Member Node 4-14
Align All Group Member Nodes to a Specified Member Node 4-15
Align One Group Member Node to Another Group Member Node 4-16
Open Two Groups for Communication 4-17
Import Node Information Between Two Different Groups 4-19
Merge Nodes in Two Groups into One Group 4-21
Change the IP Address of a Remote Node 4-23
Change the IP Address of the Current/Local Node 4-26
Change the Hostname of a Remote Node 4-29
Change the Hostname of the Current/Local Node 4-32
Change the Subnetwork Mask 4-35
Change the Gateway IP Address and Hostname 4-36
Add a Server to the Current DNS Configuration 4-38
Change a Server in the Current DNS Configuration 4-40
Remove a Server from the Current DNS Configuration 4-42

1350 OMS 4-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Node Name Management Tool


Node Name Management Tool

Node Name Management tool definition and purpose
The Node Name Management tool is one of the administrator tools that is a part of the
Alcatel-Lucent Middle Ware Operating System (MS_OS) package of support tools. This
package of tools eases the administration of the HP-UX operating system in the
Alcatel-Lucent software environment.
The Node Name Management tool provides a centralized and integrated mechanism to
administer the IP address and hostname for the HP® servers that are used within the 1350
OMS application. It allows the administrator to configure the TCP/IP address and
hostname, along with the relationship of the TCP/IP address to the hostname, on all of the
nodes in a 1350 OMS network.
Important! This tool does not provide any support for the design of the IP network.

Node Name Management tool and the working group concept

The Node Name Management tool is based on a working group concept. The working
group is an entity that includes all of the nodes that need to communicate and work
together. The first node that is placed in the working group creates the group and is a
group member; other nodes can then be added.
Each node that belongs to the working group has a copy of the entire node name
repository, and it can add a new member to the group, or remove an existing one. These
nodes are referred to as member nodes. Any action can be completed if a quorum of
member nodes exists. Refer to the “Add a New Member to the Group” (p. 4-7) task.
Besides member nodes, the Node Name Management tool also supports external nodes in
the working group repository database. External nodes are other nodes in the TPC/IP
network; meaning, they are nodes such as printers or any other machines that are not
running the 1350 OMS application based on the MW-INT. These external nodes can be
added and removed like a member node, however, they cannot remove or add other
nodes, nor can they be used to reach the node group member quorum. Refer to the “Add a
New External Node to the Group” (p. 4-10) task.

Node Name Management tool interface and basic functions

The Node Name Management tool supports the following basic functions through a menu
driven interface:

Network Management Nodes (V2.3.5) -

Management options:
1-INIT = network map init. 11-CHIPADDR = change IP addr.
2-ADD = add a node 12-CHNODENAME = change hostname
3-REMOVE = remove a node 13-CHNETMASK = change netmask
4-PUT = put network map 14-CHGATEWAY = change gateway
5-LIST = list network map 15-DNSADD = add to DNS
6-TOTALIGN = alignment each node 16-DNSCHANGE = change DNS
7-ACTALIGN = alignment a single node 17-DNSREMOVE = remove from DNS
4-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Node Name Management Tool

8-GRPOPEN = open the current group
9-GRPIMPORT = import a remote group
10-GRPMERGE = merge two groups [0] - exit
Enter management option [0..17] :
The following menu options are available:
1. INIT is used to install the first 1350 OMS system in the entire group and to initialize
the Node Management persistent data to create the group to which group members are
to belong. Refer to the “Establish a Group and Initialize Node Name Management
Persistent Data” (p. 4-6) task.
2. ADD is used to add a new node/host and to enable the addition of any type of
node/host to the database. Standalone member nodes, external nodes, and cluster
nodes can be added. Refer to the “Add a New Member to the Group” (p. 4-7) and the
“Add a New External Node to the Group” (p. 4-10) tasks.
3. REMOVE is used to remove an existing node/host from the database. Current member
nodes, external nodes, and cluster nodes can be removed. Refer to the “Remove a
Member from a Group” (p. 4-12) task.
4. PUT is used to update the node name database of a remote group member, which can
be useful to align a node database.
5. LIST is used to view the database contents of the current or any other group member
node. Refer to the “List the Database Contents of a Group Member Node”
(p. 4-14) task.
6. TOTALIGN is used to align all group member nodes to one specified member. Refer to
the “Align All Group Member Nodes to a Specified Member Node” (p. 4-15) task.
7. ACTALIGN is used to align a specific group member node to another group member
node. Refer to the “Align One Group Member Node to Another Group Member
Node” (p. 4-16) task.
8. GRPOPEN is used to open groups for communication; that is, to enable communication
between distinct two groups to which both the current and the remote hosts belong.
Refer to the “Open Two Groups for Communication” (p. 4-17) task.
9. GRPIMPORT is used to import information between groups; that is, to include the
remote group descriptions on the current local group hosts. Refer to the “Import Node
Information Between Two Different Groups” (p. 4-19) task.
10. GRPMERGE is used to merge the nodes that belong to two groups into one group; that
is, to obtain a single group that contains the description of the nodes of both groups.
Refer to the “Merge Nodes in Two Groups into One Group” (p. 4-21) task.
11. CHIPADDR is used to change the Internet Protocol (IP) address of a system that is
configured with the Node Name Management tool. Refer to the “Change the IP
Address of a Remote Node” (p. 4-23) and “Change the IP Address of the
Current/Local Node” (p. 4-26) tasks.
12. CHNODENAME is used to change the node/host name. Refer to the “Change the
Hostname of a Remote Node” (p. 4-29) and “Change the Hostname of the
Current/Local Node” (p. 4-32) tasks.
13. CHNETMASK is used to change the subnetwork mask of a group member host. Refer to
the “Change the Subnetwork Mask” (p. 4-35) task.

1350 OMS 4-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Node Name Management Tool

14. CHGATEWAY is used to change the current gateway Internet Protocol (IP) address and
host name of a group member host. Refer to the “Change the Gateway IP Address and
Hostname” (p. 4-36) task.
15. DNSADD is used to add a new server to the current Domain Name Service (DNS)
configuration of a group member host. Refer to the “Add a Server to the Current DNS
Configuration” (p. 4-38) task.
16. DNSCHANGE is used to modify the current Domain Name Service (DNS) configuration
of a group member host. Refer to the “Change a Server in the Current DNS
Configuration” (p. 4-40) task.
17. DNSREMOVE is used is used to remove an existing server from the current Domain
Name Service (DNS) configuration of a group member host. Refer to the “Remove a
Server from the Current DNS Configuration” (p. 4-42) task and the “Change a Server
in the Current DNS Configuration” (p. 4-40) task.
0 is used to exit the Node Name Management tool.

Node Name Management tool security

The use of the Node Name Management tool security is two fold. It is used for the
• To include a new node in the group, a member node has to add the new node to the
• To authorize group access, the new node must perform an add action on the other
group members.
A group has three member nodes named hosta, hostb, and hostc. To add hostd to the
group, hosta, hostb, or hostc would have to add hostd to the database, which means that
all three nodes would then know hostd and its IP address, and would have to accept
requests implicitly from that source. Once hostd has been added to the database, hostd
would then have to accept the working group membership by performing an add action
itself by specifying one of the other group members. With this action, hostd authorizes the
other group member to operate on itself.

Node Name Management tool functional restrictions

The Node Name Management tool bases network communication on the MW-INT
Remotizer library, which means that the MW-INT has to be installed and customized
before it can correctly execute the Node Name Management tool. The Node Name
Management tool cannot be started before MW-INT installation and customization.
For the correct execution of the tool, the involved machines cannot differ more than 5
minutes in their system times.
Important! The relevant system time does not take into account time zones, so
administrators must check the time difference by entering the following command:
date -u
Refer to the 1350 OMS Installation Guide for more details on time synchronization.
4-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Node Name Management Tool

Node Name Management tool network example
The following Node Name Management tool example aids in the understanding of the
Node Name Management tool. In addition, this example is referred to in the following
• “Change the IP Address of a Remote Node” (p. 4-23)
• “Change the IP Address of the Current/Local Node” (p. 4-26)
• “Change the Hostname of a Remote Node” (p. 4-29)
• “Change the Hostname of the Current/Local Node” (p. 4-32)
The following five HP9000 servers are within one network management system. Their
identifying information is as follows:
• hosta IP address Role SDH Client
• hostb IP address Role EMLMaster
• hostc IP address Role SDH Client
• hostd IP address Role SDH Master
• hoste IP address Role EML Master
In addition, other network equipment, such as routers, local and network printers, PCs,
and time synchronization equipment, can be identified as follows:
• router1 IP address Left LAN router
• router2 IP address Central LAN router
• gpsrec1 IP address Time synchronization through Global Position
• router3 IP address Right LAN router
• lp1 IP address Network line printer
In this example, hosta is connected to a WAN, which in turn, enables it to communicate
with four other hosts, a GPS time receiver, and a network printer through three routers.

1350 OMS 4-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Establish a Group and Initialize Node Name Management
Persistent Data

Establish a Group and Initialize Node Name Management

Persistent Data
When to use
Use this task to establish a group and to initialize the Node Name Management persistent

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

Be aware that you are installing the first NMS for the entire network.

Complete the following steps to establish a group and to initialize the Node Name
Management persistent data.

1 Log in to a node as root.

Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 1 to establish a group and to initialize the Node Name Management
persistent data.
Result: The group is created and the Node Name Management persistent data has
been initialized when the following message is displayed:
** MESSAGE: node "<hostname>" (<IP address>) initialized.
Press [Enter] to continue.

4 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

4-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Add a New Member to the Group


Add a New Member to the Group

When to use
Use this task to add a new member to the group.
Important! This task is to be used only when the new member to be added is running
the TMN system based on the MW-INT.

Related information
See the following topics in this document:
• “Node Name Management Tool” (p. 4-2)
• “Establish a Group and Initialize Node Name Management Persistent Data”
(p. 4-6) task

Before you begin

You must have completed all of the steps in the “Establish a Group and Initialize Node
Name Management Persistent Data” (p. 4-6) task.
Because the Node Name Management tool has been designed to guarantee the security of
the entire system, the following safeguards apply:
• Your access to any group member in the configuration must be formally granted.
• You cannot perform any operations on a new group member without prior
authorization to access to it.
• You cannot add a new member to a group in one step. Adding a new member to a
group is a two step process in which the new node is first authorized to access the
group, and then the new (which becomes the current) node authorizes communication
with all other nodes belonging to the group.
To add a new member to the group perform the node addition on two group members in
the following order:
1. The new member must be authorized to access the group.
Add the new member on a member node that already belongs to the group. This
addition stores the new member in the database of all the nodes that belong to the
group and makes the new member known to other group members. Refer to “Task 1:
Add a New Member to the Group” (p. 4-8) task.
2. The newly added (current) member must authorize communication with all group
Execute the add on the newly added (current) node that has just joined the group. This
addition allows the newly added (current) group node member to retrieve the node
name database from any other group member. Refer to “Task 2: Make the New
Member Join the Group” (p. 4-8) task.
Important! When executing some commands, the following message might appear. If
it does appear, ignore it.
Redefining sub ConnectionManager::GetConnectionPort at /
alcatel/Kernel/lib/lib_perl/ line 695
1350 OMS 4-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Add a New Member to the Group

Task 1: Add a New Member to the Group
Complete the following steps to add a new member to the group.

1 Log in to a system that is already a group member as root.

Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 2 to add a new member to the group.

Result: The ADD - Management option is displayed.

4 Enter the number 2 to add a remote group node member.


5 Enter the hostname and IP address of the new remote member. Wait until the tool
completes execution.
Result: The new group member has been added to the group and is known to all other
group members.

6 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

7 Go to “Task 2: Make the New Member Join the Group” (p. 4-8).

Task 2: Make the New Member Join the Group

Complete the following steps to make the new member join the group.

1 Log in to the new member, which was formerly known as the remote member, as root.
Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:

4-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Add a New Member to the Group

...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 2 to add the new group member to the group.
Result: The ADD - Management option is displayed.

4 Enter the number 1 to add the current node.


5 Enter the hostname and IP address of the group member node. Wait until the tool
completes execution.
Result: The new node is now a member of the group.

6 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

1350 OMS 4-9
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Add a New External Node to the Group


Add a New External Node to the Group

When to use
Use this task to add a new external node to the group.
Important! This task is to be used only when the new node to be added (such as a
printer) is NOT running the TMN system based on the MW-INT.

Related information
See the following topics in this document:
• “Node Name Management Tool” (p. 4-2)
• “Establish a Group and Initialize Node Name Management Persistent Data”
(p. 4-6) task

Before you begin

Complete all of the steps in the“Establish a Group and Initialize Node Name Management
Persistent Data” (p. 4-6) task.
Important! When executing some commands, the following message might appear. If
it does appear, ignore it.
Redefining sub ConnectionManager::GetConnectionPort at /
alcatel/Kernel/lib/lib_perl/ line 695

Complete the following steps to add a new external node to the group.

1 Log in to a system that is already a group member as root.

Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 2 to add a new group member to the group.

Result: The ADD - Management option is displayed.

4 Enter the number 3 to add a remote external node member.

4-10 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Add a New External Node to the Group


5 Enter the hostname and IP address of the new host. Wait until the tool completes
Result: The new group member has been added to the group and is known to all
group members. Its information is automatically distributed to the entire group.

6 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

1350 OMS 4-11
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Remove a Member from a Group


Remove a Member from a Group

When to use
Use this task to remove a member from a group.
Important! The remove option of the Node Name Management tool can also remove
a system if it cannot be reached through the network.

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

This task does not have any preconditions.

Complete the following steps to remove a member from a group.

1 Log in to a system that is already a group member as root.

Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 3 to remove a node from the group.

Result: The Remove menu is displayed.

4 Choose the menu option that is related to the action that you want to execute.
The Remove option enables you to remove the following:
• Remove Entry for the Current Node
Entries for the current node can be removed one of two ways:
1. One for the primary or physical hostname
2. Another for the virtual hostname for cluster configurations
• Remove Entry for Other Group Member
You can remove the entry for other group members for both the primary and virtual
• Remove Entry for External Nodes

4-12 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Remove a Member from a Group

You can remove the entry for external nodes.

5 Enter the hostname and IP address of the node to be removed. Wait until the tool
completes execution.
Result: The node has been removed from the group and from all group member

6 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

1350 OMS 4-13
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management List the Database Contents of a Group Member Node


List the Database Contents of a Group Member Node

When to use
Use this task to list the database contents of a group member node.

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

This task does not have any preconditions.

Complete the following steps to list the database contents of a group member node.

1 Log in to a system that is already a group member as root.

Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 5 to list the database contents of a group member node.

4 Enter the hostname and IP address of the node in which the database contents are to be
listed. Wait until the tool completes execution.
Result: The database contents of the specified node are displayed.

5 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

4-14 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Align All Group Member Nodes to a Specified Member Node


Align All Group Member Nodes to a Specified Member Node

When to use
Use this task to align all group member nodes to a specified member node.

Related information
See the following topics in this document:
• “Node Name Management Tool” (p. 4-2)
• “Align One Group Member Node to Another Group Member Node” (p. 4-16) task

Before you begin

This task does not have any preconditions.

Complete the following steps to align all group member nodes to a specified node.

1 Log in to a system that is already a group member as root.

Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 6 to align all group member nodes to a specified node.

4 Enter the hostname and IP address of the node to which all group members are to be
aligned. Wait until the tool completes execution.
Result: All group member nodes are now aligned with the specified node.

5 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

1350 OMS 4-15
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Align One Group Member Node to Another Group Member

Align One Group Member Node to Another Group Member

When to use
Use this task to align one group member node to another group member node.

Related information
See the following topics in this document:
• “Node Name Management Tool” (p. 4-2)
• “Align All Group Member Nodes to a Specified Member Node” (p. 4-15) task

Before you begin

This task does not have any preconditions.

Complete the following steps to align one group member node to another group member

1 Log in to a system that is already a group member as root.

Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 7 to align one group member node to another group member node.

4 Enter the hostname and IP address of the two nodes to be aligned. Wait until the tool
completes execution.
Result: The two group member nodes are now aligned.

5 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

4-16 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Open Two Groups for Communication


Open Two Groups for Communication

When to use
Use this task to open groups for communication; that is, to enable communication
between distinct two groups to which both the current and the remote node members

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

The GRPOPEN, GRPIMPORT, and GRPMERGE options of the Node Name
Management tool enable the communication and, eventually, the merging of two different
groups that are configured on the same network.
To perform this type of merge, execute two different tasks in the following sequence:
1. Enable communication between distinct two groups to which both the current and the
remote nodes belong by way of the GRPOPEN option using this task.
2. Then, choose one of the following options and their related tasks:
• Include the remote group description on the current group node by way of the
GRPIMPORT option using the “Import Node Information Between Two Different
Groups” (p. 4-19) task.
• Merge the current and remote node groups to obtain a single group that contains the
description of the nodes of both groups by way of the GRPMERGE option using the
“Merge Nodes in Two Groups into One Group” (p. 4-21) task.

Complete the following steps to open groups for communication.

1 Log in to the group member system that you want to enable a remote connection to as
Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 8 to open the current group.

1350 OMS 4-17
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Open Two Groups for Communication


4 Enter the hostname and IP address of the remote node to which you want to link. Wait
until the tool completes execution.
Result: The two groups to which the current and the remote nodes belong are now
linked and can communicate.

5 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

4-18 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Import Node Information Between Two Different Groups


Import Node Information Between Two Different Groups

When to use
Use this task to import information between groups; that is, to include the remote group
descriptions on the current local group nodes.

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

The GRPOPEN, GRPIMPORT, and GRPMERGE options of the Node Name
Management tool enable the communication and, eventually, the merging of two different
node groups that are configured on the same network.
To perform this type of merge, execute two different tasks in the following sequence:
1. Enable communication between the two distinct groups to which both the current and
the remote nodes belong via the option GRPOPEN using the “Open Two Groups for
Communication” (p. 4-17) task. Note: this task requires you to complete the “Open
Two Groups for Communication” (p. 4-17) task.
2. Then, choose one of the following options and their related tasks:
• Include the remote group description on the current group host by way of the
GRPIMPORT option using this task.
• Merge the current and remote node groups to obtain a single group that contains the
description of the nodes of both groups by way of the GRPMERGE option using the
“Merge Nodes in Two Groups into One Group” (p. 4-21) task.

Complete the following steps to import information between two different groups.

1 Complete the steps in the “Open Two Groups for Communication” (p. 4-17) task.

2 Log in to the group member system for which you want to configure the nodes of the
remote group as root.
Important! The group member system MUST BE the same remote node that you
specified during the “Open Two Groups for Communication” (p. 4-17) task.
Result: You now have superuser privileges.

3 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]

1350 OMS 4-19
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Import Node Information Between Two Different Groups

Result: The Network Management Nodes menu is displayed.

4 Enter the number 9 to import the information of the remote group.


5 Enter the hostname and IP address of the remote node to which you want to link. Wait
until the tool completes execution.
Important! The hostname and IP address MUST BE the same remote node hostname
and IP address that you specified during the “Open Two Groups for Communication”
(p. 4-17) task.
Result: The configuration of each node member of a local group includes the
description of all node members of the remote group.

6 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

4-20 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Merge Nodes in Two Groups into One Group


Merge Nodes in Two Groups into One Group

When to use
Use this task to merge the nodes that belong to two groups into one group; that is, to
obtain a single group that contains the description of the nodes of both groups.

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

The GRPOPEN, GRPIMPORT, and GRPMERGE options of the Node Name
Management tool enable the communication and, eventually, the merging of two different
node groups that are configured on the same network.
To perform this type of merge, you must execute two different tasks in the following
1. Enable communication between two distinct groups to which both the current and the
remote nodes belong by way of the GRPOPEN option using the “Open Two Groups
for Communication” (p. 4-17) task. Note that Step 1 of this task requires you to
complete the “Open Two Groups for Communication” (p. 4-17) task.
2. Then choose one of the following options and their related tasks:
• Include the remote group description on the current group node by way of the
GRPIMPORT option using the “Import Node Information Between Two Different
Groups” (p. 4-19) task.
• Merge the current and remote node groups to obtain a single group that contains the
description of the nodes of both groups by way of the GRPMERGE option using this

Complete the following steps to merge the nodes that belong to two groups into one

1 Complete the steps in the “Open Two Groups for Communication” (p. 4-17) task.

2 Log in to the group member system for which you want to configure the nodes of the
remote group as root.
Important! The group member system MUST BE the same remote node that you
specified during the “Open Two Groups for Communication” (p. 4-17) task.
Result: You now have superuser privileges.

3 Enter the following command to run the Node Name Management tool:
1350 OMS 4-21
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Merge Nodes in Two Groups into One Group

...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

4 Enter the number 10 to merge the nodes that belong to two groups into one group.

5 Enter the hostname and IP address of the remote node to which you want to merge. Wait
until the tool completes execution.
Important! The hostname and IP address MUST BE that of the same remote node that
you specified during the “Open Two Groups for Communication” (p. 4-17) task.
Result: All node members of the two groups have been merged into a single group.

6 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

4-22 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the IP Address of a Remote Node


Change the IP Address of a Remote Node

When to use
Use this task to change the IP address of a remote node; meaning, change the IP address
on a remote network node, but not the IP address of the node to which you are logged on.

Related information
See the following topics in this document:
• “Node Name Management Tool” (p. 4-2)
• “Change the IP Address of the Current/Local Node” (p. 4-26)

Before you begin

Important! Some key points to remember about changing an IP address are the
• To communicate using the hostname alias, two nodes must have the correct hostname
and IP address in the /etc/hosts file.
• The relationship between the hostname and IP address must be changed in the entire
• The new IP address must agree with IP addressing plan of the local area network
(LAN) in which the system is to operate. Duplicate IP addresses are not allowed.
• When the IP address is changed or when the IP network or subnetwork (RFC 1878) is
changed, any related routing information must also be changed.
• When the IP address is changed on a node, communication with that node can be lost.
Any open connection can come down because changing the IP address shuts down
LAN services.
The Node Name Management tool (scNMmng) cannot be run on any node in which
the IP address is to be changed by using remote network connections (such as a telnet
connection or Xterminal emulation GOGlobal-UX), the X Motif interface, or any
connection that involves the LAN interface because the connection can be lost and the
Common Desktop Environment (CDE) can get blocked. If you are changing the IP
address on an HP9000 workstation, exit any CDE interface and log in in console
mode (black screen).
• Because the tool cannot identify when it begins execution from a network opened
shell, it cannot perform any checks to prevent execution from an incorrect source.
To perform this type of change, execute two different tasks in the following order:
1. Change the IP address of a remote node; meaning, change the IP address on a remote
network node, but not the IP address of the node to which you are logged on. This
change is performed in this task.
2. Change the IP address of the current/local node; meaning, the IP address of the node
to which you are currently logged on. This change is performed in the “Change the IP
Address of the Current/Local Node” (p. 4-26) task.

1350 OMS 4-23
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the IP Address of a Remote Node

Important! The change must be performed in this order. Communication cannot be
established again unless both of these tasks are completed. In addition, before you
proceed with another set of tasks, verify that communication is once again established
between the nodes that have the new IP addresses and the remaining group members.

Complete the following steps to change the IP address of a remote node; meaning, change
the IP address on a remote network node, but not the IP address of the node to which you
are logged on

1 Log in to the group member node as root.

Note: In the steps that follow, the examples given are in relationship to the text and
example provided in “Node Name Management tool network example” (p. 4-5). As you
look at the examples, imagine that you are working on the hostb node and are changing
the IP address of the hostc node from the IP address of to
hostb in “Node Name Management tool network example” (p. 4-5).
Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 11 to change the IP address of a remote member node.

Result: The CHANGE-IP - Management options: menu is displayed:

CHANGE-IP - Management options:

1 - change the IP addr. on current node
2 - change the IP addr. on remote node (member)
[0] - Main menu
Enter management option [0..2] :

4 Enter the number 2 to change the IP address of the remote member node.
Result: The tool begins to prompt you for the hostname, old IP address, new IP
address, and network ID of the remote member node/host.

5 Enter the hostname for the remote host/node at the following prompt:
Please insert the HOSTNAME for remote host :
<remote host/node name> [Enter]
4-24 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the IP Address of a Remote Node

hostc in “Node Name Management tool network example” (p. 4-5).

6 Enter the old IP address for the remote host/node at the following prompt:
Please insert the OLD IP ADDR. for remote host :
<old IP address of the remote host/node> [Enter]
Example: in “Node Name Management tool network example” (p. 4-5).

7 Enter the new IP address for the remote host/node at the following prompt:
Please insert the NEW IP ADDR. for remote host :
<new IP address of the remote host/node> [Enter]
Example: in “Node Name Management tool network example” (p. 4-5).

8 Enter the network ID for the remote host/node at the following prompt:
Please insert the NETWORK ID for remote host :
<LAN ID for the remote host/node> [Enter]
0=lan1, 1=lan1, ... in “Node Name Management tool network example” (p. 4-5).
Result: The tool prompts you to confirm your choices.

9 At the following prompt, answer Y for yes:

Do you confirm the execution [Y/N - def.=Y]? : Y
Result: The tool outputs the following warning:
When the tool completes execution, it displays the following:
** MESSAGE: IP ad. of "<hostname>" (<current IP address>)
changed in <new IP address>. Press [Enter] to continue.
The IP address of the indicated node has been changed.

10 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

1350 OMS 4-25
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the IP Address of the Current/Local Node


Change the IP Address of the Current/Local Node

When to use
Use this task to change the IP address of the current/local node, meaning, the IP address
of the node to which you are currently logged on.

Related information
See the following topics in this document:
• “Node Name Management Tool” (p. 4-2)
• “Change the IP Address of a Remote Node” (p. 4-23)

Before you begin

Important! Some key points to remember about changing an IP address are the
• To communicate using the hostname alias, two nodes must have the correct hostname
and IP address in the /etc/hosts file.
• The relationship between the hostname and IP address must be changed in the entire
• The new IP address must agree with IP addressing plan of the local area network
(LAN) in which the system is to operate. Duplicate IP addresses are not allowed.
• When the IP address is changed or when the IP network or subnetwork (RFC 1878) is
changed, any related routing information must also be changed.
• When the IP address is changed on a node, communication with that node can be lost.
Any open connection can come down because changing the IP address shuts down
LAN services.
The Node Name Management tool (scNMmng) cannot be run on any node in which
the IP address is to be changed by using remote network connections (such as a telnet
connection, Xterminal emulation, GoGlobal-UX), the X Motif interface, or any
connection that involves the LAN interface because the connection can be lost and the
CDE can get blocked. If you are changing the IP address on an HP9000 workstation,
exit any CDE interface and log in in console mode (black screen).
• Because the tool cannot identify when it begins execution from a network opened
shell, it cannot perform any checks to prevent execution from an incorrect source.
To perform this type of change, execute two different tasks in the following order:
1. Change the IP address of the remote node; meaning, change the IP address on the
remote network node, but not the IP address of the node to which you are logged on.
This change is performed in the “Change the IP Address of a Remote Node”
(p. 4-23) task.
2. Change the IP address of the current/local node; meaning, the IP address of the node
to which you are currently logged on. This change is performed in this task.

4-26 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the IP Address of the Current/Local Node

Important! The change must be performed in this order. Communication cannot be
established again unless both of these tasks are completed. In addition, before you
proceed with another set of tasks, verify that communication is once again established
between the nodes that have the new IP addresses and the remaining group members.

Complete the following steps to change the IP address of the current/local node; meaning,
the IP address of the node to which you are currently logged on.

1 Complete the steps in the “Change the IP Address of a Remote Node” (p. 4-23) task.

2 Log in to the current/local group member node as root.

Note: In the steps that follow, the examples given are in relationship to the text and
example provided in “Node Name Management tool network example” (p. 4-5). As you
look at the examples, imagine that you are working on hostc node and are changing the IP
address of the hostc node from the IP address of to
hostc in “Node Name Management tool network example” (p. 4-5).
Result: You now have superuser privileges.

3 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

4 Enter the number 11 to change the IP address of a node.

Result: The CHANGE-IP - Management options: menu is displayed:

CHANGE-IP - Management options:

1 - change the IP addr. on current node
2 - change the IP addr. on remote node (member)
[0] - Main menu
Enter management option [0..2] :

5 Enter the number 1 to change the IP address on the current member node.
Result: The tool begins to prompt you for the old IP address, new IP address, and
network ID of the current host/node.

6 Enter the old IP address for the current/local node at the following prompt:

1350 OMS 4-27
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the IP Address of the Current/Local Node

Please insert the OLD IP ADDR. for local host :
<old IP address of the current/local host> [Enter]
Example: in “Node Name Management tool network example” (p. 4-5).

7 Enter the new IP address for the current/local node at the following prompt:
Please insert the NEW IP ADDR. for local host :
<new IP address of the current/local host> [Enter]
Example: in “Node Name Management tool network example” (p. 4-5).

8 Enter the network ID for the current/local node at the following prompt:
Please insert the NETWORK ID for local host :
<LAN ID for the current/local host> [Enter]
0=lan1, 1=lan1, ... in “Node Name Management tool network example” (p. 4-5).
Result: The tool prompts you to confirm your choices.

9 At the following prompt, answer Y for yes:

Do you confirm the execution [Y/N - def.=Y]? : Y
Result: The tool outputs the following warning:
Important! Because a re-configuration of MW-INT services is required, the tool
execution might take awhile. Do not abort the execution of the tool.
When the tool completes execution, it displays the following:
** MESSAGE: IP ad. of "<hostname>" (<current IP address>)
changed in <new IP address>. Press [Enter] to continue.
The IP address of indicated node has been changed.

10 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

4-28 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the Hostname of a Remote Node


Change the Hostname of a Remote Node

When to use
Use this task to change the hostname of a remote node; meaning, change the hostname on
a remote network node, but not the hostname of the node to which you are logged on.
Important! The change hostname option of the Node Name Management tool is not
allowed on a cluster member.

Related information
See the following topics in this document:
• “Node Name Management Tool” (p. 4-2)
• “Change the Hostname of the Current/Local Node” (p. 4-32)

Before you begin

Important! Some key points to remember about changing the hostname are the
• To communicate using the hostname alias, two nodes must have the correct hostname
and IP address in the /etc/hosts file.
• The relationship between the hostname and IP address must be changed in the entire
• When the hostname is changed on a node, communication with that node can be lost.
To perform this type of change, execute two different tasks in the following order:
1. Change the hostname of the remote node, meaning, change the host name on a remote
network node, but not the hostname of the node to which you are logged on. This
change is performed in this task.
2. Change the hostname of the current/local node; meaning, change the hostname of the
node to which you are currently logged on. This change is performed in the “Change
the IP Address of the Current/Local Node” (p. 4-26) task.
Important! The change must be performed in this order. Communication cannot be
established again unless both of these tasks are completed. In addition, before you
proceed with another set of tasks, verify that communication is once again established
between the nodes that have the new hostname and the remaining group members.

Complete the following steps to change the hostname of a remote node; meaning, change
the hostname on a remote network node, but not the hostname of the node to which you
are logged on

1 Log in to the group member node as root.

1350 OMS 4-29
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the Hostname of a Remote Node

Note: In the steps that follow, the examples given are in relationship to the text and
illustration provided in “Node Name Management tool network example” (p. 4-5). As you
look at the examples, imagine that you are working on the hostb node and are changing
the hostname of the hostc node from hostc to hostx.
hostb in “Node Name Management tool network example” (p. 4-5).
Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 12 to change the hostname of a remote member node.

Result: The CHANGE-NODE - Management options: menu is displayed:

CHANGE-NODE - Management options:

1 - change the hostname on current node
2 - change the hostname on remote node (member)
[0] - Main menu
Enter management option [0..2] :

4 Enter the number 2 to change the hostname of the remote member node.
Result: The tool begins to prompt you for the old hostname, IP address, and new
hostname of the remote member node/host.

5 Enter the old hostname for the remote host/node at the following prompt:
Please insert the OLD HOSTNAME for remote host :
<old remote host/node name> [Enter]
hostc in “Node Name Management tool network example” (p. 4-5).

6 Enter the IP address for the remote host/node at the following prompt:
Please insert the IP ADDR. for remote host :
<IP address of the old remote host/node> [Enter]
Example: in “Node Name Management tool network example” (p. 4-5).

4-30 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the Hostname of a Remote Node


7 Enter the new hostname for the remote host/node at the following prompt:
Please insert the NEW HOSTNAME for local host :
<new hostname of the remote host/node> [Enter]
hostx in “Node Name Management tool network example” (p. 4-5).

8 At the following prompt, answer Y for yes:

Do you confirm the execution [Y/N - def.=Y]? : Y
Result: The tool outputs the following warning:
When the tool completes execution, it displays the following:
** MESSAGE: nodename "<hostname>" changed in <new hostname>.
Press [Enter] to continue.
The hostname of indicated node has been changed.

9 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

1350 OMS 4-31
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the Hostname of the Current/Local Node


Change the Hostname of the Current/Local Node

When to use
Use this task to change the hostname of the current/local node, meaning, the hostname of
the node to which you are currently logged on.
Important! The change hostname option of the Node Name Management tool is not
allowed on a cluster member.

Related information
See the following topics in this document:
• “Node Name Management Tool” (p. 4-2)
• “Change the Hostname of a Remote Node” (p. 4-29)

Before you begin

Important! Some key points to remember about changing the hostname are the
• To communicate using the hostname alias, two nodes must have the correct hostname
and IP address in the /etc/hosts file.
• The relationship between the hostname and IP address must be changed in the entire
• When the hostname is changed on a node, communication with that node can be lost.
To perform this type of change, execute two different tasks in the following order:
1. Change the hostname of a remote node; meaning, change the host name on a remote
network node, but not the hostname of the node to which you are logged on. This
change is performed in the “Change the Hostname of a Remote Node” (p. 4-29) task.
2. Change the hostname of the current/local node, meaning change the hostname of the
node to which you are currently logged on. This change is performed in this task.
Important! The change must be performed in this order. Communication cannot be
established again unless both of these tasks are completed. In addition, before you
proceed with another set of tasks, verify that communication is once again established
between the nodes that have the new hostname and the remaining group members.
The end of this task requires a system reboot and the running of the ChangeHostName
tool, which must be run to update the hostname in MW-INT environment (including the
Kerberos database).

Complete the following steps to change the hostname of the current/local node; meaning,
the hostname of the node to which you are currently logged on.

1 Complete the steps in the “Change the Hostname of a Remote Node” (p. 4-29) task.

4-32 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the Hostname of the Current/Local Node


2 Log in to the current/local group member node as root.

Note: In the steps that follow, the examples given are in relationship to the text and
example provided in “Node Name Management tool network example” (p. 4-5). As you
look at the examples, imagine that you are working on hostc node and are changing the
hostname of the hostc node from hostc to hostx.
hostc in “Node Name Management tool network example” (p. 4-5).
Result: You now have superuser privileges.

3 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

4 Enter the number 12 to change the hostname of the local/current node.

Result: The CHANGE-NODE - Management options menu is displayed:

CHANGE-NODE - Management options:

1 - change the hostname on current node
2 - change the hostname on remote node (member)
[0] - Main menu
Enter management option [0..2] :

5 Enter the number 1 to change the IP address on the current member node.
Result: The tool begins to prompt you for the new hostname of the current host/node.

6 Enter the new hostname for the current/local host at the following prompt:
Please insert the NEW HOSTNAME for local host :
<new hostname of the current/local host> [Enter]
hostx in “Node Name Management tool network example” (p. 4-5).

7 At the following prompt, answer Y for yes:

Do you confirm the execution [Y/N - def.=Y]? : Y
Result: The tool outputs the following warning:

1350 OMS 4-33
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the Hostname of the Current/Local Node

Important! Because a reconfiguration of MW-INT services is required, the tool
execution might take awhile. Do not abort the execution of the tool.
When the first execution phase completes, the following message is displayed:

**WARNING: a system reboot will be executed immediately after this operation!

**At the end of system reboot, is mandatory to perform manually the
**following command (as ”root”):
**/alcatel/Kernel/etc/ –hostname <new_hostname>
Press [Enter] to continue.
The name of the indicated node has been changed
When the tool completes execution, it displays the following:
** MESSAGE: IP ad. of "<hostname>" (<current IP address>)
changed in <new IP address>. Press [Enter] to continue.
The IP address of indicated node has been changed.

8 Press the Enter key to perform the system reboot:

Result: The system is rebooted.

9 Once the system reboots, log in to the system as root.


10 Enter the following command line to execute the ChangeHostName tool, which is run to
update the hostname in MW-INT environment (including the Kerberos database):
/alcatel/Kernel/etc/ –hostname <new_hostname>
In the “Node Name Management tool network example” (p. 4-5), <new_hostname>
would be hostx.
Result: The execution of the ChangeHostName tool takes about 100 minutes. Do not
abort the tool.

4-34 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the Subnetwork Mask


Change the Subnetwork Mask

When to use
Use this task to change the subnetwork mask, which includes each network interface that
is configured.

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

This task does not have any preconditions.

Complete the following steps to change the subnetwork mask, which includes each
network interface that is configured.

1 Log in to the group node in which you want to change the subnetwork mask as root.
Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 13 to change the subnetwork mask.


4 At the prompts, enter the new subnetwork mask and the LAN identification number
(0=lan0, 1=lan1, etc.). Wait until the tool completes execution.
Result: The new subnetwork mask is automatically activated for the current host.

5 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

1350 OMS 4-35
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the Gateway IP Address and Hostname


Change the Gateway IP Address and Hostname

When to use
Use this task to change the IP address and hostname of a gateway, which includes each
network interface that is configured.

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

This task does not have any preconditions.

Complete the following steps to change the IP address and hostname of a gateway on
each network interface that is configured.

1 Log in to the group node in which you want to change the subnetwork mask as root.
Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 14 to change the IP address and hostname of a gateway on each
network interface that is configured.

4 At the prompts, enter the current gateway IP address that is to be replaced.

To modify the default gateway, specify default. Do not specify the current IP gateway
address that is to be replaced. Then, specify the new gateway hostname and the
new gateway IP address.
Wait until the tool completes execution.
Result: The new gateway, the IP address, and hostname are automatically activated
for the current host.

5 To return to the main menu, press Enter.

4-36 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change the Gateway IP Address and Hostname

To exit the tool, press 0, then press Enter.

1350 OMS 4-37
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Add a Server to the Current DNS Configuration


Add a Server to the Current DNS Configuration

When to use
Use this task to add a server to the current Domain Name System (DNS) configuration for
a group member host. If the DNS is not already configured, it is initialized.

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

This task does not have any preconditions.

Complete the following steps to add a server in the current Domain Name System (DNS)
configuration for a group member host.

1 Log in to the group member node in which you want to add the DNS configuration
information as root.
Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 15 to add or update the DNS configuration.


4 Enter the hostname of the new DNS server at the following prompt:
Please insert the NEW DNS NAMESERVER HOSTNAME for local host :
<new DNS_hostname> <new DNS hostname> [Enter]
Important! You must know the name of the Domain Name Service and the nameserver.

5 Enter the IP address of the new DNS server at the following prompt:
Please insert the NEW DNS NAMESERVER IP ADDR for local host
<new_DNS IP address> [Enter]
Important! You must know the name of the Domain Name Service and the nameserver.

4-38 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Add a Server to the Current DNS Configuration


6 At the next prompt, do one of the following:

• If the Domain Name System (DNS) is not yet configured on the current host, enter the
local domain name of the new DNS server.
• If the DNS is already configured on the current host, press Enter to confirm the
current local domain name that is automatically displayed.
Please insert the NEW DNS NAMESERVER DOMAIN for local host
<new_DNS domain> [Enter]
Wait until the tool completes execution.
Result: The new DNS configuration is automatically updated on the current host.

7 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

1350 OMS 4-39
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change a Server in the Current DNS Configuration


Change a Server in the Current DNS Configuration

When to use
Use this task to modify the current Distributor Names Server (DNS) configuration of a
group member node. Specifically, this task enables you to do the following:
• Replace a DNS nameserver that is currently configured with a new DNS nameserver.
• Replace the current local domain name with a new domain name.
• Perform an update of the search domain list.

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

This task does not have any preconditions.

Complete the following steps to modify the current Distributor Names Server (DNS)
configuration of a group member node.

1 Log in to the group member node where you want to change the DNS as root.
Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 16 to add or update the DNS configuration.


4 If you want to replace a DNS nameserver that is currently configured, enter the current
name of the DNS nameserver at the following prompt:
current DNS nameserver name <current DNS nameserver> [Enter]

5 If you want to replace a DNS nameserver that is currently configured, enter the new DNS
server at the following prompt:
new DNS nameserver name <new DNS nameserver> [Enter]

4-40 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Change a Server in the Current DNS Configuration


6 If you want to replace the DNS nameserver that is currently configured, enter its new IP
address at the following prompt:
new DNS nameserver IP addr
<IP address of the new DNS server host> [Enter]

7 Optional: To change the DNS local domain name, enter the new name of the local
domain at the following prompt or press Enter to maintain the current local domain
new DNS local domain name
<new DNS local domain name>/<blank for the current search domain
list> [Enter]

8 Optional: To change the current search list, enter the new name of the search list at the
following prompt or press Enter to maintain the current search domain list:
search list for host-name lookup
<Name of the new serach list>/<blank for the current search
domain list> [Enter]
Wait until the tool completes execution.
Result: The new DNS configuration is automatically updated on the current member

9 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.

1350 OMS 4-41
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Remove a Server from the Current DNS Configuration


Remove a Server from the Current DNS Configuration

When to use
Use this task to remove a server from the current Distributor Names Server (DNS)

Related information
See the following topic in this document:
• “Node Name Management Tool” (p. 4-2)

Before you begin

If the DNS server specified is the last server that is configured on the local node, the DNS
will be un-configured.

Complete the following steps to remove a server from the current Distributor Names
Server (DNS) configuration.

1 Log in to the group member node where you want to remove the DNS nameserver as
Result: You now have superuser privileges.

2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.

3 Enter the number 17 to remove the DNS nameserver.


4 At the following prompts, enter the name of the DNS nameserver, which is currently
defined, that must be removed. (Note that the IP address is automatically displayed.)
Please insert the OLD DNS NAMESERVER HOSTNAME for local host:
<current DNS nameserver> [Enter]
Please insert the OLD DNS NAMESERVER IP ADDR. for local host:
<current DNS nameserver IP Address> [Enter]

5 To return to the main menu, press Enter.

4-42 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Remove a Server from the Current DNS Configuration

To exit the tool, press 0, then press Enter.

1350 OMS 4-43
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Node Name Management Remove a Server from the Current DNS Configuration


4-44 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
5 S5ystem Backup and

This chapter provides the 1350 OMS network administrator with the conceptual
information and the associated tasks that pertain to the backup and recovery of the 1350


Backup and Restore Overview 5-2

scbackup Overview 5-3
Backup Strategies 5-6
Backup Tape Sets 5-8
Backup Restrictions and Requirements 5-10
Troubleshoot a Backup 5-11
Restore and screstore 5-13
Troubleshoot a Restore 5-15
Mirror Configurations 5-20
Run scdisk_read_check to Read and Check the Disk 5-21
Perform a Tape Check 5-23
Run scbackup for a Local Disk or an Application Instance Backup 5-24
Run scbackup Using a Disk Directory as the Supporting Output Media 5-29
Verify the Readability of the fbackup Tape 5-33
Boot from the IRT 5-34
Run screstore to Restore Data from the fbackup Media 5-36
Run the scmirrorfs Tool to Set Up the Mirrored Configuration 5-43

1350 OMS 5-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Backup and Restore Overview


Backup and Restore Overview

Backup and restore functional definition
The backup and restore function is one of the administrator functions that is a part of the
Alcatel-Lucent Middle Ware Operating System (MW_OS) package of support tools. This
package of tools eases the administration of the HP-UX® operating system in the
Alcatel-Lucent software environment.
Backup and restore can be run through the execution of online commands, and each is
integrated with other MW_OS features (for example, disk mirror management).

Backup and restore storage areas

The backup and restore function can operate on the following different storage areas:
• System area, which includes mostly programs, but also application independent data.
• Disks that are local to the system, which includes all disks but not shared disks in
cluster systems that share data configurations.
• Application instances, which includes application data that is stored on local or on
shared disks.
Backup focuses on the type of data that is stored on the disks. Backup has the ability to
distinguish between system data and application instance data, which can be backed up

5-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore scbackup Overview


scbackup Overview
Backup objective
The backup procedure provides the administrator with an easy-to-use tool to store, on
tape or on a disk directory (local or remote mounted via Network File System - NFS), the
contents of the disks and the disk partitioning. The backup can be used if a disk failure
occurs or if data corruption becomes evident.
All backups are done using the scbackup command.

Backup tools
The backup procedure uses the following HP-UX® tools:
• fbackup, which is the backup tool that is included in the HP-UX® 11.31 Core.
• Ignite-UX, which is an add-on HP® tool for system installation services.
The versions of the tool that are certified are listed in the following table. The behavior of
scbackup is only guaranteed with the versions that are listed in the following table. Using
an older version of the tool can cause the backup to fail.

Full System Backup and Restore

Tool Version
HP-UX 11i 11.31
Ignite-UX C.7.10.472

scbackup syntax
The command syntax of scbackup is as follows:
The following syntax is the typical format for a backup:
scbackup [-t <minutes>] [-a <dir_name>][-o <option list>] [-d] ARG...
The following syntax must be used when errors occur during the backup and the disk
mirroring must be recovered. The failed backup displays a warning message that this
syntax must be used:
scbackup -R
The following syntax is used to print out the procedure version or for help:
scbackup -v | -h

1350 OMS 5-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore scbackup Overview

• -t <minutes> specifies the time to wait in minutes to insert a new tape. If the time
expires, the backup is terminated. The default is an infinite waiting time. This option
is not allowed if the -a option is specified.
• -a <dir_ name> specifies that the output of the backup is to be generated in a file that
is stored on the associated disk directory (<dir_name>). This directory can be
mapped on a local disk or on a remote disk that has been mounted by the Network
File Server (NFS). The filename will have the format:
For example: tlvsnk_101123-15.21_fbackup.out
Important! The disk directory must already be specified in /etc/fstab using the
following syntax:
<directory> <mount-point> <type> <options> <backup frequency> <pass
number> [<comment>]
Example for a local directory:
nodeName:/bck_dir /bck_dir nfs rw,nolargefiles 0 0
Example for a remote directory:
/dev/vg01/lvol3 /bck_dir vxfs nolargefiles,delaylog 0 0
For more information about the syntax of fstab, refer the fstab man page.
• -o <option_list> specifies the command options, which can be one of the following:
noIRT | IRTonly
online | offline
One option, or none, can be selected from each pair:
– noIRT skips the IRT production.
– IRTonly makes only an IRT version.
Note: If the -a option is specified and the creation of the IRT is required, use
either of the following:
scbackup -a <dir_name> ... .
scbackup a <dir_name> -o IRT only ...
The scbackup does not provide a bootable tape; but, it does provide a bootable
ISO image that can be used to reproduce the current system configuration. (This
bootable image must be burned on a DVD.) The image is stored on the associated
disk directory (<dir_name>) with a filename that has this format:
For example: tlvsnk-101123_15.21_image.iso
– online forces the online backup.
– offline forces the offline backup.
• -d, which is for test purposes only, specifies that a dry-run is to be done. When -d is
specified, most checks are performed, but a tape is not written to. The -d option is not
available if the -a option is specified.
• -R specifies that a recovery is to be done. When -R is specified, a recovery from
previous disk mirroring errors occurs.
• -v specifies that a version is to be done. It prints the procedure version and exits.

5-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore scbackup Overview

• -h specifies that a short help page is to be displayed. It displays the page and exits.
• ARG, which are the command arguments, are as follows:
system specifies a system disk backup. Local application instances are ignored.
<name_version_id> specifies an application instance backup. More than one instance
can be specified.
<no arguments> specifies a local disk backup. The entire contents of the local disk
are backed up.
For backups of application instances, the command format, in its simplest form, is the
...,sys,root # scbackup instance_0 ... instance_n [Enter]
This command format produces a tape that contains the application instances that are
listed as command arguments. Each command argument has the following format:
The data for <name>_<version>_<id> can be retrieved with the following command:
scinstance -l
A shared instance backup is allowed only if the instance has status SMVI-SA, which is the
instance is active on its master system.
....sys,root # scbackup SDH_9.6.0_1 EML_9.6.0_1
This command line backs up two application instances; the tool automatically determines
if these instances should be backed up online or standard/offline.

1350 OMS 5-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Backup Strategies


Backup Strategies
Types of backups
The following types of backups can be done using scbackup:
• “Online backups” (p. 5-6)
• “Standard backups” (p. 5-6)

Online backups
Online backups are used to back up disks without having to shut down and reboot the
Online backups are typically performed during these scenarios:
• When the logical volumes to be backed up are mirrored and in a stable state; and, the
administrator does not select the offline option.
During this scenario, the administrator must stop all applications, the logical volumes
are split, the backup is performed, and the administrator is advised that the
applications can be restarted.
• When the user has forced an online backup using the online option, which overrides
the default.
During this scenario, the administrator must stop all applications that involve the
particular logical volumes. The applications can be restarted when the backup is

Standard backups
Standard backups, which are also referred to as offline backups, require the system to be
shut down and a reboot to occur when backing up the local disks. All applications are
stopped, either by a system shutdown or by a command.
A standard backup is performed during the following scenarios:
• At least one of the logical volumes to be backed up is not mirrored or its mirroring
state is not stable and the administrator has not selected the online option.
• The administrator has forced the backup using the offline option to override the

Instance backups
An instance backup is used to back up the Alcatel-Lucent TMN application data. All
application instances, local or shared, can be backed up. (Local instances can also be
backed up through the steps that are given in the “Run scbackup for a Local Disk or an
Application Instance Backup” (p. 5-24) task.)

5-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Backup Strategies

The steps to back up applications instances are those steps that are listed in “Run
scbackup for a Local Disk or an Application Instance Backup” (p. 5-24) task, unless the
following scenarios occur:
• An IRT is not made.
• The standard backup does not perform a system shutdown and reboot when the shared
instances have to be backed up. The backup only requires the applications to be shut
down while the backup is writing data to tape.
Refer to “scbackup syntax” (p. 5-3) for a detailed explanation of the command syntax to
use when backing up an application instance.
After the tool analyzes the options that are specified in the command line, it outputs a
display that is similar to the following:

The backup will be carried out with the following choices:

Ignite Recovery Tape (IRT) : -
System disk backup : No
Instances : SDH_9.6.0_1 EML_9.6.0_1
Time-out on tape changing : No
On-line / Off-Line Backup : Auto
Dry-run exec : No
Do you want to continue (y|n) ? :

1350 OMS 5-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Backup Tape Sets


Backup Tape Sets

When Backup Tape Sets Can Be Made
Backup tape sets can only be made if the –a option is not specified when the scbackup
command is executed.

Number and types of tape sets

Several tape sets can be written to back up the full system. We recommend using two
basic tape sets, plus another set for clustered systems that are in a data sharing
The recommended tape sets are the following:
• “First set: the IRT Set” (p. 5-8)
• “Second set: the fbackup set containing the entire local disk” (p. 5-8)
• “Third set: the fbackup set for the shared application instances” (p. 5-9)
Important! If both digital audio tape (DAT) and digital linear tape (DLT) devices are
available, the recommended tape sets can be created using these different types of tape
cassettes; meaning, a DAT tape can be used for the IRT set and DLT tapes for the other
sets. However, each set must be made up of just one type of tape cassettes.

First set: the IRT Set

The first tape set is the Ignite-UX Recovery Tape (IRT) set, which is typically created
online by Ignite-UX, with a reduced HP-UX OS, and run using one 4 GB tape. This set is
produced using the IRTonly option.
The IRT contains a reduced image of the HP-UX operating system and it can be used for
system reboot and a minimal installation. The IRT also contains a description of the local
disk configuration. Ignite-UX can read this configuration upon system installation to
rebuild the disk structure; however, Ignite-UX cannot manage the disk mirroring;
meaning, if the backed up system had mirrored disks, the mirroring must be rebuilt
manually on the recovered system.

Second set: the fbackup set containing the entire local disk
The second tape set is created by the fbackup tool and it contains the entire contents of
the local disk. This backup can be done online or offline. The tool can automatically
choose the most appropriate type of backup depending on the system configuration and
the status; however, the administrator can override any automatic choices.
Depending on the data size, more than one tape might be needed.

5-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Backup Tape Sets

Third set: the fbackup set for the shared application instances
The third, and optional, tape set is created by fbackup and it contains the contents of
disks where the shared application instances have been configured. This backup can be
done online or offline. The tool can automatically choose the most appropriate type of
backup depending on the system configuration and the status; however, the administrator
can override any automatic choices.
Depending on the data size, more than one tape might be needed.

Alternate tape set combination

An alternate tape set combination could include the following:
• “First set: the IRT Set” (p. 5-8)
• Alternate Second set: The system data set.
This set is similar to “Second set: the fbackup set containing the entire local disk”
(p. 5-8), but it does not include the backup of the local application instances.
• Alternate Third set: “Third set: the fbackup set for the shared application instances”
(p. 5-9).
This set contains the backup of all the application instances defined on the system,
both local and shared. This set can be split further in two subsets: one for local and
one for shared application instances.

1350 OMS 5-9
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Backup Restrictions and Requirements


Backup Restrictions and Requirements

fbackup restrictions
If the system that you are to back up has volume groups that are inactive or logical
volumes that are not mounted, the backup procedure displays warning messages that
these areas will not be backed up.
Important! We strongly recommend that you do not back up file systems that are
mounted using a path that contains a symbolic link because a recovery archive error can
occur during the restore.

Mirror Disk configuration rebuild restriction

After restoring the data, the restore procedure informs the user if the system was mirrored
at the backup time. The mirror rebuild is not managed directly by the restore tool, but it
must be activated separately. Refer to “Mirror Configurations” (p. 5-20).
For systems that are protected with Mirror/Disk UX, you can proceed with the full online
disk backup using the scbackup tool. After the disk restore is completed with screstore,
you can invoke scmirrorfs to rebuild the mirror configuration. With scmirrorfs, you must
specify the mirror disks to be used. Refer to “Run the scmirrorfs Tool to Set Up the
Mirrored Configuration” (p. 5-43) for details.

Console restriction
fbackup is executed in single user mode during the HP-UX boot phase.
Important! If you shut off the console terminal or disconnect the Web console during
the execution of fbackup, fbackup is interrupted and the backup does not complete.

Required disk space requirement

The Ignite-UX tool requires at least 128 Mbyte free in the file system where the /var
directory is located.

scbackup-screstore version incompatibility

The scbackup-screstore version 3.2 is compatible with the version 3.0 and newer
versions of the Alcatel-Lucent backup-restore; therefore, the tapes that were produced
with the version 3.0 and newer versions of scbackup-screstore can be used by version
3.2 and beyond.
Important! Label the new tapes correctly and separate them from the old tapes.

5-10 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Troubleshoot a Backup


Troubleshoot a Backup
Log files
The scbackup tool creates one log file that records all data that pertains to the entire

Full mirror faults

The check on the system full mirror can fail for the following reasons:
• At least one logical volume is not mirrored.
• At least one logical volume has a stale status.
The tool skips the online backup unless the administrator has forced the online backup
with the online option.

System crashes
If a system crash occurs during an online backup, the configuration of the original disk
must be recovered, which is done automatically at system start-up.

Split operation problems

If the applications have not been stopped, problems can occur during the split operation
of an online backup. The backup tool ends and automatically starts a recovery.

Time-out expiration
If the administrator started the backup with the -t option and does not fulfill a request for
a new tape cassette within the set time, the backup tool terminates and must be run again.
Should this scenario occur, backup can be run with the -o noIRT option, which skips the
creation of the IRT.

Any MERGE-DELETE problems are typically the cause of faulty disk mirroring. The
administrator should check the log file for errors and manually run the scbackup -R

Login messages
If problems occur at the end of a standard/offline backup, the fbackup tool displays
warning or error messages upon login. The administrator should check both types of
messages in the /SCINSTALL/log/scbackup.log file to determine the nature of the message
and/or the potential problem.
After a backup on tape, the following warning message can be ignored:
WARNING: unable to read a volume header.

1350 OMS 5-11
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Troubleshoot a Backup

With Error messages, check the /SCINSTALL/log/scbackup.log to determine the cause of
the errors. The tape set is not useful and the backup must be rerun.
To clear the messages from being displayed, remove the
/var/adm/fbackfiles/fbackup.msg file.

5-12 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Restore and screstore


Restore and screstore

Restore purpose
The restore tool is used to restore, on the same physical system, the complete contents of
the same physical system where the backup tapes as OS images have been made. Any
system restore on different hardware is not guaranteed.

Restore phases
The restore consists of the following phases:
• The first phase uses the IRT tape set or ISO image, and it recreates the Logical
Volume Manager (LVM) disk configuration of the local disks that exists at backup
time. In addition, it installs a minimal operating system that allows the system to be
booted from disk. This phase destroys the existing content of the local disks.
• The second phase recovers the contents of the local disks, which are typically grouped
in the volume group vg00. The administrator must run the screstore tool to complete
this phase.
• The third, and optional phase, recreates the volume groups for the shared instances
and recovers data on external disks. The administrator must run the screstore tool to
complete this phase.

screstore syntax
The command syntax for screstore is the typical format for a backup:
screstore [-a <dir_name>] [ARG] ...
-a <dir_name> specifies that the input of restore is a file that is stored on the associated
disk directory (<dir_name>) with the following name:
-v prints the version of the tool.
-o displays a short help file.
[ARG] are the command arguments for the application instances.
...,sys,root # screstore SDH_9.6.0.1
If an argument is not specified, the contents of the entire backup tape or ISO image is

1350 OMS 5-13
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Restore and screstore

IRT recovery
Note: If you performed a backup on a directory disk (using the –a option with the
scbackup command), the IRT is a DVD that contains the bootable ISO image.
The recovery of the Ignite-UX Recovery Tape (IRT), includes the following activities,
which are performed by booting the HP Integrity system from the IRT:
• Reconfiguration all of the hard disks in use, exactly as they were, at backup time.
• Restoration of a minimum HP-UX® operating system on the hard disks so the
frecover tool can be run.

Restoring shared instances

The restore for shared instances is performed the same way in which the restores are
performed for local disks; however, the file systems for these application instances are not
created in the first recovery step by Ignite-UX, so it becomes the responsibility of the
restore tool. Refer to Step 7 of the “Run screstore to Restore Data from the fbackup
Media” (p. 5-36) task for details.
Any shared instance can be restored to the system providing the following requirements
are met:
• The instance is displayed in the following command output:
scinstance l-
• The status of the instance is SMVI-SA
• The status of the instance is not SMVI-SA, but its volume group has not already been

5-14 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Troubleshoot a Restore


Troubleshoot a Restore
IRT rebooting errors
If Ignite-UX encounters errors during the recovery, output similar to the following is

ERROR: The disk at HW path: 0/0/1/1.2.0 was specified in the configuration

files but does not exist on the system. And since
allow_disk_remap=false, no attempt to find a substitute will be made.
Because of the error(s) above, the user-interface must be
used to correct them... Non-interactive install canceled.
Press Return to continue:
When the administrator presses Enter, Ignite-UX then outputs a display that is similar to
the following:

Hardware Summary: System Model: 9000/800/rp7400

+--------------------+---------------+------------------+ [Scan Again]
| Disks: 10 (113.9GB)| Floppies: 0 | LAN cards: 3 |
| CD/DVDs: 1 | Tapes: 1 | Memory: 2040Mb|
| Graphics Ports: 0 | IO Buses: 8 | CPUs: 4 | [H/W Details]
[ Install HP-UX ]
[ Run a Recovery Shell ]
[ Advanced Options
[ Read Sys-Admin Message ]
[ Reboot ] [ Help ]
This display indicates that something different exists in the system configuration that is
preventing Ignite-UX from performing the automatic recovery; therefore, to bypass the
problem, the administrator must run Ignite-UX manually.

No automatic reboot from the IRT

Occasionally, the machine does not reboot automatically from the IRT. It can stop for a
long time (more than 20 minutes), after the display of the following message:
NOTE: tlinstall is searching filesystem - please be patient
If the reboot does not occur automatically, the administrator can force the reboot by
entering the following command:

Scripts that fail during the reboot from the IRT

Because the IRT restores only a subset of entire HP-UX® operating system and nothing
of the particular 1350 OMS application, some errors can occur.
The following is a useless error message regarding some scripts/tools that have failed.
This type of message should be ignored:

Copy processor logs to /var/tombstones [FAILED]

1350 OMS 5-15
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Troubleshoot a Restore

Starting HP-UX Secure Shell [FAILED]
Start Kerberos V5 daemons [FAILED]
Start mail daemon [FAILED]
Starting RPC daemon if needed [FAILED]
Starting Alcatel License Daemon [FAILED]
* - An error has occurred!
* - Refer to the file /etc/rc.log for more information.

Console messages that are displayed during the reboot from the IRT
Because the IRT restores only a subset of entire HP-UX® operating system and nothing
of 1350 OMS application, errors can occur.
The following is a useless error message that occurs when the system is rebooted from the
restored disks. This type of message occurs because of the partial recovery that Ignite-UX
performs and because of the temporary inconsistency between the restored files and the
contents of /etc/inittab. The messages disappear after the recovery of the fbackup set;
and in general, output that is similar to the following display should be ignored:

INIT: Command is respawning too rapidly.

Will try again in 5 minutes.
Check for possible errors.
id: .....

screstore checks and messages

The media that is used as input during the restore process could be the following:
• A tape (one or more) or a DVD that is used as the IRT
• A tape (one or more) or an ISO image file that is generated by fbackup.
To prevent errors due to a media (tape or DVD) labeling mistake or a simple media swap,
the screstore tool performs initial checks before it starts the restoration of the file system.
If an inconsistency exists between the data that is present on the input media and the
system configuration, screstore outputs an error or warning message for the following
typical reasons:
• The IRT media (tape or DVD) and fbackup media (tape or ISO image file) were not
produced on the same system; meaning, media from different systems have been
The source of the media must be checked.
• The IRT and fbackup media were produced at different times and with different
system configurations, which means that the administrator is trying to restore an
fbackup media on a system in which the disk configuration is different from the target
file system, on a system that is not available, or on a system that is not large enough to
perform the restore.
The validity of the media must be checked.
• The input media is correct, but something was modified during the Ignite-UX
recovery process (interactive restore installation), or after the successful Ignite-UX
recovery and before the screstore process.
5-16 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Troubleshoot a Restore

If an inconsistency does occur, the screstore process must be stopped to determine and
correct the problem, then screstore must be rerun.

WARNING: Current host is different from...

Output similar to the following occurs when the input media is mixed up. Change the
fbackup media or restart the recovery from the beginning with the correct IRT.

WARNING: Current host is different from the one backed up.
Current host -> hosta
Backedup host -> hostb

ERROR: Volume group name...

When output that is similar to the following is displayed, a volume group configuration
mismatch has occurred; therefore, the IRT and fbackup input media must be verified for

ERROR: Volume group name "<volume group name>"
present on tape but not defined on system

WARNING: Volume group name...

When output that is similar to the following is displayed, a volume group configuration
mismatch has occurred; therefore, the IRT and fbackup input media must be verified for

WARNING: Volume group name "<vg_name>"
is present on tape but not ACTIVATED on system
When this warning is displayed, the volume group must be activated with the vgchange
vgchange -a y <Volume Group>

Error: Logical volume ...

When the following error message is displayed, the IRT and the fbackup input media
must be verified for consistency.

ERROR: Logical volume "<lv_name>"
present on tape but not defined on system
When the following error message is displayed, the logical volume must be mounted with
the mount <lv_name> <mount_point> command.
1350 OMS 5-17
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Troubleshoot a Restore

mount: /dev/vg00/lvol11 was either ignored or not found in /etc/

ERROR: Logical volume "<lv_name>"
has been created but not mounted on system
If the command succeeds, screstore must be rerun. If the command fails, the IRT and
fbackup input media must be verified for consistency.

WARNING: Different mount points...

When the following error message is displayed, the IRT and the fbackup input media
must be verified for consistency:

WARNING: Different mount points found for the Logical volume <lv_name>
actual mount point - > <act_mp>
tape mount point - > <tape_mp>

ERROR: The mount point...

When the following error message is displayed, the IRT and the fbackup input media
must be verified for consistency:

ERROR: Mount Point: <mount_point>
is not a directory

WARNING: The mount point...

When the following message is displayed, a nesting of the mount point directory has
occurred. You should have one or more empty directories; and if you do, you can proceed.
If you do not, check the contents of the directories.

WARNING: Mount Point: <mount_point>
is not an empty directory

WARNING: The file system mount:

When the following message is displayed, the IRT and fbackup input media were not
produced by the same execution of scbackup and not enough room exists to store the data
on the media.
Use the scextendfs command to extend the file system:
scextendfs <filesystem> <free Megabytes>

5-18 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Troubleshoot a Restore

WARNING: The file system mount on <mount_point>
has not enough free space:
to recover the logical volume
actual free space - > 500 Mb
required space - > 550 Mb

1350 OMS 5-19
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Mirror Configurations


Mirror Configurations
The scmirrorfs tool
The scmirrorfs tool is used to assign and/or reassign disks for the mirror copy of data.
This tool requires the administrator to enter the device names of the primary disk and the
alternate disk that must be used to store the mirror copy of the data. Use of the scmirrorfs
tool can possibly change the configuration.

Disk requirements
The following disk requirements apply:
• The administrator must know the names of the primary and the alternate disks that are
to be used in the mirror configuration.
• The disks that belong to the mirror copy disk do not have to be physically identical to
the main disk set.
• The amount of space on both disks must be sufficient to store all of the logical volume
that is currently defined.
• The disks that belong to the mirror copy disk set should not share the same SCSI bus
as the main disk. When the configuration script recognizes that the disk that is being
added to the mirror copy is connected to a SCSI bus that is already in use for the main
disk set, output similar to the following is displayed:
WARNING: Controller disk already used in “Main path (pvg0)"
Do you want to choose another disk ?
To guarantee the machine functionality if the disk controller fails, you must to choose
another disk that belongs to another chain.

5-20 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scdisk_read_check to Read and Check the Disk


Run scdisk_read_check to Read and Check the Disk

When to use
Use this task to run scdisk_read_check to read and check the disk before you run

Related information
See the following topic in this document:
• “Backup and Restore Overview” (p. 5-2)

Before you begin

Because the online backup determines if a full mirrored/stable disk configuration is
present and, providing the offline backup is not-selected, splits the logical volumes to
prepare the data for the online backup from the mirrored disks, it can call attention to a
latent disk problem; therefore we suggest that you run the scdisk_read_check tool,
which reads and checks the disk prior to running scbackup.
Important! Some disk failures can cause commands to go into endless loops that can
only be terminated by the first reboot of the system.

Complete the following steps to run the scdisk_read_check tool, which reads and checks
the disk.

1 Log in to the system in which the backup is to be performed as root.

Result: You now have superuser privileges.

2 Enter the following command to initialize the tool:

...,sys,root # scdisk_read_check [Enter]
Result: The scdisk_read_check tool shows you the disk that is being read and
scanned so you can identify certain areas if a failure is found.

=><date/time stamp>
=>START: OSConf Disk Read check
--- Disk read check for Volume Group: /dev/vg00 ---
Note: record size is 64 MByte
<date/time stamp> Start read check of disk c2t5d0
Disk Size 8678 MByte (note: must be check 135 records)
135+1 records in
135+1 records out
real 8:28.0
user 0.0
sys 3.5

1350 OMS 5-21
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scdisk_read_check to Read and Check the Disk

<date/time stamp> End successfully
=><date/time stamp>
=>END: OSConf Disk Read check
...,sys,root #
If the tool executes successfully, you can proceed with the backup.
Important! If the tool issues I/O errors or if it gets stopped (CPU activity does not
occur for the process), a hardware problem exists. Correct the problem before you
proceed with the backup.

5-22 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Perform a Tape Check


Perform a Tape Check

When to use
Use this task to perform a tape check using scbackup without the -a option.

Related information
See the following topic in this document:
• “Backup and Restore Overview” (p. 5-2)

Before you begin

Do not use this task if you have used the -a option during the execution of the scbackup

Complete the following steps to perform a tape check.

1 Log in to the system in which the backup is to be performed as root.

Result: You now have superuser privileges.

2 Enter the following command to perform the tape check:

...,sys,root # ls /dev/rmt [Enter]
Result: The command output is displayed.

3 Visually verify that the /dev/rmt exists and that it is not empty.

1350 OMS 5-23
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scbackup for a Local Disk or an Application Instance

Run scbackup for a Local Disk or an Application Instance

When to use
If you are not using the -a option of the scbackup command, use this task to run the
scbackup tool to run a local disk backup or an application instance backup using a tape as
the output media.
Important! If you are using the -a option of the scbackup command, do not use this task;
use the “Run scbackup Using a Disk Directory as the Supporting Output Media”
(p. 5-29) task.

Related information
See the following topics in this document:
• “Backup and Restore Overview” (p. 5-2)
• “Backup Restrictions and Requirements” (p. 5-10)
• “Troubleshoot a Backup” (p. 5-11)
• “Mirror Configurations” (p. 5-20)

Before you begin

This task could take 2 hours to perform. Make sure that you have sufficient time and that
you are available to answer all tool prompts.
The scbackup tool has a 60 minute default for a time-out on the tape request; meaning,
the tool asks you to insert a new tape and you have 60 minutes to insert a new tape. When
you invoke the tool, you can change or disable this time-out period by using the -t option
on the command line:
...,sys,root # scbackup -t <minutes>
To increase the time out to 180 minutes, you would enter the following command line:
....sys,root # scbackup -t 180
To disable the time out to 0 minutes, you would enter the following command line:
...,sys,root # scbackup -t 0

Complete the following steps to run the scbackup tool using a tape as the output media.

1 Log in to the system in which the backup is to be performed as root.

Important! The root password is saved in the IRT. This password will be needed during
recovery time. Do not forget this password.

5-24 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scbackup for a Local Disk or an Application Instance
Result: You now have superuser privileges.

2 Enter the following command to initialize the scbackup tool:

...,sys,root # scbackup [Enter]
Important! This command syntax is the simplest form of the command. It produces an
IRT tape set and backs up the local disks, which are typically the local disks that are in
volume group vg00. Refer to “scbackup syntax” (p. 5-3) for the complete syntax of the
command and variations on the backup. In addition, to back up an application instance,
refer to “Instance backups” (p. 5-6) for details and “scbackup syntax” (p. 5-3) for the
complete syntax of the command.
Result: After the tool analyzes the options that you specified in the command line, it
outputs a display that is similar to the following:

The backup will be carried out with the following choices:

Ignite Recovery Tape (IRT) : Yes
System disk backup : Yes
Instances : EML_9.6.0_1 MW_INT_9.6.0.1
Time-out on tape changing : No
On-line / Off-Line Backup : Auto
Dry-run exec : No
Do you want to continue (y|n) ? :

3 At the following prompt, answer y for yes:

Do you want to continue (y|n) ? : y
Result: The tool prompts you to enter the tape device that is to be used for writing the

4 If the IRT is to be created, enter the tape device that is to be used for writing the IRT and
press Enter, or press Enter to select the file that is displayed:
Enter tape device for Ignite <default=<tape device>>:
<tape device> [Enter]
Enter tape device for Ignite <default=<tape device>>:
/dev/rmt/0m [Enter]
Important! The tape device must be of type NO-REWIND. In addition, its name must be
in the format of the following:
Where: x is a digit from 0 to 9.

1350 OMS 5-25
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scbackup for a Local Disk or an Application Instance
Result: The tool prompts you to mount a tape in the tape drive.
Please insert a tape labelled 'Ignite' into device <tape_
Press [Enter] when ready.

5 Mount an unprotected tape cassette and wait until the drive light stops blinking.

6 When the blinking light stops blinking and the device light becomes stable, press Enter to
create the IRT:
Result: The creation of the IRT can take up to 40 minutes. Any error that is detected
aborts the execution of the tool. The tool outputs the status of the execution on your
When the IRT completes without errors, the following message is displayed:

Please, label the Ignite Recovery Tape as:
<host> - Ignite Bootable - <date> <time>

7 Enter the following command lines to print vital information regarding the contents of the
tape. This step is imperative because this information can be useful if a disk failure
...,sys,root # vgdisplay -v [Enter]
...,sys,root # scextendfs -i [Enter]
Result: The system outputs vital information regarding the contents of the tape.

8 Label the tape properly, remember the root password that was staved in the IRT, and store
the printout containing the output of the vgdisplay and scextendfs commands with the
Result: Once the tool completes the creation of the IRT, it prompts you for the
HP-UX® device file for the fbackup.

9 Enter the tape device that you want to use to back up the entire disk and press Enter, or
press Enter to select the file that is displayed:
Enter tape device for Fbackup <default=<tape_device>>:
<tape device> [Enter]

5-26 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scbackup for a Local Disk or an Application Instance
Enter tape device for Fbackup <default=<tape device>>:
/dev/rmt/0m [Enter]
Important! The tape device must of type NO-REWIND. In addition, its name must be in
the format of the following:
Where: x is a digit from 0 to 9.
Result: The tool verifies that all logical volumes that are going to be backed up are
correctly mounted on the system. In addition, the tool determines if the system should
be backed up online or offline. The system choice can be overridden by using the
option -o. Note: the tool tries to guarantee the consistency of the backed up data; so,
we suggest that you do not override the system choice.

10 For an online backup...

If disk splitting is to occur, stop all applications and be present to answer all prompts
that the tool outputs.
One of the copies of the logical volume is removed from the mirror and is used for the
backup. When the disk splitting is completed, the tool prompts you to restart the
applications. Upon backup completion, the logical volumes are automatically reduced,
that is the disk copies are removed from the mirror system for backup, they are put back,
and the mirror is restored to its normal state.
If disk splitting is not to occur, stop all applications and be present to answer all
prompts that the tool outputs. When the backup completes, the tool prompts you to restart
the applications.
For a standard (offline) backup...
When the tool prompts you to stop the applications and to continue with the backup, you
must answer Yes or the backup aborts. The tool continues to prompt you to establish a
grace period (in minutes) in which the user can use to log off the system before it shuts
down. If you press Enter without setting a grace time, the system reboots immediately.
After the system shutdown, you must connect to the system console to follow the backup
execution. If the backup fails, you are notified of the backup failure upon login.
For all types of backups...
Important! You must always be present during a backup to answer the prompts that the
tool outputs. Prompts include when to start and stop applications and requests to remove
the current tape and insert a new one. By default, the tool can wait for an indefinite
amount of time for a new tape; therefore, an unattended backup can virtually last forever.
In addition, the tool does not check the contents of the inserted cassette tape. Any data
that has previously been written on a tape is overwritten and lost. Use only new and/or
scratch tapes.

1350 OMS 5-27
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scbackup for a Local Disk or an Application Instance
Result: The tool outputs the following:

Please, label the tape volume(s) as:
<host> - Fbackup Volume i of <n>
<date/time stamp> - local full

11 Remove and label the tape appropriately.


12 View the results of the backup by accessing the following file:


5-28 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scbackup Using a Disk Directory as the Supporting
Output Media

Run scbackup Using a Disk Directory as the Supporting Output

When to use
If you are using the -a option of the scbackup command, use this task to use a disk
directory as the output media when running scbackup command.

Related information
See the following topic in this document:
• “Backup and Restore Overview” (p. 5-2)

Before you begin

Use this task if you have used the -a option and you cannot run scbackup for a local disk
or an application instance backup.

Use this task to use a disk directory as the output media when running scbackup

1 Log in to the system in which the backup is to be performed as root.

Important! The root password is saved in the IRT. You will need this password during
recovery time. Do not forget this password.
Result: You now have superuser privileges.

2 Optional: To optimize the tool's behavior and to reduce execution time, use the
excluded-list file(s) to specify the application files and directories that are to be excluded
from the backup. The application files and the directories will be backed up by the
application specific tools.
You can have more than one excluded-list file; but, all of the excluded-list files have to be
stored in the /sbin/SC_ExcludeFiles directory, which is created automatically during the
1350OMS-MW_OS installation.

3 Enter the following command to initialize the scbackup tool:

..., sys, root # scbackup -a <dir_name> [Enter]
Where: <dir_name> is the path of the disk directory where scbackup output will be
Important! This command syntax is the simplest form of the command. It produces an
IRT ISO image file and backs up the local disks, which are typically the local disks that
are in volume group vg00. Refer to “scbackup Overview” (p. 5-3) for the complete syntax
1350 OMS 5-29
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scbackup Using a Disk Directory as the Supporting
Output Media
of the command and variations on the backup. In addition, to back up an application
instance, refer to “Instance backups” (p. 5-6) for details on how to perform a backup on a
particular instance of an application.
Result: After the tool analyzes the options that you specified in the command line, it
outputs a display that is similar to the following:

The backup will be carried out with the following choices:

Ignite Recovery Tape (IRT) : Yes
System disk backup : Yes
Instances :
Time-out on tape changing : No
On-line / Off-Line Backup : Auto
Dry-run exec : No
Directory archive on disk :<dir_name>
ATTENTION: You are using the following REMOTE disk directory:
Do you want to continue (y|n) ? :

4 When the system prompts you to continue, answer y for yes:

Do you want to continue (y|n) ? : y
Result: The tool starts to create an IRT ISO image file that has the format:
When the IRT ISO image file creation completes without errors, a message similar to
the following is displayed:

ISO Image creation: "/bck_test/tlvsnk-110728_14.52_image.iso"
Bootable ISO Image procedure ended
Press <Enter> to continue...

5 At the following prompt, press Enter to continue:

Press <Enter> to continue...: Enter
Result: The tool continues to save the application files.
When the preliminary checks are finished, the following message is displayed:

ATTENTION: You are going to perform the standard system backup, but
this requires a system SHUTDOWN-REBOOT.
5-30 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scbackup Using a Disk Directory as the Supporting
Output Media
ATTENTION: It is better to stop applications before shutting down the system,
Please, do it before answering 'YES' next question.
WARNING: Answering "NO" to the following question, will terminate the backup
Continue with system SHUTDOWN & REBOOT (y|n) ? :

6 At the following prompt, answer y for yes:

Continue with system SHUTDOWN & REBOOT (y|n) ? : y
Result: The tool starts with to shut down and reboot the system.
At some point during the boot sequence, user files are backed up. A message similar
to the following is displayed:
BACKUP: writing on file "/bck_test/tlvsnk-110728_14.55_
The tool verifies that all logical volumes that are going to be backed up are correctly
mounted on the system. In addition, the tool determines if the system should be
backed up online or offline. The system choice can be overridden by using the option
-o. Note: the tool tries to guarantee the consistency of the backed up data; so, we
suggest that you do not override the system choice.
When the ISO image that contains the creation of the user files completes without any
errors, a message similar to the following is displayed:
OFF-LINE backup.............................................
The backup is completed and the reboot sequence continues until the end.

7 For an online backup:

If disk splitting is to occur, stop all applications and be present to answer all prompts that
the tool outputs.
One of the copies of the logical volume is removed from the mirror and is used for the
backup. When the disk splitting is completed, the tool prompts you to restart the
applications. Upon backup completion, the logical volumes are automatically reduced;
that is, the disk copies are removed from the mirror system for the backup, they are put
back, and the mirror is restored to its normal state.
If disk splitting is not to occur, stop all applications and be present to answer all prompts
that the tool outputs. When the backup completes, the tool prompts you to restart the

8 For a standard (offline) backup:

1350 OMS 5-31
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run scbackup Using a Disk Directory as the Supporting
Output Media
When the tool prompts you to stop the applications and to continue with the backup, you
must answer Yes or the backup aborts. The tool continues to prompt you to establish a
grace period (specified in minutes) in which you can use to log off the system before it
shuts down. If you press Enter without setting a grace period, the system reboots

9 View the results of the backup by accessing the following file:


5-32 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Verify the Readability of the fbackup Tape


Verify the Readability of the fbackup Tape

When to use
Use this task to verify the readability of the fbackup tape.
Important! If you are using the -a option of the scbackup command, you cannot use this

Related information
See the following topics in this document:
• “Backup and Restore Overview” (p. 5-2)
• “Backup Restrictions and Requirements” (p. 5-10)
• “Troubleshoot a Backup” (p. 5-11)

Before you begin

You cannot use this task if you have specified the -a option of the scbackup command.

Complete the following verify the readability of the fbackup tape.

1 Log in to the system as root user.

Result: You now have superuser privileges.

2 Mount the first tape in the tape drive.


3 Enter the following command to read the tape:

..., sys,root # /usr/sbin/frecover -rvN -f /dev/rmt/ <tape
device> [Enter]
Result: The command reads the tape. If the command does not display any I/O errors,
the tape is readable.

4 Repeat steps 2 and 3 for every tape that was made during the backup.

1350 OMS 5-33
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Boot from the IRT


Boot from the IRT

When to use
Use this task to boot from the Ignite-UX Recovery Tape (IRT).
Important! If you have specified the -a option of the scbackup command, the IRT will
be a DVD instead of a tape.

Related information
See the following topics in this document:
• “Backup and Restore Overview” (p. 5-2)
• “Restore and screstore” (p. 5-13)
• “Troubleshoot a Restore” (p. 5-15)

Before you begin

This task does not have any preconditions.

Complete the following steps to boot from the IRT.

1 Switch off the machine.


2 Connect a tape drive that is compatible with the IRT to the system.

3 Insert the IRT into the drive (tape or DVD).


4 Switch on the system.

Result: The following message is displayed:
To discontinue, press any key within 10 seconds.

5 Press any key to get the console main menu.


6 Enter the following command to view the device where the IRT was inserted.
Result: The system displays information that is similar to the following:

Path# Device Path (dec) Device Path (mnem) Device Type and Utilities Rev
----- ----------------- ------------------ ------------------------- ----

5-34 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Boot from the IRT

P0 0/0/2/0.0 ide.0 Random access media 1
P1 0/1/1/0.1 intscsia.1 Sequential access media 1
P2 0/1/1/0.0 intscsia.0 Random access media 1
P3 0/1/1/1.5 intscsib.5 Random access media 1
P4 0/1/1/1.4 intscsib.4 Random access media 1
P5 0/1/1/1.3 intscsib.3 Random access media 1
Important! A tape device is always referred to as Sequential access media. A DVD
device is always referred to as Ide.0.

7 Enter the following command to boot from the device where the IRT is inserted:
boot <device_path_number>
Where: device_path_number is the path number that corresponds to one of the device
types (tape or DVD) that is listed in the Results of Step 6.
boot P1

8 At the following prompt, enter N (for No) so you do not interact with the IPL:
Interact with IPL (Y, N or C) > N
Result: The machine begins to boot from the device where the IRT is inserted.
Output similar to the following is displayed:

HARD Booted
ISL Revision ......
ISL Booting hpux (;0) INSTALL
...: tape (...
If the boot starts correctly, the ISL prompt is not displayed after 3 minutes. Ignite-UX
performs the recovery of the LVM disk structure and the HP-UX® OS in a minimum
configuration. You do not have to enter any commands; you only must check the
output for error messages.
The IRT reboots the system twice. The recovery from the IRT can take up to 90
minutes, depending on the system model. Wait until the end of the second reboot.
If the boot does not start successfully, go to “IRT rebooting errors” (p. 5-15).
If the machine does not reboot automatically, go to “No automatic reboot from the
IRT” (p. 5-15).

1350 OMS 5-35
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run screstore to Restore Data from the fbackup Media


Run screstore to Restore Data from the fbackup Media

When to use
Use this task to run the screstore tool to restore data from the fbackup tapes or by using
a directory as the input source.

Related information
See the following topics in this document:
• “Backup and Restore Overview” (p. 5-2)
• “Restore and screstore” (p. 5-13)
• “Troubleshoot a Restore” (p. 5-15)

Before you begin

You can perform this task using one of two methods:
• By using a tape, which is explained in “Task 1: Using a Tape” (p. 5-37).
• By using a directory, which is explained in “Task 2: Using a Directory” (p. 5-40).
Perform this task from the console or from a terminal that is connected to the system
video output. Do not perform this task on an open network session because if you are
disconnected from the network, the restore would not have any recovery procedure and
the restoration would have to be started from the beginning.
Do not log in with the GoGlobal-UX tool. This tool is not available.
When the tool outputs warnings and error messages during the restore process, output that
is similar to the following is displayed:

NOTE: Restore device check issued some warnings.
Restoring from this <device> could result in a wrong system
Please, verify carefully each warning before answering
the following question.
Do you want to continue with restore (y|n) ? :
Where: <device> will be:
• tape for an screstore from a tape device
• disk archive for restore from an ISO image file
Refer to “Troubleshoot a Restore” (p. 5-15) and analyze the warnings; and, if necessary,
correct any problems before you answer y to continue the restoration.

5-36 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run screstore to Restore Data from the fbackup Media

Task 1: Using a Tape
Complete the following steps to run the screstore tool to restore data from the fbackup

1 Log in as root using the same password that was active when the backup was done.
Result: You now have superuser privileges.
After restoring the IRT, only the system is restored, which means that not all of the
required files are currently available; therefore, messages such as the following are
displayed. Ignore these messages because they disappear when the restoration is
Cannot chdir to /var/news
cat: Cannot open /SCINSTALL/data/boot_version*: No such file
or directory

2 Optional: If you must complete any preliminary tasks on the system before you activate
the restore, create a command file called screstore_init in the SCINSTALL/etc directory
that can be executed before the frecover.

3 Enter the following command to invoke the screstore tool and to start the restoration:
..,sys,root # screstore [Enter]
Important! This command is shown in its simplest form. Refer to “screstore syntax”
(p. 5-13) for the complete syntax of this command.
Result: The tool prompts you to enter the file that has to be used for the restoration:

Selection of Tape device
Enter tape device for Frecover <default=<tape device>>

4 At the following prompt, enter the HP-UX® file that is associated with the tape device
that you want to use for the fbackup tape set and press Enter, or press Enter to select the
file that is displayed:
Enter tape device for Frecover <default=<tape device>>
<directory/filename> [Enter]
Enter tape device for Frecover <default=<tape device>>
/dev/rmt/0m [Enter]

1350 OMS 5-37
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run screstore to Restore Data from the fbackup Media

Result: The tool prompts you to mount the first tape of the fbackup tape set.

5 Mount the first tape cassette into the tape device, wait until the tape device is ready, and
press Enter to start:
Result: The tool outputs the expected tape label and asks you to verify it to the tape
that you are have just mounted.

6 If the labels match, specify y to continue.

If the labels do not match, specify n to stop the restoration/recovery.
Result: The recovery procedure continues to check the tape consistency, volume
groups, and logical volumes that are to be restored. If any check fails and the error is
not recoverable, the tool aborts or displays a warning message. When all checks are
completed, the recovery procedure prompts you to continue.
When performing an instance restore, the tool checks the instances that are found on
the tape BEFORE it checks the volume groups. If the mount point for file system of
an instance is not found in the systems, the tool outputs a similar warning and asks
you if you want it to create the mount point. The tool outputs this type of message for
every missing mount point. If you are performing an instance restore, go to Step 7.
Important! Read the warning messages that the tool outputs during this phase and
answer y to continue only if you are sure that the warning messages are meaningless
to your configuration.

7 For an instance restore only, enter y when the tool outputs a display similar to the
following to create mount points:

The mount point <mount point>

does not exist. The procedure will try to create it
Do you want the procedure to create the missing mount point (y|n) ?
Result: The tool invokes the scextends routine, which detects the available hardware
and prompts you to create the instance volume group on an external disk device that it
discovers. If the choice that is discovered is suitable to you, answer y and scextendfs
continues to create the needed mount points.

8 If the tool determines that you must change the run level, stop all TMN applications and
specify y for yes when the tool prompts you to go to run level 3:
Are you ready, system go to run level 3 (y|n) ? : y
Result: The recovery begins.
Important! Be present during this phase of the recovery because you might have to
load/remove tapes.

5-38 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run screstore to Restore Data from the fbackup Media


9 Mount the next tape when the following message is displayed:

Please MOUNT next TAPE Volume
Result: Once the tape is mounted, the tool outputs a message that is similar to the
message: frecover(5404): Press return when the next volume is
ready on /dev/rmt/0m:

10 Press Enter to continue:

Result: The tool continues to output messages such as the following, which you can
frecover(1075): moved emsagent to emsagent.2510 since it was
executing. Remove emsagent.2510 when done.
If you mount the wrong tape, go to Step 11 and note that the tool outputs a message
that is similar to the following:

frecover(5423): incorrect volume mounted;

frecover(5424): expected volume 1, and got 2
frecover(5433): Do you wish to continue using this volume?([yY]/[nN]) n
frecover(5412): Do you wish to try to salvage this volume?([yY]/[nN]) n
frecover(5411): Do you wish to try a different volume? ([yY]/[nN]) y

11 If you mounted the correct tape, the frecover has ended. See the Results in Step 12.
If you mounted the incorrect tape, mount the correct tape now (after the previous message
appears), and then press Enter. Go to Step 12.

12 If you initially mounted the incorrect tape and have since mounted the correct tape or if
you initially entered the correct tape, the frecover tool has ended.
Result: The frecover tool has ended successfully. If the system was mirrored at the
backup time, the procedure reminds you to rebuild the disk mirroring using the
scmirrorfs when ends.

13 If you need to rebuild the mirror, activate the scmirrorfs tool.


14 Press Enter to continue.

1350 OMS 5-39
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run screstore to Restore Data from the fbackup Media

Result: The Physical Group Volume 0 is created to restore the volume groups and the
tool informs you that the system must be restarted for full functionality. In addition, it
prompts you to specify a grace time for the user to log off before a system shut down

15 At the following prompt, enter the grace time for the user's log off in minutes or press
Enter for an immediate shut down

Enter the grace time for user's logoff before shutting down or
press [Enter] for immediate shutdown
Grace time (in sec.) >

16 After the system restart, restore the Alcatel-Lucent TMN applications data following the
appropriate, if any, recovery procedure and you can start up all applications.

Task 2: Using a Directory

Complete the following steps to run the screstore tool using a disk directory as the input.

1 Log in to the system in which the backup is to be performed as root.

Result: You now have superuser privileges.

2 Optional: If you must complete any preliminary tasks on the system before you activate
the restore, create a command file called screstore_init in the SCINSTALL/etc directory
that can be executed before the frecover.

3 Enter the following command to invoke the screstore tool:

..,sys,root # screstore -a <directory> [Enter]
Where: <directory> is the path of the disk directory where is stored the ISO image file to
use as input for this tool.
Important! This command is shown in its simplest form. Refer to “screstore syntax”
(p. 5-13) for the complete syntax of this command.
Result: The tool outputs the expected tape label.

4 When the tool outputs the expected tape label, it then asks you to verify it to the tape that
you are have just mounted.
If the ISO image file labels match, enter y to continue:
5-40 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run screstore to Restore Data from the fbackup Media

Is the label OK (y|n) ? : y
If the ISO image file labels do not match, enter n to stop the restoration/recovery:
Is the label OK (y|n) ? : n
Result: The recovery procedure continues to check the tape consistency, volume
groups, and logical volumes that are to be restored. If any check fails and the error is
not recoverable, the tool aborts or displays a warning message. When all checks are
completed, the recovery procedure prompts you to continue.
When performing an instance restore, the tool checks the instances that are found on
the tape BEFORE it checks the volume groups. If the mount point for the file system
of an instance is not found in the system, the tool outputs a similar warning and asks
you if you want it to create the mount point. The tool outputs this type of message for
every missing mount point. If you are performing an instance restore, go to Step 5.
Important! Read the warning messages that the tool outputs during this phase and
answer y to continue only if you are sure that the warning messages are not applicable
to your configuration.
The frecover tool ends successfully. If the system was mirrored at the time of the
backup, the procedure reminds you to rebuild the disk mirroring using the scmirrorfs
when it ends.

5 For an instance restore only, enter y when the tool outputs a display similar to the
following to create mount points:

The mount point <mount point>

does not exist. The procedure will try to create it
Do you want the procedure to create the missing mount point (y|n) ?
Result: The tool invokes the scextends routine, which detects the available hardware
and prompts you to create the instance volume group on an external disk device that it
discovers. If the choice that is discovered is suitable to you, answer y and scextendfs
continues to create the needed mount points.

6 If you need to rebuild the mirror, run scmirrorfs.


7 Press Enter to continue.

Result: The Physical Group Volume 0 is created to restore the volume groups and the
tool informs you that the system must be restarted for full functionality. In addition, it
prompts you to specify a grace time for the user to log off before a system shut down

8 At the following prompt, enter the grace time for the user's log off in minutes or press
Enter for an immediate shut down

Enter the grace time for user's logoff before shutting down or
1350 OMS 5-41
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run screstore to Restore Data from the fbackup Media

press [Enter] for immediate shutdown
Grace time (in sec.) >

9 After the system restart, restore the Alcatel-Lucent TMN applications data following the
appropriate, if any, recovery procedure and you can start up all applications.

5-42 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run the scmirrorfs Tool to Set Up the Mirrored Configuration


Run the scmirrorfs Tool to Set Up the Mirrored Configuration

When to use
Use this task to run the scmirrorfs tool to set up the mirrored disk configuration. This
task requires you to enter the device names of the primary disk and the alternate disk that
must be used to store the mirror copy of the data.

Related information
See the following topics in this document:
• “Mirror Configurations” (p. 5-20)
• “Troubleshoot a Restore” (p. 5-15)

Before you begin

Read “Mirror Configurations” (p. 5-20) carefully before you begin this procedure.

Complete the following steps to set up the mirrored disk configuration.

1 Log in as root using the same password that was active when the backup was done.
Result: You now have superuser privileges.

2 Enter the following command to invoke the scmirrorfs tool:

..,sys,root # scmirrorfs vg00 [Enter]
Result: The tool outputs a display that is similar to the following:

=><date/time stamp>
=>START: OSConf File(s) System Mirroring
Hardware detection in progress, please wait ........
Total disk(s) found = 6
Total CDRoms found = 1
Press [Enter] to continue...

3 Press the Enter key to continue with the mirror copy of the data.
Result: The tool displays output that is similar to the following. Note the entry for

Disks Selection
Mirroring need Alternate Boot disk on Volume Group:"vg00"
Device MByte Hardware Path Usage Type VolGroup

1350 OMS 5-43
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run the scmirrorfs Tool to Set Up the Mirrored Configuration

c1t2d0 8680 0/0/1/1.2.0 Pri_Boot _Main_ vg00
c2t2d0 8680 0/0/2/0.2.0 _(free)_ ______ __
c4t8d0 8680 0/4/0/0.8.0 _(free)_ ______ __
c4t9d0 8680 0/4/0/0.9.0 _(free)_ ______ __
c5t12d0 8680 0/7/0/0.12.0 _(free)_ ______ __
c5t13d0 8680 0/7/0/0.13.0 _(free)_ ______ __

4 At the following prompt, enter the name of an alternative device from which to boot:
Select Alternate BOOT dev name or [q] to quit: <device name>
Result: The tool displays output that is similar to the following. Note the entries for
Pri_Boot and Alt_Boot.

Disk Selection
Device MByte Hardware Path Usage Type VolGroup
c1t2d0 8680 0/0/1/1.2.0 Pri_Boot _Main_ vg00
c2t2d0 8680 0/0/2/0.2.0 _(free)_ ______ __
c4t8d0 8680 0/4/0/0.8.0 Alt_Boot Mirror vg00
c4t9d0 8680 0/4/0/0.9.0 _(free)_ ______ __
c5t12d0 8680 0/7/0/0.12.0 _(free)_ ______ __
c5t13d0 8680 0/7/0/0.13.0 _(free)_ ______ __
Confirm selection of device "<device name>"

5 At the following set of prompts, enter y to confirm the selection of the alternate device
from which to boot:
Confirm selection of device <device name>.
Press [y] for yes, [n] for no or [q] to quit, then press [Enter] y
Result: The tool displays output that is similar to the following. Extraneous lines have
been deleted for ease of reading/use.

NOTE: Updating of LVM physical volume group information file

NOTE: Set Logical Vol allocation policy to "PVG-strict" x select Volume
NOTE: Preparation of Mirroring Volume Group: "vg00"
NOTE: Mirroring all Logical Volume of Volume Group: "vg00"
=><date/time stamp>
....... Mirroring Logical Volume:"/dev/vg00/lvol1",
with Allocation policy "contiguous"
=><date/time stamp>
....... Mirroring Logical Volume:"/dev/vg00/lvol10"
NOTE: Check /etc/lvmrc ..... =><date/time stamp>
NOTE: Set Alternate Boot Hardware Path to disk:"c4t8d0"
=><date/time stamp>

5-44 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run the scmirrorfs Tool to Set Up the Mirrored Configuration

=>END: OSConf File(s) System Mirroring
Restore Warning and/or Error Messages

6 If you receive any restore warnings or error messages, see “Troubleshoot a Restore”
(p. 5-15) for details.

1350 OMS 5-45
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
System Backup and Restore Run the scmirrorfs Tool to Set Up the Mirrored Configuration


5-46 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
6 Mirror Disks

This chapter provides the 1350 OMS system administrator with the conceptual
information and the associated tasks that pertain to mirrored disks.


Mirrored Disk Overview 6-2

Install the Mirror Disk/UX 6-4
Configure Disk Fault Protection with Mirror Disk/UX® 6-6

1350 OMS 6-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Mirror Disks Mirrored Disk Overview


Mirrored Disk Overview

Mirrored Disk purpose
Mirror disks have two main purposes in the 1350 OMS system configuration:
• Mirrored disks enable the 1350 OMS to remain operational if a single disk fails.
• Mirrored disks enable the 1350 OMS to remain operational if a single disk controller
Mirrored disk configurations, along with the recommended Alcatel-Lucent software and
hardware configuration, afford the best high availability protection; therefore, we urge
administrators to follow the recommendations made.
Note: The new HP Integrity servers rx2660 and rx6600 can be equipped with the HP
Smart Array P400. In these configurations, the mirror disk is not required because the HP
S.A. P400 provides RAID 1 protection at the hardware level, providing the same level of
fault tolerance and improving performance.
Mirror disk installation and configuration is still required on the HP9000 and HP Integrity
servers without HP S.A. P400, such as the rx7640.
To determine if your HP Integrity server is equipped with a HP S.A. P400, enter the
following command:
…,root,sys # ioscan –kdciss
When the HA S.A. P400 is present, a line like this will be shown:

H/W Path Class Description

0/3/0/0/0/0 ext_bus PCIe SAS SmartArray P400 RAID Controller

Mirrored disk configuration methods

The configuration of fault disk protection with the Mirror Disk/UX® can be performed as
part of one of the following methods:
• As part of the initial system installation, which automatically executes disk mirroring
for the entire file system.
• As part of the system restoration from a full disk backup, which is explained in the
“Run the scmirrorfs Tool to Set Up the Mirrored Configuration” (p. 5-43) task and in
the “Configure Disk Fault Protection with Mirror Disk/UX®” (p. 6-6) task.
• As part of a new disk mirror configuration, which is explained in the “Install the
Mirror Disk/UX” (p. 6-4) task.

Mirrored disk configuration example

It is critical for administrators to be able to identify the hard disks that are present in a
configuration and how they are connected to the system box. This information is hidden
in the disk hardware path. The fist dot (“.”) in the hardware path distinguishes the

6-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Mirror Disks Mirrored Disk Overview

In the following example, two different buses are shown: 0/5/1/0/4/1 and 0/5/1/0/4/0.
Each one has three disks connected.

Disks Selection
Device MByte Legacy Harware Path Usage Type VolGroup
disk17 140000 0/5/1/0/4/1.2.0 Pri_Boot _Main_ vg00
disk18 140000 0/5/1/0/4/1.1.0 _(free)_ ______ _______
disk19 140000 0/5/1/0/4/1.0.0 _(free)_ ______ _______
disk20 140000 0/5/1/0/4/0.2.0 _(free)_ ______ _______
disk21 140000 0/5/1/0/4/0.0.0 _(free)_ ______ _______
disk22 140000 0/5/1/0/4/0.1.0 _(free)_ ______ _______
Press [Enter] to continue...
The best mirror disk configuration, including controller fault resilience, is as follows:
disk17, disk18, and disk19 as Main units.
disk20, disk21, and disk22 as Copy units.

1350 OMS 6-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Mirror Disks Install the Mirror Disk/UX


Install the Mirror Disk/UX

When to use
Use this task to install the Mirror Disk/UX software.
Important! Mirror Disk/UX is usually installed by Alcatel-Lucent installation tools,
along with the HP-UX operating system; however, if you must install Mirror Disk/UX,
use this task.

Related information
See the following topic in this document:
• “Mirrored Disk Overview” (p. 6-2)

Before you begin

Because the Mirror Disk/UX is HP® Software, verify that the proper use license is
available. In addition, know the name of the source device (the DVD/CD-ROM).
This procedure gives you the choice of installing the software now or postponing the
installation. Note: once you start this procedure, you can continue to install the software
at the current time or you can postpone the installation of the software; however, you
cannot cancel the installation of the software.
The Mirror Disk/UX installation forces a system reboot.

Complete the following steps to install the Mirror Disk/UX software.

1 Log in to the system in which the Mirror Disk/UX software is to be installed as root.
Result: You now have superuser privileges.

2 Enter the following command to initialize the installation and press Enter:
..,sys, root # /SCINSTALL/etc/scinstall3PP MIRROR [Enter]
Result: The installation is initialized and the software prompts you to select the
software source.

3 When the software prompts you to select the source as CD/DVD or depot, choose 1,
which is DVD/CD-ROM, and press Enter:

--------------- LAYERED PRODUCTS Repository -------------

1 - DVD/CDRom
q - quit
Insert choice and press [Enter]:
6-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Mirror Disks Install the Mirror Disk/UX

Result: The software prompts you to confirm the source device.

4 When the software prompts you to confirm the source device, enter the correct source
device and press Enter, or select the default by pressing Enter.

--- Device selection for LAYERED Products installation

Enter 'q' to Quit or the CD device [def=/dev/dsk/c3t2d0]:
Result: Before the software begins execution and the system is rebooted, the software
outputs a display similar to the following that gives you a final chance to postpone,
but NOT TO STOP, the installation:

Installation require shutdown and reboot
Applications is better already stopped before start installation
Do you want execute installation NOW?:
Press [y] for yes or [n] for no, then press [Enter]

5 When the software prompts you to execute the installation, answer y to start the
installation now or n to postpone, but not stop, the installation:
Press [y] for yes or [n] for no, then press [Enter] y/n [Enter]
Result: If you answered y, to start the installation, the reboot begins.
If you answered n to postpone the installation, resume the installation at a later time
and go to Step 6.

6 If you have postponed the installation, enter the following command line when you are
ready to resume the installation:
...,sys,root # /SCINSTALL/SCINSTALL start [Enter]
Result: The scinstall installation is restarted.

1350 OMS 6-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Mirror Disks Configure Disk Fault Protection with Mirror Disk/UX®


Configure Disk Fault Protection with Mirror Disk/UX®

When to use
Use this task to configure disk fault protection with Mirror Disk/UX® after a full disk
backup or if the mirror configuration was skipped for any reason at installation time.

Related information
See the following topic in this document:
• “Mirrored Disk Overview” (p. 6-2)

Before you begin

This task requires the following conditions to be met for a mirror disk configuration:
• The HP Mirror Disk/UX is authorized and is installed on the system.
• The number of available hard disks are sufficient to create a copy of the entire file
After the mirror disk configuration is set up, any file system that belongs to the mirror
group volume is then mirrored.

Complete the following steps to configure disk fault protection with Mirror Disk/UX®
after a full disk backup or if the mirror configuration was skipped for any reason at
installation time.

1 Log in to the system in which the alternate boot disk is to be specified as root.
Result: You now have superuser privileges.

2 Enter the following command to initialize the tool and press Enter:
..,sys, root # scmirrorfs [Enter]
Result: The installation is initialized and the software prompts you to select the
alternate boot device:

Disks Selection
Mirroring need Alternate Boot disk on Volume Group:"vg00"
Device MByte Hardware Path Usage Type VolGroup
c1t2d0 8680 0/0/1/1.2.0 Pri_Boot _Main_ vg00
c2t2d0 8680 0/0/2/0.2.0 __Data__ _Main_ vg00D
c4t8d0 8680 0/4/0/0.8.0 _(free)_ ______ ________
D c4t9d0 8680 0/4/0/0.9.0 _(free)_ ______ ________
c5t12d0 8680 0/7/0/0.12.0 _(free)_ ______ ________
6-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Mirror Disks Configure Disk Fault Protection with Mirror Disk/UX®

c5t13d0 8680 0/7/0/0.13.0 _(free)_ ______ ________
Select Alternate BOOT dev name or [q] to quit:

3 When the tool prompts you, enter the name of the alternate boot device:
Select Alternate BOOT dev name or [q] to quit:
<name of the alternate boot device>
Important! Refer to “Mirrored disk configuration example” (p. 6-2) for the naming
conventions and pairing details.
Result: When the amount of disk space requested is reached, the tool displays output
that is similar to the following:

NOTE: Updating of LVM physical volume group information file

NOTE: Set Logical Vol allocation policy = "PVG-strict" on Active Volume Group
NOTE: Preparation of Mirroring Volume Group: "vg00"
NOTE: Mirroring all Logical Volume of Volume Group: "vg00"
=><date/time stamp>
....... Mirroring Logical Volume:"/dev/vg00/lvol1",
with Allocation policy "contiguous"


1350 OMS 6-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Mirror Disks Configure Disk Fault Protection with Mirror Disk/UX®


6-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
7 Network Depot

This chapter provides the 1350 OMS system administrator with the conceptual
information and the associated tasks that pertain to the management of the Network


Network Depot Overview 7-2

Run scbuilddepot to Create or Update the Platform Software Depot 7-4
Add Software to the Platform Software Depot 7-7
Create the Application Software Depot 7-8
Edit the .rhosts file to Authorize Access to the Application Software Depot 7-10

1350 OMS 7-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Network Depot Overview


Network Depot Overview

Network Depot purpose
The Network Depot tool enables the administrator to create a depot, or a reserved area
where software can be stored.

Network Depot applications

The Network Depot for the 1350 OMS is the repository for the following types of
• platform software, which is housed in the “Platform software depot” (p. 7-2).
• application software, which is housed in the “Application software depot” (p. 7-2)

Platform software depot

After the installation of the HP-UX 11iV3® operating system, the administrator can use
the scbuilddepot tool to create the platform software depot by reserving 8 GBytes or
more of space on the machine in which MW_OS is installed. This reserved space can
house all of the software that has been included on the CD-ROM. The creation of the
platform software depot enables the administrator to perform the remainder of the
platform software installation in an unattended mode.
The following tasks are related to the platform software depot:
• “Run scbuilddepot to Create or Update the Platform Software Depot” (p. 7-4)
• “Add Software to the Platform Software Depot” (p. 7-7)

Application software depot

The application software depot is used to house the 1350 OMS application software,
which consists of the MW-INT and all of the 1350 OMS components and feature
The following table lists the disk space that is required for these packages to swap and
install the packages. The values are specified in Megabytes.

Disk Requirements for the 1350 OMS Application Software

1350 OMSComponent/Package/Feature MBytes Required for the Depot
1350 OMS EML (EML) 3300
1350 OMS eOMS (eOMS) 850
MW_INT 700
1350 OMS PKT (PKT) 200
1350 OMS SDH (SDH) 450
Total 5500

7-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Network Depot Overview

The following tasks are related to the applications software depot:
• “Create the Application Software Depot” (p. 7-8)
• “Edit the .rhosts file to Authorize Access to the Application Software Depot” (p. 7-10)

1350 OMS 7-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Run scbuilddepot to Create or Update the Platform
Software Depot

Run scbuilddepot to Create or Update the Platform Software

When to use
Use this task to run the scbuilddepot tool to create or update the platform software depot.

Related information
See the following topic in this document:
• “Platform software depot” (p. 7-2)

Before you begin

To create a platform software depot, you need 8.6 GBytes of free space on an appropriate
hard disk.

Complete the following steps to run scbuilddepot tool to create the platform software

1 Log in to the system in which the MW_OS software is installed as root.

Result: You now have superuser privileges.

2 Enter the following command to run the scbuilddepot tool and press Enter:
...,sys,root # scbuilddepot [Enter]
Result: The tool outputs a display that is similar to the following:

MW_OS Depot Builder
The depot copy requires 8.6 Gbytes extra space on disks
* Do you have enough space available [Y/N] :

3 When the tool prompts you about the space available, answer Y for yes:
The depot copy requires 8.6 Gbytes extra space on disks
* Do you have enough space available [Y/N] Y

4 At the following prompt, enter the source media, which is the CD-ROM, or press Enter
for the default device that is displayed, which is the CD-ROM that was used to install
* Enter the CDROM device [ /dev/dsk/c1t2d0 ] : Enter
7-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Run scbuilddepot to Create or Update the Platform
Software Depot
Result: The tool outputs a display that is similar to the following to indicate that it is
checking/extending the directory for the creation of the depot:
NOTE: Checking/Extending /<directory> for depot creation
If the current size of the partition mounted at /<directory> is not large enough, new
disk resources are required until the requested size is reached. The tool outputs a
display that is similar to the following

Analyze Mount Point:"/<directory>"

Request free MegaByte(s): 1950
Evaluate size MegaByte(s): 4128
Hardware detection in progress, please wait ........
Total disk(s) found = 4
Total CDRoms found = 1
Press [Enter] to continue...

5 If additional/new disk resources are required, press the Enter key at the following
Press [Enter] to continue... Enter
Result: The tool outputs a display that is similar to the following, which shows you
the amount of free space on each particular device:

Mount Point need 1536MB on /dev/vg00 (PVG0)

Disks Selection
Mount Point: /<directory>
Device MByte Hardware Path Usage Type VolGroup
c0t5d0 4088 8/12.5.0 Pri_Boot _Main_ vg00
c0t6d0 2048 8/12.6.0 __Data__ _Main_ vg00
c1t4d0 2048 8/16/5.4.0 _(free)_ ______ _____
c1t5d0 2048 8/16/5.5.0 _(free)_ ______ _____
Select Data Area (Main instance) dev name or [q] to quit:

6 At the following prompt, enter the name of the device to be used for the depot:
Select Data Area (Main instance) dev name or [q] to quit:
Select Data Area (Main instance) dev name or [q] to quit: c1t4d0

7 When the file system mounted at /<directory> is large enough to house the depot, the
tool prompts you to specify the first disk of the set:
* Please insert CD SWP-OSCONF-V9.6.0 - 1/4 into the drive and
press [Enter] when ready
1350 OMS 7-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Run scbuilddepot to Create or Update the Platform
Software Depot
Insert the specified CD-ROM.
Press Enter when the LED on the CD-ROM stops blinking.

8 When the tool once again prompts you for the next CD-ROM in the set, replace the
current CD-ROM in the drive with the specified one.

7-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Add Software to the Platform Software Depot


Add Software to the Platform Software Depot

When to use
Use this task to add the following software to the Platform Software Depot:
• OSCONF Engine
• 3PP description
• NMS description

Related information
See the following topic in this document:
• “Platform software depot” (p. 7-2)

Before you begin

This task does not have any preconditions.

Complete the following steps to add the software to the Platform Software Depot.

1 Insert SWP-1350OMS-MW_OS-V9.6.@@@ DVD in the drive.


2 Enter the following command line to mount the device and press Enter:
...,sys,root # mount -o rr /dev/dsk/<device name>/SD_CDROM [Enter]

3 Enter the following command lines to copy the software package and press Enter to
execute each command line:
...,sys,root # swcopy -x enforce_dependencies=false / [Enter]
-s /SD_CDROM 1350OMS-MW_OS @/<directory>/SCDEPOT [Enter]

4 Enter the following command to dismount the CD-ROM:

...,sys,root # umount /SD_CDROM [Enter]

5 Remove the CD-ROM from the drive.


1350 OMS 7-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Create the Application Software Depot


Create the Application Software Depot

When to use
Use this task to create the application software depot.

Related information
See the following topic in this document:
• “Application software depot” (p. 7-2)

Before you begin

This task must be completed on the depot machine, which preferably should be a machine
in the network. The machine can be the same machine that you are installing, if you have
sufficient free disk space. Refer to the table in “Application software depot” (p. 7-2) to
determine how much space, in Megabytes, each software component or feature requires.
Repeat Step 4 to the end of this task for each CD-ROM that contains software that must
be installed.

Complete the following steps to create the application software depot.

1 Log in to an Alcatel-Lucent depot machine as root.

Result: You now have superuser privileges.

2 Enter the following command to extend the /alcatel directory to allow the storage of the
application software and press Enter:
...,sys,root # scextendfs /alcatel/DEPOT <required disk size>

3 Enter the following command to change directories to the depot directory and press
...,sys,root # cd /alcatel/DEPOT [Enter]
Result: You are now in the /alcatel/DEPOT directory.

4 Insert the CD-ROM into the drive.


5 Enter the following command to check the CD-ROM type and press Enter:
...,sys,root # fstyp /dev/dsk/ [Enter]

7-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Create the Application Software Depot


6 Depending on whether the CD-ROM is a cdfs or hfs, use one of the following to mount
the CD at the /SD_CDROM directory:
If the CD-ROM type in the previous step is a cdfs, enter the following command and
press Enter:
...,sys,root # mount -o rr /dev/dsk/<cdrom device file> /SD_
CDROM [Enter]
If the CD-ROM type in the previous step is a hfs, enter the following command and press
...,sys,root # mount -r /dev/dsk/<cdrom device file> /SD_CDROM

7 Enter the following command to copy the entire contents of the CD-ROM to the
/alcatel/DEPOT directory and press Enter:
...,sys,root # cp -p /SD_CDROM/* /alcatel/DEPOT [Enter]

8 Enter the following command to unmount the CD-ROM and press Enter:
...,sys,root # umount /SD_CDROM [Enter]

9 Remove the CD-ROM from the drive.


1350 OMS 7-9
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Edit the .rhosts file to Authorize Access to the Application
Software Depot

Edit the .rhosts file to Authorize Access to the Application

Software Depot
When to use
Use this task to edit the .rhosts file to authorize access to the Application Software

Related information
See the following topic in this document:
• “Application software depot” (p. 7-2)

Before you begin

To retrieve the files for the 1350 OMS application software packages from the depot
machine, the access to these files must be granted to all root users of all machines that
must be installed. To authorize root access, temporarily add the hostname, followed by
the string root to the .rhosts file for each machine involved.
For example, if there were three machines, called hosta, hostb, and hostc (the depot
machine), you would have to install these three systems including the depot machine
All hosts that are defined in the .rhosts file, must also be defined in the /etc/hosts file.

Complete the following steps to edit the .rhosts file to authorize access to the Application
Software Depot.

1 Log in to the machine in which the .rhost file resides.


2 Use the vi editor to access the .rhosts file and add the following lines:
hosta root
hostb root
hostc root
Save the changes that you have made to the file.

3 Specify these same hosts, in the same manner, the /etc/hosts file.

4 At the end of the installation, use the vi editor to access the .rhosts file and delete the
following lines:
hosta root
7-10 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Edit the .rhosts file to Authorize Access to the Application
Software Depot
hostb root
hostc root
Save the changes that you have made to the file.

1350 OMS 7-11
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Network Depot Edit the .rhosts file to Authorize Access to the Application
Software Depot

7-12 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
8 General Operations

This chapter contains the conceptual information and the related tasks that are needed for
the basic operation of the 1350 OMS.


Restart the HP® Servers 8-2

Decompress a Compressed .gz File 8-5
Eject a CD-ROM 8-6

1350 OMS 8-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
General Operations Restart the HP® Servers


Restart the HP® Servers

When to use
Use this task to restart the HP® servers periodically. For 1350 OMS HA configurations,
use this task on the standby nodes only.

Related information
This task does not have any related information.

Before you begin

Important ! For any restart situation, do not use the reboot command.


1 From the machine on which the application is running, log in as alcatel.


2 Stop the applications using the PMC application. Select the applications on the PMC
window; and from the popup menu, select the command Stop, as shown in the following

8-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
General Operations Restart the HP® Servers



3 When these operations are completed, log in as root.


4 On the CDE front panel, press the terminal icon to start a UNIX terminal application.
Execute the command su -root
Stop the Kernel Services using the following command:
...,sys,root # /alu/Kernel/script/KernelServices stop [Enter]

5 Enter the following command to change directories:

cd /

1350 OMS 8-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
General Operations Restart the HP® Servers


6 Enter the following command to reboot or stop the HP® servers gracefully:
shutdown -r now
shutdown -h now
The command is shutdown -h if you want to stop the system completely or
shutdown -r if you want to stop the system and restart it.
Note: If you are connected to the server, the shutdown command outputs the
following message:

<date/time stamp> METDST
Do you want to send your own message?
(You must respond with 'y' or 'n'.):
Answer n to the question.

7 When the system is restarted, press the terminal icon to start a UNIX terminal application.
Execute the command su -root to in as root user.

8 Enter the following command to start the Kernel Services:

...,sys,root # /alu/Kernel/script/KernelServices start [Enter]

9 As the alcatel user, start the applications using the PMC application. Select the
applications on the PMC window; and from the popup menu, select the command Start.

8-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
General Operations Decompress a Compressed .gz File


Decompress a Compressed .gz File

When to use
Use this procedure to decompress a compressed .gz file.

Related information
This task does not have any related information.

Before you begin

This task offers you two ways to decompress a file: to decompress the file and to write it
to standard output, which is shown in Step 3, or to decompress a file and to redirect the
output to another file, which is shown in Step 4.

Use this task to decompress a compressed .gz file.

1 From the machine on which the 1350 OMS application is running, log in to the

2 To decompress a file and to write it to standard output, go to Step 3.

To decompress a file and to redirect the output to another file, go to Step 4.

3 Enter the following command to decompress a file to standard output:

/usr/contrib/bin/gunzip -c <file to be compressed.gz>
Result: The file that you specified as <file to be compressed.gz> is
decompressed to standard output. You have completed this task.

4 Enter the following command to decompress a file and to redirect the output to another
/usr/contrib/bin/gunzip -c <file to be compressed.gz> > <output
directory/output file>
/usr/contrib/bin/gunzip -c /tmp/alarm.log.gz > tmp/alarm.log
Result: The file that you specified is decompressed and its output is redirected to the
file specified.

1350 OMS 8-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
General Operations Eject a CD-ROM


Eject a CD-ROM
When to use
Use this task to eject a CD-ROM when the CD-ROM does not get ejected as expected.

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.

Use this task to eject a CD-ROM when the CD-ROM does not get ejected as expected.

1 From the machine on which the 1350 OMS application is running, log in as root.

2 Enter the following command to change directories to the highest level:

cd /
Result: The directory is changed to the highest level directory.

3 Enter the following command lines to facilitate the ejection of the CD-ROM:
fuser -cku /SD_CDROM
umount /SD_CDROM

4 Press the Eject button to retrieve the CD-ROM from the drive.
Result: The CD-ROM is ejected.

8-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
9 Security

This chapter provides the 1350 OMS system administrator with the conceptual
information and the associated tasks that pertain to the security of the overall 1350 OMS


Security Overview 9-2

Security Banners 9-5
Security Profiles 9-7
Web Portal Macro Functions and Default User Profiles 9-9
PMC Management Macro Functions and Default User Profiles 9-10
Session Management Macro Functions and Default User Profiles 9-11
Alarm and FM Related Macro Functions and Default User Profiles 9-12
User Management Macro Functions and Default User Profiles 9-14
SMF Macro Functions and Default User Profiles 9-15
Audit and Log Files 9-18
Sample security.parms File 9-22
System Security Parameters 9-24
Prepare to Set Up Security 9-34
Set Up Security with Any Profile 9-36
Change a Manufacturer's Default Passwords 9-38
Verify and Kill Processes 9-40
Remove Security 9-42
Troubleshoot and Fix Old Password Problems 9-43
Troubleshoot and Fix /etc/passwd File Problems 9-44
Authorize Access to the Depot Machine 9-45

1350 OMS 9-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Security Overview


Security Overview
Security requirements
To guarantee the most secure system possible and to reduce the risk of security breaches,
1350 OMS sets up an HP® Trusted System configuration and hardens the system with the
HP-UX® Bastille Security Hardening Tool.
This security platform is based on user authentication, which is based on the following:
• The system identifies each user with a user identifier, or a UID.
• The system grants access to the system through the use of a password.

Security software requirements

The software that the 1350 OMS relies on and the software that is required for the
security set-up procedure is summarized in the following table:

1350 OMS Required Security Software

Description Product
HP-UX® Bastille Security Hardening Tool B6849AA
HP-UX® Secure Shell T1471Aa
Superuser DO ixSUDO
Logs rotate Tool logrotate

Security configuration tool functional overview

Before using the 1350 OMS security configuration tool, scsecurity, the security must be
properly set up to enable the correct access to the system.
When the tool initiates the security setup output similar to the following is displayed:

Created Security Profile for Users

NOTE: For the active users the security profile setting
will be enabled at the next login.
Executing XDMCP Configuration
Executing FTP Configuration
Executing FTP Banner Configuration
NOTE: "ftp banner file" has been created: /etc/ftpd/ftp_banner
Please, review/replace the contents of this file
to apply more specifically to your organization.
Converting to a Trusted System ...
System successfully converted to a Trusted System.
Setting Security Defaults
NOTE: Entering Critical Code Execution.
Bastille has disabled keyboard interrupts.
NOTE: Bastille is scanning the system configuration...
Bastille is now locking down your system in accordance with your
answers in the "config" file. Please be patient as some modules
9-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Security Overview

may take a number of minutes, depending on the speed of your machine.
NOTE: Executing File Permissions Specific Configuration
NOTE: Executing Daemon Specific Configuration
NOTE: Executing Account Security Specific Configuration
NOTE: Executing Inetd Specific Configuration
NOTE: Executing Sendmail Specific Configuration
NOTE: Executing DNS Specific Configuration
NOTE: Executing Apache Specific Configuration
NOTE: Executing Printing Specific Configuration
NOTE: Executing FTP Specific Configuration
NOTE: Executing HP-UX's Security Patch Check Configuration
NOTE: Executing HP-UX Specific Configuration
NOTE: Executing IPFilter Configuration"
Disabled cimserver
Disabled hpsmh
Admin Tools have been disabled.
Please check
for further instructions on how to secure your system.”
The tool continues to display output that is similar to the following regarding the Login
Banner Configuration:

Executing Login Banners Configuration

NOTE: "issue login message file" exists: /etc/issue
Please, review its contents adding an "Authorized Use Only"
warning message.
NOTE: "message of the day file" has been created: /etc/motd
Please, review/replace the contents of this file
to apply more specifically to your organization.
warning: commands will be executed using /usr/bin/sh
Updating Password Settings
The network access via SSH has been disabled for root
<date/time stamp>
PAM configured with Default Goglobal root access disable
The network access via GOGLOBAL has been disabled for root.
Disabled cimserver
Disabled hpsmh
Admin Tools have been disabled.
For the trusted-advanced profile, the tool displays output that is similar to the following
regarding the accounting and audit configuration:

Executing Accounting Configuration

Accounting started
Executing Auditing Configuration”
The tool concludes its display with output that is similar to the following that is intended
to call the administrator's attention to when scsecurity should be rerun and a note about
scsecurity revert.

ATTENTION: 'scsecurity' should be rerun whenever new software, OS revisions or

patches are installed.
It should also be rerun any time customizations are made that might
1350 OMS 9-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Security Overview

loosen security.
NOTE: Running 'scsecurity revert' will revert the security changes, but it
may not revert changes made in the interim (manually or by
In case of differences a copy of the modified files will be kept
so that you can compare them.”

Security administration user and user groups

The security set up requires/creates the following items:
• The security administrator user (security)
• Two user groups, which are as follows:
—The security group for the security administrator (security)
—The specific security group for ftp guest users (ftpscoss)
The user ID (UID) and group ID (GID) for these users and these groups are defined in
advance, and they must agree with the following UIDs and GIDs that have been defined
for the 1350 OMS environment:

1350 OMS Security User

User Name UID
security 199

1350 OMS Group User

Group Name GID
security 199
ftpscoss* 198
* The user who belongs to the ftp-only group is managed as an ftp guest.

9-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Security Banners


Security Banners
About security banners and scsecurity
The 1350 OMS security sets up temporary banners pages that are displayed at login time
for both the shell and ftp access. Administrators must customize these two banner pages
with the appropriate information to represent their company and/or their use.

Security banner locations

The displayed banners are stored in the following locations:
• The banner that is displayed after the login from the shell is stored in /etc/motd file.
• The banner that is displayed on a new terminal is stored in the /etc/issue file.
• The banner that is displayed for ftp access is stored in the /etc/ftpd/ftp_banner file.

Banner functional requirements

If the banner file is not present, scsecurity creates it. (It is disabled if scsecurity is
reverted.) Output similar to the following is displayed:

NOTE: "message of the day file" has been created: /etc/motd

Please, review/replace the contents of this file
to apply more specifically to your organization.
If the banner file does exist, scsecurity does not make any changes. Output similar to the
following is displayed:

NOTE: "issue login message file" exists: /etc/issue

Please, review its contents adding an "Authorized Use Only"
warning message.
At revert time, scsecurity advises you to remove your customization. Output similar to
the following is displayed:

NOTE: "issue login message file" was not managed by security: /etc/issue
If you added as suggested an "Authorized Use Only" warning message,
please remove the message.

Security banner template

The banner template that is used to define the banner files contains the following text:

This computer system is the private property of <COMPANY NAME> whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
1350 OMS 9-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Security Banners

agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.

If a revert of scsecurity occurs...

Important! The banner files, including any customized banner files that scsecurity
creates, are saved if a security revert occurs. They can be reused for the next security

9-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Security Profiles


Security Profiles
Security profile types
Prior to setting up the security, administrators must select one of the following security
• one profile named trusted-base
• one profile named trusted-advanced

Security profile features

Both the trusted-base and the trusted-advanced profiles set up the HP Trusted System and
remove useless network services; however, the profiles do differ. Refer to the following

Security Profile Features

Feature trusted-base trusted-advanced
HP® Trusted System Set-up ✓ ✓
Shell login banner ✓ ✓
ftp login banner ✓ ✓
Disable un-used network services* ✓ ✓
Disable remote commands* ✓ ✓
Disable telnet* ✓ ✓
Deactivate NFS* ✓ ✓
Deactivate NIS ✓ ✓
Disable sendmail daemon* ✓ ✓
Predispose sendmail execution ✓ ✓
through cron*
Disable ftp real user access ✓ ✓
Create Audit log file systems — ✓
Create security user — ✓
Enable rotation on system log files — ✓
Configure Audit — ✓
Disable XDMCP external access ✓ ✓
Disable the root login from anywhere ✓ ✓
other than the system console*
Allow only root to use crontab and at ✓ ✓
Prevert execution on commands ✓ ✓
traceroute and whois*

1350 OMS 9-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Security Profiles

*These restrictions are preconfigured on the system at the installation time. Both security
profiles check if the system configuration is complete and re-apply the restriction if

Access to the secure host

When security is activated on the host, the following guidelines apply:
• The telnet command is no longer available. The ssh (secure shell) must be used.
• The r (remote) commands (such as rlogin and rcp) are disabled; therefore, the ssh
(secure shell) must be used for connections and scp (secure copy) must be used to
copy files.
Secure Shell software is installed on all secure 1350 OMS systems; refer to the ssh and
scp man pages for more information.

Security user-allowed commands

With the trusted-advanced profiles, a special user is automatically created. This special
user can manage other users with root user exception. In addition, this special user can
use the commands that are listed in the following table to change the Trusted System
password database; however, any changes that are made with these commands are lost
during an iteration of scsecurity revert.

Security User Commands

Command Description and Use
getprpw Displays the user's protected password database settings.
modprpw Modifies the protected password database.
Updates the user's protected password database settings.
This command is only available to the superuser in a Trusted
passwd Changes/Modifies the login password and associated attributes
with the login name. If the name is omitted, it defaults to
invoking the user's login name.

Security and restrictions on High Availability configurations

For High Availability configurations that rely on the OS-Cluster or OS-Resilience,
security for the 1350 OMS must be set up with the same profile on every system. The
different storage methods for passwords can cause serious problems when the security
environments are not exactly aligned.

9-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Web Portal Macro Functions and Default User Profiles


Web Portal Macro Functions and Default User Profiles


Web Portal - File

✓ is Allowed
File Administrator Constructor Operator Viewer
Exit ✓ ✓ ✓ ✓
Change ✓ ✓
Check CA ✓ ✓
Save ✓ ✓
Preferences ...
Logout ... ✓ ✓ ✓ ✓


Web Portal - Actions

✓ is Allowed
Actions Administrator Constructor Operator Viewer
Launch application ✓ ✓ ✓
Raise up application ✓
Stop application ✓
Add toobar ✓
Remove from toolbar ✓
Open folder ✓ ✓
Expand folders ✓ ✓ ✓ ✓
Collapse folders ✓ ✓ ✓ ✓

Security (SEC) Database Management is only allowed for users who have an
Administrator profile.

1350 OMS 9-9
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security PMC Management Macro Functions and Default User Profiles


PMC Management Macro Functions and Default User Profiles


PMC Actions
✓ is Allowed
Actions Administrator Constructor Operator Viewer
Exit ✓ ✓ ✓ ✓
Start Selected Item ✓
Stop Selected Item ✓
Set Run Level ✓


PMC View
✓ is Allowed
View Administrator Constructor Operator Viewer
Info ✓ ✓ ✓ ✓
Selected Agent Trace ✓ ✓ ✓ ✓
PMC2 Log ✓ ✓ ✓ ✓
Local Configuration ✓ ✓ ✓ ✓
Agent Configuration ✓ ✓ ✓ ✓


PMC Configuration
✓ is Allowed
Configuration Administrator Constructor Operator Viewer
Set Threshold ✓

9-10 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Session Management Macro Functions and Default User

Session Management Macro Functions and Default User


Session Administration - Actions

✓ is Allowed
Actions Administrator Constructor Operator Viewer
Send a Message ✓ ✓ ✓
Force Log out ✓
Purge Closed Sessions ✓
Clear table selection ✓
Refresh Table ✓


Session Management - File

✓ is Allowed
File Administrator Constructor Operator Viewer
Duplicate Window ✓
Save Preferences ✓
Show Task Control ✓
Show Common Messages ✓
Stop Application ✓
Close ✓
Exit ✓

1350 OMS 9-11
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Alarm and FM Related Macro Functions and Default User

Alarm and FM Related Macro Functions and Default User


✓ is Allowed
Users Administrator Constructor Operator Viewer
Current Alarms ✓ ✓ ✓ ✓
Historical Alarms ✓ ✓ ✓ ✓

Alarm Surveillance Current Alarms

Alarm Surveillance - Current Alarms

✓ is Allowed
Current Alarms Administrator Constructor Operator Viewer
Modify Filters ✓ ✓ ✓
Administration ✓
Synchronization ✓ ✓ ✓
Reserve Alarm ✓ ✓
Acknowledge Alarm ✓ ✓
Archive Alarm Manually ✓ ✓
Manual Purge ✓
Manual Clear ✓
Request Trouble Ticket ✓
Export Alarm ✓ ✓ ✓
Get More Alarm ✓ ✓ ✓
Navigation > Historical ✓ ✓ ✓
Alarm USM
Navigation > Topology ✓ ✓ ✓
Navigation > External ✓ ✓ ✓

9-12 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Alarm and FM Related Macro Functions and Default User
Alarm Surveillance Historical Alarms

Alarm Surveillance - Historical Alarms

✓ is Allowed
Historical Alarms Administrator Constructor Operator Viewer
Export Alarm ✓ ✓
Get More Alarm ✓ ✓ ✓
Retrieve Public Archive ✓ ✓
Retrieve from user file ✓ ✓
Remove user file ✓
Navigation > Current ✓ ✓ ✓
Navigation > External ✓ ✓ ✓

1350 OMS 9-13
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security User Management Macro Functions and Default User Profiles


User Management Macro Functions and Default User Profiles

User Management

User Management - user management

✓ is Allowed
User Management Administrator Constructor Operator Viewer
Create User ✓
Remove User ✓
Find User ✓
Search User ... ✓
Import ... ✓
Export ... ✓
Refresh Contexts ✓

System Management

User Management - System Management

✓ is Allowed
System Management Administrator Constructor Operator Viewer
Lock/Unlock Database ✓
Shut down hard ✓
Shut down soft ✓
Save preferences ✓


User Management - Navigation

✓ is Allowed
Navigation Administrator Constructor Operator Viewer
Navigation to ACI ✓ ✓ ✓

9-14 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security SMF Macro Functions and Default User Profiles


SMF Macro Functions and Default User Profiles

Log Management

Log Management - Log File

✓ is Allowed
Log File Administrator Constructor Operator Viewer
Log File Info ✓ ✓ ✓
Log Record ✓ ✓ ✓
Log File Archive ✓ ✓ ✓
Log File Delete ✓ ✓ ✓

Log Management - Log Record

✓ is Allowed
Log Recprd Administrator Constructor Operator Viewer
Log Record ✓ ✓ ✓
Log Record ✓ ✓ ✓
Log Record Info ✓ ✓ ✓

Trace Management

Trace Management - processes

✓ is Allowed
processes Administrator Constructor Operator Viewer
Edit Trace Level ✓ ✓ ✓

Trace File - Trace File

✓ is Allowed
Trace File Administrator Constructor Operator Viewer
Static View ✓ ✓ ✓ ✓
Dynamic View ✓ ✓ ✓ ✓
Reset View ✓ ✓ ✓ ✓

1350 OMS 9-15
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security SMF Macro Functions and Default User Profiles

Failure Management

FM - Workstation
✓ is Allowed
Workstation Administrator Constructor Operator Viewer
Do a Snapshot ✓ ✓ ✓

FM - OS Snapshot
✓ is Allowed
OS Snapshot Administrator Constructor Operator Viewer
Save Tape ✓ ✓ ✓
Lock ✓ ✓ ✓
Unlock ✓ ✓ ✓
Delete ✓ ✓ ✓

FM - Options
✓ is Allowed
Options Administrator Constructor Operator Viewer
Set Max ✓ ✓ ✓
Number of

Scheduler Management

Scheduler Management - plan

✓ is Allowed
plan Administrator Constructor Operator Viewer
New ✓
Edit ✓
Validate ✓
Stop ✓
Delete ✓

9-16 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security SMF Macro Functions and Default User Profiles

Backup Management

Backup Management - job

✓ is Allowed
Job Administrator Constructor Operator Viewer
New ✓
Edit ✓
Remove from list ✓
Run ✓

Restore Management

Restore Management - load

✓ is Allowed
load Administrator Constructor Operator Viewer
All ✓ ✓ ✓ ✓
Disk ✓ ✓ ✓ ✓
Tape ✓ ✓ ✓ ✓

Cleanup Management

Cleanup Management - Cleanup

✓ is Allowed
Cleanup Administrator Constructor Operator Viewer
Details ✓ ✓ ✓
Clean ✓ ✓ ✓

1350 OMS 9-17
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Audit and Log Files


Audit and Log Files

Audit and log files functional overview
When the trusted-advanced security profiles are selected during an iteration of
scsecurity, a set of the following files are created or managed to record relevant system
• “Audit files” (p. 9-18)
• “Log files” (p. 9-19)
On a regular basis, the logrotate tool collects the audit and log files. This tool
periodically verifies the files and moves them from their original location to a dedicated
filesystem on the /.ARCHIVE directory, where the files are compressed, encrypted, and
archived if the option is enabled by the ENCRYPT_ARCHIVE security parameter. This
process ensures that the largest amount of data is stored and guarantees a reasonable time
between downloads. Refer to “Encryption set up” (p. 9-20) for details.
An email list that is available in the “WARN_USERS_LIST” (p. 9-32) security parameter
should be used to advise the administrator when the data in the ./ARCHIVE file system
exceeds the 80% threshold capacity and when the 90% threshold capacity is crossed.
If the administrator does not move the files to another location or archives the files on
tape before the second threshold is reached, the oldest files are automatically removed to
make space available for the newest files.

Audit files
The 1350 OMS configures the audit system provided in HP-UX to trace security-relevant
system calls and events. (Refer to the audevent HP-UX man page for details.)
The audit records are stored in two specific files that are located in two specific file
systems. Whenever the current file and file system that is in use is full, the system
automatically switches over to the second one. The 1350 OMS monitors this activity
every 5 minutes and saves the data that is stored in the dismissed file into the archive file
The audit files that the HP-UX audit function manages are the following:
• /.AUDITING/1/audfile
• /.AUDITING/2/audfile
During the initial activation of a trusted-advanced profile, the tool creates the structure
that is used to store the audit files and to produce output that is similar to the following:

Executing "Primary Audit log file" File System Configuration

=><date/time stamp>
=>START: MW_OS Extend/Create File(s) System
Analyze Mount Point:"/.AUDITING/1"
Request free: 121 MegaByte(s)
Evaluate size: 128 MegaByte(s)
Create Logical Volume x "/.AUDITING/1"
9-18 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Audit and Log Files

Extend Mount Point to 128 MByte
Making new file system (vxfs) on Mount Point
Mount /dev/vg00/lvol13 on /.AUDITING/1
Updating /etc/fstab x Mount Point
=><date/time stamp>
=>END: MW_OS Extend/Create File(s) System
Executing "Secondary Audit log file" File System Configuration
=><date/time stamp>
=>START: MW_OS Extend/Create File(s)
Analyze Mount Point:"/.AUDITING/2"
Request free: 121 MegaByte(s)
Evaluate size: 128 MegaByte(s)
Create Logical Volume x "/.AUDITING/2"
Extend Mount Point to 128 MByte
Making new file system (vxfs) on Mount Point
Mount /dev/vg00/lvol14 on /.AUDITING/2
Updating /etc/fstab x Mount Point
=><date/time stamp>
=>END: MW_OS Extend/Create File(s) System
When a file is saved in either /.ARCHIVE area, the filename adheres to the following
naming convention:
The /.ARCHIVE file system is automatically created to store more than 10 audit files,
however, when the file system becomes full, the collected audit data is lost.
The current audit file is compressed and moved into the /.ARCHIVE directory each time
the 1350 OMS security reverts to the default HP-UX level through scsecurity revert.

Log files
Some HP-UX system log files are automatically stored in the /.ARCHIVE directory for the
following reasons:
• To keep and maintain a long system history
• To prevent the abnormal growth of the file
These log files are compressed and renamed according to the following naming
<log prefix>-<date>-<time>.gz
<log prefix> is a unique file prefix that is defined for each log file.
<date> is the date of the move and compression.

1350 OMS 9-19
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Audit and Log Files

<time> is the time of the move and compression.
gz is the file type extension for gnu zip.
The /var/adm/cron/log is saved on January 1, 2012 at 15:57:59. In the /.ARCHIVE
directory, the respective log file is called:

Archived Log Files

HP-UX Log File Prefix Log file Contains... Transferred to the
/var/adm/wtmp wtmp A record of all logins Weekly, or when it
and logouts in binary becomes greater than
format 10 Mbytes
/var/adm/btmp btmp Bad login entries, in Monthly
binary format, for
each invalid login
/var/adm/syslog/ syslog.log All messages that are Weekly; can also be
syslog.log OLDsyslog.log sent to the UNIX saved as OLD in case
system log a system reboot
occurs in the mean
/var/adm/syslog/ mail.log Messages issued by Weekly
mail.log sendmail
/var/adm/cron/log cron.log The list of all Weekly; can also be
OLDcron.log commands performed saved as OLD in case
by the cron daemon a system reboot
occurs in the mean
/var/adm/sulog sulog The timestamp of Weekly
each su command
followed by the
username of the
executor and the new
username assumed

Encryption set up
The administrator can change the default security configuration so it archives both the
audit files and log files in encrypted format. To enable this function, the administrator
must change the settings of both the “ENCRYPT_ARCHIVE” (p. 9-27) and
“CHANGE_ENCRYPT_PASSWORD” (p. 9-26) parameters to YES.

9-20 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Audit and Log Files

Important! We recommend that the administrator sets the encryption policy for both of
these parameters before the security is activated. It is dangerous to change the encryption
policy after security is activated; and if it must be done, it must be done carefully.
are set to YES, the tool outputs a display that is similar to the following, which requests
the encryption password during the security setup:

Setting Archive Log files Encrypt functionality

Encryption password will be substituted.
Use the previous one to decrypt old saved log files.
Insert the log files encryption password:
Insert again the log files encryption password:
Encryption password defined.
The encrypted audit and log files are then archived with the file extension .gzsec.
Important! After the new setup has been activated, the administrator must remember to
change the setting of the CHANGE_ENCRYPT_PASSWORD parameter to NO;
otherwise, at the next security configuration, the administrator is asked to change the
encryption password.

1350 OMS 9-21
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Sample security.parms File


Sample security.parms File

Contents of the security.parms file
The following lines display information about the warning and the inactivity timeout:

# NOTE: The variables defined in this file can be configured to

# best suite your needs, with the restrictions put in
# evidence using the form "ATTENTION: ...".
# Users advised against problems
WARN_USERS_LIST="root" ## List of users separated by blank
# Shell Inactivity Timeout
SIT=0 ## Shell Inactivity Timeout (seconds) (0=not active)
## Applicable for 'ksh', 'sh' (posix-shell) and 'bash' shell uppercase
The following lines display information about encryption:

# Encrypt Archive
ENCRYPT_ARCHIVE="NO" ## Encrypt archive log files:"YES" or "NO"
in uppercase
CHANGE_ENCRYPT_PASSWORD="NO" ## Change encryption password:"YES"
or "NO" in uppercase
The following lines display information about un-trusted systems:

# Parameters for UN-Trusted Systems (SECURITY)

PASSWORD_MAXDAYS=180 ## Password expiration time interval (days)
PASSWORD_MINDAYS=0 ## Minimum time interval between password changes
PASSWORD_WARNDAYS=14 ## Password expiration warning time interval (days)
PASSWORD_HISTORY_DEPTH=4 ## Password history depth
PASSWORD_MIN_DIGIT_CHARS=1 ## Password minimum digit characters
PASSWORD_MIN_SPECIAL_CHARS=1 ## Password minimum special characters
MIN_PASSWORD_LENGTH=7 ## Minimum password length
# end of UN-Trusted System parameters
9-22 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Sample security.parms File

The following lines display information about trusted systems:

# Parameters for Trusted Systems

usrpick=YES ## User picks password
syspnpw=NO ## System does not generate pronounceable passwords
rstrpw=YES ## Check password for triviality
nullpw=NO ## Null passwords are not allowed
syschpw=NO ## System does not generate passwords having
characters only
sysltpw=NO ## System does not generate passwords having letters
gptm=21 ## Grace period time (days)
llog=0 ## Last login time interval (days)
umaxlntr=-1 ## Maximum number of consecutive unsuccessful login
attempts before the account is locked (use default)
tmaxlntr=3 ## Maximum unsuccessful login tries allowed
dlylntr=2 ## Delay between login tries
lntmout=30 ## Login timeout in seconds
# End of Trusted System parameters
The following lines display information about auditing:

# Auditing
PRI_SWITCH=102400 ## Switch size of primary audit log file (kbytes)
SEC_SWITCH=102400 ## Switch size of secondary audit log file (kbytes)

1350 OMS 9-23
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters


System Security Parameters

Changing the system security parameters
Some of the settings for the system security parameters, such as the password parameters,
can be changed.
Important! We recommend that the system security parameters be changed before the
security environment is set up because any subsequent changes to the security
environment can result in security breaches or user problems. For example, if the
password lifetime is reduced, users could be deactivated without any advance notice. In
addition, we recommend that the system security parameters for the Trusted System
Configuration are not changed with the HP® System Management Homepage (SMH).

Location and access to the system security parameters

The default settings for the security parameters are housed in the following file:
To customize security parameters, a copy of the default file can be made using the
following command:
cp /SCINSTALL/security/lib/security.parms /
Changes to the custom security.parms file can be made when security is active by
logging in as root, using an editor command, and executing the appropriate command:
• scsecurity security
Where: security is used to set up security defaults for the password parameters. See
Table 9-1, “ System Security Parameters” (p. 9-25) for a list of password parameters.
• scsecurity modify
Where: modify is used to change password settings (including setting up security
defaults) for the security parameters, password parameters, trusted system parameters,
and the encryption parameters, which are set only if trusted-advanced is the active
profile. See Table 9-1, “ System Security Parameters” (p. 9-25) for a list of these
If a new version of the security parameters file is delivered and a custom security
parameters file is found when a new version of MW-OS is installed, scsecurity outputs a
display similar to the following, which the administrator must follow:

WARNING:a CUSTOM security parameters file has been found:

The file version is different from the new one installed as DEFAULT:
NOTE: if you made some modification on the custom file, please complete the
actions reported at follows:
- save the current custom file for reference
cp /SCINSTALL/security/data/custom/security.parms /
- copy the default file in the custom directory
9-24 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters

cp /SCINSTALL/security/lib/security.parms /
- apply your personal customization on the custom file
- finally remove the old saved custom file
rm /SCINSTALL/security/data/custom/security.parms_save

System security parameters and HA configurations

Important! For High Availability (HA) configurations, the security must be configured
at the same level and with the same parameters that are set on every system. A
non-aligned security set-up can cause serious problems.

System security parameter types

The system security parameters are one of the types that are listed in the following table:

Table 9-1 System Security Parameters

System Security Parameters

System Security Parameter Type Parameter
Security Parameters “SIT” (p. 9-31)
“WARN_USERS_LIST” (p. 9-32)
Encryption Parameters “CHANGE_ENCRYPT_PASSWORD”
(p. 9-26)
Password Parameters* “MIN_PASSWORD_LENGTH” (p. 9-28)
(p. 9-29)
(p. 9-30)

1350 OMS 9-25
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters

Table 9-1 System Security Parameters (continued)

System Security Parameters

System Security Parameter Type Parameter
Trusted System Parameters** “dlylntr” (p. 9-26)
“gptm” (p. 9-27)
“llog” (p. 9-27)
“lntmout” (p. 9-28)
“nullpw” (p. 9-28)
“rstrpw” (p. 9-30)
“syschpw” (p. 9-31)
“sysltpw” (p. 9-31)
“syspnpw” (p. 9-31)
“tmaxlntr” (p. 9-32)
“umaxlntr” (p. 9-32)
“usrpick” (p. 9-32)
*The password parameters are among the most useful and safest security parameters to
**We strongly recommend that these parameters are not changed with the HP System
Management Homepage (SMH).

The CHANGE_ENCRYPT_PASSWORD system security parameter specifies whether
the audit and log archive encryption password can be changed. For the initial password
set up, changing this parameter setting is useful; however, when data exists in the archive,
we do not recommend changing the settings of this parameter. The “EN-
CRYPT_ARCHIVE” (p. 9-27) is a related parameter. Refer to “Encryption set up”
(p. 9-20) for details.
The allowed values are YES and NO.
This parameter is an encryption parameter. This parameter and its values reside in the
following file:
The scsecurity modify command line is used to change the initial value/setting of this

The dlylntr (delay between login tries) system security parameter specifies the maximum
number of seconds that are to elapse between login tries.
The allowed values are numbers that represent elapsed seconds.

9-26 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters

This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The ENCRYPT_ARCHIVE system security parameter specifies whether audit and log
archive encryption should be turned on or off. The “CHANGE_ENCRYPT_PASS-
WORD” (p. 9-26) is a related parameter. Refer to “Encryption set up” (p. 9-20) for
The allowed values are YES, to turn on the archive encryption, and NO, to turn off the
archive encryption.
This parameter is an encryption parameter. This parameter and its values reside in the
following file:
The scsecurity modify command line is used to change the initial value/setting of this

The gptm (grace period time maximum) system security parameter specifies the
maximum number of days that are allowed for a grace period, or that period of time in
which users are allowed to change their passwords.
The allowed values are numbers that represent the number of days. The default value is
21 days.
This parameter is a Trusted System drive parameter, which is also used for password
aging. This parameter and its values reside in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The llog (last log) system security parameter specifies the user inactivity time, which is
expressed in the number of days, that users have before their accounts are disabled
because they have not logged in to the system.
The allowed values are numbers that represent days; where the number 0 indicates
disabled. Note that setting this parameter to a value other than 0 can cause application
problems for the users.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:
1350 OMS 9-27
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters

The scsecurity modify command line is used to change the initial value/setting of this

The lntmout (login time out) system security parameter specifies the number of seconds
that are to elapse when logging in to the system before users are disconnected from the
The allowed values are numbers that represent elapsed seconds.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The MIN_PASSWORD_LENGTH system security parameter specifies the minimum
number of characters that are allowed in a password.
The allowed value is a number that represents the number of characters. The default value
is 7 characters.
This parameter is a password parameter that handles the structure of a password. This
parameter and its values reside in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The nullpw (null password) system security parameter specifies whether users can enter a
null password.
The allowed values are YES and NO. We strongly recommend that this password is set to
NO to prevent serious breaches in security.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

9-28 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters

The PASSWORD_HISTORY_DEPTH system security parameter specifies the number
times that users must change their passwords before they are allowed to reuse the same
The allowed value is a number from 1 to 10. The default value is 4.
This parameter is a Password parameter that handles changing a password. This
parameter and its values reside in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The PASSWORD_MAXDAYS system security parameter specifies the maximum
number of days in which a particular password can remain current; or, the number of days
in the lifetime of one particular password before a user is not allowed system access.
The allowed value is a number that represents the number of days. The default value is
180 days.
This parameter is a password parameter that handles the aging of a password. This
parameter and its values reside in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The PASSWORD_MINDAYS system security parameter specifies the minimum number
of days in which a particular password can remain current; or, the number of days in the
lifetime of one particular password before the user can change the password.
The allowed value is a number that represents the number of days. The default value is 0
days. Note: setting this parameter to a value other than 0 can cause application problems
for the users. The system prevents users from changing a password that is not older than
the specified number of days, which is the setting of the PASSWORD_MINDAYS.
This parameter is a password parameter that handles the aging of a password. This
parameter and its values reside in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The PASSWORD_MIN_DIGIT_CHARS system security parameter specifies the
minimum number of digits (numbers) that are allowed in a password.
1350 OMS 9-29
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters

The allowed value is a number that represents the number of digits allowed. The default
value is one number.
This parameter is a password parameter that handles the structure of a password. This
parameter and its values reside in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The PASSWORD_MIN_SPECIAL_CHARS system security parameter specifies the
minimum number of special characters (such as *) that are allowed in a password.
The allowed value is a number that represents the number of special characters that are
allowed. The default value is one special character.
This parameter is a password parameter that handles the structure of a password. This
parameter and its values reside in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The PASSWORD_WARNDAYS system security parameter specifies the number of days
in which users are warned, upon their login to the system, that their current password is
scheduled to expire.
The allowed value is a number that represents the number of days. The default value is 14
This parameter is a password parameter that handles the aging of a password. This
parameter and its values reside in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The rstrpw (restrict trivial passwords) system security parameter specifies whether
passwords are to be checked for trivialities.
The allowed values are YES and NO.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:

9-30 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters

The SIT (shell inactivity timeout) system security parameter specifies the value in
seconds that the ksh and sh shells can be left inactive before a timeout occurs and the user
is automatically locked out.
The allowed value is a number that represents the number of seconds that can elapse
before a timeout can occur; and the number 0 to disable the feature.
This parameter and its values reside in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The syschpw (system character password) system security parameter specifies whether
the system can generate passwords that are composed of only characters.
Since the “usrpick” (p. 9-32) password is set to YES, this parameter should not be set and
is not a valid option.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:

The syschpw (system letter password) system security parameter specifies whether the
system can generate passwords that are composed of only letters.
Since the “usrpick” (p. 9-32) password is set to YES, this parameter should not be set and
is not a valid option.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:

The syspnpw (system pronounceable password) system security parameter forces the
system to generate a password that users can pronounce.
Since the “usrpick” (p. 9-32) password is set to YES, this parameter should not be set and
is not a valid option.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:

1350 OMS 9-31
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters

The tmaxlntr (maximum login tries) system security parameter specifies the maximum
number of unsuccessful login attempts before users are disconnected from the network.
The allowed values are numbers. The value of -1 indicates that a check is not to be
performed and a number greater than 0 indicates the number of allowed invalid attempts
before the users are disconnected from the network.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The umaxlntr (user maximum login tries) system security parameter specifies the
maximum number of consecutive invalid/unsuccessful login attempts before a user
account is locked.
The allowed values are numbers. The value of -1 indicates that a check is not to be
performed and a number greater than 0 means the number of allowed invalid attempts to
log in to the system.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:
The scsecurity modify command line is used to change the initial value/setting of this

The usrpick (user pick) system security parameter specifies whether users can choose
their own passwords.
The allowed values are YES and NO.
Important! This parameter must always be set to YES.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:

The WARN_USERS_LIST system security parameter is a list of users, separated by blank
spaces, who are to be e-mailed of security problems. Note: the mail is restricted to 1350
OMS system recipients only. Refer to “Audit and log files functional overview”
(p. 9-18) for additional details.

9-32 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security System Security Parameters

The allowed values are a local username and a blank character space that separates one
user from the next.
This parameter is an advanced security parameter. This parameter and its values reside in
the following file:

1350 OMS 9-33
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Prepare to Set Up Security


Prepare to Set Up Security

When to use
Use this task to prepare for the security set up.

Related information
See the following topics in this document:
• “Security Overview” (p. 9-2)
• “Security Profiles” (p. 9-7)
• “System Security Parameters” (p. 9-24)

Before you begin

Each step of this task refers you to other sections in this document that are important in
your understanding of the particular step.

Complete the following steps to prepare for the security set up.

1 To avoid a reboot during the security set-up procedure, determine if you have the correct
software installed. If you do not have one or more pieces of the required software, the
security set up tool automatically activates the software install process and it can reboot
the system.
For the software that the 1350 OMS relies on and the software that is required for the
security set-up procedure, refer to “Security software requirements” (p. 9-2).

2 Review and select the appropriate security profile for your needs.
Refer to “Security Profiles” (p. 9-7) and “Access to the secure host” (p. 9-8) for details
and considerations. In addition, for High Availability systems, refer to “Security and
restrictions on High Availability configurations” (p. 9-8).

3 To customize security defaults parameters, change the values in the following file:
Important! We strongly recommend that you make any changes before security
If you do make the modification when the security is configured, log in as root and enter
the following command to apply the new security values to the security configuration:
...,sys,root # scsecurity security [Enter]

9-34 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Prepare to Set Up Security

Important! We strongly recommend that you do not change the Trusted System
configuration with the HP® System Management Homepage (SMH).
Important! For High Availability configurations, the security must be configured at the
same level and with the same parameters set up on every system. A non-aligned security
setup can cause serious problems. Refer to “System Security Parameters” (p. 9-24) for

4 To customize any additional advanced, encryption, or Trusted System parameters change

the values in the following file:
If you do make the modification when the security is configured, log in as root and enter
the following command to apply the new security values to the security configuration:
scsecurity modify
Important! We strongly recommend that you do not change any Trusted System
parameters with the HP® System Management Homepage (SMH). In addition, some
Trusted System parameters cannot be modified with scsecurity modify.
Refer to “System Security Parameters” (p. 9-24) for details.
In addition, refer to “Location and access to the system security parameters” (p. 9-24) for
instructions on how to manage the customization of the security.parms files.

1350 OMS 9-35
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Set Up Security with Any Profile


Set Up Security with Any Profile

When to use
Use this task to set up security with any profile, which includes the trusted-base or
trusted-advanced profile.

Related information
See the following topics in this document:
• “Security Overview” (p. 9-2)
• “Security Profiles” (p. 9-7)
• “System Security Parameters” (p. 9-24)
• “Prepare to Set Up Security” (p. 9-34) task

Before you begin

Step 1 of this task requires you to complete the “Prepare to Set Up Security”
(p. 9-34) task.
Read “Security configuration tool functional overview” (p. 9-2) before you proceed with
this task.
For High Availability systems, refer to “Security and restrictions on High Availability
configurations” (p. 9-8) before you proceed with this task.

Complete the following steps to set up security with any profile, which includes the
trusted-base or trusted-advanced profile.

1 Complete all of the steps in the “Prepare to Set Up Security” (p. 9-34) task.

2 Log in to the appropriate server as root.

Result: You now have superuser privileges.

3 Enter the following command followed by the profile type that reflects the appropriate
security level for your installation:
...,sys,root # scsecurity <profile type> [Enter]
<profile type> is trusted-base or trusted-advanced.

9-36 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Set Up Security with Any Profile

Result: The scsecurity tool initially checks disk spaces and searches the server for
the required software. If the disk space is insufficient or at least one piece of software
is missing, the tool automatically activates the software install process and it can
reboot the system.
For the software that the 1350 OMS relies on and the software that is required for the
security set-up procedure, refer to “Security software requirements” (p. 9-2). For
details on the tool output and additional user responses, refer to “Security
configuration tool functional overview” (p. 9-2).

4 If you are configuring security with a trusted-base profile, go to Step 6.

If you are configuring security with an trusted-advanced profile, go to Step 5.

5 If you are configuring security with a trusted-advanced profile, enter and then re-enter
the new password for the security user when the tool outputs a display similar to the

=><date/time stamp>
=>END: MW_OS Extend/Create File(s) System
Created Security Profile for Users
NOTE: For the active users the security profile setting
will be enabled at the next login.
Executing Security User Configuration
Executing 'security' user creation
Define password for user 'security'
Changing password for security
Last successful password change for security: NEVER
Last unsuccessful password change for security: NEVER
New password:
Re-enter new password:
New password: <enter the new password here>
Re-enter password: <enter the new password here again>
Result: The tool checks the password, and upon its acceptance of the new password,
it outputs a display similar to the following:
Password successfully changed

6 Complete the steps in the “Verify and Kill Processes” (p. 9-40) task.

1350 OMS 9-37
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Change a Manufacturer's Default Passwords


Change a Manufacturer's Default Passwords

When to use
Use this task to change a manufacturer's default passwords.

Related information
See the following topics in this document:
• “Security Overview” (p. 9-2)
• “Prepare to Set Up Security” (p. 9-34) task

Before you begin

To prevent unauthorized access to the system through the 1350 OMS default accounts, we
highly recommended that you provide a new, secure password to the following user
• axadmin
• snml
• bmml
• wdm
• alcatel

Complete the following steps to change a manufacturer's default passwords.

1 Log in to the system in a shell as root .

Result: You now have superuser privileges.

2 Enter command the following command:

passwd <user>
Where: <user> is one of the following account names: axadmin, snml, bmml, wdm, or
Result: The system prompts you to type a new password.

3 When prompted to enter a new password, type a new password and confirm it without
echo entered characters.
Important! Passwords must meet the rules that are set for the security policy.

4 Repeat step 2 and 3 for each user account.

9-38 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Change a Manufacturer's Default Passwords


5 Optional, but strongly recommended: Periodically change the password to the root

1350 OMS 9-39
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Verify and Kill Processes


Verify and Kill Processes

When to use
Use this task to verify and kill processes.

Related information
See the following topics in this document:
• “Prepare to Set Up Security” (p. 9-34) task
• “Set Up Security with Any Profile” (p. 9-36) task

Before you begin

This task requires you to complete the “Prepare to Set Up Security” (p. 9-34) and “Set Up
Security with Any Profile” (p. 9-36) tasks.
When the scsecurity tool has set up the security configuration, you must verify the
contents of the /var/opt/sec_mgmt/bastille/TODO.txt file. In this TODO.txt file, Bastille
writes the running processes that are related to TCP/IP services that have been closed.
These processes are no longer started at the next reboot; however, if you want to
guarantee a higher security level, you must examine the contents of the file and identify
these processes. The process names are usually shown between two pound sign (#) lines.
See the TODO.txt example that is displayed in Step 1.

Complete the following steps to verify and kill processes.

1 Open the TODO.txt file:

Result: The file outputs lines of text that are similar to the following:

{<date/time stamp>}
Deactivating Inetd Service: rtools
The following process(es) are associated with the inetd service "rtools".
They are most likely associated with a session which was initiated prior to
running Bastille. To disable a process see "kill(1)" man pages or reboot
the system
Active Processes:
{<date/time stamp>}
Deactivating Inetd Service: bootps
9-40 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Verify and Kill Processes

The following process(es) are associated with the inetd service "bootps".
They are most likely associated with a session which was initiated prior to
running Bastille. To disable a process see "kill(1)" man pages or reboot
the system
Active Processes:

2 Determine the process names that must be killed. Note: the process names are typically
displayed between the two pound sign (#) lines.

3 Log in to the system as root.

Result: You now have superuser privileges.

4 Enter the following command to identify the process identifier (PID):

...,sys, root # UNIX95=ps -C <process name> [Enter]
process name is the name/names of the process or processes that you identified in the
TODO.txt file.
Result: The process identifiers are displayed in the PID column of the command

5 Enter the following command for each identified PID and press Enter.
...,sys,root# kill -15 <PID> [Enter]

6 Repeat Step 4 and Step 5 for each process that is in the TODO.txt file.

7 Ask all authorized users to log out of the current session and log back in so they can be
connected to the system through the secure connection.

1350 OMS 9-41
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Remove Security


Remove Security
When to use
Use this task to remove any existing security or to change the security profile.
Important! We do not recommend that the security configuration is reverted to that of
an unsecured configuration because it can affect password aging and the general
password definition.

Related information
See the following topic in this document:
• “Set Up Security with Any Profile” (p. 9-36)
• “Security user-allowed commands” (p. 9-8)

Before you begin

The security revert form of this tool restores the system to the state that it was in before
the security set up. If any changes were made to the system in the interim (either
manually, through the “Security user-allowed commands” (p. 9-8), or by other programs),
these changes should be reviewed to determine if they have broken the system or
compromised its security.
Note: If the trusted-advanced security profiles are in use, the current audit file is
compressed and moved into the /.ARCHIVE directory each time the 1350 OMS security is
reverted to the default HP-UX level through scsecurity revert.

Complete the following steps to remove any existing security or to change a security

1 Log in to the system as root:

Result: You now have superuser privileges.

2 Enter the following command to remove security or to change a security profile:

...,sys,root # scsecurity revert [Enter]
Result: If any changes were made to the security configuration in the interim (either
manually or by other programs), the tool outputs a display that lists the changes.

3 If you are using the security revert to change a security profile, go to the “Set Up Security
with Any Profile” (p. 9-36) task to set up a security with a new profile.

9-42 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Troubleshoot and Fix Old Password Problems


Troubleshoot and Fix Old Password Problems

When to use
Use this task to troubleshoot and fix old password problems.

Related information
See the following topic in this document:
• “System Security Parameters” (p. 9-24)

Before you begin

After conversion to the Trusted System or after you used scsecurity revert and you
reapplied a new profile, you might have a problem with your old password during the first
password change. If your password was longer than eight characters, you cannot change
it. The system displays output that is similar to the following:

hosta,operator # passwd
Changing password for operator
Old password:
hosta,operator #

Complete the following step to fix a problem with an old password.

1 If you attempt to enter your old password, and your old password is longer than 8
characters, enter only the first 8 characters of the old password.
Result: The system accepts your old password.

1350 OMS 9-43
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Troubleshoot and Fix /etc/passwd File Problems


Troubleshoot and Fix /etc/passwd File Problems

When to use
Use this task to troubleshoot and fix /etc/passwd file problems.

Related information
See the following topic in this document:
• “System Security Parameters” (p. 9-24)

Before you begin

The security for the 1350 OMS converts HP-UX in the Trusted System, along with the
/etc/passwd file. If the /etc/passwd conversion fails, the Trusted System conversion also
fails; however, other security actions are performed. When this problem occurs, output
similar to the following is displayed:

WARNING: Failed to Execute Command: /usr/lbin/tsconvert

Command Output: Creating secure password database...
Directories created.
Can't write protected database;
password file unchanged.
ERROR: Trusted system conversion was unsuccessful for an unknown reason.
You may try using SMH to do the conversion instead of Bastille.

Complete the following steps to fix /etc/passwd file problems.

1 Complete the steps in the “Remove Security” (p. 9-42) task.


2 Use the following command to identify and fix the /etc/passwd error:
...,sys,root # pwck [Enter]
When using the pwck command, ignore irrelevant errors of the following type:

Login directory not found
goglobal:*:103:20:Graphon database user:/home/goglobal:/bin/sh
Login directory not found

3 Set up the security again.


9-44 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Authorize Access to the Depot Machine


Authorize Access to the Depot Machine

When to use
Use this task to authorize access to the depot machine.

Related information
See the following topic in this document:
• “Security Profiles” (p. 9-7)

Before you begin

For security, the HP® Software Distributor service is disabled. Because the depot
machine must distribute software when the system is configured with a security profile,
the depot machine must be set up to enable the access for the remote hosts.
The swacl command is used to view or modify the Access Control Lists (ACLs) that are
used to protect software products.

Complete the following steps to authorize access to the depot machine.

1 Enter the following command to grant access to the root user on the remote host:
..., root,sys # swacl -l host -M user:root@<hostname>:-r-t:
Result: The root user now has access on the remote host.

2 Enter the following command to remove access of the root user on the remote host:
..., root,sys # swacl -l host -D user:root@<hostname> [Enter]
Result: The root user no longer has access on the remote host.

3 Enter the following command to list the host ACL on the local host:
..., root,sys # swacl -l host [Enter]
Result: The host ACL is now listed on the local host.

4 Remove access after the software installation.


1350 OMS 9-45
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Security Authorize Access to the Depot Machine


9-46 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
10 HP Printer Configurations

This chapter provides the 1350 OMS system administrator with the conceptual
information and the associated tasks that pertain to an HP® printer configurations.


Printer Configuration Overview 10-2

Configure a Printer in the Local Spooler Queue 10-3
Start the Spooler 10-8
Configure a Printer Booting upon Booting from the Local System 10-9

1350 OMS 10-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Printer Configuration Overview


Printer Configuration Overview

The HP® printer configuration tool
To configure any HP® printer, the HP hppi tool must be used. This tool configures the
printer on the system so software can be downloaded from the network. In addition, this
tool also configures the spooler and the print queues on all declared systems.

Two HP® printer configurations

The following printer configurations are supported:
• A spool queue configuration is supported.
With this type of configuration, the administrator can configure an existing HP®
printer that is already active in the network by creating a spool queue.
Refer to “Configure a Printer in the Local Spooler Queue” (p. 10-3) for details.
• A boot configuration is supported.
With this type of configuration, the administrator can configure an HP® printer by
loading the printer configuration remotely upon power-up of the printer.
Refer to “Configure a Printer Booting upon Booting from the Local System”
(p. 10-9) for details.

10-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer in the Local Spooler Queue


Configure a Printer in the Local Spooler Queue

When to use
Use this task to configure a printer in the local spooler queue.

Related information
See the following topics in this document:
• “Printer Configuration Overview” (p. 10-2)
• “Start the Spooler” (p. 10-8)

Before you begin

You will need following information when the spool queue is being set up in this task:
• The Name is a meaningful 8 character string that you assign to the printer. We advise
you to declare the printer name as an external code with scNMmng.
• The IP Address is the network IP address that you assign to the printer.
• The Default Queue prompt must be answered as Yes or No:
Is this the system default queue
We recommend that you set the first defined queue as the default queue.
• The Banner Page prompt must be answered as Yes or No:
Would you like to issue the banner page at the beginning of
any print job.

Complete the following steps to configure a printer in the local spool queue.

1 Log in to the system as root.

Result: You now have superuser privileges.

2 Enter the following command to initialize the hppi tool for JetDirect printer installation:
..,sys,root # hppi [Enter]
Result: The tool outputs the JetDirect banner page, which is followed by the main

***** *****
***** ***** JetDirect Printer Installer for UNIX
***** ***** Verison E.10.18
***** *****
***** ***** M A I N M E N U
***** *****
User: [root] OS: (HP-UX B.11.11)

1350 OMS 10-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer in the Local Spooler Queue

1) Spooler Administration (super-user only)
2) JetDirect Configuration (super-user only)
- TCP/IP configurable parameters
3) Diagnostics:
- diagnose printing problems
?) Help q) Quit
Please enter a selection (q - quit):

3 At the main menu, enter 1 to select Spooler Administration.

Result: The tool outputs the Spooler Administration banner page, which is followed
by its main menu:

1) Add printer to local spooler
2) Delete printer from local spooler
4) Install New Model Script
5) Remove Model Script
?) Help q) Quit
Please enter selection:

4 At the Spooler Administration menu, enter 1 to Add printer to local spooler.

Result: The system prompts you for the printer name or IP address:

5 At the following prompt, enter the printer name or the IP address:

Enter the network printer name or IP address (q - quit):
Note: if you have already declared the printer name in the /etc/hosts file through
scNMmng, enter the printer name. If you have not declared the printer name, enter the IP
address. We recommend that you enter the printer name and not the IP address because
you will have to review/change the printer configuration if the printer IP address changes.
Result: The system outputs a display similar to the following to enable the Realtime
Model Script update:

The latest model script can be downloaded from the web before creating
any queue. This can be done by enabling Realtime Model Script Update.The
Realtime Model Script Update can be Enabled/Disabled from the diagnostics menu.

6 At the following prompt, press the Enter key:

Do you want to Enable Realtime Model Script Update(0-Enable,
default-Disable): Enter
Result: The tool outputs the following list of suggested parameter values:

10-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer in the Local Spooler Queue

The following is a list of suggested parameter values for this queue. You
may change any settings by selecting the corresponding non-zero numbers. The
will be used to configure this queue when '0' is selected.
To abort this configuration operation, press 'q'.
Configurable Parameters: Current Settings
------------------------ ----------------
1) Lp destination (queue) name: [<printername>_1]
2) Status Log [(No Log)]
3) Queue Class [(Not assigned)
4) Default Queue [NO]
5) Additional printer configuration...

7 At the following prompt enter 1 to change the LP queue:

Select an item for change, or '0' to configure (q - quit): 1
Result: The tool outputs a display similar to the following that lists the currently used
queue names:

Currently used names:

(no queues are configured)

8 At the following prompt enter 1 to enter the LP destination name:

Enter the lp destination name (default=<Printer name>_1, q -
quit): <printer name>
Result: The tool updates the items in the Current Settings of the suggested
parameter values menu.

9 If you are configuring the first print queue or if you want to define this printer as the new
default queue, enter a 4 at the following prompt:
Select an item for change, or '0' to configure (q - quit): 4

10 If you want to set the banner page issue, at the next suggested parameter values menu,
enter 5 at the following prompt:
Select an item for change, or '0' to configure (q - quit): 5
Result: The tool outputs a display that is similar to the following:

The following is a list of suggested parameter values for this printer.

To abort this operation, press 'q'.
Configurable Parameters: Current Settings
------------------------ ----------------
1) Model Script: [net_lj4x]
2) Default Printing Language [AUTO]

1350 OMS 10-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer in the Local Spooler Queue

3) Job Recovery [ON]
4) True End-of-Job [ON]
5) Banner Page [OFF]
6) PostScript Level [Level 1]

11 If you want to set the banner page issue, enter 5 at the following prompt:
Select an item for change, or '0' to configure (q - quit): 5
Result: The Banner Page current setting is changed from [OFF] to [ON] and the tool
re-displays the submenu issued.

12 At the following prompt, enter q to quit:

Select an item for change, or '0' to configure (q - quit): q
Result: The tool re-displays the Printer Characteristics Menu.

13 At the following prompt in the Printer Characteristics Menu, enter q to quit:

Select an item for change, or '0' to configure (q - quit): 0
Result: When the spooler is not running, the tool outputs a display that is similar to
the following:

The spooler is already not running in the system!

It will not be switched on after the configuration
When the spooler is running, the tool outputs a display that is similar to the following:

Ready to shut down the spooler and configure the new print queue.
The spooler will be running again after the configuration is done.
WARNING: If there are jobs currently being printed, and the page count is
enabled (i.e. when True End-of-Job is turned on), this shutdown and rerun
of the spooler may result in incorrect page count.

14 If the spooler is running, enter the following command to verify that a print job is not
lpstat -t
If the spooler is not running, the tool outputs the following message to remind you to start
the spooler:

WARNING : The spooler is not running!

To print, turn on the spooler (lpsched)
Result: The tool returns to the Spooler Administration menu.

15 At the Spooler Administration menu, enter q to exit the Spooler Administration menu.

10-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer in the Local Spooler Queue

Please enter selection: q [Enter]
q [Enter]
Result: The tool displays the Direct Printer Installation Main Menu.

16 At the Jet Direct Printer Installation Main Menu, enter q to exit the tool.
Please enter a selection (q - quit): q [Enter]
q [Enter]
Result: You have exited the tool.

17 Complete the steps in the “Start the Spooler” (p. 10-8) task.

1350 OMS 10-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Start the Spooler


Start the Spooler

When to use
Use this task to start the spooler

Related information
See the following topics in this document::
• “Printer Configuration Overview” (p. 10-2)
• “Configure a Printer in the Local Spooler Queue” (p. 10-3)

Before you begin

The HP-UX system spooler is automatically started during system start-up only when a
print queue is defined. When you initially define the first queue, it typically does not run;
therefore, you must use the steps in this task to start the print queue manually.

Complete the following steps to start the spooler.

1 Log in to the system as root.

Result: You now have superuser privileges.

2 Enter the following command to start the spooler:

..,sys,root # lpsched [Enter]

10-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer Booting upon Booting from the Local

Configure a Printer Booting upon Booting from the Local

When to use
Use this task to configure a printer upon booting from the local system.

Related information
See the following topics in this document:
• “Printer Configuration Overview” (p. 10-2)
• “Start the Spooler” (p. 10-8)

Before you begin

This printer configuration enables you to load the printer configuration remotely upon
power-up time.
If you decide to use this method, we recommend the following:
• Choose two HP-UX systems that are configured to set up the printers.
• Keep the databases of these two systems synchronized.
You will need the following information when the boot configuration is being set up
during this task:
• Name is a meaningful 8 character string that you assign to the printer. We advise that
you declare the printer name as an external code with scNMmng.
• IP Address is the network IP address that you assign to the printer.
• LAN Hardware Address is the hardware address of the card, which is also known as
MAC(2). This address is typically a hexadecimal string that consists of six
colon-separated sets of hexadecimal notation in the format: 00:30:6E:08:AF:6F. You
must retrieve this address from the printer itself; refer to the printer documentation for

Complete the following steps to configure a printer upon booting from the local system.

1 Log in to the system as root.

Result: You now have superuser privileges.

2 Enter the following command to initialize the hppi tool for JetDirect printer installation:
..,sys,root # hppi [Enter]
Result: The tool outputs the JetDirect banner page, which is followed by the main

1350 OMS 10-9
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer Booting upon Booting from the Local
1) Spooler Administration (super-user only)
2) JetDirect Configuration (super-user only)
- TCP/IP configurable parameters
3) Diagnostics:
- diagnose printing problems
?) Help q) Quit
Please enter a selection (q - quit):

3 At the main menu, enter 2 to select JetDirect Configuration.

Result: The tool outputs the JetDirect banner page, which is followed by its main

Printer Network Interface:

1) Create printer configuration in BOOTP/TFTP database
2) Remove printer configuration from BOOTP/TFTP
3) Check Bootp and TFTP operation (super-user only)
- OR -
Telnet Configure JetDirect:
4) Set IP Address locally
(within your local subnet - router)
5) Open Telnet Session to JetDirect Card
?) Help Me Decide q) Quit

4 At the JetDirect Configuration menu, enter 1 to Create printer configuration in

BOOTP/TFTP database.
Result: The tool outputs a display similar to the following, which instructs you how
to answer a series of prompts:

These responses apply to all questions:

"q" - returns you to the next higher level menu
"?" - prints help text
<return> - skips optional parameters or selects the default value

5 At the following prompt, enter the LAN address of the printer:

Enter the printer's LAN hardware address: <MAC Address> [Enter]

6 At the following prompt, enter the name of the printer:

Enter the network printer name (q - quit): <Printer Name>

7 At the following prompt, enter the IP address of the printer:

Enter IP address: <Printer IP Address>

10-10 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer Booting upon Booting from the Local

8 At the following prompt, specify the printer name and the IP address of the printer that
should be added to the /etc/hosts file:
Add <Printer Name> and <Printer IP Address> to /etc/hosts? (y/n/
q, default=y) y
Result: The tool outputs a display similar to the following to remind you to update
your master source:

Printer name and IP address have been added to /etc/hosts.

If your /etc/hosts file is updated automatically from a master source,
add the name and IP address to your master source after the
configuration is complete.
The tool then outputs a display similar to the following on optional parameters that
you can set:

Following are optional parameters you may set for JetDirect. Select any non-
zero numbers to make the changes. The settings are used to create a
BOOTP/TFTP database when '0' is selected. To abort the operation, press
Other optional parameters:
1) Set printer location (uses tftp)
2) Set printer contact (uses tftp)
3) Set subnetmask
4) Set gateway
5) Set syslog (uses tftp)
6) Change idle timeout (uses tftp)
7) Create access list (up to 10 names).(Default: all allowed).(uses tftp)
8) Other SNMP parameters: (uses tftp)
(GET/SET community name, trap and community name, authentication
9) Set HP JetDirect lpd banner page

9 At the following prompt, enter 1 to set the printer location:

Select an item for change, or '0' to configure (q - quit):
1 [Enter]

10 At the following prompt, enter the name of the printer location:

Enter the printer location (q - quit): <Location name> [Enter]

11 At the following prompt, enter 0 to configure the printer:

Select an item for change, or '0' to configure (q - quit): 0

1350 OMS 10-11
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer Booting upon Booting from the Local
Result: The tool outputs a display that is similar to the following that confirms the
creation of the BOOTP/TFTP configuration database and the placement of the
configuration data.

Completed creating BOOTP/TFTP configuration database for <Printer Name>

Tftp service is also used to boot up JetDirect. Make sure /var/adm/inetd.sec
allows JetDirect's IP to access ftp service on this node.
Please wait...
(testing, please wait) ...
Testing BOOTP with 080009000000...:
RESULT: Passed BOOTP test 1 with 080009000000.
BOOTP/TFTP has been verified functional.
Configuration data is now in place. The next test is to ping the printer for
the IP name you just assigned it. To continue the test, you MUST do the
following so that the printer can configure itself with the configuration
Power cycle the printer.

12 Power the printer off and on.

Result: The tool outputs a display that is similar to the following that requests you to
wait until the printer finishes its selftest.

Wait until the printer finishes the self test.

(Note: It may take 20 sec to 1 min for a token ring HP
JetDirect interface to finish the configuration.)
Press the return key to continue the test.

13 Press the Enter key on the keyboard to continue the test.

Result: The tool outputs a display that is similar to the following that requests you to
wait until the printer finishes its selftest.

If you are not ready for the next test

(for example, the IP name has not taken affect in your DNS server),
press 'q' to return to the configuration menu now.

14 At the following prompt, enter y to send the test files to the printer:
Do you want to send test file(s) to this printer (y/n, default=
n)? y [Enter]
Result: The tool outputs a display that is similar to the following that requests you to
wait until the printer finishes its selftest.

This test is using test files to demonstrate that data bytes can be
transmitted across the HP JetDirect interface setup.
As long as a few characters print out, the test is successful.
10-12 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer Booting upon Booting from the Local
The printer must be ready, i.e. online and not printing anything.
The following types of test files can be sent to the printer:
1) text file (if printer is in PCL or AUTO mode)
2) PostScript file (if printer is in PS or AUTO mode)
3) HP-GL/2 file (if it is a HPGL/2 plotter)
4) User supplied file

15 At the following prompt, enter 2 to indicate that the PostScript file should be transmitted:
Which one should be transmitted? (1/2/3/q, default=1) 2
Result: The tool displays output that is similar to the following that indicates that the
test file has been sent to the named printer:

Sending a test file to <Printer Name> ...

Result: The file has been successfully sent to <Printer Name>.
Check output!

16 At the following prompt, press the Enter key to continue:

Press the return key to continue ... [Enter]
Result: The tool displays the JetDirect Configuration Menu.

17 At the Jet Direct Configuration Menu, enter q to exit Configuration Menu.

Please selection: q [Enter]
Result: The tool outputs the JetDirect Main Menu.

18 At the Jet Direct Main Menu, enter q to exit the tool.

Please enter a selection (q - quit): q [Enter]
Result: You have exited the tool.

1350 OMS 10-13
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
HP ® Printer Configurations Configure a Printer Booting upon Booting from the Local

10-14 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
11 Troubleshooting

This chapter provides the 1350 OMS system administrator with the conceptual
information and the associated tasks that pertain to troubleshooting the overall 1350


General Troubleshooting 11-3

Troubleshooting 11-3
Ping a Node 11-6
Activate the KDC Log 11-8
Deactivate the KDC Log 11-10
System / Environment 11-11
OS Percentage Usage 11-12
Manage Semaphores 11-13
Unlock the Login to the 1350 OMS 11-14
Add Nodes to the 1350 OMS Kerberos System Configuration 11-15
System Installation and Customization 11-17
Troubleshoot 1350 OMS System License Problems 11-18
Remove the WDM Component from the 1350 OMS 11-20
Product Installation 11-22
Troubleshoot Product Installation Failures (no space/file busy) 11-22
Upgrade the MW-OS Application 11-25
Configure and Test the Centralized User DB in a Distributed Environment 11-27
Product Customization 11-31
Customize a 1350 OMS Component while Other Components Are Running 11-32

1350 OMS 11-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Overview


Perform a Manual Customization/De-customization (without using the Install 11-34

Perform a Fast Customization of the MS-GUI Package 11-36
Customizing WDM to Exclude the Remote eOMS 11-38
System Applications Management 11-39
PMC2 Process Monitoring 11-39
SAS, UDM, LDAP 11-42
Web Desktop Administration 11-45
Cannot Connect to the Authentication Server 11-55
Work Arounds for the MS-GUI 11-57
Work Arounds for Database Management 11-61
General Work Arounds for Application Problems 11-63
Work Arounds for File System Management 11-65
NMA Basic Debug/Configuration Notes 11-67
Logging 11-67
Configuration 11-70

11-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Troubleshooting
General Troubleshooting

General Troubleshooting

Troubleshooting guidelines are provided in terms of symptoms and fixes, and any related
tasks that might accompany the fix.

Network configuration problems

Because the MW-INT and Kerberos configuration is designed to provide a high security
level, it must be able to identify the incoming ticket IP address. Therefore, two LAN
interface cards cannot be configured on the same system in the same subnetwork.
Output similar to the following is displayed:

# ifconfig lan0
inet netmask ffff0000 broadcast
#ifconfig lan1
inet netmask ffff0000 broadcast
Note: In the previous output, the subnet mask splits the IP address information into the
subnet and host. The bit that is set to 1 in the netmask identifies the subnet; the bit that is
set to 0 identifies the host. Since the netmask is provided as a hexadecimal bit
representation and the IP address and four figures are dot separated, it is difficult to
identify the two IP address that are masked by netmask, which provides the same subnet.
The easiest way to compare the broadcast information shown is by the ifconfig command.
In the previous output, the display of the same broadcast value indicates if two IP
addresses differ in their binary representation and if they are in the same subnet.
Note: The addressing scheme is designed for optimal network behavior. To improve
network throughput, use the HP® Auto Port Aggregation.

Ticket is ineligible for postdating

A common error message that the MW-INT with Kerberos outputs describes time
differences among servers.
Output similar to the following is displayed:

FATAL Error while sending command to host = <hostname> - Error = 5 (Ticket is

ineligible for postdating) at /alcatel/<release>/Kernel/lib/lib_perl/
line <number>

1350 OMS 11-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Troubleshooting
General Troubleshooting
When the hostname that is displayed in the message refers to a server that is different
from the one that has output the error, a time difference greater than five minutes between
the two severs clocks can exist.
Verify the times on the two system clocks by entering the following command:
...,root,sys $ date -u [Enter]
If the times are out of synchronization, verify the Network Time Protocol (NTP)
configuration. Refer to the 1350 OMS Installation Guide for details.

Cannot contact any KDC for requested realm

When a process on a local server cannot contact the remote or local KDC, output similar
to the following is displayed:

KRB5 XS: Cannot contact any KDC for requested realm while initializing krb5
FATAL Error while sending command to host = <hostname> -
Error = 5 (Cannot contact any KDC for requested realm)
at /alcatel/<release>/Kernel/lib/lib_perl/ line <number>
The KDC daemon is not responding on the server that is identified as <hostname>.
Use the steps in the “Ping a Node” (p. 11-6) task to determine if the host can be reached.
If the host can be reached, log into that host server as root and stop/start the KDC daemon
by entering the following command:
...,root,sys $ /sbin/init.d/krbsrv stop ; /sbin/init.d/krbsrv start [Enter]
Important! When Kerberos is stopped and restarted, system malfunctions can occur.

Unable to connect ConnectionManager

When a process on a local server cannot connect with the remote or local Connection
Manager daemon, communication cannot be established. Output similar to the following
is displayed:

FATAL Error while sending command to host = <hostname> -

Error = 11 (Unable to connect ConnectionManger) at
/alcatel/<release>/Kernel/lib/lib_perl/ line <number>
To fix this problem, do the following:
1. Use the steps in the “Ping a Node” (p. 11-6) task to determine if the remote host can
be reached.
2. Enter the following command to check the Connection Manager daemon on the server
that is named as <hostname>:
...,root,sys $ ps -ef | grep conmgr.exe [Enter]
Output similar to the following is displayed:

root 1963 1 0 08:54:19 ? 0:01 /alcatel/<release>/Kernel/bin/conmgr.exe

root 2136 1963 0 08:54:30 ? 0:00 /alcatel/<release>/Kernel/bin/conmgr.exe

11-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Troubleshooting
General Troubleshooting
root 2137 1963 0 08:54:30 ? 0:00 /alcatel/<release>/Kernel/bin/conmgr.exe
root 9277 18294 0 15:36:11 pts/ta 0:00 grep conmgr.exe
Identify the process that has a 1 in the parent Process Identifier (PID) column, which is
the third column in the output example. Wait a while and re-enter the same command. If
the conmgr process has a 1 as a parent PID and it has the same PID in both the ps
outputs, it is stable. If a line is not displayed or if the two PIDs that are displayed are
different, contact your Alcatel-Lucent local customer service support team immediately.

KDC daemon log file

To identify the cause of a problem, you can force the Kerberos KDC to log its activity in
a log file. To force the KDC to produce a log file, change its start-up script and stop/start
the daemon. Refer to the “Activate the KDC Log” (p. 11-8) and “Deactivate the KDC
Log” (p. 11-10) tasks for details.

1350 OMS 11-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Ping a Node
General Troubleshooting

Ping a Node
When to use
Use this task to ping a node/host; meaning, to verify if a node can communicate with the
local node/host.

Related information
See the following topic in this document:
• “Security Overview” (p. 9-2)

Before you begin

Any node that is connected to the network has one or more network adapters (NAs), each
of which is configured with an IP address. To simplify network access and to allow for a
virtual IP address change, the IP address of the NAs is typically identified with an alias (a
name) that the system automatically translates to an IP address.
Command format:
ping <IP address/host name> <bytes> <packets>

Complete the following step to ping a host.

1 Enter the following command to ping the host through its IP address:
...,root,sys $ ping <IP address/hostname> <bytes> <packets>
,sys,root # ping <IP address/host name> 64 5
The command outputs a display similar to the following:

PING 64 byte packets

64 bytes from icmp_seq=0. time=0. ms
64 bytes from icmp_seq=0. time=0. ms
64 bytes from icmp_seq=0. time=0. ms
64 bytes from icmp_seq=0. time=0. ms
64 bytes from icmp_seq=0. time=0. ms
---- PING Statistics----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0
Result: The system outputs host information as shown in the example. Any error or
output with packet loss equal to 100% means the machine is unreachable or unknown.
If the host is unknown, the system outputs a display that is similar to the following:

11-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Ping a Node
General Troubleshooting
ping: host unknown

1350 OMS 11-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Activate the KDC Log
General Troubleshooting

Activate the KDC Log

When to use
Use this task to activate the Kerberos Key Distribution Center (KDC) log.

Related information
See the following topic in this document:
• “Deactivate the KDC Log” (p. 11-10)

Before you begin

To identify the cause of problem, you can force the Kerberos KDC to log its activity in a
file. To force the KDC to produce a log file, change its start-up script and stop/start the

Complete the following steps to activate the Kerberos KDC log.

1 Enter the following command to check free system space in the /var/adm/crash file:
...,root,sys $ bdf /var/adm/crash [Enter]
Result: The system outputs the crash file

2 In the /var/adm/crash file, check the Avail column to determine if more than 10,000
kilobytes are displayed.

3 Enter the following command lines to preserve a safe copy of the KDC start-up
...,root,sys $ cd /sbin/init.d [Enter]
...,root,sys $ cp -p krbsrv [Enter]

4 Using the vi editor, access the krbsrv file and replace the null file output in the kdcd start
command with the log file by changing the following line:
/opt/krb5/sbin/kdcd -l /dev/null
/opt/krb5/sbin/kdcd -l /var/adm/crash/kdcd.log

5 Save the change and exit the file.

11-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Activate the KDC Log
General Troubleshooting

6 Enter the following command to restart the daemon:

...,root,sys $ /sbin/init.d/krbsrv stop ; /sbin/init.d/krbsrv
start [Enter]

7 Deactivate the KDC daemon log. Go to the “Deactivate the KDC Log” (p. 11-10) task for

1350 OMS 11-9
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Deactivate the KDC Log
General Troubleshooting

Deactivate the KDC Log

When to use
Use this task to deactivate the Kerberos KDC log.

Related information
See the following topic in this document:
• “Activate the KDC Log” (p. 11-8)

Before you begin

To deactivate the KDC daemon log, simply replace the modified krbswr file with the
saved one, and stop/start the KDC.

Complete the following steps to deactivate the Kerberos KDC log.

1 Enter the following command lines to restore the saved KDC start-up configuration:
...,root,sys $ cd /sbin/init.d [Enter]
...,root,sys $ mv [Enter]

2 Enter the following command to restart the daemon:

...,root,sys $ /sbin/init.d/krbsrv stop ; /sbin/init.d/krbsrv
start [Enter]

11-10 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Overview
System / Environment

System / Environment

This section explains problems that can arise regarding the system and system


OS Percentage Usage 11-12

Manage Semaphores 11-13
Unlock the Login to the 1350 OMS 11-14
Add Nodes to the 1350 OMS Kerberos System Configuration 11-15

1350 OMS 11-11
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting OS Percentage Usage
System / Environment

OS Percentage Usage
What to do
To investigate the Operating System (OS) percentage usage when the system appears too
slow, use the command top -s1.
The IDLE percentage of the machine must be greater than 0; if the IDLE percentage of
the machine is not greater than 0, problems can exist that are related to the following:
• Processes: too many processes are running and some of them can be looping.
• Memory: the memory usage is too high.

11-12 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Manage Semaphores
System / Environment

Manage Semaphores
When to use
Use this task to manage semaphores.

Related information
See the following topic in this document:
• “Activate the KDC Log” (p. 11-8)

Before you begin

This task does not have any preconditions.

Complete the following steps to manage semaphores.

1 Activate a terminal window on the system server machine.


2 To display the semaphores used in a session, enter the following command:

ipcs -s
Result: The IPC status for the current instance is displayed.

IPC Status from /dev/kmem as of <date/time stamp>

s 29 0x00001c13 --ra-ra---- axadmin gadmin

3 To remove a semaphore, enter the following command:

ipcrm -s 29

1350 OMS 11-13
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Unlock the Login to the 1350 OMS
System / Environment

Unlock the Login to the 1350 OMS

When to use
Use this task to unlock the login to the 1350 OMS.

Related information
This task does not have any related information.

Before you begin

The login is blocked because of /alu/Kernel/data/.loginDB.lock file.

Complete the following steps to unlock the login to the 1350 OMS.

1 Activate a terminal window on the system server machine.


2 Log in to the system as root user.


3 Log in as root and launch the following two commands to delete (rm) the loginDB.lock
file and to create an empty file:
rm /alu/Kernel/data/.loginDB.lock
echo > /alu/Kernel/data/.loginDB

11-14 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Add Nodes to the 1350 OMS Kerberos System Configuration
System / Environment

Add Nodes to the 1350 OMS Kerberos System Configuration

When to use
Use this task to add nodes to the 1350 OMS Kerberos system configuration.

Related information
Kerberos configuration is listed in the following file:

Before you begin

This task does not have any preconditions.


1 Activate a terminal window on the system server machine.


2 Log in into the system as root user.


3 Enter the following command:

/alcatel/Kernel/bin/ -resetKRB
Enter the following command for each node that you have to add:
/alcatel/Kernel/etc/ -add <HOSTNAME>
Enter the following command:

4 Verify if the node is added in the /opt/krb5/krb.conf file.

For example: On a presentation server, the /opt/krb5/krb.conf file must include at least
the presentation node and the master node.
The Kerberos log files are the following:
• /var/log/krb5kdc.log
• /var/log/kadmin.log
• /var/log/krb5lib.log

5 Enter the following command to stop Kerberos services:

/sbin/init.d/krbsrv stop
Note: Ignore any warning messages.
1350 OMS 11-15
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Add Nodes to the 1350 OMS Kerberos System Configuration
System / Environment

6 Enter the following command to start Kerberos services:

/sbin/init.d/krbsrv start
If necessary, enter the following command to check the process:
ps -ef | grep kdcd

11-16 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Overview
System Installation and Customization

System Installation and Customization

This section collects problems that can arise during the system installation phase and
system customization phase.


Troubleshoot 1350 OMS System License Problems 11-18

Remove the WDM Component from the 1350 OMS 11-20

1350 OMS 11-17
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Troubleshoot 1350 OMS System License Problems
System Installation and Customization

Troubleshoot 1350 OMS System License Problems

When to use
Use this task to troubleshoot 1350 OMS system license problems.

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.

Complete the following steps to troubleshoot 1350 OMS system license problems.

1 To determine if any problems exist with the product license, access and read the contents
of the following log file:

2 Upgrade the Go-Global and Kerberos licenses.

Connect to the tlvhho server:
Follow this path:
Validation > Tools > License server
The page shows the list of the license servers. In order to upgrade your machine, enter the
following information:
• HOSTNAME (or the IP address)
Select either ALL FILES, LICENCE FILE, or HOSTS FILE and click the Upgrade button.
Result: An example of the PMC log file follows:

<date/time stamp> ipb062 Global/PMC2: Requested Action [ startup_

sys ] through Command Line
<date/time stamp> ipb062 Global/PMC2: IMSERVER LICENSE: ERROR 1350_8_
CPU_HA_PLTFM#7.1 in 1350_1_CPU#7.1,1350_1_CPU_NR6_UPG#7.1,1350_1_
CPU_MNT#7.1,1350_2_CPU#7.1,1350_2_CPU_NR6_UPG#7.1,1 350_2_CPU_
1350_6_CPU#7.1, 1350_6_CPU_NR6_UPG#7.1,1350_6_CPU_MNT#7.1,1350_8_

11-18 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Troubleshoot 1350 OMS System License Problems
System Installation and Customization
UPG#7.1,1350_6_CPU_HA_PLTFM# 7.1,1350_8_CPU_HA_NR6_UPG#7.1,1350_8_
<date/time stamp> ipb062 Global/PMC2: IMSERVER System status change:
<date/time stamp> ipb062 Global/PMC2: IM LICENSE RESULT: command =
START system
- Execution denied and Force system shutdown
CAUSE: license library error
<date/time stamp> ipb062 Global/PMC2: IMSERVER System status change:

3 Enter the ping command to check the license server connection.


4 Determine if GO-Global uses a port that is different from Poseidon (27000).


5 Check the Poseidon license server upgrade and eventually restart. See Poseidon License
server restart.

6 Upgrade the Go-Global licence. See the GoGlobal Upgrade.


7 Restart the Kerberos application. Stop and start Kerberos services. See “Add Nodes to the
1350 OMS Kerberos System Configuration” (p. 11-15) section.

1350 OMS 11-19
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Remove the WDM Component from the 1350 OMS
System Installation and Customization

Remove the WDM Component from the 1350 OMS

When to use
Use this task to remove the WDM component from the 1350 OMS.
Note: This work around can be used if the -product WDM official patch is
not available.

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.

Use this task to remove the WDM component from the 1350 OMS if the
-product WDM official patch is not available.

1 Open a terminal window on the system and login as root user.


2 Shut down the WDM application.


3 Verify that the platform_startup_daemon is not running by entering the following

command lines:
ps -ef|grep platform_startup_daemon|grep WDM
<NMS_INSTANCE_DIR>/WDM_PLATFORM/script/lt_stop_daemons .

4 Enter the following command lines to run the RemoveWDM application:

. /usr/Systems/WDM_3_9.6.0_Master/WDM_PLATFORM/install/RemoveWDM

5 Enter the following command lines to remove the NMS and NMA directories:
rm -rf /alu/1350OMS9.6/NMS/WDM
rm -rf /alu/1350OMS9.6/NMA/SONET_GUISERVER

11-20 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Remove the WDM Component from the 1350 OMS
System Installation and Customization
rm -rf /alu/1350OMS9.6/NMA/WDM_APPL
rm -rf /alu/1350OMS9.6/NMA/WDM_DB
rm -rf /alu/1350OMS9.6/NMA/WDM_GUISERVER
rm -rf /alu/1350OMS9.6/NMA/WDM_GWS
rm -rf /alu/1350OMS9.6/NMA/WDM_ORBIX
rm -rf /alu/1350OMS9.6/NMA/WDM_PLATFORM
rm -rf /alu/1350OMS9.6/NMA/WDM_REMOTE_EOMS
rm -rf /alcatel/NMS/WDM
rm -rf /alcatel/NMA/SONET_GUISERVER
rm -rf /alcatel/NMA/WDM_APPL
rm -rf /alcatel/NMA/WDM_DB
rm -rf /alcatel/NMA/WDM_GUISERVER
rm -rf /alcatel/NMA/WDM_GWS
rm -rf /alcatel/NMA/WDM_ORBIX
rm -rf /alcatel/NMA/WDM_PLATFORM
rm -rf /alcatel/NMA/WDM_REMOTE_EOMS

6 Enter the following command line to run sw_target_adjuster:


7 Enter the following command line to remove the Info.cfg file:

rm -f /usr/Systems/WDM*Master/Kernel/conf/Info.cfg

8 Enter the following command line to remove WDM_DB directory:

rm -fr /usr/Systems/WDM_?/WDM_DB

Important Notes
After the WDM application has been removed, continue to do the following:
• Perform a new WDM installation, custom, and system configuration.
• For an upgrade to the same WDM load, reload the same WDM using the following
cd /alu/Install_Wizard
./ -force WDM
• In the system configuration phase, the MIB value of ORACLE_DB should be set
always to NEW. The load-to-load upgrade operation is not supported.

1350 OMS 11-21
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Troubleshoot Product Installation Failures (no space/file
Product Installation busy)

Product Installation

Troubleshoot Product Installation Failures (no space/file busy)

When to use
Use this task if the installation of the 1350 OMS fails.

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.

Complete the following steps if the installation of the 1350 OMS fails.

1 Activate a terminal window on the system server machine.


2 Log in into the system as the root user.


3 If the problem that was encountered during installation was no space available, you will
need to extend the file system or the swap area.
To extend the file system, go to step Step 4.
To extend the swap area, go to step Step 5.
If you received the message
Access denied for remote hosts or local hosts during installation, go to
step Step 6.

4 If the problem encountered during installation was no space available, use the following
steps to extend a file system:
Enter the bdf command to get information about file system sizes.
To extend a file system, enter the following command line:
/SCINSTALL/bin/scextendfs <Filesystem name> <free disk space>

11-22 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Troubleshoot Product Installation Failures (no space/file
Product Installation busy)
• <filesystem name> is the name of the file system to be extended.
• <free disk space> is the total amount of disk space (in Megabytes) that will have
to be available after the scextendfs execution.
If the <filesystem name> does not exist, the command will create it.
According to the installation on the machine, keep following files controlled:
• The core file in the maintenance/core directory.
• The GEM server trace files under the EML instance directory.
• The DB log (Mirror Area) under the EML instance directory:
Delete the .arc files if necessary.
• The DB log (Mirror Area) under the SDH instance directory:
Delete the .arc files if necessary.
• The DB log (Mirror Area) under the PKT instance directory:
Delete the .arc files if necessary.
Note: After you extend the file system, remember to force the packages installation
with the -force parameter. For example:
Install <SDH/EML/PKT/...> -force

5 If the problem encountered during installation was no space available, use the following
steps to extend a swap area:
Enter the swapinfo -t command to get information about the swap area.
To extend the swap area, enter the following command:
scextendfs SWAP xxxx
Execute a ps -ef | grep xxxx to have the PID of the process that block the copy and
stop the process using the command kill -9.

6 If you are installing a component from a local depot (and not the standard product
component repository) and you receive an
Access denied for remote hosts or local hosts message, verify the
security files that are authorizing access by remote hosts and users on local host.
For example, in the /.rhosts file, the line root should be present.

1350 OMS 11-23
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Troubleshoot Product Installation Failures (no space/file
Product Installation busy)
This line allows the root user to execute any command on the host.

11-24 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Upgrade the MW-OS Application
Product Installation

Upgrade the MW-OS Application

When to use
Use this task to upgrade the MW-OS application.

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.

Complete the following steps to upgrade the MW-OS application.

1 Enter the following command to remove 1350OMS-MW_OS:

swremove 1350OMS-MW_OS

2 Enter the following two commands to install 1350OMS-MW_OS:

swinstall -s <HOST_IPADDRESS>:<SW_DEPOT> 1350OMS-MW_OS,r=
swinstall -s 1350OMS-MW_OS,
Note: You must always specify the <SW_DEPOT> field; but; you can omit the
<1350OMS-MW_OS PATCH> field.
swinstall -s
In this case, the installation procedure takes the last 1350OMS-MW_OS PATCH that
is present in the specified <SW_DEPOT>.
However, in the <SW_DEPOT>, you can have more than one 1350OMS-MW_OS
PATCH patch; so you can force the installation of a specific 1350OMS-MW_OS
PATCH that is not necessarily the last patch.
Example: The following command installs 1350OMS-MW_OS PATCH 3 from

1350 OMS 11-25
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Upgrade the MW-OS Application
Product Installation
swinstall -s 1350OMS-MW_

11-26 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Configure and Test the Centralized User DB in a Distributed
Product Installation Environment

Configure and Test the Centralized User DB in a Distributed

When to use
Use this task to configure and test the Centralized User-DB in a distributed environment.
With this task, only one machine belongs to the TMN configuration
(masters/presentations) that is running the User-DB. All other machines will authenticate
and perform user account management on this database.

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.

Complete the following steps to configure and test the Centralized User-DB in a
distributed environment.

1 Set up the Centralized User-DB on top of 1350OMS and beyond.

Before installing any machine, create an option file (-opt_file), with the content that is
shown in the “Option file (-opt_file) syntax” (p. 11-28) and store it on the file system.
On each machine that belongs to the TMN configuration, run following command as root
/alu/Kernel/bin/KernelCustomize -opt_file <Full Path Name of the
option file>
After you have run the previous command, run the Custom procedure, without any
special parameters, for all of the NMS Instances that are declared on the machine that you
are installing.
Note: SDH/NPR requires the execution of the Graphical System Config after each
Set up Centralized User-DB on top of 1350OMS
This release differs from the previous release because the Centralized User-DB feature is
automatically configured; meaning, the option file is configured and stored in the fixed
path /alu/1350OMS9.1/Kernel/data/UserDBOptions.cfg The option file should be
present before running the Install_Wizard commands to upgrade/install the software.
Note: If the path does not exist, create it as root user using the following command:
mkdir -p /alu/1350OMS9.1/Kernel/data/

1350 OMS 11-27
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Configure and Test the Centralized User DB in a Distributed
Product Installation Environment

2 To test the feature, configure the following:

• One machine that is a pure presentation (for example, an EML client and an SDH
• One machine that is a pure master (for example, an EML master)
• One machine that is a master for an application, but also includes clients of other
applications (for example, an SDH master plus and EML client)
Note: Each machine could be chosen to host the Centralized User-DB, even if it make
sense to have it on one master.

3 From the configuration that you created, perform the following basic tests:
1. As administrator, connect to each machine belonging to the TMN configuration.
2. Create a few new users. When creating the new users, include profile assignments.
3. For each newly created user, log in to each of the machines and verify that the profile
assignment menus that you enabled for the particular user are available. Base the
verification on the same content that is in the Distributed Configuration. Problems
related to profile content are not impacted by this feature.
4. Backup/Restore the users.
Other tests can be extended to have an exhaustive coverage of the features; but, the tests
that are provided in this step cover the tests that are not done in a security environment
(profile administration).

Option file (-opt_file) syntax

The syntax of the option file for the Centralized User-DB feature is as follows:

11-28 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Configure and Test the Centralized User DB in a Distributed
Product Installation Environment
SERVICE_VALUE: dc=alcatel,dc=com
SERVICE_NAME: spareldap
SERVICE_NAME: spareldaptls
Note: The parameters that you must specify values for are the following:
• <LDAP SERVER IPADDRESS> is the IP address of the machine that acts/runs the
Centralized User-DB.
• <LDAP PORT NUMBER> is the ldap socket port used by the LDAP that is acting as
the Centralized User-DB.
• <LDAP SSL PORT NUMBER> is the ldap SSL socket port that is used by the LDAP
that is acting as the Centralized User-DB

1350 OMS 11-29
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Configure and Test the Centralized User DB in a Distributed
Product Installation Environment
If you do not know which port numbers to use, use the port numbers that other
applications are currently not using on the server. Check the /etc/services file for the
full list of port numbers that are currently in use. If you want to assign port numbers
before you install the machine, we recommend that you use the following ports
because they are typically free of IANA port number assignments:
Note: Beginning with the 1350OMS release, a template of the option file is
available as:
This template must be customized with the specific host and ports values.

11-30 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Overview
Product Customization

Product Customization

This section contains procedures that are useful for 1350 OMS product customizations.


Customize a 1350 OMS Component while Other Components Are Running 11-32
Perform a Manual Customization/De-customization (without using the Install 11-34
Perform a Fast Customization of the MS-GUI Package 11-36
Customizing WDM to Exclude the Remote eOMS 11-38

1350 OMS 11-31
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Customize a 1350 OMS Component while Other Components
Product Customization Are Running

Customize a 1350 OMS Component while Other Components

Are Running
When to use
Use this task to customize a 1350 OMS component while other components are running.

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.


1 To stop processes via the Web Desktop, use the PMC.

To stop processes via the shell, use following commands:
/alu/Kernel/etc/pmc2im EML 1-9.6.0 shutdown_sys
/alu/Kernel/etc/pmc2im SDH 1-9.6.0 shutdown_sys
/alu/Kernel/etc/pmc2im PKT 1-9.6.0 shutdown_sys
/alu/Kernel/etc/pmc2im EOMS 1-9.6.0 shutdown_sys
To verify that no applications are active, enter the following commands :
ps - ef | grep axadmin for EML
ps -ef | grep snml for SDH
ps -ef | grep bmml for PKT
ps -ef | grep oms for EOMS

2 Enter the following commands to check for an instance of EML:

alu/Kernel/etc/pmc2im EML 1-9.6.0 check
echo $?

0 --> RUN
1 --> WRONG
2 --> STOP
4 --> CHANGE in progress

3 Enter the following commands to de-custom the application:

/alu/Kernel/script/Decustom EML 1-9.6.0
/alu/Kernel/script/Decustom SDH 1-9.6.0
/alu/Kernel/script/Decustom PKT 1-9.6.0
/alu/Kernel/script/Decustom EOMS 1-9.6.0

4 Enter the following command to de-custom the Kernel application:

11-32 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Customize a 1350 OMS Component while Other Components
Product Customization Are Running

5 Enter the following commands to clean instances directories:

rm -Rf /usr/Systems/EML_1*
rm -Rf /usr/Systems/SDH_1*
rm -Rf /usr/Systems/PKT_1*
rm -Rf /usr/Systems/EOMS_1*
rm -Rf /usr/Systems/Global*

6 Enter the following commands to restore /etc/services

diff /etc/services /alu/Kernel/data/services.base
cp /alu/Kernel/data/services.base /etc/services

7 Enter the following commands to run a re-installation using Install Wizard:

cd /alu/Install_Wizard/
./Install -Upgrade_All < -fast >

1350 OMS 11-33
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Perform a Manual Customization/De-customization (without
Product Customization using the Install Wizard)

Perform a Manual Customization/De-customization (without

using the Install Wizard)
When to use
Use this task to perform a manual customization/de-customization (without using the
Install Wizard).

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.

Complete the following steps to perform a manual customization/de-customization
(without using the Install Wizard).

1 Enter the following command to customize a component:

/alu/<NR>/Kernel/script/Custom -prd <SYSTEM>-ver <VERSION> -inst
<INSTANCE> -role <ROLE> -name <NAME> -mhost <MASTER HOST NAME> -
mtype <KERNEL TYPE> -drv <DRIVER VERSION> -nointeractive -lang
To customize EML_1-9.6.0, running on host ipb228:
/alu/Kernel/script/Custom -prd EML -ver 9.6.0 -inst 1 -role
Master -name EML_1 -mhost ipb228 -mtype OS-KERNEL -drv 3.0 -
nointeractive -lang en_US

2 Enter the following command to de-customize a component:

/alu/>NR>/Kernel/script/Decustom <SYSTEM> <INSTANCE-VERSION>
For NPR 1-9.6.0 running on host ipb227:
:/alu/Kernel/script/Decustom NPR 1-9.6.0
In addition, enter the following command to clean the file system:
rm -Rf NPR_1 NPR_1-9.6.0 NPR_1_9.6.0_Master
Ignore messages that are similar to the following:

: rm: directory maintenance not removed.

11-34 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Perform a Manual Customization/De-customization (without
Product Customization using the Install Wizard)
Cannot remove current directory or a mount point
rm: directory NPR_1_9.6.0_Master not removed.
Cannot remove current directory or a mount point.
To verify if the de-customization has been executed with success, verify that the
NMS-SYSTEM is not present in /alcatel/Kernel/data/TOC.

1350 OMS 11-35
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Perform a Fast Customization of the MS-GUI Package
Product Customization

Perform a Fast Customization of the MS-GUI Package

When to use
Use this task to perform a fast customization of the MS-GUI package.
Important! To save time, use this task when a new MS-GUI version or patch has to be
installed, customized, and configured on a 1350 OMS system to avoid doing a full 1350
OMS re-customization and re-configuration.

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.

Complete the following steps to perform a fast customization of the MS-GUI package.

1 Log in to the server as root user.


2 Download the MSGUI software packages from the depot directory /alu/DEPOT.

3 Enter the following commands to install the new MS-GUI package.

For 1350 OMS 9.6:
alu/1350OMS9.6.0/INSTALLER/Install 1350OMS `hostname` /
/alu/1350OMS9.6.0/INSTALLER/Install 1350OMS `hostname` /
file=/alu/DEPOT/1350OMS_MSGUI_INT_<version>.tar.gz interactive=no

4 Enter the following command line to customize and configure the MS-GUI:
cd /alu/Install_Wizard/etc/

5 When the customization and configuration phase is finished, enter the following
command line on the master machine to re-enable the navigation to the EML external
/alu/Kernel/bin/ -sys EML -inst 1-9.6.0 -
isys EML -iinst 1-9.6.0

11-36 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Perform a Fast Customization of the MS-GUI Package
Product Customization
Note: In this example, the EML instance is 1.

1350 OMS 11-37
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Customizing WDM to Exclude the Remote eOMS
Product Customization

Customizing WDM to Exclude the Remote eOMS

When to use
Use this task to customize WDM so it excludes the remote eOMS.

Related information
This task does not have any related information.

Before you begin

This task does not have any preconditions.

Complete the following step to customize WDM so it excludes the remote eOMS.

1 In the Customization form, select the following parameter options:

Result: By specifying these parameters, WDM is customized so the remote EOMS is
excluded from the WDM customization and from the system config subsystem list.

11-38 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting PMC2 Process Monitoring
System Applications Management

System Applications Management

PMC2 Process Monitoring

The processes of a product cannot be displayed on client PMC GUI.
Verify the system date of the client PC. The problem arises if the client system date and
time differs for more than five minutes from the master system date and time.
Use the Control Panel -> Date and time to change the client system date and time.
Do not change the Master data and time.

Error while creating connection with pmc gui server

The problem can be solved using a work around restarting the pmc2 gui server :
pmcgs.jar (as reported on the message warning attached)
For example, if its PID is 5270:

root 5270 1 0 Feb 26 ? 9:34 /opt/java1.5/jre/bin/PA_RISC2.0/java -

cp :./pmcgs.jar:/alu/1350OMS9.6/Kernel/lib/lib_java/krb5
Execute the following command:
# kill -9 5270
Verify that the process is in listen (new PID = 21488):

# /alu/Kernel/bin/lsof -P| grep TCP | grep 21488 java 21488 root 70u
IPv4 0x92554200 0t0 TCP *:5007 (LISTEN) !

PMC GUI becomes empty

If the PMC becomes empty, the tree displayed disappears and it does not respond to
To delete the application, open the Task Manager application using
<ctrl>+<Alt>+<Delete> and terminate the task by selecting it from the list.

VIEW permission denied for system services or product

If the VIEW permission is denied, the two possible causes are the following:
• The user has tried to open the Process Monitor GUI too quickly and the system could
be still managing the security configuration structures. Retry to open the Process
Monitor GUI after a few seconds.
• If the problem still occurs, some ldap database structure could be damaged. If the
problem is related to the Global Instance, a work around could be to rebuild the
Global Instance ldap database.
Otherwise, if the problem is related to a specific process instance (e.g. EML_1,
SDH_1, PKT_1, ....), a work around would be to rebuild the process ldap database.
If the problem is related to more than one system, rebuild the entire ldap database.
1350 OMS 11-39
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting PMC2 Process Monitoring
System Applications Management
A product Process Monitor cannot be displayed (double semaphores)
The pmc2im product cannot be stopped because a duplicate semaphore is in the file
/alu/Kernel/data/Semaphores.cfg. This problem has been fixed in delivery 1350 OMS
90075 and beyond. To work around the problem, do the following:

1 Edit the /alu/Kernel/data/Semaphores.cfg file to change the duplicated value with a new
For example PMC2_EOMS_1-9.6.0: 7187
In this case, the product and the instance involved are EOMS_1. (PR_IS in the text.)

2 Make the following corrections in the /usr/Systems/<PR_IS>/Kernel/data/INDEX file:

PMC2_SEM_KEY:<old value>
PMC2_SEM_KEY:<new value>
For example, in the /usr/Systems/EOMS_1/Kernel/data/INDEX file:
PMC2_SEM_KEY: 7187

3 Make the following corrections in the /usr/Systems/<PR_IS>/PMC2/script/pmc2im

export MNGAGE_SEM_KEY=<old value>
export MNGAGE_SEM_KEY=<new value>
For example, in the /usr/Systems/EOMS_1/PMC2/script/pmc2im file:
export MNGAGE_SEM_KEY=7187

4 Enter the following commands to restart the pmc2im product:


5 Make the following corrections in the /usr/Systems/<PS_IS>//Kernel/data/semaphores

PMC2_<PR_IS>:<old value>
11-40 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting PMC2 Process Monitoring
System Applications Management
PMC2_<PR_IS>:<new value>

1350 OMS 11-41
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting SAS, UDM, LDAP
System Applications Management


Clean (or rebuild) the LDAP database
The procedure /alu/Install_Wizard/etc/ cleans the LDAP database. It can be
used before a system configuration. The procedure /alu/Install_Wizard/etc/
-p is used to rebuild the LDAP database. It can be used with or without the product
running. The status of services do not affect the procedure.

1 To clean and repopulate ONLY the Global Instance database, enter the following
commands as the root user:

cd /usr/Systems/Global_Instance/LDAP
rm -f data/db/*
/usr/sbin/slapadd -f conf/slapd.conf -l data/ldap_entry.ldif
find . -name /*.imported | /usr/local/bin/perl -ne 'chomp;$t=$_;s/
cp -p conf/DB_CONFIG data/db/

cd ../SEC/repository
find . -name /*.fad.imported | /usr/local/bin/perl -ne 'chomp;$t=$_;
find . -name /*.imported | /usr/local/bin/perl -ne 'chomp;$t=$_;s/
cd ../integration/script
/ Global Instance version

2 To clean and repopulate ONLY a product Instance database, enter the following
commands as the root user:
If EML_1 is the current EML instance, NMS_USER is axadmin (password is 1353sh); if
SDH_1 is the current SDH instance, NMS_USER is snml (password is system1); if
PKT_1 is the current PKT instance, NMS_USER is bmml (password is system1); if
WDM_1 is the current WDM instance, NMS_USER is wdm (password is lucent!123); if
EOMS_1 is the current EOMS instance, NMS_USER is oms (password is lucent!123).

cd /usr/Systems/<current instance>/LDAP
rm -f data/db/*
/usr/sbin/slapadd -f conf/slapd.conf -l data/ldap_entry.ldif
find . -name /*.imported | /usr/local/bin/perl -ne 'chomp;$t=$_;s/
cp -p conf/DB_CONFIG data/db/

cd ../SEC/repository
find . -name /*.fad.imported | /usr/local/bin/perl -ne 'chomp;$t=$_;
11-42 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting SAS, UDM, LDAP
System Applications Management
find . -name /*.imported | /usr/local/bin/perl -ne 'chomp;$t=$_;s/
cd ../integration/script
./ <system> <instance with version>

Export the LDAP database

The LDAP database is stored as backup with the operator data type, so perform an
operator backup for any OS instance, to have a copy of all existing LDAP databases.
To restore a corrupted LDAP database, perform an operator restore, if a backup was
previously done. For this reason, we strongly recommended to perform an operator
backup, when the OS instances are working well.
To transfer the LDAP database to a safer place, enter the following command to get the
entire tree content of the following directory. Enter the following command for each
EML, SDH, PTK, and EOMS instance.
For example, using the EML instance:
A LDAP database manual backup without using SMF backup tool, can be done by
entering the following commands as root user:

# cd /usr/Systems/EML_1_9.6.0_Master/LDAP/data/export/
# rm ExportedLDAPDB.ldif.gz ExportedUserDB.ldif.gz
# /usr/Systems/EML_1_9.6.0_Master/LDAP/script/
export EML_1_9.6.0 notinteract
The lastest LDAP backup files are the following

Add a user defined in the LDAP to the AdminGroup group

Use the following steps to add a user defined in LDAP to the AdminGroup group:

1 Create the file to be imported (import.ldif), with the list of users to add to the

objectClass: groupOfNames
member: cn=alcatel
member: cn=admin
[add other users if needed]
cn: AdminGroup

1350 OMS 11-43
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting SAS, UDM, LDAP
System Applications Management

2 Enter the following command to edit the content of AdminGroup:

/usr/bin/ldapmodify -D cn=LdapMgr,dc=alcatel,dc=com -p <LDAP_SERVER_

SOCKET_PORT> -h <LDAP_SERVER_HOST> -w “mGr*LDAP” -f import.ldif -
x -v

11-44 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management

Web Desktop Administration

Java Web Start console
How to display the Java Web Start Console
1. For the Windows operating system, launch the javaws shell by entering the following
2. For HP/UX Operating System, log on as the alcatel user and launch the javaws
shell by entering the following command:
How to set the javaws traces to display the Java Web Start Console (both Windows
and HP/UX)
1. Open the Edit menu.
2. Click on Preferences.
3. On the Java Control Panel click on Advanced.
On the debugging node, select the following:
• Enable Tracing
• Enable Logging
4. On the Java Console node, select Show Console.
Java Web Start Console logs
• Windows Operating System:
C:/Documents and Settings/<user>/Application Data/Sun/Java/Deployment/log
• HP/UX Operating System:

Problem with Authentication Services

If a problem is due to LDAP database corruption, do the following:
• The procedure /alu/Install_Wizard/etc/ cleans the LDAP database. It can
be used before a system configuration.
• The procedure /alu/Install_Wizard/etc/ -p rebuilds the LDAP database.
It can be used with or without the product running. The status of services do not affect
the procedure.

User inactivity portal closure

To prevent the LSM portal closure due to user inactivity on Web Desktop, modify one of
the following properties of LSM on the Master station:
Edit the file /usr/Systems/Global_Instance/WebDesktop/SSO_LSM/config/param.cfg
modifying one of the following parameters:

# disable or enable the user inactivity check


1350 OMS 11-45
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management
# Inactivity duration in minutes
# Inactivity duration during login phase in minutes

Common login problems to start the Web Desktop

The following sections provide several reasons why a new Web Desktop instance cannot
Dirty process on client
If a dirty process exists on the client, the Web Desktop login dialog is not displayed.
Check on the client PC to determine if an old java instance, perl instance, or cmd instance
is running and terminate ( kill) them.
The user forgot a password
Important! Do not use this procedure to remove the user password.
The user, logged as alcatel user, can always change the alcatel password by entering the
following command lines:
cd /usr/Systems/Global_Instance_9.6.0_Master/SEC/script/
(login integrator / password integrator)
The User Account management window is displayed:

11-46 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management

Select the user alcatel in the tree on the left panel and click on the Set Password
button on the bottom of the window. Enter and confirm the new password in the popup
window and confirm it with the Change button.
Execute the following command line to find the PID for SAS process.
ps -ef|grep DSAS|grep -v grep
Execute the following command:
kill -9 PID
Where: PID is the pid of the SAS process that was previously found.
UDM problems
If you receive the following message under other windows and you do not acknowledge
this message, the Web Portal cannot be displayed:
UDM manager is not responding, user preference can not be loaded.

1350 OMS 11-47
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management
Note: Sometimes the UDM server does not respond even if it is running correctly.
Many times, you can remove the UDM problem by scratching the UDM persistency
files; but, be aware that this operation will remove all user settings:
cd /usr/Systems/Global_Instance/WACOMO/udm/data/persistency/
rm -rf *
The UDM should now be able to get user connections.
Process blocked on a port
Enter the following command to determine which process uses a port (for example.
lsof | grep TCP | grep ssoLsmPort
If sockets are blocked on LISTEN:
lsof | grep TCP | grep ssoLsmPort | grep LISTEN | while read uno
pid due;
do kill -9 $pid; done
If blocked on a port (for example: ssoLsmPort):
lsof | grep TCP | grep ssoLsmPort | while read uno pid due; do
kill -9 $pid; done
Also see “Application does not start (needs an already used port)” (p. 11-63).
User <user name> not authenticated
If the following message is displayed:
User alcatel not authenticaed. Please retry.
The problem is due to one of the following
• The password is not correct. Please verify it.
• The LDAP database is corrupt. See “SAS, UDM, LDAP” (p. 11-42) to clean/rebuild
the database.

SSO Password Policy

Password settings can be changed using the following configuration file:
The instance is on the following:
The Web Portal must be able to access these settings, so configure the following in the
SSO param.cfg file:
11-48 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management
The instance is on the following:
Make the following change:
If you modify the instance files, you must activate the modifications using the following
• Exit from all open Web Portals.
• Stop and restart the SAS process using following commands:
The file, with the default content, follows:

# ----------------------#
# DefaultPasswordPolicy #
# ----------------------#
# The following parameters are used to define a password policy.
# This one can then be populated into LDAP using
# tool and references by DEFAULT_PASSWORD_POLICY parameters.
# However, this file can be also directly referenced by
# DEFAULT_PASSWORD_POLICY to be used as default password policy by
# In case this file is directly referenced, it is found in
# the order specified in the classpath parameter
# of the java command. The default order where this file should be
# (as defined in the classpath used in the script) is:
# 1) in /sas/config
# 2) in /data/server
# 3) in /sas/template/config
# Therefore, if you are using SEC, you should just check that /data/
# points to the correct SEC Server file or LDAP entry (this insures
that the exact same
# policy is used for SEC and for AWP Change Password feature).
# Otherwise you can just copy this file into /sas/config
# and modify it according to your requirements.
# DefaultPasswordPolicy parameters:
# ----------#
# MinLength #
# ----------#

1350 OMS 11-49
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management
# minimum number of mandatory charaters in the password
# The value can be specified either using the historical SEC
# or the new password policy parameter built from the LDAP schema.
# If both are specified, only the historical SEC paramater will be
# taken into account.
# Hardcoded value is 8
#com.alcatel.almap.sec.defaultPasswordPolicy.MinLength =8
# ----------#
# MinDigits #
# ----------#
# number of digits mandatory in the password
# The value can be specified either using the historical SEC
# or the new password policy parameter built from the LDAP schema.
# If both are specified, only the historical SEC paramater will be
# taken into account.
# Hardcoded value is 1
# -----------#
# MinLetters #
# -----------#
# number of letters (uppercase or lowercase) mandatory in the
# The value can be specified either using the historical SEC
# or the new password policy parameter built from the LDAP schema.
# If both are specified, only the historical SEC paramater will be
# taken into account.
# The paramater almapPwdPolicy.almapPwdMinLetter can also be used
# Hardcoded value is 4
# ------------#
# MinSpecials #
# ------------#
# number of special characters mandatory in the password
# The value can be specified either using the historical SEC
# or the new password policy parameter built from the LDAP schema.
# If both are specified, only the historical SEC paramater will be
# taken into account.
# The special characters list is specified in parameter
# almapPwdPolicy.almapPwdSpecialCharList.
# Hardcoded value is 2
# ------------------------#
# almapPwdSpecialCharList #
# ------------------------#
# list of characters that should be considered as special
# when enforcing a minimum number of special characters policy (see
11-50 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management
# almapPwdMinSpecial)
# WARNING : for specific / and " character, do not forget to preceed
it by a /
# Hardcoded value is `~!@#$%
# ---------------#
# MinUppperCases #
# ---------------#
# number of letters in upper case mandatory in the password
# The value can be specified either using the historical SEC
# or the new password policy parameter built from the LDAP schema.
# If both are specified, only the historical SEC paramater will be
# taken into account.
# Hardcoded value is 1
# --------------#
# MinLowerCases #
# --------------#
# number of letters in lower case mandatory in the password
# The value can be specified either using the historical SEC
# or the new password policy parameter built from the LDAP schema.
# If both are specified, only the historical SEC paramater will be
# taken into account.
# Hardcoded value is 1
# --------------------------#
# almapPwdNbConsecutiveChar #
# --------------------------#
# maximum number of consecutive characters that can
# be used in a password. If value is set to 0,
# no restriction will apply.
# Hardcoded value is 2
# -------------------------#
# almapPwdNoUidCombination #
# -------------------------#
# indicates if the password can or cannot be a case-independent
# re-arrangement of the letters composing the user id (e.g. if the
user id is
# "hantz", the password can or cannot be "ZaNth".
# Hardcoded value is false
# ----------------------#
# almapPwdMayContainUid #
# ----------------------#
# indicates if the password can or cannot contain
# (case-independently) the user id (e.g. if the user id is

1350 OMS 11-51
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management
# "hantz", the password can or cannot be "pwdHAnTZ01".
# Hardcoded value is true
# ------------------#
# almapPwdInHistory #
# ------------------#
# maximum number of used passwords stored in the password
# history. If value is 0, used password are not stored
# and may be reused.
# Hardcoded value is 5
# ---------------#
# almapPwdMinAge #
# ---------------#
# Number of seconds that must elapse since the previous
# before the password can be changed again
# Hardcoded value is 86400 seconds (1 day)
# ---------------#
# almapPwdMaxAge #
# ---------------#
# number of seconds after which a modified password will expire.
# If the value is set to 0, the password does not expire.
# the value must be greater than or equal to the value of
# Hardcoded value is 7776000 seconds (90 days)
# ----------------------#
# almapPwdExpireWarning #
# ----------------------#
# number of seconds which is the period before a password is due to
# During this period (expirationDate - almapPwdExpireWarning), the
# will be notified at login that his password will expire soon and
# he should change it. Note that the value must be less than
# If the value is 0, then no warning will be issued before the
# expires.
# Hardcoded value is 2592000 (30 days)
# -----------------------------#
# almapPwdExpirationGraceDelay #
# -----------------------------#
# number of seconds after a password expiration during which the
user will
# still be allowed to login but will be forced to change his
# After password expiration + grace delay (grace delay can be 0),
# the account is automatically locked,
# Hardcoded value is 1296000 (15 days)

11-52 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management
# -------------------#
# almapPwdMaxFailure #
# -------------------#
# number of consecutive failed authentication attempts after which
# authentication is locked.
# Hardcoded value is 5
# -----------------------------#
# almapPwdFailureCountInterval #
# -----------------------------#
# Amount of time in seconds after which the authentication failure
# number is reset, even though no successful authentication
# If the value is set to 0, the failure attempt number is only reset
# a successful authentication.
# Hardcoded value is 300 (5 minutes)
# ------------------------#
# almapPwdLockoutDuration #
# ------------------------#
# Amount of time in seconds during which the password cannot be use
# If the value is set to 0, a reset of the administrator is
# Hardcoded value is 300 (5 minutes)
# ------------------------#
# almapPwdMaxUnusedPeriod #
# ------------------------#
# Maximum amount of time in seconds after which, if no session has
# the password will be automatically locked.
# Hardcoded value is 0
# ------------------#
# almapPwdAttribute #
# ------------------#
# the name of the attribute used as a password.
# Hardcoded value is userPassword
# -------------------#
# almapPwdEncryption #
# -------------------#
# Indicates if the password should be encrypted or not before
# storing it into the LDAP directory
# Hardcoded value is true
# -----------------------#
1350 OMS 11-53
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Web Desktop Administration
System Applications Management
# almapPwdMinDifferences #
# -----------------------#
# number of Differents in a number of character positions in the
password from
the last one
# Hardcoded value is 2

11-54 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Cannot Connect to the Authentication Server
System Applications Management

Cannot Connect to the Authentication Server

The inability to connect to the Authentication Server occurs when trying to open a Web
Desktop session.
When you cannot connect to the Authentication Server, note the following possible
• The SAS, LDAP, or Security server application is not running.
If the server is not running:
– The SAS server application is not running. Enter the following command to verify
that the server application is running:
ps -ef | grep SAS
– LDAP server applications are not running. Enter the following command to verify
that the server application is running:
ps -ef | grep slapd.
An slapd for each product and one for the global instance should be running.
– Security Server applications are not running Enter the following command to
verify that the server application is running:
ps -ef | grep SecServer.
A Security Server for each product should be running.
• Any hook application cannot be started.
See the following trace file:
The /usr/Systems/Global_Instance/SSO/sas/config/hooks/StartSession.cfg file
defines the list of hook applications that must be started in order to start a session. The
start session will be blocked for the commands that are not launched in the
background mode.
• No space is available.
Space might not be available for the following file system and some processes cannot
write their trace/log files and are aborting.
Determine the percentage of free space, which must be at least 95%, with the
following command:
bdf | grep System.
• nspd has been restarted.
The system could have restarted the nspd application and SAS cannot reconnect it:
– Use the command rm nspd.core to delete the core in
– Enter the following commands to restart the SAS:
1350 OMS 11-55
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Cannot Connect to the Authentication Server
System Applications Management
• host not reachable (using the hostname) :
If you cannot reach a host using its hostname, but you can reach the host using its IP
address, you must add the corresponding host-ip_addresss in the hosts file of the
Personal Computer. The file is located in the following directory:
• Kerberos services are down.
Check Kerberos services using the following command:
ps -ef | grep kdcd
Stop and restart Kerberos services. See the Kerberos configuration section

11-56 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Work Arounds for the MS-GUI
System Applications Management

Work Arounds for the MS-GUI

Restart the common server for MS-GUI
When to use: Use this command if the SDH/PKT search and action menu are not
displayed or are partially displayed. This problem is related to a partial SEC
sychronization problem (explained in a pop-up message) after an installation upgrade.
This command could be useful if the MSGUI does not start.
On master machine, enter the following command line
ps -ef | grep -i comsvr_Global | grep -v grep | awk '{print $2}'
| xargs -i kill -9 {}

EML Show Alarm/Show Equipment from MS-GUI

Complete the following steps to disable the security so users can view Alarm/Equipment
from MS-GUI:

1 Edit line 145 of the /usr/Systems/Global_Instance/WebDesktop/MSGUI/ file

by replacing:

2 Edit line 145 of the /usr/Systems/Global_Instance/WebDesktop/MSGUI/msgui.wsd

file by replacing:
Edit line 61 in the same file by replacing

3 Enter the following command to restart the common server of the Global Instance:
ps -ef | grep -i comsvr_Global | grep -v grep | awk '{print $2}'
| xargs -i kill -9 {}

4 Delete the following file:


1350 OMS 11-57
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Work Arounds for the MS-GUI
System Applications Management

5 On the client machine, use ftp to manually retrieve the IntraSystemsNavigations.cfg file
from the /usr/Systems/EML_1/Kernel/data directory to the C:/tmp/runtimeDir/<host
ip address>/EML_1-9.6.0/Kernel/data client directory.

6 As root user, run the following script

/alu/Kernel/bin/ -sys EML -inst 1-9.6.0 -
isys EML -iinst 1-9.6.0

7 And, remember to run the following command:

/alu/Kernel/script/ -nointeract

EML show equipment from MS-GUI (IntraSystemNavigation)

In some 1350 OMS deliveries, to navigate to EML USM., do the following:
• Verify on client if the directory EML_1-9.6.0/Kernel/data exists.
If the directory is exists, use ftp to retrieve the file IntraSystemsNavigations.cfg
from the directory /usr/Systems/EML_1/Kernel/data to C:/tmp/runtimeDir/<host
ip address>/EML_1-9.6.0/Kernel/data
• Execute on the master server the following command line:
/alu/Kernel/bin/ -sys EML -inst 1-9.6.0 -
isys EML -iinst 1-9.6.0
Use the following command to introduce the KERNEL_DISPATCHER_<EML Instance>
Occasionally (for example after an MSGUI fast customization) to re-enable navigation to
the EML external application, enter the following command on the server:
Example (the instance of EML is 1):
/alu/Kernel/bin/ -sys EML -inst 1-9.6.0 -
isys EML -iinst 1-9.6.0

Recover menu items that are hidden/not sensitive

If menu items are hidden, for example EML, SDH, WDM, or PKT items are not
displayed on the Search menu, the reason can be one of the following:
1. The synchronization between SEC services and the common server is not correct.
Restart the common server using following command:
ps -ef | grep -i comsvr_Global | grep -v grep | awk '{print
$2}' | xargs -i kill -9 {}
Stop and restart the MSGUI.
2. If the previous action does not solve the problem, check the following file:
In the following line:

11-58 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Work Arounds for the MS-GUI
System Applications Management
# list of the used sec servers, format=[ServerId/StandardNS/serverHost:serverPort,
serverId/StandardNS/serverHost:serverPort, ..]
Insert the following:
# list of the used sec servers, format=[ServerId/StandardNS/serverHost:serverPort,
serverId/StandardNS/serverHost:serverPort, ..]
com.alcatel.almap.sec.jacapi7.servers=1/ SecServer_PKT_1-
9.6.0/,2/ SecServer_WDM_1-9.6.0/,3/
SecServer_SDH_1-9.6.0/,4/ SecServer_EML_1-
Restart the common server using the following command:
ps -ef | grep -i comsvr_Global | grep -v grep | awk '{print
$2}' | xargs -i kill -9 {}
Stop and restart the MSGUI.
3. If the previous action does not solve the problem, a bad customization of the product
(e.g. EML) could exist. Stop the server for the product (see How to restart the
services) and re-customize the product.
If the items are present but not sensitive, the GUI server that is related to the system is not
correctly connected. See “Server is not correctly connected in the MS-GUI” (p. 11-59).
Only as an extreme work around, comment the content of the FADMapping.xml file:
And restart the MS-GUI.

Server is not correctly connected in the MS-GUI

If the server is not correctly connected in the MS-GUI, look in the menu files, button
• If PKT is not connected, restart PktGuiServer on the master (or presentation )
machine. Find the PID with the following command:
ps -ef | grep -i PktGui
Enter the following command:
Kill -9 PID
• If MAP is not connected, restart TopoGuiServer on the master (or presentation )
machine. Find the PID with the following command:
ps -ef | grep -i Topo
Enter the following command:
Kill -9 PID
• If TDM is not connected, restart TdmGuiServer on the master (or presentation )
machine. Find the PID with the following command:
ps -ef | grep -i TdmGui
Enter the following command:
Kill -9 PID
1350 OMS 11-59
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Work Arounds for the MS-GUI
System Applications Management
• If TM is not connected, restart PnmGs on the master (or presentation ) machine. Find
the PID with the following command:
ps -ef | grep -i Pnm_GS
Enter the following command:
Kill -9 PID
• If WDM is not connected, restart the WDM GUI server on the master (or presentation
) machine.
The WDM GUI server can be restarted using the following procedure:
Login as wdm user.
Enter the following command lines:

11-60 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Work Arounds for Database Management
System Applications Management

Work Arounds for Database Management

EML Database Corruption
Complete the following steps if the EML database is corrupt:
1. Stop the EML system.
2. Execute following commands:
rm /usr/Systems/<INSTANCE>/databases/dbaxadmin/data/MYSQL/
rm /usr/Systems/<INSTANCE>/MirrorArea/<INSTANCE>/axadmin/arch/
3. After execution, restart the EML.

Rebuild TMF Server Database

Complete the following steps to rebuild the TMF server database.
If the TMF server application cannot start, enter the following commands to rebuild the
GEM database:
1. If the TMF server application cannot start, enter the following commands to rebuild
the GEM database:
cd /usr/Systems/EML_1_9.6.0_Master/MYSQL/script
2. Start MySQL and stop the AppServer process. (The EMLIM group normally has
index 100).
cd /usr/Systems/EML_1_9.6.0_Master/EMLIMGEM3/script
3. When the NMA package is installed, create the GEM database.
Note: This step is mandatory for the first installation of this NMA_9.6.0.04 load,
because this load delivers a separate MySQL instance. The step may be skipped for
the future loads if you want to retain the old GEM database.
4. Enter the following commands:
cd /usr/Systems/EML_<ID>/NMAMYSQL
cd /usr/Systems/EML_/EMLIMGEM3/script

Stop and Start SDH Database

To connect the Oracle database, enter the following commands to stop and start it

su - snml
. /snml1/.snmlrc
/usr/Systems/SDH_1/ORACLE/databases/dbnml/etc/stop_db immediate
Note: To determine if there is enough disk space, execute the following command:

1350 OMS 11-61
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Work Arounds for Database Management
System Applications Management

su - snml
. /snml1/.snmlrc
sqlplus sys/manager as sysdba
If the space is reduced, enter the following command to remove archive files
rm *.arch

eOMS Database Setup

When the system is installed on a scratch machine and, after EOMS system configuration,
the procedure reports some errors about the connection to the Oracle Database. We
suggest that you enter the following commands:

/opt/lucent/platform/bin/lt_add_controller -install
/opt/lucent/platform/bin/lt_add_controller -type NMA -name EML_1_NMA

11-62 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting General Work Arounds for Application Problems
System Applications Management

General Work Arounds for Application Problems

Application does not start (needs an already used port)
If an application does not start and if you look at its trace file in the
/usr/System/<Instance>/maintenenace/trace directory and you determine that another
application is already using the port, and that port is the busy port and that application is
that application that keeps the port in use, then use the kill command to terminate that
For example, if AS_CUR_IM in EOMS did not start, use the
grep -i ascurim /etc/services | grep -i eoms command to display the port
information, which will be similar to the following output:

ascurim_corba_socket_EOMS_1-9.6.0 5087/tcp
# Added by OS-Kernel (Relocatable Service) <date/time stamp>
ASCURIM__1_EOMS_1-9.6.0 5175/tcp
# Added by OS-Kernel (Relocatable Service) <date/time stamp>
ASCURIM__2_EOMS_1-9.6.0 5176/tcp
# Added by OS-Kernel (Relocatable Service) <date/time stamp>
Use the command netstat -an | grep 5175 to display the state of the port. Output
similar to the following is displayed:

tcp 0 0

tcp 0 0
tcp 0 0 *.5175 *.* LISTEN
tcp 0 0
Use the command /alu/Kernel/bin/lsof -P | grep TCP | grep 5175, which
is the PID of the application that keeps port 5175 in use. Output similar to the following is

pnmim 16482 axadmin 18u IPv4 0xe00000016e7ff200 0t0 TCP ipb062:60309->

ipb062:5175 (ESTABLISHED)
epimd 20440 root 3u IPv4 0xe00000016e4acac0 0t0 TCP *:5175
epimd 20440 root 11u IPv4 0xe0000001700fc580 0t0 TCP ipb062:5175->
ipb062:56107 (ESTABLISHED)
epimd 20440 root 12u IPv4 0xe00000017143eac0 0t0 TCP ipb062:5175->
ipb062:60309 (ESTABLISHED)
fmcurusms 26910 root 13u IPv4 0xe000000171582740 0t0 TCP ipb062:56107->
ipb062:5175 (ESTABLISHED)
Enter the command:
ps -ef | grep 20440 root 20440 1 0 Feb 23 ? 1:54 epim_cmis_
Enter the following command to unblock the port and to start AS_CUR_IM of EOMS:

1350 OMS 11-63
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting General Work Arounds for Application Problems
System Applications Management
kill -9 20440

Oracle monitor application is down but there are active oracle processes
If the oracle_monitor_process is down, but the command
ps -u axadmin | grep oracle returns an existing process, we suggest that you, as
the axadmin user on EML master server, manually shutdown the current Oracle instance.
Note: oracle is also the password that you have to enter.

cd /usr/Systems/EML_*Master/eml/EMLIMSNA/script/
. set_sna_env
sqlplus /nolog
SQL*Plus: Release <release number> - Production on <date/time stamp>
Copyright (c) 1982, 2006, Oracle. All Rights Reserved
SQL> connect as sysdba;
Enter user-name: oracle
Enter password: Connected.
SQL> shutdown abort;

11-64 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Work Arounds for File System Management
System Applications Management

Work Arounds for File System Management

EML File System Full
If the EML file system is full, the problem could be related to the mirror area.
If the MySql database is installed, complete the following steps. In the example given, the
EML instance is 1:
1. Verify that MySQL is NOT running; then, stop the EML instance.
2. Enter the following command lines:
cd /usr/Systems/EML_1_9.6.0_Master/MirrorArea/EML_1-9.6.0/
rm ipb021-bin.*
touch ipb021-bin.index
In the previous step, you could have saved space, but the command would be the
In general, the command is the following:

SDH File System is Full

If the SDH file system is full, the problem could be related to the Mirror Area.
Complete the following steps:
1. Verify that the MySQL is not running; then, stop SDH instance:
2. Enter the following commands:
cd /usr/Systems/SDH_1_9.6.0_Master/MirrorArea/SDH_1-9.6.0/
rm *.arc

PKT File System Full

If the PKT file system is full, the problem could be related to the Mirror Area.
Complete the following steps:
1. Verify that the MySQL is not running; then, stop PKT instance:
2. Enter the following commands:
cd /usr/Systems/PKT_1_9.6.0_Master/MirrorArea/bmml/arch
rm *.arc
To completely clean PKT tables, complete the following steps
1. Stop all PKT applications, except Oracle Database.
2. Connect to the system using the su -bmmml command.
3. Launch the following script:

1350 OMS 11-65
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Work Arounds for File System Management
System Applications Management
4. Restart the PKT application.

Oracle file system full

If /opt/Oracle reaches 100%, a bug in Oracle occurs.
Complete the following steps:
1. Change directories to the following directory:
2. Use the following command to remove an archive file that has the format
rm archarch_*.arc

11-66 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Abbreviations
NMA Basic Debug/Configuration Notes

NMA Basic Debug/Configuration Notes

The NMA includes two basic sets of logs, each of which can be modified while the server
is up-and-running:
• Debug/Trace logs, which trace the NMA server actions.
• TL1 logs, which trace the TL1 sent to and received from the NE messages.

Trace/Debug logs
Trace logs are located in the maintenance/gemtrace directory. The basic log files are the
• gemServer_ems.trace
• gemServer_ems.error
• tmfserver.trace
• tmfserver.error
• jboss_gemServer_ems.log
When logs reach a maximum size, a new log file is created and the old logs are
renumbered. The logs contain the following:
• gemServer_ems.trace and gemServer_ems.error
These logs contain tracing for NMA logged from NMA code. If NMA catches an error
and logs it, it will be in these files. At the default INFO level, this log contains major
events such as starting/completing domain alignment and TL1 commands and their
time to completion (TL1 responses are not logged here).
• tmfserver.trace and tmfserver.error
These logs contain tracing for the TMF server.
• jboss_gemServer_ems.log
This file contains log records from JBoss itself, which includes error messages from
exceptions that are thrown by NMA, but are not caught by NMA (caught by JBoss) .
Additionally, a jboss_gemServer.stdout file captures the standard output of the Java
process. Generally, this file is not used, but thread dumps are written to this file.
These log files are based on a log4j logging package from the Apache group
( The log4j-defined server-configuration file that controls
logging for the TMF server is the following:
This file, which can be modified, is located in the following directory:
The logging system is based on a hierarchy of named loggers, the base of which is

1350 OMS 11-67
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Logging
NMA Basic Debug/Configuration Notes
Two additional loggers are the following:
– com.alcatel.gem.trace.tl1pc
– com.alcatel.gem.trace.exsnmp
Jboss logging is also based on the same log4j package and detailed logging of JBoss
is also possible. A sample file (Log4J.xml) gives examples for turning on more
detailed JBoss logging, shows how to write to new files, and shows how to set the log
level to specific values for various named loggers.

TL1 logs
TL1 logs are also implemented using log4j, but are not controlled by a typical log4j
configuration file because the logger names are the NE names are therefore dynamic.
Configuration of these files is through the typical configuration used by end users.
TL1 logs are at a low level and they are unprocessed other than basic TL1 parsing. The
content of the TL1 log is basically what comes from the NE−the exact text of the TL1
command, responses, events, and acknowledgements. RTRV-PM commands/responses
are filtered out by defaul, which is controlled by a configuration value.
The TL1 log also shows entries when a session is opened, closed, and fails. TL1
command failure is also logged. One TL1 log file is set for each NE that rolls based on
time (not size) and thus can get large.
The following file:
contains configuration parameters to control the TL1 logs. Most parameters are well
documented in the XML comments in this file. Changes to TL1 logging do not take affect
until supervision is stopped and restarted. The server does not have to be restarted.
Two additional parameters are available:
• tl1comm.neLogMaxDaysKept determines the number of days of TL1 logs that are
kept. The default is 7. The value can range from [1, 14].
• If tl1comm.includeInLogPM is true, RTRV-PM-* commands and responses are
included in the TL1 logs.

TL1 I/O logs

TL1 parsing engines also support an additional log, which is named using random
numbers, that is intended to debug I/O problems with an NE. This logging occurs even
before TL1 parsing, and thus can be used to debug scenarios in which an NE is sending
invalid characters or TL1. This log file does not roll; meaning, it can continue to grow
and it is not easy to use and should only be used when really needed.
The configuration file EMLIMGEM3/jboss/server/ems/deploy/properties-service.xml
can also contain these values.

11-68 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Logging
NMA Basic Debug/Configuration Notes
The following configuration parameters control this logging:
• neIOLogPath controls which directory these I/O logs are created in. The directory
must already exist.
• neIOLogFlag controls the logging. Possible values are in, out, or both. Any other
value implies the feature is off. The in value logs all input from the NE. The out value
logs all output to the NE, and both logs both input and output.
Possible values are the following
– in logs all input to the NE
– out logs all output from the NE.
– both logs both input and output to the NE.
– Any other value besides in, out, or both implies that the feature is off.
When turned on, at supervision time, a file named tl1io_xxxxx.debug is be created that
contains all characters sent over this socket based on the configuration. If multiple NEs
are sharing the same socket (GNE with RNEs), all characters are logged to the same file.
This is a character-by-character log and has no knowledge of TL1 of the NEs involved.
This file also never rolls. Everything from socket open to close is logged into the same
file and the file is never removed. It must be manually removed. Changes to this
configuration require stopping/starting supervision. Use this log only to debug cases
where the NE generates illegal TL1 that the normal parsing rejects and thus is not seen in
the normal TL1 logs. Do not leave this logging on for long time because you will run out
of disk space.

1350 OMS 11-69
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Configuration
NMA Basic Debug/Configuration Notes

The NMA/JBoss combination includes a large number of configuration files to control,
but NMA only adds a few of its own. One is designated for parameters that the end user
can modify. Others should be determined at installation time and not changed.

User configurable file

The file EMLIMGEM3/jboss/server/ems/deploy/properties-service.xml contains
configuration values intended for the end user. The general rule is that changes that are
made here are reflected as soon as possible For example, changes to TL1 time-outs will
be used after only a few seconds. Changes to logging require the starting/stopping of
The administrator must be familiar with the behavior of the system in case the values in
this file are missing or invalid.
As an example, assume a numerical parameter has a range of [10, 20] and a default of 15.
If the user configures a value of 1, 10 will be used. If the user configures a value of 37, 20
will be used. If the user configures a value of “foo” the system will use 15 (the default).
Most available parameters that can be used in this file are well documented. There are a
couple of exceptions (PM and the TL1 I/O logs previously defined).

Non-user configurable file

In addition to the user-configurable
EMLIMGEM3/jboss/server/ems/deploy/properties-service.xml file, another
configuration file, the file EMLIMGEM3/jboss/server/ems/deploy/gemcfg-
service.xml, contains parameters that should not be used by a user and could leave the
system unstable if configured incorrectly. There are some important values here that are
discussed below.
• eclipse.PostRIGenerationCmd specifies where to write RI information. If not
configured, no RI information will be output.
• eclipse.RIOutputDir specifies the command to run after RI information is generated.
If not configured, no command is run. Note that this is independent of the generation.
It is possible to generate the file and not run the command.
• ne.supervisionLimit specifies the maximum number of NEs that can be supervised at
one time. There is no limit on the number of NEs that can be declared. This value is
DES encrypted using the class com.alcatel.gem.des.Mangle.
The following jython script can generate a new value that limits supervision to 100
– from com.alcatel.gem.des import Mangle
– print Mangle.mangle (‘100’)
The output value can be used directly.
• jboss-mysql.force.innodb forces JBoss to create tables of the type InnoDB, which
should only be used with MySQL.
11-70 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Configuration
NMA Basic Debug/Configuration Notes
Other Configuration
Other configuration values are usually based on built in JBoss values. These can generally
be found in two places.
• Files in the EMLIMGEM3/jboss/server/ems/deploy are scanned by Jboss and are
loaded when possible. Avoid saving backup files and other files in this directory.
JBoss will scan them and try to deploy them. Saving a jar file in this directory is a
sure way to cause problems. Contained directories may also cause problems, but it
depends on the directory and the rules for loading the contents of the contained
directory. For example, anything in the jms directory will be treated just like files in
the deploy directory. Files in the gem.ear directory are not reloaded if the
gem.ear/META-INF/application.xml file (or the jboss-app.xml file) are not also
modified (touched). It is safer to simply not keep backup copies in this directory.
• Files in the EMLIMGEM3/jboss/server/ems/conf directory are loaded by JBoss on
startup only. The log4j.xml file is the only exception. Documentation on most of these
files (and some in the deploy directory) can be found at the JBoss web site

1350 OMS 11-71
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Troubleshooting Configuration


11-72 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
12 GSP and MP Configuration

This chapter provides the 1350 OMS system administrator with the conceptual
information and the associated tasks that pertain to the Guardian Service Processor (GSP)
and the Management Processor (MP).


GSP and MP Overview 12-2

Configure the GSP 12-3
Verify Access to the GSP LAN Console 12-11
Access to the GSP Console 12-13
Configure the MP 12-15

1350 OMS 12-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration GSP and MP Overview


GSP and MP Overview

Two types of configurations
The HP9000 Servers are configured with either of the following:
• Guardian Service Processor (GSP)
• Management Processor (MP)
Note: The service processor in HP® servers is sometimes called the HP® Guardian
Service Processor (GSP) or the HP® Management Processor (MP). The service
processor is a service and console subsystem on the HP9000 Servers.

Functional requirements
To use the system console, the administrator must use a local VT100 terminal or a PC
with a VT100 terminal emulator.
The GSP can be configured so the system console can be used through a LAN
connection. In addition, GSP rev B provides web console functionality.
If a PC with the VT100 terminal emulator is in use, the administrator must have an
RS-232, 9-24 pin male/male cable adapter.

12-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the GSP


Configure the GSP

When to use
Use this task to configure the Guardian Service Processor (GSP).

Related information
See the following topic in this document:
• “GSP and MP Overview” (p. 12-2)

Before you begin

This task consists of the following tasks:
• “Task 1: Access the GSP” (p. 12-3)
• “Task 2: Configure the GSP LAN Console” (p. 12-4)
• “Task 3: Configure the Administrator Profile” (p. 12-6)
• “Task 4: Configure the LAN Access” (p. 12-9)
To configure the GSP LAN console, you must have the following information available:
• An IP address for the GSP
• A hostname for GSP
• The subnet mask
• The IP address of the gateway
• Username for GSP administrator (optional)
• Password for GSP administrator (optional)
The output samples that are provided in this task are samples from GSP rev A. GSP rev B
might have output that differs.

Task 1: Access the GSP

Complete the following steps to configure the Guardian Service Processor (GSP).

1 Connect a terminal or a PC to the console serial port.


2 Press the Control + b keys to enter the GSP:

Result: The tool outputs a display that is similar to the following:

Leaving Console Mode-you may lose write access. When Console Mode
Ecf to get console write access

1350 OMS 12-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the GSP


3 Press the Enter key:

Result: The tool outputs a display that is similar to the following:

[Read only - use

Ecf for console write access.]

4 If the GSP prompt is not displayed, enter the following:

c f
Result: The GSP>prompt is displayed.

Task 2: Configure the GSP LAN Console

Complete the following steps to configure the GSP LAN console.

1 At the GSP> prompt, enter the following command to modify LAN connections:
lc [Enter]
Result: The GSP outputs a display that is similar to the following:

This command allows you to modify the LAN configuration.

Current configuration:
MAC Address : 0x00306e0860d4
IP Address :
GSP Host Name: uninitialized
Subnet Mask :
Gateway :

2 At the following prompt, enter Y to modify the LAN configuration:

Do you want to modify the LAN configuration? (Y/[N]) Y
Result: The GSP outputs a display that is similar to the following that shows the
current IP address and prompts you for a modification decision:

Current IP Address:

Do you want to modify it? (Y/[N])

3 At the following prompt, enter Y to modify the current IP address that is displayed:

12-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the GSP

Do you want to modify it? (Y/[N]) Y [Enter]

4 At the following prompt, enter the current IP address of the GSP LAN:
Enter new IP Address: <GSP LAN IP Address> [Enter]
Result: The GSP outputs a display that is similar to the following:
New IP Address: <GSP LAN IP Address>

5 At the following prompt, confirm the current IP address of the GSP LAN if it is correct:
New IP Address: <GSP LAN IP Address>
Confirm? (Y/[N]) Y [Enter]
Result: The GSP outputs a display that is similar to the following:
* IP Address will be updated.
In a series of prompts, the GSP prompts you for modifications to the hostname, subnet
mask, and gateway.

6 At the following prompts, enter the appropriate information regarding the GSP host name:
Current GSP Host Name: uninitialized
Do you want to modify it? (Y/[N]) Y [Enter]
Enter new GSP Host Name: <hostname> [Enter]
Result: The GSP outputs a display that is similar to the following:
-> GSP Host Name will be updated.
The GSP now prompts for the current subnet mask.

7 At the following prompts, enter the appropriate information regarding the subnet mask:
Current Subnet Mask:
Do you want to modify it? (Y/[N]) Y [Enter]
Enter new Subnet Mask: <subnet mask> [Enter]
Result: The GSP outputs a display that is similar to the following:
-> Subnet Mask will be updated.
The GSP now prompts for the current gateway.

8 At the following prompts, enter the appropriate information regarding the gateway:
Current Gateway:
Do you want to modify it? (Y/[N]) (Default will be IP Address Y

1350 OMS 12-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the GSP

Enter new Gateway: <gateway IP address> [Enter]
New Gateway: <gateway IP address>
Confirm? (Y/[N]) Y [Enter]
Result: The GSP outputs a display that is similar to the following and the GSP
prompt reappears:

-> Gateway will be updated.

-> Settings have been updated.


Task 3: Configure the Administrator Profile

Complete the following steps to configure the administrator profile:

1 At the GSP> prompt, enter the following command to modify the security options so you
can configure the administrator profile:
so [Enter]
Result: The GSP outputs a display that is similar to the following:

This command allow you to modify the security options and access control.
GSP wide parameters are:
. Login Timeout: 1 minutes.
. Number of Password Faults allowed: 3
. Flow Control Timeout: 5 minutes.

2 At the following prompt, enter n so the GSP wide parameters are not modified:
Do you want to modify the GSP wide parameters? (Y/[N]) n
Result: The GSP outputs a display that is similar to the following about the first user
profile. Note all the fields are empty:

User number 1 parameters are:

. User's Name:
. User's Login:
. Organization's Name:
. Dial-back configuration: Disabled
. Access Level: Operator
. Mode: Single
. User's state: Disabled

3 At the following prompt, enter y so you can modify the user number 1 parameters:

12-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the GSP

Do you want to modify the user number 1 parameters? (Y/[N]/Q to
quit) y
Result: The GSP outputs a series of prompts about the current and new user name.

4 At the following prompts, enter the required information for the current and new user
Current User's Name [Enter]
Enter new User's Name root [Enter]
New User's Name root [Enter]
Confirm? (Y/[N]) Y [Enter]
Result: The GSP outputs a message similar to the following about current and new
user name.
-> User's Name will be updated.
The GSP now prompts you for organizational name changes.

5 At the following prompt, enter n so you do not modify the organization name:
Current Organization's Name:
Do you want to modify it? (Y/[N]) N
Result: The GSP outputs a series of prompts about the user name for the login.

6 At the following prompts, enter the required information for the user name for the login.
Logging in as root is not mandatory.
Enter new Login root [Enter]
Enter new Login for confirmation root [Enter]
Result: The GSP outputs a message similar to the following about the current and
new user name.
-> Login will be updated.
The GSP now prompts you for password changes.

7 At the following prompts, enter the required information for the password, which is not
Do you want to modify the current password? (Y/[N]) Y
Enter new Password <type new password here> [Enter]
Enter new Password for confirmation
<re-type new password here> [Enter]

1350 OMS 12-7
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the GSP

Result: The GSP outputs a message similar to the following about the password.
-> Password will be updated.
The GSP now prompts you for dial-back options.

8 At the following prompt, enter n so you do not modify the dial-back options:
Current Dial-back configuration: Disabled
Do you want to modify it? (Y/[N]) N
Result: The GSP outputs a series of prompts about the access level.

9 At the following prompts, enter the required information for the access level:
Current Access Level: Operator
Do you want to modify it? (Y/[N]) Y
Enter new Access Level (Operator / Administrator) A [Enter]
New Access Level: Administrator
Confirm? (Y/[N]): Y [Enter]
Result: The GSP outputs a message similar to the following about the access level.
-> Access level will be updated.
The GSP now prompts you for mode options.

10 At the following prompts, enter the required information for the mode:
Current Mode: Single
Do you want to modify it? (Y/[N]) Y
Enter new Mode (Single / Multiple): M [Enter]
New Mode: Multiple
Confirm? (Y/[N]): Y [Enter]
Result: The GSP outputs a message similar to the following about the mode.
-> Mode will be updated.
The GSP now prompts you for user state options.

11 At the following prompts, enter the required information for the current user state:
Current User's state: Disabled
Do you want to modify it? (Y/[N]) Y
Enter new User's state (Enabled / Disabled): E [Enter]
New User's state: Enabled

12-8 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the GSP

Confirm? (Y/[N]): Y [Enter]
Result: The GSP outputs a message similar to the following about the user.
-> User's will be updated.
The GSP now outputs a display similar to the following for the second user profile:

User number 2 parameters are:

. User's Name:
. User's Login:
. Organization's Name:
. Dial-back configuration: Disabled
. Access Level: Operator
. Mode: Single
. User's state: Disabled

12 At the following prompt, enter q to quit the prompting sequence so the second user
profile is not modified:
Do you want to modify the user number 2 parameters? (Y/[N]/Q to
quit) q
Result: The GSP outputs a message similar to the following:

-> Settings have been updated.

User may be disconnected in this process


Task 4: Configure the LAN Access

Complete the following steps to configure the LAN access.

1 At the GSP> prompt, enter the following command to enable LAN access:
el [Enter]
Result: The GSP outputs a display that is similar to the following:

Current LAN port access: Disabled

Do you want to modify this configuration? (Y/[N]) y [Enter]
LAN port access options:
Note for GSP rev A, a display similar to the following is output:

[A] All access enabled

[D] All access disabled
Note for GSP rev B, a display similar to the following is output:

[A] All access enabled - both Telnet and Web

[D] Disable LAN port - prevent Telnet and Web access
[T] Telnet only enabled
1350 OMS 12-9
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the GSP

[W] Web only enabled

2 At the following prompts, enter A to enable all access:

Please indicate the new mode for the LAN port,
or <CR> to retain current value. Choose one of (...): A [Enter]
Result: The GSP outputs a display that is similar to the following that shows that the
new LAN port settings are enabled:
New LAN port access settings will be: Enabled

3 At the following prompt, enter Y to confirm the settings:

Confirm? (Y/[N]): Y [Enter]
Result: The GSP outputs a display that is similar to the following that shows that the
new LAN port settings are enabled:
Current LAN port access: Enabled

12-10 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Verify Access to the GSP LAN Console


Verify Access to the GSP LAN Console

When to use
Use this task to verify access to the GSP LAN console.

Related information
See the following topic in this document:
• “GSP and MP Overview” (p. 12-2)

Before you begin

The behavior of the GSP is dependent on the last connection; therefore, the output
samples that are displayed in this task might differ from your output.

Complete the following steps to verify access to the GSP LAN console.

1 Enter the following command to connect to the GSP:

....,sys,root # telnet <GSP IP Address> [Enter]
Result: The GSP displays output that is similar to the following:

Connected to .......
Escape character is '
Local flow control off
Service Processor login: root
Service Processor password:
Hewlett-Packard Guardian Service Processor
9000/800/L1000-36 System Name:

2 At the following prompt, press the Enter key:

9000/800/L1000-36 System Name: [Enter]
Result: The GSP displays output that is similar to the following:
[Read only - use Ecf for console write access.]

3 At the following prompt, enter the following command:

[Read only - use Ecf for console write access.]
<Ctrl>+E c f [Enter]
Result: The GSP displays output that is similar to the following:
[bumped user - ]
1350 OMS 12-11
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Verify Access to the GSP LAN Console


4 At the following prompt, enter the following command:

[bumped user - ] <Ctrl>+B [Enter]
Result: The GSP displays output that is similar to the following:
Leaving Console Mode - you may lose write access. When
Console Mode returns, type Ecf to get console write
access. GSP>

5 Enter the following command sequence to close the connection:

And, at the Telnet prompt, enter the following:
close [Enter]

12-12 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Access to the GSP Console


Access to the GSP Console

When to use
Use this task to access to the GSP console.

Related information
See the following topic in this document:
• “GSP and MP Overview” (p. 12-2)

Before you begin

The behavior of the GSP is dependent on the last connection; therefore, the output
samples that are displayed in this task might differ from your output.

Complete the following steps to access the GSP console.

1 Complete the steps in the “Task 1: Access the GSP” (p. 12-3) task.

2 At the GSP> prompt, enter the following command to get into console mode in the GSP:
co [Enter]
Result: The GSP outputs a display that is similar to the following:

Leaving Guardian Service Processor Command Interface and entering

Console mode. Type Ctrl-B to reactivate the GSP Command Interface.

3 At the following prompt, press the Enter key:

Type Ctrl-B to reactivate the GSP Command Interface. [Enter]
Result: The GSP displays output that is similar to the following:
[Read only - use Ecf for console write access.]

4 At the following prompt, enter the following command:

[Read only - use Ecf for console write access.]
<Ctrl>+E c f [Enter]
Result: The GSP displays output that is similar to the following:
[bumped user - ]

5 At the following prompt, enter the following command:

1350 OMS 12-13
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Access to the GSP Console

[bumped user - ] [Enter]
Result: The GSP displays output that is similar to the following:
GenericSysName [HP Release B.11.31] (see /etc/issue)
Console Login:

6 At the following prompt, log in and continue the login process:

Console Login: <user ID> [Enter]

12-14 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the MP


Configure the MP
When to use
Use this task to configure the Management Processor (MP).

Related information
See the following topic in this document:
• “GSP and MP Overview” (p. 12-2)

Before you begin

To configure the MP LAN console, you must have the following information available:
• An IP address for the MP
• A hostname for the MP
• The subnetmask
• The IP address of the gateway
Once you access the MP, you can enter HE to get help on any MP function.

Complete the following steps to configure the Management Processor (MP).

1 Connect a terminal or a PC to the console serial RS-232 port.


2 Press the Enter to enter the MP:

Result: The tool requests you to log in.

3 At the following prompts, enter the Admin login and password to access the MP:
MP password:
MP login: Admin
MP password: Admin
Result: The tool outputs a welcome screen, followed by a display that is similar to
the following:

CO: Consoles
VFP: Virtual Front Panel (partition status)
CM: Command Menu
CL: Console Logs
SL: Show chassis Logs
1350 OMS 12-15
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the MP

HE: Help
X: Exit Connection
Note at any time you can enter HE to get help on any MP function.

4 At the MP> prompt, enter the CM command to access the Command Menu:
Result: The tool outputs the MP:CM> prompt and a display that is similar to the
Enter HE to get a list of available commands

5 At the MP:CM> prompt, enter the LC command to access the LAN console:
Result: The tool outputs a display that is similar to the following:

This command modifies the LAN parameters.

Current configuration of MP LAN interface
MAC address : 00:30:6e:38:b2:d0
IP address : (0xef000001)
Hostname : notdefined
Subnet mask : (0xff000000)
Gateway : (0x00000000)
Status : UP and RUNNING
AutoNegotiate : Enabled
Data Rate : 10 Mb/s
Duplex : Half
Error Count : 46e
Last Error : rx FIFO overflow
The tool then prompts you to modify the LAN configuration.

6 At the following prompt, enter Y to modify the LAN configuration:

Do you want to modify the configuration for the customer LAN?(Y/
[N]) Y
Result: The tool then prompts you to change the IP address.

7 At the following prompts, enter the appropriate information regarding the IP address:
Current IP Address is:
Do you want to modify it? (Y/[N]) Y [Enter]
Enter new IP Address: <new IP Address> [Enter]
New IP Address will be: ....<new IP Address>
Please confirm (Y/[N]) Y
-> IP Address will be updated.
12-16 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the MP

Result: The tool now prompts for the network name that is to be assigned to the MP.

8 At the following prompts, enter the appropriate information regarding the network name
that is to be assigned to the MP:
Current MP Network Name is: notdefined
Do you want to modify it? (Y/[N]) Y [Enter]
Enter new MP Network Name : <new MP Network Name> [Enter]
New MP Network Name will be: ...<new MP Network Name>
Please confirm (Y/[N]) Y
-> MP Network Name will be updated.
Result: The tool now prompts for information on the subnet mask.

9 At the following prompts, enter the appropriate information regarding the subnet mask:
Current Subnet Mask is:
Do you want to modify it? (Y/[N]) Y [Enter]
Enter new Subnet Mask : <new Subnet Mask> [Enter]
New Subnet Mask will be: .... <new Subnet Mask>
Please confirm (Y/[N]) Y
-> Subnet Mask will be updated.
Result: The tool now prompts for the current IP address that is to be assigned to the

10 At the following prompts, enter the appropriate information regarding the gateway:
Current Gateway is:
Do you want to modify it? (Y/[N])<Default is the IP Address>
Y [Enter]
Enter new Gateway : <new Gateway> [Enter]
New Gateway will be: .... .... <new Gateway>
Please confirm (Y/[N]) Y
-> Gateway will be updated.
Result: The tool now displays output similar to the following to indicate that it has
updated all parameters:
-> Parameters have been updated.

1350 OMS 12-17
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
GSP and MP Configuration Configure the MP


11 Use telnet to check the connection from another system. If the connection fails, use the
EL command to determine if access is enabled.

12-18 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
13 File System Management

This chapter provides the 1350 OMS network administrator with the conceptual
information that pertains to the File System Management of the 1350 OMS.


File System Management Overview 13-2

File System Management Tools 13-3

1350 OMS 13-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
File System Management File System Management Overview


File System Management Overview

File System Management definition
File System Management for the 1350 OMS includes the process and the tools that are
used to manage the disk storage of files and the partitioning of those disks.
The File System Management for the 1350 OMS is based on disk usage upon demand,
which leaves unused disk space that can be allocated when needed. For example, if a new
co-hosting application requires more disk space, that disk space could and would be made

File System Management functional requirements

The File System Management functional requirements for the 1350 OMS are the
• The disk management is based on the HP® Logical Volume Manager.
• Each disk that is managed is placed in a physical volume group.
• The Disk Mirror/UX software protects the system from the disk failure.
• The Disk Mirror/UX is configured to maintain two copies of data.
• Each new disk that is added to the configuration is checked to determine if two disks
are connected to the same SCSI bus or FC bus and if they are assigned to different
physical volumes.
• Each logical volume must be configured with the mirror option.

13-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
File System Management File System Management Tools


File System Management Tools

File System Management Tools overview
The 1350 OMS installation and configuration tools automatically perform file system
management tasks, which reduces the labor involved in disk partitioning and improves
the disk space availability level when it is needed.
The administrator merely must select the disks that are to be used and all other functions
are performed automatically. In addition, the tools enable the administrator to
automatically reserve any disk space that would be needed for each piece of software that
must be installed on a machine.
Because disk dimensioning is static and because any reserved space might not be
sufficient to accommodate future data storage, the following tools are provided:
• “scmirrorfs” (p. 13-3)
• “scextendfs” (p. 13-3)
• “scdeletefs” (p. 13-5)
These tools reduce the system down time and allow maintenance activities to be planned.
These tools can be executed on-line, and any changes that they initiate can take effect
whenever the next system reboot occurs.

File System Management Tools and High Availability Cluster caution

The File System Management Tools, which are scmirrorfs, scextendfs, and scdeletefs
cannot be used on volume groups that are configured in a 1350 OMS High Availability

The scmirrorfs tool is used to set up the Disk Mirror/UX configuration on a system in
which the mirror configuration has been not done or has been lost (for example, after a
restore from backup). The scmirrorfs tool requires the Disk Mirror/UX software be
installed and the disk configuration to adhere to the functional requirements specified in
“File System Management functional requirements” (p. 13-2).
Refer to the following sections of this document for additional information on scmirrorfs:
• Chapter 6, “Mirror Disks”
• “Mirror Configurations” (p. 5-20)
• “Run the scmirrorfs Tool to Set Up the Mirrored Configuration” (p. 5-43)

The scextendfs tool is used to extend or to create a file system during the system
installation phase. The tool automatically computes the amount of disk space requested,
including the space for the mirror configuration, and it issues the request for an additional
new disk configuration when needed.
1350 OMS 13-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
File System Management File System Management Tools

scextendfs [-l <log file>] [-O] <Mount Point> <Required Space> [<VolGroup>]
scextendfs [-l <log file>] [-O] -f<File>
scextendfs -a <MountPoint>
scextendfs [-i]
scextendfs [-h]
-l <log file> specifies an output log file that differs from the default log file
-O specifies that disk overhead is to be added. The overhead is computed as 10% of the
amount of space that is already in use in the specified file system, plus the required space.
<MountPoint> specifies the file system that is to be extended through the mount point. If
a file does not exist with this name, the tool creates a new file system and the related
mount point directory.
<ReqSpace> specifies the required space. This value is managed as file system size
during the creation, or the free space that is required when the file system exists. (Note no
action is taken when the existing file system has more free space available that what is
<VolGroup> specifies the volume group name for the file system. This parameter is
allowed only during the creation of a new file system. If the volume group does not exit,
the tool creates it.
-f <File> specifies the file that was written in the file system list and the relative space
that was required. The syntax is the following:
<MountPoint> <ReqSpace> [<VolGroup>]
This syntax allows a single command to extend or to create an additional file system.
-a specifies that the specified file system can be extended to the remaining volume group
free space.
-i specifies that the current disk configuration should be made visible.
-h specifies that a description of the procedure call should be provided.
This example illustrates how to extend a file system to have 20% more free space.
1. Use the bdf command to determine the file system size:

...,sys,root # bdf /alcatel/DEPOT

Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol19 2228224 1896458 311075 86% /alcatel/DEPOT
2. Compute 20% of that space from kilobytes to megabytes:

...,sys,root # bc
13-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
File System Management File System Management Tools

445640/1024 <kilo to mega byte conversion>
<Ctrl d>
3. Extend the file system with the scextendfs tool:

...,sys,root # scextendfs /alcatel/DEPOT 435

Analyze Mount Point:"/alcatel/DEPOT"
Request free: 435 MegaByte(s)
Current size: 2176 MegaByte(s)
Current used: 1853 MegaByte(s)
Current free: 303 MegaByte(s)
Evaluate size: 2336 MegaByte(s)
Extend Mount Point "/alcatel/DEPOT" to 2336 MByte
4. Re-enter bdf to check the result:

...,sys,root # bdf /alcatel/DEPOT

Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol19 2392064 1896498 464638 80% /alcatel/DEPOT

The scdeletefs tool is used to remove a file system that was created with scextendfs.
Important! When scdeletefs removes a file system, that file system cannot be
restored; meaning, the removal of the file system cannot be reversed.
scdeletefs [-l <log file>] <Mount Point>
scdeletefs [-l <log file>] -f<File>
scextendfs -g swap
scextendfs [-i]
scextendfs [-h]
-l <log file> specifies an output log file that differs from the default log file
<MountPoint> specifies the file system that is to be deleted through the mount point.
-g swap specifies to swap the area garbage collection, which removes more used swap
areas. This command is typically used to remove any TMN applications.
-i specifies that the current disk configuration should be made visible.
-h specifies that a description of the procedure call should be provided.

1350 OMS 13-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
File System Management File System Management Tools


13-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
Appendix A: List of


Abbreviation Meaning
ACL Access Control List
Alt_boot Alternate Boot Device
ANTP Alcatel-Lucent network time protocol
CDE Common Desktop Environment
cdfs/CDfs Compact-Disk Filesystem
CLI Command Line Interface
CLNP Connectionless Network Protocol
CMISE Common Management Information Service
CNA CMISE Network Adapter
DAT Digital Audio Tape
DLT Digital Linear Tape
DNS Domain Name Service, Domain Name
System, or Domain Name Server
DVD Digital Video Disk/Digital Versatile Disk
DWDM Dense Wavelength Division Multiplexing
EML Element Management Layer
eOMS embedded Optical Management System
ETSI European Telecommunications Standards
FTP File Transfer Protocol
GID group ID
GENOS generic OS-to-OS
GNE Gateway Network Element

1350 OMS A-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
List of Abbreviations Abbreviations


Abbreviation Meaning
GPS global positioning satellite
GSP HP® Guardian Service Processor
GUI Graphical User Interface
HA High Availability
hfs/HFS Hierarchical File System
HTML HyperText Markup Language
inetd super-server daemon that manages Internet
IPR Independent Peripheral Release
IRT Ignite Recovery Tape
ISA Industry Standard Architecture
KDC Key Distribution Log (Kerberos)
lan/LAN Local Area Network
LVM Logical Volume Manager
MP Management Processor
MIB Management Information Base
MPLS Multiple Protocol Label Switching
MW-INT Middleware Interface
MW-OS Middle Ware Operating System
NA Network Adapter
NE Network Element
NIO new input/output (java)
narrow input/output in reference to a bus
NMA Network Management Application
NML Network Management Layer
NMS Network Management System
NTP network time protocol
OI Open Interface
OSI Open Systems Interconnection
PDF Portable Document Format
PKT Packet
PID Process Identifier
Pri_boot Primary Boot Device
PVG Physical Volume Group
rcp remote copy file; UNIX command
A-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
List of Abbreviations Abbreviations


Abbreviation Meaning
rhost remote host; UNIX command
rlogin remote login; UNIX command
RTC real-time clock
SAN Storage Area Network
scdisk scan disk
scp secure copy; UNIX command
SCSI Small Computer System Interface
SDH Synchronous Digital Hierarchy
SEC Security; as in security database
SMH HP® System Management Homepage
sequential access media a tape device
SML Service Management Layer
SNMP Simple Network Management Protocol
SONET Synchronous Optical Network
SP service pack
ssh/SSH Secure Shell
SWP Software Package (descriptors)
TCP/IP Transmission Control Protocol/Internet
TL1 Transaction Language 1
TP termination point
TMN Telecommunications Management Network
TMPLS Transport—Multiple Protocol Label
TNA TL1 Network Adapter
UID user ID
VA virtual array
vg/volgroup volume group
vgchange volume group change
VPN Virtual Private Network
VT virtual terminal
wan/WAN Wide Area Network
WDM Wavelength Division Multiplexing
XDMCP X Display Manager Control Protocol
XoS XML-over-socket

1350 OMS A-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012
List of Abbreviations Abbreviations


A-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

Numerics Message Mount Point..., 5-18, 5-18, 5-18

1350 OMS Message Volume group name..., 5-17, 5-17
applications, 1-2 Mirror Configurations, 5-20
definition, 1-2 Mirror Configurations disk requirements, 5-20
supported NEs, 1-4 Mirror disk configuration rebuild restriction, 5-10
................................................................................................ No automatic reboot from the IRT, 5-15
A Access Control Lists (ACLs), 9-45 Perform a Tape Check task, 5-23
Added value modules required disk space, 5-10
1350 OMS HA, 1-6 Restore Data from the fbackup Tapes task, 5-36
1350 OMS OI, 1-6 Run scbackup for a Local Disk Backup task, 5-24
ANTP, 1-7 Run scdisk_read_check to Read and Check the Disk
task, 5-21
Run the scmirrorfs Tool to Set Up the Mirrored
B Backup and recovery
Configuration task, 5-43
backup restrictions, 5-10 scbackup functional overview, 5-6
Boot from the IRT task, 5-34 scbackup-screstore version incompatibility, 5-10
Console messages during reboot from IRT, 5-16 screstore checks and messages, 5-16
console restriction during, 5-10 Scripts that fail during the reboot from the IRT, 5-15
full mirror faults and troubleshooting, 5-11 split operation problems, 5-11
full system recovery phases, 5-13 system crashes, 5-11
full system recovery purpose, 5-13 time-out expiration, 5-11
functional definition, 5-2 tools, 5-3
IRT rebooting errors, 5-15 troubleshoot Current host is different from..., 5-17
IRT recovery, 5-14 Verify the Readability of the fbackup Tape task, 5-33
log files and troubleshooting, 5-11 ................................................................................................
login messages, 5-11
MERGE-DELETE problems, 5-11
eject a CD-ROM, 8-6
Message : The mount point directory, 5-18
Message Logical volume ..., 5-17 parameter, 9-26

1350 OMS IN-1
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

Commands High Availability (HA)
shutdown, 8-2 cautions regarding File System Management, 13-3
swacl, 9-45 HP® printer
................................................................................................ configuration tool, 10-2

D dlylntr (delay between login tries) system security Configure a Printer in the Local Spooler Queue task,
parameter, 9-26 10-3

DNSADD, 4-4 Configure a Printer upon Booting from the Local

System task, 10-9
Start the Spooler task, 10-8
two supported configurations, 10-2
HP® servers
list of available customer documentation, xviii
restart, 8-2
Domain Name Service (DNS), 4-4, 4-4, 4-4
I Instances
E ENCRYPT_ARCHIVE system security parameter, 9-27
Free System Resources Used by an Application
Instance task, 2-6
F File System Management Remove the Instance of an Application task, 2-4
definition, 13-2 ................................................................................................

functional requirements, 13-2 J javaws, 11-45

High Availability cautions and, 13-3 ................................................................................................
scdeletefs, 13-5
K KDC log
scextendsfs, 13-3
Activate the Kerberos KDC log task., 11-8
scmirrorfs, 13-3
Deactivate the Kerberos KDC log task., 11-10
tools overview, 13-3
L Legacy support, 1-4
decompress a compressed file, 8-5
llog (last log) system security parameter, 9-27
lntmout (login time out) system security parameter, 9-28
G Glossary, xvi
gptm (grace period time) system security parameter,
Activate the Kerberos KDC log task., 11-8
Deactivate the Kerberos KDC log task., 11-10
Access the GSP Console task, 12-13
Configure the GSP task, 12-3 M Management Processor (MP)

Verify Access to the GSP LAN Console task, 12-11 Configure the MP task, 12-15

................................................................................................ MIN_PASSWORD_LENGTH system security

parameter, 9-28
H High Availability
Mirror disks
security restrictions on, 9-8
configuration example, 6-2
IN-2 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

configuration methods, 6-2 external nodes, 4-2
Configure the Mirror Disk/UX® task, 6-6 functional restrictions, 4-4
Install Mirror Disk/UX task, 6-4 Import Node Information Between Two Different
Groups, 4-19
purpose, 6-2
List the Database Contents of a Group Member Node
rebuild restriction during backup/recovery, 5-10
task, 4-14
member nodes, 4-2
Merge Nodes in Two Groups into One Group task,
those supported for this release, 1-4 4-21

Network Depot network example, 4-5

Add Software to the Platform Software Depot task, Open Two Groups for Communication task, 4-17
7-7 purpose of, 4-2
applications, 7-2 Remove a Member from a Group task, 4-12
Create the Application Software Depot task, 7-8 Remove a Server from the Current DNS
Edit the .rhosts file to Authorize Access to the Configuration task, 4-42
Application Software Depot task, 7-10 security features, 4-4
Run scbuilddepot to Create the Platform Software working group, 4-2
Depot, 7-4
nullpw (null password) system security parameter, 9-28
Node Name Management tool
Add a New External Node to the Group task, 4-10
Add a New Node to the Group task, 4-7
parameter, 9-29
Add a New Server to the Current DNS Configuration
PASSWORD_MAXDAYS system security parameter,
task, 4-38
Align All Group Member Nodes to a Specified
Member Node task, 4-15
parameter, 9-29
Align One Group Member Node to Another Group
Member Node task, 4-16
parameter, 9-30
basic functions, 4-4
PASSWORD_MINDAYS system security parameter,
Change a Server to the Current DNS Configuration 9-29
task, 4-40
PASSWORD_WARNDAYS system security parameter,
Change the Gateway IP Address and Hostname task, 9-30
Change the Hostname of a Remote Node task, 4-29
R rstrpw (restrict trivial passwords) system security
Change the Hostname the Current/Local Node task, parameter, 9-30
Change the IP Address a Remote Node task, 4-23
S Safety information, xiii
Change the IP Address the Current/Local Node task,
4-26 scdeletefs, 13-5
Change the Subnetwork Mask task, 4-35 scextendsfs, 13-3
Establish a Group and Initialize Node Name scmirrorfs, 13-3
Management Persistent Data task, 4-6
1350 OMS IN-3
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

Security Remove Security task, 9-42
access to the secure host, 9-8 requirements, 9-2
audit and log files functional overview, 9-18 restrictions on High Availability configurations, 9-8
audit files, 9-18 rstrpw (restrict trivial passwords) system security
parameter, 9-30
Authorize Access to the Depot Machine task, 9-45
security administration user, 9-4
banner customization, 9-5
security profile features, 9-7
Change a Manufacturer's Default Passwords, 9-38
security profile types, 9-7
security parameter, 9-26 security user groups, 9-4
changing the system security parameters, 9-24 security.parms file contents, 9-22
configuration tool functional overview, 9-2 Set Up Security with Any Profile task, 9-36
dlylntr (delay between login tries) ) system security SIT (shell inactivity timeout) system security
parameter, 9-26 parameter, 9-31
ENCRYPT_ARCHIVE system security parameter, software requirements, 9-2
syschpw (system character password) system
encryption set up, 9-20 security parameter, 9-31
gptm (grace period time) system security parameter, sysltpw (system letter password) system security
9-27 parameter, 9-31
llog (last login) system security parameter, 9-27 syspnpw (system pronounceable password) system
security parameter, 9-31
lntmout (login time out) system security parameter,
9-28 tmaxlntr (maximum login tries) system security
parameter, 9-32
location and access to the system security
parameters, 9-24 Troubleshoot and Fix /etc/passwd File Problems,
log files, 9-19
Troubleshoot and Fix Old Password Problems., 9-43
MIN_PASSWORD_LENGTH system security
parameter, 9-28 types of system security parameters, 9-25
nullpw (null password) system security parameter, umaxlntr (user maximum login tries) system security
9-28 parameter, 9-32
PASSWORD_HISTORY_DEPTH system security user-allowed commands, 9-8
parameter, 9-29
usrpick (user pick) system security parameter, 9-32
PASSWORD_MAXDAYS system security
Verify and Kill Processes task, 9-40
parameter, 9-29
WARN_USERS_LIST system security parameter,
parameter, 9-29
shutdown command, 8-2
security parameter, 9-30 SIT (shell inactivity timeout) system security parameter,
PASSWORD_MINDAYS system security parameter,
9-29 swacl command, 9-45
PASSWORD_WARNDAYS system security syschpw (system character password) system security
parameter, 9-30 parameter, 9-31
Prepare to Set Up Security task, 9-34
IN-4 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

sysltpw (system letter password) system security
parameter, 9-31
syspnpw (system pronounceable password) system
security parameter, 9-31

T Tasks

Free System Resources Used by an Application

Instance task, 2-6
Remove the Instance of an Application task, 2-4
tmaxlntr (maximum login tries) system security
parameter, 9-32
rebuild the TMF server database, 11-61
cannot contact any KDC for requested realm, 11-4
KDC daemon log file, 11-5
network configuration problems, 11-3
Ping a Node task, 11-6
ticket is ineligible for postdating, 11-3
unable to connect ConnectionManager, 11-4

U umaxlntr (user maximum login tries) system security

parameter, 9-32
usrpick (user pick) system security parameter, 9-32

W WARN_USERS_LIST system security parameter, 9-32

Web Portal, 1-3, 1-4

1350 OMS IN-5
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012


IN-6 1350 OMS
8DG42227LAAA-Vol1 9.6
Issue 1 March 2012

You might also like