U2000 ATAE Cluster System Administrator Guide (SUSE) (V200R016C10 - 05) PDF

U2000
V200R016C10
ATAE Cluster System Administrator

Guide (SUSE)
Issue 05
Date 2016-08-30
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Issue 05 (2016-08-30) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co., Ltd.
U2000
ATAE Cluster System Administrator Guide (SUSE) About This Document
About This Document
Scope
This document is designed for administrators of the U2000 cluster system. It provides
concepts and operation procedures for administration tasks of the U2000 system, which is
based on the SUSE Linux operating system and the Oracle or Sybase database. It also
describes routine and emergency maintenance procedures for the U2000 system, emergency
maintenance procedures for hardware, and troubleshooting methods.
Product Versions
The following table lists the product versions related to this document.
Product Name Version
U2000 V200R016C10
OSMU V200R002C50
Intended Audience
This document is intended for network management engineers.
Change History
05 (2016-08-30)
This is the 05 release of V200R016C10. Compared with issue 04 (2016-07-20) of
V200R016C10, this issue includes the following changes.
Issue 05 (2016-08-30) Huawei Proprietary and Confidential ii

U2000
Section Change Description
8.17 Configuring the DH Key Length for Added.

DS Services
04 (2016-07-20)
This is the 04 release for V200R016C10. Compared with issue 03 (2016-05-30) for
V200R016C10, this issue incorporates the changes listed in the following table.
Section Change Descriptin
20.4.2 Allocating PS Domain NEs Added.
Viewing Flow Data Amount on the Deleted.

Trace Server
03 (2016-05-30)
4.8 Querying and Changing the Added.

U2000 Service Status
2.3.8 Configuring the Mapping Modified the description.

Between the Trace Server Boards
and the U2000 Mediation Service
2.3.9 Connecting the Switches to

the Telecom Operator's Network
8.5 Replacing the SSL Certificate

of OSS Management Tool
8.6 Changing the Password of the

OSS Management Tool's Private
Key File
20.2.2 Synchronizing NE
Subscription Information
20.3.2 Configuring Master

Partition Information
2.3.3 Planning Switches' VLANs

by Port (S5352C-EI)
Issue 05 (2016-08-30) Huawei Proprietary and Confidential iii

U2000
02 (2016-03-20)
20.5 Managing Trace Server Load Added.
Viewing Flow Data Amount on the

Trace Server
20 Trace Server Component Modified the description.

Management
2.1 Changing the Public IP

Address of the U2000 Server
2.4 Changing the IP Addresses

and Routes for the Service
Network Plane of the U2000
Server
01 (2016-02-25)
This is the 01 release for V200R016C10. Compared with issue Draft A (2015-12-30) for
2.3.10 Configuring Parameters for Added.

the Northbound Plane Connected
to the Upper-Layer Network
Management Application
20.4.3 Query PS Partition
20.4.4 Delete the PS Partition
2.3.7 Configuring Network Modified the description.

Segments of NEs for Southbound
IP Addresses of the U2000 Server
8.4 Replacing the Root Key of the

OSS Management Tool Sensitive
Data
8.3 Replacing the Encrypted Key

of the OSS Management Tool
Sensitive Data
Issue 05 (2016-08-30) Huawei Proprietary and Confidential iv

U2000
Draft A (2015-12-30)
This is the Draft A release for V200R016C10. Compared with issue 01 (2015-09-20) for
20.8 Managing the NEs in Trace Added.

Server
20.8.1 Querying Subarea

Information of NEs Managed by
the Trace Server
20.8.2 Migrating NEs in the Trace

Server System (U2000 Client)
20.8.3 Migrating NEs in the Trace

Server System (Maintenance and
Measurement Tool)
2.1 Changing the Public IP Modified the description.

Address of the U2000 Server
2.3.7 Configuring Network

Segments of NEs for Southbound
IP Addresses of the U2000 Server
2.5 Deleting the Network Interface

for the Service Network Plane of
the U2000 Server
4.7 Service Groups
11.2.1 Changing the Database

Administrator
Organization
1 Powering On and Powering Off the System
This section describes how to power on and power off the U2000 in a specified sequence to
ensure system security.
2 Configuring the Parameters of the U2000 Server
This section describes how to change the IP addresses and routes of the U2000 server and
configure U2000 service network plane ports.
3 Managing the U2000 Server Time
This section describes how to set the server time for the U2000 cluster system to ensure that
the settings meet time requirements.
4 Managing U2000 Services and Database Services
Issue 05 (2016-08-30) Huawei Proprietary and Confidential v

U2000
This section describes how to use the OSMU to view the status of U2000 services and
database services, and start and stop U2000 services and database services.
5 Managing U2000 Resources
This section describes the mapping between the resources of the U2000 system and the
methods of managing the resources and resource groups of the U2000 system.
6 Setting the Authentication Mode of the U2000
This section describes how to add the U2000 server to the SSO server and set the local
authentication mode and SSO mode of the U2000 server.
7 Managing the U2000 FTP Server
This section describes how to change the port number and set file transfer policies on the FTP
server.
8 Managing U2000 System Security
This section describes how to replace the encrypted key of the U2000 system, replace the SSL
certificate of OSS Management Tool, change the password of the OSS Management Tool's
private key file, and perform security hardening/unhardening for internal ports of the U2000
server.
9 Setting the Communication Modes Used by the U2000 Clients and Server
The U2000 server supports three communication modes: common, Secure Sockets Layer
(SSL), and both. Clients support two communication modes: common and SSL. The clients
can successfully connect to the server only when the communication modes are consistent
between the clients and server. The security of the SSL mode is higher than the security of the
common and both modes. The default communication mode on the server is SSL. The client
must connect to the server in SSL mode.
10 Enabling the U2000 Server to Authenticate NEs Sending Syslog Logs to It
When the U2000 server functions as an SSL server for communication with the U2000 client
and NEs, you are advised to enable authentication of the communication peer on the U2000
server for security concerns. After this function is enabled, you must deploy the required trust
certificates on the U2000 server to ensure normal communication.
11 Managing U2000 System Users
This section describes how to manage and monitor the U2000 users. The users involved in the
U2000 system are Linux user, database user, OM users, and storage system users.
12 Managing Files and Disks on the U2000 Server
This describes how to manage the file systems and disks on the U2000 server.
13 Managing the U2000 Client
This section describes how to manage the U2000 client. The graphic user interface (GUI) on
the U2000 client supports the O&M for the NEs and enables you to monitor the U2000. You
must manage the U2000 client to ensure its proper operation.
14 Managing the U2000 License
U2000 licenses restrict the number of manageable devices, and the availability duration of the
U2000. You need to manage the licenses periodically.
Issue 05 (2016-08-30) Huawei Proprietary and Confidential vi

U2000
15 Monitoring the U2000 Server

You can monitor the service status, hard disk status, database status, resource status,
component information of the U2000 server, and log information on system monitor
operations. If the Trace Server independently deployed in the ATAE cluster system or virtual
cluster system is used with the U2000, the Trace Server status can also be monitored. The
status query method is the same as that of the U2000. The U2000 monitoring parameters also
take effect on the Trace Server. Therefore, you do not need to set monitoring parameters for
the Trace Server.
16 Managing OSS Tasks Centrally
The U2000 provides the function of centrally managing scheduled tasks. You can browse
information such as the task status and the progress as well as create, modify, and delete user-
scheduled tasks. In addition, you can suspend, restore, cancel scheduled tasks, and save task
result files to the client.
17 Collecting Basic Data of NEs
You can use the NE data collection function provided by the U2000 to collect configuration
data and basic information of NEs and save the collected data to a specified directory. The
Nastar, PRS, and TranSight can then navigate to the directory and obtain NE data for network
analysis and optimization analysis.
18 Migrating NEs Managed by the U2000
When the U2000 is deployed in an SLS ,virtual or ATAE cluster system, NEs are allocated to
different U2000 servers for management. NEs can be migrated from one server to another
when a server manages too many NEs or a server is added to the SLS or ATAE cluster system.
NE migration helps balance load between servers.
19 Managing U2000 Logs
Logs record the operations on the U2000 and important system events. In the log
management, you can query and collect statistics on the log information.
20 Trace Server Component Management
If the Trace Server and U2000 are deployed on different ATAE server boards but in the same
ATAE subrack, The Trace Server maintenance and measurement tool and OSS Management
Tool can be used to collect service logs, analyze reported abnormal data, query the
subscription content, and NE distribution to quickly maintain the Trace Server system when
the Trace Server system is running.
21 Backing Up and Restoring the U2000
This section describes how to back up and restore the U2000.
22 U2000 Routine Maintenance
This section describes how to perform the U2000 routine maintenance and recommends some
maintenance items and procedures.
23 Hardware Routine Maintenance
24 U2000 Emergency Maintenance

When the U2000 server or the U2000 client incurs an emergency or a severe fault (for
example, the power failure of the U2000 server), you need to handle the emergency or severe
fault to minimize the loss.
Issue 05 (2016-08-30) Huawei Proprietary and Confidential vii

U2000
25 U2000 Troubleshooting
This section describes the procedures for troubleshooting the U2000.
26 General Operation
27 Appendix
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation which, if not

avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not

avoided, could result in death or serious injury.

avoided, may result in minor or moderate injury.

avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Calls attention to important information, best practices and

tips.
NOTE is used to address information not related to
personal injury, equipment damage, and environment
deterioration.
General Conventions
The general conventions that may be found in this document are defined as follows.
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Boldface Names of files, directories, folders, and users are in

boldface. For example, log in as user root.
Italic Book titles are in italics.
Issue 05 (2016-08-30) Huawei Proprietary and Confidential viii

U2000
Courier New Examples of information displayed on the screen are in

Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[] Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... } Optional items are grouped in braces and separated by

vertical bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.
{ x | y | ... }* Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]* Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Boldface Buttons, menus, parameters, tabs, window, and dialog titles

are in boldface. For example, click OK.
> Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder.
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.
Format Description
Key Press the key. For example, press Enter and press Tab.
Issue 05 (2016-08-30) Huawei Proprietary and Confidential ix

U2000
Format Description
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl
+Alt+A means the three keys should be pressed
concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means
the two keys should be pressed in turn.
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action Description
Click Select and release the primary mouse button without

moving the pointer.
Double-click Press the primary mouse button twice continuously and

quickly without moving the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a certain position.
Issue 05 (2016-08-30) Huawei Proprietary and Confidential x

U2000
ATAE Cluster System Administrator Guide (SUSE) Contents
Contents
About This Document.....................................................................................................................ii

1 Powering On and Powering Off the System............................................................................1
1.1 Powering On the System................................................................................................................................................ 2
1.2 Powering Off the System................................................................................................................................................2
2 Configuring the Parameters of the U2000 Server.................................................................... 5

2.1 Changing the Public IP Address of the U2000 Server................................................................................................... 6
2.2 Setting the Routes of the U2000 Server....................................................................................................................... 14
2.3 Configuring the Service Network Plane Ports of the U2000 Server............................................................................ 18
2.3.1 Overview of the U2000 Service Network Plane Isolation Solution.......................................................................... 18
2.3.2 Connecting the Service Network Plane Ports of the U2000 Server to Switches.......................................................20
2.3.3 Planning Switches' VLANs by Port (S5352C-EI).....................................................................................................27
2.3.4 Planning Switches' VLANs by Port (S5310-52C-EI)................................................................................................33
2.3.5 Restructuring Switch S5310-52C-EI......................................................................................................................... 39
2.3.6 Setting the IP Addresses and Routes for the Service Network Plane of the U2000 Server...................................... 41
2.3.7 Configuring Network Segments of NEs for Southbound IP Addresses of the U2000 Server.................................. 53
2.3.8 Configuring the Mapping Between the Trace Server Boards and the U2000 Mediation Service.............................60
2.3.9 Connecting the Switches to the Telecom Operator's Network.................................................................................. 62
2.3.10 Configuring Parameters for the Northbound Plane Connected to the Upper-Layer Network Management
Application......................................................................................................................................................................... 67
2.4 Changing the IP Addresses and Routes for the Service Network Plane of the U2000 Server .................................... 68
2.5 Deleting the Network Interface for the Service Network Plane of the U2000 Server ................................................ 75
3 Managing the U2000 Server Time............................................................................................ 79

3.1 Introduction to Time Synchronization..........................................................................................................................81
3.2 Time Synchronization Modes of Mobile Network....................................................................................................... 82
3.3 NTP Time Synchronization Mechanism of the ATAE Cluster System........................................................................ 88
3.4 Policies for Configuring the NTP Service on the U2000 Server..................................................................................91
3.5 Viewing NTP Settings of the OSMU Server................................................................................................................ 92
3.6 Modifying NTP Servers of the OSMU Server............................................................................................................. 94
3.7 Checking the NTP Software Version of the U2000 Server.......................................................................................... 94
3.8 Enabling/Stopping the NTP Monitoring Service of the U2000 Server........................................................................ 95
3.9 Viewing the Time and Time Zone of the U2000 Server...............................................................................................97
3.10 Changing the Time and Time Zone of the U2000 Server...........................................................................................97
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xi

U2000
3.11 Viewing the DST Rule for the U2000...................................................................................................................... 101

3.12 Setting the DST Rule for the U2000........................................................................................................................ 101
3.13 Setting the NTP Service of the U2000 System (Security Authentication Mode).....................................................102
3.13.1 Setting Time Synchronization Between the OSMU Server and NTP Server (Security Authentication Mode)....102
3.13.2 Setting the U2000 Board as the Intermediate NTP Server (Security Authentication Mode)................................104
3.13.3 Checking the NTP Service Running Status on the OSMU Server (Security Authentication Mode).................... 110
3.13.4 Introduction to Key Types and Key Data.............................................................................................................. 112
4 Managing U2000 Services and Database Services.............................................................. 113

4.1 Checking the U2000 Service Status............................................................................................................................114
4.2 Setting the Service Domains Managed by the U2000................................................................................................ 117
4.3 Starting the Database Service..................................................................................................................................... 117
4.4 Stopping the Database Service................................................................................................................................... 118
4.5 Starting U2000 Services............................................................................................................................................. 119
4.6 Stopping U2000 Services........................................................................................................................................... 120
4.7 Service Groups........................................................................................................................................................... 121
4.8 Querying and Changing the U2000 Service Status.................................................................................................... 123
5 Managing U2000 Resources..................................................................................................... 125

5.1 U2000 Cluster and VCS Resource Planning (Oracle)................................................................................................126
5.2 U2000 Cluster and VCS Resource Planning (Sybase)............................................................................................... 129
5.3 Conditions for Switchover Resources Between U2000 Nodes Automatically.......................................................... 131
5.4 Checking the Status of U2000 Resources...................................................................................................................133
5.5 Switching Resources Between U2000 Nodes Manually (Oracle)..............................................................................135
5.6 Switching Resources Between U2000 Nodes Manually (Sybase)............................................................................. 138
6 Setting the Authentication Mode of the U2000................................................................... 141

6.1 Setting the Authentication Mode of the U2000 Server to Local Mode......................................................................142
6.2 Setting the Authentication Mode of the U2000 Server to the SSO Mode..................................................................143
7 Managing the U2000 FTP Server............................................................................................ 145

7.1 Changing the FTP Port Number (the U2000 Server as the FTP Server)....................................................................146
7.2 Changing the FTP Port Number (an NE as the FTP Server)......................................................................................147
7.3 Changing the FTP Port Number (a Third-Party Server as the FTP Server)............................................................... 149
7.4 Configuring the FTP Transmission Policy................................................................................................................. 151
7.4.1 Introduction to FTP Transmission Policy................................................................................................................151
7.4.2 Disabling the Plaintext FTP Mode on the U2000 Server........................................................................................ 153
7.4.3 Enabling the Plaintext FTP Mode on the U2000 Server......................................................................................... 157
7.4.4 Configuring the FTP Mode Between an NE and the U2000................................................................................... 160
7.4.5 Configuring the SFTP for Actively Transferring Files over the Northbound Interface (Public and Private Keys)
.......................................................................................................................................................................................... 160
7.4.6 Configuring the SFTP for Actively Transferring Files over the Northbound Interface (Password Authentication)
.......................................................................................................................................................................................... 172
8 Managing U2000 System Security.......................................................................................... 179

8.1 Replacing the Encrypted Key of the U2000 System Sensitive Data.......................................................................... 182
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xii

U2000
8.2 Replacing the Root Key of the U2000 System Sensitive Data...................................................................................183
8.3 Replacing the Encrypted Key of the OSS Management Tool Sensitive Data............................................................ 184
8.4 Replacing the Root Key of the OSS Management Tool Sensitive Data.....................................................................184
8.5 Replacing the SSL Certificate of OSS Management Tool..........................................................................................185
8.6 Changing the Password of the OSS Management Tool's Private Key File................................................................ 189
8.7 Changing the Maximum Login Attempts and Locking Duration for the OSS Management Tool.............................190
8.8 Performing Security Hardening/Unhardening for Internal Ports of the U2000 Server.............................................. 191
8.9 Performing Security Hardening/Unhardening for U2000 Database Ports................................................................. 193
8.10 Querying and Setting the Encryption Algorithm for Alarms Between the U2000 and OSMU............................... 195
8.11 Querying and Setting the Authentication Algorithm for the Heartbeats Between the U2000 and OSMU.............. 196
8.12 Querying and Setting the SNMPv3-based Algorithms Used Between the U2000 and PRS....................................198
8.13 Changing the OSS Private Key Password................................................................................................................ 200
8.14 Disabling the SSLv3 Protocol Used on the U2000.................................................................................................. 201
8.15 Disabling the TLSv1.0 Protocol............................................................................................................................... 205
8.16 Enabling/Disabling Proxy Service ACL...................................................................................................................205
8.17 Configuring the DH Key Length for DS Services....................................................................................................207
9 Setting the Communication Modes Used by the U2000 Clients and Server..................209
9.1 Mode Switching Operation Guide.............................................................................................................................. 211
9.2 Introduction to Communication Modes......................................................................................................................221
9.2.1 Digital Certificates...................................................................................................................................................222
9.2.2 SSL Protocol............................................................................................................................................................222
9.3 Preparing Digital Certificates..................................................................................................................................... 224
9.4 Certificate Save Path and Naming Conventions.........................................................................................................226
9.5 Setting the U2000 Communication Mode.................................................................................................................. 227
9.5.1 Mode Switching Operation Guide........................................................................................................................... 227
9.5.2 Querying the Communication Mode of the Server................................................................................................. 238
9.5.3 Deploying Certificates on U2000 the Server...........................................................................................................239
9.5.4 Enabling the U2000 Server to Authenticate Its Peer............................................................................................... 242
9.5.5 Switching the Communication Mode of the U2000 Server.................................................................................... 244
9.5.6 Deploying Certificates on the U2000 Client........................................................................................................... 245
9.6 Replacing All Digital Certificates.............................................................................................................................. 250
9.7 Updating Certificates.................................................................................................................................................. 250
9.7.1 Updating Certificates on the U2000 Server.............................................................................................................250
9.7.2 Adding Trust Certificates of the U2000 Client to the U2000 Server...................................................................... 253
9.7.3 Deleting Trust Certificates of the U2000 Client from the U2000 Server................................................................254
9.7.4 Updating Certificates on the U2000 Client............................................................................................................. 256
10 Enabling the U2000 Server to Authenticate NEs Sending Syslog Logs to It............... 259
10.1 Querying NE Syslog Operation Logs....................................................................................................................... 262
10.2 Deploying a Certificate for the U2000 Server to Receive NE Syslog Logs.............................................................262
10.3 Updating a Certificate for the U2000 Server to Receive NE Syslog Logs...............................................................265
10.4 Adding to the U2000 Server the Trust Certificates of the NE Sending Syslog Logs to It....................................... 267
10.5 Deleting from the U2000 Server the Trust Certificates of the NE Sending Syslog Logs to It.................................269
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xiii

U2000
11 Managing U2000 System Users.............................................................................................271

11.1 Managing OS Users.................................................................................................................................................. 273
11.1.1 Creating Operating System Users..........................................................................................................................273
11.1.2 Changing the Passwords of Operating System Users............................................................................................275
11.1.3 Deleting Operating System Users..........................................................................................................................278
11.2 Managing Database Users........................................................................................................................................ 278
11.2.1 Changing the Database Administrator...................................................................................................................279
11.2.2 Changing the Passwords of Database Users (Oracle)............................................................................................281
11.2.3 Changing the Passwords of Database Users (Sybase)........................................................................................... 285
11.2.4 Changing the User Password of the Database Related to the Site Power Management Application....................288
11.3 Managing Web Proxy Users..................................................................................................................................... 288
11.3.1 Web Proxy User..................................................................................................................................................... 288
11.3.2 Creating Web Proxy Users.....................................................................................................................................288
11.3.3 Deleting Web Proxy Users.....................................................................................................................................289
11.3.4 Changing Web Proxy User Passwords...................................................................................................................290
11.4 Managing SNMPv3 Users........................................................................................................................................ 291
11.4.1 SNMPv3 Users...................................................................................................................................................... 291
11.4.2 Changing the Private Key of the SNMPv3 User Between U2000 and the PRS....................................................292
11.4.3 Changing the Password of the SNMPv3 User for Alarms Between U2000 and OSMU...................................... 293
11.4.4 Changing the Private Key of the SNMPv3 User for Heartbeats Between U2000 and OSMU............................. 295
11.4.5 Changing the Private Key of the SNMPv3 User Between U2000 and the SONMaster........................................296
11.4.6 Changing the Private Key of the SNMPv3 User Between U2000 and the TSP....................................................298
11.5 Managing ATAE Cluster System Devices Users...................................................................................................... 299
11.5.1 Changing User Passwords for ATAE Cluster System Devices..............................................................................300
11.5.2 Synchronizing User Passwords for ATAE Cluster System Devices......................................................................300
11.6 Managing OSMU Web Users................................................................................................................................... 300
11.7 Managing OM Users.................................................................................................................................................300
11.8 Changing the Password for the Default User of the VCS.........................................................................................301
11.9 Changing Passwords for Database User of FMA..................................................................................................... 303
11.10 Setting Security Policies of U2000 Users...............................................................................................................304
11.10.1 Setting the User Name Blacklist..........................................................................................................................304
11.10.2 Setting the Login Message...................................................................................................................................305
11.10.3 Setting Display of the Last Login User Name in the Login Dialog Box.............................................................306
12 Managing Files and Disks on the U2000 Server................................................................ 308

12.1 U2000 Server File System........................................................................................................................................ 309
12.2 Clearing U2000 Databases....................................................................................................................................... 310
12.3 Clearing the Disk Space of the U2000 Server.......................................................................................................... 312
13 Managing the U2000 Client................................................................................................... 314

13.1 Managing Files and Disks on U2000 Clients........................................................................................................... 315
13.1.1 Introduction to the U2000 Client File System and Tools...................................................................................... 315
13.1.2 Clearing the Disk Space of an U2000 Client.........................................................................................................319
13.2 Monitoring the Login Status of the U2000 Clients.................................................................................................. 320
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xiv

U2000
13.3 Setting the Number of Clients Accessible on a PC.................................................................................................. 321

13.4 Modifying the Date, Time, and Time Zone on the U2000 Client.............................................................................322
14 Managing the U2000 License.................................................................................................324

14.1 Checking the Status of the U2000 License...............................................................................................................326
14.2 Loading or Updating the U2000 License................................................................................................................. 327
14.3 Querying the License Revocation Code on the U2000............................................................................................ 328
14.4 Revoking a License on the U2000............................................................................................................................329
14.5 Exporting the License Information...........................................................................................................................330
14.6 Exporting License Files............................................................................................................................................ 330
14.7 Setting Periodic Export of the U2000 License......................................................................................................... 331
14.8 Setting Alarms for U2000 License Resource Item Capacity....................................................................................332
14.9 Reference for the U2000 License Interfaces............................................................................................................ 333
14.9.1 Parameters for Querying the U2000 License.........................................................................................................333
14.9.2 Parameters for Querying the Revocation Code of an U2000 License...................................................................336
14.9.3 Parameters for Revoking an U2000 License......................................................................................................... 337
14.9.4 Parameters for Comparing the Original License with the Updated License......................................................... 338
14.9.5 Parameters for Setting U2000 License Periodic Export........................................................................................ 340
14.9.6 Parameters for Setting Alarms for U2000 License Resource Item Capacity........................................................ 342
14.10 FAQs About U2000 Licenses................................................................................................................................. 345
14.10.1 What Do I Do If the Functions Controlled by the License Can Still Be Used After the License Expires?........ 345
14.10.2 What Do I Do If a License File Is Deleted?........................................................................................................ 346
14.10.3 How Do I Resolve a License File Check Failure Occurring When I Update the License?.................................346
14.10.4 What Do I Do If No Information Dialog Box Is Displayed Prompting Me to Immediately Update the License
After the License Is Revoked?..........................................................................................................................................347
14.11 U2000 License Consumption Statistics Rule..........................................................................................................347
15 Monitoring the U2000 Server................................................................................................ 348

15.1 Setting the Monitoring Parameters........................................................................................................................... 349
15.1.1 Setting the Parameters for Monitoring the U2000 Server..................................................................................... 349
15.1.2 Setting the Parameters for Monitoring the Disk Usage of the U2000 Server....................................................... 350
15.1.3 Setting the Parameters for Monitoring the Database Usage of the U2000 Server................................................ 351
15.1.4 Setting the Parameters for Monitoring the Service Status of the U2000 Server................................................... 352
15.2 Monitoring the Status of the U2000 Server..............................................................................................................353
15.2.1 Monitoring the Service Status of the U2000 Server..............................................................................................353
15.2.2 Monitoring the Process Status of the U2000 Server..............................................................................................353
15.2.3 Monitoring the Disk Status of the U2000 Server.................................................................................................. 354
15.2.4 Monitoring the Database Status of the U2000 Server........................................................................................... 354
15.2.5 Monitoring the Resource Status of the U2000 Server........................................................................................... 355
15.2.6 Viewing Logs of System Monitoring Operations..................................................................................................355
15.2.7 Refreshing the Monitoring Information................................................................................................................ 356
15.2.8 Saving the Monitoring Information....................................................................................................................... 356
15.3 Reference of Monitoring the U2000 Server GUI..................................................................................................... 357
15.3.1 Parameters for Setting the Monitoring Thresholds of the U2000 Server.............................................................. 357
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xv

U2000
15.3.2 Parameters for Setting the Hard Disk Monitoring Thresholds of the U2000 Server.............................................362
15.3.3 Parameters for Setting the Database Monitoring Thresholds of the U2000 Server.............................................. 366
15.3.4 Parameters for Setting the Service Monitoring Thresholds of the U2000 Server................................................. 370
15.3.5 Parameters for Monitoring the Service Status of the U2000 Server..................................................................... 371
15.3.6 Parameters for Monitoring the Process Status of the U2000 Server..................................................................... 372
15.3.7 Parameters for Monitoring the Hard Disk Status of the U2000 Server.................................................................373
15.3.8 Parameters for Monitoring the Database Status of the U2000 Server...................................................................375
15.3.9 Parameters for Monitoring the Status of the U2000 Server.................................................................................. 377
15.3.10 Parameters for Viewing System Monitoring Operation Logs............................................................................. 378
16 Managing OSS Tasks Centrally........................................................................................... 380

16.1 Overview of Task Management................................................................................................................................382
16.1.1 Task Types............................................................................................................................................................. 382
16.1.2 System Scheduled Tasks........................................................................................................................................384
16.1.3 User Scheduled Tasks............................................................................................................................................ 390
16.1.4 States of Scheduled Tasks......................................................................................................................................397
16.1.5 Technical Specifications of Task Management..................................................................................................... 399
16.2 Customizing the Interface for Managing Scheduled Tasks...................................................................................... 400
16.3 Creating User Scheduled Tasks................................................................................................................................ 400
16.4 Managing Scheduled Tasks...................................................................................................................................... 403
16.4.1 Modifying Scheduled Tasks.................................................................................................................................. 403
16.4.2 Suspending Scheduled Tasks.................................................................................................................................404
16.4.3 Resuming Scheduled Tasks................................................................................................................................... 405
16.4.4 Cancelling Scheduled Tasks.................................................................................................................................. 406
16.4.5 Deleting Scheduled Tasks......................................................................................................................................406
16.4.6 Saving Scheduled Tasks........................................................................................................................................ 407
16.5 Viewing Scheduled Tasks......................................................................................................................................... 408
16.6 Downloading Task Execution Tasks.........................................................................................................................409
16.7 Downloading Result Files........................................................................................................................................ 409
16.8 Reference of the Integrated Task Management GUI................................................................................................ 412
16.8.1 GUIs for Managing Scheduled Tasks.................................................................................................................... 412
16.8.2 Parameters for Setting Task Filter Criteria............................................................................................................ 414
16.8.3 Parameters for Creating a Scheduled Task............................................................................................................ 415
16.8.4 Parameters for Scheduled Task Attributes.............................................................................................................418
16.8.5 Parameters for Automatically Suspending and Resuming a Scheduled Task....................................................... 420
16.8.6 Parameters for Creating/Modifying/Copying a Task for Testing BTS Cabinet-Top Power..................................421
16.8.7 Parameters for Creating/Modifying/Copying an RSSI Test Task..........................................................................421
16.8.8 Parameters for Modifying the Export of NE Upgrade Log................................................................................... 422
17 Collecting Basic Data of NEs.................................................................................................423

17.1 Collecting Configuration Data of NEs..................................................................................................................... 424
17.2 Collecting Basic Information of NEs....................................................................................................................... 424
17.3 Viewing Exported Tasks........................................................................................................................................... 425
17.4 GUIs and Parameters for NE Data Collection..........................................................................................................425
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xvi

U2000
17.4.1 Parameters for Modifying NE Configuration Data Collection Settings................................................................425

17.4.2 Parameters for Modifying NE Basic Information Collection Settings..................................................................426
18 Migrating NEs Managed by the U2000............................................................................... 428

18.1 NE Migration Overview........................................................................................................................................... 429
18.2 Migrating NEs Managed by the U2000....................................................................................................................429
18.3 Querying Historical Performance Data on the Source Server After NE Migration................................................. 432
18.4 Parameters for Setting an NE Migration Task..........................................................................................................433
19 Managing U2000 Logs.............................................................................................................435

19.1 Log Management Functions..................................................................................................................................... 436
19.2 Log Types................................................................................................................................................................. 436
19.2.1 SUSE Linux Operating System Logs.................................................................................................................... 436
19.2.2 System Tool Logs.................................................................................................................................................. 437
19.3 Log Forwarding........................................................................................................................................................ 437
19.3.1 Getting to Know Log Forwarding......................................................................................................................... 438
19.3.2 Enabling Logging to U2000 Syslog Database.......................................................................................................440
19.3.3 Setting NE Log Forwarding.................................................................................................................................. 441
19.3.4 Setting Filter Criteria for Forwarding Logs...........................................................................................................442
19.3.5 Setting the Interconnection Between the U2000 and the Syslog Server............................................................... 443
19.3.6 Monitoring the Connection Between the U2000 and Syslog Server.....................................................................445
19.3.7 Deploying and Updating Log Forwarding Service Certificates............................................................................ 446
19.3.7.1 Deploying Log Forwarding Service Certificates................................................................................................447
19.3.7.2 Updating Log Forwarding Service Certificates..................................................................................................450
19.3.7.3 Adding Trust Certificates of the Third-party Syslog Server to the U2000 Server............................................. 452
19.3.7.4 Deleting Trust Certificates of the Third-party Syslog Server from the U2000 Server.......................................453
20 Trace Server Component Management ..............................................................................456

20.1 Querying System Information.................................................................................................................................. 458
20.2 Subscription and Collection......................................................................................................................................459
20.2.1 Querying Information About NE Distribution and LTE Cell Subscription...........................................................459
20.2.2 Synchronizing NE Subscription Information........................................................................................................ 461
20.3 Enabling the Trace Server to Process Data of an RNC with Extra-large Specifications..........................................464
20.3.1 Querying Master Partition Information................................................................................................................. 465
20.3.2 Configuring Master Partition Information.............................................................................................................465
20.3.3 Querying Overflow Partition Information............................................................................................................. 467
20.3.4 Configuring Overflow Partition Information........................................................................................................ 468
20.4 Configuring the Trace Server to Process Data of PS Domain NEs.......................................................................... 470
20.4.1 Configuring Boards as PS Boards......................................................................................................................... 471
20.4.2 Allocating PS Domain NEs................................................................................................................................... 471
20.4.3 Query PS Partition................................................................................................................................................. 477
20.4.4 Delete the PS Partition...........................................................................................................................................477
20.4.5 Activating Data Reporting of NEs in the PS Domain........................................................................................... 478
20.5 Managing Trace Server Load................................................................................................................................... 478
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xvii

U2000
20.5.1 Collecting Load Statistics...................................................................................................................................... 479

20.5.2 Collecting Data Traffic Statistical Results of NEs................................................................................................ 482
20.5.3 Setting the Trace Server Flow Control Switch...................................................................................................... 484
20.6 Fault Locating and Handling.................................................................................................................................... 485
20.6.1 Collecting Service Logs.........................................................................................................................................486
20.6.2 Analyzing Data Abnormality.................................................................................................................................487
20.7 Configuring the LTE Cell Management Capability..................................................................................................489
20.8 Managing the NEs in Trace Server...........................................................................................................................491
20.8.1 Querying Subarea Information of NEs Managed by the Trace Server..................................................................491
20.8.2 Migrating NEs in the Trace Server System (U2000 Client)..................................................................................492
20.8.3 Migrating NEs in the Trace Server System (Maintenance and Measurement Tool)............................................. 495
21 Backing Up and Restoring the U2000.................................................................................. 498

21.1 Description of Policies on U2000 Backup and Restore........................................................................................... 499
21.1.1 Hierarchy of Data for Backup and Restore............................................................................................................499
21.1.2 Storage Medium for Backup Data......................................................................................................................... 500
21.1.3 Policies on Backup and Restore of the Operating System Data............................................................................501
21.1.4 Policies on Backup and Restore of the Static Data............................................................................................... 502
21.1.5 Policies on Backup and Restore of the Dynamic Data.......................................................................................... 504
21.2 Backing Up the U2000 (Static Data and Operating System Data, ATAE Cluster System)......................................505
21.3 Backing Up the U2000 (Dynamic Data).................................................................................................................. 509
21.3.1 Periodically Backing Up U2000 Dynamic Data (ATAE)...................................................................................... 509
21.3.2 Manually Backing Up U2000 Dynamic Data (ATAE).......................................................................................... 511
21.3.3 Setting Policies for Saving Dynamic Data Backup Packages............................................................................... 512
21.4 Restoring the U2000 (ATAE Cluster System).......................................................................................................... 513
22 U2000 Routine Maintenance..................................................................................................522

22.1 Daily Maintenance Operations................................................................................................................................. 523
22.1.1 Checking the Status of U2000 Resources..............................................................................................................523
22.1.2 Checking the Status of Performance Measurement...............................................................................................525
22.1.3 Checking Performance Result Loss.......................................................................................................................526
22.1.4 Checking Alarm Reception................................................................................................................................... 527
22.1.5 Checking the NMS Connection............................................................................................................................. 527
22.1.6 Checking the Functionality of the Alarm Box.......................................................................................................527
22.1.7 Checking OSS Alarms and Events........................................................................................................................ 528
22.1.8 Checking the Connection Status Between the U2000 and NEs............................................................................ 530
22.1.9 Checking the U2000 Operation Logs.................................................................................................................... 531
22.1.10 Checking the U2000 System Logs...................................................................................................................... 532
22.1.11 Checking the Disk Usage of the Server............................................................................................................... 532
22.1.12 Checking the States of U2000 Databases............................................................................................................ 533
22.1.13 Checking the States of U2000 Services...............................................................................................................534
22.1.14 Checking Core Files............................................................................................................................................ 534
22.2 Weekly Maintenance Operations.............................................................................................................................. 535
22.2.1 Collecting Environment Information.....................................................................................................................535
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xviii

U2000
22.2.2 Collecting Locating Information........................................................................................................................... 537

22.2.3 Collecting Kdump Information of the Board........................................................................................................ 538
22.2.4 Checking the Configuration of Alarm Timing...................................................................................................... 539
22.2.5 Checking the Configuration of Automatic Log Dump.......................................................................................... 540
22.2.6 Checking the Synchronization Time of NE Log................................................................................................... 541
22.2.7 Checking the Configuration of the File Server .....................................................................................................541
22.2.8 Checking the Configuration of System Backup.................................................................................................... 542
22.2.9 Checking the Configuration of System Monitoring.............................................................................................. 543
22.2.10 Checking the Synchronization Time of NE Configuration................................................................................. 556
22.2.11 Checking the Threshold of Network Management Capability............................................................................ 557
22.2.12 Backing Up the U2000 System (SUSE).............................................................................................................. 557
22.2.13 Checking the U2000 Server Time....................................................................................................................... 558
22.3 Monthly Maintenance Operations............................................................................................................................ 558
22.3.1 Check Whether Application Resources Are Switched to the Standby Node........................................................ 558
22.3.2 Checking Basic Software Versions........................................................................................................................561
22.3.3 Checking the Running Status of Anti-Virus Software...........................................................................................563
22.3.4 Checking the Front Panel of a Disk Array............................................................................................................ 563
22.3.5 Checking the Status of the U2000 License............................................................................................................563
23 Hardware Routine Maintenance.......................................................................................... 565

23.1 Daily Maintenance Instructions................................................................................................................................566
23.1.1 Checking the Equipment Room Environment.......................................................................................................566
23.1.2 Checking PDB Status............................................................................................................................................ 566
23.2 Monthly Maintenance Instructions........................................................................................................................... 567
23.2.1 Checking Vacant Slots in a Shelf...........................................................................................................................567
23.2.2 Checking a Cabinet................................................................................................................................................567
23.2.3 Checking Spare Parts.............................................................................................................................................568
23.3 Yearly Maintenance Instructions.............................................................................................................................. 568
23.3.1 Checking the Grounding System........................................................................................................................... 569
23.3.2 Checking Cable Connections.................................................................................................................................570
24 U2000 Emergency Maintenance............................................................................................ 572

24.1 Emergency Maintenance of the Server.....................................................................................................................573
24.2 Emergency Maintenance of the U2000 Client..........................................................................................................573
25 U2000 Troubleshooting.......................................................................................................... 574

25.1 Procedure for Troubleshooting the U2000............................................................................................................... 575
25.2 Collecting Site and U2000 Software Information.................................................................................................... 576
25.2.1 Collecting the U2000 Site Information................................................................................................................. 576
25.2.2 Collecting the Time of U2000 Fault Occurrence...................................................................................................576
25.2.3 Collecting the IP Address of the U2000 Server.................................................................................................... 576
25.2.4 Collecting SUSE Version Information.................................................................................................................. 577
25.2.5 Collecting Oracle Version Information..................................................................................................................577
25.2.6 Collecting Sybase Version Information................................................................................................................. 578
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xix

U2000
25.2.7 Obtaining U2000 Version Information.................................................................................................................. 578

25.2.8 Collecting Fault Information................................................................................................................................. 579
25.2.9 Querying NE Partitions......................................................................................................................................... 580
26 General Operation...................................................................................................................582
26.1 Operations Performed on the Server........................................................................................................................ 583
26.1.1 Logging In to the Board by Using PuTTY............................................................................................................ 583
26.1.2 Logging In to the board by Using the KVM of the OSMU...................................................................................585
26.1.3 Viewing Device States by Using the OSMU.........................................................................................................588
26.1.4 Starting the OSMU Service................................................................................................................................... 590
26.1.5 Stopping the OSMU Service................................................................................................................................. 591
26.1.6 Viewing the OSMU Server Software Version....................................................................................................... 592
26.1.7 Viewing the U2000 Software Server Version........................................................................................................593
26.1.8 Checking the Operating System Version of Boards.............................................................................................. 594
26.1.9 Checking the Sybase Database Server Name........................................................................................................ 594
26.1.10 Changing All the Board's Time Manually........................................................................................................... 595
26.1.11 Generating Kdump Information of the Board......................................................................................................596
26.1.12 Transferring Files by Using FileZilla.................................................................................................................. 597
26.1.13 Solving the U2000 Backup or Restore Failure Problem..................................................................................... 599
26.1.14 Solving the U2000 Disk Space Shortage Problem.............................................................................................. 601
26.1.15 Uninstalling the U2000 Server Software.............................................................................................................602
26.1.16 Viewing VCS Resources Status...........................................................................................................................602
26.1.17 Checking the License of the Veritas.................................................................................................................... 603
26.1.18 Connecting the PC and SMM Board................................................................................................................... 605
26.1.19 Viewing and Setting the IP Addresses for the SMM Board................................................................................ 607
26.1.20 Uninstalling the NE Mediation Software by Using Commands..........................................................................611
26.1.21 Uninstalling the NE Mediation Software by Using the OSMU.......................................................................... 612
26.1.22 Starting the Services that Are Disabled by Default............................................................................................. 613
26.1.23 Configuring the ACL for the PortTrunking Service............................................................................................615
26.1.24 Switching the LMT Login Mode.........................................................................................................................619
26.1.25 Solving the Problem of the Port for the U2000 SyslogCollectorDM Service and the syslog Service Conflicts
.......................................................................................................................................................................................... 620
26.1.26 Checking Whether a User Has Logged In to the Board by Using KVM............................................................ 621
26.1.27 Downloading Files from the Specified Path on the Server................................................................................. 622
26.1.28 Uploading Files to the Specified Path on the Server........................................................................................... 624
26.1.29 Setting a DHCP Listening IP Address.................................................................................................................625
26.1.30 How Do I Unlock an Oracle Database Account?................................................................................................ 626
26.1.31 How Do I Unlock a Sybase Database Account?................................................................................................. 627
26.1.32 Enabling SUSE Linux Operating System Audit (SUSE10)................................................................................ 628
26.1.33 Enabling SUSE Linux Operating System Audit (SUSE11)................................................................................ 632
26.1.34 Disabling SUSE Linux Operating System Audit................................................................................................ 635
26.1.35 Setting the KVM..................................................................................................................................................635
26.1.36 Configuring the Iptables Firewall........................................................................................................................638
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xx

U2000
26.1.37 Setting the ACL of the OSMU Web Service (Optional)..................................................................................... 639
26.1.38 Disabling/Enabling the Proxy Function of the U2000 Server............................................................................. 641
26.1.39 Updating the ACL for Internal Ports on the U2000 Server................................................................................. 642
26.1.40 How Do I Resolve LTE Subscription and Data Reporting Failures.................................................................... 644
26.1.41 Collecting Device Asset Information.................................................................................................................. 645
26.2 Operations Performed on the PC.............................................................................................................................. 646
26.2.1 Setting Internet Explorer....................................................................................................................................... 646
26.2.2 Setting Firefox....................................................................................................................................................... 650
26.2.3 Solving the Problem that Web-based U2000 Services Fail to Be Started............................................................. 651
26.2.4 Solving the Problem that the U2000 Web Page Cannot be Opened......................................................................654
26.2.5 Logging In to the OSMU by Using a Web Browser..............................................................................................654
26.2.6 Logging In to the U2000 Client.............................................................................................................................656
26.2.7 Uninstall the U2000 Client Software.....................................................................................................................657
26.2.8 Checking the JRE Version on the PC.................................................................................................................... 658
26.2.9 Resolving the Problem that a System Error Occurs During the Performance Measurement Result Query Process
and Users Cannot Query the Performance Measurement Results.................................................................................... 659
26.2.10 Deploying Certificates on a Browser...................................................................................................................659
26.2.11 Setting Browser....................................................................................................................................................662
26.3 Operations on Disk Array.........................................................................................................................................663
26.3.1 Using PuTTY to Log In to the S3900 Disk Array.................................................................................................663
26.3.2 Connecting the PC and the S3900 Controller Enclosure.......................................................................................665
26.3.3 Checking the S3900 Disk Array Version...............................................................................................................668
26.3.4 Changing the Initial IP Address of the S3900 Controller Enclosure.....................................................................670
27 Appendix................................................................................................................................... 678
27.1 Default Users and Initial Passwords......................................................................................................................... 680
27.2 Partitioning of Storage Space................................................................................................................................... 704
27.3 Default Host Names and IP Addresses of Boards.................................................................................................... 707
27.4 Default IP Addresses of Switching Boards.............................................................................................................. 710
27.5 Default IP Addresses of SMM Boards..................................................................................................................... 712
27.6 Default IP Addresses of the S3900 Storage System.................................................................................................713
27.7 List of Web Access Paths......................................................................................................................................... 714
27.8 Introduction to U2000 Processes and Services.........................................................................................................716
27.9 Trace Server altogether cluster deployment related explanation..............................................................................717
27.10 U2000 Database......................................................................................................................................................717
27.10.1 BMSDB Database................................................................................................................................................717
27.10.2 cmedb Database................................................................................................................................................... 718
27.10.3 cmedb1 Database................................................................................................................................................. 718
27.10.4 cmedb2 Database................................................................................................................................................. 719
27.10.5 eamdb Database................................................................................................................................................... 719
27.10.6 farsdb Database....................................................................................................................................................720
27.10.7 fmdb Database..................................................................................................................................................... 721
27.10.8 itfndb Database.................................................................................................................................................... 722
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xxi

U2000
27.10.9 logdb Database.................................................................................................................................................... 722

27.10.10 omcdb Database.................................................................................................................................................723
27.10.11 pmcomdb Database............................................................................................................................................724
27.10.12 pmdb Database.................................................................................................................................................. 726
27.10.13 smdb Database................................................................................................................................................... 727
27.10.14 sumdb Database................................................................................................................................................. 729
27.10.15 swmdb Database................................................................................................................................................ 732
27.10.16 topodb Database................................................................................................................................................ 732
27.10.17 sqlite Database................................................................................................................................................... 733
27.10.18 OMSMODEL Database.....................................................................................................................................733
27.10.19 OMSSYS Database............................................................................................................................................734
27.10.20 OMSSM Database............................................................................................................................................. 735
27.10.21 IEMPEAM Database......................................................................................................................................... 736
27.10.22 Database Associated with Transport NEs, Switches, Routers, and Security NEs.............................................738
27.10.23 Database Related to the Site Power Management Application......................................................................... 738
Issue 05 (2016-08-30) Huawei Proprietary and Confidential xxii

U2000
ATAE Cluster System Administrator Guide (SUSE) 1 Powering On and Powering Off the System
1 Powering On and Powering Off the System
About This Chapter
This section describes how to power on and power off the U2000 in a specified sequence to
ensure system security.
1.1 Powering On the System

This section describes how to power on the cabinet and all devices in the cabinet, and start
them in a specified sequence. The devices to be started are switches, disk arrays, and ATAE
subracks.
1.2 Powering Off the System
This section describes how to power off the U2000 system. You need to power off the devices
related to the U2000 in the cabinet in a specified sequence.
Issue 05 (2016-08-30) Huawei Proprietary and Confidential 1

U2000
1.1 Powering On the System

This section describes how to power on the cabinet and all devices in the cabinet, and start
them in a specified sequence. The devices to be started are switches, disk arrays, and ATAE
subracks.
Prerequisites
You have applied for an account at http://support.huawei.com and are authorized to
download related reference documents.
Context
NOTICE
For an ATAE cluster online remote HA system:
l You need to power on the system to be used as the active site.
l The procedure for powering on active site is the same as that for powering on standby
site.
Procedure
Step 1 Log in to http://support.huawei.com.
Step 2 Obtain the ATAE Cluster System Product Documentation used with the OSMU version by
accessing Product Support > Wireless Network > SingleOSS-MBB > SingleOSS-MBB >
M2000-Common > iManager OSMU.
Step 3 Power on the U2000 system by following instructions provided in Reference > General
Operation > Powering On the System in ATAE Cluster System Product Documentation.
----End
1.2 Powering Off the System

This section describes how to power off the U2000 system. You need to power off the devices
related to the U2000 in the cabinet in a specified sequence.
Prerequisites
You have applied for an account at http://support.huawei.com and are authorized to
download related reference documents.

U2000
Context
NOTICE
For an ATAE cluster online remote HA system:
l You need to power off the active site first.
l The procedure for powering off active site is the same as that for powering off standby
site.
Procedure
Step 1 Log in to http://support.huawei.com.
Step 2 Obtain the ATAE Cluster System Product Documentation used with the OSMU version by
accessing Product Support > Wireless Network > SingleOSS-MBB > SingleOSS-MBB >
M2000-Common > iManager OSMU.
Step 3 Stop U2000 services.
Check whether U2000 services are running by following instructions provided in 4.1
Checking the U2000 Service Status. If U2000 services are running, stop them by following
instructions provided in 4.6 Stopping U2000 Services.
Step 4 Stop database services on the U2000.
Check whether database services are running by following instructions provided in 4.1
Checking the U2000 Service Status. If database services are running, stop them by
following instructions provided in 4.4 Stopping the Database Service.
Step 5 Power off the U2000 boards by using the OSMU.
1. In the main window of the OSMU, choose Device Management > Hardware Device >
Board in the navigation tree.
2. Select the check boxes in front of the U2000 boards to be powered off. Then, click
Power Off.
You can check the task execution status in the Centralized Task Management area.

U2000
NOTICE
– When the Oracle database is used, you also need to select the service board whose
System is U2000, the DB board whose System is U2000DB, and the standby
database board whose System is Standby, Subsystem is Standby, and Cluster
Name is DBCluster.
– When the Sybase database is used, you also need to select the service board whose
System is U2000, the DB board whose System is U2000DB, and the standby board
whose System is Standby, Subsystem is Standby, and Cluster Name is
U2000Cluster.
– If the U2000 shares the standby DB board with other products (such as PRS and
Nastar), powering off the standby DB board affects the other products.
To continue to use other products, power on the standby database board after
powering it off.
– Based on the service volume, powering off the service boards takes about 30 to 60
minutes.
3. In the left pane of the OSMU, expand the Device Management navigation tree and
select a rack number under the Device Panel node. On the rack tab page in the right
pane, check the status of all boards to be powered off.
After the power-off task is complete in the Centralized Task Management area, verify
that the boards to be powered off are in the Powered Off state.
Step 6 Power off the OSMU board, subracks, disk arrays, switches, and cabinet by following
instructions provided in Reference > General Operation > Powering Off the System in
ATAE Cluster System Product Documentation.
When the U2000 is deployed together with other products (such as PRS and Nastar) in a
subrack, powering off the subrack affects other products. If you do not need to power off the
boards of other products, skip this step.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 2 Configuring the Parameters of the U2000 Server
2 Configuring the Parameters of the U2000

Server
About This Chapter
This section describes how to change the IP addresses and routes of the U2000 server and
configure U2000 service network plane ports.
2.1 Changing the Public IP Address of the U2000 Server

This section describes how to change the public IP addresses of U2000 boards, including the
public IP addresses of service boards and the public IP addresses of DB board. This ensures
that the public IP addresses of the servers meet the actual needs.
2.2 Setting the Routes of the U2000 Server
This section describes how to query, add, modify, or delete a route.
2.3 Configuring the Service Network Plane Ports of the U2000 Server
This section describes the connection between the service network plane and the service
network plane IP address for the U2000 server. If the U2000 service network plane isolation
solution is not used, skip this section.
2.4 Changing the IP Addresses and Routes for the Service Network Plane of the U2000
Server
This section describes how to change the IP addresses and routes for the service network
plane of the U2000 servers. Ensures that the IP addresses and routes for the service network
plane of the U2000 servers meet the actual needs.
2.5 Deleting the Network Interface for the Service Network Plane of the U2000 Server
This section describes how to delete the network interface for the service network plane of the
U2000 server .

U2000
2.1 Changing the Public IP Address of the U2000 Server

This section describes how to change the public IP addresses of U2000 boards, including the
public IP addresses of service boards and the public IP addresses of DB board. This ensures
that the public IP addresses of the servers meet the actual needs.
Prerequisites
l You have logged in to the OSMU using a web browser. For details, see 26.2.5 Logging
In to the OSMU by Using a Web Browser.
l You have obtained the new public IP addresses of the U2000 server.
l You need to check the backup status of the emergency system if the emergency system is
configured in the ATAE cluster system. For details, see Changing the IP Address of
Backup Resources in the Emergency System in U2000 ATAE Cluster Emergency System
User Guide.
l You are not allowed to change the public IP address when a dynamic data backup task is
running.
Context
When the OM network requires reassignment of IP addresses or relocating, you need to
change the IP address of the U2000 server. Therefore, the OM network can be easily managed
and maintained and becomes open and flexible. In addition, the scalability and evolution
capability of the network are improved.
When you are changing the IP address of the U2000 server, the performance data and alarm
data of the managed NEs cannot be processed. If the IP address of the U2000 server is
recorded in an NE database, changing the IP address of the U2000 server results in
disconnection between the U2000 server and the NE. Therefore, if you need to change the IP
address of the U2000 server, ask NE maintenance engineers to modify relevant plans and
update the IP address of the U2000 server recorded in the NE database. After you change the
IP address, the U2000 collects performance data and alarm data again through automatic
synchronization and then processes the data.

U2000
NOTICE
l After the public IP address of the U2000 server is changed, back up OS data, static data
and dynamic data. For detailed operations, see 21 Backing Up and Restoring the U2000.
If you do not back up OS data, static data and dynamic data, the original data may be
restored during subsequent restoration operations, causing IP address inconsistency
recorded in the OS data, static data and dynamic data. As a result, some U2000 functions
become invalid.
l You need to reconfigure route after changing the IP addresses to one on another network
segment.
l The method of changing the board's internal IP address applies only when the connected
network is within the network segment range from 192.168.0.0 to 192.168.255.255 and the
internal IP address of the ATAE board configured by default before delivery has been used
by another device. In other scenarios, you are advised not to change the board's internal IP
address. In case you need to change the board's internal IP address, contact Huawei
technical support.
Procedure
Step 1 Check whether the new IP address is in use.
On the PC whose IP address is on the same network segment as the new IP addresses, open
the cmd window and run the ping command to check whether the new IP addresses are in
use:
l If the IP addresses can be pinged, they are in use. When this occurs, use other IP
addresses.
l If the IP addresses cannot be pinged, they are available for use. Perform the following
steps.
Step 2 Run the following commands to check whether security hardening has been performed for
internal ports of the U2000 server:
1. Use PuTTY to log in to the master, slave, and standby servers in SSH mode as user
ossuser.
2. Run the following command to switch to user root.
~> su - root
Password: Password of root
3. Run the following command to check the security hardening for internal ports of the
U2000 server:
# . /opt/oss/server/svc_profile.sh
# sec_adm -cmd queryIPTables
– If the system displays the following information, security hardening has been
performed for internal ports of the U2000 server. Perform security unhardening for
the service port by referring to 8.8 Performing Security Hardening/Unhardening
for Internal Ports of the U2000 Server and perform Step 3.
The security hardening rules have been set for internal ports on the OSS
server.

U2000
– If the system displays the following information, security hardening has not been
performed for internal ports of the U2000 server. Then, proceed with Step 3.
The security hardening rules have not been set for internal ports on the
OSS server.
Step 3 Run the following commands to check whether security hardening has been performed for the
U2000 database ports:
1. Use PuTTY to log in to the master server in SSH mode as user ossuser.
~> su - root
3. Run the following command to check the security hardening for the U2000 database
ports:
# cd /opt/oss/server/rancn/tools/DBIptables
# ./DBAccessControl.sh -q
performed for the U2000 database ports. Perform security unhardening for the ports
by referring to 8.9 Performing Security Hardening/Unhardening for U2000
Database Ports and perform Step 4.
DB ports have been hardened.
performed for the U2000 database ports. Then, proceed with Step 4.
Check DB ports have not been hardened.
Step 4 Perform the following operations by multiple interfaces.

U2000
If you need to... Then...
Change the public IP 1. In the left pane of the OSMU, expand the Device
addresses of U2000 Management navigation tree and select a rack number under
boards in batches. the Device Panel node.
2. On the rack tab page in the right pane, check the board status.
If any board is in the Faulty state, contact Huawei technical
support engineers.
– Before changing the public IP addresses of service boards,
ensure that all service boards of the U2000 product are in
the Active or Service Stopped state.
n If there are boards in the Normal state, stop the services
of these boards by referring to 4.6 Stopping U2000
Services.
n If there are boards in the Switched Over state, switch
resources for the boards based on their original active/
standby relationship by referring to 5.5 Switching
Resources Between U2000 Nodes Manually (Oracle)
or 5.6 Switching Resources Between U2000 Nodes
Manually (Sybase), and then stop the boards' services
by referring to 4.6 Stopping U2000 Services.
NOTE
This restriction applies when you want to change the public IP
address of a network interface of the service board whose
Usage is Default. If you want to change the public IP address
of the network interfaces used for other purposes, refer to
U2000 ATAE Cluster System Administrator Guide to learn the
restriction condition.
– If the public IP address of the network interface on the
board can be changed when the board service is
running,ensure that all service boards of the U2000 product
are in the Active or Service Stopped state.
If there are boards in the Switched Over state, switch
Resources Between U2000 Nodes Manually (Oracle) or
5.6 Switching Resources Between U2000 Nodes
Manually (Sybase).
NOTE
address of a network interface of the service board whose Usage is
Default. If you want to change the public IP address of the
network interfaces used for other purposes, refer to U2000 ATAE
Cluster System Administrator Guide to learn the restriction
condition.
3. In the left pane of the OSMU window, expand the Device
Management navigation tree and choose Hardware Device >
Network Interface.
4. On the Network Interface tab page, click Export.

U2000
5. When the system displays the message Export succeeded

click OK to export the network interface information.
The exported network interface information is stored in the
Port_Export_YYYYMMDDhhmmss.zip file that is displayed
on the Network Interface tab page as a hyperlink. YYYY
indicates year. MM indicates month. DD indicates date. hh
indicates hour. mm indicates minute. ss indicates second.
6. Click the Port_Export_YYYYMMDDhhmmss.zip hyperlink.
In the displayed dialog box, click Save to save the file to a
directory on the PC.
7. Decompress Port_Export_YYYYMMDDhhmmss.zip to
obtain the network interface information file Port_Export.xls.
8. On the Network Interface sheet of the network interface
information file Port_Export.xls, modify Public IP Address,
Public Subnet Mask/Prefix Length and save the
modification.
NOTICE
– You are not allowed to change public IP addresses for network
interfaces on the standby board.
– The public IP addresses of different network interfaces on the same
board must be on different network segments.
– You can change IP addresses by board or change all involved
service boards and DB boards IP addresses.
– You can change IP addresses by board when changing IP addresses
on the same network segment. However, you are advised to change
the IP addresses of all related service boards and DB boards to
ensure that all related IP addresses are changed.
9. Click Import.
10.In the displayed dialog box, select the network interface
information file Port_Export.xls in the xls, xlsx, or xlsm
format, and click Open to import the file.
To avoid import failures, do not perform any operations when
importing the network interface information file. When the
system displays Import succeeded. the file has been imported
successfully.
11. In the Centralized Task Management window, check the
operating status of the task for changing public IP addresses,
and perform operations based on the execution result.
– If Status of the task is Succeeded, public IP addresses have
been changed.
– If Status of the task is Failed, rectify the fault based on the
information in Remarks. Perform the preceding steps. If
Status is still Failed, contact Huawei technical support.

U2000
Change the public IP 1. In the left pane of the OSMU, expand the Device
addresse of oneU2000 Management navigation tree and select a rack number under
board in batches. the Device Panel node.
2. On the rack tab page in the right pane, check that the status of
each board meets the requirement for the following scenarios.
If any device is in the Faulty state, contact Huawei technical
support.
NOTICE
If the status of a board is inconsistent with that described below, setting
the public IP address of the U2000 server will fail.
a. Ensure that all U2000 service boards are in the Service
Stopped state.
n If there are boards in the Normal state, stop the U2000
services by referring to 4.6 Stopping U2000 Services.
n If there are boards in the Switched Over state, switch
Manually (Sybase), and then stop the U2000 services
b. Before changing the public IP addresses of the U2000 DB
boards, check the status of all U2000 service boards and
DB boards as follows:
n Ensure that all U2000 service boards are in the Service
Stopped state.
○ If there are boards in the Normal state, stop the
U2000 services by referring to 4.6 Stopping U2000
Services.
○ If there are boards in the Switched Over state,
switch resources for the boards based on their
original active/standby relationship by referring to
Manually (Oracle) or 5.6 Switching Resources
Between U2000 Nodes Manually (Sybase), and
then stop the U2000 services by referring to 4.6
Stopping U2000 Services.
n Ensure that the DB board is in the Normal state.
○ If there are boards in the Switched Over state,
switch resources for the boards based on their
original active/standby relationship by referring to
Manually (Oracle) or 5.6 Switching Resources
Between U2000 Nodes Manually (Sybase).

U2000
○ If there are boards in the Service Stopped state, start

the U2000 DB services by referring to 4.3 Starting
the Database Service.
Network Interface.
4. On the Network Interface tab page, select the network
interfaces for which you want to change public IP addresses,
and click Modify. The Modify Network Interface dialog box
is displayed.
NOTICE
– The public IP addresses of different network interfaces on the same
– The master node and standby node in a cluster system share one
public IP address. Therefore, you do not need to select the board
where the standby node is located when changing the IP address.
– When you set the IP addresses to those on a different network
segment, you must change the IP addresses of all boards
(excluding the standby board) of a service system simultaneously.
You cannot change the IP addresses of only certain boards of a
service system to those on a different network segment. The IP
addresses planned on site are usually on the different network
segments from the IP addresses planned before delivery. Therefore,
you are advised to select all boards (excluding the standby board)
to change their IP addresses.
– If you change the IP addresses on the same network segment, you
can select one or multiple boards to change their IP addresses.
– The IP address of a board must be unique. If identical IP addresses
are configured, change them.
5. In the network interface list, change Public IP Address and
Public Subnet Mask/Prefix Length for the network
interfaces, and click OK. In the next displayed dialog box,
click OK.
NOTE
You can change either the Public IP Address or the Public Subnet
Mask.
– If Status of the task is Succeeded, public IP addresses have
been changed.
Step 5 Restart the U2000 services after the change. For details, see 4.5 Starting U2000 Services.
Step 6 After the U2000 services are restarted, please perform the following operation based on the
actual situation.

U2000
If... Then...
There is an NAT 1. Use PuTTY to log in to the OSMU board in SSH mode as
device between the osmuuser. For detailed operations, see 26.1.1 Logging In to
U2000 server and the Board by Using PuTTY.
U2000 client 2. Run the following command to switch to user root.
~> su - root
3. Modify the /etc/hosts file on the OSMU board.

# vi /etc/hosts
Ensure that the /etc/hosts file contains the following
information:
Public IP address of the OSMU board Host alias
of the OSMU board
Public IP address of the master U2000 service
board Host alias of the master U2000 service
board
For example, if the public IP addresses of the OSMU board and

the master U2000 service board are 10.10.11.9 and
10.10.11.10, the host alias of the OSMU board and the
master U2000 service board are osmu-SR5S1 and osssvr-
SR5S2. replace them based on the site requirements. The /etc/
hosts file that you have modified contains the following
information:
10.10.11.9 osmu-SR5S1
10.10.11.10 osssvr-SR5S2
After the /etc/hosts file is modified, press Esc to switch to the

CLI. Then, run the :wq! command to save the file and exit.
4. Run the following command to restart the OSMU service.
# rcosmu restart
If the system displays the following information, the OSMU
service is started. Otherwise, contact Huawei technical support.
Starting OSMU service: done
5. Reconfigure the NAT table on the NAT device (such as the

firewall).
There is an NAT Reconfigure the NAT table on the NAT device (such as the
device between the firewall).
U2000 server and
NEs
----End
Follow-up Procedure
l After you change the server IP address, check whether the IP address change has impacts
on communication between the U2000 server and other devices (such as Nastar and
PRS). If there are impacts, adjust the IP addresses of other devices based on the actual

U2000
situations. For details about how to change the IP addresses of other devices, see the
manual of each device.
l If the U2000 system is configured with the Trace Server independently deployed, you
also need to change the configuration file of the Trace Server. For details, see Changing
the Configuration of the U2000 Server Recorded in the Trace Server Configuration
File, Configuring IP Address-Host Name Mapping of the U2000 Server on the
Trace Server, Modifying the Alarm and Heartbeat Interfaces Between the OSMU
and U2000 in U2000 Trace Server User Guide (ATAE Cluster, Standalone).
l After the IP address of a U2000 service network plane where NEs are located is
modified, you need to reconfigure the mapping between the IP address of the service
network plane and the NEs managed by the U2000. For detailed operations, see 2.3.7
Configuring Network Segments of NEs for Southbound IP Addresses of the U2000
Server.
l If the Trace Server is co-deployed with the U2000 in the ATAE cluster system, after the
IP address of a U2000 service network plane where NEs are located is modified, you
need to reconfigure the mapping between Trace Server boards and the U2000 mediation
service. For detailed operations, see 2.3.8 Configuring the Mapping Between the
Trace Server Boards and the U2000 Mediation Service.
l If the Trace Server is independently deployed, after the IP address of a U2000 service
network plane where NEs are located is modified, you need to modify the IP address of
Trace Server service network plane, please modify the IP address of Trace Server service
network plane first, For detailed operations, see Changing the IP Addresses of the
Default Network Port on Trace Server (After the Service Software Is Installed,
Cluster, ATAE) in U2000 Trace Server User Guide (ATAE Cluster, Standalone). Then
reconfigure the mapping between Trace Server boards and the U2000 mediation service.
For detailed operations, see Configuring the Mapping Between the Trace Server
Boards and the U2000 Mediation Service in U2000 Trace Server User Guide (ATAE
Cluster, Standalone).
l After you change the server IP address, if there is no hardware firewall, to increase the
U2000 system security, and reduce risks of attacks on the U2000 server, it is
recommended that you configure the OS firewall to perform security hardening on the
internal ports of the U2000 server and the U2000 database ports to ensure its security.
For details, see 8.8 Performing Security Hardening/Unhardening for Internal Ports
of the U2000 Server and 8.9 Performing Security Hardening/Unhardening for
U2000 Database Ports.
l After changing the IP addresses to one on another network segment, you need to
reconfigure the routes of the U2000 Server. For details, see 2.2 Setting the Routes of
the U2000 Server.
2.2 Setting the Routes of the U2000 Server

This section describes how to query, add, modify, or delete a route.
Prerequisites
l You have logged in to the OSMU on the PC. For detailed operations, see 26.2.5 Logging
l Information about configuring a route is available, such as the destination IP address,
gateway, and subnet mask.

U2000
Context
Table 2-1 describes the parameters for managing routes.
Table 2-1 Parameter description

Parameter Description
RN Number of the cabinet where a board is located.
SRN Number of the subrack where a board is located.
SN Number of the slot where a board is located.
Cluster Name The cluster to which the board belongs.
System OSMU, U2000, or database running on a board.
Subsystem Name of a system running on a board.
Network Name of a physical network interface on a board.

Interface
Usage Function of a network interface on a board. The default value is

Default.
Destination IP IP address of the destination network or host. You can provide the IP
address in dotted decimal. For example, 10.70.12.0 indicates that the IP
address of the destination network is 10.70.12.0. 10.70.12.30 indicates
that the IP address of the destination host is 10.70.12.30. When this
parameter is set to default or 0.0.0.0, the default route is used.
Gateway Gateway IP address of the network where the ATAE cluster system is
deployed.
Subnet Mask/ Subnet mask of the destination network of a board. Set this parameter
Prefix Length based on site requirements.
When this parameter Destination IP is set to default or 0.0.0.0, leave
the subnet mask empty.
Gateway Bond Whether to enable gateway link monitoring for network ports on a
Monitor board.
NOTE
If the gateways configured for a network interface on a board use the same IP
protocol, you can enable link monitoring of only one gateway.

U2000
NOTICE
If SN is set to ALL in Table 2-1, the Network Interface drop-down list displays only the
network ports used by the boards in the U2000 cluster. Therefore, if some boards in the
U2000 cluster use different network ports and you need to set routes for those boards, SN
must be set to the slot numbers of those boards and cannot be set to ALL. You can choose
Hardware Device > Network Interface and then view the network ports used by the boards
in the U2000 cluster on the Network Interface tab page.
Procedure
l Query a route.
a. In the left pane of the OSMU window, expand the Device Management navigation
tree and choose Hardware Device > Route.
b. On the Route tab page in the right pane, set Cluster name, SN, Network
interface, Usage, or Destination IP as required. Then, click Filter.
The route list on this tab page displays the routes that have been set. For
descriptions of the parameters on the tab page, see Table 2-1.
l Refresh routes.
b. On the Route tab page in the right pane, click Refresh and then you can view the
currently configured routes.
l Add a route.
a. Prepare the IP address, subnet mask or subnet prefix length of the destination
network by scenario and the gateway IP address of the network where the ATAE
cluster system is deployed.
NOTICE
If the the gateway IP address of the network where the ATAE cluster system is
deployed is not on the same network segment as public IP address of the board for
which you want to set a route, setting a route for the ATAE cluster system will fail.
b. In the left pane of the OSMU window, expand the Service System navigation tree
and choose Service Management > Board Services.
c. On the Board Services tab page in the right pane, check the running status of the
OGPU board for which you want to set the route. Ensure that the board is in any of
the following states: Normal, Standby, Service Stopped, and Switched Over.
NOTICE
If any OGPU board is in the Faulty state, contact Huawei technical support.

U2000
d. In the left pane of the OSMU window, expand the Device Management navigation
e. On the Route tab page in the right pane, click Add.
f. In the displayed Configure New Route dialog box, set a route by referring to Table
2-1, and click OK.
If SN is set to All, the Network Interface drop-down list displays only the network
ports used by the boards in the U2000 cluster. Therefore, if some boards in the
U2000 cluster use different network ports and you need to set routes for those
boards, SN must be set to the slot numbers of those boards and cannot be set to All.
You can choose Hardware Device > Network Interface and then view the
network ports used by the boards in the U2000 cluster on the Network Interface
tab page.
g. In the displayed dialog box, click OK.
h. In the Centralized Task Management window, check the operating status of the
task for add route, and perform operations based on the execution result.
n If Status of the task is Succeeded, route have been added.
n If Status of the task is Failed, rectify the fault based on the information in
Remarks. Perform the preceding steps. If Status is still Failed, contact
Huawei technical support.
l Modify a route.
a. Prepare the IP address, subnet mask or subnet prefix length of the destination
network by scenario and the gateway IP address of the network where the ATAE
cluster system is deployed.
NOTICE
If the the gateway IP address of the network where the ATAE cluster system is
deployed is not on the same network segment as public IP address of the board for
which you want to set a route, setting a route for the ATAE cluster system will fail.
b. In the left pane of the OSMU window, expand the Service System navigation tree
and choose Service Management > Board Services.
c. On the Board Services tab page in the right pane, check the running status of the
OGPU board for which you want to set the route. Ensure that the board is in any of
the following states: Normal, Standby, Service Stopped, and Switched Over.
NOTICE
If any OGPU board is in the Faulty state, contact Huawei technical support.
d. In the left pane of the OSMU window, expand the Device Management navigation
e. On the Route tab page in the right pane, select the route that you want to modify,
and click Modify.

U2000
f. In the Reconfigure Route dialog box, modify the Gateway and Subnet Mask/
Prefix Length, and click OK.
g. In the displayed dialog box, click OK.
h. In the Centralized Task Management window, check the operating status of the
task for modify route, and perform operations based on the execution result.
n If Status of the task is Succeeded, route have been modified.
l Delete a route.
b. On the Route tab page in the right pane, select the route that you want to delete, and
click Delete.
c. In the displayed dialog box, click Yes, and click OK.
d. In the Centralized Task Management window, check the operating status of the
task for delete route, and perform operations based on the execution result.
n If Status of the task is Succeeded, route have been deleted.
----End
2.3 Configuring the Service Network Plane Ports of the

U2000 Server
This section describes the connection between the service network plane and the service
network plane IP address for the U2000 server. If the U2000 service network plane isolation
solution is not used, skip this section.
NOTE
l If the service network plane isolation solution is used, after configuring the service network plane
ports of the U2000 server, you need continue to configure the service network plane ports of the
Emergency System Server. For details, see Configuring the Service Network Plane Ports of the
Emergency System Server in U2000 ATAE Cluster Emergency System User Guide.
l If the service network plane isolation solution is used, after configuring the service network plane
ports of the U2000 server, you need continue to configure the service network plane ports of the
Trace Server. For details, see Configuring the Service Network Plane Ports of the Trace Server
in U2000 Trace Server User Guide (ATAE Cluster, Standalone).
2.3.1 Overview of the U2000 Service Network Plane Isolation

Solution
The U2000 service network plane isolation solution is a networking solution intended for
enhancing network security, which allows network devices (such as NEs, NMS, clients, and
other applications) on different network segments to communicate with each other. This
solution aims to provide users with more stable broadband and voice services. Operators

U2000
isolate NE devices and enhance NE device protection to protect the devices against invasions
and attacks from the network.
In the U2000 service network plane isolation solution, the OSS uses a dedicated IP address to
communicate with network devices on a network segment and uses different IP addresses on
other network segments to communicate with NE or non-NE devices on different network
segments, such as NMS and clients, thereby achieving network isolation. This solution
requires that the OSS support IP addresses of different network segments.
In Figure 2-1, service network planes 1, 2, 3, and 4 belong to different network segments,
which are isolated from each other. The U2000 server communicates with upper-layer
applications A and B on service network plane 1. The U2000 server communicates with
upper-layer applications C and D on service network plane 2. The U2000 server
communicates with NEs A and B on service network plane 3. The U2000 server
communicates with NE C on service network plane 4.
Figure 2-1 Networking diagram of the U2000 service network plane isolation solution

U2000
NOTICE
l Both the U2000 service network plane isolation solution and network address translation
(NAT) solution are used to achieve network isolation and improve network security. The
two solutions cannot be used concurrently. The U2000 provides supported solutions for
the two solutions. You can deploy as required.
l Due to port restrictions, the U2000 supports a maximum of two service network planes
when it uses the solution of 3200 equivalent NEs. The U2000 supports a maximum of
three service network planes when it uses other equivalent NE solutions.
l Due to port restrictions, a maximum of two service network planes are supported when
you use Ethernet optical ports to connect to the customer's network. A maximum of three
service network planes are supported when you use network cables to connect to the
customer's network.
l Newly added service network planes include southbound and northbound planes. The
southbound plane is used to communicate with NEs. The northbound plane is used to
communicate with the file interfaces, command line interfaces, alarm streaming interfaces,
LDAP and RADIUS security interfaces on northbound network devices.
l The IP addresses of different service network planes must be on different network
segments.
l The master service board and standby service board must be configured with all service
network planes. A slave service board can be configured with one or more service network
planes.
2.3.2 Connecting the Service Network Plane Ports of the U2000

Server to Switches
This section describes how to connect U2000 service network plane ports to switches. All
ports on a service network plane belong to the same VLAN.
Prerequisites
l Network cables and cable ties are available for use.
l Diagonal pliers are available for use.
l The network ports of the new service network planes and switch VLANs have been
planned.
Context
NOTICE
l You do not need to perform operations related to standby boards if they do not exist.
l All service network planes must be configured for the master and standby service boards.
One or more service network planes can be configured for slave service boards. Connect
cables on the boards based on the actual planning.

U2000
Each time you add a service network plane for the U2000, plan a VLAN for switches first and
then route network cables from the U2000 service board and standby service board to the
corresponding VLAN of the switches.
The two switches require the same number of ports. The number of ports on the switches
required by the newly planned VLAN depends on the number of U2000 service boards and
standby service boards:
l Number of VLANs to plan = Number of service network planes to add
l Maximum number of network ports required by a switch = (Number of U2000
service boards + Number of standby service boards) x Number of VLANs to plan
In the following examples, there are three U2000 service boards and one standby service
board; three service network planes are added. Calculate the number of ports and plan VLANs
based on actual conditions.
Three VLANs need to be planned for each switch. Each switch requires 12 ports: (3 + 1) x 3 =
12. Table 2-2 describes the VLAN planning for a switch.
Table 2-2 VLAN planning for a switch

VLAN 2 VLAN 3 VLAN 4 VLAN 1
Ports LAN05 to Ports LAN011 to Ports LAN17 to The other ports on

LAN08 on the LAN14 on the LAN20 on the the switch are used
switch are used for switch are used for switch are used for for this VLAN.
this VLAN. this VLAN. this VLAN.
Reserved network Reserved network Reserved network
port LAN09 is used port LAN15 is used port LAN21 is used
for connecting the for connecting the for connecting the
Trace Server to the Trace Server to the Trace Server to the
customer's network. customer's network. customer's network.
for cascading for cascading for cascading
switches. switches. switches.
Figure 2-2 shows the rear transition module (RTM) of the U2000 service board and standby
service board.

U2000
Figure 2-2 Ports on the RTM of the U2000 service board and standby service board
Procedure
Step 1 Determine the total number of U2000 service boards and standby service boards and the slots
for housing the boards. Then, make two labels for each board based on the following rules:
l The labels for the U2000 boards in the subrack (XY-MPS-1-5) are named as follows:
<number of the slot for the board>.a, <number of the slot for the board>.b,
<number of the slot for the board>.c, <number of the slot for the board>.d,
<number of the slot for the board>.e and <number of the slot for the board>.f.
l The labels for the U2000 boards in the subrack (XY-EPS-1-6) are named as follows:
<14+number of the slot for the board>.a, <14+number of the slot for the board>.b,
<14+number of the slot for the board>.c, <14+number of the slot for the board>.d,
<14+number of the slot for the board>.e and <14+number of the slot for the
board>.f.
Step 2 Connect network ports of U2000 service boards and standby service boards to network ports
of the corresponding VLANs ports of the switches based on the following rules:
Each service board has six network ports, including three groups of ports. The two ports in
each group work in redundancy mode and form a logical port. When adding a service network
plane, route network cables from a group of unused ports on the U2000 service board and
standby service board to the corresponding ports on the switch. The following table lists the
port mapping and grouping.

U2000
Table 2-3 Port mapping and grouping

Port Name Logical Port Name
Card2 (PMC2)LAN0 and Card4 (PMC4) bond2

LAN1
Card2 (PMC2) LAN1 and Card3 (PMC3) bond3

LAN1
Card3 (PMC3)LAN0 and Card4 (PMC4) bond4

LAN0
To add three service network planes for U2000 boards:

l Connect Card2 (PMC2)-LAN0 of each U2000 board to VLAN2 ports of the LSW-1
switch in sequence.
switch in sequence.
switch in sequence.
switch in sequence.
switch in sequence.
switch in sequence.
Example: When the U2000 provides a management capacity of 800 equivalent NEs, service
boards and standby service boards are located in slots 2, 3, 4, and 5 of the XY-MPS-1-5
subrack. Connections between the U2000 and the are shown in Figure 2-3 after the U2000 is
connected to the network according to Table 2-4.
NOTICE
l XY in label in following description is a random number generated at delivery. You need
to select the cabinet, subrack, board, disk array, and cables with the same random number
for onsite installation. For example, in a cabinet having the label AB-MPRII-1, the label of
main processing subrack (MPS) is AB-MPS-1-5 and the label of the board in slot 1 is AB-
MPS-1-5-1.
l Figure 2-3 in the following provide cable connections when devices are fully configured
in the cabinet. If devices in the cabinet are not fully configured in actual situations,
connect only the actually configured devices and ignore the connections for unconfigured
devices. Check the locations of the actually configured devices and labels before
connecting the cables.

U2000
Table 2-4 Mapping between ports on U2000-related boards and those on the switches
U2000- Slot Port on the Cable Label Port on the
related U2000-related Switches
Board Board
Label
XY- 2 Card2 (PMC2)- 2.a LSW-1 LAN05

MPS-1-5- LAN0
2
Card4 (PMC4)- 2.f LSW-0 LAN05
LAN1
XY- 2 Card2(PMC2)- 2.b LSW-1 LAN11

MPS-1-5- LAN1
2
Card3 (PMC3)- 2.d LSW-0 LAN11
LAN1
XY- 2 Card3 (PMC3)- 2.c LSW-1 LAN17

MPS-1-5- LAN0
2
Card4 (PMC4)- 2.e LSW-0 LAN17
LAN0

MPS-1-5- LAN0
3
LAN1

MPS-1-5- LAN1
3
LAN1

MPS-1-5- LAN0
3
LAN0

MPS-1-5- LAN0
4
LAN1

MPS-1-5- LAN1
4
LAN1

MPS-1-5- LAN0
4

U2000
U2000- Slot Port on the Cable Label Port on the

related U2000-related Switches
Board Board
Label

LAN0

MPS-1-5- LAN0
5
LAN1

MPS-1-5- LAN1
5
LAN1

MPS-1-5- LAN0
5
LAN0

U2000
Figure 2-3 Diagram of U2000 connecting to the southbound network
Step 3 Verify that each U2000 board connects to the switches properly.
l If the indicators for the Card2 (PMC2)-LAN0, Card2(PMC2)-LAN1, Card3 (PMC3)-
LAN0, Card3 (PMC3)-LAN1, Card4 (PMC4)- LAN0 and Card4 (PMC4)-LAN1
ports on each U2000 board are steady green or blink yellow, the board connects to the
switch properly.
l If the indicators for the Card2 (PMC2)-LAN0, Card2(PMC2)-LAN1, Card3 (PMC3)-
LAN0, Card3 (PMC3)-LAN1, Card4 (PMC4)- LAN0, and Card4 (PMC4)-LAN1
ports on each U2000 board are off, check that the board's cables are connected properly
as planned. Contact Huawei technical support if the cables are connected properly but
the indicators are still off.
----End

U2000
2.3.3 Planning Switches' VLANs by Port (S5352C-EI)

Each time a service network plane is added to the U2000, you need to plan virtual local area
networks (VLANs) on switches. This section describes how to configure two VLANs on
switches. This section uses S5352C-EI switch planned before delivery as an example. If
switches are replanned onsite, you need to configure VLANs based on site requirements.
Prerequisites
l A PC is available, including the serial port and RS-232 power cable.
l The cables of the U2000 hardware devices have been arranged properly. For detailed
operations, see 2.3.2 Connecting the Service Network Plane Ports of the U2000
Server to Switches.
l You have contacted Huawei technical support engineers to obtain PuTTY.zip at http://
support.huawei.com and decompressed it to your PC.
Huawei technical support engineers can quickly search for the tool package using its
name as the keyword after clicking Search by Category > Tools at http://
support.huawei.com.
Context
l The VLAN planning for network ports of the two switches is the same. Plan the VLANs
and network ports based on site conditions. Table 2-5 describes the VLAN planning for
a switch. In the following example, the U2000 management capability is 800 equivalent
NEs, and three service network planes are added to the U2000.

VLAN 2 VLAN 3 VALN 4 VLAN 1
Ports LAN05 and Ports LAN11 to Ports LAN17 to The other ports on
customer's customer's customer's
network. Reserved network. Reserved network. Reserved
network port network port network port
LAN10 is used for LAN16 is used for LAN22 is used for
cascading switches. cascading switches. cascading switches.
l Before using network cables to connect two switches on a newly added service network
plane to the customer's network, plan VLANs for the network ports on the two switches.
l Before using optical fibers to connect two switches on a newly added service network
plane to the customer's network, plan VLANs for the network ports and optical ports on
the two switches.
l If VLAN planning has been performed for the ports on switches, you can delete the
configurations of unused ports and then plan these ports to the newly added VLAN.

U2000
Procedure
Step 1 Use an RS-232 cable to connect the COM port on the PC to the console port on the switch.
Step 2 Connect the switch through a serial port using PuTTY.

1. Double-click putty.exe to start PuTTY.
2. Choose Connection > Serial from the navigation tree in the left pane on PuTTY. A
dialog box for setting the serial port connection parameters is displayed.
3. In the displayed dialog box, set the serial port connection parameters by referring to
Table 2-6.
Table 2-6 Description of connection parameters
Parameter Value
Serial line to Specify a serial port (for example, COM1) of the PC terminal
connect to to connect the PC terminal to the switch.
NOTE
The PC may contain several serial ports, and you can check the name
and number of the serial port by performing the following procedures:
On a PC running on Windows 7 operating system, choose Control
Panel and locate Device Manager. In the displayed Device Manager,
choose Port to check the name and number of the serial port.
Speed 9600
Data bits 8
Stop bits 1
Parity None
Flow control None
4. Choose Session from the navigation tree in the left pane. In the right pane, choose
Serial, and click Open.
NOTE
You do not need to enter the user name and password when logging in to a switch of an earlier
version. Therefore, security risks exist. To improve system security, upgrade the switch to the
latest version. For detailed operations, see the upgrade guide.
Step 3 Press Enter until the command-line prompt for the user view is displayed, for example,
<Quidway>.
Step 4 Plan VLANs based on the actual requirements.
If switches are connected to the customer's See Planning VLANs for network
network using network cables interfaces.
network using optical fibers interfaces and optical ports.

U2000
l Planning VLANs for network interfaces

a. Run the following command to open the system view:
<Quidway> system-view
[Quidway]
b. Run the following command to view all ports of a switch:

[Quidway] display current-configuration interface
In the command output, 0/0/X is the port number. 0/0/1 maps the LAN01 port
on the switch, 0/0/2 maps the LAN02 port, and so on.
#
interface gigabitethernet 0/0/1
stp edged-port disable
broadcast-suppression 14880
multicast-suppression 14880
unicast-suppression 14880
#
...
#
c. Run the following command to view the VLAN planning of a switch. If VLAN
planning is not performed for the switch, skip this step.
[Quidway] display port vlan
[Quidway] quit
If VLAN planning has been performed for certain ports on the switch, delete the
configurations of unused ports based on actual conditions. The following describes
how to delete the configurations. Port Gigabitethernet 0/0/2 is used as an example.
n Run the following commands to delete VLAN configurations:
[Quidway] interface GigabitEthernet 0/0/2
[Quidway-GigabitEthernet0/0/2] vlan 2
[Quidway-vlan2] undo port GigabitEthernet 0/0/2
[Quidway-vlan2] quit
[Quidway]
n Run the following commands to delete the link-type configurations of unused
ports:
[Quidway-GigabitEthernet0/0/2] undo port link-type
n Run the following command to check whether the port configurations have
been deleted:
[Quidway-GigabitEthernet0/0/2] display this

U2000
If the command output shows no configuration information starting with

"port", the configurations of these ports have been restored to the default
configurations.
[Quidway-GigabitEthernet0/0/2] quit
d. Plan VLANs for ports on the switch based on onsite planning as follows:
n Create a VLAN, for example, VLAN X. X indicates the VLAN ID.
[Quidway] vlan X
[Quidway-vlanX] quit
[Quidway]
n Add the ports planned for the newly added service network plane to VLAN X.
Set link-type of these ports to access. The following command use port
GigabitEthernet0/0/2 as an example:
[Quidway-GigabitEthernet0/0/2] port link-type access
n Add the ports planned for the newly added southbound or northbound plane to
VLAN X.
[Quidway] vlan X
[Quidway-vlanX] port gigabitethernet <port No.>
[Quidway]
e. Run the following commands to save the configuration:
[Quidway] quit
<Quidway> save
n When the following information is displayed, enter Y to save the configuration
on the switch.
The current configuration will be written to the device. Are you
sure to continue? [Y/N]
n When the following information is displayed, enter the file name to save the
switch configuration information in the form of a file package
Info: Please input the file name(*.cfg,*.zip)vrpcfg.zip
n Run the following command to check whether the switch configuration is
correct:
<Quidway> dis cur
If the switch configuration is incorrect, modify the configuration and save the
modified configuration.
l Planning VLANs for network interfaces and optical ports
[Quidway]


U2000
#
#
...
#
[Quidway] quit
[Quidway]
ports:
been deleted:
configurations.
[Quidway] vlan X

U2000
[Quidway]
VLAN X.
[Quidway] vlan X
[Quidway]
e. If switches are connected to the customer's network using optical fibers and
switches and the customer's network belong to different VLANs, each time you add
a southbound or northbound plane, you need to cascade optical ports of the switches
and plan VLANs for the optical ports used by the newly added southbound or
northbound plane. The following describes how to plan VLANs. Port
XGigabitEthernet 0/0/2 is used as an example.
[Quidway] interface XGigabitEthernet 0/0/2
[Quidway-XGigabitEthernet0/0/2] port link-type access
[Quidway-XGigabitEthernet0/0/2] quit
[Quidway] vlan X
[Quidway-vlanX] port XGigabitethernet 0/0/2
If optical ports are insufficient, configure a cascaded optical port as a trunk based
on site conditions. In this way, data exchange is allowed between the VLAN to
which that optical port belongs and the VLAN to which the southbound or
northbound network belongs. The following provides an example for the
configuration, in which the newly added service network plane belongs to VLAN 3
and cascaded port XGigabitEthernet 0/0/3 belongs to VLAN 2:
[Quidway-XGigabitEthernet0/0/3] port link-type trunk
[Quidway-XGigabitEthernet0/0/3] port trunk allow-pass vlan 2 to 3
f. Run the following commands to save the configuration:
[Quidway] quit
<Quidway> save
on the switch.

U2000
correct:
<Quidway> dis cur
----End
2.3.4 Planning Switches' VLANs by Port (S5310-52C-EI)

This section describes how to configure two virtual local area networks (VLANs) on
switches. This section uses S5310-52C-EI switch planned before delivery as an example. If
switches are replanned onsite, you need to configure VLANs based on site requirements.
Prerequisites
l A PC is available, including the serial port and RS-232 power cable.
l The cables of the U2000 hardware devices have been arranged properly. For detailed
operations, see 2.3.2 Connecting the Service Network Plane Ports of the U2000
Server to Switches.
support.huawei.com.
Context
l The VLAN planning for network ports of the two switches is the same. Plan the VLANs
and network ports based on site conditions. Table 2-7 describes the VLAN planning for
a switch. In the following example, the U2000 management capability is 800 equivalent
NEs, and three service network planes are added to the U2000.

U2000

VLAN 2 VLAN 3 VALN 4 VLAN 1
Ports LAN05 and Ports LAN11 to Ports LAN17 to The other ports on
customer's customer's customer's
network. Reserved network. Reserved network. Reserved
network port network port network port
LAN10 is used for LAN16 is used for LAN22 is used for
cascading switches. cascading switches. cascading switches.
l Before using network cables to connect two switches on a newly added service network
plane to the customer's network, plan VLANs for the network ports on the two switches.
l Before using optical fibers to connect two switches on a newly added service network
plane to the customer's network, plan VLANs for the network ports and optical ports on
the two switches.
l If VLAN planning has been performed for the ports on switches, you can delete the
configurations of unused ports and then plan these ports to the newly added VLAN.
Procedure
Step 1 Use an RS-232 cable to connect the COM port on the PC to the console port on the switch.
Step 2 Connect the switch through a serial port using PuTTY.

1. Double-click putty.exe to start PuTTY.
2. Choose Connection > Serial from the navigation tree in the left pane on PuTTY. A
dialog box for setting the serial port connection parameters is displayed.
3. In the displayed dialog box, set the serial port connection parameters by referring to
Table 2-8.

Parameter Value
Serial line to Specify a serial port (for example, COM1) of the PC terminal
connect to to connect the PC terminal to the switch.
NOTE
The PC may contain several serial ports, and you can check the name
and number of the serial port by performing the following procedures:
On a PC running on Windows 7 operating system, choose Control
Panel and locate Device Manager. In the displayed Device Manager,
choose Port to check the name and number of the serial port.
Speed 9600

U2000
Parameter Value
Data bits 8
Stop bits 1
Parity None
Flow control None
4. Choose Session from the navigation tree in the left pane. In the right pane, choose
Serial, and click Open.
NOTE
You do not need to enter the user name and password when logging in to a switch of an earlier
version. Therefore, security risks exist. To improve system security, upgrade the switch to the
latest version. For detailed operations, see the upgrade guide.
Step 3 Press Enter until the command-line prompt for the user view is displayed, for example,
<Quidway>.
Step 4 Plan VLANs based on the actual requirements.
network using network cables interfaces.
network using optical fibers interfaces and optical ports.
l Planning VLANs for network interfaces

[Quidway]

#
#
...
#

U2000
[Quidway] quit
[Quidway]
ports:
been deleted:
configurations.
[Quidway] vlan X
[Quidway]
VLAN X.
[Quidway] vlan X

U2000
[Quidway]
e. Run the following commands to save the configuration:
[Quidway] quit
<Quidway> save
on the switch.
correct:
<Quidway> dis cur
l Planning VLANs for network interfaces and optical ports
a. Restructure the optical ports of the switches. For details, see 2.3.5 Restructuring
Switch S5310-52C-EI.
b. Run the following command to open the system view:
[Quidway]
c. Run the following command to view all ports of a switch:

#
#
...
#
d. Run the following command to view the VLAN planning of a switch. If VLAN

U2000
[Quidway] quit
[Quidway]
ports:
been deleted:
configurations.
e. Plan VLANs for ports on the switch based on onsite planning as follows:
[Quidway] vlan X
[Quidway]
VLAN X.
[Quidway] vlan X
[Quidway]
f. If switches are connected to the customer's network using optical fibers and
switches and the customer's network belong to different VLANs, each time you add
a service network plane, you need to cascade optical ports of the switches and plan

U2000
VLANs for the optical ports used by the newly added service network plane. The
following describes how to plan VLANs. Port XGigabitEthernet 0/0/2 is used as an
example.
[Quidway-XGigabitEthernet0/0/2] port link-type access
[Quidway] vlan X
[Quidway-vlanX] port XGigabitethernet 0/0/2
If optical ports are insufficient, configure a cascaded optical port as a trunk based
on site conditions. In this way, data exchange is allowed between the VLAN to
which that optical port belongs and the VLAN to which the southbound or
northbound network belongs. The following provides an example for the
configuration, in which the newly added service network plane belongs to VLAN 3
and cascaded port XGigabitEthernet 0/0/4 belongs to VLAN 2:
[Quidway-XGigabitEthernet0/0/4] port link-type trunk
[Quidway-XGigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 3
g. Run the following commands to save the configuration:
[Quidway] quit
<Quidway> save
on the switch.
correct:
<Quidway> dis cur
----End
2.3.5 Restructuring Switch S5310-52C-EI

If the southbound network bandwidth is greater than 1GE, the original electrical ports on
switch S5310-52C-EI (S5310 for short) cannot meet the requirements. Therefore,
restructuring the electrical ports to 10GE optical ports is required. The restructuring operation
needs to be performed on two S5310 switches connected to the ATAE cluster system,
respectively.

U2000
Prerequisites
l The 2-port 10 GE optical interface cards are available.
l Optical modules for connecting switches to the telecom operator's network are available.
Procedure
Step 1 Remove the filler panel on the rear panel of the switch, such as positions 1 shown in Figure
2-5. Figure 2-4 and Figure 2-5 show the front view and rear view of the switch, respectively.
Figure 2-4 Physical appearance of switch S5310 (front view)
1 10/100/1000 BASE-T Ethernet electrical port 2 Ethernet management port

3 Mini USB port 4 Console port
5 10GE SFP+Ethernet optical port -
Figure 2-5 Physical appearance of switch S5310 (rear view)
1 Filler panel on the rear panel 2 Filler panel on the rear panel
Step 2 Insert the optical interface card into the rear card slot of the switch. Then, lower the ejector
lever and fasten the captive screws.
Step 3 Insert the optical modules to positions 1 shown in Figure 2-6, respectively.
Force each optical module into the position. If you hear a crack sound or feel a slight tremor,
the optical module is securely locked.

U2000
Figure 2-6 2-port 10GE SFP+ optical interface card
Port number Usage Type of the optical modules
1 Southbound optical port connecting to the customer's Based on the requirements.

network.
2 reserve. -
----End
2.3.6 Setting the IP Addresses and Routes for the Service Network
Plane of the U2000 Server
This section describes how to configure the IP addresses and routes for the service network
plane of the U2000 server. Configure the IP addresses for the service network plane based on
actual conditions. If the IP addresses for the service network plane do not need to be
configured, skip this section.
Prerequisites
l The U2000 server software has been installed.
l The IP addresses and subnet mask of the new service network planes have been planned.
Procedure
Step 1 Perform operations by scenario.

U2000
Query current network interfaces 1. In the left pane of the OSMU window, expand the
Device Management navigation tree and choose
Hardware Device > Network Interface.
2. On the Network Interface tab page, set Cluster
name, SN, Network interface, or Usage as
required. Then, click Filter.
The network interface list on this tab page displays
the network interfaces that have been set.
Query or set the network 1. In the left pane of the OSMU window, expand the
interface state Device Management navigation tree and choose
Hardware Device > Network Interface.
2. On the Network Interface tab page, select the
network interface whose state you want to query or
set.
3. Click Query Network Interface Status.
4. Information, such as the names of the network
interfaces bound with the current network
interface, names of network interfaces on the OS,
active/standby state, and connection state, is
displayed in the Query Network Interface Status
dialog box.
5. Select the required active/standby state in the
drop-down list of the Active/Standby Status
column and click OK.
NOTE
– You can change the active/standby state only of the
bond interface.
– Only one of a pair of network interfaces on a board
can be set to the active interface. To change the
standby interface to the active interface, you also
need to change the active interface to the standby
interface.
– When a network interface is in the Link Down state
and the active/standby state is --, you cannot change
its active/standby state.
6. In the Query Network Interface Status dialog
box, click OK.
On the Centralized Task Management tab page
in the lower part of the window, view the task
execution status. When Status is displayed as
Succeeded, network interface have been added.
Otherwise, contact Huawei technical support
engineers.

U2000
Add, delete, modify network Perform Step 2.

interfaces and modify interface
remarks in batches
Add, delete, modify one network Perform Step 3.

interface and modify interface
remarks
Step 2 Perform the following operations by multiple interfaces.

U2000
If you Then...
need to...
Add 1. Connect the interface you want to add and the port on the switch using a
network network cable.
interfaces 2. In the left pane of the OSMU window, expand the Service System
navigation tree and choose Service Management > Board Services.
3. On the Board Services tab page in the right pane, check whether the
board is running properly.
The board is running properly if it is in either of the following states:
– Normal
– Standby
4. In the left pane of the OSMU window, expand the Device Management
navigation tree and choose Device Information > Details.
5. On the Details tab page, select the U2000 service board and standby
service board to view the detailed information in the board list.
The detailed information about the selected board is displayed in the
Board details area. Ensure that the OEM part running status is
Running. Otherwise, contact Huawei technical support. After the problem
is resolved, you are allowed to perform the following steps.
navigation tree and choose Hardware Device > Network Interface.
7. On the Details tab page, select the board for which you want to add
network interfaces in the board list.
Running. Otherwise, contact Huawei technical support engineers. After
the problem is resolved, you are allowed to perform the following steps.
10. When the system displays the message Export succeeded click OK to
export the network interface information.
Port_Export_YYYYMMDDhhmmss.zip file that is displayed on the
Network Interface tab page as a hyperlink. YYYY indicates year. MM
indicates month. DD indicates date. hh indicates hour. mm indicates
minute. ss indicates second.
11. Click the Port_Export_YYYYMMDDhhmmss.zip hyperlink. In the
displayed dialog box, click Save to save the file to a directory on the PC.
NOTE
All service network planes must be configured for the master and standby service
boards. One or more service network planes can be configured for slave service
boards. Add network ports based on the actual planning.
12. Decompress Port_Export_YYYYMMDDhhmmss.zip to obtain the
network interface information file Port_Export.xls.

U2000
If you Then...
need to...
13. On the Network Interface sheet of the network interface information file
Port_Export.xls, set Status of the network interface to Use. Then, set
network interface parameters and save the settings.
14.Click Import.
15.In the displayed dialog box, select the network interface information file
Port_Export.xls in the xls, xlsx, or xlsm format, and click Open to
import the file.
To avoid import failures, do not perform any operations when importing
the network interface information file. When the system displays Import
succeeded. the file has been imported successfully.
16.In the Centralized Task Management window, check the operating
status of the task for adding network interfaces, and perform operations
based on the execution result.
– If Status of the task is Succeeded, network interfaces have been
added.
information in Remarks. Perform the preceding steps. If Status is still
Failed, contact Huawei technical support engineers.

U2000
If you Then...
need to...
Change 1. Change public IP addresses for network interfaces.

public IP a. Check whether the new IP address is in use.
addresses On the PC whose IP address is on the same network segment as the
for network new IP addresses, open the cmd window and run the ping command to
interfaces check whether the new IP addresses are in use:
n If the IP addresses can be pinged, they are in use. When this occurs,
use other IP addresses.
n If the IP addresses cannot be pinged, they are available for use.
Perform the following steps.
b. Plan public IP addresses and routes for the desired network interfaces.
c. In the left pane of the OSMU, expand the Device Management
navigation tree and select a rack number under the Device Panel node.
d. On the rack tab page in the right pane, check the board status.
If any board is in the Faulty state, contact Huawei technical support
engineers.
Before changing the public IP addresses of service boards, ensure that
all service boards of the U2000 product are in the Active or Service
Stopped state.
n If there are boards in the Normal state, stop the services of these
boards by referring to 4.6 Stopping U2000 Services.
n If there are boards in the Switched Over state, switch resources for
the boards based on their original active/standby relationship by
referring to 5.5 Switching Resources Between U2000 Nodes
Manually (Oracle) or 5.6 Switching Resources Between U2000
Nodes Manually (Sybase), and then stop the boards' services by
referring to 4.6 Stopping U2000 Services.
e. In the left pane of the OSMU window, expand the Device
Network Interface.
f. On the Network Interface tab page, click Export.
g. When the system displays the message Export succeeded click OK to
export the network interface information.
Port_Export_YYYYMMDDhhmmss.zip file that is displayed on the
Network Interface tab page as a hyperlink. YYYY indicates year. MM
indicates month. DD indicates date. hh indicates hour. mm indicates
minute. ss indicates second.
h. Click the Port_Export_YYYYMMDDhhmmss.zip hyperlink. In the
displayed dialog box, click Save to save the file to a directory on the
PC.
i. Decompress Port_Export_YYYYMMDDhhmmss.zip to obtain the
network interface information file Port_Export.xls.

U2000
If you Then...
need to...
j. On the Network Interface sheet of the network interface information

file Port_Export.xls, modify Public IP Address, Public Subnet
Mask/Prefix Length and save the modification.
NOTICE
n You are not allowed to change public IP addresses for network interfaces on
the standby board.
n The public IP addresses of different network interfaces on the same board
must be on different network segments.
n You need to select all related service boards and DB boards when changing
IP addresses from one network segment to another. Otherwise, the change
will fail.
n You can change IP addresses by board when changing IP addresses on the
same network segment. However, you are advised to change the IP
addresses of all related service boards and DB boards to ensure that all
related IP addresses are changed.
k. Click Import.
l. In the displayed dialog box, select the network interface information
file Port_Export.xls in the xls, xlsx, or xlsm format, and click Open
to import the file.
importing the network interface information file. When the system
displays Import succeeded. the file has been imported successfully.
m. In the Centralized Task Management window, check the operating
status of the task for changing public IP addresses, and perform
operations based on the execution result.
n If Status of the task is Succeeded, public IP addresses have been
changed.
n If Status of the task is Failed, rectify the fault based on the
information in Remarks. Perform the preceding steps. If Status is
still Failed, contact Huawei technical support.
2. Start U2000 services. For details, see 4.5 Starting U2000 Services.
3. Set routes for network interfaces whose public IP addresses have been
changed. For detailed operations, see 2.2 Setting the Routes of the
U2000 Server.
4. To check whether the southbound IP address or northbound IP address is
configured successfully, perform the following operations:
a. Log in to the U2000 master service board and all slave service boards
as user ossuser in SSH mode using PuTTY.
b. Run the following command to switch to user root.
~> su - root
c. Run the following command:

# ifconfig bond2

U2000
If you Then...
need to...
NOTE
Logical port names vary by newly added ports. For details about the port
mapping, see Table 2-3 in 2.3.2 Connecting the Service Network Plane Ports
of the U2000 Server to Switches. The following uses logical port bond2 as an
example:
bond2 Link encap:Ethernet HWaddr 00:25:9E:B5:F6:E8
inet addr:172.16.139.227 Bcast:172.16.139.255
Mask:255.255.254.0
inet6 addr: fe80::225:9eff:feb5:f6e8/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500
Metric:1
RX packets:647081 errors:0 dropped:0 overruns:0
frame:0
TX packets:2747 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:0
RX bytes:45476425 (43.3 Mb) TX bytes:177108 (172.9
Kb)
If the displayed IP address and subnet mask are consistent with the
actual ones, you have configured the IP address successfully.
Otherwise, contact Huawei technical support.
Step 3 Perform the following operations by a single interface.

U2000
If you Then...
need to...
Add 1. Connect the interface you want to add and the port on the switch using a
network network cable.
interfaces 2. In the left pane of the OSMU window, expand the Service System
navigation tree and choose Service Management > Board Services.
3. On the Board Services tab page in the right pane, check whether the
board is running properly.
The board is running properly if it is in either of the following states:
– Normal
– Standby
navigation tree and choose Device Information > Details.
5. On the Details tab page, select the U2000 service board and standby
service board to view the detailed information in the board list.
Running. Otherwise, contact Huawei technical support. After the problem
is resolved, you are allowed to perform the following steps.
7. On the Network Interface tab page, click Add.
8. In the displayed Add Network Interface dialog box, select Bond Dual
Network Interfaces, and click Next.
9. The Filter function helps you quickly find network ports to be added.
a. Select the corresponding network port name from the Network
Interface drop-down list. For the mapping between network port
names and logical network ports, see Table 2-3 in 2.3.2 Connecting
the Service Network Plane Ports of the U2000 Server to Switches.
b. Select the usage for the network port to be added from the Usage drop-
down list, and click Filter.
c. Select the board on which the network port is to be added from the
network port list box, and click Finish. In the displayed dialog box,
click OK.
NOTE
– All service network planes must be configured for the master and standby
service boards. One or more service network planes can be configured for slave
service boards. Add network ports based on the actual planning.
– In Remarks, you can enter a brief description of the network interfaces to be
added as required.
10.In the Centralized Task Management window, check the operating
status of the task for adding network interfaces, and perform operations
based on the execution result.
– If Status of the task is Succeeded, network interfaces have been
added.

U2000
If you Then...
need to...

information in Remarks. Perform the preceding steps. If Status is still
Failed, contact Huawei technical support.

U2000
If you Then...
need to...
Change 1. Change public IP addresses for network interfaces.

public IP a. Check whether the new IP address is in use.
addresses On the PC whose IP address is on the same network segment as the
for network new IP addresses, open the cmd window and run the ping command to
interfaces check whether the new IP addresses are in use:
n If the IP addresses can be pinged, they are in use. When this occurs,
use other IP addresses.
n If the IP addresses cannot be pinged, they are available for use.
Perform the following steps.
b. Plan public IP addresses and routes for the desired network interfaces.
c. In the left pane of the OSMU, expand the Device Management
navigation tree and select a rack number under the Device Panel node.
d. On the rack tab page in the right pane, check the board status.
If any board is in the Faulty state, contact Huawei technical support
engineers.
Before changing the public IP addresses of service boards, ensure that
all service boards of the U2000 product are in the Active or Service
Stopped state.
n If there are boards in the Normal state, stop the services of these
boards by referring to 4.6 Stopping U2000 Services.
n If there are boards in the Switched Over state, switch resources for
the boards based on their original active/standby relationship by
referring to 5.5 Switching Resources Between U2000 Nodes
Manually (Oracle) or 5.6 Switching Resources Between U2000
Nodes Manually (Sybase), and then stop the boards' services by
e. In the left pane of the OSMU window, expand the Device
Network Interface.
f. On the Network Interface tab page, select the network interfaces for
which you want to change public IP addresses, and click Modify. The
Modify Network Interface dialog box is displayed.
NOTE
You are not allowed to change public IP addresses for network interfaces on the
standby board.
You can use the Filter function to quickly find the interfaces that need to be
added.
Select the corresponding port group from the Network Interface drop-down
list. Select the interface usage from the Usage drop-down list. Click Filter.
g. In the network interface list, change Public IP Address and Public
Subnet Mask/Prefix Length for the network interfaces, and click OK.
In the next displayed dialog box, click OK.
NOTE
You can change either the Public IP Address or the Public Subnet Mask/
Prefix Length.

U2000
If you Then...
need to...
h. In the Centralized Task Management window, check the operating

status of the task for changing public IP addresses, and perform
operations based on the execution result.
n If Status of the task is Succeeded, public IP addresses have been
changed.
n If Status of the task is Failed, rectify the fault based on the
information in Remarks. Perform the preceding steps. If Status is
still Failed, contact Huawei technical support.
3. Set routes for network interfaces whose public IP addresses have been
changed. For detailed operations, see 2.2 Setting the Routes of the
U2000 Server.
4. To check whether the southbound IP address or northbound IP address is
configured successfully, perform the following operations:
a. Log in to the U2000 master service board and all slave service boards
as user ossuser in SSH mode using PuTTY.
~> su - root
c. Run the following command:

# ifconfig bond2
NOTE
Logical port names vary by newly added ports. For details about the port
mapping, see Table 2-3 in 2.3.2 Connecting the Service Network Plane Ports
of the U2000 Server to Switches. The following uses logical port bond2 as an
example:
inet addr:172.16.139.227 Bcast:172.16.139.255
Mask:255.255.254.0
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500
Metric:1
RX packets:647081 errors:0 dropped:0 overruns:0
frame:0
TX packets:2747 errors:0 dropped:0 overruns:0
carrier:0
RX bytes:45476425 (43.3 Mb) TX bytes:177108 (172.9
Kb)
If the displayed IP address and subnet mask are consistent with the
actual ones, you have configured the IP address successfully.
----End

U2000
2.3.7 Configuring Network Segments of NEs for Southbound IP

Addresses of the U2000 Server
When the U2000 service network plane solution is used and the U2000 server needs to
manage NEs on specified network segments, you need to configure the network segments of
NEs managed by the U2000 server. By doing this, NEs on network segment A can access the
U2000 server using southbound IP address A of the U2000 server, and NEs on network
segment B can access the U2000 server using southbound IP address B of the U2000 server.
If the U2000 service network plane solution is not used for the U2000 server to manage NEs
on specified network segments, skip this section.
Prerequisites
l You have logged in to the OSMU through a web browser. For details, see 26.2.5
Logging In to the OSMU by Using a Web Browser.

U2000
Procedure
SN Procedure
1. 1. Perform the following steps to set multiple southbound IP addresses:

Configu a. Use PuTTY to log in to the U2000 master service board in SSH mode as
re the user ossuser.
network
segmen b. Run the following command to go to the directory of the script file to be
ts of executed:
NEs ~> cd /opt/oss/server/rancn/bin/
corresp c. Run the environment variable script:
onding
to a ~> . /opt/oss/server/svc_profile.sh
southbo d. Run the scripts for configuring multiple southbound IP addresses:
und IP ~> python sysconfigureparse_ins.py -i
address.
NOTE
If you delete all southbound NICs and then run the preceding command to
reconfigure network segments of the corresponding NEs, the following information
is displayed first:
The key word NE01ServerName does not exist in
sysconfigure.xml, please check the environment.
The NE01ServerName does not exist in sysconfigure.xml, the
file NeServerIpListCfg.xml will be deleted, are you sure to
continue? [Y/N]
Enter Y to confirm file deletion. The script exits, and you do not need to perform
subsequent steps.
2. Configure the network segments of NEs corresponding to a southbound IP
address by performing the following operations:
a. After the scripts for configuring multiple southbound IP addresses are
executed successfully, the system displays information similar to the
following.
*****************************************************************
***********************************
*
*
* welcome to use South Mutil IP Setting
Tool *
*
*
*****************************************************************
***********************************
[0]-----HOST01_10.141.141.173
[1]-----HOST01_192.168.100.173
[2]-----HOST01_172.169.154.173
[Q]-----Exit
please choose an south IP option set NE segment:
b. Choose a correct southbound IP address, for example, [1], and press

Enter.
NOTE
l Choose a southbound IP address. If the chosen IP address is different from the
values of southIp, the system asks you to enter the IP address again.
l If you select the "Q" option, it will exit the current configuration.
c. When the system displays the following information, enter the number of
network segments of NEs corresponding to the southbound IP address:

U2000
SN Procedure
please input NE segment IP number[MIN:1,MAX:100, all] for
SouthIP:192.168.100.173
NOTE
all indicates the network segments of all NEs.
l The entered value should be an integer ranging from 1 to 100 or the
word all. If an invalid value is entered, the system prompts you to
enter a correct value:
please input the correct number of IP segment[MIN:1,MAX:100,
all] <Input number must be integer or all>;
l If you enter an integer ranging from 1 to 100, go to 2.d.

l If you enter the word all, go to 2.e.
d. Enter the network segments of NEs corresponding to the southbound IP
address.
The subnet masks of the network segments of NEs cannot be changed and
are 255.255.255.0, 255.255.0.0 and 255.0.0.0 by default. You only need
to enter the first three bytes of the IPv4 address, for example, 10.10.10,
10.10 or 10. If invalid information is entered, the system prompts you to
enter the correct network segment information:
please input the correct IP segment[0]:
l The system prompts you to enter next network segment after you enter
a network segment until the number of entered network segments
reaches the number of network segments required for the southbound
IP address.
please input the IP segment[1]:
10.10.9
10.10.8
l When the number of entered network segments reaches the number of

network segments required for the southbound IP address, the system
asks you to whether continue to set the current host.
Continue set for HOST01 Y/N ?
– Enter Y and press Enter to continue to set or modify the

configuration of the current host.
– Enter N and press Enter to continue to set other host.
e. When all required network segments are entered, the system
automatically generates the configuration file NeServerIpListCfg.xml
for configuring multiple southbound IP addresses and transfers the file to
slave service boards.
If the system displays the following information, the file transfer is
successful.
You are trying to access a restricted zone. Only Authorized
Users allowed.
NeServerIpListCfg.xml 100% 1081 1.1KB/s 00:00
If the system displays the following information, the file transfer fails. In
this case, contact Huawei technical support.
ssh: connect to host 192.168.100.160 port 22: Connection timed
out
lost connection
f. Stop the U2000 services. For details, see 4.6 Stopping U2000 Services.

U2000
SN Procedure
g. Start the U2000 services. For details, see 4.5 Starting U2000 Services.
NOTE
After the network segments are configured for the southbound IP addresses, restart
all U2000 services so that the configuration can take effect.

U2000
SN Procedure
2. 1. Perform the following steps to set multiple southbound IP addresses:

Modify a. Use PuTTY to log in to the U2000 master service board in SSH mode as
the user ossuser.
network
segmen b. Run the following command to go to the directory of the script file to be
ts of executed:
NEs ~> cd /opt/oss/server/rancn/bin/
corresp c. Run the environment variable script:
onding
to a ~> . /opt/oss/server/svc_profile.sh
southbo d. Run the scripts for configuring multiple southbound IP addresses:
und IP ~> python sysconfigureparse_ins.py -u
address.
NOTE
If you delete all southbound NICs and then run the preceding command to
reconfigure network segments of the corresponding NEs, the following information
is displayed first:
The key word NE01ServerName does not exist in
sysconfigure.xml, please check the environment.
The NE01ServerName does not exist in sysconfigure.xml, the
file NeServerIpListCfg.xml will be deleted, are you sure to
continue? [Y/N]
Enter Y to confirm file deletion. The script exits, and you do not need to perform
subsequent steps.
2. Configure the network segments of NEs corresponding to a southbound IP
address by performing the following operations:
a. After the scripts for configuring multiple southbound IP addresses are
executed successfully, the system displays information similar to the
following.
*****************************************************************
***********************************
*
*
* welcome to use South Mutil IP Setting
Tool *
*
*
*****************************************************************
***********************************
[0]-----HOST01_10.141.141.173
[1]-----HOST01_192.168.100.173
[2]-----HOST01_172.169.154.173
[Q]-----Exit
[S]-----Skip
please choose an south IP option set NE segment:
b. Choose a correct southbound IP address, for example, [1], and press

Enter.
NOTE
l Choose a southbound IP address. If the chosen IP address is different from the
values of southIp, the system asks you to enter the IP address again.
l If you select the "Q" option, it will exit the current configuration.
l If you select the "S" option, it will skip the current host configuration.
c. When the system displays the following information, enter the number of
network segments of NEs corresponding to the southbound IP address:

U2000
SN Procedure
please input NE segment IP number[MIN:1,MAX:100, all] for
SouthIP:192.168.100.173
NOTE
all indicates the network segments of all NEs.
l The entered value should be an integer ranging from 1 to 100 or the
word all. If an invalid value is entered, the system prompts you to
enter a correct value:
please input the correct number of IP segment[MIN:1,MAX:100,
all] <Input number must be integer or all>;
l If you enter an integer ranging from 1 to 100, go to 2.d.

l If you enter the word all, go to 2.f.
d. Enter the network segments of NEs corresponding to the southbound IP
address.
The subnet masks of the network segments of NEs cannot be changed and
are 255.255.255.0, 255.255.0.0 and 255.0.0.0 by default. You only need
to enter the first three bytes of the IPv4 address, for example, 10.10.10,
10.10 or 10. If invalid information is entered, the system prompts you to
enter the correct network segment information:
please input the correct IP segment[0]:
l The system prompts you to enter next network segment after you enter
a network segment until the number of entered network segments
reaches the number of network segments required for the southbound
IP address.
10.10.9
10.10.8
l When the number of entered network segments reaches the number of

network segments required for the southbound IP address, the system
asks you to whether continue to set the current host.
Continue set for HOST01 Y/N ?
– Enter Y and press Enter to continue to set or modify the

configuration of the current host.
– Enter N and press Enter to continue to set other host.
e. After all the host configured, the system displays all the southbound IP
address and IP address segment which has been modified.
*************UPDATE SUMMARRY******************
---------Update south ip address: 172.169.154.174
-------Update ip address segment: 10.12
-------Update ip address segment: 10.16
****************************************************
Are you sure to continue?

Y---Yes
Q---Quit
f. Enter Y. When all required network segments are entered, information

similar to the following is displayed.
Please restart the following service to ensure the changes take
effect:
service name: NCCService0101

U2000
SN Procedure
__updateXmlFile__ enter
set NeServerIpListCfg.xml complete!
The system automatically generates the configuration file

NeServerIpListCfg.xml for configuring multiple southbound IP addresses
and transfers the file to slave service boards.
If the system displays the following information, the file transfer is
successful.
You are trying to access a restricted zone. Only Authorized
Users allowed.
NeServerIpListCfg.xml 100% 1081 1.1KB/s 00:00
If the system displays the following information, the file transfer fails. In
this case, contact Huawei technical support.
ssh: connect to host 192.168.100.160 port 22: Connection timed
out
lost connection
g. Restart the service.

a. Log in to the OSMU as user ossuser. The OSMU URL: https://
U2000 master server IP:31123/.
b. After you log in to the OSS Management Tool, the last login
information is displayed. Click OK. The OSMU main window is
displayed.
c. Choose General > Service Management. Click Query and select the
NCCService0X0X service, then click Stop.
d. Click Start.

U2000
SN Procedure
3. 1. Check whether the newly generated configuration file

Check NeServerIpListCfg.xml for configuring multiple southbound IP addresses
the exists.
newly a. Use PuTTY to log in to all slave service boards in SSH mode as user
generat ossuser.
ed
configu b. On each salve service board, run the following commands to check
ration whether the configuration file NeServerIpListCfg.xml exists:
file for ~> cd /opt/oss/server/etc/CBB/platform/
configu ~> ls -ltr NeServerIpListCfg.xml
ring
multipl 2. Run the following command to check the content of NeServerIpListCfg.xml:
e ~> cat NeServerIpListCfg.xml
southbo <hostInfos>
<hostInfo name="HOST01">
und IP <neServerInfo name="172.16.10.10" southbond="0">
address <ipAddrSeg name="10.10.10"/>
es. <ipAddrSeg name="10.10.9"/>
<ipAddrSeg name="10.10.8"/>
</neServerInfo>
<neServerInfo name="10.10.11.11" southbond="1"/>
</hostInfo>
</hostInfos>
NOTE
l hostInfo name indicates the name of the host corresponding to the master service
board or slave service board. For example, HOST01 corresponds to the master
service board, and HOST02 corresponds to a slave service board.
l neServerInfo name indicates a southbound IP address.
l ipAddrSeg name indicates the network segments of NEs configured for a
southbound IP address.
l southbond indicates the corresponding southbound plane.
2.3.8 Configuring the Mapping Between the Trace Server Boards

and the U2000 Mediation Service
This section describes how to configure the mapping between the Trace Server boards and the
boards where the U2000 mediation service is running on the U2000 server. This is done to
ensure that the Trace Server and U2000 use the IP addresses on the same plane to
communicate with NEs.
Context
l If the U2000 service network plane solution is used and the Trace Server is deployed in
the U2000 system, you need to configure the mapping between the Trace Server boards
and the boards where the U2000 mediation service is running, on the U2000 server. This
is done to ensure that the Trace Server and U2000 use the IP addresses on the same plane
to communicate with NEs. If the U2000 service network plane solution is not used or the
Trace Server is not deployed in the U2000 system, skip this section.
l If the U2000 system is configured with the Trace Server independently deployed, and
Trace Server use the service network plane isolation solution, you need to reconfigure

U2000
the mapping between Trace Server boards and the U2000 mediation service. For detailed
operations, see Configuring the Mapping Between the Trace Server Boards and the
U2000 Mediation Service in U2000 Trace Server User Guide (ATAE Cluster,
Standalone).
l If the Trace Server board is configured as a PS board, you do not need to configure the
mapping between the PS board and the U2000 mediation service.
Procedure
Step 1 Use PuTTY to log in to the U2000 master service board in SSH mode as user ossuser.
Step 2 Run the following commands.
~> . /opt/oss/server/svc_profile.sh
~> cd /opt/oss/server/rancn/bin
Step 3 Run the following command to generate the configuration file recording the mapping:
~> ./makeTSIPMap.sh /opt/oss/server/etc/conf/sysconfigure.xml
If the command output contains Generate file successfully!, the configuration

file has been generated successfully.
Step 4 Run the following command to synchronize the configuration file recording the mapping to
other server:
~> ./copy_file_to_all_board.sh /opt/oss/server/etc/TSService/MedTSIPMap.xml
Step 5 Stop Trace Server services.

1. Log in to the OSMU.
For details, see 26.2.5 Logging In to the OSMU by Using a Web Browser.
2. In the navigation tree, choose Service System > Service Management > Board
Services.
3. On the Board Services tab page in the right pane, confirm that the trace server boards
are in the Normal state.
4. Select the check box of the system whose Subsystem contains TS, and click Stop to
stop services.
5. In the displayed confirmation dialog box, click Yes.
6. In the displayed dialog box, click OK.
Step 6 Start Trace Server services.

1. Log in to the OSMU.
For details, see 4.5 Starting U2000 Services.
2. In the navigation tree, choose Service System > Service Management > Board
Services.
3. On the Board Services tab page in the right pane, confirm that the trace server boards
are in the Service Stopped or Normal state.
4. Select the check box of the system whose Subsystem contains TS, and click Start.
5. In the displayed confirmation dialog box, click Yes.

U2000
----End
2.3.9 Connecting the Switches to the Telecom Operator's Network

This section describes how to connect switches to the telecom operator's network.
Prerequisites
l Optical fibers and fiber binding tapes are available for use before you connect switches
to the telecom operator's network through optical fibers.
l Network cables and cable ties are available for use before you connect switches to the
telecom operator's network through network cables.
l Diagonal pliers are available for use.
Context
Pay attention to the following when connecting optical fibers:
l The optical module is electrostatic-sensitive. It must be in an antistatic dust-free
environment during the transport, storage, and usage.
l Optical connectors must be clean without scratches.
l Unused optical fibers and optical modules should be covered with protective caps.
l The bending radius of an optical fiber must be longer than 50 mm (1.97 in.).
l Do not look closely or into the optical connector.
Figure 2-7 shows how to connect optical fibers.
Figure 2-7 Connecting optical fibers
NOTE
l If the connector snaps shut, the optical fiber is installed properly.

l When removing the optical module, press the buckle and remove the optical module.
Procedure
l If the customer's network is an Ethernet, connect switches to the customer's network
through network cables.

U2000
If You Need to... Then...
Route network cables from LAN02 in VLAN2, LAN04 in

l Connect switches VLAN3, and LAN06 in VLAN4 of LSW-0 and LSW-1 to the
to the same VLAN customer's network, as shown in Figure 2-8 or Figure 2-9.
of the same switch
in customer's
network
l Connect the
switches to
different switches
or routers in the
customer's
network, and the
switches or
routers in the
customer's
network are in the
same VLAN
Connect the switches 1. Connect LAN03, LAN05, and LAN07 on LSW-0 and
to different switches LAN04 on LSW-1, as shown in Figure 2-10 or Figure
or routers in the 2-11.
customer's network, NOTICE
and the switches or Do not perform this operation if the switches or routes in the
routers in the customer's network are in the same VLAN. Otherwise, network
customer's network loop will occur.
are not in the same 2. Route network cables from LAN02 in VLAN2, LAN04 in
VLAN VLAN3, and LAN06 in VLAN4 of LSW-0 and LSW-1 to
the customer's network, as shown in Figure 2-10 or Figure
2-11.
The following figures use the addition of three service network plane as an example.
Figure 2-8 Connection between the front panel of switch S5352C-EI and the customer's
network (connecting to the same VLAN of the customer's network)

U2000
Figure 2-9 Connection between the front panel of switch S5310-52C-EI and the
customer's network (connecting to the same VLAN of the customer's network)
network (connecting to different VLANs of the customer's network)
Figure 2-11 Connection between the front panel of switch S5310-52C-EI and the
customer's network (connecting to different VLANs of the customer's network)
l If the customer's network is an optical Ethernet, connect switches to the customer's

network through optical fibers.

U2000
l Connect the Route optical fibers from Ethernet optical ports on LSW-0 and
switches to the LSW-1 to the desired network plane, as shown in Figure 2-12
same VLAN of the or Figure 2-13.
same switch in the
customer's
network
l Connect the
switches to
different switches
or routers in the
customer's
network, and the
switches or
routers in the
customer's
network are in the
same VLAN
Connect the switches 1. Connect Ethernet optical ports XLAN04 on LSW-0 and
to different switches LSW-1 using an optical fiber, as shown in Figure 2-14 or
or routers in the Figure 2-15.
customer's network, NOTICE
and the switches or Do not perform this operation if the switches or routes in the
routers in the customer's network are in the same VLAN. Otherwise, network
customer's network loop will occur.
are not in the same 2. Route optical fibers from Ethernet optical ports on LSW-0
VLAN and LSW-1 to the desired network plane, as shown in
Figure 2-14 or Figure 2-15.
The following figures use the addition of a service network plane as an example.
NOTICE
Due to a limited number of Ethernet optical ports, a maximum of two service network
planes are supported when you use Ethernet optical ports to connect to the customer's
network.

U2000
network using the optical fiber (connecting to the same VLAN of the customer's
network)
Figure 2-13 Connection between the rear panel of switch S5310-52C-EI and the
customer's network using the optical fiber (connecting to the same VLAN of the
customer's network)
network using the optical fiber (connecting to different VLANs of the customer's
network)

U2000
Figure 2-15 Connection between the switch S5310-52C-EI and the customer's network
using the optical fiber (connecting to different VLANs of the customer's network)
----End
2.3.10 Configuring Parameters for the Northbound Plane

Connected to the Upper-Layer Network Management Application
When the upper-layer network management application needs to transfer data by using the
northbound plane of the Trace Server that matches the U2000 system, configure the network
planes in the U2000 server by following the instructions provided in this section. After the
configuration is complete, the upper-layer network management application can obtain data
properly.
Prerequisites
The U2000 server software has been installed.
Procedure
Step 1 Use PuTTY to log in to the U2000 master service board as user ossuser in SSH mode. For
details, see 26.1.1 Logging In to the Board by Using PuTTY.
Step 2 Run the following command to open the /opt/oss/server/etc/3rdToolService/
NetworkSystemClientNorthConf.xml configuration file:
~> vi /opt/oss/server/etc/3rdToolService/NetworkSystemClientNorthConf.xml
Step 3 Add the corresponding upper-layer network management application to the configuration file
by replacing the upper-layer network management application name in the following example
with the actual name:

U2000
<NetworkSystemClientNorthConf>
<NetworkSystem name="TSP_10.1.1.41">
<param name="IP">10.1.1.41</param>
<param name="NorthClientName">NORTH01ServerName</param>
</NetworkSystem>
</NetworkSystemClientNorthConf>
NOTE
l The value of NetworkSystem name must contain the IP address of the upper-layer network
management application.
l Set NorthClientName based on the network plane name in the /opt/oss/server/etc/conf/
sysconfigure.xml file.
Step 4 Press Esc to switch to the command mode, and then run the :wq command to save the file and
exit the vi editor.
----End
2.4 Changing the IP Addresses and Routes for the Service

Network Plane of the U2000 Server
This section describes how to change the IP addresses and routes for the service network
plane of the U2000 servers. Ensures that the IP addresses and routes for the service network
plane of the U2000 servers meet the actual needs.
Prerequisites
l Plan public IP addresses and routes for the network interfaces of the desired service
network plane.
Context
1. Check whether the new IP address is in use.
On the PC whose IP address is on the same network segment as the new IP addresses,
open the cmd window and run the ping command to check whether the new IP addresses
are in use:
– If the IP addresses can be pinged, they are in use. When this occurs, use other IP
addresses.
– If the IP addresses cannot be pinged, they are available for use. Perform the
following steps.
2. Run the following commands to check whether security hardening has been performed
for internal ports of the U2000 server:
a. Use PuTTY to log in to the master, slave, and standby servers in SSH mode as user
ossuser.
~> su - root
c. Run the following command to check the security hardening for internal ports of the
U2000 server:

U2000
n If the system displays the following information, security hardening has been
performed for internal ports of the U2000 server. Perform security
unhardening for the service port by referring to 8.8 Performing Security
Hardening/Unhardening for Internal Ports of the U2000 Server and
perform 3.
The security hardening rules have been set for internal ports on the
OSS server.
n If the system displays the following information, security hardening has not
been performed for internal ports of the U2000 server. Then, proceed with 3.
The security hardening rules have not been set for internal ports on
the OSS server.
3. Run the following commands to check whether security hardening has been performed
for the U2000 database ports:
a. Use PuTTY to log in to the master server in SSH mode as user ossuser.
~> su - root
c. Run the following command to check the security hardening for the U2000
database ports:
n If the system displays the following information, security hardening has been
performed for the U2000 database ports. Perform security unhardening for the
ports by referring to 8.9 Performing Security Hardening/Unhardening for
U2000 Database Ports and perform 4.
n If the system displays the following information, security hardening has not
been performed for the U2000 database ports. Then, proceed with 4.
4. Perform operations by scenario.

U2000
If you need Then...

to...
Change one 1. In the left pane of the OSMU, expand the Device
public IP Management navigation tree and select a rack number under
addresses for the Device Panel node.
interface of the 2. On the rack tab page in the right pane, check the board status.
desired service If any board is in the Faulty state, contact Huawei technical
network plane. support engineers.
Before changing the public IP addresses of service boards,
ensure that all service boards of the U2000 product are in the
Active or Service Stopped state.
l If there are boards in the Normal state, stop the services of
these boards by referring to 4.6 Stopping U2000 Services.
l If there are boards in the Switched Over state, switch
Manually (Sybase), and then stop the boards' services by
Network Interface.
4. On the Network Interface tab page, select the network
interfaces for which you want to change public IP addresses,
and click Modify. The Modify Network Interface dialog box
is displayed.
NOTE
l You are not allowed to change public IP addresses for network
l You can use the Filter function to quickly find the interfaces that
need to be added.
Select the corresponding port group from the Network Interface
drop-down list. Select the interface usage from the Usage drop-
down list. ClickFilter.
5. In the network interface list, change Public IP Address and
Public Subnet Mask/Prefix Length for the network
interfaces, and click OK. In the next displayed dialog box,
click OK.
NOTE
You can change either the Public IP Address or the Public Subnet
Mask/Prefix Length.
l If Status of the task is Succeeded, public IP addresses have
been changed.

U2000
If you need Then...

to...
l If Status of the task is Failed, rectify the fault based on the


U2000
If you need Then...

to...
Change public IP 1. In the left pane of the OSMU, expand the Device
addresses for Management navigation tree and select a rack number under
network the Device Panel node.
interfaces in 2. On the rack tab page in the right pane, check the board status.
batches. If any board is in the Faulty state, contact Huawei technical
support engineers.
l Before changing the public IP addresses of service boards,
ensure that all service boards of the U2000 product are in
the Active or Service Stopped state.
– If there are boards in the Normal state, stop the services
of these boards by referring to 4.6 Stopping U2000
Services.
– If there are boards in the Switched Over state, switch
Manually (Sybase), and then stop the boards' services
NOTE
address of a network interface of the service board whose
Usage is Default. If you want to change the public IP address
of the network interfaces used for other purposes, refer to
U2000 ATAE Cluster System Administrator Guide to learn the
restriction condition.
l If the public IP address of the network interface on the
board can be changed when the board service is
running,ensure that all service boards of the U2000 product
are in the Active or Service Stopped state.
If there are boards in the Switched Over state, switch
Manually (Sybase).
NOTE
address of a network interface of the service board whose Usage is
Default. If you want to change the public IP address of the
network interfaces used for other purposes, refer to U2000 ATAE
Cluster System Administrator Guide to learn the restriction
condition.
Network Interface.
5. When the system displays the message Export succeeded
click OK to export the network interface information.

U2000
If you need Then...

to...

Port_Export_YYYYMMDDhhmmss.zip file that is displayed
on the Network Interface tab page as a hyperlink. YYYY
indicates year. MM indicates month. DD indicates date. hh
indicates hour. mm indicates minute. ss indicates second.
6. Click the Port_Export_YYYYMMDDhhmmss.zip hyperlink.
In the displayed dialog box, click Save to save the file to a
7. Decompress Port_Export_YYYYMMDDhhmmss.zip to
obtain the network interface information file Port_Export.xls.
information file Port_Export.xls, modify Public IP Address,
Public Subnet Mask/Prefix Length and save the
modification.
NOTICE
l You are not allowed to change public IP addresses for network
l The public IP addresses of different network interfaces on the same
l You can change IP addresses by board or change all involved
service boards and DB boards IP addresses.
l You can change IP addresses by board when changing IP addresses
on the same network segment. However, you are advised to change
the IP addresses of all related service boards and DB boards to
ensure that all related IP addresses are changed.
9. Click Import.
10.In the displayed dialog box, select the network interface
information file Port_Export.xls in the xls, xlsx, or xlsm
format, and click Open to import the file.
successfully.
l If Status of the task is Succeeded, public IP addresses have
been changed.
l If Status of the task is Failed, rectify the fault based on the
6. Set routes for network interfaces of the service network plane whose public IP addresses
have been changed. For detailed operations, see 2.2 Setting the Routes of the U2000
Server.

U2000
7. To check whether the IP address of the service network plane is changed successfully, do
as follows:
a. Log in to the U2000 master service board and all slave service boards as user
ossuser in SSH mode using PuTTY.
~> su - root
c. To check whether the IP address of the service network plane is changed

successfully, run the following command:
# ifconfig bond2
NOTE
Logical port names vary by newly added ports. For details about the port mapping, see Table
2-3 in 2.3.2 Connecting the Service Network Plane Ports of the U2000 Server to
Switches. The following uses logical port bond2 as an example:
inet addr:172.16.139.227 Bcast:172.16.139.255 Mask:
255.255.254.0
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:647081 errors:0 dropped:0 overruns:0 frame:0
TX packets:2747 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:45476425 (43.3 Mb) TX bytes:177108 (172.9 Kb)
If the displayed IP address and subnet mask are consistent with the actual ones, you
have changed the IP address successfully. Otherwise, contact Huawei technical
support.
Follow-up Procedure
l After the IP addresses and routes for the service network planes of the U2000 server is
changed, back up OS data, static data and dynamic data. For detailed operations, see 21
Backing Up and Restoring the U2000. If you do not back up OS data, static data and
dynamic data, the original data may be restored during subsequent restoration operations,
causing IP address inconsistency recorded in the OS data, static data and dynamic data.
As a result, some U2000 functions become invalid.
l After the IP address of a U2000 service network plane where NEs are located is
modified, you need to reconfigure the mapping between the IP address of the service
network plane and the NEs managed by the U2000. For detailed operations, see 2.3.7
Configuring Network Segments of NEs for Southbound IP Addresses of the U2000
Server.
IP address of a U2000 service network plane where NEs are located is modified, you
need to reconfigure the mapping between Trace Server boards and the U2000 mediation
service. For detailed operations, see 2.3.8 Configuring the Mapping Between the
Trace Server Boards and the U2000 Mediation Service.
network plane where NEs are located is modified, you need to modify the IP address of
Trace Server service network plane, please modify the IP address of Trace Server service
network plane first, For detailed operations, see Changing the IP Addresses of the
Default Network Port on Trace Server (After the Service Software Is Installed,
Cluster, ATAE) in U2000 Trace Server User Guide (ATAE Cluster, Standalone). Then
reconfigure the mapping between Trace Server boards and the U2000 mediation service.

U2000
For detailed operations, see Configuring the Mapping Between the Trace Server
Boards and the U2000 Mediation Service in U2000 Trace Server User Guide (ATAE
Cluster, Standalone).
2.5 Deleting the Network Interface for the Service

Network Plane of the U2000 Server
This section describes how to delete the network interface for the service network plane of the
U2000 server .
Prerequisites
You have logged in to the OSMU using a web browser on a PC. For details, see 26.2.5
Procedure
Option Description

U2000
Option Description
Deleting one 1. In the left pane in the OSMU window, choose Device
network interface Management > Hardware Device > Network Interface.
for the service 2. On the Network Interface tab page, set Cluster name, SN,
network plane of the Network interface, and Usage as required, and click Filter.
U2000 server.
In the network interface list on this tab page, you can query
whether the network interface of the desired service network
plane has been set for the U2000 server. If the network interface
of the desired service network plane for the U2000 server is not
filtered out, no further action is required. Otherwise, perform
Step 1.3.
3. In the network interface list, select the network interface of the
U2000 server and click Delete.
4. In the displayed confirmation dialog box, click Yes. Then,
another dialog box is displayed. Click OK.
5. In the Centralized Task Management window, view the
running status of the task for deleting the network interface and
perform operations according to the task status.
– If Status of the task is Succeeded, the network interface is
deleted successfully.
NOTICE
After a network interface is successfully deleted, its route is deleted
automatically.
information in Remarks. Perform the preceding procedures
again. If Status of the task is still Failed, contact Huawei
technical support engineers.

U2000
Option Description
NOTICE
Deleting network
interfaces for the l Netowrk interfaces whose Usage is Default cannot be deleted.
service network l After a network interface is successfully deleted, its route is deleted
plane of the U2000 automatically.
server in batches. 1. In the left pane of the OSMU window, expand the Device
Network Interface.
3. When the system displays the message Export succeeded click
OK to export the network interface information.
Port_Export_YYYYMMDDhhmmss.zip file that is displayed on
the Network Interface tab page as a hyperlink. YYYY indicates
year. MM indicates month. DD indicates date. hh indicates hour.
mm indicates minute. ss indicates second.
4. Click the Port_Export_YYYYMMDDhhmmss.zip hyperlink. In
the displayed dialog box, click Save to save the file to a
5. Decompress Port_Export_YYYYMMDDhhmmss.zip to obtain
the network interface information file Port_Export.xls.
information file Port_Export.xls, set Status of the network
interface to be deleted to Unuse and save the setting.
7. Click Import.
8. In the displayed dialog box, select the network interface
information file Port_Export.xls in the xls, xlsx, or xlsm format,
and click Open to import the file.
successfully.
operating status of the task for deleting network interfaces, and
perform operations based on the execution result.
– If Status of the task is Succeeded, network interfaces have
been deleted.
----End
Follow-up Procedure
l After the Network Interface for the Service Network Plane of the U2000 Server where
NEs are located is deleted, you need to reconfigure the mapping between the IP address
of the service network plane and the NEs managed by the U2000. For detailed

U2000
operations, see 2.3.7 Configuring Network Segments of NEs for Southbound IP

Addresses of the U2000 Server.
IP address of a U2000 service network plane is deleted, you need to reconfigure the
mapping between Trace Server boards and the U2000 mediation service. For detailed
operations, see 2.3.8 Configuring the Mapping Between the Trace Server Boards and
the U2000 Mediation Service.
network plane is deleted, you need to reconfigure the mapping between Trace Server
boards and the U2000 mediation service. For detailed operations, see Configuring the
Mapping Between the Trace Server Boards and the U2000 Mediation Service in
U2000 Trace Server User Guide (ATAE Cluster, Standalone).

U2000
ATAE Cluster System Administrator Guide (SUSE) 3 Managing the U2000 Server Time
3 Managing the U2000 Server Time
About This Chapter
This section describes how to set the server time for the U2000 cluster system to ensure that
the settings meet time requirements.
3.1 Introduction to Time Synchronization

This section describes the purpose and definition of time synchronization, the elements of the
time synchronization solution, and the impact on system performance and other OM features
after the time synchronization solution is implemented.
3.2 Time Synchronization Modes of Mobile Network
This section describes the modes of time synchronization and how to deploy the time
synchronization network for the U2000 and NE devices in a mobile network.
3.3 NTP Time Synchronization Mechanism of the ATAE Cluster System
In the ATAE cluster system, the OSMU server functions as the NTP server of the U2000
server. The OSMU synchronizes time with an external clock source, and the U2000 server
automatically synchronizes time with the OSMU server.
3.4 Policies for Configuring the NTP Service on the U2000 Server
This section describes the policies for configuring the NTP service for the U2000 system.
3.5 Viewing NTP Settings of the OSMU Server
This section describes how to check whether an NTP server has been configured for the
OSMU server using the OSMU. For an ATAE cluster online remote HA system, you need to
perform the following steps on the active site and the standby site.
3.6 Modifying NTP Servers of the OSMU Server
The OSMU server functions as the NTP server of the U2000 server. The OSMU server
synchronizes time with an external clock source, and the U2000 server automatically
synchronizes time with the OSMU server. For an ATAE cluster online remote HA system, you
need to perform the following steps on the active site and the standby site.
3.7 Checking the NTP Software Version of the U2000 Server
Check whether the NTP software is installed on the server. If so, check the software version.
For an ATAE cluster online remote HA system, you need to perform the following steps on
the active site and the standby site.
3.8 Enabling/Stopping the NTP Monitoring Service of the U2000 Server

U2000
This section describes how to start and stop NTP monitoring services on the server. For an
ATAE cluster online remote HA system, you need to perform the following steps on the active
site.
3.9 Viewing the Time and Time Zone of the U2000 Server
This section describes how to check the time settings of the U2000 server. Before configuring
the Network Time Protocol (NTP) service, ensure that the time zone, date, and time are set
correctly on the U2000 server.
3.10 Changing the Time and Time Zone of the U2000 Server
This section describes how to change the time and time zone of the advanced telecom
application environment (ATAE) cluster system by using the OSMU. When the time and time
zone of the ATAE cluster are changed, the date, time, and time zone of all boards in the ATAE
cluster system are changed at the same time. This configuration takes effect on all boards. If
this configuration has already been performed on the other product such as PRS or Nastar in
the ATAE cluster system, you do not need to perform this configuration again on the U2000.
3.11 Viewing the DST Rule for the U2000
This section describes how to view the daylight saving time (DST) rule of the U2000 system.
3.12 Setting the DST Rule for the U2000
This section describes how to set the daylight saving time (DST) rule for the U2000 system.
DST is associated with the time zone. To set the DST, you only need to set the correct time
zone. For an ATAE cluster online remote HA system, you need to perform the following steps
on the active site and the standby site.
3.13 Setting the NTP Service of the U2000 System (Security Authentication Mode)
This section describes how to manually set time synchronization between the OSMU server
and the NTP server so as to ensure that the NTP service on the OSMU server is running
properly. The NTP security authentication implements security authentication between the
NTP client and server. That is, the time that the NTP client synchronizes from the NTP server
in security authentication mode is the trusted time.

U2000
3.1 Introduction to Time Synchronization

This section describes the purpose and definition of time synchronization, the elements of the
time synchronization solution, and the impact on system performance and other OM features
after the time synchronization solution is implemented.
Purpose of Time Synchronization

Time synchronization enables you to synchronize time between the U2000 and other NEs.
The networking mode of a mobile network is complex if the mobile network has multiple
NEs. The uniform OM mode of NEs in a mobile network requires the time synchronization
between NEs. This ensures that the U2000 correctly manages the alarms and performance
data reported by the NEs.
Inaccurate time may lead to the following scenarios:
l If the NE time is inaccurate, the sequence of generated alarms, the interval between
alarm generation and alarm reporting, and the associations between alarms may be
misjudged.
l When the U2000 collects the statistics of performance data, the statistics are incorrect
owing to inaccurate NE time.
Therefore, time synchronization enables the system to automatically adjust the OM time of
NEs.
Definition of Time Synchronization

Time synchronization is the synchronization of absolute time. The start time of a signal
should be consistent with the universal coordinated time (UTC).
Time synchronization aims to adjust the clock of devices according to the received time.
Elements of the Time Synchronization Solution

At least two elements are involved in the time synchronization solution, namely, the method
of time synchronization and the choice of time reference sources.
l In the architecture of the current time synchronization networking, the common method
is to implement time synchronization according to the Network Time Protocol (NTP)
and the Simple Network Time Protocol (SNTP).
l Time reference sources aim to provide the standard reference time for the time
synchronization network. This ensures the accuracy of the time reference in the entire
network. A common time reference source is the GPS satellite.
Impact on System Performance

If time synchronization is implemented in client/server mode described in the NTP protocol,
the message frame between the NTP client and the NTP server is 128 bytes. Therefore, time
synchronization does not affect the performance of network transmission. If a great number of
NTP clients request to connect to the NTP server at the same time, these connections consume
mass resources, such as the CPU and the memory of the NTP server. As a result, the
performance of the NTP server is affected.

U2000
Therefore, if you use the NTP protocol to construct a time synchronization network, the
number of NTP nodes under an NTP server should not exceed 500. If the number exceeds
500, the performance of the NTP server may be affected. The interval for sending the time
synchronization request by an NTP client should be 30 minutes or longer. In addition, you
need to reduce the probability of concurrent requests.
Impact on OM
The time synchronization feature is vital for the OM of the mobile network. It has the
following impacts on the other features:
l Ensures the accuracy and consistency of the time on the U2000 and NEs in a mobile
network. Time synchronization plays a key role in timely fault reporting, information
accuracy, and fault correlation analysis in fault management. If the NE time is inaccurate
or inconsistent with the U2000 time, a mistake may be made during the fault
identification and handling.
l Has a significant impact on the accuracy of log record, query, display, audit, and
analysis. If the NE time is inaccurate or the time of NEs in the entire network is not the
same, the log record is incorrect and the log audit is also affected.
l Has a significant impact on recording, collecting, and analyzing performance data in
performance management. If the NE time is inaccurate or the time of NEs in the entire
network is not the same, the time of NE performance data records and the dot time may
be inaccurate, and therefore may result in invalid performance data.
l Has a significant impact on services such as call tracing and problem locating. If the NE
time is inaccurate or the time of NEs in the entire network is not the same, the call
tracing service may fail.
3.2 Time Synchronization Modes of Mobile Network

This section describes the modes of time synchronization and how to deploy the time
synchronization network for the U2000 and NE devices in a mobile network.
Time Synchronization Modes of the U2000

The time synchronization of a mobile network is implemented through the NTP/SNTP
protocols.
The U2000 uses the SUSE operating system and supports the NTP features based on the NTP
v3 protocol.
NOTE
The upper-level time servers of the U2000 server require to use the NTP protocol. The server running
the Windows operating system uses the SNTP protocol, and therefore it cannot function as the upper-
level time server of the U2000 server and the administration console.
Time Synchronization Modes of NEs

l For an NE with the Back Administrator Module (BAM), the NE time synchronization
follows the master/slave networking mode, that is, the host time synchronizes with the
BAM and the BAM synchronizes with the NTP server.
l For an NE without the BAM, the Operate & Maintenance (OM) board needs to support
the NTP protocol so that the NE can synchronize time with the NTP server.

U2000
Time synchronization for the RAN is used as an example.
l Rationale of time synchronization for the RAN device
Figure 3-1 Schematic diagram of time synchronization for the RAN device
The active BAM of the RAN device serves as the NTP client to synchronize the time on
each NE node and each module of the RAN device, as shown in Figure 3-1. After the
active BAM of the RAN device obtains the reference time from the specified NTP
server, the BAM delivers the time to each module of the RAN device and all NodeBs to
realize time synchronization.
l The RNC BAM synchronizes the time with the upper-level NTP server.
The RNC has two BAM servers: an active BAM server and a standby BAM server. In
the BAM program of the RNC, an NTP client process automatically starts following the
BAM program and always runs on the active BAM server.
By running MML commands, you can specify the upper-level NTP server as the active
BAM server of the RNC. Then, the NTP client process running on the active BAM
automatically obtains the time synchronization information from the specified NTP
server.
Up to 16 NTP server addresses can be specified for the active BAM. The active BAM of
the RNC can synchronize time with the preferred time source. If an NTP time source
does not work properly, the active BAM can use a new NTP time source to ensure the
continuity of the NTP service.
When the BAM of the RNC experiences active and standby switching, the NTP client
process is automatically switched to the new active BAM to ensure the continuity of the
NTP service.

U2000
l Time synchronization for each internal module of the RNC

In addition to running the NTP client to synchronize with the external time sources, the
active BAM of the RNC has an SNTP server module for time synchronization between
the internal modules.
For the RNC, each internal module has an independent process serving as the SNTP
client. The active BAM of the RNC serves as the SNTP server of all the modules.
By running the MML commands, you can configure the SNTP server attributes for the
active BAM of the RNC.
l Time synchronization for the standby BAM of the RNC
If the active and standby BAMs are operational, only the active BAM has the SNTP
server, and the SNTP client on the standby BAM is used only to periodically synchronize
the time with the active BAM. That is, when the active and standby BAMs are
operational, the time of the active BAM is regarded as the reference time.
During the time synchronization of the active and standby BAMs, the SNTP client of the
standby BAM requests for time synchronization, the SNTP server of the active BAM
returns a response message. Then, the standby BAM adjusts the time of the applications
and the system based on the response message.
The time synchronization of the active and standby BAMs is performed every 5 minutes.
Manual setting of the time synchronization period is not required because the active and
standby BAMs work as a single entity to provide services.
l NodeBs synchronize time with the BAM of the RNC.
The SNTP server of the active BAM provides both the time synchronization service and
the time comparison service for the NodeBs. The SNTP server of the active BAM
periodically broadcasts time synchronization messages to the NodeBs and receives the
requests for time synchronization from the NodeBs.
Each NodeB runs an SNTP process to setup a synchronization request to the active BAM
of the RNC.
Network of NTP Time Synchronization

The NTP time synchronization network determines the reference time for the network and
uses the reference time to specify how device nodes communicate with each other.
This part takes the RAN as an example to describe how to choose the reference time for the
NTP time synchronization network.
l Using the NTP server specified by the operator
If the established time synchronization network provides the NTP server that can act as
the reference time source, preferentially use the existing NTP server as the time
reference source of the RAN network.
In this case, the U2000 and the BAM server of the RNC need to directly communicate
with the specified NTP server to obtain standard time signals, as shown in Figure 3-2.

U2000
Figure 3-2 Directly connecting the RAN and the NTP server
The U2000 server and all the RNCs must directly communicate with the specified time
synchronization server. The NTP server that can serve as the reference time may be
deployed in other subnets. Therefore, the communication between the U2000 and the
RNC may involve the policy of traversing the firewall. In such a case, you need to
modify the configuration of the firewall.
l Deploying the intermediate NTP server
According to the principle of layered NTP, when constructing a RAN network, you can
deploy a dedicated intermediate NTP server in the RAN-OM network to serve as the
time reference for the internal RAN devices. The intermediate NTP server obtains the
reference time from the upper-level server, synchronizes its own time, and serves as the
NTP server of the RAN network. In such a case, the intermediate NTP server can receive
the request on time synchronization from the internal NE devices in the RAN, such as
the RNC and the U2000, and provides standard time, as shown in Figure 3-3.

U2000
Figure 3-3 Networking of the RAN and the intermediate NTP server
Deploying the intermediate NTP server can effectively simplify the structure of the time
synchronization network. It can also prevent too many NEs from directly connecting the
highest level NTP server, therefore reducing the risks to the highest level NTP server. In
addition, if a firewall exists between the highest level NTP server and the RAN network,
you do not need to configure the firewall.
You can use the dedicated BITS SYNCLOCK v5 as the NTP intermediate server of the
RAN network. Complying with the NTP v3 protocols, this device can provide two
channels of NTP service units and lock multiple upper-level NTP servers to realize NTP
priority. It also provides two channels of NTP service output that are mutually backed
up.

U2000
NOTE
The U2000 server uses the Linux operating system where you can configure the U2000 server as
the intermediate NTP server. With regard to that the time synchronization server for the RAN
network plays a special role and requires the independent and stable operating environment, we
recommends that the U2000 server should not act as the intermediate NTP server for the RAN
network.
In the ATAE cluster system, the OSMU can synchronize time with the upper-level NTP server.
The U2000 servers synchronize time with the OSMU. Therefore, the time of all servers in the
cluster system is consistent with each other.
l Obtaining reference time from the GPS
If there is no upper-level time synchronization server that can provide the reference time,
you should deploy the highest-level NTP server, that is, the NTP server providing the
reference time in the RAN-OM network to ensure the time synchronization. The highest
level NTP server obtains the reference time from the GPS or other satellite systems and
synchronizes time on all the RAN NEs and the U2000. Figure 3-4 shows the networking
of the RAN to the highest-level NTP server.
Figure 3-4 Directly connecting the RAN and the highest-level NTP server

U2000
You can use the dedicated BITS SYNCLOCK V5 as the highest-level NTP server in the
RAN network. Complying with the NTP V3 protocols, this device can provide two
channels of the satellite access system and two channels of the NTP service units. It also
provides two channels of NTP service output that are mutually backed up.
NOTE
To improve the reliability of the NTP service, use the following methods:
l Choose two or more NTP servers that serve as the upper-level NTP server to provide time
reference. When deploying the upper-level NTP server for NEs and the U2000, ensure that more
than two channels of the NTP service are available.
l If the stratum 1 NTP server is deployed, it obtains reference time directly from the GPS satellite.
In such a case, the stratum 1 NTP server should provide two channels of satellite interfaces.
3.3 NTP Time Synchronization Mechanism of the ATAE

Cluster System
In the ATAE cluster system, the OSMU server functions as the NTP server of the U2000
server. The OSMU synchronizes time with an external clock source, and the U2000 server
automatically synchronizes time with the OSMU server.
Rationale of NTP Time Synchronization

NTP is used to synchronize the time between the distributed time server and the client. It
defines the structure, algorithm, entity, and protocols in the process of time synchronization.
Based on the IP and UDP stack protocol in the TCP/IP protocols, NTP can also be used by
other protocol groups. Theoretically, the error is less than one nanosecond.
Figure 3-5 shows the rationale of NTP time synchronization.
Figure 3-5 NTP rationale
Device A and device B communicate through the network. Both devices have their own
system time. To implement the automatic synchronization of system clocks, ensure that:

U2000
l Before you synchronize the system time of device A and device B, the time on device A
is set to 10:00:00 and the time on device B is set to 11:00:00.
l Device B is configured as the NTP server. That is, you need to synchronize the time on
device A with that on device B.
l The unidirectional transmission of a data package between device A and device B takes
one second.
To synchronize the time between device A and device B, ensure that the following
information is available:
l Offset, which is the time difference between device A and device B
l Delay, which is the loss during the time synchronization between device A and device B
If the previous information is available, device A can easily calculate the time to be adjusted
to synchronize with device B. The NTP protocol stipulates the method for calculating the
values of the offset and delay between device A and device B.
The time synchronization process is as follows:

1. Device A sends an NTP message to device B. The message records the stamp of the
leaving time from device A, which is 10:00:00 am (T1).
2. When the NTP message reaches device B, device B adds its own time stamp, which is
11:00:01 am (T2).
3. When the NTP message leaves device B, device B adds its own time stamp again, which
is 11:00:02 am (T3).
4. When device A receives the response message, it adds a new time stamp, which is
10:00:03 am (T4).
After that, device A can calculate the two parameters using the following method:
l Delay of an NTP message delivering circle: Delay = (T4 - T1) - (T3 - T2).
l Offset between device A and device B: Offset = [(T2 - T1) + (T3 - T4)]/2.
Then, device A can set the time according to the preceding information so that device A is
synchronized with device B.
Specifications of NTP Time Synchronization

When the U2000 server functions as the intermediate NTP server, the number of NEs of
concurrent NTP time synchronization is 500. Specifically, the intermediate NTP server can
provide time synchronization for 500 NEs concurrently. When the number of NEs requiring
time synchronization is greater than 500, synchronize the NE time at an interval of 30s in
batches. The maximum number of NEs of which the time can be synchronized using the
intermediate NTP server is consistent with the U2000 management capability.
Rationale of NTP Layered Architecture

From the origin and purpose of the time synchronization mechanism, you can infer that fewer
clock sources enable more uniform time. If a network has a large scale and is very complex, it
is time-consuming to connect each device to the same time server if the time of each device
needs to be synchronized. In such a case, the layered architecture is applied to the NTP model.
Theoretically, the time synchronization network can be classified into 16 levels from 0 to 15,
or more than 16 levels on the basis of accuracy and importance. In practice, the number of
levels does not exceed six.

U2000
The device at level 0 is located at the special position of the subnetwork. It provides the
reference clock for time synchronization. On the top of the subnet, the device at level 0 uses
UTC time codes broadcast by the global positioning system (GPS).
The devices in the subnet can play multiple roles. For example, a device at level 2 may be a
client to level 1 level and a server for level 3.
Figure 3-6 NTP layered architecture
As shown in Figure 3-6, the following servers are configured in the NTP layered architecture:
l Top level NTP server: level 0 NTP server, which provides the synchronization service
for lower level servers (Stratum-1).
l Intermediate NTP server: level 1 and level 2 servers, which acquire time from the upper
level server and provides the time for the lower level servers.
l NTP client: acquires time from the upper level NTP server but does not provide time
service.
A host can acquire time from multiple NTP servers. An NTP server can also provide time for
multiple hosts. Hosts on the same level can exchange time. The NTP protocol supports a
maximum of 15 levels of clients.
NOTE
Port 123 is used by NTP during communication through the User Datagram Protocol (UDP). Ensure that
all the IP links between the nodes are functional.
Comparison of SNTP and NTP

SNTP is a simplified protocol for the NTP server and the NTP client. The difference between
SNTP and NTP is that SNTP has disadvantage in the following aspects:
l Handling errors
l Filtering of multiple servers
l Choosing among multiple clock sources, that is, acquiring the most accurate clock source
after using an algorithm to analyze multiple connected NTP servers.

U2000
3.4 Policies for Configuring the NTP Service on the U2000

Server
This section describes the policies for configuring the NTP service for the U2000 system.
Table 3-1 describes the policies for configuring the NTP service in the U2000 system and the
advantages and disadvantages of the policies.
Table 3-1 Policies for configuring the NTP service on the U2000 server
Policy Reliability Security System Cost
Resource
Usage
Policy The Time The U2000 board The cost is high

1(Recom independently synchronization synchronizes because an extra
mended): deployed NTP between the time only with NTP server
The server runs in a U2000 board and the upper-level needs to be
U2000 stable operating the OSMU server and does deployed to
board is environment. server occurs in not provide provide time
configured the ATAE timing services synchronization
to internal network to other devices. services to NEs.
synchroniz and therefore the This policy's
e time security is system resource
with the guaranteed. The usage is lower
OSMU security of NEs' than that of
server time Policy 2.
upon synchronization
delivery, depends on the
and NEs third-party time
are server and, the
configured time
to synchronization
synchroniz security can be
e time guaranteed if the
with the third-party server
NTP supports
server that encrypted
is authentication.
independe
ntly
deployed
for the
U2000.

U2000

Resource
Usage
Policy 2: Operations are A key for time The U2000 board No extra NTP
The performed synchronization synchronizes server is required
U2000 frequently on the can be time with the because the
board is U2000 board configured on upper-level U2000 boards is
configured because of the NE and the server and configured as the
as the maintenance, U2000 board to provides the time intermediate
intermedia upgrade, and achieve synchronization NTP server. This
te NTP backup. encrypted service to the saves the server
server and Therefore, the authentication lower-level NE. cost.
NEs are reliability is and security. This policy's
configured relatively low system resource
as NTP when the U2000 usage is higher
clients to board is used as than that of
synchroniz the intermediate Policy 1.
e time NTP server.
with the When the U2000
U2000 board is
board. configured as the
intermediate
NTP server, the
NE time and the
top-level NTP
server time might
be different
because the
U2000 board
time has an
offset.
3.5 Viewing NTP Settings of the OSMU Server

This section describes how to check whether an NTP server has been configured for the
OSMU server using the OSMU. For an ATAE cluster online remote HA system, you need to
Prerequisites
l You have obtained the IP address of the NTP server for the OSMU.
l The OSMU is communicating properly with the NTP server.
Procedure
Step 1 Expand the Routine Maintenance navigation tree in the left pane on the OSMU and choose
Time Management > Upper-Level NTP Server Info.

U2000
Step 2 On the Upper-Level NTP Server Info tab page, check that the NTP server has been added
successfully.
Table 3-2 describes the connection status between the OSMU and the NTP server.
Table 3-2 Connection status between the OSMU server and the NTP server
State Description Solutions
Connectio The OSMU is not 1. Check whether the physical connection between the
n failed communicating OSMU and the NTP server is correct and whether
properly with the the OSMU is communicating properly with the NTP
NTP server. server.
2. Check whether a route is correctly set between the
OSMU and the NTP server. If the route has not been
set or the setting is incorrect, re-set the route by
following instructions provided in 2.2 Setting the
Routes of the U2000 Server, and then check the
status of the synchronization between the OSMU and
the NTP server.
Synchroni An error occurs 1. Use PuTTY to log in to the OSMU board in SSH
zation when the OSMU mode as user osmuuser. For detailed operations, see
failed synchronizes time 26.1.1 Logging In to the Board by Using PuTTY.
with the NTP 2. Run the following command to switch to user root.
server. The
probable causes ~> su - root
are as follows:
3. Run the following command to check whether the
l Cause 1: The
NTP service is running:
NTP service of
the OSMU # ps -ef|grep ntp|grep -v grep
server has not – If the system displays no command output, the
started. NTP service of the OSMU server has not started.
l Cause 2: The If this occurs, run the following command to start
NTP service of the NTP service of the OSMU server:
the OSMU # service ntp start
server has not
– If the displayed command output contains ntpd,
started or the
the NTP service of the OSMU server has started.
NTP service is
In this case, check the NTP service status of the
not provided
NTP server to ensure that the NTP service has
for the OSMU.
started and the NTP service has been provided to
the OSMU.
Successfu The OSMU -

l properly
synchroni synchronizes time
zation with the NTP
server.
----End

U2000
3.6 Modifying NTP Servers of the OSMU Server

The OSMU server functions as the NTP server of the U2000 server. The OSMU server
synchronizes time with an external clock source, and the U2000 server automatically
synchronizes time with the OSMU server. For an ATAE cluster online remote HA system, you
need to perform the following steps on the active site and the standby site.
Prerequisites
l You have obtained the IP address of the NTP server for the OSMU.
l The OSMU is communicating properly with the NTP server.
Procedure
l Expand the Routine Maintenance navigation tree in the left pane on the OSMU and
choose Time Management > Upper-Level NTP Server Info.
For details about how to modify the NTP server of the OSMU server, see OSS
Management > Time Management > Modifying NTP Servers for the OSMU Server
in the OSMU Online Help. Press F1 to view the OSMU Online Help in the OSMU.
----End
3.7 Checking the NTP Software Version of the U2000

Server
Check whether the NTP software is installed on the server. If so, check the software version.
Procedure
Step 1 Use PuTTY to log in to the U2000 server in SSH mode as user ossuser. For detailed
operations, see 26.1.1 Logging In to the Board by Using PuTTY.
Step 2 Run the following command to switch to user root.
~> su - root
Step 3 Check whether the NTP software package is installed on the server (by default, the NTP
software package is installed):
l On SUSE10 OS, run the following command.
# rpm -qa|grep xntp
xntp-4.2.4p3-48.14.16

# rpm -qa|grep ntp
ntp-4.2.4p8-1.24.1

U2000
If the system output is similar to the previous information, the NTP software package is
installed. Proceed with Step 4. Otherwise, the NTP software package is not installed and you
can skip subsequent steps and contact Huawei technical support.
Step 4 View the NTP software version:
# rpm -qi xntp | grep Version
Version : 4.2.4p3 Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany

# rpm -qi ntp | grep Version
Version : 4.2.4p8 Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
In the system output, the value of Version indicates the NTP software version.
----End
3.8 Enabling/Stopping the NTP Monitoring Service of the

U2000 Server
This section describes how to start and stop NTP monitoring services on the server. For an
ATAE cluster online remote HA system, you need to perform the following steps on the active
site.
Procedure
l Starting NTP monitoring
a. Log in to the U2000 active service board, standby service board, and all slave
service boards as user root through the KVM. For detailed operations, see 26.1.2
Logging In to the board by Using the KVM of the OSMU.
You need to perform the following steps on each server.
b. Run the following commands to run the NTP monitoring configuration script:
# cd /opt/oss/server/rancn/bin
# ./deployHDMonitor.sh
c. Choose NTP Service Monitor.
d. When the system displays the following information, enter true.
Please set the flag to start NTP Monitor [default:false]:
When the system displays the following information, the NTP monitoring is started
successfully.
configure the flag to start NTP service monitor in /opt/oss/server/
common/resourcemonitor/conf/user.xml
Finish to deploy NTP Monitor.
e. Run the following commands to restart the ResourceMonitor process:

When the system displays the following similar information, In the command
output, the second row of the ResourceMonitor -cmd start line displays the ID of
ResourceMonitor.

U2000
# ps -ef | grep "ResourceMonitor"

ossuser 13382 1 0 07:13:20 ? 0:38 /opt/oss/server/
platform/bin/ResourceMonitor -cmd start >/dev/null 2>&1
ossuser 17176 16883 0 15:32:15 pts/2 0:00 grep ResourceMonitor
# kill -9 13382
NOTE
In the preceding command, 13382 is the process ID of ResourceMonitor. Replace it with

the actual value.
# ResourceMonitor -cmd start

l Stopping NTP monitoring
a. Log in to the U2000 active service board, standby service board, and all slave
service boards as user root through the KVM. For detailed operations, see 26.1.2
Logging In to the board by Using the KVM of the OSMU.
You need to perform the following steps on each server.
b. Run the following commands to run the NTP monitoring configuration script:
# cd /opt/oss/server/rancn/bin
# ./deployHDMonitor.sh
c. Choose NTP Service Monitor.
d. When the system displays the following information, enter false.
Please set the flag to start NTP Monitor [default:false]:
When the system displays the following information, it indicates that the NTP
monitoring configuration script is running and NTP monitoring is stopped.
configure the flag to start NTP service monitor in /opt/oss/server/
common/resourcemonitor/conf/user.xml
Finish to deploy NTP Monitor.
e. Run the following commands to restart the ResourceMonitor process:

When the system displays the following similar information, In the command
output, the second row of the ResourceMonitor -cmd start line displays the ID of
ResourceMonitor.
# ps -ef | grep "ResourceMonitor"
ossuser 13382 1 0 07:13:20 ? 0:38 /opt/oss/server/
platform/bin/ResourceMonitor -cmd start >/dev/null 2>&1
# kill -9 13382
NOTE
In the preceding command, 13382 is the process ID of ResourceMonitor. Replace it with

the actual value.

U2000
# ResourceMonitor -cmd start
----End
3.9 Viewing the Time and Time Zone of the U2000 Server
This section describes how to check the time settings of the U2000 server. Before configuring
the Network Time Protocol (NTP) service, ensure that the time zone, date, and time are set
correctly on the U2000 server.
Prerequisites
l The personal computer (PC) communicates with the OSMU server properly.
Procedure
Step 1 In the navigation tree in the left pane, choose Routine Maintenance > Time Management >
Time and Time Zone.
Step 2 In the Time and Time Zone area on the right, check whether the time zone, date, and time of
the cluster system meet requirements.
The time zone and date of the cluster system must be consistent with those of the NTP time
source. The time difference between time of the cluster system and that of the NTP time
source cannot exceed 60 seconds. Otherwise, modify the time of the cluster system by
following instructions provided in 3.10 Changing the Time and Time Zone of the U2000
Server.
----End
3.10 Changing the Time and Time Zone of the U2000

Server
This section describes how to change the time and time zone of the advanced telecom
application environment (ATAE) cluster system by using the OSMU. When the time and time
zone of the ATAE cluster are changed, the date, time, and time zone of all boards in the ATAE
cluster system are changed at the same time. This configuration takes effect on all boards. If
this configuration has already been performed on the other product such as PRS or Nastar in
the ATAE cluster system, you do not need to perform this configuration again on the U2000.
Prerequisites
l You have obtained the local time zone and time of a site.
NOTE
You can visit http://www.timeanddate.com to query the local time zone and time of a site.
l No task is running on the OSMU.

U2000
Procedure
Scenario Operation
ATAE cluster system Perform Step 2 through Step 12.
ATAE cluster Change the time Perform Step 2 through Step 12 at the active site.
online remote and time zone at
HA system the active site
Change the time NOTICE

and time zone at l Ensure that the boards are in the Standby state at the
the standby site standby site.
l Ensure that the time and time zone at the standby site
are consistent with those at the active site.
Perform Step 6 through Step 11 at the standby site.
Step 2 In the left pane of the OSMU, expand the Routine Maintenance navigation tree, and choose
Time Management > Time and Time Zone.
Step 3 On the Time and Time Zone tab page in the right pane, click Refresh to check whether the
current settings are consistent with the local time and time zone settings.
If... Then...
The current settings are consistent with the time and Skip this section.
time zone of the site
The current settings are inconsistent with the time and Perform Step 4 through Step
time zone of the site 12.
Step 4 In the left pane of the OSMU, expand the Device Management navigation tree and select a
rack number under the Device Panel node.
Step 5 On the rack tab page in the right pane, verify that the OSMU board is in the Normal state and
the OGPU board status is consistent with that in the following describe.
If there is any board in the Faulty state, contact Huawei technical support.
NOTICE
If the status of a board is inconsistent with the following described, the time zone and time of
the U2000 server will fail to be changed.
l For the Oracle database, the board status is the same as the following describe.
– Status of service board must be Service Stopped or Switched Over.
– Status of standby service board must be Standby or Service Stopped.

U2000
– Status of DB board must be Service Stopped or Switched Over.

– Status of standby DB board must be Standby or Service Stopped.
l For the Sybase database, the board status is the same as the following describe.
– Status of service board must be Service Stopped or Switched Over.
– Status of standby board must be Standby or Service Stopped.
– Status of DB board must be Service Stopped.
If the board is in the Normal state, stop the service by following instructions provided in 4.6
Stopping U2000 Services or 4.4 Stopping the Database Service.
Step 6 In the left pane of the OSMU window, expand the Routine Maintenance navigation tree and
choose Time Management > Upper-Level NTP Server Info.
Step 7 On the Upper-Level NTP Server Info tab page in the right pane, check whether NTP servers
are configured for the ATAE cluster system.
If NTP servers have been configured, select an NTP server record and click Delete to delete
it. Repeat this operation until all the NTP servers are deleted. Wait for 10 minutes and then
perform Step 9. Otherwise, changing the time and time zone will fail.
Step 8 In the left pane of the OSMU, expand the Routine Maintenance navigation tree, and choose
Time Management > Time and Time Zone.
Step 9 On the Time and Time Zone tab page in the right pane, click Modify.
Step 10 Perform the following operations by scenario.

If... Then...
You need to modify 1. In the displayed Change Time and Time Zone dialog box,
the time zone only select Change Time Zone. Then, set the time zone based on the
local time zone of the site, and click OK.
3. On the Time and Time Zone tab page, click Refresh. Then,
check that the new time zone is consistent with the local time
zone of the site.

U2000
If... Then...
the time only select Change Time. Then, set the time based on the local time
of the site, and click OK.
NOTICE
Ensure that the changed time is the same as the local standard time. If
you change the time to a value beyond the security certificate's validity
period (from September 1, 2014 to August 29, 2024), all the OGPU
boards will malfunction. To solve the problem, see 26.1.10 Changing All
the Board's Time Manually.
2. In the displayed dialog box, click Yes.
After the preceding operations are performed, the OSMU service
automatically restarts. The restart of the OSMU service takes
about 1 minute. You can log in to the OSMU only after the
OSMU service is restarted.
3. Log in to OSMU by using the browser on the PC. For detailed
operations, see 26.2.5 Logging In to the OSMU by Using a
Web Browser.
4. In the left pane of the OSMU, expand the Routine Maintenance
navigation tree, and choose Time Management > Time and
Time Zone.
check that the new time is consistent with the local time of the
site.
the time zone and select Change Time Zone and Change Time. Then, set the time
time zone and time based on the local time zone and time of the site,
and click OK.
NOTICE
Ensure that the changed time is the same as the local standard time. If
you change the time to a value beyond the security certificate's validity
period (from September 1, 2014 to August 29, 2024), all the OGPU
boards will malfunction. To solve the problem, see 26.1.10 Changing All
the Board's Time Manually.
After the preceding operations are performed, the OSMU service
automatically restarts. The restart of the OSMU service takes
about 1 minute. You can log in to the OSMU only after the
OSMU service is restarted.
3. Log in to OSMU by using the browser on the PC. For detailed
operations, see 26.2.5 Logging In to the OSMU by Using a
Web Browser.
4. In the left pane of the OSMU, expand the Routine Maintenance
navigation tree, and choose Time Management > Time and
Time Zone.
check that the new time zone and time are consistent with the
local time zone and time of the site.

U2000
Step 11 If you have deleted NTP servers in Step 7, you need to reset the NTP servers after changing
the time and time zone. For detailed operations, see 3.6 Modifying NTP Servers of the
OSMU Server.
Step 12 If the board services are stopped in Step 5, start the board services. For details, see 4.3
Starting the Database Service and 4.5 Starting U2000 Services. Otherwise, skip this step.
----End
3.11 Viewing the DST Rule for the U2000

This section describes how to view the daylight saving time (DST) rule of the U2000 system.
Procedure
Step 1 Log in to the OSMU through a web browser. For details, see 26.2.5 Logging In to the
OSMU by Using a Web Browser.
Step 2 Choose Routine Maintenance > Time Management > Time and Time Zone from the
navigation tree in the left pane.
The DST information is displayed below the DST Info area.
----End
3.12 Setting the DST Rule for the U2000

This section describes how to set the daylight saving time (DST) rule for the U2000 system.
DST is associated with the time zone. To set the DST, you only need to set the correct time
zone. For an ATAE cluster online remote HA system, you need to perform the following steps
on the active site and the standby site.
Context
The DST is one hour earlier than the standard time. For example, during the DST, 10:00 am in
US east standard time is 11:00 am in US east DST.
The impact of the DST on the U2000 system.

l When the DST starts, generally one hour is automatically added to the local time of the
operating system. This change does not affect the system clock of the U2000. The U2000
log management and trace management uses the local time. Therefore, one-hour records
are missing from the trace files.
l When the DST ends, generally one hour is automatically reduced from the local time of
the operating system. This change does not affect the system clock. Therefore, time
storage and exchange are not affected. This change, however, affects the time display.
During the operation of the U2000, some modules in the U2000 generate some files
whose names are identified by time stamps. When the DST ends, files that are generated
later overwrite the earlier ones.

U2000
NOTE
l The local time is the time displayed on the computer. It varies according to the time zone.
l The system clock indicates the GMT. The NTP synchronization uses the GMT, which does not
affect the local time. The DST does not affect the NTP service.
Procedure
Step 1 Set the time zone of the U2000 system by following instructions provided in 3.10 Changing
the Time and Time Zone of the U2000 Server. The DST rule is then automatically set.
----End
3.13 Setting the NTP Service of the U2000 System

(Security Authentication Mode)
This section describes how to manually set time synchronization between the OSMU server
and the NTP server so as to ensure that the NTP service on the OSMU server is running
properly. The NTP security authentication implements security authentication between the
NTP client and server. That is, the time that the NTP client synchronizes from the NTP server
in security authentication mode is the trusted time.
3.13.1 Setting Time Synchronization Between the OSMU Server

and NTP Server (Security Authentication Mode)
This section describes how to manually set the OSMU server in the ATAE cluster system as
the NTP client for it to synchronize time with an external NTP time server. For an ATAE
cluster online remote HA system, you need to perform the following steps on the active site
and the standby site.
Prerequisites
l The time zone, date, and time of the OSMU server are set correctly.
l You have configured the upper-level NTP server in security authentication mode.
l You have obtained the identifier, key type, and key data of the upper-level NTP server.
l When a firewall exists between the OSMU server and an NTP server, the port UDP/TCP
123 on the firewall has been enabled.
Procedure
Step 1 Use PuTTY to log in to the OSMU board in SSH mode as osmuuser. For detailed operations,
see 26.1.1 Logging In to the Board by Using PuTTY.
~> su - root
Step 3 Run the following commands to edit the /etc/ntp/keys file:

# TERM=vt100; export TERM
# vi /etc/ntp/keys

U2000
Define the identifier, key type, and authentication code for the OSMU server to synchronize
time with the upper-level NTP server. Write only one data item in each line in the following
format.
identifier key type key data
NOTE
l Separate identifier, key type, and key data with spaces.

l An identifier refers to any positive integer ranging from 1 to 4294967295. Each line in the file must
contain one unique identifier.
l A key type is a character, which refers to the encryption algorithm for calculating NTP transactions.
It supports and only supports the MD5 algorithm currently, and character M refers to the MD5
algorithm.
l For details about the key data algorithm, see 3.13.4 Introduction to Key Types and Key Data.
After editing the file, press Esc, and then run the :wq! command to save the file and exit the
vi editor.
Step 4 Run the following commands to open the /etc/ntp.conf file:
# vi /etc/ntp.conf
Step 5 Add server IP address of the upper-level NTP server key identifier prefer to specify the IP
address and identifier of the upper-level NTP server.
NOTE
prefer indicates that the system preferentially synchronizes time with the NTP server using this IP
address.
If multiple upper-level NTP servers exist, add multiple lines. Ensure that each line maps to one NTP
server. For example,
server IP address of upper-level NTP server 1 key identifier 1 prefer
server IP address of upper-level NTP server 2 key identifier 2
Step 6 Set the level of the OSMU server in the ntp.conf file to 10.
fudge 127.127.1.0 stratum 10
Step 7 Write the key file path and key identifiers to /etc/ntp.conf and delete the comment mark # in
front of the following line.
#keys /etc/ntp/keys
#trustedkey 1 2 3 4 5 6 14 15
#requestkey 1 2 3 4 5 6 14 15
Step 8 Add the identifiers used by the upper-level NTP server for time synchronization following
trustedkey, requestkey. Write the identifiers in a line and separate them with a space.
For example, if the key file path is /etc/ntp/keys and the key identifiers of the upper-level
NTP server are 100 and 101, add the identifiers in the following format:
keys /etc/ntp/keys # path for keys file
trustedkey 100 101 # define trusted keys
requestkey 100 101 # define trusted keys
Step 9 Save the ntp.conf file and exit the vi editor.

After editing the file, press Esc, and then run the :wq! command to save the file and exit.
Step 10 Run the following command to modify the rights of the ntp.keys file and the ntp.conf file:
# chmod 400 /etc/ntp/keys

U2000
# chmod 400 /etc/ntp.conf
Step 11 Run the following command to start the FTP service:

# service ntp restart
----End
Example
For example, set the OSMU server to synchronize the time of the upper-level NTP servers
whose IP addresses are 10.161.94.212 and 10.161.94.214; the NTP time server uses the MD5
algorithm; the identifiers are 100 and 101 and the corresponding key data is k0ssL09a and
l2082skt.
The contents in the created /etc/ntp/keys are as follows:
100 M k0ssL09a
101 M l2082skt
The contents in the /etc/ ntp.conf before the modification are as follows:
fudge 127.127.1.0 stratum X
#keys /etc/ntp/keys
#trustedkey 1 2 3 4 5 6 14 15
#requestkey 1 2 3 4 5 6 14 15
The contents after the modification are as follows:

server 10.161.94.212 key 100 prefer
server 10.161.94.214 key 101
keys /etc/ntp/keys
trustedkey 100 101
requestkey 100 101
Run service ntp restart to restart the NTP service.
3.13.2 Setting the U2000 Board as the Intermediate NTP Server

(Security Authentication Mode)
This section describes how to configure NTP service parameters on the U2000 board so as to
set the U2000 board as the intermediate NTP server. For an ATAE cluster online remote HA
system, you need to perform the following steps on the active site and the standby site.
Prerequisites
l The U2000 server time zone is correct.
l You have configured the upper-level NTP server in security authentication mode.
l Use PuTTY to log in to the U2000 server in SSH mode as user ossuser.
Context
l The OSMU server functions as the NTP server. The OSMU server synchronizes time
with an external clock source, and the U2000 server automatically synchronizes time
with the OSMU server.
l When a U2000 server is configured as an intermediate NTP server, the U2000 server
synchronizes time from the upper-layer clock source before providing the NTP service
for NEs. If the U2000 server fails to synchronize time from the upper-layer time source,

U2000
the U2000 server provides the NTP service for NEs using the U2000 server time. The
U2000 server time has an offset. If the U2000 server cannot synchronize the time from
the upper-layer clock source for a long time, the offset may be large, which may cause
network faults.
l When the U2000 manages billing system NEs such as the iGWB and CG, you must set
the U2000 server and NEs as NTP clients. If you set the U2000 as an intermediate NTP
server, the U2000 server time has an offset, which may lead to severe faults on the
network.
l When you set the U2000 as the intermediate NTP server, the specifications are as
follows:
– The number of NEs of concurrent NTP time synchronization is 500. Specifically,
the intermediate NTP server can provide time synchronization for 500 NEs
concurrently. When the number of NEs requiring time synchronization is greater
than 500, synchronize the NE time at an interval of 30s in batches.
– The maximum number of NEs of which the time can be synchronized using the
intermediate NTP server is consistent with the U2000 management capability.
l All U2000 service boards must be configured.
Table 3-3 describes the policies for configuring the NTP service in the U2000 system and the
advantages and disadvantages of the policies.

U2000
Table 3-3 Policies for configuring the NTP service on the U2000 server
Resource
Usage
Policy The Time The U2000 board The cost is high

1(Recom independently synchronization synchronizes because an extra
mended): deployed NTP between the time only with NTP server
The server runs in a U2000 board and the upper-level needs to be
U2000 stable operating the OSMU server and does deployed to
board is environment. server occurs in not provide provide time
configured the ATAE timing services synchronization
to internal network to other devices. services to NEs.
synchroniz and therefore the This policy's
e time security is system resource
with the guaranteed. The usage is lower
OSMU security of NEs' than that of
server time Policy 2.
upon synchronization
delivery, depends on the
and NEs third-party time
are server and, the
configured time
to synchronization
synchroniz security can be
e time guaranteed if the
with the third-party server
NTP supports
server that encrypted
is authentication.
independe
ntly
deployed
for the
U2000.

U2000

Resource
Usage
Policy 2: Operations are A key for time The U2000 board No extra NTP
The performed synchronization synchronizes server is required
U2000 frequently on the can be time with the because the
board is U2000 board configured on upper-level U2000 boards is
configured because of the NE and the server and configured as the
as the maintenance, U2000 board to provides the time intermediate
intermedia upgrade, and achieve synchronization NTP server. This
te NTP backup. encrypted service to the saves the server
server and Therefore, the authentication lower-level NE. cost.
NEs are reliability is and security. This policy's
configured relatively low system resource
as NTP when the U2000 usage is higher
clients to board is used as than that of
synchroniz the intermediate Policy 1.
e time NTP server.
with the When the U2000
U2000 board is
board. configured as the
intermediate
NTP server, the
NE time and the
top-level NTP
server time might
be different
because the
U2000 board
time has an
offset.
Procedure
~> su - root
Step 2 Run the following command to check the time zone of the server:
# grep TIMEZONE /etc/sysconfig/clock
If the server time zone is incorrect, correct it by referring to 3.10 Changing the Time and
Time Zone of the U2000 Server.
Step 3 If the U2000 services are running, stop them.
1. Check the status of the U2000 services.
For details, see 4.1 Checking the U2000 Service Status.
2. Stop U2000 services

U2000
For details, see 4.6 Stopping U2000 Services.

Step 4 If the Sybase/Oracle database services are running, stop it.
1. Check the status of the Sybase/Oracle database services.
For details, see 4.1 Checking the U2000 Service Status.
2. Stop database services.
For details, see 4.4 Stopping the Database Service.
Step 5 Run the following commands to edit the /etc/ntp/keys file:
# vi /etc/ntp/keys
Define the identifier, key type, and authentication code for an NE to synchronize time with
the U2000 board. Write only one data item in each line in the following format.
identifier key type key data
NOTE
l Separate identifier, key type, and key data with spaces.

l An identifier refers to any positive integer ranging from 1 to 4294967295. Each line in the file must
contain one unique identifier.
l A key type is a character, which refers to the encryption algorithm for calculating NTP transactions.
It supports and only supports the MD5 algorithm currently, and character M refers to the MD5
algorithm.
l For details about the key data algorithm, see 3.13.4 Introduction to Key Types and Key Data.
After editing the file, press Esc, and then run the :wq! command to save the file and exit the
vi editor.
Step 6 Run the following commands to back up the ntp.conf configuration file:
# service ntp stop
If the following information is displayed, ignore it and continue to run the following
commands:
Shutting down network time protocol daemon (NTPD) done
umount: /var/lib/ntp/proc: not mounted
# cd /etc
# cp -p ntp.conf bak.ntp.conf
Step 7 Perform the following steps to set parameters related to the NTP service and write the key file
path and key identifier:
1. Run the following commands to open /etc/ntp.conf:
# vi /etc/ntp.conf
2. Add server 127.127.1.0 and fudge 127.127.1.0 stratum 10 to the file end.
3. Check whether the key file path is keys /etc/ntp/keys.
– If the key file path is keys /etc/ntp/keys, it is normal.
– If a comment tag exists before the key file path, delete the comment tag.
– If the key file path is not keys /etc/ntp/keys, change it to keys /etc/ntp/keys.

U2000
– If the key path does not exist, add it to the file end.
4. Check whether the key identifier in /etc/ntp/keys exists after trustedkey.
– If trustedkey exists and no comment tag exists before trustedkey, add the key
identifier defined in Step 5 after trustedkey.
– If only a comment tag exists before trustedkey, delete the comment tag and add the
key identifier of /etc/ntp/keys after trustedkey.
– If trustedkey does not exist, add trustedkey and add the key identifier of /etc/ntp/
keys after trustedkey.
5. Check whether the key identifier in /etc/ntp/keys exists after requestkey.
– If requestkey exists and no comment tag exists before requestkey, add the key
identifier defined in Step 5 after trustedkey.
– If only a comment tag exists before requestkey, delete the comment tag and add the
key identifier of /etc/ntp/keys after trustedkey.
– If requestkey does not exist, add requestkey and add the key identifier of /etc/ntp/
keys after trustedkey.
6. Save ntp.conf and exit the vi editor.
After editing the file, press Esc and run the :wq! command to save the file and exit.
7. Run the following command to change the permission for file ntp.conf:
# chmod 400 /etc/ntp.conf
Step 8 Run the following command to start the FTP service:
# rcntp start
Step 9 Run the following command to check the status of the NTP service on the U2000 server:
# /usr/sbin/ntpq –p
If the information similar to the following is displayed, the NTP service is started. Otherwise,
the NTP service is in abnormal state. Contact Huawei technical support.
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.128.100 LOCAL(0) 6 u 19 64 377 0.135 0.265 0.115
LOCAL(0) .LOCL. 5 l 17 64 377 0.000 0.000 0.001
l The value of remote indicates the IP address and status of an NTP server.
In the preceding output, 192.168.128.100 indicates the IP address of the top-layer NTP
server, and * indicates that the top-layer NTP server is in normal state. After the
preceding information is displayed, wait 5 minutes and * is displayed.
l The value of st indicates the layer of an NTP server in the time synchronization network.
In the preceding output, the IP address 192.168.128.100 is on layer 6.
Step 10 Run the following command to check the time synchronization path from the U2000 server to
the top-layer NTP server:
# /usr/sbin/ntptrace
localhost: stratum 7, offset 0.000160, synch distance 0.019073
192.168.128.100: stratum 6, offset 0.000000, synch distance 0.011094
The localhost line and the next line indicate the path from the U2000 server (intermediate-
layer NTP server) to the top-layer NTP server. The system can track the entire NTP
synchronization path from the U2000 server (intermediate-layer NTP server) to the top-layer
NTP server.

U2000
For example, localhost: stratum 7 in the preceding output indicates that the U2000 server is
on layer 7, and 192.168.128.100: stratum 6 indicates that 192.168.128.100 is on layer 6.
Step 11 Run the following command to check the system date and time.
# date -R
If the system date and time are incorrect, contact Huawei technical support.
Step 12 Restart the Sybase/Oracle database services.
For details, see 4.3 Starting the Database Service.
Step 13 Restart the U2000 services.
Step 14 Enable NTP monitoring.
For details, see 3.8 Enabling/Stopping the NTP Monitoring Service of the U2000 Server.
NOTE
After the preceding configuration, start NTP monitoring so that NTP alarms can be reported to the
U2000.
----End
Example
For example, the MD5 algorithm is used, the identifiers are 100 and 101, and the
corresponding key data is tPol3kRS and l2082skt.
open the /etc/ntp/keys, the contents are as follows after the modification:
10000 M b273290137C]
100 M tPol3kRS
101 M l2082skt
Open /etc/ntp.conf, the contents are as follows after the modification:

server 192.168.128.100 key 10000 prefer
driftfile /var/lib/ntp/drift/ntp.drift # path for drift file
logfile /var/log/ntp # alternate log file
enable auth
keys /etc/ntp/keys
trustedkey 10000 100 101
requestkey 10000 100 101
disable monitor
server 127.127.1.0
Follow-up Procedure
After the U2000 server is set as an intermediate NTP server, set the NEs as NTP clients. For
details about how set an NE as an NTP client, see the user guide of the corresponding NE
type. Contact Huawei technical support to obtain the user guide.
3.13.3 Checking the NTP Service Running Status on the OSMU

Server (Security Authentication Mode)
This section describes how to check the running status of the NTP service on the OSMU
server. In the ATAE cluster system, perform the same operations to check the running status

U2000
of the NTP service on the master, standby, and slave servers. For an ATAE cluster online
remote HA system, you need to perform the following steps on the active site and the standby
site.
Context
After the NTP server and NTP client start, a 5-minute system check is performed. Wait for 5
minutes before running the following command to query the NTP service running status:
ntpq -p.
If you run ntpq -p during system check, the address of the remote time source does not
have the asterisk *; if you run ntptrace, Timeout or Not Synchronizedis displayed.
Procedure
Step 1 Log in to the OSMU board as user osmuuser in SSH mode using PuTTY. For detailed
~> su - root
Step 3 Query the time source information.
# ntpq -p
The remote field in the command output of ntpq -p is the IP address of the OSMU server's
time source, and its status is provided.
SR5S1:~ # ntpq -p
remote refid st t when poll reach delay offset disp
==============================================================================
*10.161.94.214 10.161.94.214 2 u 58 64 377 0.37 0.217 0.05
The asterisk * in front of 10.161.94.214 indicates that time synchronization is

successful.
Step 4 Check time synchronization path information.
# ntptrace
The ntptrace command will trace the NTP synchronization path from the current server to the
top-level NTP server. For more details, run the ntptrace -v command.
Step 5 Check the NTP authentication status.
# ntpq
ntpq> as
The system displays information similar to the following:

ind assID status conf reach auth condition last_event cnt
===========================================================
1 28852 f614 yes yes ok sys.peer reachable 1
In the command output, if the value in the auth column is ok, the NTP authentication is
successful.

U2000
ntpq> exit
----End
Example
The OSMU server functions as an NTP client.
# ntpq -p
remote refid st t when poll reach delay offset disp
==============================================================================
*10.71.15.97 10.71.15.69 2 u 29 64 377 0.44 -0.428 0.09
# ntpq
ntpq> as
ind assID status conf reach auth condition last_event cnt
===========================================================
1 30140 f614 yes yes ok sys.peer reachable 1
ntpq> exit
The asterisk * in front of *10.71.15.97 in the command output of ntpq -p indicates that
time synchronization is successful.
Run the ntpq command and type as. The value in the auth column is ok, which indicates that
the authentication between the OSMU server and the NTP server is successful.
3.13.4 Introduction to Key Types and Key Data

This section describes the key types and key data for setting the Network Time Protocol
(NTP) in security authentication mode. Learning the meanings of the key types and the
algorithms of the key data helps you correctly set NTP in security authentication mode.
A key type is a character, which refers to the encryption algorithm for calculating NTP
transactions. The NTP v3 standard supports the MD5:
M: indicates the message digest algorithm 5 (MD5).
Requirements for the key data of key type is as follows:
M: an ASCII string of one to eight characters.
For example, true*123.

U2000
ATAE Cluster System Administrator Guide (SUSE) 4 Managing U2000 Services and Database Services
4 Managing U2000 Services and Database

Services
About This Chapter
This section describes how to use the OSMU to view the status of U2000 services and
database services, and start and stop U2000 services and database services.
4.1 Checking the U2000 Service Status

This section describes how to check the basic information about boards using the OSMU to
learn service status and how to query specific U2000 service status on the U2000 server. The
query operation requires few system resources and does not affect system performance.
4.2 Setting the Service Domains Managed by the U2000
This section describes how to enable and disable components by using the OSMU. You can
disable unrequired components to reduce the load and enhance the performance of the U2000.
You can also enable the components that are disabled by default.
4.3 Starting the Database Service
This section describes how to start database services by board using the OSMU.
4.4 Stopping the Database Service
This section describes how to stop database services by board using the OSMU.
4.5 Starting U2000 Services
This section describes how to start U2000 services by system using the OSMU.
4.6 Stopping U2000 Services
This section describes how to stop U2000 services by system using the OSMU.
4.7 Service Groups
In the ATAE cluster system, services are categorized by groups. This section describes the
categories of the service groups and their contained services.
4.8 Querying and Changing the U2000 Service Status
This section describes how to manage the statuses of U2000 services by using the OSS
Management Tool. You can query the current statuses of the services on the U2000 server.
You can also start or stop certain services.

U2000
4.1 Checking the U2000 Service Status

This section describes how to check the basic information about boards using the OSMU to
learn service status and how to query specific U2000 service status on the U2000 server. The
query operation requires few system resources and does not affect system performance.
Procedure
Step 1 Log in to the OSMU using a web browser. For details, see 26.2.5 Logging In to the OSMU
by Using a Web Browser.
Step 2 In the navigation tree, choose Service System > Service Management > Board Services.
The basic information about all boards is listed in the right pane.
Step 3 View the current status of U2000 services and database services. Table 4-1 lists the details.
NOTE
In Table 4-1, Subsystem corresponding to the board whose System is U2000 varies depending on the
installed component.
l BASE, PM, DS, FARS, ITF, CME,CORE,CM, and FM (running on the U2000 master service board)
l MED, DS, and CORE (running on U2000 slave service boards)
l TS, CORE (available only when the TS component is installed)
l CME, DS, CORE (available only when the management capability of the U2000 is expanded to
1600 equivalent NEs or more and the CME component is installed)
l DS, CORE, NEMGR, NW (available only when the management components of the MBB backhaul
devices are installed)
l PW (available only when the Site Power Management component is installed)
Table 4-1 Service status

Syste Subsystem Status Description
m
U2000 l BASE,PM,D Normal The U2000 services are running

S,FARS,ITF, properly. To learn the specific status of
CME,CORE all services, proceed to Step 4.
,CM,FM
Service Stopped The U2000 services are stopped.
l MED,DS,C
ORE Switched Over The U2000 services on this node have
l TS,CORE been switched to the standby node.
l CME,DS,C Others The U2000 is not installed or
ORE abnormal.
l DS,CORE,N
EMGR,NW
l PW
U2000 l For the Normal The database services are running

DB Oracle properly.
database:
Service Stopped The database services are stopped.

U2000

m
– OSSDB Switched Over The database services on this node

– OSSPM have been switched to the standby
DB node.
l For the Others The database is not installed or
Sybase abnormal.
database:
The one
whose name
contains
DBSVR
Standb Subsystem is Standby The standby node is in the normal

y(Orac Standby and state.
le) Cluster Name
is Service Stopped The U2000 services on other nodes are
U2000Cluster. switched over to this node, but the
U2000 services are not started yet.
Normal The U2000 services on other nodes are

switched over to this node and are
running properly.
Others The U2000 is not installed or

abnormal.
Subsystem is Standby The standby node is in the normal

Standby and state.
Cluster Name
is DBCluster. Service Stopped The database services on other nodes
are switched over to this node, but the
database services are not started yet.
Normal The database services on other nodes

are switched over to this node and are
running properly.
Others The database is not installed or

abnormal.
Standb Subsystem is Standby The standby node is in the normal

y(Syba Standby. state.
se)
Service Stopped The U2000 services or database
services on other nodes are switched
over to this node, but the U2000
services or database services are not
started yet.
Normal The U2000 services or database

services on other nodes are switched
over to this node and are running
properly.

U2000

m
Others The U2000 or database is not installed

or abnormal.
When a node is in the Switched Over state, you can perform the following operations to check
whether the board experiences a normal switchover or a fault switchover:
1. In the navigation tree, choose Device Management > Device Information > Details.
2. Select the board that is in the Switched Over state, and check the status of the board
service software in the Details area.
– If the value of Service software running status is StoppedSwitchOver, this node
experiences a normal switchover and no abnormal resource is available on this
node.
– If the value of Service software running status is AbnormalSwitchOver, this
node experiences a fault switchover and abnormal resources are available on this
node.
Step 4 Check the U2000 service status.
NOTICE
The Veritas Cluster Software (VCS) in the ATAE cluster system monitors only the U2000
daemon process of each board. Even if the U2000 daemon process is normal, U2000 services
on some boards may be abnormal. You can perform the following operations to check the
status of all U2000 services.
1. In the navigation tree on the left, choose Service System > Service Management >
Board Services.
2. In the Board Services tab page in the right pane, find boards whose System is U2000
and that are in the Normal state, and record SN of these boards.
3. Log in to any of the boards found in Step 4.2 as user ossuser using the keyboard, video,
and mouse (KVM) of the OSMU. For details, see 26.1.2 Logging In to the board by
Using the KVM of the OSMU.
4. Run the following commands to check the U2000 service status:
~> cd /opt/oss/server
~> . ./svc_profile.sh
~> svc_adm -cmd status -sysagent all

SystemConfigurator: running
Host: 10.10.10.102
Service Agent: 3rdTool_agent [1 service(s)] pid: 16379
...
[All Services: 53 ] [Running: 53 ] [Not Running: 0 ]
Host: 10.10.10.103
Service Agent: FMPreService0201_agent [1 service(s)] pid: 849

U2000
– In the system output, if Not Running of all Host is 0, all U2000 services are
started.
– In the system output, if Running of all Host is 0, all U2000 services are stopped.
NOTE
The U2000 system generates processes and services dynamically during operation. Accordingly,
the number of the processes and services that are found changes dynamically.
----End
4.2 Setting the Service Domains Managed by the U2000

This section describes how to enable and disable components by using the OSMU. You can
disable unrequired components to reduce the load and enhance the performance of the U2000.
You can also enable the components that are disabled by default.
Prerequisites
You have logged in to the OSMU on the PC. For detailed operations, see 26.2.5 Logging In
to the OSMU by Using a Web Browser.
Procedure
Step 1 Choose Service System > U2000 > OSS Management Tool from the navigation tree on the
OSMU. The OSS Management Tool window is displayed.
If the system displays Security Warning, set the parameters according to the browser by
referring to 26.2.1 Setting Internet Explorer or 26.2.2 Setting Firefox.
Step 2 In the OSS Management Tool main window, click Component Management. The
Component Management window is displayed.
Step 3 Click Help in the upper right corner. Then, perform operations according to the online help in
the Component Management tab.
----End
4.3 Starting the Database Service

This section describes how to start database services by board using the OSMU.
Prerequisites
Procedure
Step 2 On the Board Services tab page in the right pane, view the status of the U2000 DB board.

U2000
l If the DB board is in the Service Stopped state, go to Step 3.

l If the DB board is in other state excluding Normal and Service Stopped, contact
Step 3 On the Board Services tab page, select the check box of the DB board whose service you
want to start based on the database type, and click Start.
l For Oracle databases, select the DB board whose Subsystem is OSSDB or OSSPMDB
and whose Cluster Name is DBCluster.
l For Sybase databases, select the DB board whose Subsystem contains DBSVR, and
whose Cluster Name is U2000Cluster.
Step 4 In the displayed confirmation dialog box, click Yes to start services.
Step 5 In the displayed dialog box, click OK.

You can check the task execution result in the Centralized Task Management area. If the
task execution fails, contact Huawei technical support.
NOTE
If you select more than one DB board, one service startup task is created for each DB board, and these
tasks can be executed concurrently.
----End
4.4 Stopping the Database Service

This section describes how to stop database services by board using the OSMU.
Prerequisites
Procedure
Step 2 On the Board Services tab page in the right pane, view the status of the U2000 service
boards.
l If the service boards are in the Service Stopped state, go to Step 3.
l If the service boards are in the Normal state, stop the services on the service boards by
referring to 4.6 Stopping U2000 Services. Then, go to Step 3.
l If the service boards are in other state excluding Service Stopped and Normal, contact
Step 3 On the Board Services tab page, view the status of the U2000 DB board.
l If the DB boards are in the Normal state, go to Step 4.
l If the DB boards are in other state excluding Service Stopped and Normal, contact
Step 4 On the Board Services tab page, select the check box of the DB board whose service you
want to stop based on the database type and click Stop.

U2000
l For Oracle databases, select the DB board whose Subsystem is OSSDB or OSSPMDB
and whose Cluster Name is DBCluster.
l For Sybase databases, select the DB board whose Subsystem contains DBSVR, and
whose Cluster Name is U2000Cluster.
Step 5 In the displayed confirmation dialog box, click Yes to stop services.
NOTE
If you select more than one DB board, one service termination task is created for each DB board, and the
tasks can be executed concurrently.
----End
4.5 Starting U2000 Services

This section describes how to start U2000 services by system using the OSMU.
Prerequisites
l The PC communicates with the OSMU server properly.
Procedure
Step 2 On the Board Services tab page in the right pane, check the status of the boards for the
clusters listed in Table 4-2.
Table 4-2 Requirements for board status before you start U2000 services
Database Cluster Name System Subsystem
Sybase U2000Cluster U2000DB The one whose name contains

DBSVR
Oracle DBCluster U2000DB The one whose name contains OSS
l If any board is in the Faulty state, contact Huawei technical support. After the fault is
rectified, go to Step 3.
l If none of the boards is in the Faulty state, go to Step 3.
Step 3 On the Board Services tab page in the right pane, confirm that the U2000 service boards are
in the Service Stopped or Normal state.
Step 4 Before starting the U2000 services, ensure that database services are started. For details about
how to start the database services, see 4.3 Starting the Database Service.

U2000
Step 5 In the navigation tree, choose Service System > Service Management > System Services.
Step 6 On the System Services tab page in the right pane, select the check box of the system whose
System is U2000, and click Start to start U2000 services.
Step 7 In the displayed confirmation dialog box, click Yes.
The time required for starting U2000 services varies according to the actual environment. In
normal cases, starting the services takes 15 to 20 minutes.
----End
4.6 Stopping U2000 Services

This section describes how to stop U2000 services by system using the OSMU.
Prerequisites
l The PC communicates with the OSMU server properly.
Procedure
Step 2 On the Board Services tab page in the right pane, confirm that the U2000 service boards are
in the Normal state.
If the boards are in other state, contact Huawei technical support.
Step 3 In the navigation tree, choose Service System > Service Management > System Services.
Step 4 On the System Services tab page in the right pane, select the check box of the system whose
System is U2000, and click Stop to stop U2000 services.
NOTICE
When the U2000 uses the Sybase database, this operation takes effect only on service boards
of the system whose System is U2000.
Step 5 In the displayed confirmation dialog box, click Yes.
The time required for stopping U2000 services varies according to the actual environment. In
normal cases, stopping the services takes 2 minutes.

U2000
----End
4.7 Service Groups

In the ATAE cluster system, services are categorized by groups. This section describes the
categories of the service groups and their contained services.
Services are categorized into the following service groups: BASEGroup, CMGroup,
FMGroup, PMGroup, PRSGroup, FASGroup, DSGroup, CMEGroup, MEDGroup, ITFGroup,
and COREGroup.
The categories of the service groups and their contained services are listed in Table 4-3.
Table 4-3 Service item contained in each service group

Service Group Service Item
BASEGroup 3rdToolService
ADNService
AdvancedSwitchService
AntennaTune
ConfigExport
CorbaService
EAMService
ForwardingService
FNLicenseService
GEMService
IPMService
ItmService
LicenseService
LogService
MaintenanceService
NeLicenseService
NeUserService
NGNFullFillService
NGNNI112Service
NGNNIService

U2000
NGNTestManageService
NHCService
NICService
NIMServer
PartitionService
PMService
PortTrunkingService
ProxyServer
ScriptModuleService
SecurityService
SNMService
SONService
SWMService
SystemService
TopoAdapterService
TopoService
trapdispatcher
UAPService
CMGroup CMEngine
CMServer
CPMService
FMGroup FaultService
PMGroup PMMonService
ThresholdService
LocationService
PRSGroup PRSAssistantService
PRSReportService
PRSSumService
PRSFsService
PRSDcService

U2000
FARSGroup FarsService
DSGroup DesktopService
CMEGroup CmeServer
MEDGroup CmDcService
FMMediationService
FMPreService
IRPEngine
MediationService
NCCService
PMEngine
PMSExport
SWMEngine
ThresholdEnging0X0X
ITFGroup CMExport
IRPService
IRPEngine
IRPPMEngine
MirrorDBService
PMExport
SnmpAgent
TTMgrService
COREGroup XFTPService
OMMonitor
4.8 Querying and Changing the U2000 Service Status

This section describes how to manage the statuses of U2000 services by using the OSS
Management Tool. You can query the current statuses of the services on the U2000 server.
You can also start or stop certain services.

U2000
Prerequisites
You have logged in to the OSMU through a web browser. For details, see 26.2.5 Logging In
Procedure
If the system prompts Security Warning, configure the parameters for the browser in use by
following instructions provided in 26.2.1 Setting Internet Explorer or 26.2.2 Setting
Firefox.
Step 2 In the OSS Management Tool main window, click General.
Step 3 Click Service Management in the navigation tree in the left pane. The Service Management
page is displayed.
Step 4 Click Query. The OSMU starts to query the service statuses.
The query results are displayed in the lower area of the page.
l Service Name: Displays the names of the services to be queried.
l Process Name: Displays the names of the processes to be queried.
l Service Status: Displays the current statuses of the services.
Step 5 Change the statuses of U2000 services.
l To start a service, select the service that needs to be started, then click Start.
l To stop a service, select the service that needs to be stoped, then click Stop.
l To start all the services, click Start All.
l To stop all the services, click Stop All.
NOTE
l The timeout duration for starting a service or all services is about 60 minutes.
l The timeout duration for stopping a service or all services is about 5 minutes.
l When all services are stopped, no stack information is generated.
l When a single service is stopped, stack information is generated.
To query stack information, obtain the stack file (for example,
20151214104743_swm_agent_4503.stack) from the /opt/oss/server/var/logs/stack/ directory
based on the service name and time when the service was stopped.
After you start or stop all the services, the Download latest operation log button and the
Download troubleshooting file button are displayed on the right of the Stop button. You can
click either of buttons to download log files as required.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 5 Managing U2000 Resources
5 Managing U2000 Resources
About This Chapter
This section describes the mapping between the resources of the U2000 system and the
methods of managing the resources and resource groups of the U2000 system.
5.1 U2000 Cluster and VCS Resource Planning (Oracle)

This section describes the function of each resource in the U2000 cluster system and the
dependencies between these resources.
5.2 U2000 Cluster and VCS Resource Planning (Sybase)
5.3 Conditions for Switchover Resources Between U2000 Nodes Automatically
In the U2000 cluster system, the Veritas Cluster monitors the U2000 daemon process and
database instances. If a critical fault occurs on the master or slave node, the Veritas Cluster
switches the resources such as the database and U2000 applications to the standby node.
5.4 Checking the Status of U2000 Resources
This section describes how to check the U2000 resources and resource groups and their status.
5.5 Switching Resources Between U2000 Nodes Manually (Oracle)
This section describes how to manually switch over resources between nodes in the U2000
service cluster and between nodes in the DB cluster. Skip this section if no standby node and
DB standby node exists.
5.6 Switching Resources Between U2000 Nodes Manually (Sybase)
This section describes how to switch over resources between nodes in the U2000 cluster
system manually. Skip this section if no standby node exists.

U2000
5.1 U2000 Cluster and VCS Resource Planning (Oracle)

Cluster Planning
For the Oracle database, Table 5-1 describes the cluster planning for the ATAE cluster
system.
Table 5-1 Cluster planning

Item Name
U2000 application cluster U2000Cluster
U2000 DB cluster DBCluster
Resource Group Planning and Resource Planning

The U2000 cluster system comprises the U2000 service cluster and the U2000 DB cluster.
Table 5-2 and Table 5-3 describes the function of each resource in the U2000 cluster system
and the dependencies between these resources.
Table 5-2 Resource group planning and resource planning (U2000 service cluster)
Resource Group Description of Resource Name Description
Resource Group
U2000ClusterSnmp Simple Network U2000ClusterSnmp Network adapter

Group Management NICX resource that reports
Protocol (SNMP) SNMP alarms of the
resource group of service cluster to the
the U2000 cluster U2000. X indicates
system. It collects the number of the
hardware alarms network adpater.
from the service
cluster and forwards U2000ClusterSnmp SNMP alarm
them to the U2000. NotifierMngr resource in the
service cluster. The
SNMP alarm
resource depends on
resource
U2000ClusterSnmp
NICX.
srXsY_oss_sg Resource groups of srXsY_oss_sg_dg_r Disk group resource

service boards in the s in the service
U2000 cluster cluster.
system. If the active

U2000

Resource Group
service board or the srXsY_oss_sg_ip_rs Logic IP resource in

slave service board the service cluster.
in the same resource The mount resource
group is faulty, depends on resource
services can be srXsY_oss_sg_nic_
switched over to the rs.
standby service
board. srXsY_oss_sg_mou Mount resource in
nt_rs the service cluster.
The resource group
The mount resource
shall be named in
depends on resource
the format of
srXsY_oss_sg_dg_r
srXsY_oss_sg,
s.
where X indicates
the subrack number srXsY_oss_sg_nic_r Network adapter
of the active service s backup resource in
board or slave the service cluster.
service board and Y
indicates the slot srXsY_oss_sg_ossa Service resource of
number. pp_rs the U2000. It
depends on
resources
srXsY_oss_sg_ip_r
s and
srXsY_oss_sg_mou
nt_rs. In a master/
standby resource
group, this resource
indicates the basic
service processes of
the U2000,
including the Base,
PM, DS, FARS, ITF,
CME, Core, CM,
and FM subsystems.
In a slave/standby
resource group, this
resource indicates
the Med and TS
the U2000,
including the MED,
DS, TS, CORE and
other subsystems.

U2000
Table 5-3 Resource group planning and resource planning (U2000 DB cluster)
Resource Group
DBClusterSnmpGro SNMP resource DBClusterSnmpNIC Network adapter

up group of the DB resource that reports
cluster. It collects SNMP alarms of the
hardware alarms DB cluster to the
from the DB cluster U2000.
and forwards them
to the U2000. DBClusterSnmpNo- SNMP alarm
tifierMngr resource in the DB
cluster. The SNMP
alarm resource
depends on resource
DBClusterSnmpNI
C.
srXsY_oracle_sg Resource group of srXsY_oracle_sg_dg Disk group resource

DB boards in the _rs in the DB cluster.
U2000 cluster
system. If the active srXsY_oracle_sg_ip Logic IP resource in
DB board is faulty, _rs the DB cluster. The
the resource group mount resource
switches over to the depends on resource
standby DB board. srXsY_oracle_sg_n
ic_rs.
The resource group
shall be named in srXsY_oracle_sg_m Mount resource in
the format of ount_rs the DB cluster. The
srXsY_oracle_sg, mount resource
where X indicates depends on resource
the subrack number srXsY_oracle_sg_d
of the active DB g_rs.
board and Y
indicates the slot srXsY_oracle_sg_ne Oracle monitoring
number. tlsnr_rs resource in the DB
cluster. It depends
on resources
srXsY_oracle_sg_o
ra_rs and
srXsY_oracle_sg_i
p_rs.
srXsY_oracle_sg_ni Network adapter

c_rs backup resource in
the DB cluster.
srXsY_oracle_sg_or Oracle resource in

a_rs the DB cluster. It
depends on resource
srXsY_oracle_sg_
mount_rs.

U2000
5.2 U2000 Cluster and VCS Resource Planning (Sybase)

Cluster Planning
For the Sybase database, the ATAE cluster system only the U2000 application cluster, that
name is U2000Cluster.
Resource Group Planning and Resource Planning

Table 5-4 describes the function of each resource in the U2000 cluster system and the
Table 5-4 Resource group planning and resource planning

Resource Group
U2000ClusterSnmp Simple Network U2000ClusterSnmp Network adapter

Group Management NICX resource that reports
Protocol (SNMP) SNMP alarms of the
resource group of cluster to the U2000.
the U2000 cluster X indicates the
system. It collects number of the
hardware alarms network adpater.
from the cluster and
forwards them to the U2000ClusterSnmp SNMP alarm
U2000. NotifierMngr resource in the
cluster. The SNMP
alarm resource
depends on resource
U2000ClusterSnmp
NICX.
srXsY_oss_sg Resource groups of srXsY_oss_sg_dg_r Disk group resource

service boards in the s in the U2000 service
U2000 cluster cluster.
system. If the active
service board or the srXsY_oss_sg_ip_rs Logic IP resource in
slave service board the U2000 service
in the same resource cluster. The mount
group is faulty, resource depends on
services can be resource
switched over to the srXsY_oss_sg_nic_
standby service rs.
board.
The resource group
shall be named in
the format of

U2000

Resource Group
srXsY_oss_sg, srXsY_oss_sg_mou Mount resource in
where X indicates nt_rs the U2000 service
the subrack number cluster. The mount
of the active service resource depends on
board or slave resource
service board and Y srXsY_oss_sg_dg_r
indicates the slot s.
number.
srXsY_oss_sg_nic_r Network adapter
s backup resource in
the U2000 service
cluster.
srXsY_oss_sg_ossa Service resource of

pp_rs the U2000. It
depends on
resources
srXsY_oss_sg_ip_r
s and
srXsY_oss_sg_mou
nt_rs. In a master/
standby resource
group, this resource
indicates the basic
the U2000,
including the BASE,
PM, DS, FARS, ITF,
CME, Core, CM,
and FM subsystems.
In a slave/standby
resource group, this
resource indicates
the Med and TS
the U2000,
including the MED,
DS, TS and CORE
subsystems.
srXsY_sybase_sg Resource groups of srXsY_sybase_sg_d Disk group resource

DB boards in the g_rs in the DB cluster.
U2000 cluster
system. If the DB srXsY_sybase_sg_ip Logic IP resource in
active board or the _rs the DB cluster. The
DB slave board in mount resource
the same resource depends on resource
group is faulty, srXsY_sybase_sg_n
services can be ic_rs.

U2000

Resource Group
switched over to the srXsY_sybase_sg_m Mount resource in

standby board. ount_rs the DB cluster. The
The resource group mount resource
shall be named in depends on resource
the format of srXsY_sybase_sg_d
srXsY_sybase_sg, g_rs.
where X indicates
srXsY_sybase_sg_ni Network adapter
the subrack number
c_rs backup resource in
of the DB active
the DB cluster.
board or DB slave
board and Y srXsY_sybase_sg_s Sybase resource in
indicates the slot yb_rs the DB cluster. It
number. depends on resource
srXsY_sybase_sg_i
p_rs and
srXsY_sybase_sg_
mount_rs.
srXsY_sybase_sg_s Backup resource of

ybbak_rs Sybase in the DB
cluster. It depends
on resource
srXsY_sybase_sg_s
yb_rs.
5.3 Conditions for Switchover Resources Between U2000

Nodes Automatically
In the U2000 cluster system, the Veritas Cluster monitors the U2000 daemon process and
database instances. If a critical fault occurs on the master or slave node, the Veritas Cluster
switches the resources such as the database and U2000 applications to the standby node.
Introduction to the Veritas Cluster

The Veritas Cluster expands the SUSE operating system to a cluster operating system. A
cluster is a group of loosely coupled computing nodes. It provides a single customer view for
network services or applications such as databases, web services, and file services. A cluster
ensures high availability and flexibility of application programs.
The cluster managed by the Veritas Cluster can automatically switch over the applications
from a faulty master or active node to a specified standby node. Therefore, the Veritas Cluster
ensures high availability.
If a fault occurs on a master or active node running services, the system attempts to restart
services on the node. If the restart fails, the system automatically switches over the services
from the node to a standby node. After the switchover, you may need to reconnect the service
to the server without considering the internal structure of the system.

U2000
Resources are instances of the resource types defined in a cluster. One resource type may have
multiple resources, each of which has its name and attribute value group. This allows multiple
instances of the basic applications to run on the Cluster.
Resources that are dependent on each other are classified into the same resource group.
U2000 Resource Monitoring Mechanism and Switchover Principles

The Veritas Cluster monitors the imapsysd process of the U2000 by using its own monitoring
mechanism to ensure system security. If a critical fault occurs, the Veritas Cluster will detect
the fault as soon as possible and automatically restart the application services.
The Veritas Cluster runs the monitoring script at a regular interval to monitor the imapsysd
process of the U2000. If the returned information is normal, the Veritas Cluster continues
monitoring the process. If the returned information is abnormal, you need to invoke a script to
start U2000 services. If the services are restarted successfully, that is, the imapsysd process is
started successfully, the Veritas Cluster regards that the U2000 resources are recovered and
continues monitoring the process. If the services fail to be restarted, that is, the imapsysd
process fails to be started, the Veritas Cluster switches the resources from the master or active
node to the standby node.
The key process of the U2000 node is imapsysd. If the imapsysd process is running properly,
the Veritas Cluster continues monitoring the system. If the imapsysd process is not running
properly, the Veritas cluster invokes a script to start the U2000 services. If the imapsysd
process is started successfully, the Veritas Cluster regards that the U2000 resources have been
recovered and continues monitoring the system. If the imapsysd process is not started
successfully, the Veritas Cluster switches over the resources from the master or active node to
the standby node. The switchover process takes about 30 minutes.
The key process of the database node is the database service process. To monitor the database
service process, the Veritas Cluster provides Sybase Agent or Oracle Agent. If the Agent
detects that the database service process is not running properly, it restarts the database
service. If the database service is restarted successfully, the Veritas Cluster regards that the
database resources are recovered and continues monitoring the database service. Otherwise,
the Veritas Cluster switches over the database resources from the master or active node to the
standby node. The switchover of the database service takes about 30 minutes.
NOTE
The imapsysd and imapwatchdog processes are the daemons of the U2000 and monitor the other service
processes of the U2000. If an U2000 service is not running properly, the two processes automatically
restart it. In addition, the imapsysd and imapwatchdog processes monitor each other.
The Veritas Cluster provides Agent to monitor the database service. It determines whether the database
is running properly by checking for the database service process.
Conditions for Automatic Switchover Between Nodes of the Cluster System

The common scenarios for automatic switchover between nodes of the cluster system are as
follows:
l CPU faults
l Memory faults
l Disk array access faults
l Disrupted communication between the Ethernet adapter of the master or slave node and
the LAN switch

U2000
l Operating system faults

NOTE
The Veritas Cluster system (U2000 cluster or database cluster) allows you to switch over the resources
of only one board to the standby board. If the resources of a board have been switched over to the
standby board, manual or automatic switchover of resources from the other boards in the same cluster to
the standby board will fail.
5.4 Checking the Status of U2000 Resources

Prerequisites
Procedure
Step 1 In the navigation tree in the left pane, choose Service System > Service Management >
System Services.
Step 2 Select the cluster to be viewed from the list on the right side. Click View Resource Status.
You can view all the resource groups and their status in the cluster in the displayed dialog
box.
NOTE
The resource status of the clusters is updated every 30 seconds.

l Select U2000 to check the resource groups of the service cluster in the system:
-- SYSTEM STATE
-- System State Frozen
A SR5S2 RUNNING 0
A SR5S3 RUNNING 0
A SR5S4 RUNNING 0
-- GROUP STATE
-- Group System Probed AutoDisabled
State
B U2000ClusterSnmpGroup SR5S2 Y N
ONLINE
OFFLINE
OFFLINE
B sr5s2_oss_sg SR5S2 Y N
ONLINE
OFFLINE
ONLINE
OFFLINE
The displayed information indicates that the service cluster consists of three resource
groups.
– Resource group U2000ClusterSnmpGroup consists of nodes SR5S2, SR5S3, and
SR5S4.

U2000
– Resource group sr5s2_oss_sg consists of nodes SR5S2 and SR5S4.

Correct status of the resource groups in the service cluster are described as follows:
– Resource group U2000ClusterSnmpGroup is in the ONLINE state on only one
node.
For example, in the previous information, resource group
U2000ClusterSnmpGroup is in the ONLINE state on node SR5S2 only.
– Resource group sr5s2_oss_sg is in the ONLINE state on only one node. The same
is true for resource group sr5s3_oss_sg.
For example, in the preceding information, resource group sr5s2_oss_sg is in the
ONLINE state on node SR5S2 only, and resource group sr5s3_oss_sg is in the
ONLINE state on node SR5S3 only. Resource groups sr5s2_oss_sg and
sr5s3_oss_sg are both in the OFFLINE state on node SR5S4. This indicates that
node SR5S4 is the standby node of nodes SR5S2 and SR5S3. If the master node in
either resource group is faulty, services are switched to node SR5S4.
l Select DB to check the resource groups of the DB cluster in the system:
-- SYSTEM STATE
A SR5S11 RUNNING 0
A SR5S14 RUNNING 0
A SR6S4 RUNNING 0
-- GROUP STATE
State
B DBClusterSnmpGroup SR5S11 Y N
ONLINE
OFFLINE
OFFLINE
B sr5s11_db_sg SR5S11 Y N
ONLINE
OFFLINE
OFFLINE
ONLINE
NOTE
The system will show all products's DB resource groups as database boards of all products
constitute one database cluster that share one standby DB board.
The displayed information indicates that the DB cluster consists of three resource
groups.
– Resource group DBClusterSnmpGroup consists of nodes SR5S11, SR5S14, and
SR6S4.
– Resource group sr5s11_db_sg consists of nodes SR5S11 and SR5S14.
Correct status of the resource groups in the DB cluster is described as follows:
– Resource group DBClusterSnmpGroup is in the ONLINE state on only one node.
For example, in the preceding information, resource group DBClusterSnmpGroup
is in the ONLINE state on node SR5S11 only.

U2000
– Resource group sr5s11_db_sg is in the ONLINE state on only one node. The same
is true for resource group sr6s4_db_sg.
For example, in the preceding information, resource group sr5s11_db_sg is in the
ONLINE state on node SR5S11 only, and resource group sr6s4_db_sg is in the
ONLINE state on node SR6S4 only. Resource groups sr5s11_db_sg and
sr6s4_db_sg are both in the OFFLINE state on node SR5S14. This indicates that
node SR5S14 is the standby node of nodes SR5S11 and SR6S4. If the master node
in either resource group is faulty, services are switched to node SR5S14.
Step 3 Click OK. Then, the Query Cluster Resource dialog box is closed.
Step 4 Choose Service System > Service Management > Board Services from the navigation tree
in the left pane.
Step 5 Select the board where the cluster system resource status needs to be viewed from board list
on the right side. Click View Resource Status. The Query Board Resource dialog box is
displayed. Then the cluster system resource status on the board can be viewed.
NOTE
The cluster system resource status of boards is updated every 30 seconds.
Step 6 Click OK. Then the Query Board Resource dialog box is closed.
----End
5.5 Switching Resources Between U2000 Nodes Manually

(Oracle)
This section describes how to manually switch over resources between nodes in the U2000
service cluster and between nodes in the DB cluster. Skip this section if no standby node and
DB standby node exists.
Prerequisites
Context
l The U2000 service cluster comprises the following parts:
– Master node (or master server): board whose System is U2000 and Subsystem
contains BASE.
– Slave node (or slave server): board whose System is U2000 and Subsystem dose
not contain BASE.
l The U2000 DB cluster comprises the following parts:
– U2000 DB node: board whose System is U2000DB.
– DB standby node: board whose System is Standby, Subsystem is Standby and
Cluster Name is DBCluster.

U2000
NOTICE
l The U2000 allows you to switch over the resources of only one board to the standby board
at the same time in the same cluster. If the resources of a board have been switched over to
the standby board, switchover of resources from any other board in the same cluster to the
standby board will fail.
l A switchover is performed only when an exception occurs in the system. After the services
are switched over, some management functions of the OSMU on boards are restricted. You
can use these restricted functions only after the system restores and the services are
switched back to the original board. Restricted functions include changing time and time
zone, setting DST, changing IP addresses of boards, configuring routes, collecting device
information, backing up static data, changing user passwords of the operating system and
databases.
l The time required for the switchover depends on the actual environment. Normally, the
switchover takes 30 minutes.
l The ALM-1038 VCS Monitor Warning Alarm alarm is reported during the manual
resource switchover between U2000 nodes. After the resources are switched over, you can
manually clear this alarm.
l The ALM-1045 Abnormal SSH Trust Relationship alarm is reported during the manual
resource switchover between U2000 nodes. After the resources are switched over, this
alarm is cleared automatically.
Procedure
Step 1 Perform the following operations to switch over resources to the standby node or the DB
standby node based on the scenario:
1. Choose Service System > Service Management > Board Services from the navigation
tree on the left.
2. Check the board status on the Board Services tab page in the right pane.
– If you want to switch over the service resources:
n Status of service board and standby service board to be switched over must be
Normal and Standby, respectively.
n Status of DB board and standby DB board must be Normal, Standby, or
Switched Over.
– If you want to switch over DB resources, Status of DB board and standby DB
board to be switched over must be Normal and Standby, respectively.
3. On the Board Services tab page in the right pane, select the check box in front of the
board which you want to switch. Then, click Switch.
– If you want to switch over the service resources, select the master node or the slave
node.
– If you want to switch over DB resources, select the U2000 DB node.
4. Click Yes in the Confirm dialog box.
5. Click OK in the Information dialog box.

U2000
NOTICE
Relevant boards may restart during the switchover and the status of the boards may be
displayed as Faulty because they are disconnected from other boards. Normally, they
will restore after the switchover is complete. If any board is still in the Faulty state after
the switchover is complete, contact Huawei technical support.
6. Monitor the execution status in the Centralized Task Management area. After the task
is complete, switch to the Board Services tab page to check the board status again.
If the board status meets the following requirements, the resources are switched over
successfully. Otherwise, the switchover fails. When this happens, contact Huawei
technical support.
– After service resources are switched over, Status of service board and standby
service board must be Switched Over and Normal, respectively.
– After DB resources are switched over, Status of DB board and standby DB board
must be Switched Over and Normal, respectively.
Step 2 Perform the following operations to switch resources back from the standby node or the DB
standby node to the original node based on the scenario:
tree on the left.
standby node or the DB standby node. Then, click Switch.
NOTICE
technical support.
– After service resources are switched over, Status of original node and standby
service board must be Normal and Standby, respectively.
– After DB resources are switched over, Status of original node and standby DB
board must be Normal and Standby, respectively.
----End

U2000

(Sybase)
This section describes how to switch over resources between nodes in the U2000 cluster
system manually. Skip this section if no standby node exists.
Prerequisites
Context
The U2000 cluster system comprises the following parts:
l Master node (or master server): board whose System is U2000 and Subsystem contains
BASE.
l Slave node (or slave server): board whose System is U2000 and Subsystem dose not
contain BASE.
l Standby node (or standby server): board whose System is Standby, Subsystem is
Standby and Cluster Name is U2000Cluster.
l U2000 DB node: board whose System is U2000DB.
NOTICE
l The U2000 allows you to switch over the resources of only one board to the standby board
at the same time in the same cluster. If the resources of a board have been switched over to
the standby board, switchover of resources from any other board in the same cluster to the
standby board will fail.
l A switchover is performed only when an exception occurs in the system. After resources
are switched over, some board management functions of the OSMU are unavailable,
including changing the time and time zone, setting DST, changing IP addresses of boards,
configuring routes, collecting device information, backing up static data, and changing
user passwords of the operating systems and databases. You can use these functions only
after the system is restored and resources are switched back to the original board.
l The time required for the switchover depends on the actual environment. Normally, the
switchover takes 30 minutes.
l The ALM-1038 VCS Monitor Warning Alarm alarm is reported during the manual
resource switchover between U2000 nodes. After the resources are switched over, you can
manually clear this alarm.
l The ALM-1045 Abnormal SSH Trust Relationship alarm is reported during the manual
resource switchover between U2000 nodes. After the resources are switched over, this
alarm is cleared automatically.

U2000
Procedure
Step 1 Perform the following operations to switch over resources from the to the standby node:
tree in the left pane.
2. Check the board status on the Board Services tab page in the right pane.
– Status of the board which you want to switch and standby board must be Normal
and Standby, respectively.
– If you want to switch over the service resources, Status of DB board must be
Normal.
board which you want to switch. Then, click Switch.
NOTICE
technical support.
Status of the board which has been switched and standby board must be Switched Over
and Normal, respectively.
Step 2 Perform the following operations to switch resources back from the standby node to the
original node:
standby node. Then, click Switch.
NOTICE
displayed as Faulty, because they are disconnected from other boards. Normally, they

U2000
technical support.
Status of original node and standby board must be Normal and Standby, respectively.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 6 Setting the Authentication Mode of the U2000
6 Setting the Authentication Mode of the

U2000
About This Chapter
This section describes how to add the U2000 server to the SSO server and set the local
authentication mode and SSO mode of the U2000 server.
6.1 Setting the Authentication Mode of the U2000 Server to Local Mode
This section describes how to set the authentication mode of the U2000 server to the default
local mode if the authentication mode of the server is not set to local mode. For an ATAE
6.2 Setting the Authentication Mode of the U2000 Server to the SSO Mode
This section describes how to run commands to switch the authentication mode of the local
computer to the SSO mode when you need to move user authentication operations from the
U2000 server to the SSO server. For an ATAE cluster online remote HA system, you need to

U2000
6.1 Setting the Authentication Mode of the U2000 Server

to Local Mode
This section describes how to set the authentication mode of the U2000 server to the default
local mode if the authentication mode of the server is not set to local mode. For an ATAE
Procedure
detailed operations, see 26.1.1 Logging In to the Board by Using PuTTY.
Step 2 Run the following commands to set the environment variable:
Step 3 Run the following command to access the /opt/oss/server/platform/bin directory:

~> cd /opt/oss/server/platform/bin
Step 4 Run the following command to change the authentication mode:

~> ./oss_chg2Local.sh
NOTE
These commands stop the SSOMediatorService service and restart the security service.
oss_chg2Local script started execution...
Executing : svc_adm -cmd stopsvc SecurityService
Executing : svc_adm -cmd stopsvc SSOMediatorService
Updating SecurityService files.
Removing SSOMediatorService files.
Executing : svc_adm -cmd startsvc SecurityService
oss_chg2Local script executed...
If the preceding information is displayed, the authentication mode has been successfully set.
In this case, you need to proceed with the following operations. Otherwise, contact Huawei
technical support.
Step 5 Run the following command to restart the DesktopService:
~> svc_adm -cmd restartsvc <desktop_servicename>
For example,
~> svc_adm -cmd restartsvc DesktopService0101
NOTE
l You can run the ~> svc_adm -cmd status | grep DesktopService command to query the desktop
services on the current U2000.
l There may be more than one DesktopService that is running. You need to restart all the
DesktopServices.
----End

U2000
6.2 Setting the Authentication Mode of the U2000 Server

to the SSO Mode
This section describes how to run commands to switch the authentication mode of the local
computer to the SSO mode when you need to move user authentication operations from the
U2000 server to the SSO server. For an ATAE cluster online remote HA system, you need to
Prerequisites
You have deployed an SSO server. For detailed operations, see SSO Server Installation and
Deployment Guide.
Context
If the authentication mode is SSO, user locking and unlocking policies are controlled by the
SSO server.
Procedure
Step 2 Run the following commands to set the environment variable:
Step 3 Run the following command to access the /opt/oss/server/platform/bin directory:
~> cd /opt/oss/server/platform/bin
Step 4 Run the following command to change the authentication mode to the SSO mode:
~> ./oss_chg2SSO.sh <U2000 server name> <SSO master server IP address> 31048 <SSO
backup server IP address> 31048
For example,
~> ./oss_chg2SSO.sh ossserver2 10.10.10.11 31048 10.10.10.12 31048
NOTE
l These commands stop the SSOMediatorService service and restart the security service.
l U2000 server name is created when users add the U2000 server. For details, see SSO User Guide.
oss_chg2SSO script started execution...
Executing : svc_adm -cmd stopsvc SecurityService
Copying SSOMediatorService files.
Updating SecurityService files.
Executing : svc_adm -cmd startsvc SSOMediatorService
Executing : svc_adm -cmd startsvc SecurityService
oss_chg2SSO script executed...

U2000
If the preceding information is displayed, the authentication mode has been successfully set.
In this case, you need to proceed with the following operations. Otherwise, contact Huawei
technical support.
Step 5 Run the following command to restart the DesktopService.
~> svc_adm -cmd restartsvc <desktop_servicename>
Example:
NOTE
l You can run the ~> svc_adm -cmd status | grep DesktopService command to query the desktop
services on the current U2000.
l There may be more than one DesktopService that is running. You need to restart all the
DesktopServices.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 7 Managing the U2000 FTP Server
7 Managing the U2000 FTP Server
About This Chapter
This section describes how to change the port number and set file transfer policies on the FTP
server.
7.1 Changing the FTP Port Number (the U2000 Server as the FTP Server)
This section describes how to query or change the FTP port numbers when the U2000 server
functions as the FTP server and NEs, network management systems (NMSs), U2000 clients,
or tools function as the FTP clients. After the port number of the U2000 server is changed,
data transmission between all FTP clients and the U2000 server will be affected. Therefore,
you must set the FTP port numbers of all FTP clients communicating with the U2000 server
to be the same as the FTP port number on the U2000 server (FTP server). Alternatively, you
need to set the FTP mode on the FTP clients to encryption mode.
7.2 Changing the FTP Port Number (an NE as the FTP Server)
When an NE is used as the relay server that serves as the FTP server, the U2000 serves as an
FTP client. This section describes how to change the FTP port number if you do not want to
use the default port number 21.
7.3 Changing the FTP Port Number (a Third-Party Server as the FTP Server)
This section describes how to change the FTP port number if you do not want to use the
default port number 21 when a third-party server is used as the relay server that serves as the
FTP server, and the U2000 serves as an FTP client.
7.4 Configuring the FTP Transmission Policy
The FTP transmission policy for transmitting data between the FTP client and the FTP server
can use the traditional plaintext FTP mode or the SSL/SSH-based FTP encryption mode. To
ensure data security during file transmission, users can disable the plaintext FTP mode and
enable the SSL/SSH-based FTP encryption mode.

U2000
7.1 Changing the FTP Port Number (the U2000 Server as

the FTP Server)
This section describes how to query or change the FTP port numbers when the U2000 server
functions as the FTP server and NEs, network management systems (NMSs), U2000 clients,
or tools function as the FTP clients. After the port number of the U2000 server is changed,
data transmission between all FTP clients and the U2000 server will be affected. Therefore,
you must set the FTP port numbers of all FTP clients communicating with the U2000 server
to be the same as the FTP port number on the U2000 server (FTP server). Alternatively, you
need to set the FTP mode on the FTP clients to encryption mode.
Prerequisites
1. You have logged in to the OSMU through a web browser. For details, see 26.2.5
2. You have stopped U2000 services if you want to change the port number of the FTP
server. For details about how to stop U2000 services, see 4.6 Stopping U2000 Services.
3. You have obtained a new FTP port number that is not in use. For details about port
number usage, see the U2000 Communication Matrix.
The port number can be changed to 21 or a number ranging from 1024 to 65535.
4. The FTP port number of the NEs managed by the U2000 can be changed.
Context
For details about the NEs whose FTP port number can be changed, see Table 7-1.
Table 7-1 NEs whose FTP port number can be changed

NE Type Supported Version
BSC6900 V900R014C00 and later versions
BTS3900 series NodeB V200R014C00 and later versions
BTS3900 series eNodeB V100R005C00 and later versions
BSC6910 V100R014C00 and later versions
BTS3803E V200R015 and later versions
BTS3203E V100R006C00 and later versions
Procedure
If the system prompts Security Warning, configure the parameters for the browser in use by
Firefox.

U2000

Step 3 In the navigation tree in the left pane, choose Local FTP Server Settings. The Local FTP
Server Settings window is displayed.
Step 4 Click Help in the upper right corner. Then, change the FTP port number by following
instructions provided in section Querying or Changing the FTP Port Number in the online
help.
----End
7.2 Changing the FTP Port Number (an NE as the FTP

Server)
When an NE is used as the relay server that serves as the FTP server, the U2000 serves as an
FTP client. This section describes how to change the FTP port number if you do not want to
use the default port number 21.
Prerequisites
You have obtained a new FTP port number that is not in use. For details about port number
usage, see the U2000 Communication Matrix.
Procedure
Step 1 Perform the following operations to change the FTP port number of the NE that serves as the
FTP server:
On the U2000 client, choose Choose Maintenance > MML Command from the main menu
(traditional style); alternatively, double-click Trace and Maintenance in Application Center
and choose Maintenance > MML Command from the main menu (application style). In the
displayed MML Command window, set the MML command to be executed. For details, see
section Running MML Commands in U2000 Software and Hardware Management User
Guide.
The MML command for changing the port number of the FTP server is SET FTPSSRV.
NOTE
Ensure that the port number of the U2000 is consistent with the port number of all NEs.
For details about the MML commands, see the MML command reference of the related NEs.
Step 2 Perform the following operations to change the FTP port number of the U2000 that serves as
an FTP client:
1. Open the window for setting file transfer parameters between the NE and the U2000
server using either of the following methods on the U2000 client.
– Choose Security > Connection Security Management > NE/OSS Server
Connection Settings (traditional style); alternatively, double-click Security
Management in Application Center and choose NE Security > Connection
Security Management > NE/OSS Server Connection Settings (application
style).. The Preferences dialog box is displayed, and NE/OSS Server Connection
Settings is displayed in the right pane.
– Choose System > Preferences(traditional style) or File > Preferences (application
style). In the displayed Preferences dialog box, choose Connection Settings >

U2000
NE/OSS Server Connection Settings from the navigation tree in the left pane.
NE/OSS Server Connection Settings (for Server) is displayed in the right pane.
2. Change the FTP port number.
In the NE / OSS Server Transfer Settings dialog box, set a new FTP port number in
Command Port.
NOTICE
You can set a number ranging from 1024 to 65535. The port numbers before 1024
(except 21) are reserved and cannot be used as the command port.
3. Click OK.
Step 3 Perform the following operations to change the FTP port number of an NE that serves as an
FTP client:
displayed MML Command window, set MML commands to be executed. For details, see
Guide.
If... Then...
No FTP port number has been Run the ADD FTPSCLTDPORT command to
configured on the NE configure the IP address and port number for the FTP
client to communicate with the FTP server.
An FTP port number has been Run the MOD FTPSCLTDPORT command to change
configured on the NE the port number.
NOTE
Step 4 Change the mapped FTP port number on the firewall.

The methods of changing port numbers vary according to firewalls. The following uses
changing the FTP port number on the firewall Eudemon200 as an example.
1. Run the following command to check the FTP port number defined on the firewall:
display port-mapping ftp
SERVICE PORT ACL TYPE
-----------------------------------------
ftp 21 system defined
If the new FTP port number is unavailable in the command output, proceed to Step 4.2
to add the FTP port number. If the new FTP port number is available, do not add it.

U2000
2. Run the following command to add the new FTP port number:
port-mapping ftp port new FTP port number
After the setting, perform Step 4.1 again to check whether the new FTP port number is
available.
NOTE
If there is an unnecessary FTP port number, you can run the undo port ftp port port number
command to delete it. Port number 21 is a default number and cannot be changed or deleted.
----End
7.3 Changing the FTP Port Number (a Third-Party Server

as the FTP Server)
This section describes how to change the FTP port number if you do not want to use the
default port number 21 when a third-party server is used as the relay server that serves as the
FTP server, and the U2000 serves as an FTP client.
Prerequisites
You have obtained a new FTP port number that is not in use. For details about port number
usage, see the U2000 Communication Matrix.
Procedure
Step 1 Change the FTP port number on the third-party server.
For details, see the related guide delivered with the third-party server.
Step 2 Perform the following operations to change the FTP port number of the U2000 that serves as
an FTP client:
1. Open the window for setting file transfer parameters between the NE and the U2000
server using either of the following methods on the U2000 client.
– Choose Security > Connection Security Management > NE/OSS Server
Connection Settings (traditional style); alternatively, double-click Security
Management in Application Center and choose NE Security > Connection
Security Management > NE/OSS Server Connection Settings (application
style).. The Preferences dialog box is displayed, and NE/OSS Server Connection
Settings is displayed in the right pane.
– Choose System > Preferences(traditional style) or File > Preferences (application
style). In the displayed Preferences dialog box, choose Connection Settings >
NE/OSS Server Connection Settings from the navigation tree in the left pane.
NE/OSS Server Connection Settings (for Server) is displayed in the right pane.
2. Change the FTP port number.
In the NE / OSS Server Transfer Settings dialog box, set a new FTP port number in
Command Port.

U2000
NOTICE
You can set a number ranging from 1024 to 65535. The port numbers before 1024
(except 21) are reserved and cannot be used as the command port.
3. Click OK.
Step 3 Perform the following operations to change the FTP port number of an NE that serves as an
FTP client:
displayed MML Command window, set MML commands to be executed. For details, see
Guide.
If... Then...
No FTP port number has been Run the ADD FTPSCLTDPORT command to
configured on the NE configure the IP address and port number for the FTP
client to communicate with the FTP server.
An FTP port number has been Run the MOD FTPSCLTDPORT command to change
configured on the NE the port number.
NOTE
Step 4 Change the mapped FTP port number on the firewall.
The methods of changing port numbers vary according to firewalls. The following uses
changing the FTP port number on the firewall Eudemon200 as an example.
1. Run the following command to check the FTP port number defined on the firewall:
display port-mapping ftp

SERVICE PORT ACL TYPE
-----------------------------------------
ftp 21 system defined
If the new FTP port number is unavailable in the command output, proceed to Step 4.2
to add the FTP port number. If the new FTP port number is available, do not add it.
2. Run the following command to add the new FTP port number:
port-mapping ftp port new FTP port number
After the setting, perform Step 4.1 again to check whether the new FTP port number is
available.

U2000
NOTE
If there is an unnecessary FTP port number, you can run the undo port ftp port port number
command to delete it. Port number 21 is a default number and cannot be changed or deleted.
----End
7.4 Configuring the FTP Transmission Policy

The FTP transmission policy for transmitting data between the FTP client and the FTP server
can use the traditional plaintext FTP mode or the SSL/SSH-based FTP encryption mode. To
ensure data security during file transmission, users can disable the plaintext FTP mode and
enable the SSL/SSH-based FTP encryption mode.
7.4.1 Introduction to FTP Transmission Policy

This section describes the basic concepts of FTP transmission and how to disable the plaintext
FTP mode on the U2000 server.
Basics of the FTP Policy

The FTP client and server communicate with each other using security protocols to ensure
data confidentiality and integrity. Security protocols consist of Secure Shell (SSH), SSH File
Transfer Protocol (SFTP), Security Socket Layer (SSL), and FTP Over SSL (FTPS). Table
7-2 describes these protocols.
Table 7-2 Basics of the FTP policy

Concept Description
SSH Generally, SSH is used to replace the traditional and insecure Telnet. It
supports the setup of an encrypted tunnel between the SSH client and
server. After a Transmission Control Protocol (TCP) connection is set
up, the SSH client and server can transmit data through the encrypted
tunnel.
SFTP As a secure FTP protocol developed from SSH, SFTP is used to

transfer files in encryption mode.
SSL SSL is used to protect all application protocols that are based on TCP
or other transfer protocols.
SSL is mainly used to identify communication entities and provide a
secure channel for data confidentiality and integrity.
FTPS As a secure FTP protocol developed from SSL, FTPS is used to encrypt
data during an FTP login connection and data transmission.
Overview of the FTP Policy

The traditional plaintext FTP mode or the SSL/SSH-based FTP encryption mode can be used
for transmitting data between the FTP client and server. Using the plaintext FTP mode has
security risks. It is recommended that you use the encrypted FTP mode, users can disable the

U2000
plaintext FTP mode and enable the SSL/SSH-based FTP encryption mode. Different
communication entities use different encryption modes, as shown in Figure 7-1.
Figure 7-1 Encrypted FTP modes
l If an NE supports FTPS, FTPS is used for data transmission between the NE and the
U2000 server. To check whether an NE supports FTPS, see the NE product
documentation.
l SFTP is used between the U2000 client and the U2000 server.
l SFTP is used between the U2000 server and the NMS server.
l SFTP is used between the NIC, Nastar, and PRS and the U2000 server.
Overview of the FTP Policy When the U2000 Functions as the FTP Server
When the NEs, NMS, U2000 client, NIC, Nastar, and PRS are used as the FTP client and the
U2000 server is used as the FTP server, the traditional plaintext FTP mode or the encrypted
SFTP and FTPS modes can be used. If you have higher requirements for reliability of data
transmission, you can disable the plaintext FTP mode and use the encrypted SFTP or FTPS
mode.
If you disable the plaintext FTP mode on the U2000 server, the FTP connections between the
other systems and the U2000 server will be affected. File transfer between the U2000 server
and the NMS or NEs fails and services between them are blocked. Disabling the plaintext
FTP mode has the following impacts:
l If you set an U2000 server as a transfer server or third-party FTP server, NEs have to use
the FTPS mode to set up FTP connections with the transfer server or third-party FTP
server.
l The NMS has to use the SFTP mode. Otherwise, the NMS cannot set up FTP connection
with the U2000 server, and cannot obtain information from the U2000 server through
northbound interfaces.
l Other systems, such as the PRS, Nastar, and NIC, have to use the SFTP mode to access
the U2000 server. Otherwise, the access fails.

U2000
l Terminal users have to use the SFTP mode to transfer files to the U2000 server.
Otherwise, file transfer fails.
l The U2000 server and client have to use the SFTP mode to access each other.
l If NEs managed by the U2000 support the FTPS mode, run MML commands on an
U2000 client to set the FTPS mode for NEs.
l After the plaintext FTP mode is disabled on the U2000 server, users cannot run ftp
commands on a PC to upload files to or download files from the U2000 server. Instead,
users need to transmit data using the FileZilla tool.
Overview of the FTP Policy When the U2000 Functions as the FTP Client
When an NE functions as a transfer server and the U2000 functions as an FTP client, the FTP
policy can be set to plaintext FTP mode or FTPS encryption mode. When the FTP mode is set
to FTPS on the FTP server, the FTP mode on the U2000 functioning as the FTP client must be
set to FTPS accordingly.
7.4.2 Disabling the Plaintext FTP Mode on the U2000 Server

When an NE, the NMS, an U2000 client, or a tool gains access to the U2000 server and
transfers files, the NE, the NMS, the U2000 client, or the tool serves as an FTP client and the
U2000 server serves as an FTP server. To ensure data security during file transmission, users
can disable the plaintext FTP mode for the U2000 server and set the SFTP/FTPS encryption
mode.
Prerequisites
l The NMS for the U2000 is set to the SFTP mode.
l Other systems that need to access the U2000 are set to the SFTP mode.
l The NEs managed by the U2000 support the FTPS mode.
l The FTP service is running properly.
Context
The impacts of disabling the plaintext FTP mode for the U2000 server are as follows:
l If you set an U2000 server as a transfer server or third-party FTP server, NEs have to use
the FTPS mode to set up FTP connections with the transfer server or third-party FTP
server.
l The NMS has to use the SFTP mode. Otherwise, the NMS cannot set up FTP
connections with the U2000 server, and cannot obtain information from the U2000
server through northbound interfaces.
l Other systems, such as the PRS, Nastar, and NIC, have to use the SFTP mode to access
the U2000 server. Otherwise, the access fails.
l Terminal users have to use the SFTP mode to transfer files to the U2000 server.
Otherwise, file transfer fails.
l The U2000 server and client have to use the SFTP mode to access each other.
l If NEs managed by the U2000 support the FTPS mode, run MML commands on an
U2000 client to set the FTPS mode for NEs.

U2000
l After the plaintext FTP mode is disabled on the U2000 server, users cannot run ftp
commands on a PC to upload files to or download files from the U2000 server.
Procedure
Step 2 Perform the following operations to disable the plaintext FTP mode on the U2000 server.
1. Choose Service System > U2000 > OSS Management Tool from the navigation tree on
the OSMU. The OSS Management Tool window is displayed.
If the system prompts Security Warning, configure the parameters for the browser in
use by following instructions provided in 26.2.1 Setting Internet Explorer or 26.2.2
Setting Firefox.
2. In the OSS Management Tool main window, click General.
3. In the navigation tree in the left pane, choose Local FTP Server Settings. The Local
FTP Server Settings window is displayed.
4. Select Disable Plain Mode.
5. Click Customize.
NOTE
It takes about 2 minutes for the settings to take effect.
Step 3 Start U2000 services.

Step 4 Log in to the U2000 client, and set Encrypted Mode to Adapter Mode between the NE and
the OSS server.
1. Choose Security > Connection Security Management > NE/OSS Server Connection
Settings (traditional style); alternatively, double-click Security Management in
Application Center and choose NE Security > Connection Security Management >
NE/OSS Server Connection Settings (application style). on the U2000 client.
2. Set Encrypted Mode to Adapter Mode.
Step 5 If an emergency system is configured, perform the following operations to disable the
plaintext FTP mode on the emergency system server. If no emergency system is configured,
go to Step 6.
1. Use PuTTY to log in to the U2000 active servers as user ossuser in SSH mode. For
~> su - root
3. Run the following commands to check for emergency systems associated with the
current U2000 server on which you are performing operations:
# emgproxy_adm -c status

U2000
– If no command output is displayed, no associated emergency system exists. When

this occurs, go to Step 6.
– If the command output similar to the following is displayed, an associated
emergency system exists.
IP Address of the Emergency Disaster Recovery Server = 192.168.128.162
Service Port of the Emergency Disaster Recovery Server = 31688
4. Run the following command on the U2000 server to synchronize the data from the
current U2000 system to the emergency system in full data synchronization mode:
# emgproxy_adm -c synchronize -t all
When the system displays The synchronization succeeded.............................[100.0%],
data synchronization is complete.
5. Use PuTTY to log in to the emergency system server as user ossuser in SSH mode. For
You can perform the following operation to query the external IP address for the
emergency system server.
Use a browser to log in to the OSMU server, and choose Device Management >
Hardware Device > Board from the navigation tree in the left pane of the OSMU
window. The external IP address for the board whose Cluster Name is ESCluster is the
external IP address for the emergency system server.
NOTICE
If multiple emergency system instances are deployed, the value of Cluster Name for
each emergency system is unique, for example, ESCluster#2. Select an emergency
system according to the actual requirements.

~> su - root
7. Run the following command to check whether the plaintext FTP mode is disabled on the
emergency system server:
# ftp IP address for the emergency system server
When the system displays the following information, type ftpuser and press Enter.
Name (***.***.***:ossuser):
If the system displays Non-anonymous sessions must use encryption, the plaintext
FTP mode is disabled on the emergency system server. When this occurs, go to Step 6.
Otherwise, proceed to the following steps to disable the plaintext FTP mode on the
8. Enter the password of user ftpuser and run the following command to exit from the FTP
connection:
ftp> bye
9. Run the following command to freeze data synchronization between the U2000 system
and the emergency system:
# emgsys_adm -o resmgr -c freeze

U2000
10. Run the following commands to disable the plaintext FTP mode on the emergency
system server:
# cd /opt/oss/server/3rdTools/ftp/files
# ./setSSLForFtpSvr.sh disablePlainFtp
FTP mode is disabled on the emergency system server. When this occurs, proceed to the
following steps.
12. Press Enter for multiple times. After the ftp> prompt is displayed, run the following
command to exit from the FTP connection:
ftp> bye
13. Run the following command to unfreeze data synchronization between the U2000
system and the emergency system:
# emgsys_adm -o resmgr -c unfreeze
Step 6 Perform the following operations to set the transfer mode between the U2000 server and
client to SFTP.
1. Log in to the U2000 client.
2. Choose System > Preferences(traditional style) or File > Preferences (application
style). In the displayed Preferences dialog box, choose OSS Client/OSS Server File
Transfer Settings from the navigation tree in the left pane. Open the window for setting
file transfer parameters between the U2000 client and server.
3. Set FTP Mode to SFTP.
– Optional functions include Resumable Transfer, Compress, and Passive Mode. If
Passive Mode is not selected, files will be transferred in active mode by default.
– Network timeout(5-3600)s indicates the timeout duration for setting up an FTP
connection. The value of this parameter ranges from 5 seconds to 3600 seconds.
4. Click OK for the settings to take effect.
Step 7 Change the FTP transmission mode of the NEs managed by the U2000 to the FTPS mode on
the U2000 client or LMT.
On the U2000 client, choose Maintenance > MML Command. The MML Command
window is displayed. Set the MML commands. For details, see Running MML Commands in
U2000 Software and Hardware Management User Guide.
The MML commands are as follows:
l SET FTPSCLT
This command is used to set the transfer mode of an FTP client (NE).
l LST FTPSCLT

U2000
This command is used to query the transfer mode of an FTP client (NE).
NOTE
l For details about the MML commands, see the MML command reference of the related NE.
l On the CGPOMU, the command for setting the FTP transfer mode (SET FTPPRTL) and the
command for querying the FTP transfer mode (LST FTPPRTL) are different from those on other
NEs.
----End
7.4.3 Enabling the Plaintext FTP Mode on the U2000 Server

This section describes how to change the FTP transmission policy from the SFTP/FTPS
encryption mode to the plaintext FTP mode when an NE, the NMS, an U2000 client, or a tool
gains access to the U2000 server for file transfer.
Prerequisites
l The plaintext FTP mode has been disabled on the U2000 server.
l The FTP service is running properly.
Procedure
Step 2 Perform the following operations to enable the plaintext FTP mode on the U2000 server.
NOTICE
Enabling the Plaintext FTP Mode maybe brings risks. Therefore, use this function with
caution.
1. Choose Service System > U2000 > OSS Management Tool from the navigation tree on
the OSMU. The OSS Management Tool window is displayed.
If the system prompts Security Warning, configure the parameters for the browser in
use by following instructions provided in 26.2.1 Setting Internet Explorer or 26.2.2
Setting Firefox.
2. In the OSS Management Tool main window, click General.
3. In the navigation tree in the left pane, choose Local FTP Server Settings. The Local
FTP Server Settings window is displayed.
4. Clear Disable Plain Mode.
5. Click Customize.
NOTE
It takes about 2 minutes for the settings to take effect.

U2000
Step 3 Start U2000 services.

Step 4 If an emergency system is configured, perform the following operations to enable the SFTP
mode on the emergency system server. If no emergency system is configured, go to Step 5.
1. Use PuTTY to log in to the active server as user ossuser in SSH mode. For details, see
26.1.1 Logging In to the Board by Using PuTTY.
~> su - root
3. Run the following commands to check for emergency systems associated with the
current U2000 server on which you are performing operations:
# emgproxy_adm -c status
– If no command output is displayed, no associated emergency system exists. When

this occurs, go to Step 5.
– If the command output similar to the following is displayed, an associated
emergency system exists.
IP Address of the Emergency Disaster Recovery Server = 192.168.128.162
Service Port of the Emergency Disaster Recovery Server = 31688
4. Run the following command on the U2000 server to synchronize the data from the
When the system displays The synchronization succeeded.............................[100.0%],

data synchronization is complete.
5. Use PuTTY to log in to the emergency system server as user ossuser in SSH mode. For
You can perform the following operation to query the external IP address for the
Use a browser to log in to the OSMU server, and choose Device Management >
Hardware Device > Board from the navigation tree in the left pane of the OSMU
window. The external IP address for the board whose Cluster Name is ESCluster is the
external IP address for the emergency system server.
NOTICE
If multiple emergency system instances are deployed, the value of Cluster Name for
each emergency system is unique, for example, ESCluster#2. Select an emergency
system according to the actual requirements.

~> su - root

U2000
When the system displays the following information, type the password of user ftpuser,
and then press Enter.
FTP mode is disabled on the emergency system server. When this occurs, perform the
following steps to enable the plaintext FTP mode on the emergency system server.
Otherwise, go to Step 5.
8. Press Enter for multiple times. After the ftp> prompt is displayed, run the following
command to exit from the FTP connection:
ftp> bye
9. Run the following command to freeze data synchronization between the U2000 system
and the emergency system:
# emgsys_adm -o resmgr -c freeze

10. Run the following commands to enable the plaintext FTP mode on the emergency
system server:
# cd /opt/oss/server/3rdTools/ftp/files
# ./setSSLForFtpSvr.sh enablePlainFtp
11. Run the following command to unfreeze data synchronization between the U2000
system and the emergency system:
# emgsys_adm -o resmgr -c unfreeze

If the FTP connection is set up, the plaintext FTP mode is enabled on the emergency
system server. Otherwise, contact Huawei technical support.
Step 5 Perform the following operations to set the transfer mode between the U2000 client and
server to the plaintext FTP mode.
2. Choose System > Preferences(traditional style) or File > Preferences (application
style). In the displayed Preferences dialog box, choose OSS Client/OSS Server File
Transfer Settings from the navigation tree in the left pane. Open the window for setting
file transfer parameters between the U2000 client and server.
3. Set FTP Mode to FTP.
– Optional functions include Resumable Transfer, Compress, and Passive Mode. If
Passive Mode is not selected, files will be transferred in active mode by default.

U2000
– Network timeout(5-3600)s indicates the timeout duration for setting up an FTP

connection. The value of this parameter ranges from 5 seconds to 3600 seconds.
4. Click OK for the settings to take effect.
Step 6 Change the FTP transmission mode of the NEs managed by the U2000 to the plaintext FTP
mode on the U2000 client or the LMT.
On the U2000 client, choose Maintenance > MML Command. The MML Command
window is displayed. Set the MML commands. For details, see Running MML Commands in
U2000 Software and Hardware Management User Guide.
The MML commands are as follows:
l SET FTPSCLT
This command is used to set the transfer mode of an FTP client (NE).
l LST FTPSCLT
This command is used to query the transfer mode of an FTP client (NE).
NOTE
l For details about the MML commands, see the MML command reference of the related NE.
l On the CGPOMU, the command for setting the FTP transfer mode (SET FTPPRTL) and the
command for querying the FTP transfer mode (LST FTPPRTL) are different from those on other
NEs.
----End
7.4.4 Configuring the FTP Mode Between an NE and the U2000

This section describes how to configure the FTP transmission policy when an NE functions as
the FTP server and the U2000 functions as the FTP client. Files are transferred in plaintext
FTP mode or FTP over SSL (FTPS) mode between the U2000 and NEs. By default, the
adapter mode is used. When the FTP mode is set to FTPS on the FTP server, the FTP mode
on the U2000 functioning as the FTP client must be set to FTPS accordingly.
Procedure
Step 1 Set the FTP mode to FTPS on the NE.
For details, see the related NE guide.
Step 2 Set the FTP mode to FTPS on the U2000.
2. Set the FTP mode to Adapter Mode.
For details, see Setting the FTP Policy Between an NE and the U2000 in U2000 Data
Management User Guide.
----End
7.4.5 Configuring the SFTP for Actively Transferring Files over

the Northbound Interface (Public and Private Keys)
When the U2000 server actively uploads files to the NMS over the northbound interface, the
U2000 server functions as an FTP client and the NMS functions as an FTP server. To ensure

U2000
data security during file transmission, you can set the SFTP encryption mode. If the U2000
server is upgraded to V200R015C00 or a Later Version, please reconfigure the SFTP for
actively transferring files over the northbound interface according to this chapter.
Prerequisites
l Use PuTTY to log in to the U2000 server in SSH mode as user ossuser. For an advanced
telecommunications application environment (ATAE) cluster system, you have logged in
to each server in the U2000 cluster.
l You have logged in to the NMS server as user UserA.
UserA is the NMS server user. Replace it as required.
Context
l To set up an SFTP connection using public or private key authentication, save the U2000
server's public key file in the authorized_keys file of the related NMS server user. The
system performs authentication using the U2000 server's private key and the U2000
server's public key stored on the NMS server. After the authentication is successful, the
SFTP connection is set up successfully. The U2000 server is not required to provide the
NMS login password.
l The public and private key authentication files can be encrypted or not. For encrypted
public and private key authentication files, set the password. If you forget the password,
all public and private key authentication files must be generated again, and the new files
will replace the existing files.
l Unless otherwise specified, perform the following operations on each server:
NOTE
l XFTPService0X01 indicates the XFTP service name of the U2000 server. Replace it as
required.
l For an ATAE cluster system, the service is deployed on the master and slave servers. The
service name for the master server is XFTPService0101. The service name for the first slave
server is XFTPService0201. The service name for the second slave server is
XFTPService0301. This method applies to the service names for other servers.
l When the XFTP service uploads files in FTP mode:
– If the northbound server runs the Linux or Unix operating system, use the vsftpd
software whose version is 2.0.5 or later.
– If the northbound server runs the Windows operating system, use the ftpserver
service delivered with the system.
Procedure
Step 1 Public and private key files are generated on the U2000.
Generate encrypted Only perform Step 1.1 to Step 1.4.

public and private key
files

U2000
Generate non-encrypted Only perform Step 1.5 to Step 1.8.

public and private key
files
1. Run the following command on the U2000 server to check whether the .ssh directory
exists in the home directory.
~> cd /export/home/omc/.ssh/
– If No such file or directory is displayed, the .ssh directory is unavailable in the

home directory. Perform Step 1.3 after running the following command:
~> mkdir -p /export/home/omc/.ssh/
– If no command result is displayed, the .ssh directory is available in the home
directory. Perform Step 1.2.
2. Run the following command to check whether the id_rsa_pwd.pub file exists.
~> ls id_rsa_pwd.pub
– If the system displays id_rsa_pwd.pub: No such file or directory, perform Step

1.3 to create a public key file.
– If the system displays id_rsa_pwd.pub, perform Step 2.
3. Run the following command to create encrypted public and private key files.
~> . /opt/oss/server/rancn/bin/ssh-keygen.sh
If the system displays the following message, enter 1 to create encrypted public and
private key files.
------------------------------------------------------------------
Please select an operation type:
1--Generate PubKey File with Encrypt Key.
2--Generate PubKey File without Encrypt Key.
------------------------------------------------------------------
Please make a choice : 1
If the system displays the following message, enter /export/home/omc/.ssh/

id_rsa_pwd.
Generating public/private rsa key pair.
Enter file in which to save the key (/export/ossuser/.ssh/id_rsa):
If the following message is displayed, enter the password twice. When ~> is displayed,
the encrypted public key file is generated.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

U2000
NOTICE
– Keep the password for future use. If the password is lost, all public and private key
files must be generated again, and the new files will replace the existing files.
– The password can contain 8 to 30 characters, including lowercase letters a to z,
uppercase letters A to Z, digits 0 to 9, and special characters ]@%-=_.}{. To
improve password security, please use the following password policies:
n The password contains at least one uppercase letter.
n The password contains at least one lowercase letter.
n The password contains at least one digit.
n The password contains at least one special character.
4. Run the following commands to modify permission of the public key file.
~> chmod 600 id_rsa_pwd.pub

5. Run the following command on the U2000 server to check whether the .ssh directory
exists in the home directory.
~> cd ${HOME}/.ssh/

home directory. After running the following command, perform Step 1.7.
~> mkdir -p ${HOME}/.ssh/
– If no command output is displayed, the .ssh directory is available in the home
NOTE
The ${HOME} parameter indicates the home directory of user ossuser.

6. Run the following command to check whether the id_rsa file exists.
~> ls id_rsa
– If the system displays id_rsa: No such file or directory, perform Step 1.7 to create
public and private key files.
– If the system displays id_rsa, perform Step 2.
7. Run the following command to create non-encrypted public and private key files.
~> . /opt/oss/server/rancn/bin/ssh-keygen.sh
If the system displays the following message, enter 2 to create non-encrypted public and
private key files.
------------------------------------------------------------------
Please select an operation type:
1--Generate PubKey File with Encrypt Key.
2--Generate PubKey File without Encrypt Key.
------------------------------------------------------------------
Please make a choice : 2
If the system displays information similar to the following, the non-encrypted public key
file has been created successfully:

U2000
Generating public/private rsa key pair.

Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
8. Run the following commands to modify permission of the public key file.
~> cd ${HOME}/.ssh/
~> chmod 600 id_rsa.pub
Step 2 Enable public key authentication on the NMS.

1. Log in to the NMS server as user UserA. Run the cd ${HOME}/.ssh/ command to check
whether the .ssh directory exists in the home directory.
home directory. After running the mkdir -p ${HOME}/.ssh/ command, perform
Step 2.2.
– If no command result is displayed, the .ssh directory is available in the home
NOTE
The ${HOME} parameter indicates the home directory of user UserA.

2. Run the ls authorized_keys command to check whether the authorized_keys file exists.
– If the system displays authorized_keys: No such file or directory, run the touch
authorized_keys command to create the authorized_keys file. Then, perform Step
2.3.
– If the system displays authorized_keys, proceed to Step 2.3.
3. Copy the content of the id_rsa.pub or id_rsa_pwd.pub file on the U2000 server to the
authorized_keys file on the NMS server.
NOTICE
– For a non-encrypted public key file, copy the id_rsa.pub file's content.
If the id_rsa.pub file does not exist, copy the ${HOME}/.ssh/authorized_keys file's
content on the U2000 server.
– For an encrypted public key file, copy the id_rsa_pwd.pub file's content.
a. Run the cat id_rsa.pub or cat id_rsa_pwd.pub command on the U2000 server.
The content of the id_rsa.pub or id_rsa_pwd.pub file is displayed.
b. Run the vi command on the NMS server to write the content of the id_rsa.pub or
id_rsa_pwd.pub file into the authorized_keys file.
NOTICE
– The content to be written into the authorized_keys file cannot contain any line feed.
If any line feed exists, delete it.
– If the authorized_keys file contains any other data, perform a line feed operation.
Then, write the content.

U2000
4. Run the vi command to modify the /etc/ssh/sshd_config file and configure SFTP
parameters on the NMS server.
# su - root
Password: Password of user root
# vi /etc/ssh/sshd_config
Table 7-3 lists the parameters to be configured.
Table 7-3 Parameters to be configured for the SFTP

Parameter Value
RSAAuthentication yes
PubkeyAuthentica- yes
tion
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentica- yes/no. This parameter specifies whether the password

tion authentication is used when the authentication of the public
key and private key fails. You are advised to set this
parameter to yes.
– yes: password authentication is used.
– no: password authentication is not used.

U2000
Parameter Value
MaxStartups Number of concurrent connections.

The calculation method is as follows:
1. Run the following command to query the number of the
SFTP tasks deployed on the U2000 server:
n If the installed U2000 server software is a Chinese
edition, run the following command:
# vi /opt/oss/server/etc/XFTPService/locale/zh_CN/
TaskInfoCache.xml
n If the installed U2000 server software is an English
# vi /opt/oss/server/etc/XFTPService/locale/en_US/
TaskInfoCache.xml
......
<ftpset>
<dest>10.10.10.10</dest>
<localpath......
<localpath......
</ftpset>
......
The preceding command output is used as an example.

10.10.10.10 indicates the IP address of the northbound
server, and each localpath value corresponds to a task.
Record the number of tasks and enter :q! to exit the vi
editor.
2. Run the following command to query the number of
threads occupied by the SFTP tasks:
# cat /opt/oss/server/etc/XFTPService/
ModuleParam.xml |grep TaskThreadNum
<param name="TaskThreadNum">10</param>
The preceding command output is used as an example. 10

indicates the number of threads occupied by the SFTP
tasks. Record the number of threads.
3. The number of concurrent connections is obtained by
multiplying the number of tasks by the number of
occupied threads.
NOTE
If you change the number of SFTP tasks, you must change the
number of concurrent connections at the same time.
5. Perform the following operations on the NMS server to check the SFTP service status.

U2000
If... Then...
The NMS server is The # ps -ef | grep sshd | grep -v grep

running Solaris OpenS root 27748 1 0 Dec 25 ?
2:13 /usr/local/sbin/sshd
SH has root 21923 27748 0 11:11:31 ?
been 0:02 /usr/local/sbin/sshd -R
installe
– If the command output contains /usr/local/sbin/
d
sshd, the SFTP service is running. Run the
Run the following command to restart the SFTP service:
pkginf
# /etc/init.d/opensshd restart
o
OpenS – If no command output is displayed, the SFTP
SH service has not started. Run the following
comma command to start the SFTP service:
nd, and # /etc/init.d/opensshd start
the
followi
ng
comma
nd
output
is
display
ed:
Securit
y
OpenSSH
OpenSSH
Portabl
e for
Solaris

U2000
If... Then...
No # svcs -a | grep ssh

OpenS online 17:27:13 svc:/network/
ssh:defaul
SH has
been – If the command output contains online, the SFTP
installe service is running. Run the following command
d to restart the SFTP service:
Run the # svcadm restart svc:/network/ssh:default
pkginf – If the command output contains disabled, the
o SFTP service has not started. Run the following
OpenS command to start the SFTP service:
SH
comma # svcadm enable svc:/network/ssh:default
nd, and
the
followi
ng
comma
nd
output
is
display
ed:
ERROR:
informa
tion
for
"OpenSS
H" was
not
found
The NMS server is running # service sshd status

SUSE Linux Checking for service
sshd running
– If the command result contains running, the

SFTP service is running. Run the following
command to restart the SFTP service:
# service sshd restart
– If the command result does not contain running,
the SFTP service is disabled. In this case, contact
The NMS server is running Contact Huawei technical support.

any other OS
Step 3 If you use encrypted public and private key authentication files, perform Step 4. If you use
non-encrypted public and private key authentication files, perform Step 4.
1. Run the following command on the U2000 server to query the password for encrypting
the private key.

U2000
~> XFTPPasswdEncrypt
When the following information is displayed, enter the encryption password twice.
Please Enter Password :
Please Re-enter Password :
NOTICE
– The encryption password must be the same as that in Step 1.3.
– Keep the encryption password for future use. If the encryption password is lost, all
public and private key files must be generated again, and the new files will replace
the existing files.
The following information is displayed. d67A29C93775A68AE21DDAF1052EBBD1 is

the encryption password.
Success. Encrpt passwd :d67A29C93775A68AE21DDAF1052EBBD1
~>
2. Use the Vi command to change the values of IsSupportEncrpt, PrivateExKeyFile, and

EncrptKey in the ModuleParam.xml file.
This operation must be performed on each server where the XFTPService0X01 service is
deployed.
~> cd /opt/oss/server/etc/XFTPService
~> vi ModuleParam.xml

IsSupportEncrpt Change the value to 1, indicating that the encryption

password transfer mode is supported.
PrivateExKeyFile Set this parameter to the absolute path where the

public key file generated in Step 1.3 is saved, for
example, /export/home/omc/.ssh/id_rsa_pwd.
EncrptKey Enter the queried encryption password, for example,

d67A29C93775A68AE21DDAF1052EBBD1.
3. Run the following command to check whether the config file exists:
~> cd ${HOME}/.ssh/
home directory. After running the following command. Perform the following steps.
~> mkdir -p ${HOME}/.ssh/
– If no command output is displayed, the .ssh directory is available in the home
directory. Perform the following steps.
~> ls config

U2000
NOTE
The ${HOME} parameter indicates the home directory of user ossuser.

– If config:No such file or directory is displayed, the config file does not exist.
Perform Step 3.4 after running the following command:
~> touch ${HOME}/.ssh/config
~> chmod 600 ${HOME}/.ssh/config
– If config is displayed, the config file exists. Proceed to Step 3.4.
4. Run the vi command to add the following contents to the config file:
~> cd ${HOME}/.ssh
~> vi config
IdentityFile /export/home/omc/.ssh/
id_rsa_pwd
IdentityFile ~/.ssh/id_rsa
NOTE
If the config file contains the preceding information, you do not need to modify the config file.
Step 4 Run the Vi command on the U2000 server to change the value of DefaultFTPType in the
ModuleParam.xml file.
deployed.
Search for the DefaultFTPType parameter and change the value to 1.
NOTE
If DefaultFTPType is set to 1, the SFTP encryption mode is used. If DefaultFTPType is set to 0, the
plaintext FTP mode is used.
To change the SFTP encryption mode to the plaintext FTP mode, change the value of DefaultFTPType
to 0 and restart the XFTPService0X01 service.
Using the plaintext FTP mode has security risks, It is recommended that you use the SFTP mode.
<GeneralParams>
…
<param name="DefaultFTPType">1</param>
…
</GeneralParams>
Step 5 Run the following command on the U2000 server to restart the XFTPService0X01 service to
make the modification take effect.
deployed.
~> svc_adm -cmd status | grep XFTP
You can obtain the service name of XFTPService0X01 for the server on which the current
operation is performed from the command output. XFTPService0X01 is used as an example.
Replace it as required.

U2000
~> svc_adm -cmd restartsvc XFTPService0X01
Step 6 Run the following command on the U2000 server to view the XFTPService0X01 service
status.
deployed.
l If the XFTPService0X01 service is in the running state in the command output, the
service is running properly.
l If the XFTPService0X01 service is in the not running state in the command output, the
service is not started. When this occurs, contact Huawei technical support.
Step 7 Perform the following operations on the U2000 client to configure FTP server information:
2. Choose Software > FTP Auto Upload Management > Target Server Settings
(traditional style); alternatively, double-click System Management in Application
Center and choose Settings > FTP Auto Upload Management > Target Server
Settings (application style).
In the Target Server Setting window, the configured FTP server information is
displayed.
3. Select an FTP server whose information needs to be configured and click Add.
4. Set the FTP server parameters, as described in Table 7-5.
Table 7-5 Parameters in the Target Server Setting window

Module The module type consists of NBI FM, NBI CM, NBI PM, NBI
Type/ Inventory, CME NBI, CME NCCDM, License Management, NBI
Module Server Backup, NBI Log, EBC Counter, EBC Data, and LTE Trace
Name Data. A module name indicates that the configured FTP server is used
to transfer the files corresponding to the modules in the U2000. For
example, if the module name is northbound alarm, it indicates that the
configured FTP server is used to transfer the files of northbound alarm
modules in the U2000 server.
Server IP IP address of the FTP server
User Name User name used to log in to the FTP server.
Password Password used to log in to the FTP server.
Confirm Enter the password again that is used to log in to the FTP server.
Password

U2000
Server Directory for storing a file after it is transferred to the FTP server.
Directory The directory name cannot contain the following special characters:
colon (:), asterisk (*), question mark (?), quotation mark ("), less than
(<), greater than (>), and vertical bar (|).
NOTE
When you log in to the U2000 server as user ftpuser, ensure that the server
directory starts with "/export/home/sysm", for example, "/export/home/sysm/
ftproot".
Source Directory for storing the LTE Trace Data need to be uploaded.
Directory NOTE
This parameter only can be configured when you modify or add a FTP server
whose Module Name is LTE Trace Data.
File Whether to compress a file before transferring it.

Compressio – NONE: Transfer a file without compressing it.
n Type
– ZIP: Transfer a file after compressing it.
5. Click OK. The configuration setting is completed.
The added parameters are saved and displayed in the Target Server Setting window.
6. Choose Software > FTP Auto Upload Management > File Upload Browser
Center and choose Settings > FTP Auto Upload Management > File Upload Browser
(application style) to check the status of the files to be uploaded.
The files to be uploaded and files that fail to be uploaded are displayed in the Upload
File Browser window.
----End
7.4.6 Configuring the SFTP for Actively Transferring Files over

the Northbound Interface (Password Authentication)
When the U2000 server actively uploads files to the NMS over the northbound interface, the
U2000 server functions as an FTP client and the NMS functions as an FTP server. To ensure
data security during file transmission, users can set the SFTP encryption mode.
Prerequisites
l Use PuTTY to log in to the U2000 server in SSH mode as user ossuser.For an advanced
telecommunications application environment (ATAE) cluster system, you have logged in
to each server in the U2000 cluster.
l You have logged in to the NMS server as user UserA.
UserA is an NMS server user. Replace it as required.
Context
l When the password authentication is used, the password for logging in to the NMS
server is required to set up an SFTP connection.

U2000
l Unless otherwise specified, perform the following operations on each U2000 server:
NOTE
XFTPService0X01 indicates the XFTP service name of the U2000 server. Replace it as required.
For an ATAE cluster system, the XFTP service is deployed on the master and slave servers, and
the service name for the master server is XFTPService0101. The service name for the first slave
server is XFTPService0201. The service name for the second slave server is XFTPService0301.
This method applies to the service names for other servers.
l When the XFTP service uploads files in FTP mode:
– If the northbound server runs the Linux or Unix operating system, use the vsftpd
software whose version is 2.0.5 or later.
– If the northbound server runs the Windows operating system, use the ftpserver
service delivered with the system.
Procedure
Step 1 Run the vi command to modify the /etc/ssh/sshd_config file and configure SFTP parameters
on the NMS server.
su - root
Password: Password of user root
# vi /etc/ssh/sshd_config
Table 7-6 lists the parameters to be configured.
Table 7-6 Parameters to be configured for the SFTP

Parameter Value
PasswordAuthentica- yes/no. Set this parameter to yes.

tion l yes: password authentication is used.
l no: password authentication is not used.

U2000
Parameter Value
MaxStartups Number of concurrent connections.

The calculation method is as follows:
1. Run the following command to query the number of the SFTP
tasks deployed on the U2000 server:
– If the installed U2000 server software is a Chinese edition,
run the following command:
# vi /opt/oss/server/etc/XFTPService/locale/zh_CN/
TaskInfoCache.xml
– If the installed U2000 server software is an English
# vi /opt/oss/server/etc/XFTPService/locale/en_US/
TaskInfoCache.xml
......
<ftpset>
<dest>10.10.10.10</dest>
<localpath......
<localpath......
</ftpset>
......
The preceding command output is used as an example.

10.10.10.10 indicates the IP address of the northbound server,
and each localpath value corresponds to a task. Record
the number of tasks and enter :q! to exit the vi editor.
2. Run the following command to query the number of threads
occupied by the SFTP tasks:
# cat /opt/oss/server/etc/XFTPService/ModuleParam.xml
|grep TaskThreadNum
<param name="TaskThreadNum">10</param>
The preceding command output is used as an example. 10

indicates the number of threads occupied by the SFTP tasks.
Record the number of threads.
3. The number of concurrent connections is obtained by
multiplying the number of tasks by the number of occupied
threads.
NOTE
If you change the number of SFTP tasks, you must change the number of
concurrent connections at the same time.
Step 2 Perform the following operations on the NMS server to check the SFTP service status.

U2000
If... Then...
The NMS server is The # ps -ef | grep sshd | grep -v grep

running Solaris OpenSS root 27748 1 0 Dec 25 ?
2:13 /usr/local/sbin/sshd
H has root 21923 27748 0 11:11:31 ?
been 0:02 /usr/local/sbin/sshd -R
installed
l If the command output contains /usr/local/sbin/
Run the sshd, the SFTP service is running. Run the
pkginfo following command to restart the SFTP service:
OpenSS
# /etc/init.d/opensshd restart
H
comman l If no command output is displayed, the SFTP
d, and service has not started. Run the following command
the to start the SFTP service:
followin # /etc/init.d/opensshd start
g
comman
d output
is
displaye
d:
Securit
y
OpenSSH
OpenSSH
Portabl
e for
Solaris

U2000
If... Then...
No # svcs -a | grep ssh

OpenSS online 17:27:13 svc:/network/ssh:defaul
H has l If the command output contains online, the SFTP
been service is running. Run the following command to
installed restart the SFTP service:
Run the # svcadm restart svc:/network/ssh:default
pkginfo
l If the command output contains disabled, the SFTP
OpenSS
service has not started. Run the following command
H
to start the SFTP service:
comman
d, and # svcadm enable svc:/network/ssh:default
the
followin
g
comman
d output
is
displaye
d:
ERROR:
informa
tion
for
"OpenSS
H" was
not
found
The NMS server is running # service sshd status

SUSE Linux Checking for service sshd
running
l If the command result contains running, the SFTP

service is running. Run the following command to
restart the SFTP service:
# service sshd restart
l If the command result does not contain running, the
SFTP service is disabled. In this case, contact
The NMS server is running any Contact Huawei technical support.

other OS
Step 3 Perform the following operations on the U2000 server to change the value of the
DefaultFTPType parameter in the ModuleParam.xml file.
deployed.
Search for the DefaultFTPType parameter and change the value to 1.

U2000
NOTE
If DefaultFTPType is set to 1, the SFTP encryption mode is used. If DefaultFTPType is set to 0, the
plaintext FTP mode is used.
To change the SFTP encryption mode to the plaintext FTP mode, change the value of DefaultFTPType
to 0 and restart the XFTPService0X01 service.
<GeneralParams>
…
<param name="DefaultFTPType">1</param>
…
</GeneralParams>
Press Esc and run the :wq command to save the file and exit the vi editor.
Step 4 Run the following command on the U2000 server to restart the XFTPService0X01 service to
make the modification take effect.
deployed.
You can obtain the service name of XFTPService0X01 for the server on which the current
operation is performed from the command output. XFTPService0X01 is used as an example.
~> svc_adm -cmd restartsvc XFTPService0X01
Step 5 Run the following command on the U2000 server to view the XFTPService0X01 service
status.
deployed.
l If the XFTPService0X01 service is in the running state in the command output, the
service is running properly.
l If the XFTPService0X01 service is in the not running state in the command output, the
service is not started. When this occurs, contact Huawei technical support.
Step 6 Perform the following operations on the U2000 client to configure FTP server information:
2. Choose Software > FTP Auto Upload Management > Target Server Settings
Center and choose Settings > FTP Auto Upload Management > Target Server
Settings (application style).
In the Target Server Setting window, the configured FTP server information is
displayed.
3. Select an FTP server whose information needs to be configured and click Add.
4. Set the FTP server parameters, as described in Table 7-7.

U2000
Table 7-7 Parameters in the Target Server Setting window

Module The module type consists of NBI FM, NBI CM, NBI PM, NBI
Type/ Inventory, CME NBI, CME NCCDM, License Management, NBI
Module Server Backup, NBI Log, EBC Counter, EBC Data, and LTE Trace
Name Data. A module name indicates that the configured FTP server is used
to transfer the files corresponding to the modules in the U2000. For
example, if the module name is northbound alarm, it indicates that the
configured FTP server is used to transfer the files of northbound alarm
modules in the U2000 server.
Server IP IP address of the FTP server
User Name User name used to log in to the FTP server.
Password Password used to log in to the FTP server.
Confirm Enter the password again that is used to log in to the FTP server.
Password
Server Directory for storing a file after it is transferred to the FTP server.
Directory The directory name cannot contain the following special characters:
colon (:), asterisk (*), question mark (?), quotation mark ("), less than
(<), greater than (>), and vertical bar (|).
NOTE
When you log in to the U2000 server as user ftpuser, ensure that the server
directory starts with "/export/home/sysm", for example, "/export/home/sysm/
ftproot".
Source Directory for storing the LTE Trace Data need to be uploaded.
Directory NOTE
This parameter only can be configured when you modify or add a FTP server
whose Module Name is LTE Trace Data.
File Whether to compress a file before transferring it.

Compressio – NONE: Transfer a file without compressing it.
n Type
– ZIP: Transfer a file after compressing it.
5. Click OK. The configuration setting is completed.

The added parameters are saved and displayed in the Target Server Setting window.
6. Choose Software > FTP Auto Upload Management > File Upload Browser
Center and choose Settings > FTP Auto Upload Management > File Upload Browser
(application style) to check the status of the files to be uploaded.
The files to be uploaded and files that fail to be uploaded are displayed in the Upload
File Browser window.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 8 Managing U2000 System Security
8 Managing U2000 System Security
About This Chapter
This section describes how to replace the encrypted key of the U2000 system, replace the SSL
certificate of OSS Management Tool, change the password of the OSS Management Tool's
private key file, and perform security hardening/unhardening for internal ports of the U2000
server.
8.1 Replacing the Encrypted Key of the U2000 System Sensitive Data
Sensitive data in the U2000 system includes the user password and key, certificate password
and key, and user's sensitive information, such as IMSI, IMEI, and MSISDN. This section
describes how to replace the encrypted key. To improve the security of sensitive data in the
U2000 system, you need to periodically replace the encrypted key. Otherwise, you do not
need to perform the operations.
8.2 Replacing the Root Key of the U2000 System Sensitive Data
describes how to replace the root key. To improve the security of sensitive data in the U2000
system, you need to periodically replace the root key. Otherwise, you do not need to perform
the operations.
8.3 Replacing the Encrypted Key of the OSS Management Tool Sensitive Data
This section describes how to replace the encrypted key. To improve the security of sensitive
data in the U2000 system, you need to periodically replace the encrypted key. Otherwise, you
do not need to perform the operations.
8.4 Replacing the Root Key of the OSS Management Tool Sensitive Data
This section describes how to replace the Root key. To improve the security of sensitive data
in the U2000 system, you need to periodically replace the Root key. Otherwise, you do not
8.5 Replacing the SSL Certificate of OSS Management Tool
The HTTPS service used by the OSS Management Tool depends on the SSL protocol. Digital
certificates are preconfigured during the installation of the U2000 server software by default.
To improve the security of the U2000 system, you are advised to use the certificates applied
from a recognized certificate authority to replace the preconfigured certificates. Otherwise,
you do not need to perform the operations. In the non-single-server system, the operation
needs to be performed only on the active node or master node.

U2000
8.6 Changing the Password of the OSS Management Tool's Private Key File
The HTTPS service used by the OSS Management Tool depends on the security socket layer
(SSL). To ensure security, the SSL uses the RSA encryption algorithm, which is based on a
private key file. To increase the system security of OSS Management Tool, you can change
the password of the OSS Management Tool's private key file. This section describes how to
change the password of the OSS Management Tool's private key file. In the ATAE cluster
system, the operation needs to be performed only on the master node. For an ATAE cluster
online remote HA system, you need to perform the following steps on the master node of both
active site and the standby site.
8.7 Changing the Maximum Login Attempts and Locking Duration for the OSS Management
Tool
To enhance the U2000 system security, by default, if you incorrectly enter the user name or
password for three consecutive times, the IP address for logging in to the OSS Management
Tool will be locked for 30 minutes. 30 minutes later, you are allowed to use the IP address to
log in again. You can customize the maximum number of login attempts and the maximum
lock duration for the OSS Management Tool based on the actual situation. In the non-single-
server system, you need to perform related operations only on the active server or master
server. For an ATAE cluster online remote HA system, you need to perform the following
steps on the active site.
8.8 Performing Security Hardening/Unhardening for Internal Ports of the U2000 Server
After the U2000 server is installed, you need to deploy a hardware firewall to reduce risks of
attacks on the U2000 server, improving security. If there is no hardware firewall, it is
recommended that you configure the OS firewall to perform security hardening on the internal
ports of the U2000 server to ensure its security.
8.9 Performing Security Hardening/Unhardening for U2000 Database Ports
After the U2000 database is installed, you need to deploy a hardware firewall to reduce risks
of attacks on the U2000 server, improving security. If there is no hardware firewall, it is
recommended that you configure the OS firewall to perform security hardening U2000
database ports to ensure its security.
8.10 Querying and Setting the Encryption Algorithm for Alarms Between the U2000 and
OSMU
This section describes how to query and set the encryption algorithm for alarms between the
U2000 and OSMU. In the ATAE cluster system, perform operations in this section only on the
master server. In the ATAE cluster online remote HA system, perform operations in this
section only on the master server at the active site.
8.11 Querying and Setting the Authentication Algorithm for the Heartbeats Between the
U2000 and OSMU
This section describes how to query and set the authentication algorithm for heartbeats
between the U2000 and OSMU. In the ATAE cluster system, perform operations in this
section on the master and standby servers. In the ATAE cluster online remote HA system,
perform operations in this section only on the master and standby servers at both the active
and standby sites.
8.12 Querying and Setting the SNMPv3-based Algorithms Used Between the U2000 and PRS
This section describes how to query and set the SNMPv3-based authentication and encryption
algorithms used between the U2000 and PRS. In a non-single-server system, perform
operations in this section on the master and standby servers.In the ATAE cluster online remote
HA system, perform operations in this section on the master and standby server at both the
active and standby sites.
8.13 Changing the OSS Private Key Password

U2000
This topic describes how to change the default OSS private key password in /opt/oss/
server/etc/ssl/ne/ltecertlist.xml file.
8.14 Disabling the SSLv3 Protocol Used on the U2000
By default, the U2000 supports both SSL and TLS protocols for communication with other
devices. TLS protocols are more secure. Therefore, you are advised to disable SSL protocols
and use only TLS protocols. You can use the methods described in this section to disable the
SSLv3 protocol, improving the U2000 security.
8.15 Disabling the TLSv1.0 Protocol
By default, when the client (the U2000 client or the device communicating with the U2000
server) connects to the U2000 server, or the U2000 server connects to other servers, the
U2000 server supports the SSLv3 and TLS protocols. The SSLv3 and TLSv1.0 protocols are
insecure. TLSv1.1 and later are recommended instead of the SSLv3 and TLSv1.0 protocols,
improving U2000 security. This section describes how to disable the TLSv1.0 protocol.
8.16 Enabling/Disabling Proxy Service ACL
This section describes how to enable or disable the proxy service ACL function.
8.17 Configuring the DH Key Length for DS Services
The DH key length can be set to 2048 for a DS service. The default DH key length is 1024.
Increasing the DH key length can enhance security. Set the DH key length as required.

U2000
8.1 Replacing the Encrypted Key of the U2000 System

Sensitive Data
describes how to replace the encrypted key. To improve the security of sensitive data in the
U2000 system, you need to periodically replace the encrypted key. Otherwise, you do not
Prerequisites
Use PuTTY to log in to the U2000 master service board as user ossuser in SSH mode.
Context
If MBB backhaul device management components have been installed on the U2000, contact
Huawei technical support engineers before you perform this operation.
Procedure
Step 1 Stop the U2000 services.
Check the status of the U2000 services by following the instructions provided in 4.1
Checking the U2000 Service Status. If the U2000 services have been started, stop them by
following the instructions provided in 4.6 Stopping U2000 Services.
Step 2 Run the following command to replace the encrypted key of the U2000 system sensitive data:
~> crypto_cfgtool -cmd modify

Warning: Make sure that OSS data (data in the database and files in OSS
directories) has been fully backed up.
You can use the backup to restore the data if the command fails to be run.
When the system displays the following information, type yes and press Enter:
To continue, enter "yes". To exit, enter other characters: yes
When information similar to the following is displayed, the encrypted key is replaced
successfully:
Cipher key changed successfully.
Step 3 Start the U2000 services by following the instructions provided in 4.5 Starting U2000
Services.
----End
Follow-up Procedure
l If the U2000 system is configured with the Trace Server independently deployed in the
ATAE cluster system, you also need to replace the encrypted key of the Trace Server. For
details, see section Replacing the Private Key of the Trace Server in U2000 Trace
Server User Guide (ATAE Cluster, Standalone).

U2000
l If the U2000 system is configured with the Trace Server independently deployed on an
HP server, you need to update the material file of the Trace Server. For details, see
section Updating the Material File on the Trace Server in U2000 Trace Server User
Guide (HP, Standalone).
l If the U2000 system is configured with the HAMonitor, you must install the HAMonitor
again to monitor the U2000 after the key is replaced. For details, see chapter
HAMonitor in U2000 OSMU User Guide.
8.2 Replacing the Root Key of the U2000 System Sensitive

Data
describes how to replace the root key. To improve the security of sensitive data in the U2000
system, you need to periodically replace the root key. Otherwise, you do not need to perform
the operations.
Prerequisites
Use PuTTY to log in to the U2000 master service board as user ossuser in SSH mode.
Context
If MBB backhaul device management components have been installed on the U2000, contact
Huawei technical support engineers before you perform this operation.
Procedure
Check the status of the U2000 services by following the instructions provided in 4.1
Checking the U2000 Service Status. If the U2000 services have been started, stop them by
following the instructions provided in 4.6 Stopping U2000 Services.
Step 2 Run the following command to replace the root key of the U2000 system sensitive data:
~> crypto_cfgtool -cmd modifyRootKey
When information similar to the following is displayed, the root key is replaced successfully:
Root key changed successfully.
Step 3 Start the U2000 services by following the instructions provided in 4.5 Starting U2000
Services.
----End
Follow-up Procedure
l If the U2000 system is configured with the Trace Server independently deployed in the
ATAE cluster system, you also need to replace the encrypted key of the Trace Server. For
details, see section Replacing the Private Key of the Trace Server in U2000 Trace
Server User Guide (ATAE Cluster, Standalone).

U2000
8.3 Replacing the Encrypted Key of the OSS Management

Tool Sensitive Data
This section describes how to replace the encrypted key. To improve the security of sensitive
data in the U2000 system, you need to periodically replace the encrypted key. Otherwise, you
do not need to perform the operations.
Procedure
Step 1 Use PuTTY to log in to the U2000 master service board service as user ossuser in SSH mode.
For detailed operations, see .
~> su - root
Step 3 Run the following command to replace the encrypted key of the OSS Management Tool
sensitive data:
# /opt/OSMU/omc_control/update_config.sh modify
When information similar to the following is displayed, the encrypted key is replaced
successfully:
The Operation Succeeded.
Step 4 Run the following commands to synchronize the result to the standby node. If the U2000
system does not have a standby node, ignore this operation.
# scp -pr /opt/OSMU/omc_control/etc/conf/crypto.cfg Private IP address of the standby
node:/opt/OSMU/omc_control/etc/conf/crypto.cfg
# scp -pr /opt/OSMU/omc_control/etc/conf/rootkey.cfg Private IP address of the standby
node:/opt/OSMU/omc_control/etc/conf/rootkey.cfg
----End
8.4 Replacing the Root Key of the OSS Management Tool

Sensitive Data
This section describes how to replace the Root key. To improve the security of sensitive data
in the U2000 system, you need to periodically replace the Root key. Otherwise, you do not
Procedure
Step 1 Use PuTTY to log in to the U2000 master service board service as user ossuser in SSH mode.
For detailed operations, see .
~> su - root

U2000
Step 3 Run the following command to replace the Root key of the OSS Management Tool sensitive
data:
# /opt/OSMU/omc_control/update_config.sh modifyRootKey
When information similar to the following is displayed, the Root key is replaced successfully:
The Operation Succeeded.
# scp -pr /opt/OSMU/omc_control/etc/conf/crypto.cfg Private IP address of the standby
node:/opt/OSMU/omc_control/etc/conf/crypto.cfg
# scp -pr /opt/OSMU/omc_control/etc/conf/rootkey.cfg Private IP address of the standby
node:/opt/OSMU/omc_control/etc/conf/rootkey.cfg
----End
8.5 Replacing the SSL Certificate of OSS Management

Tool
The HTTPS service used by the OSS Management Tool depends on the SSL protocol. Digital
certificates are preconfigured during the installation of the U2000 server software by default.
To improve the security of the U2000 system, you are advised to use the certificates applied
from a recognized certificate authority to replace the preconfigured certificates. Otherwise,
you do not need to perform the operations. In the non-single-server system, the operation
needs to be performed only on the active node or master node.
Prerequisites
l The OSS Management Tool is working properly.
l The new SSL certificates have been prepared. Certificates contain rootcert.pem, server-
key.pem, and server-cert.der.
NOTE
l The OSS Management Tool does not support certificates encoded in der format. Make sure
that the encoding format of the 3 certificates is pem.
l You must obtain the three certificates. rootcert.pem is the trust certificate, server-key.pem is
the key of the device certificate, and server-cert.der is the device certificate.
l If the private key file of the device certificate is set with a password, obtain the password.
Procedure
Step 1 Upload the SSL certificate to the U2000 server by using the FileZilla tool.
For details about how to use the FileZilla tool, see 26.1.12 Transferring Files by Using
FileZilla. The configuration information required for uploading the files is as follows:

U2000
l User and password: ossuser user and its password

l Directory of files on the server: /opt/OSMU/omc_control/
Step 2 Use PuTTY to log in to the U2000 server in SSH mode as user ossuser.

~> su - root
Step 4 Run the following commands to back up the old certificate directory and the configuration
file.
# cp -pr /opt/OSMU/omc_control/cert /opt/OSMU/omc_control/cert.bak
# cp -pr /opt/OSMU/omc_control/Junction/settings.py /opt/OSMU/omc_control/

settings.py.bak
Step 5 Run the following commands to delete the old certificates.
# cd /opt/OSMU/omc_control/cert
# rm *.pem *.der
Step 6 Run the following commands to copy the new certificates to the target directory.
# cp -pr /opt/OSMU/omc_control/rootcert.pem /opt/OSMU/omc_control/cert
# cp -pr /opt/OSMU/omc_control/server-key.pem /opt/OSMU/omc_control/cert
# cp -pr /opt/OSMU/omc_control/server-cert.der /opt/OSMU/omc_control/cert
Step 7 Run the following commands to modify the password of the OSS Management Tool private
key file:
# cd /opt/OSMU/omc_control
# ./modify_pem_passvalue.sh
Enter pass phrase for server-key.pem:old password
writing RSA key Enter PEM pass phrase:new password
Verifying - Enter PEM pass phrase:new password
When The Operation Succeeded. is displayed by the system, the password of the
OSS Management Tool's private key file is modified successfully.

U2000
NOTE
l If the private key file for the device certificate is not set with a password, press Enter when you
enter the old password.
l The password contains 8 to 32 characters, including digits from 0 to 9, uppercase and lowercase
letters and special characters ]%@-=_.}{. To enhance password security, please use the
following password policies:
– The password contains at least one uppercase letter.
– The password contains at least one lowercase letter.
– The password contains at least one digit.
– The password contains at least one special character.
l When The code you enter twice must be same.Do you want to re-enter
it again? Y/N: is displayed, the entered passwords are inconsistent. In such case, type Y or y
and enter the password again.
l When The PEM pass phrase change is failure. is displayed, the OSS
Management Tool's private key file fails to be modified. In such case, perform this step to modify
the OSS Management Tool's private key file again. If The PEM pass phrase change is
failure. is displayed again, contact Huawei technical support engineers.
Step 8 If you want to enable SSL bidirectional authentication between the OSS Management Tool
server and client, perform this step. Otherwise, skip this step.
1. In the configuration file /opt/OSMU/omc_control/nginx.conf of the OSS Management
Tool server, set ssl_verify_client to on.
NOTE
ssl_verify_depth specifies the length of the certificate trust chain. If the client certificate delivered
with the server is used, retain the default value 2. If a customer's certificate is used, set this
parameter as needed.
server {
127.0.0.1:31123;
server_name localhost;
add_header X-Frame-Options SAMEORIGIN;
ssl on;
ssl_certificate ../../cert/server-cert.der;
ssl_certificate_key ../../cert/server-key.pem;LF
ssl_certificate_key_password
@WD3077272C8D2974904255ABF679AC7F8DF805F39E82D7E5E740792D;
ssl_client_certificate ../../cert/rootcert.pem;
ssl_verify_client on;
ssl_verify_depth 2;
2. Download the client certificate ClientCA.pfx in the /opt/OSMU/omc_control/cert/

directory on the OSS Management Tool server to the PCs that will be used to log in to
the web-based OSS Management Tool by using FileZilla tool. For detailed operations,
see 26.1.12 Transferring Files by Using FileZilla.

U2000
NOTICE
– After SSL bidirectional authentication is enabled, you need to perform the following
operations to load the client certificate to all PCs that will be used to log in to the
web-based OSS Management Tool through a web browser. You are advised to use
Internet Explorer to log in to the web-based OSS Management Tool because Firefox
ESR 17.x, Firefox ESR 24.x, and Firefox ESR 31.x supported by the web-based OSS
Management Tool do not support the self-signed client certificate.
– Ensure that the time and time zone at the PC are consistent with those at the OSS
Management Tool server. Otherwise, you cannot log in to the web-based OSS
Management Tool after you have loaded the client certificate.
3. Double-click ClientCA.pfx. Click Next repeatedly until the installation succeeds.

Step 9 Run the following command to restart the services of OSS Management Tool.
# /opt/OSMU/omc_control/restart_om_monitor.sh
Step 10 Log in the OSS Management Tool again and check if the operation of substitution has been
done successfully.
Choose Service System > U2000 > OSS Management Tool from the navigation tree on the
NOTE
If the system prompts Security Warning, configure the parameters for the browser in use by following
instructions provided in 26.2.1 Setting Internet Explorer or 26.2.2 Setting Firefox.
If you log in to the OSS Management Tool, the certificates are replaced successfully. In such a
case, go to Step 11. If you fail to log in to the OSS Management Tool, contact Huawei
technical support.
Step 11 Run the following commands to delete the temporary files.
# rm /opt/OSMU/omc_control/rootcert.pem
# rm /opt/OSMU/omc_control/server-key.pem
# rm /opt/OSMU/omc_control/server-cert.der
# rm -r /opt/OSMU/omc_control/cert.bak
# scp -pr /opt/OSMU/omc_control/Junction/settings.py Private IP address of the standby
node:/opt/OSMU/omc_control/Junction/settings.py
# scp -pr /opt/OSMU/omc_control/cert/rootcert.pem Private IP address of the standby
node:/opt/OSMU/omc_control/cert/rootcert.pem
# scp -pr /opt/OSMU/omc_control/cert/server-key.pem Private IP address of the standby
node:/opt/OSMU/omc_control/cert/server-key.pem
# scp -pr /opt/OSMU/omc_control/cert/server-cert.der Private IP address of the standby
node:/opt/OSMU/omc_control/cert/server-cert.der

U2000
# scp -pr /opt/OSMU/omc_control/nginx.conf Private IP address of the standby node:/opt/

OSMU/omc_control/nginx.conf
----End
8.6 Changing the Password of the OSS Management

Tool's Private Key File
The HTTPS service used by the OSS Management Tool depends on the security socket layer
(SSL). To ensure security, the SSL uses the RSA encryption algorithm, which is based on a
private key file. To increase the system security of OSS Management Tool, you can change
the password of the OSS Management Tool's private key file. This section describes how to
change the password of the OSS Management Tool's private key file. In the ATAE cluster
system, the operation needs to be performed only on the master node. For an ATAE cluster
online remote HA system, you need to perform the following steps on the master node of both
active site and the standby site.
Prerequisites
l You have installed the U2000 server software.
l The OSS Management Tool is working properly.
Context
To improve system security, you are advised to change the initial passwords set before
product delivery in a timely manner and periodically (at an interval of 6 months) change the
password of the private key file to avoid security risks, such as violent password cracking.
Procedure
NOTE
The public IP address of the U2000 board at the standby site in an ATAE cluster online remote HA
system is unavailable. When performing operations at the standby site, log in to the U2000 board using
either of the following two modes:
l Log in to the OSMU of the standby site, and then log in to the U2000 board through the KVM of
the OSMU.
l Use PuTTY to log in to the OSMU board at the standby site in SSH mode as user osmuuser,
switch to user root, run the ssh command to switch to the U2000 board using the private IP
address of the board at the standby site.

~> su - root
Step 3 Run the following commands to modify the password of the OSS Management Tool's private
key file:
# cd /opt/OSMU/omc_control
# ./modify_pem_passvalue.sh

U2000
Enter pass phrase for server-key.pem:old password

writing RSA key Enter PEM pass phrase:new password
Verifying - Enter PEM pass phrase:new password
When The Operation Succeeded. is displayed by the system, the password of the
OSS Management Tool's private key file is modified successfully.
NOTE
l If you are using the SSL certificate that provided by U2000, the default password of the OSS
Management Tool's private key file is Changeme_123.
l The password contains 8 to 30 characters, including digits from 0 to 9, uppercase and lowercase
letters, and special characters ]@%-=_.}{. You are advised to set the following password policies
to enhance password security:
– The password contains at least one uppercase letter.
– The password contains at least one lowercase letter.
– The password contains at least one digit.
– The password contains at least one special character.
l When The code you enter twice must be same.Do you want to re-enter
it again? Y/N: is displayed, the entered passwords are inconsistent. In such case, type Y or y
and enter the password again.
l When The PEM pass phrase change is failure. is displayed, the password of the
OSS Management Tool's private key file fails to be modified. In such case, perform this step to
modify the password of the OSS Management Tool's private key file again. If The PEM pass
phrase change is failure. is displayed again, contact Huawei technical support
engineers.
Step 4 After the password of the OSS Management Tool's private key file has been modified
successfully, run the following command to restart the OSS Management Tool service:
Step 5 Log in to the OSS Management Tool again to check whether the modification takes effect.
To check whether the modification takes effect, you must use a web browser to log in to the
OSS Management Tool again. If you can successfully log in to the OSS Management Tool,
the modification takes effect.
Step 6 Run the following commands to synchronize the modification result to the standby node.
# scp -pr /opt/OSMU/omc_control/Junction/settings.py Private IP address of the standby
node:/opt/OSMU/omc_control/Junction/settings.py
# scp -pr /opt/OSMU/omc_control/cert/server-key.pemPrivate IP address of the standby
node:/opt/OSMU/omc_control/cert/server-key.pem
# scp -pr /opt/OSMU/omc_control/nginx.confPrivate IP address of the standby
node:/opt/OSMU/omc_control/nginx.conf
----End
8.7 Changing the Maximum Login Attempts and Locking

Duration for the OSS Management Tool
To enhance the U2000 system security, by default, if you incorrectly enter the user name or
password for three consecutive times, the IP address for logging in to the OSS Management

U2000
Tool will be locked for 30 minutes. 30 minutes later, you are allowed to use the IP address to
log in again. You can customize the maximum number of login attempts and the maximum
lock duration for the OSS Management Tool based on the actual situation. In the non-single-
server system, you need to perform related operations only on the active server or master
server. For an ATAE cluster online remote HA system, you need to perform the following
steps on the active site.
Prerequisites
l The OSS Management Tool can be properly logged in.
Procedure
~> su - root
Step 3 Run the following command to set the maximum number of login attempts and the locking
duration for the OSS Management Tool.
# /opt/OSMU/omc_control/modify_lock_configure.sh
Enter the maximum number of login attempts: Maximum number of login attempts
Enter the maximum lock duration: Maximum lock duration
NOTE
The maximum number of login attempts and the maximum lock duration must be integers.
l The maximum number of login attempts ranges from 0 to 99. If the maximum number of login
attempts is set to 0, the lock policy is not used.
l The maximum lock duration ranges from 0 to 999. If the maximum number of login attempts is set
to a value other than 0 and the maximum lock duration is set to 0, the lock duration is unlimited.
If Operation success. is displayed, the maximum number of login attempts and the
maximum lock duration are changed successfully.
Step 4 Run the following command to restart the OSS Management Tool services.
----End
8.8 Performing Security Hardening/Unhardening for

Internal Ports of the U2000 Server
After the U2000 server is installed, you need to deploy a hardware firewall to reduce risks of
attacks on the U2000 server, improving security. If there is no hardware firewall, it is
recommended that you configure the OS firewall to perform security hardening on the internal
ports of the U2000 server to ensure its security.

U2000
Prerequisites
The firewall function provided by the OS is enabled. (That is, the iptables service is available
before operations are performed on SUSE Linux.)
Context
l In the high availability (HA) systems, the operation needs to be performed on the
primary and secondary servers.
l In the ATAE cluster system, the operation needs to be performed on the master, slave,
and standby servers.
l In the ATAE cluster online remote HA system, the operation needs to be performed on
the master, slave, and standby servers at the active and standby sites.
l Before changing the IP address of a U2000 server, you need to perform security
unhardening for internal ports if security hardening has been performed.
l After changing the IP address of a U2000 server, you can perform security hardening for
internal ports of the U2000 server.
l The operation execution involves the U2000 server's firewall. If too many rules are set,
U2000 server's performance may be affected. It is recommended that the hardware
firewall be deployed.
l If the operation execution fails, all the security hardening rules for the internal ports of
the U2000 server will be deleted from the OS firewall. If this occurs, contact Huawei
technical support.
l The security hardening operation mentioned in this section does not involve the security
hardening on ports 31837 and 31838 of the Apache.
l The previous hardening information may be lost after the OS firewall service is restarted.
Therefore, you need to perform the operation mentioned in this section again to perform
security hardening. Restarting the server has no impact on the previous hardening
information. Therefore, you do not need to perform this operation again.
Procedure
NOTE
the OSMU.

~> su - root
Step 3 Perform security hardening/unhardening for internal ports of the U2000 server as required.
l To perform security hardening for internal ports of the U2000 server, run the following
commands:

U2000
# sec_adm -cmd setIPTables
l To perform security unhardening for internal ports of the U2000 server, run the following
commands:
# sec_adm -cmd restoreIPTables
If the system displays Operation succeeded., security hardening/unhardening has

been performed for internal ports of the U2000 server successfully. Otherwise, contact
----End
Follow-up Procedure
After security hardening is performed on internal ports on the U2000 server, other products or
tools can update the internal port whitelist to set trust relationships with the U2000 server for
accessing the internal ports on the server. For detailed operations, see 26.1.39 Updating the
ACL for Internal Ports on the U2000 Server.
8.9 Performing Security Hardening/Unhardening for

U2000 Database Ports
After the U2000 database is installed, you need to deploy a hardware firewall to reduce risks
of attacks on the U2000 server, improving security. If there is no hardware firewall, it is
recommended that you configure the OS firewall to perform security hardening U2000
database ports to ensure its security.
Prerequisites
The firewall function provided by the OS is enabled. (That is, the iptables service is available
before operations are performed on SUSE Linux.)
Context
l In the non-single-server system, you need to perform related operations only on the
active server or master server.
l For an ATAE cluster online remote HA system, you need to perform related operations at
the active site. After a switchover is performed between the active and standby sites,
performs operations in this section again if related operations have not been performed at
the standby site before the switchover.
l Before changing the IP address of a U2000 server, you need to unharden database ports
if they have been hardened.
l After changing the IP address of a U2000 server, you can harden database ports to forbid
the access to the database using a remote IP address.
l The script hardens ports 4100 and 4200 for the Sybase database and ports 1521 and 1522
for the Oracle database.
l Database port hardening affects the database access using a remote IP address, for
example, accessing the U2000 database using the database client, or accessing the U2000

U2000
database using the northbound database. You can add remote IP addresses to the access
control list of the IP addresses so that users can access the U2000 database using the
added remote IP addresses.
Procedure
~> su - root
Step 3 Run the following commands to check whether U2000 database ports have been hardened:
l If the system displays the following information, U2000 database ports have been
hardened:
l If the system displays the following information, U2000 database ports have not been
hardened:
Step 4 Harden or unharden U2000 database ports as required.

l To harden internal ports of the U2000 database, run the following commands:
# ./DBAccessControl.sh -s
l To unharden internal ports of the U2000 database, run the following commands:
# ./DBAccessControl.sh -r
If the system displays succeeded, U2000 database ports are successfully hardened or
unhardened. Otherwise, contact Huawei technical support.
Step 5 After U2000 database ports are hardened, perform this step only if you need to add a remote
IP address for accessing the U2000 database. Otherwise, ignore this step.
# ./DBAccessControl.sh -a IP address for remote access
NOTE
To add multiple remote IP addresses, repeat this step.
----End

U2000
8.10 Querying and Setting the Encryption Algorithm for

Alarms Between the U2000 and OSMU
This section describes how to query and set the encryption algorithm for alarms between the
U2000 and OSMU. In the ATAE cluster system, perform operations in this section only on the
master server. In the ATAE cluster online remote HA system, perform operations in this
section only on the master server at the active site.
Context
Alarm configuration between the U2000 and OSMU is used to send hardware alarms from the
OSMU to the U2000 using the SNMPv3 protocol.
The SNMPv3 protocol supports data encryption using an encryption algorithm. By default,
when the OSMU reports alarms to the U2000, the Advanced Encryption Standard (AES)
algorithm is used as an encryption algorithm (priv_protocol) if the U2000 V200R015C00 is
newly installed, whereas the original encryption algorithm is used if the U2000 server is
upgraded to V200R015C00 or later.
To enhance U2000 system security, the AES128 algorithm that ensures high security is
recommended. The encryption algorithm configured on the OSMU for reporting alarms must
be consistent with the encryption algorithm configured on the U2000 server.
Procedure
Step 2 Run the following commands to query the current encryption algorithm used for alarms
between the U2000 server and OSMU:
~> ConfigTool -cmd getparam -path /sf/sysmonitor/atae/ -name priv_protocol -

target /opt/oss/server/etc/conf/sf_config.xml
If usmAESPrivProtocol is displayed, the U2000 uses the AES128 algorithm as the
encryption algorithm. Otherwise, the U2000 uses another encryption algorithm.
If you want to change the encryption algorithm configured for the U2000 server to the
AES128 algorithm, perform Step 3. Otherwise, perform Step 6.
Step 3 Perform the following operations to change the encryption algorithm used between the U2000
server and OSMU:
1. Run the following command to back up the encryption algorithm configuration file:
~> cp -p /opt/oss/server/etc/conf/sf_config.xml /opt/oss/server/etc/conf/
sf_config.xml.bak
2. Run the following commands to change the encryption algorithm to the AES algorithm:
~> ConfigTool -cmd modparam -path /sf/sysmonitor/atae/ -name priv_protocol -

value usmAESPrivProtocol -target /opt/oss/server/etc/conf/sf_config.xml

U2000
3. Run the following commands to check whether the encryption algorithm has been
successfully changed:
~> ConfigTool -cmd getparam -path /sf/sysmonitor/atae/ -name priv_protocol -
target /opt/oss/server/etc/conf/sf_config.xml
If usmAESPrivProtocol is displayed, the encryption algorithm has been
successfully changed.
Step 4 Stop U2000 services. For details, see 4.6 Stopping U2000 Services.
Step 5 Start U2000 services. For details, see 4.5 Starting U2000 Services.
Step 6 Check and set the encryption algorithm on the OSMU to be consistent with that on the U2000
server. For detailed operations, see Checking and Setting the Alarm Encryption and
Heartbeat Authentication Algorithms on the OSMU in ATAE Cluster System Product
Documentation.
----End
Follow-up Procedure
If the emergency system is configured in the ATAE cluster system, you need to manually
perform full synchronization after the configuration on the U2000 server is complete. For
details, see Synchronizing Manually the Data Between the Primary System and the
Emergency System in U2000 ATAE Cluster Emergency System User Guide.
8.11 Querying and Setting the Authentication Algorithm

for the Heartbeats Between the U2000 and OSMU
This section describes how to query and set the authentication algorithm for heartbeats
between the U2000 and OSMU. In the ATAE cluster system, perform operations in this
section on the master and standby servers. In the ATAE cluster online remote HA system,
perform operations in this section only on the master and standby servers at both the active
and standby sites.
Context
Heartbeat configuration between the U2000 and OSMU is used to monitor the heartbeats
between the U2000 and OSMU.
The SNMPv3 protocol uses the cryptographic hash functions and keys to generate message
authentication codes. By default, Secure Hash Algorithm (SHA1) is used as an authentication
algorithm for monitoring the heartbeats between the newly installed U2000 V200R015C00
and the OSMU, whereas the original authentication algorithm is used if the U2000 server is
upgraded to V200R015C00 or later.
To improve U2000 system security, the SHA1 algorithm that ensures high security is
recommended. The authentication algorithm configured on the OSMU for monitoring
heartbeats must be consistent with that configured on the U2000 server.
Procedure

U2000
NOTE
the OSMU.
Step 2 Run the following command to query the current authentication algorithm for heartbeats
between the U2000 server and OSMU:
~> cat /opt/oss/server/common/resourcemonitor/conf/TS_config.xml | grep true
If there is no command output, the U2000 uses the SHA1 algorithm as the authentication
algorithm. Otherwise, the U2000 uses another authentication algorithm.
If you want to change the authentication algorithm configured on the U2000 server to the
SHA1 algorithm, perform Step 3. Otherwise, perform Step 4.
Step 3 Perform the following operations to change the authentication algorithm used for the
heartbeats between the U2000 server and OSMU:
1. Run the following command to change the authentication algorithm to SHA1:
~> sed 's/true/false/g' /opt/oss/server/common/resourcemonitor/conf/TS_config.xml
> /tmp/TS_config.tmp
2. Run the following commands to change the file permission:
~> mv /tmp/TS_config.tmp /opt/oss/server/common/resourcemonitor/conf/
TS_config.xml
~> chown ossuser:ossgroup /opt/oss/server/common/resourcemonitor/conf/
TS_config.xml
~> chmod 750 /opt/oss/server/common/resourcemonitor/conf/TS_config.xml
3. Run the following command to restart the ResourceMonitor process:
~> ps -ef | grep -v grep | grep ResourceMonitor | awk '{print $2}' | xargs kill -9
4. Run the following command to check whether the authentication algorithm has been
successfully changed:
~> cat /opt/oss/server/common/resourcemonitor/conf/TS_config.xml | grep true
If no information is displayed, the authentication algorithm has been successfully
changed.
Step 4 Check and set the authentication algorithm on the OSMU to be consistent with that on the
U2000 server. For detailed operations, see Checking and Setting the Alarm Encryption
and Heartbeat Authentication Algorithms on the OSMU in ATAE Cluster System Product
Documentation.
----End
Follow-up Procedure

U2000
8.12 Querying and Setting the SNMPv3-based Algorithms

Used Between the U2000 and PRS
This section describes how to query and set the SNMPv3-based authentication and encryption
algorithms used between the U2000 and PRS. In a non-single-server system, perform
operations in this section on the master and standby servers.In the ATAE cluster online remote
HA system, perform operations in this section on the master and standby server at both the
active and standby sites.
Context
Alarm configuration between the U2000 and PRS is used to send resource monitoring
exception alarms, threshold alarms, and hardware alarms from the PRS to the U2000 using
the SNMPv3 protocol.
The SNMPv3 protocol supports data encryption using an encryption algorithm. By default,
SNMPv3-based Secure Hash Algorithm (SHA1) is used as an authentication algorithm and
SNMPv3-based Advanced Encryption Standard (AES) is used as an encryption algorithm
between the newly installed U2000 V200R015C00 and the PRS, whereas the original
authentication and encryption algorithms are used if the U2000 server is upgraded to
V200R015C00 or later.
To improve U2000 system security, the SHA1 (authentication algorithm) and AES
(encryption algorithm) algorithms that ensure high security are recommended. The SNMPv3-
based authentication and encryption algorithms configured on the PRS must be consistent
with the algorithms configured on the U2000 server.
NOTICE
If the version of the PRS interconnecting with the U2000 is earlier than
V100R014C00SPC200, the SNMPv3-based authentication and encryption algorithms
configured on the PRS cannot be changed. To improve security between the U2000 and PRS,
upgrade the PRS and then change the PRS authentication algorithm to SHA1 and the PRS
encryption algorithm to AES. Contact Huawei technical support to upgrade the PRS.
If you do not want to upgrade the PRS, change the SNMPv3-based authentication and
encryption algorithms configured on the U2000 to be consistent with those configured on the
PRS.
Procedure

U2000
NOTE
the OSMU.
Step 2 Run the following command to query the current SNMPv3-based authentication and
encryption algorithms between the U2000 server and PRS:
~> cat /opt/oss/server/common/resourcemonitor/conf/PRS_config.xml | grep true
If no information is displayed, the U2000 uses SHA1 as the authentication algorithm and AES
as the encryption algorithm. Otherwise, the U2000 uses another authentication and encryption
algorithms.
If you want to change the SNMPv3-based authentication and encryption algorithms
configured on the U2000 server, perform Step 3. Otherwise, perform Step 4.
Step 3 Perform the following operations to change the SNMPv3-based authentication and encryption
algorithms used between the U2000 server and PRS:
1. Run the following command to change the SNMPv3-based authentication and encryption
algorithms:
– If you want to change the authentication algorithm to SHA1 and the encryption
algorithm to AES, run the following command:
~> sed 's/true/false/g' /opt/oss/server/common/resourcemonitor/conf/
PRS_config.xml > /tmp/PRS_config.tmp
– If the version of the PRS interconnecting with the U2000 is earlier than
V100R014C00SPC200, the SNMPv3-based authentication and encryption
algorithms configured on the PRS cannot be changed. To improve security between
the U2000 and PRS, upgrade the PRS and then change the PRS authentication
algorithm to SHA1 and the PRS encryption algorithm to AES. Contact Huawei
technical support to upgrade the PRS.
If you do not want to upgrade the PRS, run the following command to change the
SNMPv3-based authentication and encryption algorithms configured on the U2000
to be consistent with those configured on the PRS:
~> sed 's/false/true/g' /opt/oss/server/common/resourcemonitor/conf/
PRS_config.xml > /tmp/PRS_config.tmp
2. Run the following commands to change the file permission:
~> mv /tmp/PRS_config.tmp /opt/oss/server/common/resourcemonitor/conf/
PRS_config.xml
~> chown ossuser:ossgroup /opt/oss/server/common/resourcemonitor/conf/
PRS_config.xml
~> chmod 750 /opt/oss/server/common/resourcemonitor/conf/PRS_config.xml
3. Run the following command to restart the ResourceMonitor process:
~> ps -ef | grep -v grep | grep ResourceMonitor | awk '{print $2}' | xargs kill -9

U2000
4. Run the following command to check whether the SNMPv3-based authentication and
encryption algorithms have been successfully changed:
~> cat /opt/oss/server/common/resourcemonitor/conf/PRS_config.xml | grep true
– If there is no command output, the U2000 uses SHA1 as the authentication

algorithm and AES as the encryption algorithm.
– If there is command output, the U2000 uses other algorithms.
Step 4 If the version of the PRS interconnecting with the U2000 is V100R014C00SPC200 or later,
query and set the SNMPv3-based authentication and encryption algorithms configured on the
PRS to be consistent with those configured on the U2000 server. For detailed operations, see
Querying and Setting the SNMPv3-based Algorithms Used Between the PRS and
U2000(M2000) in iManager PRS Product Documentation.
----End
Follow-up Procedure
8.13 Changing the OSS Private Key Password

This topic describes how to change the default OSS private key password in /opt/oss/
server/etc/ssl/ne/ltecertlist.xml file.
Prerequisites
l Ensure that the SSLManageService is stopped before this tool is executed.
l This command must be run in /opt/oss/server/common/nessl/bin.
Context
l From the security management aspect, you must change the private key password
periodically to ensure the password security.
l You are advised to change the password every month.
l For details about the password complexity rules, see nesslCryptTool in U2000 Command
Reference.
l If the password is disclosed to an unauthorized user, you are advised to change it
immediately to ensure the secure management and maintenance of the U2000.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 2 Run the following command to update the default private key password in /opt/oss/
server/etc/ssl/ne/ltecertlist.xml file, The default password is Changeme_123.

U2000
~> cd /opt/oss/server/common/nessl/bin
~> ./nesslCryptTool
Old password:
New Password:
Confirm new password:
If the following information is displayed, the command is run successfully:

NesslCryptTool modified the password successfully
----End
8.14 Disabling the SSLv3 Protocol Used on the U2000

By default, the U2000 supports both SSL and TLS protocols for communication with other
devices. TLS protocols are more secure. Therefore, you are advised to disable SSL protocols
and use only TLS protocols. You can use the methods described in this section to disable the
SSLv3 protocol, improving the U2000 security.
Context
l After the SSLv3 protocol is disabled, the U2000 server cannot be connected using the
SSLv3 protocol.
l The SSLv3 protocol can be disabled in the following usage scenarios:
– U2000 processes communicate with each other using the CORBA or MRB
interface.
– The desktop service on the U2000 server communicates with other devices.
– Files are transmitted between U2000 server and NEs.
– The northbound interfaces (CORBA, alarm streaming, and command line
interfaces) on the U2000 server interconnect with the the NMS using the SSLv3
protocol.
– The SSLv3 protocol is used when NE LMT communicates with U2000 NE user
services.
– The SSLv3 protocol is used when U2000 NE user services communicate with NEs.
l In the HA system, related operations must be performed on only the active server.
l In the Sun SLS system or ATAE cluster system, related operations must be performed on
the master and slave servers, respectively.
l In ATAE cluster online remote HA system, you need to run this command on the master
and slave servers of active site and standby site.
Procedure

U2000
NOTE
the OSMU.
Step 3 Run the following command to disable the SSLv3 protocol:

l Disable the SSLv3 protocol in the following two usage scenarios: U2000 processes
communicate with each other using the CORBA or MRB interface. The desktop service
on the U2000 server communicates with other devices.
~> ssl_adm -cmd disableSSLv3 -app mrb -file /opt/oss/server/etc/ssl/option.xml
~> ssl_adm -cmd disableSSLv3 -app corba -file /opt/oss/server/etc/conf/svc_ssl.conf
~> ssl_adm -cmd disableSSLv3 -app corba -file /opt/oss/server/etc/conf/
notify_ssl.conf
l Disable the SSLv3 protocol used for file transmission between the U2000 server and
NEs.
a. Run the following command to switch to user root.
~> su - root
Password:Password of root
b. Run the following command to set environment variables.

c. Run the following command to disable the SSLv3 protocol.
# /opt/oss/server/3rdTools/ftp/files/setSSLForFtpSvr.sh disableSSLv3
d. Exit from user root.
# exit
l If the emergency system is configured, perform the following operations to disable the
SSLv3 protocol used during file transfer between the emergency system and NEs.
a. Use PuTTY to log in to the U2000 active servers as user ossuser in SSH mode.
For HA system, or ATAE cluster system, perform the following operations on the
active server or master server only.
~> su - root
c. Run the following command on the U2000 server to synchronize the data from the
When the system displays The synchronization
succeeded............................. [100.0%], data
synchronization is complete.
d. Use PuTTY to log in to the emergency system server as user ossuser in SSH mode.

U2000
NOTE
You can perform the following operation to query the external IP address for the emergency
system server.
Use a browser to log in to the OSMU server, and choose Device Management > Hardware
Device > Board from the navigation tree in the left pane of the OSMU window. The
external IP address for the board whose Cluster Name is ESCluster is the external IP
address for the emergency system server.
NOTICE
If multiple emergency system instances are deployed, the value of Cluster Name
for each emergency system is unique, for example, ESCluster#2. Select an
emergency system according to the actual requirements.
e. Run the following command to switch to user root.

~> su - root
f. Run the following command to check whether the SSLv3 protocol used during file
transfer between the emergency system and NEs has been disabled:
# /opt/oss/server/3rdTools/ftp/files/setSSLForFtpSvr.sh querySSLv3
If information similar to the following is displayed, the SSLv3 protocol has been
disabled. In this case, go to Step 3.h.
/opt/oss/server/3rdTools/ftp/files
setSSLForFtpSvr_i begin
SSLv3 protocol is disabled transfer over FTP.
setSSLForFtpSvr_i end
If information similar to the following is displayed, the SSLv3 protocol is not

disabled:
SSLv3 protocol is enabled transfer over FTP.
g. Run the following commands to disable the SSLv3 protocol:

# /opt/oss/server/3rdTools/ftp/files/setSSLForFtpSvr.sh disableSSLv3
h. Run the following command to log out user root:
# exit
l Disable the SSLv3 protocol used when the U2000 communicates with the NMS using
the socket or CORBA northbound interface.
~> ssl_adm -cmd disableSSLv3 -app mrb -file /opt/oss/server/etc/CBB/itfn/LGU/
SSLOption.xml
~> ssl_adm -cmd disableSSLv3 -app mrb -file /opt/oss/server/etc/MirrorDBService/
SSLOption.xml
~> ssl_adm -cmd disableSSLv3 -app mrb -file /opt/oss/server/etc/IRPService/
FMNotify/SSLOption.xml

U2000
~> ssl_adm -cmd disableSSLv3 -app mrb -file /opt/oss/server/etc/IRPService/

NMSMMLServer/SSLOption.xml
irp_svc_ssl.conf
notify_ssl.conf
~> ssl_adm -cmd disableSSLv3 -app mrb -file /opt/oss/server/etc/NGNNIService/
SSLOption.xml
~> ssl_adm -cmd disableSSLv3 -app mrb -file /opt/oss/server/etc/NGNNI112Service/
SSLOption.xml
l Disable the SSLv3 protocol of the U2000 proxy.
~> cd /opt/oss/server/rancn/tools/ProxyTools
~> ./ProxySSLV3Adm.sh disable
----End
Follow-up Procedure
l Check whether the SSLv3 protocol used in the following three scenarios has been
disabled: U2000 processes communicate with each other using the CORBA or MRB
interface; the desktop service on the U2000 server communicates with other devices; the
U2000 communicates with the NMS using the socket or CORBA northbound interface.
Run the following command:
Take the file /opt/oss/server/etc/ssl/option.xml for example:
~> ssl_adm -cmd querySSLv3 -file /opt/oss/server/etc/ssl/option.xml
– If the command output similar to the following is displayed, the SSLv3 protocol has
been disabled.
SSLv3 protocol is disabled in file /opt/oss/server/etc/ssl/option.xml.
– If the command output similar to the following is displayed, the SSLv3 protocol is
not disabled.
SSLv3 protocol is enabled in file /opt/oss/server/etc/ssl/option.xml.
l Check whether the SSLv3 protocol used for file transmission between the U2000 server
and NEs has been disabled. (Run the following command as user root:)
# /opt/oss/server/3rdTools/ftp/files/setSSLForFtpSvr.sh querySSLv3
– If the command output similar to the following is displayed, the SSLv3 protocol has
been disabled.
SSLv3 protocol is disabled transfer over FTP.
– If the command output similar to the following is displayed, the SSLv3 protocol is
not disabled.
SSLv3 protocol is enabled transfer over FTP.

U2000
l If you need to query whether the SSLv3 protocol has been disabled for the U2000 proxy,
run the following command:
~> cd /opt/oss/server/rancn/tools/ProxyTools
~> ./ProxySSLV3Adm.sh query
If the command output similar to the following is displayed, the SSLv3 protocol has
been disabled.
U2000 proxy has been disabled sslv3 version.
8.15 Disabling the TLSv1.0 Protocol

By default, when the client (the U2000 client or the device communicating with the U2000
server) connects to the U2000 server, or the U2000 server connects to other servers, the
U2000 server supports the SSLv3 and TLS protocols. The SSLv3 and TLSv1.0 protocols are
insecure. TLSv1.1 and later are recommended instead of the SSLv3 and TLSv1.0 protocols,
improving U2000 security. This section describes how to disable the TLSv1.0 protocol.
Context
l After the TLSv1.0 protocol is disabled, the U2000 server cannot be connected using the
TLSv1.0 protocol.
l For details about how to disable the SSLv3 protocol, see 8.14 Disabling the SSLv3
Protocol Used on the U2000.
Procedure
l To disable TLS 1.0 from the U2000 client, set the following parameters:
a. Open Internet Explorer and choose Tools > Internet Options.
b. In the Internet Options dialog box, click the Advanced tab.
c. Deselect Use TLS 1.0, and select Use TLS 1.1 and Use TLS 1.2.
d. Click OK.
l To disable TLS 1.0 from the U2000 server, contact Huawei technical support.
----End
8.16 Enabling/Disabling Proxy Service ACL

This section describes how to enable or disable the proxy service ACL function.
Context
l For NodeBs (except the NodeB where the local Web LMT is not installed and that
supports built-in Web LMT), CBSCs, UGWs and some core network NEs (for example,
CAS9910, CHLR-DC, FIXMGW, FMCMGW, HLR, HLR-DC, HLR-SC, IWF, MGW,
MSCServer, MiniMGW, SAEGW, SE2600, SG7000, SOFTX3000, SPS, rMSCSvr), you
must enable the proxy service ACL function before setting the proxy service ACL.
l After the proxy service ACL function is enabled, if you do not set the proxy service ACL
control item, the proxy login will fail.

U2000
l In a new installation scenario and in an upgrade scenario, the proxy service ACL
function is disabled by default.
Procedure
Step 1 You have logged in to the U2000 server as user ossuser in SSH mode using PuTTY, in the
non-single-server system, the operation needs to be performed only on the active node or
master node.
Step 2 Run the following commands to check the proxy service ACL status:
~> cd /opt/oss/server/rancn/tools/ProxyTools/
~> ./ProxyACLAdm.sh query
l If information similar to the following is displayed, the proxy service ACL function is
disabled.
ACL-Control of U2000 proxy has been disabled
l If information similar to the following is displayed, the proxy service ACL function is
enabled.
ACL-Control of U2000 proxy has been enabled
Step 3 If the function is in the expected status, no further action is required. Otherwise, proceed with
the following steps.
Step 4 Enable or disable the proxy service ACL function based on your requirements.
l If you need to enable this function, run the following command:
~> ./ProxyACLAdm.sh enable
If information similar to the following is displayed, the proxy service ACL function is
enabled.
Enable proxy ACL-Control...
Enabled ACL-Control of U2000 proxy successfully,it will take effect after
restart NeUserService...
l If you need to disable this function, run the following command:

~> ./ProxyACLAdm.sh disable
If information similar to the following is displayed, the proxy service ACL function is
disabled.
Disable proxy ACL-Control...
Disabled ACL-Control of U2000 proxy successfully,it will take effect after
restart NeUserService...
Step 5 Run the following commands to restart the NeUserService for the settings to take effect.
~> svc_adm -cmd restartsvc NeUserService
If information similar to the following is displayed, the NeUserService is successfully

restarted.
svc_adm : info : START finished.
----End

U2000
8.17 Configuring the DH Key Length for DS Services

The DH key length can be set to 2048 for a DS service. The default DH key length is 1024.
Increasing the DH key length can enhance security. Set the DH key length as required.
Context
Configure the DH key length for all DS services. (-Djdk.tls.ephemeralDHKeySize=2048)
NOTICE
The DH key length can be set only for DS services running on the JRE1.8. After the DH key
length is set, the U2000 client running on a JRE earlier than JRE1.8 cannot use DS services
for upgrade.
Procedure
Step 1 Log in to the U2000 server as user ossuser in SSH mode using PuTTY. In the non-single-
server system, the operation needs to be performed only on the active node or master node.
~> su - root
Step 3 Run the following command to set environment variables:

Step 4 Run the following command to navigate to the /opt/oss/server/etc/conf directory:
# cd /opt/oss/server/etc/conf
Step 5 Modify the args configuration item in the DesktopServicexxxxsvc.xml configuration file for
all DS services. Set the DH key length. (-Djdk.tls.ephemeralDHKeySize=2048)
NOTE
The DS service supports multiple instances. The configuration file is DesktopServicexxxxsvc.xml. xxxx
indicates the DS service number. The first two digits indicate the host number, and the last two digits indicate
the DS service number on the host.
Before modification:
<param name="args">-Xrs -Dds.config.home=D:/oss/server/etc/ds/cfg -DprocID=9999 -
DprocHandle=1 -Xms8m -Xmx512m -XX:+UseSerialGC
-XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=40 -XX:PermSize=22m -
XX:MaxPermSize=64m -Xverify:none -Djava.awt.headless=true -Dfile.encoding=UTF-8
-Djava.library.path=D:/iMAP/server/ds/lib -jar D:/iMAP/server/ds/lib/
launcher.jar</param>
After modification:
<param name="args">-Xrs -Dds.config.home=D:/oss/server/etc/ds/cfg -DprocID=9999 -
DprocHandle=1 -Xms8m -Xmx512m -XX:+UseSerialGC
-XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=40 -XX:PermSize=22m -
XX:MaxPermSize=64m -Xverify:none -Djava.awt.headless=true -
Djdk.tls.ephemeralDHKeySize=2048

U2000
-Dfile.encoding=UTF-8 -Djava.library.path=D:/iMAP/server/ds/lib -jar D:/iMAP/

server/ds/lib/launcher.jar</param>
Step 6 Run the following commands to import the modified configuration file to the database:
# SettingTool -cmd import -file DesktopServicexxxxsvc.xml
# svc_adm -cmd reload
Step 7 Restart all DS services.
1. Log in to all U2000 servers as user ossuser in SSH mode using PuTTY.
2. Run the following command to check DS services on the current server:
~> svc_adm -cmd status
Service Agent: ds0101_agent [1 service(s)] pid: 20914
DesktopService0101 [running ]
3. Run the following command to restart DS services on the current server:

----End

U2000 9 Setting the Communication Modes Used by the U2000
ATAE Cluster System Administrator Guide (SUSE) Clients and Server
9 Setting the Communication Modes Used by

the U2000 Clients and Server
About This Chapter
The U2000 server supports three communication modes: common, Secure Sockets Layer
(SSL), and both. Clients support two communication modes: common and SSL. The clients
can successfully connect to the server only when the communication modes are consistent
between the clients and server. The security of the SSL mode is higher than the security of the
common and both modes. The default communication mode on the server is SSL. The client
must connect to the server in SSL mode.
9.1 Mode Switching Operation Guide

The security of the SSL mode is higher. The default communication mode on the U2000
server is SSL. The client can perform communication with the server in SSL mode. When the
client performs communication with the server in SSL mode, certificates need to be deployed
for the server and client, respectively. The U2000 server and client provide Huawei preset
certificates, which are used in commissioning scenarios. To improve data security, apply for
certificates from official authority and replace the preset certificates.
9.2 Introduction to Communication Modes
This topic describes the information that you need to learn before configuring the
communication modes used by the U2000 clients and server, which includes the information
about the digital certificates and Secure Sockets Layer (SSL) protocol.
9.3 Preparing Digital Certificates
This section describes the digital certificates that need to be prepared before you deploy
certificates for the U2000 server and client based on the certificate environment and the
certificates that are issued by the certificate authority (CA) for the U2000 server and client.
9.4 Certificate Save Path and Naming Conventions
This section describes certificate files and provides their save paths after they are deployed on
the U2000 server and client.
9.5 Setting the U2000 Communication Mode
server is SSL. The client can perform communication with the server in SSL mode.
9.6 Replacing All Digital Certificates

If the communication mode of the U2000 is SSL or both, but a specified set of certificates
(including the identity certificate, trust certificate, and CRL) is required, you must replace the
digital certificates.
9.7 Updating Certificates
In SSL or both communication mode, if identity certificates expire, you need to update them;
if another trust certificate authority (CA) is trusted or the CA issues new certificate revocation
lists (CRLs), you need to update trust certificates or CRLs.

9.1 Mode Switching Operation Guide

Context
NOTICE
Before switching the communication mode of the server, U2000 services need to be stopped,
resulting in OSS service interruption.
l When the client performs communication with the server in SSL mode, you need to
deploy certificates on the server and client, respectively. After deploying certificates for
the client, you need to restart the client and enable the client to log in to the server in
SSL mode. The client cannot log in to the server in common mode.
l Exercise caution when using the common mode because the common mode has security
risks.
l For details about how to learn the current communication mode of the server, see 9.5.2
Querying the Communication Mode of the Server.
Switching Scenarios
Switching scenarios vary depending on operation and maintenance phases. For details about
deployment scenarios, see corresponding commissioning guide. For details about routine
maintenance scenarios, see Table 9-1.
NOTE
Huawei preset certificates are used only in commissioning scenarios. To improve data security, apply for
In routine maintenance, to switch to the common mode, follow the instructions provided in
9.5.5 Switching the Communication Mode of the U2000 Server. To switch to the SSL or
both mode, follow the instructions provided in the following table.

Table 9-1 Maintenance scenarios for switching to the SSL or both mode
Is Server Is Client Change of the CA Operation
Certificate Authentic Granting
Update ation Certificates to
Required? Required Clients
for the
Server?
No Yes The CA granting 1. 9.7.4 Updating Certificates on

certificates to the the U2000 Client
client is not changed, 2. Update certificates of the U2000
and trust certificates client to the U2000 server.
are updated.
l If the CAs granting certificates
to the U2000 server and to the
U2000 client are the same, or
are two sub-CAs in the same
CA, perform the following
operations:
9.7.1 Updating Certificates
on the U2000 Server
U2000 client are different, and
are not two sub-CAs in the
same CA, perform the
following operations:
a. Delete old trust certificates
of the client by following
the instructions provided in
9.7.3 Deleting Trust
Certificates of the U2000
Client from the U2000
Server.
b. Add new trust certificates
9.7.2 Adding Trust
Client to the U2000
Server.
3. Check whether peer authentication
has been enabled for the U2000
server by following the
instructions provided in ssl_adm -
cmd queryAuthPeer.
l If yes, go to 4.
l If no, go to 9.5.4 Enabling the
U2000 Server to
Authenticate Its Peer.


for the
Server?
4. 9.5.5 Switching the

Communication Mode of the
U2000 Server
The server trusts a 1. 9.5.6 Deploying Certificates on

new CA granting the U2000 Client
certificates to the 2. 9.7.2 Adding Trust Certificates
new client. of the U2000 Client to the U2000
Server
cmd queryAuthPeer.
l If yes, go to 4.
U2000 Server to
U2000 Server


for the
Server?
The server untrusts a 1. Delete certificates on the U2000

CA granting client by following the
certificates to the instructions provided in 9.7.4
client. Updating Certificates on the
U2000 Client.
2. Query the file name and issuer of
the trust certificate of the U2000
client by following the
cmd queryCA.
l If the file name and issuer of
the trust certificate exist,
follow the instructions
provided in 9.7.3 Deleting
Trust Certificates of the
U2000 Client from the U2000
Server.
the trust certificate do not
exist, go to 3.
cmd queryAuthPeer.
l If yes, go to 4.
U2000 Server to
U2000 Server
No - 9.5.5 Switching the Communication

Mode of the U2000 Server


for the
Server?
Yes Yes The CA granting 1. 9.7.4 Updating Certificates on

and trust certificates server and the U2000 client on the
are updated. U2000 server.
l If the original certificates and
the updated certificates of the
U2000 server are granted by
the same CA, or by two sub-
CAs in the same CA, and if the
CAs granting certificates to the
U2000 server and to the U2000
client are the same, or are two
sub-CAs in the same CA,
perform the following
operations:
on the U2000 Server
client are different, and are not
two sub-CAs in the same CA,
operations:
a. 9.7.1 Updating
Certificates on the U2000
Server
b. Delete old trust certificates
Server.
c. Add new trust certificates


for the
Server?
9.7.2 Adding Trust

Client to the U2000
Server.
neither the same CA nor two
sub-CAs in the same CA, and
if the CA granting updated
certificates to the U2000 server
and the CA granting
certificates to the U2000 client
are the same, or are two sub-
CAs in the same CA, perform
the following operations:
9.5.3 Deploying Certificates
on U2000 the Server
and the CA granting
are different, and are not two
operations:
a. 9.5.3 Deploying
Certificates on U2000 the
Server
9.7.2 Adding Trust
Client to the U2000
Server.


for the
Server?

cmd queryAuthPeer.
l If yes, go to 4.
U2000 Server to
U2000 Server


for the
Server?

certificates to the 2. On the U2000 server, update
new client. certificates of the U2000 server
and add trust certificates of the
U2000 client.
U2000 server and to a new
a. 9.7.1 Updating
Server
b. Add trust certificates of the
new client by following the
instructions provided in
9.7.2 Adding Trust
Client to the U2000
Server.
and the CA granting
certificates to the new U2000
operations:
a. 9.5.3 Deploying
Server


for the
Server?

9.7.2 Adding Trust
Client to the U2000
Server.
cmd queryAuthPeer.
l If yes, go to 4.
U2000 Server to
U2000 Server


for the
Server?

U2000 Client.
2. Update certificates of the U2000
server on the U2000 server.
on the U2000 Server
operations:
on U2000 the Server
cmd queryCA.
Server.
exist, go to 4.


for the
Server?

cmd queryAuthPeer.
l If yes, go to 5.
U2000 Server to
U2000 Server
No - 1. Update certificates of the U2000

on the U2000 Server
operations:
on U2000 the Server
U2000 Server
9.2 Introduction to Communication Modes

This topic describes the information that you need to learn before configuring the
communication modes used by the U2000 clients and server, which includes the information
about the digital certificates and Secure Sockets Layer (SSL) protocol.

9.2.1 Digital Certificates

To improve security for the communication between the U2000 clients and server, you need to
configure digital certificates for the U2000 clients and server in advance and use the Secure
Sockets Layer (SSL) communication mode. This topic describes the digital certificates related
to the communication modes used by the U2000 clients and server.
Digital Certificate Function

A digital certificate is an electronic document and functions as a signature of an institute or
user. It is used to authenticate the institute or user. A digital certificate contains information
such as the validity period, user name, and public key. Certificate owners have private key
files. They can be used to set an SSL encrypted channel between the server and client. The
digital certificate functions are as follows:
l Authenticating certificate owners.

l Protecting data on the server and client against being intercepted and tampering.
Certificate Authority
A certificate authority (CA) issues digital certificates. The CA has digital certificates to
authenticate itself and other certificate owners. When issuing a digital certificate to a device,
the CA writes a digital signature to the certificate using its own certificate and users can
verify the digital signature using the digital signature of the CA to ensure that the digital
certificate is not modified.
Trust Certificates
Trust certificates are a set of CA digital certificates. Only the digital certificates issued by the
CAs in a trust certificate are valid. If the OSS servers use certificates issued by CAs in the
trust certificate, clients trust these OSS servers.
Certificate Revocation Lists

Certificates have specified validity periods and CAs can revoke certificates to terminate
certificate usage. Revoked certificates are added to certificate revocation lists (CRLs). After
the CAs issue new CRLs, users need to update their local CRLs to ensure communication
security. A certificate is revoked for the following reasons:
l The certificates expire.

l The private key of the certificate owner is disclosed or is suspected of being disclosed.
l The private key of the CA is disclosed or is suspected disclosed.
l The certificate is obtained using deceitful methods.
l The certificate owner's name is changed.
9.2.2 SSL Protocol

When the U2000 clients and server use the Secure Sockets Layer (SSL) communication
mode, their communication is based on the SSL protocol. This topic describes the concept and
functions of SSL, communication process, and SSL application on the U2000.

Concept
The Security Socket Layer (SSL) protocol encrypts/decodes data and authenticates concerned
entities. In addition, it ensures security and data integrity for network communication on the
transmission layer.
Functions
A security channel is established between the client and server to ensure secure and effective
communication. The SSL functions are as follows:
l Data confidentiality: Both parties obtain encrypted private keys after negotiating using a
handshake protocol and transfer encrypted messages. A single key encryption algorithm
is used, such as Advanced Encryption Standard (AES).
l Identity authentication: Both parties use an asymmetric algorithm to authenticate them,
such as Revist-Shamir-Adleman Algorithm (RSA).
l Data integrity: The hash algorithm, such as secure hash algorithm (SHA) and message
digest algorithm 5 (MD5), is used to generate message digests and message
authentication code (MAC). Transmitted data includes digital signatures, which ensures
data integrity.
SSL Handshake Protocol

An SSL encrypted channel is established using the SSL handshake protocol. The following
figure shows the bidirectional authentication process using the SSL handshake protocol.
Figure 9-1 SSL handshake protocol
The bidirectional authentication process is as follows:

1. The SSL client and server establish security capabilities by sending connection requests.
2. The SSL client and server transfer their digital certificates to authenticate their identities.
3. The SSL client and server negotiate and choose a symmetric encryption plan for
communication.
4. The SSL client and server complete handshake and start to communicate with each other.
SSL on the U2000

The U2000 server provides three communication modes: both, SSL, and common. The
default mode is SSL. The client can perform communication with the server in SSL mode.
The U2000 server uses different ports in different communication modes. If only the SSL
mode is used, you need to block non-SSL ports on the firewall.
Before establishing the SSL or both communication mode between the U2000 client and the
server, you need to prepare related certificates for the client and server, and use the certificate
deployment tools provided by the U2000 to deploy the certificates on the client and server
respectively. The deployment tool used on the client supports only Windows.
9.3 Preparing Digital Certificates

This section describes the digital certificates that need to be prepared before you deploy
certificates for the U2000 server and client based on the certificate environment and the
certificates that are issued by the certificate authority (CA) for the U2000 server and client.
Certificate Environment
Generally, CAs are located at various levels. Assume that the certificates used on the U2000
server and client are issued by a level-2 CAs. Figure 9-2 shows the hierarchy of CAs.
Figure 9-2 Hierarchy of CAs

Table 9-2 describes the file names of various levels of certificates that users must obtain
based on the relationships shown in Figure 9-2.
Table 9-2 Introduction of Certificates
Issued to Issued by Certificate Add to the Trust

Certificate List or
Certificate Revocation
List (CRL)
rootCA rootCA rootCA.cer and rootCA.crl Yes
subCA1 rootCA subCA1.cer and Yes

subCA1.crl
client1 subCA1 client1.cer and No

client1_key.pem or
client1.p12
client2 subCA1 client2.cer and No

client2_key.pem or
client2.p12
subCA2 rootCA subCA2.cer and Yes

subCA2.crl
server subCA2 server.cer and No

server_key.pem or
server.p12
NOTE
Currently, the U2000 uses the digital certificate preconfigured by Huawei, and the digital certificate is
used only in commissioning scenarios. The U2000 supports the replacement of a digital certificate.
Apply to an authority institute for a digital certificate and replace the digital certificate preconfigured by
Huawei with the new digital certificate.
The certificates obtained by the user can be renamed according Table 9-2. The deployment tool of the
U2000 has no special requirements on the certificate names. Different file name extensions stand for
different certificates:
l .cer: Identity certificate. Generally, it works with a .pem key file.
l .p12: Identity certificate of the PKCS#12 (a single file in PFX format) type. The .p12 contains the
certificate file and key file, and is saved with a password. Before using this type of device certificate,
you must obtain the corresponding password.
l .crl: Certificate revocation list. The file lists the identity certificates to be revoked.
The identity certificates in .cer format and CRL files in .crl format of the CAs (including rootCA,
subCA1, and subCA2) are trustworthy. These identity certificates and CRLs issued by the CAs must be
respectively added to the trust certificate list and CRL on the U2000 server and client.
Preparing Certificates
When the U2000 client performs communication with the server in SSL mode, deploy
certificates for the U2000 client and server respectively in advance. Otherwise, services
cannot run. Table 9-3 lists the certificates to be deployed.

Table 9-3 Certificates to be deployed on the U2000 server and client

Scenar Identity Certificate Trust Certificates CRL
io
Server Either of the following items: l rootCA.cer l rootCA.crl

l server.cer and server_key.pem l subCA1.cer l subCA1.crl
l server.p12 and corresponding l subCA2.cer l subCA2.crl
password
Client client1.p12 and its encrypted

password
9.4 Certificate Save Path and Naming Conventions

This section describes certificate files and provides their save paths after they are deployed on
the U2000 server and client.
Certificate Save Path

l Certificate files deployed on a server are saved in the /opt/oss/server/etc/ssl/.
l Certificate files deployed on a client are saved in the client installation directory\client
\client\style\defaultstyle\conf\ssl\.
The following is the directory for storing certificates on the server. The directory for storing
the certificates on the client does not contain cipherSuiteConfig.xml, cross, and privatekey.
NOTE
The directories for storing certificates on the server and the client listed in this section are fixed. Files or
folders not listed below may exist in the preceding paths depending on services managed by the U2000.
| certificateConfig.xml
| cipherSuiteConfig.xml (The directory for storing certificates on the client
does not contain the file.)
| client_option.xml
| commini.dtd
| option.xml
|
|--crl
| |--DER
| |--PEM
| |--revoke.crl
|
|--cross (The directory for storing certificates on the client does not contain
the node.)
| |--DER
| |--PEM
| |--cross.cer
|
|--keyStore
| |--DER
| |--PEM
| |--server.cer
| |--PFX
| |--server.p12 (client.p12)
|
|--privatekey (The directory for storing certificates on the client does not
contain the node.)

| |--DER
| |--PEM
| |--server_key.pem
|
|--trust
|--DER
|--PEM
|--trust.cer
Certificate File Name Conventions

If you use a tool provided by the OSS to deploy certificates, the tool automatically converts
the certificate file names and deploys the certificates. Certificate file names do not need to
follow the conventions when you obtain and deploy the certificate files manually. For details
about the conventions, see Table 9-4.
Table 9-4 Description of the certificate files

Certificate Name Certificate Description
revoke.crl Certificate revocation file in PEM format.
cross.cer Cross certificate (a type of trust certificate) file in PEM format.
server.cer ID certificate file for the server in PEM format.

When this format certificate file is deployed, the server_key.pem
must be deployed at the same time.
server.p12 ID certificate file for the server in the PKCS#12 format.

This format certificate file contains an equipment certificate and a
key. Therefore, when this format certificate is deployed,
additional key is not required. The password for this format
certificate is required.
client.p12 ID certificate file for the client in the PKCS#12 format.

This format certificate file contains an equipment certificate and a
key. Therefore, when this format certificate is deployed,
additional key is not required. The password for this format
certificate is required.
trust.cer Trust certificate file in PEM format.
9.5 Setting the U2000 Communication Mode

server is SSL. The client can perform communication with the server in SSL mode.
9.5.1 Mode Switching Operation Guide


Context
NOTICE
Before switching the communication mode of the server, U2000 services need to be stopped,
resulting in OSS service interruption.
l When the client performs communication with the server in SSL mode, you need to
deploy certificates on the server and client, respectively. After deploying certificates for
the client, you need to restart the client and enable the client to log in to the server in
SSL mode. The client cannot log in to the server in common mode.
l Exercise caution when using the common mode because the common mode has security
risks.
l For details about how to learn the current communication mode of the server, see 9.5.2
Querying the Communication Mode of the Server.
Switching Scenarios
Switching scenarios vary depending on operation and maintenance phases. For details about
deployment scenarios, see corresponding commissioning guide. For details about routine
maintenance scenarios, see Table 9-5.
NOTE
Huawei preset certificates are used only in commissioning scenarios. To improve data security, apply for
In routine maintenance, to switch to the common mode, follow the instructions provided in
9.5.5 Switching the Communication Mode of the U2000 Server. To switch to the SSL or
both mode, follow the instructions provided in the following table.

Table 9-5 Maintenance scenarios for switching to the SSL or both mode
for the
Server?
No Yes The CA granting 1. 9.7.4 Updating Certificates on

and trust certificates client to the U2000 server.
are updated.
U2000 client are the same, or
are two sub-CAs in the same
CA, perform the following
operations:
on the U2000 Server
a. Delete old trust certificates
Server.
9.7.2 Adding Trust
Client to the U2000
Server.
cmd queryAuthPeer.
l If yes, go to 4.
U2000 Server to


for the
Server?

U2000 Server

certificates to the 2. 9.7.2 Adding Trust Certificates
new client. of the U2000 Client to the U2000
Server
cmd queryAuthPeer.
l If yes, go to 4.
U2000 Server to
U2000 Server


for the
Server?

U2000 Client.
cmd queryCA.
Server.
exist, go to 3.
cmd queryAuthPeer.
l If yes, go to 4.
U2000 Server to
U2000 Server
No - 9.5.5 Switching the Communication

Mode of the U2000 Server


for the
Server?
Yes Yes The CA granting 1. 9.7.4 Updating Certificates on

and trust certificates server and the U2000 client on the
are updated. U2000 server.
client are the same, or are two
operations:
on the U2000 Server
operations:
a. 9.7.1 Updating
Server
b. Delete old trust certificates
Server.
c. Add new trust certificates


for the
Server?
9.7.2 Adding Trust

Client to the U2000
Server.
and the CA granting
are the same, or are two sub-
on U2000 the Server
and the CA granting
are different, and are not two
operations:
a. 9.5.3 Deploying
Server
9.7.2 Adding Trust
Client to the U2000
Server.


for the
Server?

cmd queryAuthPeer.
l If yes, go to 4.
U2000 Server to
U2000 Server


for the
Server?

certificates to the 2. On the U2000 server, update
new client. certificates of the U2000 server
and add trust certificates of the
U2000 client.
U2000 server and to a new
a. 9.7.1 Updating
Server
9.7.2 Adding Trust
Client to the U2000
Server.
and the CA granting
certificates to the new U2000
operations:
a. 9.5.3 Deploying
Server


for the
Server?

9.7.2 Adding Trust
Client to the U2000
Server.
cmd queryAuthPeer.
l If yes, go to 4.
U2000 Server to
U2000 Server


for the
Server?

U2000 Client.
2. Update certificates of the U2000
on the U2000 Server
operations:
on U2000 the Server
cmd queryCA.
Server.
exist, go to 4.


for the
Server?

cmd queryAuthPeer.
l If yes, go to 5.
U2000 Server to
U2000 Server
No - 1. Update certificates of the U2000

on the U2000 Server
operations:
on U2000 the Server
U2000 Server
9.5.2 Querying the Communication Mode of the Server

Before setting the communication mode of the U2000 server, you can run a certain command
on the U2000 server to query the communication mode used by the U2000 server.
Context
In ATAE cluster system, run this command on the master server only.

Procedure
Step 2 Run the following command to query the U2000 communication mode:
~> ssl_adm -cmd query
l If the following information is displayed, the communication mode of the server is both.
The current communication mode is both common and SSL.
l If the following information is displayed, the communication mode of the server is SSL.
The current communication mode is SSL.
l If the following information is displayed, the communication mode of the server is

common.
The current communication mode is common.
The SSL mode is more secure. You are advised to use the SSL mode. For details about how to
switch the communication mode of the server, see 9.5.5 Switching the Communication
Mode of the U2000 Server.
----End
9.5.3 Deploying Certificates on U2000 the Server

To enable the U2000 server to run in SSL mode, you must deploy the identity and trust
certificates in advance. Otherwise, services cannot run. To ensure security, you also need to
deploy a certificate revocation list (CRL) issued by the certificate authority (CA) on the
server. This section describes how to deploy certificates and CRLs on the server.
Prerequisites
The desired identity certificates, trust certificates, and CRLs are obtained. For details about
these certificates, see Table 9-3 in 9.3 Preparing Digital Certificates.
Context
l In ATAE cluster system, run this command on the master server only.
l Re-log in to the client after deploying the certificates on the server.

NOTICE
The U2000 system has been preconfigured with a digital certificate. To improve the system
security, deploy a certificate applied from a recognized third-party certificate authority.
When SSL is enabled, the system automatically disables port 80. As a result, HTTP-based
web applications on the U2000 cannot be used. In this situation, use the HTTPS protocol. The
following applications must use the HTTPS protocol after SSL is enabled:
l Open the web page for installing the U2000 client.
http://IP address of the U2000 server/cau or https://IP address of the U2000 server/cau
l Log in to the NIC.
https://IP address of the U2000 server:31040/nic.
When you access the previous web applications in HTTPS mode, the web browser may
display a certificate error message or untrusted website message. In this situation, install
certificates for the web browser. The methods of installing certificates for different web
browsers are similar. For details, see 26.2.1 Setting Internet Explorer or 26.2.2 Setting
Firefox.
Procedure
Step 2 Run the following commands to create a path for the certificates. In this example, /opt/oss/
server/sslcertificates is created.
~> mkdir sslcertificates
Step 3 Use the FileZilla tool to upload the certificates to the U2000 server.
FileZilla. You must set the following information when uploading the certificates:
l User name and password: name and password of the ossuser user
l File path on the server: /opt/oss/server/sslcertificates
Step 5 Run the following command on the server to back up the certificates:
~> ssl_adm -cmd backup -backpath var/backup/deployssl
NOTE
The path can be an absolute or relative path. The relative path is relative to /opt/oss/server. Assume that
certificates are backed up to /opt/oss/server/var/backup/deployssl/ssl.
Step 6 Run the following command to deploy certificates (identity certificate, trust certificate, and
CRL) on the U2000 server:
~> ssl_adm -cmd replace_certs -dir /opt/oss/server/sslcertificates
Enter the identity certificate password as prompted.

NOTE
l In this command, //opt/oss/server/sslcertificates is the path to the SSL certificates.

l Pay attention to the following points when you enter the identity certificate password:
– If the identity certificate file is the server.p12 file of the PKCS#12 type (single file in PFX
format), enter the correct certificate password (obtained with the certificate) to decrypt the
certificate, and then set a new password to encrypt the certificate. The new password must be
greater than 6 and is recommended to be less than or equal to 64 bytes and contain at least
three of the following types of characters: lowercase letters, uppercase letters, digits, and
special characters (excluding spaces and `$&()\|;'"<>).
– If the identity certificate file is the server.cer, the new password is user-defined and is used to
encrypt the .pem private key file matching the certificate. The new password must be greater
than 6 and is recommended to be less than or equal to 64 bytes and contain at least three of the
following types of characters: lowercase letters, uppercase letters, digits, and special characters
(excluding spaces and `$&()\|;'"<>). After executing the command, server.cer file is converted
to a PKCS#12 certificate.
– After the command is run, the default identity certificate password Changeme_123
in /opt/oss/server/etc/ssl/certificateConfig.xml is changed to the password of the server
identity certificate.
– After the command is run, the password of the server.p12 file is saved to /opt/oss/
server/etc/ssl/certificateConfig.xml in ciphertext.
l If the command is run successfully, all certificate files in the specified path are converted and
deployed to /opt/oss/server/etc/ssl.
l For details about the certificate directory structure after certificate deployment, see 9.4 Certificate
Save Path and Naming Conventions.
l If the system displays the SSL certificates are deployed successfully
message, certificates are deployed successfully. Go to Step 7.
l Otherwise, certificates fail to be deployed. When this occurs, locate the failure according
to the prompt message, and then restore the deployed certificate by running the following
command:
~> ssl_adm -cmd restore -backpath var/backup/deployssl
NOTE
In the command, var/backup/deployssl is the path to the certificate backup, which can be an
absolute or relative path. The relative path is relative to /opt/oss/server.
Perform Step 6 to deploy certificates after they are restored.
If the certificates fail to be re-deployed, contact Huawei technical support engineers.
Step 7 Check whether the communication mode of the server needs to be switched.
l If the communication mode of the server needs to be switched, go to 9.5.5 Switching the
Communication Mode of the U2000 Server. The procedure ends.
NOTE
If the U2000 system is configured with the Trace Server independently deployed, update the
certificates of the Trace Server by referring the Postrequisite and then switch the communication
mode of U2000.
l If the communication mode of the server does not need to be switched, go to Step 8.
----End

Follow-up Procedure
If the U2000 system is configured with the Trace Server independently deployed, you also
need to update the authentication certificates of the Trace Server. For details, see Updating
Authentication Certificates of the Trace Server (Cluster, ATAE) in U2000 Trace Server
User Guide (ATAE Cluster, Standalone).
9.5.4 Enabling the U2000 Server to Authenticate Its Peer

When the U2000 server communicates with NEs and the U2000 client as the SSL server, the
U2000 server does not authenticate its peer by default. To ensure security, you are advised to
enable the U2000 server to authenticate its peer.
Prerequisites
The trust certificate of the peer has been deployed on the U2000 server.
Context
l If peer authentication is enabled for the U2000 server, to allow the U2000 server to
properly communicate with multiple peers, deploy required certificates on the peers, and
deploy the trust certificates and CRLs of all the peers on the U2000 server.
Procedure
Step 3 Run the following commands to enable the U2000 server to authenticate its communication
peer.
~> ssl_adm -cmd enableAuthPeer -app common -file /opt/oss/server/etc/ssl/option.xml
~> ssl_adm -cmd enableAuthPeer -app corba -file /opt/oss/server/etc/conf/svc_ssl.conf
~> ssl_adm -cmd enableAuthPeer -app corba -file /opt/oss/server/etc/conf/notify_ssl.conf
~> ssl_adm -cmd enableAuthPeer -app apache -file /opt/oss/server/etc/apache/conf/extra/
httpd-ssl.conf
If information similar to the following is displayed, the U2000 server has been enabled to
authenticate its communication peer:
Operation succeeded.
NOTE
l The U2000 server uses the certificate (certificate of the U2000 server) under the /opt/oss/
server/etc/ssl directory to receive NE Syslog logs by default. If you use a new certificate in this
scenario, run the following command to enable peer authentication:
~> ssl_adm -cmd enableAuthPeer -app common -file Path for deploying the certificate used for
the U2000 server to receive NE Syslog logs/option.xml
l The value of SSLCertPath in /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg is the path for
deploying the certificate used for the U2000 server to receive NE Syslog logs.
When the U2000 server is used as an FTP server, perform the following steps to enable the
communication peer authentication function.

1. Run the following command to switch to user root:

~> su - root
Password: password of user root
2. Run the following command to set environment variables:

3. Run the following command to enable the FTP server to authenticate its communication
peer:
# /opt/oss/server/3rdTools/ftp/files/setSSLForFtpSvr.sh enableAuthPeer
4. Exit user root.
# exit
----End
Follow-up Procedure
Check whether the U2000 server has been enabled to authenticate its communication peer.
~> ssl_adm -cmd queryAuthPeer -app common -file /opt/oss/server/etc/ssl/option.xml
~> ssl_adm -cmd queryAuthPeer -app corba -file /opt/oss/server/etc/conf/svc_ssl.conf
~> ssl_adm -cmd queryAuthPeer -app corba -file /opt/oss/server/etc/conf/notify_ssl.conf
~> ssl_adm -cmd queryAuthPeer -app apache -file /opt/oss/server/etc/apache/conf/extra/

httpd-ssl.conf
Checking the communication peer set in the /opt/oss/server/etc/ssl/option.xml file is used as

an example.
l If information similar to the following is displayed, the U2000 server has been enabled
to authenticate its peer set in /opt/oss/server/etc/ssl/option.xml.
The common service end authenticates the peer end in the option.xml file
under the /opt/oss/server/etc/ssl directory.
l If information similar to the following is displayed, the U2000 server is not enabled to
authenticate its peer set in /opt/oss/server/etc/ssl/option.xml.
The common service end does not authenticate the peer end in the option.xml
file under the /opt/oss/server/etc/ssl directory.
When the U2000 server is used as an FTP server, run the following command as user root to
check whether the FTP server has been enabled to authenticate its communication peer:
# /opt/oss/server/3rdTools/ftp/files/setSSLForFtpSvr.sh queryAuthPeer
l If information similar to the following is displayed, the FTP server has been enabled to
authenticate its peer:
The FTPS service end authenticates the peer.
l If information similar to the following is displayed, the FTP server is not enabled to
authenticate its peer:
The FTPS service end does not authenticate the peer.

9.5.5 Switching the Communication Mode of the U2000 Server

The U2000 server supports three communication modes: SSL, both, and common. In both
mode, the client can perform communication with the server in SSL or common mode. In
common mode, the communication between the client and the server is not secure. Therefore,
you are advised to use the SSL mode.
Context
l In SSL or both mode, deploy certificates on the U2000 server and client. Otherwise,
services cannot run. By default, the U2000 uses the Huawei preset certificates, which are
used only in commissioning scenarios. The U2000 supports certificate replacement.
Apply for certificates from an authority and replace the certificates preset by Huawei
with the certificates that are applied for.
l In common mode, you do not need to deploy certificates on the client and server. You
need to set the communication mode on the server to common and then select common
when you log in to the client.
l Relog in to the client after switching the communication mode on the server.
Procedure
Step 3 Run the following commands to switch the communication mode of the server:
l To switch the communication mode of the server to SSL, run the following command:
~> ssl_adm -cmd setmode ssl
l To switch the communication mode of the server to both, run the following command:
~> ssl_adm -cmd setmode both
l To switch the communication mode of the server to common, run the following
command:
~> ssl_adm -cmd setmode common
----End
Follow-up Procedure
If the U2000 system is configured with the Trace Server independently deployed in the ATAE
cluster system, and you switch the communication mode of U2000:
l The communication mode of U2000 is consistent with that of the Trace Server, restart
the Trace Server services. For details, see section Stopping Trace Server system
Services (Cluster, ATAE) and Starting Trace Server system Services (Cluster,
ATAE) in U2000 Trace Server User Guide (ATAE Cluster, Standalone).
l The communication mode of U2000 is not consistent with that of the Trace Server, you
need to switch the communication mode of Trace Server to ensure that they are
consistent with each other. For details, see section Querying the Communication Mode

of the Trace Server and Switching the Communication Mode of the Trace Server in
9.5.6 Deploying Certificates on the U2000 Client

The U2000 client can communication with the server in SSL mode only after certificates are
deployed on the client. You must perform the operations on each client.
Prerequisites
l The desired identity certificates, trust certificates, and certificate revocation lists (CRLs)
are obtained. For details about these certificates, see Table 9-3 in 9.3 Preparing Digital
Certificates.
l The client is not running.
Context
After the U2000 client is installed, the certificate is available in the corresponding path. You
can deploy the preset certificate before a new certificate is applied. Certificate files deployed
on a client are saved in the client installation directory \client\client\style\defaultstyle\conf
\ssl. The save paths for certificate files are the same on the U2000 server. For details, see 9.4
Certificate Save Path and Naming Conventions. To improve system security, apply for and
deploy the new certificate in a timely manner.
Procedure
Step 1 Run Client installation directory\client\client\bin\CertConfigurator.bat (SUSE Linux and
Windows OS) or Client installation directory/client/client/bin/CertConfigurator.sh (Solaris
OS) to start the certificate configuration tool, as shown in Figure 9-3.

Figure 9-3 Configuring certificates
Step 2 Configure an identity certificate.
1. On the ID Certificate tab, click next to File Name, and select an identity certificate
(a .p12 file).

Figure 9-4 Configuring an identity certificate
2. Enter the password of the identify certificate in the PFX Password text box.
NOTE
If the ID certificate of the U2000 client is selected, enter the password Changeme_123 for the
ID certificate. If another certificate is selected, enter the password based on the actual situations.
Step 3 Click the Trust Certificate tab, click Add, and select a trust certificate (a .cer file).
l If the certificate is in a correct format, the Trust Certificate tab displays the certificate
information, as shown in Figure 9-5.
l If the certificate is in an incorrect format, the message "The selected file is
not a certificate of the X509 type." is displayed.

Figure 9-5 GUI with configured trust certificates
Step 4 Click the Certificate Revocation List tab, click Add, and select a CRL (a .crl file).
l If the .crl file is in a correct format, the Certificate Revocation List tab displays the
certificate information, as shown in Figure 9-6.
l If the .crl file is in an incorrect format, the message "The contents of the
specified CRL file are incorrect." is displayed.

Figure 9-6 GUI with configured CRLs
Step 5 Click OK.

l If the certificate is in a correct format and the PFX password is correct, the configuration
tool automatically exits and the certificate is successfully configured.
l If the certificate is in an incorrect format or the PFX password is incorrect, the message
"The PFX password is invalid, or the selected file is
damaged." is displayed.
NOTE
l After deployment, the certificates on the client are deployed in client installation directory\client
l For the directory where certificates are stored on the U2000 client, see 9.4 Certificate Save Path
and Naming Conventions.
Step 6 Start the client and check whether you can log in to the server in SSL mode. (The server has
been switched to the SSL mode or both mode.)
l If the login is successful, the client is switched to the SSL mode successfully.
l If the login fails, locate and handle the failure according to the prompt message. If the
login still fails, contact Huawei technical engineers for assistance.
----End

9.6 Replacing All Digital Certificates

If the communication mode of the U2000 is SSL or both, but a specified set of certificates
(including the identity certificate, trust certificate, and CRL) is required, you must replace the
digital certificates.
Context
l If you replace all digital certificates, all the digital certificates deployed before are
deleted. Prepare the specified set of certificates (including the identity certificate, trust
certificate, and CRL) before replacing the digital certificates.
l If you need to replace only some of the deployed digital certificates, perform 9.7
Updating Certificates.
Procedure
Step 1 For details about how to replace the certificates of the server, see 9.5.3 Deploying
Certificates on U2000 the Server.
Step 2 For details about how to replace the certificates of the client, see 9.5.6 Deploying Certificates
on the U2000 Client.
----End
9.7 Updating Certificates

In SSL or both communication mode, if identity certificates expire, you need to update them;
if another trust certificate authority (CA) is trusted or the CA issues new certificate revocation
lists (CRLs), you need to update trust certificates or CRLs.
Context
l After you update identity certificates, original identity certificates are overwritten.
l After you update trust certificates, original trust certificates are overwritten.
l After CRLs are updated, the original and new CRLs are valid. The revoked digital
certificates cannot be used in communication between the client and the server.
l If updating trust certificates or CRLs on the server, you also need to update them on the
client.
9.7.1 Updating Certificates on the U2000 Server

This section describes how to update certificates when the Secure Sockets Layer (SSL)
certificate deployed on the U2000 server will expire or a new trust certificate issued by the
certificate authority (CA) needs to be deployed on the U2000 server. The certificate update
function enables you to replace the original identity certificate and trust certificate and
incrementally update the certificate revocation list (CRL) of the U2000 server without
deleting the original CRL.

Prerequisites
The certificates and CRLs to be updated on the server are obtained. For details about these
certificates, see Table 9-3 in 9.3 Preparing Digital Certificates. You do not need to prepare
for the certificates that are not to be updated.
Context
l When updating certificates, you must provide identity certificates. If the identity
certificates do not need to be updated, use the original identity certificates.
Procedure
server/sslcertificates is created.
~> mkdir sslcertificates
Step 3 Use the FileZilla tool to upload the certificates to the U2000 server.
FileZilla. You must set the following information when uploading the certificates:
l File path on the server: /opt/oss/server/sslcertificates
Step 5 Run the following command on the server to back up the certificates:
~> ssl_adm -cmd backup -backpath var/backup/deployssl
NOTE
The path can be an absolute or relative path. The relative path is relative to /opt/oss/server. Assume that
certificates are backed up to /opt/oss/server/var/backup/deployssl/ssl.
Step 6 Run the following command to update certificates (identity certificate, trust certificate, and
CRL) on the U2000 server:
~> ssl_adm -cmd update_certs -dir /opt/oss/server/sslcertificates
Enter the new identity certificate password as prompted.

NOTE
l /opt/oss/server/sslcertificates is the path for saving certificates.

l If the command is run successfully, all certificates in the specified path are converted and deployed
to /opt/oss/server/etc/ssl.
l For details about the certificate directory after deployment, see 9.4 Certificate Save Path and
Naming Conventions.
l If the system displays the SSL certificates are deployed successfully

message, certificates are deployed successfully. Go to Step 7.
l Otherwise, certificates fail to be deployed. When this occurs, locate and handle the
failure according to the prompt message, and then restore the deployed certificate by
running the following command:
~> ssl_adm -cmd restore -backpath var/backup/deployssl
NOTE
In the command, var/backup/deployssl is the backup path of the certificates, which can be an
If the certificates fail to be re-deployed, contact Huawei technical support engineers.
----End
Follow-up Procedure
l If updating the trust certificate and the CRL on the server, you also need to update them
on the client. For details about how to update the trust certificate and the CRL on the
client, see 9.7.4 Updating Certificates on the U2000 Client.
l If the U2000 system is configured with the Trace Server independently deployed, you
also need to update the authentication certificates of the Trace Server. For details, see
Updating Authentication Certificates of the Trace Server (Cluster, ATAE) in U2000
Trace Server User Guide (ATAE Cluster, Standalone).

9.7.2 Adding Trust Certificates of the U2000 Client to the U2000

Server
If peer authentication is enabled for the U2000 server, to allow the U2000 server to properly
communicate with the U2000 client using SSL or TLS, deploy the trust certificates of the
U2000 client on the U2000 server. If the server trusts a new CA granting certificates to the
new client, or if the trust certificate is updated, the CA granting certificates to the client is not
changed but different from that granting certificates to the server, and the two CAs are not
sub-CAs in the same CA, add the new trust certificates of the client to the server.
Prerequisites
l The new trust certificate granted by the certificate authority (CA) of the peer has been
obtained.
l You have deployed certificates on the U2000 server by running the ssl_adm -cmd
replace_certs command.
Context
l When the U2000 server functions as an SSL server, enable the U2000 server to
authenticate its peer. For details, see 9.5.4 Enabling the U2000 Server to Authenticate
Its Peer.
l The new trust certificate must contain its root certificate. If the root certificate has been
deployed on the U2000 server, delete the root certificate by following the instructions
provided in 9.7.3 Deleting Trust Certificates of the U2000 Client from the U2000
Server, and then add it again.
l After a certificate is deployed on the server, you must log in to the client again.
l To update trust certificates of the U2000 client, delete the trust certificate that is no
longer trusted by following the instructions provided in 10.5 Deleting from the U2000
Server the Trust Certificates of the NE Sending Syslog Logs to It, and add a trust
certificate again.
l The certificate deployed by running the ssl_adm -cmd replace_certs command must be
updated by running the ssl_adm -cmd update_certs command.
Procedure
Step 2 Run the following commands to create a directory for saving certificates. In this example, all
certificates are saved under the /opt/oss/server/certificates directory.
~> mkdir certificates
Step 3 Use the FileZilla to upload certificates to the U2000 server.

For details about how to use the FileZilla, see How Do I Use FileZilla to Transfer Files?. Set
the following information when uploading the files:
l User name and password: name and password of user ossuser
l File path on the server: /opt/oss/server/certificates

NOTE
One trust certificate file can contain only one trust certificate.
Step 5 Run the following commands to add trust certificates of the U2000 client to the U2000 server.
~> ssl_adm -cmd addCA -dir /opt/oss/server/certificates
NOTE
l In the preceding commands, /opt/oss/server/certificates is the directory for saving new trust
certificates.
l After the command is executed, all certificates in the /opt/oss/server/certificates directory are
deployed to /opt/oss/server/etc/ssl.
l For details about the certificate directory after certificates are added, see 9.4 Certificate Save Path
Execution result:
l If the system displays the Operation succeeded. message, the certificates have
been added successfully. Go to Step 6.
l Otherwise, the trust certificates fail to be added. If this occurs, locate the failure and then
restore the trust certificates by running the following command:
~> ssl_adm -cmd restore -backpath var/backup/ssl_backup/YYYYMMDDhhmmss
NOTE
var/backup/ssl_backup/YYYYMMDDhhmmss in the preceding command is the path for saving

backup certificates. The certificates that have been deployed before you add a certificate are
automatically backed up and saved to the /opt/oss/server/var/backup/ssl_backup/
YYYYMMDDhhmmss directory.
Perform Step 5 to add trust certificates again after they are restored.
If the trust certificates still fail to be added, contact Huawei technical support engineers.
----End
9.7.3 Deleting Trust Certificates of the U2000 Client from the

U2000 Server
When the U2000 server communicates with the U2000 client using SSL or TLS, deploy the
trust certificate of the U2000 client on the U2000 server. When peer authentication is no
longer required, delete the trust certificate of the U2000 client from the U2000 server.
Prerequisites
You have run the ssl_adm -cmd addCA command to add trust certificates to the U2000
server. For details, see 9.7.2 Adding Trust Certificates of the U2000 Client to the U2000
Server.
Context

Procedure
Step 3 Run the following commands to query file names and issuers of the added trust certificates of
the U2000 client.
~> ssl_adm -cmd queryCA
Execution result:
l If the message No trust certificate is incrementally deployed by
running the ssl_adm -cmd addCA command. is displayed, no trust
certificate has been added by running the ssl_adm -cmd addCA command.
l If information similar to the following is displayed, the file name and issuer of the
current trust certificate are 600755ba.0 and C=CN, ST=Guangdong, L=ShenZhen,
O=Huawei, OU=CMC, CN=huawei_root, respectively. Go to Step 4.
Deployed trust certificates are as follows:
name: issuer:
600755ba.0 C=CN, ST=Guangdong, L=ShenZhen, O=Huawei,
OU=CMC, CN=huawei_root
Step 4 Run the following commands to delete trust certificates of the U2000 client from the U2000
server. The trust certificate 600755ba.0 is used as an example.
~> ssl_adm -cmd deleteCA -name 600755ba.0
Execution result:
l If the system display a message similar to the following, the trust certificates have been
deleted. Go to Step 5.
l Otherwise, the trust certificates fail to be deleted. If this occurs, locate the failure and
then restore the trust certificates by running the following command:
NOTE
In the preceding command, var/backup/ssl_backup/YYYYMMDDhhmmss is the path for saving

backup certificates. The certificates that have been deployed before you delete a certificate are
automatically backed up to the /opt/oss/server/var/backup/ssl_backup/YYYYMMDDhhmmss
directory.
Perform Step 4 to delete the trust certificates after they are restored.
If the trust certificates still fail to be deleted, contact Huawei technical support engineers.
----End

9.7.4 Updating Certificates on the U2000 Client

On the U2000 client, identity certificates can be updated separately, and the trust certificates
and CRLs can be added or deleted separately. You must perform the operations on each client.
Prerequisites
l The certificates and CRLs to be updated on the client are obtained. For details about
these certificates, see 9.3 Preparing Digital Certificates in Table 9-3. You do not need
to prepare for the certificates that are not to be updated.
l The client is not running.
Context
After the U2000 client is installed, the certificate is available in the corresponding path. You
can deploy the preset certificate before a new certificate is applied. Certificate files deployed
on a client are saved in the client installation directory \client\client\style\defaultstyle\conf
\ssl. The save paths for certificate files are the same on the U2000 server. To improve system
security, apply for and deploy the new certificate in a timely manner.
Procedure
Step 1 Run Client installation directory\client\client\bin\CertConfigurator.bat (SUSE Linux and
Windows OS) or Client installation directory/client/client/bin/CertConfigurator.sh (Solaris
OS) to start the certificate configuration tool.
Step 2 Perform the following operations to update identity certificates:
1. Click the ID Certificate tab, as shown in Figure 9-7.
Figure 9-7 ID Certificate tab

2. Select a client identify certificate (a .p12 file) in File Name and enter its password in the
PFX Password text box.
NOTE
Step 3 Perform the following operations to update trust certificates:

1. Click the Trust Certificate tab, as shown in Figure 9-8.
Figure 9-8 Trust Certificate tab
2. Click Add and select a trust certificate (a .cer file).

– If the certificate is in a correct format, the Trust Certificate tab displays
certification information.
– If the certificate is in an incorrect format, the message "The selected file
is not a certificate of the X509 type." is displayed.
Step 4 Perform the following operations to update CRLs:

1. Click the Certificate Revocation List tab, as shown in Figure 9-9.

Figure 9-9 Certificate Revocation List tab
2. Click Add and select a CRL (a .crl file).

– If the certificate is in a correct format, the Certificate Revocation List tab displays
certification information.
– If the certificate is in an incorrect format, the message "The contents of
the specified CRL file are incorrect." is displayed.
Step 5 Click OK.
Step 6 Start the client and log in to the client in SSL mode to verify that certificates are updated
successfully.
l If the login is successful, certificates are updated successfully.
l If the login fails, certificates fail to be updated. Contact Huawei technical engineers for
assistance.
NOTE
l After deployment, the certificates on the client are deployed in client installation directory\client
l For the directory where certificates are stored on the U2000 client, see 9.4 Certificate Save Path
----End

U2000 10 Enabling the U2000 Server to Authenticate NEs Sending
ATAE Cluster System Administrator Guide (SUSE) Syslog Logs to It
10 Enabling the U2000 Server to

Authenticate NEs Sending Syslog Logs to It
About This Chapter
When the U2000 server functions as an SSL server for communication with the U2000 client
and NEs, you are advised to enable authentication of the communication peer on the U2000
server for security concerns. After this function is enabled, you must deploy the required trust
certificates on the U2000 server to ensure normal communication.
Prerequisites
The identity certificates of NEs that need to be authenticated have been deployed.
Context
NOTICE
Before enabling authentication of the communication peer on the U2000 server, stop the
U2000 services. The U2000 services will be interrupted.
Process for Configuring the U2000 Server to Receive Syslog Logs Sent from NEs
1. Check whether the communication mode of the U2000 server is SSL or both by
following the instructions provided in 9.5.2 Querying the Communication Mode of the
Server.
– If yes, go to 2.
– If no, go to 9.5.5 Switching the Communication Mode of the U2000 Server.
2. Check whether peer authentication has been enabled for the U2000 server by following
the instructions provided in ssl_adm -cmd queryAuthPeer.
– If yes, go to 3.
– If no, go to 9.5.4 Enabling the U2000 Server to Authenticate Its Peer.

3. On the U2000 server, deploy the trust certificates and CRLs of NEs sending Syslog logs
to this server by following the instructions provided in 10.2 Deploying a Certificate for
the U2000 Server to Receive NE Syslog Logs.
NOTE
By default, the U2000 server uses the TLS protocol and the certificates of the U2000 server to
receive NE Syslog logs. The certificate is saved in the /opt/oss/server/etc/ssl directory. To prevent
the certificates from affecting each other in different scenarios, you are advised to deploy the
certificates for receiving NE Syslog logs under /opt/oss/server/etc/ssl/nelog.
Scenarios for Maintaining the U2000 Server to Receive NE Syslog Logs After
Peer Authentication Is Enabled
If the CA granting certificates to the NE is changed, you need to update the trust certificates
deployed on the U2000 server. Table 10-1 shows required operations in various scenarios.
Table 10-1 Managing trust certificates of NEs on the U2000 server

Change of the CA Operation
Granting Certificates to
NEs
The CA granting l If the CAs granting certificates to the U2000 server and to
certificates to the NE is not the NE are the same, or are two sub-CAs in the same CA,
changed, and trust perform the following operations:
certificates are updated. 10.3 Updating a Certificate for the U2000 Server to
Receive NE Syslog Logs
l If the CAs granting certificates to the U2000 server and to
the NE are different, and are not two sub-CAs in the same
CA, perform the following operations:
1. Delete old trust certificates of the NE by following the
instructions provided in 10.5 Deleting from the
U2000 Server the Trust Certificates of the NE
Sending Syslog Logs to It.
2. Add new trust certificates of the NE by following the
instructions provided in 10.4 Adding to the U2000
Server the Trust Certificates of the NE Sending
Syslog Logs to It.
The server trusts a new CA 10.4 Adding to the U2000 Server the Trust Certificates of
granting certificates to the the NE Sending Syslog Logs to It
NE.
The server untrusts a CA Query the file name and issuer of the trust certificate of the
granting certificates to the NE by following the instructions provided in ssl_adm -cmd
NE. queryCA.
l If the file name and issuer of the trust certificate exist,
follow the instructions provided in 10.5 Deleting from
the U2000 Server the Trust Certificates of the NE
l If the file name and issuer of the trust certificate do not
exist, no further action is required.

10.1 Querying NE Syslog Operation Logs

You can obtain all the logs from the devices using the U2000 and view the operation logs of
the devices managed by the U2000 instead of accessing the devices to view the logs.
10.2 Deploying a Certificate for the U2000 Server to Receive NE Syslog Logs
The U2000 server can receive Syslog logs of NEs using the UDP or TLS protocol. TLS is
used by default because it provides higher security. When TLS is used, you must deploy
required NE certificates on the U2000 server.
10.3 Updating a Certificate for the U2000 Server to Receive NE Syslog Logs
This section describes how to update the certificate of the U2000 server to receive NE Syslog
logs when this server has been deployed with certificates of an NE but the certificates are
about to expire, and the new certificate and existing certificate of an NE are granted by the
same CA or its two sub-CAs. The certificate update function enables you to replace the
original identity certificate and trust certificate and incrementally update the certificate
revocation list (CRL).
10.4 Adding to the U2000 Server the Trust Certificates of the NE Sending Syslog Logs to It
communicate with NEs using SSL or TLS, deploy the trust certificates of NEs on the U2000
server. If the server trusts a new CA granting certificates to an NE, or if the trust certificate is
updated, the CA granting certificates to the NE is not changed but different from that granting
certificates to the server, and the two CAs are not sub-CAs in the same CA, add the new trust
certificates of the NE to the server.
10.5 Deleting from the U2000 Server the Trust Certificates of the NE Sending Syslog Logs to
It
When the U2000 server communicates with the NE using SSL or TLS, deploy the trust
certificate of the NE on the U2000 server. When peer authentication is no longer required,
delete the trust certificate of the NE from the U2000 server.

10.1 Querying NE Syslog Operation Logs

You can obtain all the logs from the devices using the U2000 and view the operation logs of
the devices managed by the U2000 instead of accessing the devices to view the logs.
Context
l You can query only the logs of the devices in your own domains.
l The users in the admin and Administrators groups can query device logs of all users.
Procedure
Step 1 Choose Security > NE Log Management > NE Syslog Operation Logs (traditional style);
alternatively, double-click Security Management in Application Center and choose Log
Management > NE Syslog Operation Logs (application style) from .
Step 2 In the Filter dialog box, set filter criteria and click OK.
NOTE
You can also query device logs by performing the following steps:
1. In the Filter dialog box, click Cancel.
2. In the NE Syslog Operation Logs window, click Filter.
3. In the Filter dialog box, set filter criteria and click OK. Click Reset to reset all the parameters.
Step 3 In the NE Syslog Operation Logs window, double-click a record to view the log details.
l Click a field in the column header of the query result table to sort the query results by
field.
l The white upward triangular icon indicates that you can sort the results by field. The
black upward triangular icon indicates that the results are sorted in ascending order of
the field. The black downward triangular icon indicates that the results are sorted in
descending order of the field.
l Click Device name or Access Method. Different from other table header fields, these
fields are displayed in groups. Therefore, they are not sorted in alphabetical order.
----End
10.2 Deploying a Certificate for the U2000 Server to

Receive NE Syslog Logs
The U2000 server can receive Syslog logs of NEs using the UDP or TLS protocol. TLS is
used by default because it provides higher security. When TLS is used, you must deploy
required NE certificates on the U2000 server.
Prerequisites
l You have obtained the following certificates:
– Identity certificate and key of the U2000 server: server.cer and server_key.pem or
server.p12 and its encrypted password.

– Trust certificates of an NE
– Optional: Certificate revocation list (CRL) granted by the Certificate Authority
(CA) trusted by the NE
l NE authentication has been enabled on the U2000 server. For details about how to check
whether the U2000 server authenticates the communication peer, see ssl_adm -cmd
queryAuthPeer. For details about how to enable peer authentication, see 9.5.4 Enabling
the U2000 Server to Authenticate Its Peer.
Context
l If bidirectional authentication is applied, deploy not only the trust certificates of the NE
and the CRL released by the CA trusted by the NE on the U2000 server but also the trust
certificates of the U2000 and the CRL released by the CA trusted by the U2000 server on
the NE. This section describes how to deploy the trust certificates and CRL of an NE on
the U2000 server.
l If the U2000 server needs to receive Syslog logs of multiple NEs, you must deploy all
the trust certificates of these NEs on the U2000 server. You can deploy the certificates of
a single NE on the U2000 server by following the instructions provided in this section
and deploy the certificates of other NEs by following the operations provided in 10.4
Adding to the U2000 Server the Trust Certificates of the NE Sending Syslog Logs to
It.
Procedure
certificates are saved in the /opt/oss/server/nelogcertificates directory.
~> mkdir nelogcertificates
Step 3 Use FileZilla to upload the trust certificates, identity certificate, and CRL to the U2000 server.
For details about how to use the FileZilla tool, see How Do I Use FileZilla to Transfer Files?.
Set the following information when uploading the files:
l File path on the server: /opt/oss/server/nelogcertificates
Step 5 Run the following command to back up the deployed certificates. If no certificate has been
deployed, perform Step 6.
~> ssl_adm -cmd backup -app nelog -backpath var/backup/deployssl
NOTE
l The certificate backup path can be an absolute or relative path. The relative path is relative
to /opt/oss/server.
l In the example provided in this section, certificates are backed up to /opt/oss/server/var/backup/
deployssl/ssl/nelog.

Step 6 Perform the following operations to deploy an NE certificate.

~> ssl_adm -cmd replace_certs -app nelog -dir /opt/oss/server/nelogcertificates
Enter the identity certificate password of the U2000 server as prompted.
NOTE
l /opt/oss/server/nelogcertificates is the directory for saving certificates.

l If the command is executed successfully, all certificates in the specified path are converted and
deployed in the /opt/oss/server/etc/ssl/nelog directory.
l After the certificates are deployed, the certificate directory structure is similar to the directory
structure described in 9.4 Certificate Save Path and Naming Conventions.
l If SSL certificates are deployed successfully is displayed, the
certificates are deployed successfully. Perform Step 8.
l Otherwise, certificates fail to be deployed. If such a failure occurs, locate the fault based
on the displayed message and run the following command to restore the deployed
certificates:
~> ssl_adm -cmd restore -app nelog -backpath var/backup/deployssl
NOTE
In the command, var/backup/deployssl is the path for saving backup certificates. The path can be
an absolute or relative path. The relative path is relative to /opt/oss/server.
After the certificates are restored, perform Step 6 to deploy the certificates again.
If the certificates still fail to be deployed, contact Huawei technical support engineers.
Step 7 Optional: If an NE supports 2048, perform the following operations to set the parameter
length for a secure DH algorithm:
1. Run the vi command to open /opt/oss/server/etc/ssl/option.xml.
~> vi /opt/oss/server/etc/ssl/option.xml

NOTE
By default, the U2000 server uses the certificate (namely, the certificate for the U2000 server) in
the /opt/oss/server/etc/ssl directory to receive NE Syslogs. To use another certificate in such a
scenario, run the following command to open the configuration file:
~> vi Path for deploying the certificate used for the U2000 server to receive NE Syslogs/
option.xml
The path for deploying the certificate used for the U2000 server to receive NE Syslogs is the value
of the SSLCertPath configuration item in /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg.
2. Change value in <PARA name="secureDHLen" value="1024"/> to 2048.
NOTE
– 1024: indicates that the DH parameter with 1024 or less bits is used.
– 2048: indicates that the 2048-bit DH parameter is used.
– The DH algorithm with value set to 2048 is more secure than that with value set to 1024.
3. Press Esc to switch to the command mode. Run the :wq! command to save the
option.xml file and exit.
Step 8 Modify the configuration file /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg, and
specify the path for saving the certificates used by the U2000 server to authenticate NEs.
1. Run the following command to open the configuration file:
~> vi /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg
2. Change the value of SSLCertPath to /opt/oss/server/etc/ssl/nelog.
3. Press Esc to switch to the command mode. Run the :wq! command to save
u2ksyslogcollector_init.cfg and exit the command mode.
NOTE
If you do not modify the configuration file, the U2000 server will use the deployed certificates of the
U2000 server to authenticate NEs by default. The certificate is deployed in the /opt/oss/server/etc/ssl
directory.
----End
10.3 Updating a Certificate for the U2000 Server to Receive

NE Syslog Logs
This section describes how to update the certificate of the U2000 server to receive NE Syslog
logs when this server has been deployed with certificates of an NE but the certificates are
about to expire, and the new certificate and existing certificate of an NE are granted by the
same CA or its two sub-CAs. The certificate update function enables you to replace the
original identity certificate and trust certificate and incrementally update the certificate
revocation list (CRL).
Prerequisites
You have obtained the following certificates:
l Identity certificate and key of the U2000 server: server.cer and server_key.pem or
server.p12 and its encrypted password.
l Trust certificates of an NE

l Optional: Certificate revocation list (CRL) granted by the Certificate Authority (CA)
trusted by the NE
Context
l To use a trust certificate granted by a new CA, you can only deploy the certificate. For
details, see 10.2 Deploying a Certificate for the U2000 Server to Receive NE Syslog
Logs.
Procedure
certificates are saved in the /opt/oss/server/nelogcertificates directory.
~> mkdir nelogcertificates
Step 3 Use FileZilla to upload the trust certificates, identity certificate, and CRL to the U2000 server.
For details about how to use the FileZilla tool, see How Do I Use FileZilla to Transfer Files?.
Set the following information when uploading the files:
l File path on the server: /opt/oss/server/nelogcertificates
Step 5 Run the following command to back up the deployed certificates.

~> ssl_adm -cmd backup -app nelog -backpath var/backup/deployssl
NOTE
to /opt/oss/server.
l In the example provided in this section, certificates are backed up to /opt/oss/server/var/backup/
deployssl/ssl/nelog.
Step 6 Perform the following steps to update the certificates of NEs:

~> ssl_adm -cmd update_certs -app nelog -dir /opt/oss/server/nelogcertificates

NOTE
l /opt/oss/server/nelogcertificates is the directory for saving certificates.

l If the command is executed successfully, all certificates in the specified path are converted and
deployed in the /opt/oss/server/etc/ssl/nelog directory.
l After the certificates are deployed, the certificate directory structure is similar to the directory
structure described in 9.4 Certificate Save Path and Naming Conventions.
l If SSL certificates are deployed successfully is displayed, the
certificates are deployed successfully. Perform Step 7.
l Otherwise, certificates fail to be deployed. If such a failure occurs, locate the fault based
on the displayed message and run the following command to restore the deployed
certificates:
~> ssl_adm -cmd restore -app nelog -backpath var/backup/deployssl
NOTE
In the command, var/backup/deployssl is the path for saving backup certificates. The path can be
an absolute or relative path. The relative path is relative to /opt/oss/server.
After the certificates are restored, perform Step 6 to deploy the certificates again.
If the certificates still fail to be deployed, contact Huawei technical support engineers.
----End
10.4 Adding to the U2000 Server the Trust Certificates of

the NE Sending Syslog Logs to It
communicate with NEs using SSL or TLS, deploy the trust certificates of NEs on the U2000
server. If the server trusts a new CA granting certificates to an NE, or if the trust certificate is
updated, the CA granting certificates to the NE is not changed but different from that granting
certificates to the server, and the two CAs are not sub-CAs in the same CA, add the new trust
certificates of the NE to the server.

Prerequisites
obtained.
Context
l When the U2000 server functions as an SSL server, enable the U2000 server to
authenticate its peer. For details, see 9.5.4 Enabling the U2000 Server to Authenticate
Its Peer.
provided in 10.5 Deleting from the U2000 Server the Trust Certificates of the NE
Sending Syslog Logs to It, and then add it again.
l To update trust certificates of the NE, delete the trust certificates that is no longer trusted
by following the instructions provided in 10.5 Deleting from the U2000 Server the
Trust Certificates of the NE Sending Syslog Logs to It, and add trust certificates
again.
Procedure
NOTE
Step 5 Run the following commands to add trust certificates of the NE to the U2000 server.
~> ssl_adm -cmd addCA -dir /opt/oss/server/certificates -app nelog

NOTE
certificates.
deployed to /opt/oss/server/etc/ssl/nelog.
l For details about the certificate directory after certificates are added, see 9.4 Certificate Save Path
Execution result:
NOTE

----End
10.5 Deleting from the U2000 Server the Trust Certificates

of the NE Sending Syslog Logs to It
When the U2000 server communicates with the NE using SSL or TLS, deploy the trust
certificate of the NE on the U2000 server. When peer authentication is no longer required,
delete the trust certificate of the NE from the U2000 server.
Prerequisites
server. For details, see 10.4 Adding to the U2000 Server the Trust Certificates of the NE
Context
Procedure

the NE.
~> ssl_adm -cmd queryCA -app nelog
Execution result:
name: issuer:
Step 4 Run the following commands to delete trust certificates of the NE from the U2000 server. The
trust certificate 600755ba.0 is used as an example.
~> ssl_adm -cmd deleteCA -name 600755ba.0 -app nelog
Execution result:
NOTE

directory.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 11 Managing U2000 System Users
11 Managing U2000 System Users
About This Chapter
This section describes how to manage and monitor the U2000 users. The users involved in the
U2000 system are Linux user, database user, OM users, and storage system users.
11.1 Managing OS Users

This section describes how to manage the SUSE users. The types of SUSE users involved in
running the U2000 server are: root, oracle, dbuser, ossuser, ftpuser, iscript and webuser. In
addition, it describes how to create a user, modify a password, and remove a user.
11.2 Managing Database Users
This chapter describes how to manage database user that is required for the operation of the
U2000, how to change the database administrator, and how to change the password of
database user.
11.3 Managing Web Proxy Users
This topic describes how to create and delete web proxy users and change web proxy user
passwords. Web proxy users are required for authentication on NE access through proxies.
11.4 Managing SNMPv3 Users
This chapter describes the users for the interaction between the U2000 server and other
devices using the SNMPv3 protocol and how to change their private keys.
11.5 Managing ATAE Cluster System Devices Users
This section describes how to manage ATAE cluster system devices users.
11.6 Managing OSMU Web Users
OSMU web users are used for daily management and maintenance of the OSMU system.
OSMU web users belong to different user groups and are granted different operation rights.
You can add, change or delete OSMU web users as required and change the passwords for
OSMU web users.
11.7 Managing OM Users
OM users operate and maintain the entire network or specified NEs through the U2000. The
U2000 provides the user management function. By using this function, you can manage user
information and user rights. You can also monitor user sessions and operations. This helps to
prevent unauthorized operations and ensure system security.
11.8 Changing the Password for the Default User of the VCS

U2000
User admin is created by default before VCS delivery. To ensure system security, you are
advised to change its initial password during onsite commissioning based on the password
complexity requirements. For an ATAE cluster online remote HA system, you need to
perform the following steps on the active and standby sites.
11.9 Changing Passwords for Database User of FMA
This section describes how to change the password of user fmauser.
11.10 Setting Security Policies of U2000 Users
Setting account policy of the U2000 user to improve the security of the U2000.

U2000
11.1 Managing OS Users

This section describes how to manage the SUSE users. The types of SUSE users involved in
running the U2000 server are: root, oracle, dbuser, ossuser, ftpuser, iscript and webuser. In
addition, it describes how to create a user, modify a password, and remove a user.
11.1.1 Creating Operating System Users

This section describes how to create operating system users. The user names and passwords of
the SUSE Linux users on all nodes must be the same. Therefore, you need to perform the
following operations on each node. For an ATAE cluster online remote HA system, you need
to perform the following steps on each node in the active site and the standby site.
Prerequisites
You have logged in to the U2000 server through the KVM of the OSMU as user root. For
details, see 26.1.2 Logging In to the board by Using the KVM of the OSMU.
Context
To improve security of users' passwords, set passwords based on the following rules:
l A password must contain 8 to 30 characters.
l A password must contain at least one uppercase letter.
l A password must contain at least one lowercase letter.
l A password must contain at least one digit.
l A password must contain at least one special character @%-=_.]{}
l A password must not be the same as the user name or the reverse order of the user name.
l A password cannot contain three or more consecutive characters that are the same (for
example, AAA and 111).
l The number of neighboring digits or letters is limited to four pairs
For example, the password Changeme_121212 does not meet this complexity
requirement because 121212 has a total of five pairs of digits (12 is a pair, 21 is another
pair, and so on).
l A password must not contain any spaces.
l A password must not be one of the 12 passwords that are recently used.
NOTE
The maximum password length varies according to the operating system. To ensure compatible system
interconnection, the recommended maximum password length is 30 characters.
Procedure
l This section takes creating user omc1 as an example. User omc1 belongs to the ossgroup
user group. The main directory /home1 is automatically created. The template files are
saved in the /etc/skel directory. The user ID is 1023. B shell is applied.
a. Run the following command to create the user:
# useradd -d /home1 -g ossgroup -m -k /etc/skel -u 1023 -s /bin/bash omc1

U2000
For a detailed description of the previous command, see Table 11-1.
-d /home1 Indicates that the main directory is

home1. Change /home1 to the actual
main directory when you create other
users.
NOTICE
To ensure that the resources can function
properly, do not create the root directory of
the operating system user in the /export/
home directory or its subdirectory.
-g ossgroup Indicates that this user belongs to the

ossgroup user group. When creating
other users, you need to change it to
the actual user group.
-m Indicates that the system automatically

creates a main directory if the main
directory does not exist.
-k /etc/skel Indicates that the system copies the

template files in a specified directory
to the main directory. The common
template files include .profile
and .cshrc.
The template files are used to ensure a
uniform operating environment for all
users. If you plan to copy the template
files to the main directory when you
run the useradd command, the
following requirements must be met:
l If the main directory does not exist,
automatically create one main
directory using the useradd -m
option.
l If the main directory already exists,
ensure that users in this group are
authorized to read, write, and
execute the directory.
-u 1023 Indicates that the user ID is 1023. Each

user has a unique ID. Change the ID to
the actual user name when you create
other users.
-s /bin/bash Indicates that the B shell resolution

program is applied. Change the B shell
resolution program to the actual shell
resolution program.

U2000
NOTE
To learn the user-defined users that have been created, you can run the following command:
# cat /etc/passwd|awk 'BEGIN {FS=":"} $3 > 499 {print $1}'
b. Run the following command to set the password for the new user:
# passwd omc1
Changing password for omc1.
New password:new password
Reenter New Password:new password

Password changed.
----End
11.1.2 Changing the Passwords of Operating System Users

This section describes how to change the passwords of operating system users, including root,
oracle, dbuser, ossuser, ftpuser iscript and webuser. These users have been created during
server installation. You can change their passwords as required during maintenance. User root
is the administrator of the system. You must restrict the use of its password to only a few
engineers to prevent any risks caused by misoperations. To ensure system security, you must
change the password of user root as required.
Prerequisites
l You have obtained the password of the desired operating system user.
l Database services are running properly.
l The U2000 software is installed successfully.
Context
NOTICE
After the password of OS user ftpuser is changed, back up OS data and dynamic data. For
detailed operations, see 21 Backing Up and Restoring the U2000. If you do not back up OS
data and dynamic data, the original data may be restored during subsequent restoration
operations, causing inconsistency between the passwords of user ftpuser recorded in the OS
data and dynamic data. As a result, some U2000 functions become invalid.
You must change the passwords for the operating system users based on service system.

U2000

pair, and so on).
Procedure
If... Then...
Change the password of user Perform Step 2 through Step 8.

root, oracle, dbuser, ossuser or
NOTICE
ftpuser
When performing the operations described in this section,
you are not allowed to log in to a related board and run
commands to change the password for an operating system
user.
Change the password of user Perform Step 9.

iscript or webuser
Step 2 You have logged in to the OSMU through a web browser. For details, see 26.2.5 Logging In
Step 3 Perform the following operations to check the board status:

1. In the left pane of the OSMU window, expand the Service System navigation tree and
choose Service Management > Board Services.
2. On the Board Services tab page in the right pane, check the board status.
The passwords of operating system users must be changed by service system. When you
change the passwords of the operating system users in a service system, you must verify
that all the boards in the service system are in the Active, Service Stopped, Standby,
Service Takeover or Normal state.
choose Password Management > Change OS/DB User Password.
Step 5 In the Change OS User Password area on the Change OS/DB User Password tab page in
the right pane, select the Service system for the user whose password you want to change.
Step 6 Type the User name and set its new password.
Step 7 Click Modify.

U2000
If the dialog box similar as Figure 11-1 is displayed, click No. The operation continues, and
the computer responds to your operations properly.
Figure 11-1 Windows Internet Explorer dialog box
The OSMU will create a task for changing the password, and you can view the task execution
status in the Centralized Task Management area in the lower part of the OSMU window.
l When Status of the task is displayed as Succeeded, the password for the desired user on
all boards of the service system has been changed successfully.
l If Status of the task is displayed as Failed, contact Huawei technical support.
Step 9 If you need to change the password of user iscript or webuser, perform the following
operations:
1. Use PuTTY to log in to the U2000 master service board and standby service board as
user ossuser in SSH mode. For detailed operations, see 26.1.1 Logging In to the Board
by Using PuTTY.
~> su - root
3. Run the following command to change the password of user.
NOTE
The maximum password length varies according to the operating system. To ensure compatible
system interconnection, the recommended maximum password length is 30 characters.
# passwd username
When the system displays New Password: , enter the new password for user.
When the system displays Re-enter new Password: , enter the new password
again for user.
If the system displays as the following information, the password of user has been
changed successfully:

U2000
Password Changed.
----End
Follow-up Procedure
If the password of user ftpuser is changed and the U2000 system is configured with the Trace
Server independently deployed, you also need to synchronize the configurations recorded in
the Trace Server. For details, see Synchronizing the FTP Configurations from the U2000 in
11.1.3 Deleting Operating System Users

This section describes how to delete operating system users. You need to perform the
following operations on each node. For an ATAE cluster online remote HA system, you need
to perform the following steps on each node in the active site and the standby site.
Prerequisites
Procedure
l Run the following command to delete a user account and the main directory of the
account:
# userdel -r user name
NOTICE
If the user has logged in to the system, you cannot run the userdel command to delete
this user.
----End
Example
Assume that user omc1 is in the system. To delete user omc1, run the following command:
# userdel -r omc1
If the system does not display any information, the user has been successfully removed. If the
system displays the following information, user omc1 is not running any timing task. In this
case, omit the information.
no crontab for omc1
11.2 Managing Database Users

This chapter describes how to manage database user that is required for the operation of the
U2000, how to change the database administrator, and how to change the password of
database user.

U2000
11.2.1 Changing the Database Administrator

When the U2000 system uses the Sybase database, the database administrator sa is created by
default. To prevent the potential security risk of the default database administrator being
spread, users can manually disable the database administrator and create a database
administrator. The new database administrator will replace and has the same rights as the
current database administrator. If the database administrator does not need to be changed, skip
operations in this section.
Prerequisites
l The Sybase database is used for the U2000 server.
l The new database administrator and its password are available.
Context
NOTICE
l If the new user exists, perform this operation to assign database administrator rights to the
new user and change its password.
l For the multi-instance database whose default database administrator sa has been disabled
successfully, after a database instance is added, disable the database administrator sa
again.
l The new user name must meet the following requirements:
l The new user name must contain a maximum of 16 characters and start with a letter.
It contains only lowercase letters, digits, and underscores (_).
l The new user name cannot be sybuser, AutoCfg, sybase1, or probe.
l The password of the new user must meet the following requirements:
l The password must contain 8 to 30 characters.
l The first character of the password must be a letter.
l The password contains at least one uppercase letter.
l The password contains at least one lowercase letter.
l The password contains at least one digit.
l The password contains at least one special character, which can only be ~@#^*-_+
[{}]:./?=%.
l The password can not contain the case-insensitive current user name.
l The password must not be the same as the user name or the reverse order of the user
name.
l A password cannot contain three or more consecutive characters that are the same
(for example, AAA and 111).
Procedure
Step 1 If any U2000 services are running, stop them.

U2000
l Check the running status of the U2000 services. For details, see 4.1 Checking the
U2000 Service Status.
l Stop the U2000 services. For details, see 4.6 Stopping U2000 Services.
Step 2 If the Sybase service is running, restart it.

l Stop the Sybase service. For details, see 4.4 Stopping the Database Service.
l Start the Sybase services. For details, see 4.3 Starting the Database Service.
~> su - root
Step 5 Run the following commands to disable the current database administrator:
1. Run the script for changing the database administrator.
# cd /opt/oss/server/rancn/tools/modifyDBAUser
# ./modifyDBAUserName.sh
NOTE
In the following part, the default Sybase database administrator sa is disabled, the new database
administrator ossdba is created, and user ossdba have all rights of user sa.
2. When the system displays the following information, enter the Sybase database server
name DBSVR1 corresponding to the U2000 master service board:
Please input database server name, "q" to quit: DBSVR1
3. When the system displays the following information, enter the name of the current
Sybase database administrator, for example, sa:
Please input the database administrator name, "q" to quit: sa
4. When the system displays the following information, enter the name of the user-defined
Sybase database administrator, for example, ossdba:
Please input the new database administrator name, "q" to quit: ossdba
5. When the system displays the following information, enter the password of the current
Sybase database administrator, for example, the password of user sa:
Please input the password of the sa user, "q" to quit:
6. When the system displays the following information, enter the password of the user-
defined Sybase database administrator, for example, the password of user ossdba:
Please input the password of the ossdba user, "q" to quit:
7. When the system displays the following information, enter the password of the user-
defined Sybase database administrator again, that is, the password of user ossdba:
Please input the password of the ossdba user again, "q" to quit:
NOTE
When the system displays information similar to the following, the Sybase database administrator has
been changed successfully.
Fri Jan 3 01:47:03 CST 2014 : Modify the sa to ossdba successfully.
When the system displays information similar to the following, the Sybase database administrator has
been changed unsuccessfully, contact Huawei technical support engineers.
Fri Jan 3 01:47:03 CST 2014 : Modify the sa to ossdba failed.

U2000
Step 6 Start the U2000 services.

l Start the U2000 services. For details, see 4.5 Starting U2000 Services.
l Check the running status of the U2000 services. For details, see 4.1 Checking the
U2000 Service Status.
----End
11.2.2 Changing the Passwords of Database Users (Oracle)

This section describes how to change the password of the Oracle database administrator and
the passwords of table space users of the databases in the U2000 by using the OSMU.
Prerequisites
l You have logged in to the OSMU using a web browser. For detailed operations, see
26.2.5 Logging In to the OSMU by Using a Web Browser.
l Database services are running normally.
Context
The password can contain 8 to 30 characters, including digits 0 to 9, lowercase letters a to z,
uppercase letters A to Z, and special characters underscores (_). To improve password
security, you are advised to use the following password policies:
l The password must contain the special character underscore (_).
name.
l The password cannot be reused within one year.
l The password that has been used in the recent 20 times cannot be reused.
Procedure
1. In the navigation tree of the OSMU in the left pane, choose Service System > Service
Management > Board Services.
2. Check the status of the board on the Board Services tab page in the right pane.
The cluster system of the same product must not be switched over. Database services
must be running normally, and the board status is the same as the following describe.
– Status of service board must be Service Stopped, Normal, or Active.
– Status of standby service board must be Standby.
– Status of DB board and standby DB board must be Normal and Standby,
respectively.

U2000

Checking the U2000 Service Status. If the U2000 services are running, stop them by
following instructions provided in 4.6 Stopping U2000 Services.
Step 3 In the navigation tree of the main window, choose Routine Maintenance > Password
Management > Change OS/DB User Password.
Step 4 On the Change DB Password area on theChange OS/DB User Password tab page in the right
pane, change the password.
1. Set Service system to U2000 Database System.
2. Select Database user to the user whose password you want to change, and then enter the
original password and new password and confirm the new password.
3. Click Modify.
l When Status of the task is displayed as Succeeded, the password of the desired user on
all boards of the cluster has been changed successfully.
Table 11-2 lists the database users whose passwords can be changed using the OSMU as well
as their default passwords.
NOTICE
l The password of - in Table 11-2 indicates that the user is not created.
l If a new version is deployed through upgrade, one can keep using the previous password.

U2000
Table 11-2 Database users and their default passwords

User Name Default Default Description
Password in Password in
V200R011 V200R012 or a
Later Version
CMEDB emsems Changeme_123
FARSDB emsems Changeme_123
ITFNDB emsems Changeme_123
SWMDB emsems Changeme_123
PMDB emsems Changeme_123
PMCOMDB emsems Changeme_123
FMDB emsems Changeme_123
OSSTEMPDB
NOTE
For V200R011
that is newly emsems Changeme_123
installed, the
user name is
OMCTEMPD
B.
EAMDB These users are created when the

NOTE database is installed. These users
For V200R011 are used for managing the database
that is newly emsems Changeme_123 table spaces or database.
installed, the
user name is
OMCEAMDB.
SMDB
NOTE
For V200R011
installed, the
user name is
OMCSMDB.
LOGDB
NOTE
For V200R011
installed, the
user name is
OMCLOGDB.
OMCDB emsems Changeme_123
TOPODB - Changeme_123

U2000
User Name Default Default Description

Password in Password in
V200R011 V200R012 or a
Later Version
SYSTEM emsems Changeme_123 These users are created when the

Oracle database is installed. These
SYSMAN emsems Changeme_123 users are the administrators for
managing the Oracle database.
This user is an operation user of

the redis database. The redis
Default user of database is installed with the CME
the redis software. The password of the
database (the redis database user is the same as
- Changeme_123
redis database that of the Oracle database user
does not open SYSTEM. If you change the
this user name) password of user SYSTEM, the
password of the redis database user
will be also changed.
Step 6 Change the password of the user SYS.

1. Use PuTTY to log in to the U2000 DB active node in SSH mode as user oracle. For
2. Run the following command to change the password of user SYS:
~> sqlplus / as sysdba;
SQL> ALTER USER SYS IDENTIFIED BY New Password;
If the system displays the following information, the password has been changed
successfully:
User altered.
Specify New Password in the preceding command based on the planned password
policies.
Step 7 Optional: Change the password of the northbound interface user AutoCfg.
NOTE
Perform this step only when the U2000 is accessible to the NMS and you need to change the password
of the northbound interface user AutoCfg; otherwise, skip this step.
SQL> ALTER USER AutoCfg IDENTIFIED BY "new password of AutoCfg user"

REPLACE "old password of AutoCfg user"
If the system displays the following information, the password has been changed successfully:
User altered.
Step 8 Run the following command to exit the SQL.
SQL> exit
~> exit

U2000
Step 9 Start U2000 services. For detailed operations, see 4.5 Starting U2000 Services.
----End
Follow-up Procedure
After the password of database users is changed, back up database static data and dynamic
data. For detailed operations, see 21 Backing Up and Restoring the U2000. If you do not
back up static data and dynamic data, the original data may be restored during subsequent
restoration operations, causing inconsistency between the passwords of database users
recorded in the OS data and dynamic data. As a result, some U2000 functions become invalid.
11.2.3 Changing the Passwords of Database Users (Sybase)

This section describes how to change the password of the Sybase database administrator, the
operation user sybuser and the passwords of table space users of the databases in the U2000
by using the OSMU. If the CME software has been installed, the password of the default user
of the redis database used by the CME software will also be changed when you change the
password of user sybuser.
Prerequisites
l Database services are running normally.
Context
uppercase letters A to Z, and special characters. To improve password security, you are
advised to use the following password policies:
[{}]:./?=%.
name.
Procedure

U2000
The cluster system of the same product must not be switched over. Database services
must be running normally, and the board status is the same as the following describe.
– Status of service board must be Service Stopped, Normal, or Active.
– Status of standby board must be Standby.
– Status of DB board must be Normal.
Check whether U2000 services are running by following instructions provided in4.1
Checking the U2000 Service Status. If the U2000 services are running, stop them by
following instructions provided in 4.6 Stopping U2000 Services.
Step 3 In the navigation tree of the main window, choose Routine Maintenance > Password
Management > Change OS/DB User Password.
Step 4 On the Change DB Password area on theChange OS/DB User Password tab page in the right
pane, change the password.
1. Set Service system to U2000 Database System.
2. Select Database user to the user whose password you want to change, and then enter the
original password and new password and confirm the new password.
3. Click Modify.
l When Status of the task is displayed as Succeeded, the password of the desired user on
all boards of the cluster has been changed successfully.

Table 11-3 lists the database users whose passwords can be changed by using the OSMU.

U2000
Table 11-3 Database users and their default passwords

User Name Default Password Description
in V200R012 or
later version
sa Changeme_123 This user is created when the Sybase

database is installed. This user is the
administrator for managing the Sybase
database.
NOTE
The database administrator sa is created by
default. To prevent the potential security risk of
the default database administrator being spread,
users can manually disable the database
administrator and create a new database
administrator.
sybuser Changeme_123 This user is created when the Sybase

database is installed. This user is the
operation user of the Sybase database.
Default user of the Changeme_123 This user is an operation user of the redis
redis database (the database. The redis database is installed
redis database does with the CME software. The password of
not open this user the redis database user is the same as that of
name) the Sybase database user sybuser. If you
change the password of user sybuser, the
password of the redis database user will be
also changed.
Step 6 Optional: Change the password of the northbound interface user AutoCfg.
NOTE
Perform this step only when the U2000 is accessible to the NMS and you need to change the password
of the northbound interface user AutoCfg; otherwise, skip this step.
1. Use PuTTY to log in to the U2000 DB active node in SSH mode as user dbuser. For
2. Run the following command to change the password of user AutoCfg:
~> isql -Sdatabase server name -UAutoCfg
Password: password of user AutoCfg
NOTE
Replace the database server name with the actual name onsite. For details about how to query the
actual database server name, see 26.1.9 Checking the Sybase Database Server Name.
1> sp_password "old password of AutoCfg user", "new password of AutoCfg user"
2> go
When the system displays Password correctly set, the password of user AutoCfg has
been changed successfully.
3. Run the following command to exit the SQL:
1> exit

U2000
----End
Follow-up Procedure
After the password of database users is changed, back up database static data and dynamic
data. For detailed operations, see 21 Backing Up and Restoring the U2000. If you do not
back up static data and dynamic data, the original data may be restored during subsequent
restoration operations, causing inconsistency between the passwords of database users
recorded in the OS data and dynamic data. As a result, some U2000 functions become invalid.
11.2.4 Changing the User Password of the Database Related to the

Site Power Management Application
This describes how to manage the MySQL users that are required for running the site power
management application and how to change the password of the MySQL administrator.
The site power management application software uses the MySQL database. For details about
the database user and how to change the password, see section Managing MySQL Users in
iManager U2000-Site Power Management Product Documentation. You can log in to the
http://support.huawei.com website and search for the product documentation with
iManager U2000-Site Power Management Product Documentation as the keyword.
11.3 Managing Web Proxy Users

This topic describes how to create and delete web proxy users and change web proxy user
passwords. Web proxy users are required for authentication on NE access through proxies.
11.3.1 Web Proxy User

This section describes the web proxy user used in the U2000.
l U2000 allows you to access NEs using the U2000 server as a proxy. When accessing
NEs using the U2000 server as a proxy, you must enter the proxy user name and
password for authentication. In addition, you are advised to deploy a physical firewall
and configure security policies on the firewall to improve system security.
l The default proxy user on the U2000 is proxyuser, and the password is Changeme_123.
To increase system security, change the password of user proxyuser in time. The proxy
user can be added or deleted as required.
11.3.2 Creating Web Proxy Users

This topic describes how to create web proxy users. The U2000 supports NE access through
proxies. When using proxies, you must enter the user name and password of a web proxy user
for authentication, which improves system security.
Context
l For HA system, perform the following operations on the active server only. For ATAE
cluster system, perform the following operations on the master server only.

U2000
l To improve password security, it is recommended that the following conditions for

passwords should be met:
– A password contains at least eight characters and a maximum of 255 characters.
– A password contains at least two types of the following characters: lowercase
letters, uppercase letters, digits, and special characters (spaces and ` ~ ! @ # $ % ^
& * ( ) - _ = + \ | [ { } ] ; : ' " , < . > / ?).
– A password cannot be the user name or user name in reverse order.
Procedure
Step 3 Run the following commands to create a web proxy user:
~> cd /opt/oss/server/3rdTools/apache/bin
~> ./htdigest /opt/oss/server/etc/apache/conf/proxy_users Proxy username
Adding user username in realm Proxy
New password:Password
Re-type new password:Password
If the command output is blank, the web proxy user is created successfully.
NOTE
l The variable username indicates the name of the web proxy user to be created.
l You can repeat the previous commands to create multiple web proxy users.
----End
11.3.3 Deleting Web Proxy Users

This topic describes how to delete web proxy users that are no longer used.
Context
For HA system, perform the following operations on the active server only. For ATAE cluster
system, perform the following operations on the master server only.
Procedure
Step 2 Run the following commands to modify the proxy_users file and delete a web proxy user.
1. Run the vi command to open the proxy_users file in /opt/oss/server/etc/apache/conf.
~> vi /opt/oss/server/etc/apache/conf/proxy_users
2. Delete the line that contains the desired user name.

U2000
In the vi command mode, move the cursor to the desired line and press S to delete the
line.
3. Press Esc. Then, run the :wq! command to save the file and exit the vi editor.
----End
11.3.4 Changing Web Proxy User Passwords

This topic describes how to change web proxy user passwords. Periodic password change is
required to improve security of web proxy user passwords.
Context
l For HA system, perform the following operations on the active server only. For ATAE
cluster system, perform the following operations on the master server only.
l To improve password security, it is recommended that the following conditions for
passwords should be met:
– A password contains at least eight characters and a maximum of 255 characters.
– A password contains at least two types of the following characters: lowercase
letters, uppercase letters, digits, and special characters (spaces and ` ~ ! @ # $ % ^
& * ( ) - _ = + \ | [ { } ] ; : ' " , < . > / ?).
– A password cannot be the user name or user name in reverse order.
Procedure
Step 3 Run the following commands to change the password of a web proxy user:
~> cd /opt/oss/server/3rdTools/apache/bin
~> ./htdigest /opt/oss/server/etc/apache/conf/proxy_users Proxy username
Changing password for user username in realm Proxy
New password:New password
Re-type new password:New password
If the command output is blank, the web proxy user password is changed successfully.
NOTE
The variable username indicates the name of the web proxy user whose password is to be changed. If the
web proxy user does not exist, a web proxy user is created.
----End

U2000
11.4 Managing SNMPv3 Users

This chapter describes the users for the interaction between the U2000 server and other
devices using the SNMPv3 protocol and how to change their private keys.
11.4.1 SNMPv3 Users

This section describes the users used for the interaction between the U2000 server and other
devices using the SNMPv3 protocol.
Table 11-4 describes the information about SNMPv3 users.
NOTE
If the user password is still the initial password when you perform operations using the SNMPv3 users,
change the password in time to improve system security.
Table 11-4 SNMPv3 user description

User Name Initial Private Key User Description
amosagent l Authentication private key: This user is used to report

Changeme_123 resource monitoring alarm,
l Encryption private key: threshold alarms and hardware
Modify_key0 alarms from the PRS to the
U2000 server using the SNMPv3
NOTE
If you deploy the latest version by
protocol. User amosagent is
upgrading the system, encryption used in the SNMPv3 protocol.
private key do not change after the The original authentication
upgrade, The initial encryption private key of user amosagent
private key is Changeme_123 in may be amosagent depending on
U2000 V200R015C00SPC100 and the OSS version.
earlier versions.
v3username l The password of the v3username indicates the user

authentication protocol : used by the OSS Self
Changeme_123 Management Unit (OSMU) or
l The password of the data Alarm Monitor of Outsourcing
encryption protocol : System (AMOS) and U2000 to
Modify_key0 exchange SNMPv3 messages.
i@a#$$ l Authentication protocol The OSMU alarm module send

password: #a$*u* t!h heartbeat information to the OSS
l Data encryption protocol product as user i@a#$$.
password: p~r $%i^vx
sonagent l Authentication protocol sonagent indicates the user used

password: Changeme_123 by the SONMaster and U2000 to
l Data encryption protocol exchange SNMPv3 messages.
password: Modify_key0

U2000
User Name Initial Private Key User Description
tspagent l Authentication protocol tspagent indicates the user used

password: Changeme_123 by the TSP and U2000 to
l Data encryption protocol exchange SNMPv3 messages.
password: Modify_key0
11.4.2 Changing the Private Key of the SNMPv3 User Between

U2000 and the PRS
This section describes how to change the private key of user amosagent for interaction
between the PRS and U2000 using the SNMPv3 protocol.
Prerequisites
l You have obtained the old authentication private key and encryption private key of the
SNMPv3 User.
l The U2000 server software has been installed normally.
l You have changed the authentication private key of the SNMPv3 User in PRS server and
obtained them.
Context
The private key can contain 8 to 30 characters, including digits 0 to 9, lowercase letters a to z,
uppercase letters A to Z, and special characters @%-=_.]{}. To improve private key
security, please use the following private key policies:
l The private key contains at least one uppercase letter.
l The private key contains at least one lowercase letter.
l The private key contains at least one digit.
l The private key contains at least one special character.
l The key cannot be composed of duplicate character strings, for example, Te_1Te_1.
Procedure

~> su - root
Step 3 Run the following commands to start the tool for changing the private key.
# cd /opt/oss/server/common/resourcemonitor/bin/
# ./modifyUSMvalue.sh
Step 4 Choose PRS > authpasswd, change the authentication private key of the SNMPv3 to the new
authentication private key you have obtained as prompted.

U2000
Old key: old key
New key: new key

Re-enter new Key: new key
When the system displays Operation succeeded..., the authentication private key of
the SNMPv3 user is changed successfully.
Step 5 Choose privpasswd, change the encryption private key of the SNMPv3 to the new encryption
private key you have obtained as prompted.
Old key: old key
New key: new key

When the system displays Operation succeeded..., the encryption private key of the
SNMPv3 user is changed successfully.
Step 6 Choose Exit to exit the tool for changing the private key.
Step 7 Run the following commands to restart the ResourceMonitor process:
$ ps -ef | grep "ResourceMonitor"
ossuser 13382 1 0 07:13:20 ? 0:38 /opt/oss/server/platform/bin/
ResourceMonitor -cmd start >/dev/null 2>&1
In the command output, the second row of the ResourceMonitor -cmd start line displays the
ID of ResourceMonitor.
~> kill -9 13382
NOTE
In the preceding command, 13382 is the process ID of ResourceMonitor. Replace it with the actual
value.
~> ResourceMonitor -cmd start
----End
11.4.3 Changing the Password of the SNMPv3 User for Alarms

Between U2000 and OSMU
This topic describes how to change the password of the SNMPv3 user v3username between
U2000 and OSMU.
Context
l The authentication protocol and its password, and the data encryption protocol and its
password must be consistent with those in the OSMU and AMOS. Do not change the
protocols and their passwords without notifying the OSMU and AMOS side.
l For the security purpose, you need to change the v3username user password regularly.
l The password must contain at least three of the following types of characters: lowercase
letters, uppercase letters, digits, and special characters. It must contain at least eight
characters.

U2000
l The password cannot be composed of duplicate character strings, for example,

Te_1Te_1.
l You are advised to set the password of the authentication protocol and the password of
the data encryption protocol to be different.
l If the password is known to an unauthorized user, it is recommended that you change it
immediately to secure regular management and maintenance of the U2000.
Procedure
Step 1 Use PuTTY to log in to the master node in SSH mode as user ossuser.
NOTE
the OSMU.
Step 2 Set the environment variables by running the following command:
Step 3 Encrypt the new passwords for the v3username user.

1. Encrypt the new Auth Protocol password.
~> ssl_adm -cmd encryptpassword
Enter the new auth protocol password as prompted.
new Encrypted Auth Protocol password
2. Encrypt the new Private Protocol password.

~> ssl_adm -cmd encryptpassword
Enter the new private protocol password as prompted.
new Encrypted Private Protocol password
Step 4 Write the encrypted passwords in the sf_config.xml file.

1. Run the vi command to open the sf_config.xml file in /opt/oss/server/etc/conf.
~> vi /opt/oss/server/etc/conf/sf_config.xml.
2. Write the encrypted Private Protocol password and Auth Protocol password.
<param name="auth_password" type="encrypt">new Encrypted Auth Protocol
password</param>
<param name="priv_password" type="encrypt">new Encrypted Private Protocol
password</param>
3. Press Esc to switch to the CLI mode, and run :wq! to save and close the sf_config.xml
file.
----End

U2000
11.4.4 Changing the Private Key of the SNMPv3 User for

Heartbeats Between U2000 and OSMU
This section describes how to change the private key of user i@a#$$ for heartbeats between
the OSMU and U2000 using the SNMPv3 protocol. In the ATAE cluster system, perform the
operations only on master service board and standby service board. In the ATAE cluster
online remote HA system, the private key of user must be the same on all nodes in the active
and standby sites. Therefore, perform operations in this section on each node in the active and
standby sites. Change the private key of user on the active site and then on the standby site. If
the active and standby sites are switched over, change the private key of user on the standby
site and then on the active site.
Prerequisites
SNMPv3 User.
l You have changed the private key of the SNMPv3 User for heartbeats on OSMU board
and obtained them.
Context
Procedure
NOTE
the OSMU.
~> su - root

U2000
Step 4 Choose OSMU Heartbeat > authpasswd, change the authentication private key of the
SNMPv3 to the new authentication private key you have obtained as prompted.
Old key: old key
New key: new key

Old key: old key
New key: new key


~> kill -9 13382
NOTE
value.
----End

U2000 and the SONMaster
This section describes how to change the private key of user sonagent for interaction between
the SONMaster and U2000 using the SNMPv3 protocol.
Prerequisites
SNMPv3 User.

U2000

l You have changed the authentication private key of the SNMPv3 User in SONMaster
server and obtained them.
Context
Procedure
~> su - root
Step 4 Choose SON Master > authpasswd, change the authentication private key of the SNMPv3 to
the new authentication private key you have obtained as prompted.
Old key: old key
New key: new key

Old key: old key
New key: new key


U2000

~> kill -9 13382
NOTE
value.
----End

U2000 and the TSP
This section describes how to change the private key of user tspagent for interaction between
the TSP and U2000 using the SNMPv3 protocol.
Prerequisites
SNMPv3 User.
l You have changed the authentication private key of the SNMPv3 User in TSP server and
obtained them.
Context
Procedure
~> su - root

U2000
Step 4 Choose TSP > authpasswd, change the authentication private key of the SNMPv3 to the new
authentication private key you have obtained as prompted.
Old key: old key
New key: new key

Old key: old key
New key: new key


~> kill -9 13382
NOTE
value.
----End
11.5 Managing ATAE Cluster System Devices Users

This section describes how to manage ATAE cluster system devices users.

U2000
11.5.1 Changing User Passwords for ATAE Cluster System

Devices
This section describes how to change the passwords for users on ATAE cluster system
devices, including users on the SMM boards, the FC modules, Base plane, and Fabric plane of
the switching boards, and the S3900 disk array.
For details about how to change user passwords for ATAE cluster system devices, see section
Operation and Maintenance > Routine Maintenance > Security Management > User
Management > User Password Management for ATAE Cluster System Devices >
Changing User Passwords for ATAE Cluster System Devices in ATAE Cluster System
Product Documentation.
11.5.2 Synchronizing User Passwords for ATAE Cluster System

Devices
This section describes how to synchronize the passwords for users on ATAE cluster system
devices. After the synchronization, the passwords for users on new devices are changed to the
passwords for these users on existing devices. User password synchronization applies to the
following devices: the SMM boards, the FC modules, Base plane, and Fabric plane of the
switching boards, and the S3900 disk array.
For details about how to synchronize user passwords for ATAE cluster system devices, see
section Operation and Maintenance > Routine Maintenance > Security Management >
User Management > User Password Management for ATAE Cluster System Devices >
Synchronizing User Passwords for ATAE Cluster System Devices in ATAE Cluster System
11.6 Managing OSMU Web Users

OSMU web users are used for daily management and maintenance of the OSMU system.
OSMU web users belong to different user groups and are granted different operation rights.
You can add, change or delete OSMU web users as required and change the passwords for
OSMU web users.
For details about how to manage OSMU web users, see section Operation and Maintenance
> Routine Maintenance > Security Management > User Management > OSMU Web
User Management in ATAE Cluster System Product Documentation.
11.7 Managing OM Users

OM users operate and maintain the entire network or specified NEs through the U2000. The
U2000 provides the user management function. By using this function, you can manage user
information and user rights. You can also monitor user sessions and operations. This helps to
prevent unauthorized operations and ensure system security.
For details about how to manage OM users, see User Management in U2000 User
Management User Guide.

U2000
11.8 Changing the Password for the Default User of the

VCS
User admin is created by default before VCS delivery. To ensure system security, you are
advised to change its initial password during onsite commissioning based on the password
complexity requirements. For an ATAE cluster online remote HA system, you need to
perform the following steps on the active and standby sites.
Prerequisites
l You have obtained the new password for user admin of the VCS.
l The communication between the PC and the OSMU board is normal.
Context
l A password must contain at least one special character @ % - = _ . ] { }
l A password must not contain any special character \ and spaces.
l Do not use the 12 passwords that are recently used.
Procedure
Step 1 Type the following website in the Address bar of the browser on the PC and press Enter.
Then, log in to the OSMU as an OSMU web user.
https://<public IP address of the OSMU server>:30088/osmu or https://<private IP address
of the OSMU server>:30084/osmu

U2000
NOTE
l The OSMU server has a private IP address and a public IP address. When you log in to the OSMU
by using the private IP address of the OSMU server, the PC must be connected to the base network
port on the RTM of the switching board through a network cable. You are advised to log in to the
OSMU by using the private IP address of the OSMU server only in scenarios where the public IP
address of the OSMU server is not set or when a network failure occurs. For details about the IP
address planning of the OSMU server, see 27.3 Default Host Names and IP Addresses of
Boards.
l If the OSMU login window is not displayed after you type the preceding website in the address bar
of the browser and press Enter, perform the following operations:
– If you use Internet Explorer to access the OSMU, perform the operations described in 26.2.1
Setting Internet Explorer. If the problem persists, perform the operations described in
26.1.4 Starting the OSMU Service.
– If the OSMU login window is not displayed after you use Mozilla Firefox to access the
OSMU, perform the operations described in 26.1.4 Starting the OSMU Service.
l If a message indicating that the website is insecure is displayed on the browser after login to the
OSMU, solve the problem by referring to 26.2.1 Setting Internet Explorer or 26.2.2 Setting
Firefox.
Step 2 In the left pane of the OSMU window, expand the Device Management navigation tree and
choose Hardware Device > Board.
On the Board tab page in the right pane, the boards whose Cluster Name values are the same
belong to the same cluster.
Step 3 Record the private IP address of a board in each cluster.
NOTICE
If the standby OSMU board is deployed, a board whose Cluster Name is OSMUCluster
exists on the Board tab page. When this occurs, do not record the private IP address of this
board and do not perform this operation.
Step 4 Log in to the OSMU board as user osmuuser in SSH mode using PuTTY. For detailed
~> su - root
Step 6 Log in to the boards whose private IP addresses have been recorded in Step 3, Change the
passwords for user admin of VCS.
1. Run the following command to log in to the board:
# ssh Private IP address for the board

2. Run the following command to check whether VCS software is installed on the board:
# rpm -q VRTSvcs
– If information similar to the following is displayed, the VCS software has been
installed on the board. In this case, perform Step 6.3.
VRTSvcs-6.1.1.000-SLES11

U2000
– If information similar to the following is displayed, the VCS software has not been
installed on the board. In this case, perform Step 7.
package VRTSvcs is not installed
3. Run the following command to change the password for user admin of VCS.
# haconf -makerw
# hauser -update admin
Enter Password: new password of user admin
Enter Again: new password of user admin
# haconf -dump -makero
When the # prompt is displayed, the password has been changed successfully.
Step 7 Repeat Step 6 to change the password for user admin of VCS of all boards recorded in Step
3.
----End
11.9 Changing Passwords for Database User of FMA

This section describes how to change the password of user fmauser.
Prerequisites
l You have obtained the old password of user fmauser.
l The FMA service is stopped. For details, see Querying and Changing FMA Service
Status in U2000 OSMU User Guide.
Context
uppercase letters A to Z, and special characters ~!@#$%^&*()_+}[]{?/<>|\:,. To improve
password security, you are advised to use the following password policies:
l The password contains at least one special character.
l The password does not contain the user name.
name.
Procedure
~> su - root

U2000
Step 3 Run the following commands to start the tool for changing the password.
# cd /export/home/tran/as/bin/script
# ./modify_db_password.sh
Please input old database password: old password
Please input new database password: new password
Please input Re-enter new database password: new database

Do you want to continue to modify database password:[y/n]
Enter y to change the password. When the message Finish to modify database
password. is displayed, the password is changed successfully. Enter n to cancel the
change.
Step 4 Start FMA services, For details, see Querying and Changing FMA Service Status in U2000
OSMU User Guide.
----End
11.10 Setting Security Policies of U2000 Users

Setting account policy of the U2000 user to improve the security of the U2000.
11.10.1 Setting the User Name Blacklist

Certain words cannot serve as user names due to political or regional factors in the local
regions. This function allows users to place these words into the blacklist file. During account
creation, these words cannot be set to the user names. In the non-single-server system, you
need to perform related operations only on the active or master server.
Prerequisites
l The line feed character of the blacklist.conf file in /opt/oss/server/etc/security must be
set to UNIX.
l The code format of the blacklist.conf file must be UTF-8.
Procedure
Step 1 Log in to the U2000 server as user ossuser.
Step 2 In /opt/oss/server/etc/security/blacklist.conf, enter these prohibited words. One line contains

only one word.
Step 3 Restart the security service for the settings to take effect.
~>. /opt/oss/server/svc_profile.sh
~> svc_adm -cmd restartsvc SecurityService
----End

U2000
11.10.2 Setting the Login Message

When a user successfully logs in to the U2000, the system displays a message, prompting the
user to follow related rules, which bear the same functions as legal statements. Carriers can
define the message according to their own regulations.
Prerequisites
You have run the U2000 environment variable.
Context
The language of the login prompt message depends on the language of U2000 applications on
the server. That is, if the language of U2000 applications on the server is English, the message
displayed on the client is in English.
Procedure
For ATAE cluster system, log in to the master server only.
Step 2 Provide the contents of the login prompt message.

1. In SUSE Linux that you have logged in, find Law.txt in /opt/oss/server/platform/conf/
security/locale/en_US.
2. Provide the contents of the login prompt message in Law.txt.
Step 3 Modify the configuration item to enable the login prompt message function.
1. Find IMAP_smsvc.xml in /opt/oss/server/etc/conf.
2. Open IMAP_smsvc.xml by using the text editor.
3. Search for the configuration item lawParam in IMAP_smsvc.xml.
4. Set that the value of <param name="Open"></param> is YES.
Step 4 Run the following commands to import the IMAP_smsvc.xml configuration file into the
database:
~> SettingTool -cmd import -file /opt/oss/server/etc/conf/IMAP_smsvc.xml
Step 5 Stop U2000 services. For details, see Stopping U2000 Services.
Step 6 Start U2000 services. For details, see Starting U2000 Services.
----End
Follow-up Procedure
l The login prompt message is displayed when you log in to the U2000 client next time.
l If you set the login prompt message function on the server, the login prompt message is
displayed when you log in to the U2000 client.

U2000
11.10.3 Setting Display of the Last Login User Name in the Login
Dialog Box
This topic describes how to set display of the last login user name in the U2000 client login
dialog box. The function of hiding the name of the last login user reduces the risks of user
name divulgence, enhancing the security of the U2000 system.
Context
l The settings take effect for all clients connected to the current server if you set the
parameters for this function on the server.
l The settings take effect only for the current client if you set the parameters for this
function on the client.
l If the settings on the server and those on the client conflict, the settings take effect on the
server.
Procedure
l Two methods are provided for not displaying the name of the last login user in the login
dialog box.
Method one: For the name of the last login user on any of the client connected to the
U2000 server, perform the following steps. In the non-single-server system, you need to
perform related operations only on the active or master server.
a. Use the text editor to open the smconf.xml file in /opt/oss/server/etc/conf.
b. In the smconf.xml file, change the value of the configuration item
NotShowLastLoginNameFlag to 1.
NOTE
l The valid value of configuration item NotShowLastLoginNameFlag is 0 or 1. The

default value is 0.
l If the value of the configuration item is empty or invalid, the default value 0 is used.
l 0: Disable the global configuration, that is, the configuration on the client takes effect. In
this case, you need to set whether to display the name of the last login user on the client.
l 1: Enable the global configuration mode, that is, the name of the last login user is not
displayed on all clients connected to the server. In this case, you do not need to set
whether to display the name of the last login user on the client.
c. Save the smconf.xml file.
d. On the server that runs SUSE Linux, use the command line tool to load the
configuration file again and then restart the DS service.
NOTE
1. Run svc_adm -cmd reload to load the configuration file again.

2. Run svc_adm -cmd restartsvc DesktopService0101 to restart the DS service.
Method two: For the name of the last login user on the current U2000 client. The setting
takes effect for only the current client. Perform the following steps. In the non-single-
server system, you need to perform related operations only on the active or master server.
a. Use the text editor to open the smconf.xml file in /opt/oss/server/etc/conf.
b. In the smconf.xml file, change the value of the configuration item
NotShowLastLoginNameFlag to 0. For details about parameters, see Note in step
b in method one.

U2000
c. Save the smconf.xml file.

d. On the server that runs SUSE Linux, use the command line tool to load the
configuration file again and then restart the DS service.
NOTE
1. Run svc_adm -cmd reload to load the configuration file again.

2. Run svc_adm -cmd restartsvc DesktopService0101 to restart the DS service.
e. Use the text editor to open the client/client/plugins/U2000_Solution/style/
productstyle/loginui/conf/loginui/loginuiconfig.xml file under the installation
directory of the U2000 client.
f. In the loginuiconfig.xml file, change the value of isShowLoginUserName to false.
NOTE
The valid values for isShowLoginUserName are false and true. The default value is
false.false indicates that the name of the last login user is not displayed on the U2000 client,
and true indicates that the name of the last login user is displayed on the U2000 client.
g. Save the loginuiconfig.xml file.
h. Restart the U2000 client for the settings to take effect.
l To display the name of the last login user in the login dialog box.
The procedure is similar to the procedure in method two for hiding the name of the last
login user. The difference is that in step f for method two, you need to change the
isShowLoginUserName value in the loginuiconfig.xml file to true.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 12 Managing Files and Disks on the U2000 Server
12 Managing Files and Disks on the U2000

Server
About This Chapter
This describes how to manage the file systems and disks on the U2000 server.
12.1 U2000 Server File System

This section describes the directory structure of the U2000 server software.
12.2 Clearing U2000 Databases
This section describes how to dump the data in the U2000 databases. The data includes alarm/
event logs, NM operation logs, NM system logs, and NM security logs. You can configure an
integrated task for dumping the data in the U2000 databases.
12.3 Clearing the Disk Space of the U2000 Server
This describes how to clean up the disk space of the U2000 server. Before cleaning up the
disk space, ensure that the files to be deleted are not required for future operations. Deleting a
useful file by mistake may lead to a system operation error.

U2000
12.1 U2000 Server File System

This section describes the directory structure of the U2000 server software.
The U2000 server software runs depending on the following software:

l Linux operating system software
l Oracle or Sybase database
In the ATAE cluster system, the U2000 is deploying on service boards and the U2000
database is deploying on DB boards.
Unless otherwise specified, in the ATAE cluster system, the directory structure of the U2000
server software on the master node, the standby node, and each slave node are the same. For
details on the directory structure of the U2000 server, see Table 12-1.
Table 12-1 Directories for storing the U2000 server software (service boards)
Directory Description
/opt/oss Installation directory of the U2000 server

software.
/opt/oss/server/3rdTools Directory for storing third-party software.
/opt/oss/server/cbb Directory for storing shared components.
/opt/oss/server/common Release directory of the common application

subsystem, apache, tomcat, NHC, NIC and FM
module.
/opt/oss/server/med Directory for storing mediation files.
/opt/oss/server/ds Directory for storing DesktopService-related

files.
/opt/oss/server/hedex Directory for storing HedEx help.
/opt/oss/server/nbi Directory for storing northbound files.
/opt/oss/server/nemgr Directory for storing NE Explorer files.
/opt/oss/server/etc Directory for storing system configuration files

and structured query language (SQL) scripts.
/opt/oss/server/platform Directory for storing security-, log-, and license-

related services and some executable scripts.
/opt/oss/server/rancn Root directory of U2000 components.
/opt/oss/server/var Directory for storing the output files such as trace

files, operation logs, system logs, and user logs.
/opt/oss/server/tools Directory for storing common U2000 tools.
/opt/oss/server/upgrade Upgrade directory of the U2000 server.

U2000
/export/home/sysm/ftproot/pm Directory for storing traffic statistics reported by

NEs in files.
/export/home/sysm/ftproot/NE type/ Directory for storing NE software packages.

Software
/export/home/sysm/ftproot/NE type/ Directory for storing backup NE data.

Data/NE object ID NOTE
NE object ID refers to the ID of an NE instance used
internally by software.
/export/home/omc/var Directory for storing the output files such as trace

files, operation logs, system logs, and user logs.
NOTE
In the ATAE cluster system, the directory /export/
home/omc and its subdirectory are only exist on the
master service board and slaver service boards.
/export/home/omc/var/fileint Directory for storing northbound inventory files,

alarm files, configuration files, and CME
configuration file interface files.
NOTE
In the ATAE cluster system, the directory /export/
home/omc and its subdirectory are only exist on the
master service board and slaver service boards.
/var/log Directory for storing Linux log files.
/export/home/backup/omc Directory for storing backup files of dynamic

data.
/export/home/sysm/ftproot/ebc Directory for storing EBC service data.
/export/home/omc/var/TSService Directory for storing TS dynamic service data.
12.2 Clearing U2000 Databases

This section describes how to dump the data in the U2000 databases. The data includes alarm/
event logs, NM operation logs, NM system logs, and NM security logs. You can configure an
integrated task for dumping the data in the U2000 databases.
Prerequisites
l You have logged in to the U2000 client.
l You are authorized to clear the U2000 databases.
Context
l Dump conditions can be set according to the following aspects: execution type,
execution time, and file saving format.
l After data is dumped, the following data is saved as files in the default directory for
saving dumped data of the U2000 server and removed from the databases:

U2000
– The alarm and event logs in the fmdb database

– The operation logs, system logs, and security logs in the logdb database
Procedure
Step 1 Dump the alarm and event logs in the fmdb database.
1. On the GUI of the U2000 client, choose Maintenance > Task Management (traditional
style); alternatively, double-click System Management in Application Center and
choose Task Schedule > Task Management (application style).
The Task Management window is displayed.
2. In the left pane of the Task Management window, choose Alarm/Event Log Dump
under the Database Capacity Management node from the Task Type navigation tree.
3. Select a task in the right pane of the Task Management window, and then click
Attribute.
4. In the Attribute dialog box, set the dump parameters. Then, click OK.
Step 2 Dump the operation logs in the logdb database.
2. In the left pane of the Task Management window, choose Operation Log Dump under
the Database Capacity Management node from the Task Type navigation tree.
Attribute.
Step 3 Dump the system logs in the logdb database.
2. In the left pane of the Task Management window, choose System Log Dump under the
Database Capacity Management node from the Task Type navigation tree.
Attribute.
Step 4 Dump the security logs in the logdb database.
2. In the left pane of the Task Management window, choose Security Log Dump under
the Database Capacity Management node from the Task Type navigation tree.
Attribute.

U2000
----End
12.3 Clearing the Disk Space of the U2000 Server

This describes how to clean up the disk space of the U2000 server. Before cleaning up the
disk space, ensure that the files to be deleted are not required for future operations. Deleting a
Context
During the routine operation and maintenance, back up and delete the following files to
release more disk space:
l Files storing information about NEs and the U2000 server
l Software upgrade package and decompressed files
l Trace logs
l Backup files
l Temporary files created during system operations
NOTICE
You can delete files when the server is running. Before deleting files, run the ls -l command to
check the date when the files are generated. Do not delete the files generated on the current
day.
Procedure
Step 1 Export the files that store information about NEs and the U2000 server, and back up the files
to a tape.
l Files generated during automatic alarm dump
Alarm dump files are stored in the /opt/oss/server/var/ThresholdExport/FM directory.
l User log files
User log dump files are stored in the /opt/oss/server/var/userlogs directory.
l Core files generated by the system
Core files are stored in the /opt/oss/server/var/logs/ directory.
l Historical trace files
Historical trace files are stored in the /opt/oss/server/var/logs/tracebak/ directory.
Step 2 Delete the software update package and the decompressed files.
After the software is successfully upgraded, you can delete the original upgrade package and
the decompressed files. The upgrade package and decompressed files are stored in the folder
named after the patch in the /export/home directory.

U2000
NOTICE
Generally, the decompressed upgrade files are stored in the /export/home directory. The
folder for saving the decompressed upgrade files is named after the patch. Sometimes, the
folder is created in the /export/home/bak directory.
Step 3 Delete trace logs.

Change the value of tracebackupnum in the IMAP_tracemonitor_svc_ex.xml file to reduce
the number of backup trace log files.
Edit the IMAP_tracemonitor_svc_ex.xml file in the /opt/oss/server/etc/conf/ directory to
set the interval for checking trace log files, maximum trace log file size, and maximum
number of backup trace log files.
The following are the contents of the IMAP_tracemonitor_svc_ex.xml file:
<?xml version="1.0" encoding="utf-8"?>
<tracemonitor name="tracemonitor" mount="/imap/common/tracemonitor">

<strategy name="imap">

<param name="checktracetime">300</param>

<param name="tracebackupnum">50</param>
</strategy>
<strategy name="other">
<filename name="tao.trace">
<param name="filesize">200</param>
<param name="tracebackupnum">20</param>
</filename>
</strategy>
</tracemonitor>
In checktracetime, you can set the interval for checking trace log files. In the preceding
example, the system checks the trace log files every 300 seconds. In tracebackupnum, you
can set the number of backup trace log files for each process in the /opt/oss/server/var/logs/
tracebak directory. For a process, if the number of backup trace log files in the tracebak
directory exceeds the preset value, the system automatically deletes the earliest trace log files.
NOTICE
Backup trace files are used for locating and analyzing problems. Reducing the value in
tracebackupnum reduces the number of backup trace files, which may make problem
location and analysis inconvenient.
Step 4 Clear the backup files.

l After the upgrade, delete the backup files for the upgrade or copy them to a tape.
l Periodically back up all the files in the /export/home/backup/omc directory to a tape.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 13 Managing the U2000 Client
13 Managing the U2000 Client
About This Chapter
This section describes how to manage the U2000 client. The graphic user interface (GUI) on
the U2000 client supports the O&M for the NEs and enables you to monitor the U2000. You
must manage the U2000 client to ensure its proper operation.
Context
The requirements of the U2000 client for operation rights are as follows:
l The users who are authorized to install, upgrade, and uninstall the U2000 client are
Windows users. They belong to the Administrators user group.
l The users who are responsible for the routine maintenance of the U2000 client must
belong to the Users user group and have the read and write permissions on the U2000
client installation directory.
13.1 Managing Files and Disks on U2000 Clients
This section describes how to manage the file systems and disks on the U2000 clients.
13.2 Monitoring the Login Status of the U2000 Clients
This section describes how to monitor the login status of the U2000 clients (including the
LMTs which access NEs using the U2000 as a proxy). When the number of login clients
exceeds the preset maximum number of U2000 threads, you must force a user out to establish
a new connection.
13.3 Setting the Number of Clients Accessible on a PC
This section describes how to set the number of clients in the same installation directory on a
personal computer (PC) that can log in by modifying the configuration file on the U2000
client. The clients do not include the local maintenance terminals (LMTs) that access NEs
using the U2000 as a proxy.
13.4 Modifying the Date, Time, and Time Zone on the U2000 Client
This section describes how to modify the date, time, and time zone on the U2000 client that
runs the Windows operating system. This section uses the Windows 7 operating system as an
example.

U2000
13.1 Managing Files and Disks on U2000 Clients

This section describes how to manage the file systems and disks on the U2000 clients.
13.1.1 Introduction to the U2000 Client File System and Tools

This section describes the U2000 client file system and the tools of the U2000 system.
The client software runs on the Windows operating system and is based on Java Virtual
Machine (JVM). The U2000 client software package contains the JVM that is compatible
with the Windows operating system.
Required disk space on the client (for reference only): F = I +T + S x N, where I refers to the
size of the initial version (about 800 MB); T refers to the temporary space for storing patches
(less than 20 MB); S refers to the size of NE mediation files (3 MB to 10 MB); and N refers
to the number of NE versions.
Table 13-1 describes the directory structure of the U2000 client software.
Table 13-1 U2000 client software directory
U2000 client installation directory Installation directory of the U2000 client

software. The default directory is D:\oss.
U2000 client installation directory\cau Directory for storing the client automatic
upgrade (CAU) client software and the
version, document abstract, and group
information about the U2000 client.
NOTE
l The CAU provides an upgrade detection
mechanism that is based on the document
abstract and is used to compare the document
abstract on the server with that on the client. If
the document abstracts are inconsistent, you
need to upgrade the client.
l Based on the group information, the server
groups and packs all the client files deployed on
the server for the client to download, install,
and upgrade. Based on the group information,
the client also groups and packs all client files.
When these files are being downloaded, they
can be compared with those files grouped and
packed by the server.
U2000 client installation directory\jre Directory for storing the JVM delivered with
the U2000 client.
U2000 client installation directory\client Directory for storing the programs for starting
the client.
U2000 client installation directory\client Directory for storing the library files.
\lib

U2000
U2000 client installation directory\client Directory for storing the remote alarm
\notify notification tool.
U2000 client installation directory\client Root directory of the iSStar script.

\script
U2000 client installation directory\client Directory for storing the scripts for starting the
\client\bin U2000 client program.
U2000 client installation directory\client Directory for storing CBB files of the U2000
\client\cbb client.
U2000 client installation directory\client Buffer directory of the U2000 client, which is
\client\configuration generated automatically when the client starts.
U2000 client installation directory\client Extension directory of the U2000.

\client\Data
U2000 client installation directory\client Directory for storing DTD files of dynamic
\client\dtd charts used on the client.
U2000 client installation directory\client Directory for storing the feature configuration
\client\features file of each subsystem of the U2000 client.
U2000 client installation directory\client Directory for storing the plugin debug package
\client\IviewPlugin of the client.
U2000 client installation directory\client Directory for storing the dynamic libraries
\client\lib shared among the U2000 client, remote alarm
notification client, script framework client,
and data management client.
U2000 client installation directory\client Directory for storing the configuration file of
\client\plugins each subsystem of the U2000 client as a plug-
in.
U2000 client installation directory\client Directory for storing client configuration files.
\client\style
U2000 client installation directory\client Directory for storing client temporary files,
\client\tmp which can be cleaned up.
U2000 client installation directory\client Directory for storing components such as

\client\thirdparty radio transmission nodes (RTNs), routers,
switches, firewalls, SSL VPNs (SVNs).
U2000 client installation directory\client Directory for storing trace files.

\client\tracefile
U2000 client installation directory\client Directory for storing the tools invoked by the
\client\tools U2000.
U2000 client installation directory\client Directory for storing upgrade files.

\client\update

U2000
U2000 client installation directory\client Directory for storing the file that records the
\client\installflag installed components.
If you deploy the latest version by upgrading
the system, the directory is not generated. If
you deploy the latest version by installation,
the directory is generated.
U2000 client installation directory Directory for storing the uninstall program.
\uninstall
U2000 client installation directory\client Directory for storing the file protection tool.
\client\USBProtector The tool is used to encrypt specified files or
files in specified directories or protect the file
integrity.
U2000 client installation directory\client Default directory for storing exported files on
\client\report the client.
The U2000 system provides some tools to enhance the U2000 function. For details about the
types and application scenarios of the tools, see Table 13-2.
Table 13-2 U2000 Tool Description

Tool Startup Application Scenario
iSStar Tool Choose Start > All Programs > The iSStar is a secondary
(Offline) iManager U2000 Client > iSStar development platform for users to
Tool (Offline). extend the operation and
Run U2000 client installation path maintenance of the service
\client\script\bin functions. Users can perform
\Run_iScript_global.bat. secondary development in the
iSStar secondary platform as
required. The iSStar mainly applies
to scenario that requires operations
in batches or routine and automatic
execution.

U2000
Antenna Start the Internet Explorer, type l By using the antenna attribute
Management https://IP address of the U2000 management function provided
server:31040/ams or http://IP by the U2000 system, you can
address of the U2000 server: remotely manage the ALDs of a
31038/ams, and then press Enter. site in a centralized manner.
Therefore, OM costs are
reduced.
l The U2000 system can detect a
faulty antenna based on the fault
detection algorithm. This
facilitates site maintenance.
Compared with traditional
troubleshooting methods, the
antenna fault detection function
can significantly reduce site
maintenance costs.
NIC Tool On the browser, enter http(s)://IP The NIC tool supports NE
address of the U2000 server/nic or management, scenario management,
https://IP address of the U2000 and task management functions.
server:31040/nic to open the login NOTE
page of Network Information You can use http(s)://Server IP
Collection (NIC). address/nic to access the login window
of the NIC only when the OSS server is
in the both or common communication
mode.
U2000 Choose Start > All programs > The remote notification service can
Remote iManager U2000 Client > U2000 send the alarms to users by ways of
Notification Remote Notification Manager. short messages or emails in time.
Manager
USB Choose Start > All Programs > The USB protector tool can encrypt
Protector iManager U2000 Client > Start or protect the integrity of the NE
Tool USB Protector Tool. files saved in USBs.
U2000 Data Choose Start > All Programs > The U2000 Data On-line Analysis
On-line iManager U2000 Client > U2000 Tool is a sub-function of U2000
Analysis Data On-line Analysis Tool. performance management. It offers
Tool Run U2000 client installation data analysis and detection
directory\client\client\bin functions.
\omcDOA.bat.
U2000 Log Choose Start > All Programs > If the client cannot be logged in
Information iManager U2000 Client > U2000 properly, use the U2000 Log
Collector Log Information Collector. Information Collector to collect and
Run U2000 client installation analyze U2000 client logs. You can
directory\client\client\bin rectify the client login failure based
\omcDiagnosis.bat. on the analysis result. If the
problem persists, contact Huawei
technical support to analyze the
collected information.

U2000
Re-parenting Run U2000 client installation This script is used for reparenting
NodeB NEs directory\client\client\bin NodeBs.
\omcNodebmove.bat.
Client Choose Start > All Programs > This application is used to uninstall
uninstallation iManager U2000 MBB Client > the U2000 client.
Uninstall Client.
Run U2000 client installation
directory\uninstall\uninstall.bat.
Choose Control Panel > All

Control Panel Items > Programs
and Features > iManager U2000.
directory\uninstall
\UninstallForWindowsControlPa-
nel.bat.
U2000 client Run U2000 client installation This application is used to log in to
directory\client\client\bin the U2000 client.
\omcClient.bat.
iView bundle Run U2000 client installation This application is used to start
startup directory\client\client\IviewPlugin iView in bundle mode.
application \IviewPluginRun.bat.

directory\client\notify
\IviewPlugin\IviewPluginRun.bat.
Log Query Run U2000 client installation If many log files have been dumped
Tool directory\client\logreview or exported, it is difficult for users
\startup_logreview_global.bat. to quickly find the log files they
want. This tool helps users quickly
find the log files they want and
therefore facilitates problem
identification.
13.1.2 Clearing the Disk Space of an U2000 Client

This section describes how to clear the disk space of an U2000 client. Before performing this
operation, ensure that the files to be deleted are not required for future operations. Deleting a

U2000
Context
NOTICE
You can delete the files when the client is running. Do not delete the files generated on that
day.
Procedure
l Delete the trace logs.
Delete the historical trace logs saved in the U2000 client installation directory\client
\client\tracefile directory. It is recommended that you preserve the trace logs generated
during the latest two weeks.
----End
13.2 Monitoring the Login Status of the U2000 Clients

This section describes how to monitor the login status of the U2000 clients (including the
LMTs which access NEs using the U2000 as a proxy). When the number of login clients
exceeds the preset maximum number of U2000 threads, you must force a user out to establish
a new connection.
Prerequisites
Before monitoring the U2000 clients, ensure that you are authorized to monitor the users.
Procedure
Step 1 Start the U2000 client and log in to the U2000 server.
Step 2 Choose Security > User Session Monitor (traditional style); alternatively, double-click
Security Management in Application Center and choose OSS Security > User Session
Monitor (application style). The User Session Monitoring dialog box is displayed.
Step 3 Click the User Session Monitoring tab to monitor all the terminals connected to the U2000
system.
Pay special attention to information such as login IP address and login time.
Step 4 Optional: Click Refresh to refresh the session list.
Step 5 If you need to force a user out, select the user, and then click Force User to Log Out.
NOTE
The user of the selected client is forced out. The users of the other clients do not exit.
The current user cannot force itself out.
----End

U2000
13.3 Setting the Number of Clients Accessible on a PC

This section describes how to set the number of clients in the same installation directory on a
personal computer (PC) that can log in by modifying the configuration file on the U2000
client. The clients do not include the local maintenance terminals (LMTs) that access NEs
using the U2000 as a proxy.
Prerequisites
l You have logged in to the PC as a user in the Users user group.
l The U2000 client is running properly.
Context
Ideally, a maximum of 31 U2000 clients can be started concurrently on one PC. The number
of clients in the same installation directory on a PC that can log in concurrently depends on
the performance of the PC and that of the server for login.
In the communicate.xml in the U2000 client installation directory\client\client\plugins
\com.swimap.omc.common\style\productstyle\com.swimap.corba\conf directory, value of
corba_portpool indicates the port range that the client attempts to occupy. The minimum port
number is separated from the maximum number by -. The client tests the port from the
minimum number to the maximum number. If all the ports are occupied, the system displays
an Error message. You can set the maximum number of clients started on a PC by changing
the value of corba_portpool.
Procedure
Step 1 Open the communicate.xml file in the U2000 client installation directory\client\client
\plugins\com.swimap.omc.common\style\productstyle\com.swimap.corba\conf directory.
Step 2 Find the corba_portpool field, and then change the range of the ports as required.
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE COMMINIDATA SYSTEM "commini.dtd">
<COMMINIDATA>
<AREADESC areaname="communicate">
<DESC descname="communicate">
<PARAS>
<PARA name="operation" value="modify"></PARA>
<PARA name="corba_portpool" value="30500-30699"/>
</PARAS>
</DESC>
</AREADESC>
</COMMINIDATA>
NOTE
l The ports after modification cannot exceed the range from 30500 to 30699.
l When modifying the port range, ensure that the ports in this port range are enabled on the firewall.
l The ports may be used by other applications. Perform the following substeps to check the
occupation of the ports.
1. Choose Start > Run. The Run dialog box is displayed.
2. Type cmd. Then, click OK.
3. In the displayed window, run the netstat -an command to check the occupation of the ports.
----End

U2000
13.4 Modifying the Date, Time, and Time Zone on the

U2000 Client
This section describes how to modify the date, time, and time zone on the U2000 client that
runs the Windows operating system. This section uses the Windows 7 operating system as an
example.
Prerequisites
l The Windows operating system is running properly.
l You have logged in to the Windows operating system as a user of the Administrators
user group.
Context
NOTICE
Before modifying the date, time, and time zone in the Windows operating system, close the
U2000 client software. Otherwise, the U2000 client software fails to function properly.
Procedure
Step 1 Choose Start > Control Panel.
Step 2 In the Control Panel window, set View by to Large icons or Small icons. Click Date and
Time.
Step 3 In the Date and Time dialog box, click Change date and time.
NOTE
If you are prompted for an administrator password or confirmation, input the password or provide
confirmation.
Step 4 In the Date and Time Settings dialog box, select the items to be modified. After modified the
date and time, click OK.
Item Operation
Date Set the required date in the Date area on the Date and Time Settings tab page.
Hour Set the required hour in the Time area on the Date and Time Settings tab page.
Minute Set the required minute in the Time area on the Date and Time Settings tab page.
Second Set the required second in the Time area on the Date and Time Settings tab page.

U2000
Step 5 To change the time zone, click Change time zone.
Step 6 In the Time Zone Settings dialog box, select your current time zone from the drop-down list,
and then click OK.
NOTICE
If your time zone uses the daylight saving time and you want your computer clock to be
adjusted automatically when the daylight saving time changes, make sure the Automatically
adjust clock for Daylight Saving Time check box is selected.
Step 7 Click OK.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 14 Managing the U2000 License
14 Managing the U2000 License
About This Chapter
U2000 licenses restrict the number of manageable devices, and the availability duration of the
U2000. You need to manage the licenses periodically.
14.1 Checking the Status of the U2000 License

This topic describes how to check the status of the U2000 license. By checking the license
status, you can learn the usage of the license, so as to apply for a new license file from
Huawei in time before the OSS needs to be expanded or the validity of the license is due.
14.2 Loading or Updating the U2000 License
This topic describes how to replace the U2000 license file on the U2000 server from the
client.
14.3 Querying the License Revocation Code on the U2000
This topic describes how to view the license revocation code on the U2000 client. When
applying for a new license, you need to provide the revocation code of the old license.
14.4 Revoking a License on the U2000
The U2000 supports the function of revoking a license. You can revoke the license that is not
in use to obtain the revocation code and then use the code to apply for a new license.
14.5 Exporting the License Information
The U2000 supports exporting of a license. You can export License control item information
to a specified path, facilitating maintenance.
14.6 Exporting License Files
U2000 can export license files and save them as backup in a specified path. This way, the
backup can be used to restore licenses when an exception occurs during update of license
files.
14.7 Setting Periodic Export of the U2000 License
When the upper-layer OSS needs to collect statistics on licenses used by U2000 recently (for
example, usage of license items and license update time), you can perform U2000 license
export tasks periodically or instantly to dump the licenses information used by the U2000, and
save them as an XML file to the specified folder.
14.8 Setting Alarms for U2000 License Resource Item Capacity

U2000
When the consumption of each OSS license resource item reaches or exceeds the preset
threshold, the U2000 sends an alarm or periodically displays an Information dialog box,
reminding users to apply for or purchase a new license in a timely manner.
14.9 Reference for the U2000 License Interfaces
This section describes the references for U2000 license.
14.10 FAQs About U2000 Licenses
This topic describes how to resolve common problems occurring during U2000 license
management and solutions to them.
14.11 U2000 License Consumption Statistics Rule
This document describes the rules of collecting statistics on the consumption of U2000
license resource control items on the U2000 client.

U2000

Context
l When the period between the current day and Overflow Time of the license is less than
or equal to 30 days, the system displays a dialog box after a user logs in, prompting the
user to update the license. In addition, the system reminds the user of a license update
every 12 hours.
l If a user does not apply a new license after the license expires, the U2000 sends the
ALM-297 The OSS License Expired indicating that the license has expired. In addition,
the client periodically displays an expiration notification dialog box. Table 14-1
describes the frequency of displaying the expiration notification dialog box on the client.
Table 14-1 Frequency of displaying the license expiration notification dialog box
Duration After Expiration Frequency of Display
Less than or equal to 30 days Once every 24 hours
More than 30 days but less than or equal to Once every 6 hours
60 days
More than 60 days Once every 2 hours
l Assume that the permanent commercial and fixed-period license files of a product are
used simultaneously on the OSS. If the fixed-period license file enters the retention
period, the U2000 reports ALM-294 Expired OSS License File.
l If a user uses the temporary license file of a product on the OSS, the OSS displays a
dialog box indicating that the temporary license file is used after the user logs in to a
client.
Procedure
Step 1 Choose License > OSS License Management > License Information (traditional style).
Alternatively, double-click System Management in Application Center and choose License
Management > License Information (application style).
NOTE
l License information of different products is displayed on tabs named after products.

l Date Format in the figure indicates the date format of Authorization Expiration Time and
Overflow Time, which can be set in Region Settings. For details, see Setting the Date Format of the
Client.
Step 2 In the License Information dialog box, query the license information about resources and
functions on the Resource Control Item and Function Control Item tabs.
----End

U2000
Related References
14.9.1 Parameters for Querying the U2000 License

This topic describes how to replace the U2000 license file on the U2000 server from the
client.
Prerequisites
l The version of the license that you applied for must be the same as the version of the
U2000.
l You have logged in as a user who belongs to the Administrators or SMManagers user
group.
Context
l When the license files are about to expire, the U2000 displays a warning periodically.
l This chapter also applies to the scenario where the licenseis loaded for the first time.
Procedure
Step 2 In the License Information dialog box, click Update License.
Step 3 In the Update License wizard, click .
Step 4 In the Open dialog box, select a license file to be loaded and click Open.
Step 5 In the Update License wizard, click Next. Select a license update mode as required.
The OSS allows users to load the permanent commercial and fixed-period license files of a
product. The available license update modes are as follows:
l Incremental: Update product license files based on the license file type (permanent
commercial or fixed-period).
– If the fixed-period license file of a product is used on the OSS, only the permanent
commercial license file of the product can be added during the incremental update.
– If the permanent commercial license file of a product is used on the OSS, only the
fixed-period license file of the product can be added during the incremental update.
– If the permanent commercial and fixed-period license files of a product are
simultaneously used on the OSS, only one license file can be updated during the
incremental update.

U2000
NOTE
The Incremental option is unavailable in one of the following conditions:

– The license file of a product being used on the OSS or the license file to be loaded is the
permanent commercial plus fixed-period license file.
– The license file of a product being used on the OSS and the license file to be loaded are
permanent commercial license files.
– The license file of a product being used on the OSS and the license file to be loaded are
fixed-period license files.
– The license file of a product being used on the OSS or the license file to be loaded has
entered the default state.
– No license file of a product for which a license file is to be loaded exists on the OSS.
l Full:
– When license files of multiple products exist on the OSS, the Full mode indicates
that the license files of a product are replaced with a new license file of the product.
– When the license files only of one product exist on the OSS, the Full mode
indicates that the license files of the product are replaced with a new license file of
the product.
Step 6 Click Next. View the license change information in the Comparison step of the Update
License wizard and click Finish.
NOTE
You can perform the following operations to export results of comparing the original and new licenses to
a CSV file and save the file in a specified path. License comparison files can be used in maintenance
later.
1. In the Comparison step of the Update License wizard, click Export.
2. In the Save dialog box, set the export path and file name, and click Save.
Step 7 In the Confirm dialog box, click Yes.
----End
Follow-up Procedure
After the license file update is complete, you need to re-log in to the U2000 client for the
update to take effect.
Related References
14.9.4 Parameters for Comparing the Original License with the Updated License

This topic describes how to view the license revocation code on the U2000 client. When
applying for a new license, you need to provide the revocation code of the old license.
Procedure
Step 1 Choose License > OSS License Management > Query License Revocation Code
(traditional style); alternatively, double-click System Management in Application Center
and choose License Management > Query License Revocation Code (application style).

U2000
Step 2 In the Query License Revocation Code dialog box, view the license SN, license revocation
code and revocation setting time.
NOTE
l License SN: SN of a license file.

l License Revocation Code: a string generated after a license file is revoked. According to this unique
string, you can check that its corresponding license file is revoked. When changing the equipment
serial number (ESN) or License capacity, you need to provide the License revocation code.
l Revocation Time (MM/dd/yyyy): time when you set a license file to be revoked. "MM/dd/yyyy"
indicates the format of the date, which can be set in Region Settings. For details, see Setting the
Date Format of the Client.
Step 3 Right-click the information about the revocation code and choose Copy from the shortcut
menu to copy the information.
The copied information about the revocation code can be used to apply for a license.
NOTE
You can also select the information about the queried revocation code, and then press Ctrl+C to copy
the information.
----End
Related Tasks
Related References
14.9.2 Parameters for Querying the Revocation Code of an U2000 License

The U2000 supports the function of revoking a license. You can revoke the license that is not
in use to obtain the revocation code and then use the code to apply for a new license.
Prerequisites
You have logged in as a user who belongs to the Administrators or SMManagers user
group.
Context
The Revoke License dialog box displays only available license files and does not display
revoked and invalid licenses.
Procedure
Step 1 Choose License > OSS License Management > Revoke License (traditional style);
alternatively, double-click System Management in Application Center and choose License
Management > Revoke License (application style).
Step 2 In the Revoke License dialog box, select the license that will not be used any more, and then
click Revoke License.

U2000
NOTE
l Product: Name of the product.

l License SN: SN of a license file.
l License File: Name of a license file.

The license file is revoked.
----End
Result
If you revoke a license file but do not apply a new license, the U2000 displays a dialog box
every hour, prompting you to update the license. The U2000 also displays License SN,
Revocation Time, and Valid Date (indicating the date before which the revoked license can
still be used) of the license, and License File.
Related Tasks
Related References
14.9.3 Parameters for Revoking an U2000 License
14.5 Exporting the License Information

The U2000 supports exporting of a license. You can export License control item information
to a specified path, facilitating maintenance.
Procedure
Step 2 In the License Information dialog box, click Export License.
NOTE
l If the Resource Control Item tab page is displayed, resource control item information is exported.
l If the Function Control Item tab page is displayed, function control item information is exported.
Step 3 In the Save dialog box, set the path, file name, file type, and encoding of the export file. Then
click Save.
----End
14.6 Exporting License Files

U2000 can export license files and save them as backup in a specified path. This way, the
backup can be used to restore licenses when an exception occurs during update of license
files.

U2000
Prerequisites
You have logged in as a user who belongs to the Administrators or SMManagers user
group.
Procedure
Step 1 Select License > OSS License Management > Export License File (traditional style);
alternatively, double-click System Management in Application Center and choose License
Management > Export License File from the main menu (application style) .
Step 2 In the Export License File dialog box, select license files to be exported. Click Export.
Step 3 In the Save dialog box, set the path to save the exported license files. Click Save.
----End
Result
A dialog box is displayed, prompting the exporting result and the path to save the exported
license files.
14.7 Setting Periodic Export of the U2000 License

When the upper-layer OSS needs to collect statistics on licenses used by U2000 recently (for
example, usage of license items and license update time), you can perform U2000 license
export tasks periodically or instantly to dump the licenses information used by the U2000, and
save them as an XML file to the specified folder.
Context
If the current license file used by the U2000 becomes invalid due to a license initialization
failure, the exporting task can not executed, and users need to contact Huawei technical
support to update the license.
Procedure
Step 1 Choose Maintenance > Task Management (traditional style); alternatively, double-click
System Management in Application Center and choose Task Schedule > Task
Management (application style).
Step 2 In the Take Type navigation tree, choose File Interface > OSS License Export.

U2000
Step 3 In the task list on the right, double-click the OSS License Export task.
Step 4 In the Attributes dialog box, set the parameters on the Common Parameters and Extended
Parameters tabs, and then click OK.
Step 5 Perform the OSS License Export task.

l If Status of the task is Suspend, right-click the task and choose Resume from the
shortcut menu. Then right-click the task again and choose Run Now from the shortcut
menu.
l If Status of the task is Idle, right-click the task and choose Run Now from the shortcut
menu.
----End
14.8 Setting Alarms for U2000 License Resource Item

Capacity
When the consumption of each OSS license resource item reaches or exceeds the preset
threshold, the U2000 sends an alarm or periodically displays an Information dialog box,
reminding users to apply for or purchase a new license in a timely manner.
Procedure
Step 1 Choose License > OSS License Management > Alarm Configuration for License
Resource Item Capacity (traditional style). Alternatively, double-click System Management
in Application Center and choose License Management > Alarm Configuration for
License Resource Item Capacity (application style).
Step 2 In the Alarm Configuration for License Resource Item Capacity dialog box, set the
threshold for each resource item, and set whether to send an alarm, whether to enable timed
prompting, and the prompting interval if the consumption of the resource item reaches or
exceeds the preset threshold.
Step 3 Optional: Select one or more configured resource items and click Modify in Batches. In the
displayed Modify Alarm Configurations in Batches dialog box, set the parameters.
Step 4 Optional: Set Display to Not configured. Select one or more resource items that are not
configured and click Add in Batches. In the displayed Add Alarm Configurations in
Batches dialog box, set the parameters.
Step 5 Click OK.
----End
Result
When the consumption of the OSS license resource item reaches or exceeds the preset
thresholds, the U2000 generates ALM-55 OSS License Consumption Reaches or Exceeds the
Preset Threshold alarm and periodically displays an Information dialog box. When the
consumption of the OSS license resource item is lower than the preset thresholds,The OSS
License Consumption Reached the Threshold alarm is automatically cleared and the
Information dialog box is not displayed any longer.

U2000
Related References
14.9.6 Parameters for Setting Alarms for U2000 License Resource Item Capacity
14.9.6 Parameters for Setting Alarms for U2000 License Resource Item Capacity
14.9 Reference for the U2000 License Interfaces

This section describes the references for U2000 license.
14.9.1 Parameters for Querying the U2000 License

This topic describes the parameters in the License Information dialog box. You can refer to
these parameters when viewing U2000 licenses information.
Buttons
Button Description
Details Views details about a license.
Server ID Views IDs of this server and applicable servers.

Server IDs refer to the MAC addresses of the local server. Users can
copy the IDs to apply for the license file of the local server. IDs of
applicable servers refer to the MAC addresses of servers that can be
authorized by the loaded licenses. Users can view the servers that can
be authorized by each license file.
Update License Updates license.
Export License Exports a license to a file on the local client for future maintenance
and use.
Parameters
Parameter Description Setting
Find Description: -
Keyword used for querying license items
in the table. Enter a license keyword in
the text box and click .
Find supports approximate string
matching.

U2000
Resour Display Description: Value:

ce Displays the license resource items to be l All
Control viewed.
Item l Consumption
reaching or
exceeding
thresholds
l Consumption
exceeding capacity
Setting method:
Select a value from
the drop-down list.
Resource Description: -
Names of authorization items.
ID Description: -
Identifier of the resource control item.
Capacity Description: -
Capacity of a resource control item in
the license file. For example, if the
license file allows a maximum of 100
online clients, 100 is the capacity value.
Authorizati Description: -
on For details about Authorization
Expiration Expiration Time in different license
Time application scenarios, see Table 14-2.
Consumptio Description: -
n Capacity consumption of a resource
control item in the license file. For
example, if the license file allows a
maximum of 100 online clients, and 20
users have already logged in to the
clients, 20 is the consumption value.
NOTE
For details about the rules of collecting
statistics on license consumption, see U2000
License Consumption Statistics Rule
Reference.

U2000
Overflow Description: -
Time l When Resource is set to Valid Day,
Overflow Time does not need to be
specified.
l When Resource is not set to Valid
Day, Overflow Time indicates the
time when consumption of a license
authorization item exceeds its
capacity.
When consumption of the license
authorization item exceeds its
capacity, the U2000 reports
ALM-801 OSS License Beyond
Limitation.
Functio Function Description: -

n Names of authorization items, such as
Control Electronic Map or Alarm Export.
Item
ID Description: -
Identifier of the function control item.
Supported Description: -
Whether the license file used by the
U2000 supports this function.
Authorizati Description: -
on For details about Authorization
Expiration Expiration Time in different license
Time application scenarios, see Table 14-2.
Table 14-2 Authorization Expiration Time in different license application scenarios
license Authorization Expiration Time

Application When Resource Is Set to When Resource Is Not Set to
Scenario Valid Day Valid Day
The permanent Expiration time of the license N/A

commercial file, which is displayed as No
license limit.
The fixed-period Expiration time of the license N/A

license file, which is displayed as the
expiration time of the specific
fixed-period license file.

U2000

Application When Resource Is Set to When Resource Is Not Set to
Scenario Valid Day Valid Day
The permanent Expiration time of the license Expiration time of the fixed-period
commercial plus file, which is displayed as No license.
fixed-period limit. If the current system time exceeds
of the fixed-period license, the
U2000 will report ALM-51 The
temporary Feature field of the
OSS license file expires.
The permanent Expiration time of the license Expiration time of the fixed-period
commercial and file. license file.
fixed-period The license information about the If the current system time exceeds
license files permanent commercial license Authorization Expiration Time
file and fixed-period license file of the fixed-period license file, the
is displayed in two lines, where U2000 will report ALM-294
Authorization Expiration Time Expired OSS License File.
of the permanent commercial
license file is displayed as No
limit, and Authorization
Expiration Time of the fixed-
period license file is displayed as
the expiration time of the specific
fixed-period license file.
Related Tasks
14.9.2 Parameters for Querying the Revocation Code of an U2000

License
This topic describes the parameters in the Query License Revocation Code dialog box. You
need to understand the meanings of these parameters when managing U2000 licenses.
Parameters
License SN Description:
SN of a license file.

U2000
License Revocation Description:

Code A string generated after a license file is revoked. You can use this
unique string to check that its corresponding unique license file is
revoked. When applying for a new license, you need to provide the
revocation code of the old license.
Revocation Time Description:

(MM/dd/yyyy) Time when a license file is revoked. "MM/dd/yyyy" indicates the
format of the date, which can be set in Region Settings. For details,
see Setting the Date Format of the Client.
Related Tasks
14.9.3 Parameters for Revoking an U2000 License

This topic describes the parameters in the Revokes License dialog box. You need to
understand the meanings of these parameters when managing U2000 licenses.
Buttons
Button Description
Revoke License Revokes the license that is not in use to obtain the revocation
code. You can use the code to apply use the code to apply for a
new license.
Parameters
Product Description:
Name of a product.
License SN Description:
SN of a license file.
License File Description:

Name of a license file.
Related Tasks

U2000
14.9.4 Parameters for Comparing the Original License with the

Updated License
This topic describes the parameters in the Comparison dialog box.
Parameters
Find Description:
Keyword used for querying license items in
the table. Enter a license keyword in the
text box and click .
Find supports approximate string
matching.
Resource Control Resource Description:

Item Control item of the license.
ID Description:
ID of the resource control item.
Consumption Description:
Number of used licenses.
Current Capacity Description:

Maximum number of resource items that
can be used on the license before a license
file update.
New Capacity Description:

Maximum number of resource items that
can be used on the license after a license
file update.
Alter Type Description:

Change type of thelicense capacity. After
the new license file is used, the license
capacity changes. The change types include
Add, Delete, Modify, and Keep.
Risk Level Description:

Level of the risk brought by a license
update. Risk levels include Risk, Warning,
Info, and None. Table 14-3 describes the
causes of each risk level.
Function Control Function Description:

Item Control item of the license.

U2000
ID Description:
ID of the resource control item.
Current Capacity Description:

Specifies whether the current license
supports this function.
New Capacity Description:

Specifies whether the updated license
supports this function.
Alter Type Description:

Change type of thelicense capacity. After
the new license file is used, the license
capacity changes. The change types include
Add, Delete, and Keep.
Risk Level Description:

Level of the risk brought by a license
update. The risk levels include Risk and
Info.
l Risk: A certain function may become
unavailable immediately after the
license update.
Cause: The function is deleted.
l Info: A small risk is brought after the
license update.
Cause: A function is added or the
license of a function is unchanged.
Table 14-3 Causes of each risk level

Risk Description Cause
Level
When Resource Is Set to When Resource Is
Valid Day Not Set to Valid
Day
Risk Some resources may The expiration date specified The new license
become unavailable by New Capacity and that capacity is less than the
immediately after the specified by Current current consumption or
license update. Capacity are earlier than the some resource items
current system time or are deleted.
certain resource items are
deleted.

U2000
Risk Description Cause

Level
When Resource Is Set to When Resource Is
Valid Day Not Set to Valid
Day
Warning Some resources may The expiration date specified The new license
be unavailable after by New Capacity is later capacity is greater than
the license update. than or equal to the current or equal to the current
system time and is earlier consumption but is less
than the expiration date than the current license
specified by Current capacity.
Capacity.
Info A small risk is The expiration date specified The new license
brought after the by New Capacity is later capacity is greater than
license update. than or equal to the current or equal to the current
system time and the consumption, and is
expiration date specified by greater than the current
Current Capacity. license capacity.
None If Risk Level is left N/A The new license

blank, the license capacity is greater than
update brings no risk. or equal to the current
consumption, and is
equal to the current
license capacity.
NOTE
When Resource is set to Valid Day:
l Current Capacity indicates the expiration date of the original license file. New Capacity indicates
the expiration date of the new license file.
l If two license files exist before or after the update, the system compares first the expiration dates of
the permanent commercial license files and then those of the fixed-period license files. In this case,
if Risk Level is set to Risk or Warning, the system will not compare the expiration dates of the
fixed-period license files after permanent commercial license file comparison.
Related Tasks
14.9.5 Parameters for Setting U2000 License Periodic Export

This topic describes the parameters for periodically exporting license tasks of the U2000 in
task management. You can refer to these parameters when you perform OSS License Export
operations.

U2000
Parameters
Table 14-4 Parameters on the Common Parameters tab page

Parameter Description Settings
Task name Description: Value:

Name of a scheduled task. l A maximum of 64 characters.
l Unique and not null.
l Case sensitive.
Execution Description: -
type Specifies whether the task is a
one-time task or a periodic task.
Start time Description: Value:

Time when a task is started. The start time should be later than
the time displayed on the server.
Task type Description: -

Type of a scheduled task.
Interval Description: Value:

Interval between periodic tasks, Unit: day, week, or month
including the duration and unit. Value range: 1-366 (day), 1-52
(week), or (1-12) month
Times Description: -
Number of times a periodic task
is executed.
Table 14-5 Parameters on the Extended Parameters tab page

Compress file Description: Value:

after export Specifies whether to compress Value range: Yes and No
exported files. It is recommended Default: No
that you compress the exported
files if you want to store them or
when the disk space is
insufficient. The exported files
are compressed in ZIP format,
and the original files are deleted
after compression.
File type Description: Value:

Format of exported license files. Value range: XML

U2000
File path Description: -

Path for storing exported license
files.
File size (MB) Description: Value:

If the size of files in the export Value range: 200-4096
directory exceeds the value of
this parameter, the U2000 deletes Default value: 200
the oldest exported files until the
size of files in the directory
becomes smaller than the value of
this parameter.
File storage Description: Value:

period (days) In the export directory, files Value range: 1-180
existing longer than this period Default value: 15
are deleted.
File count Description: Value:

If the number of files in the Value range: 1-180
export directory exceeds the Default value: 15
value of this parameter, the
U2000 deletes the oldest exported
files until the number of files in
this directory becomes smaller
than the value of this parameter.
NOTE
The file clearance mechanism in the export directory is implemented only if the U2000 export task has
been executed, and the number of exported logs is not 0.
14.9.6 Parameters for Setting Alarms for U2000 License Resource

Item Capacity
This topic describes the parameters in the Alarm Configuration for License Resource Item
Capacity dialog box. To set alarms for license resource item capacity, you need to use these
parameters.
Buttons
Button Description
Modify in Select one or more configured resource items and click Modify in
Batches Batches. You can modify thresholds for the selected resource items in
batches and select processing policies to be used when the consumption of
the resource items reaches or exceeds the preset thresholds.

U2000
Button Description
Add in Select one or more resource items that are not configured and click Add in
Batches Batches. You can set thresholds for the selected resource items in batches,
select processing policies to be used when the consumption of the resource
items reaches or exceeds the preset thresholds, and set the selected
resource items to be configured.
Cancel Select one or more configured resource items and click Cancel
Configuratio Configuration to set the selected resource items to be not configured.
n
Reset Restore the alarm settings for license resource item capacity to the status
after the previous application modification.
Parameters
Name Description Setting
Find Description: Setting method:

Find the license resource items Enter the keyword of the license
in the table that meet the search
resource items and click .
criteria.
NOTE
Find supports fuzzy search.
Prompting interval Description: Value:

(hour) After setting Timed Prompting Value range: 1-48 hours
for a resource item, you can set Default value: 24 hours
the interval at which an
Information dialog box is Setting method:
displayed. The U2000 displays Enter values directly or use the
the Information dialog box fine-tune button.
based on the interval.
Status Description: -
Configuration status of the
license resource item, including
configured and not configured.
Product Description: -
Name of the product that uses
the license resource item.
NOTE
You can filter resource items by
choosing the product name from the
drop-down list in the upper part of
the table.
Resource Description: -
Name of a license resource item.

U2000
ID Description: -
ID of a license resource item.
Capacity Description: -
Capacity of a resource item
specified in the license file. For
example, if the maximum
number of online clients
specified in the license file is
100, the capacity is 100.
Threshold (%) Description: Value:

Threshold for the capacity of Value range: 1%-99%
each OSS license resource item. Default value: 90%
Setting method:
Enter values directly or use the
fine-tune button.
NOTE
If the specified threshold is out of
the value range, the system
automatically sets it to the default
value.
Sending Alarms Description: Setting method:

When the consumption of each Select or clear the check box.
OSS license resource item NOTE
reaches or exceeds the preset At least one of Sending Alarms
threshold, the U2000 sends an and Timed Prompting must be set.
alarm. When the consumption of
each OSS license resource item
is lower than the preset
threshold, the alarm is
automatically cleared.

U2000
Timed Prompting Description: Setting method:

When the consumption of each Select or clear the check box.
OSS license resource item NOTE
reaches or exceeds the preset At least one of Sending Alarms
threshold, the U2000 displays an and Timed Prompting must be set.
Information dialog box. Then,
the U2000 displays the
Information dialog box based
on the preset interval.
NOTE
The U2000 also displays the
Information dialog box at 10:00
a.m. every day, which is the local
time.
If the interval at which the
Information dialog box is
displayed is shorter than 30
minutes, the dialog box is displayed
only once.
Display Description: Value:

License resource items that are l Configured
configured and not configured l Not configured
Setting method:
Select an option button.
Related Tasks
14.10 FAQs About U2000 Licenses

This topic describes how to resolve common problems occurring during U2000 license
management and solutions to them.
14.10.1 What Do I Do If the Functions Controlled by the License

Can Still Be Used After the License Expires?
Symptom
After a license expires, the functions controlled by the license can still be used for a period of
time.

U2000
Possible Causes
The U2000 allows the functions controlled by the license to be used during the keep-alive
period for the license, improving user experience.
NOTE
By default, the keep-alive period for an expired license is 60 days.
Procedure
Step 1 Contact Huawei technical support engineers to apply for a new license.
----End
14.10.2 What Do I Do If a License File Is Deleted?
Symptom
A license is revoked. As a result, the license file is deleted after the keep-alive period for the
license ends.
Possible Causes
The license has been revoked, and the keep-alive period for it has ended.
NOTE
If a license is revoked, the ESN in the license file does not match the MAC address of the server, or the fixed-
period license in the scenario of permanent commercial license and fixed-period license expires, the license
file is deleted after the keep-alive period for the license ends.
Procedure
Step 1 Choose License > OSS License Management > Query License Revocation Code
and choose License Management > Query License Revocation Code (application style) .
Step 2 In the Query License Revocation Code dialog box, select the queried revocation code
information, right-click, and choose Copy from the shortcut menu to copy the revocation code
information.
Step 3 Send the copied revocation code information to the Huawei technical support engineers to
apply for a new license.
----End
14.10.3 How Do I Resolve a License File Check Failure Occurring

When I Update the License?
Symptom
When a license file whose ESN does not match the MAC address of the server replaces the
original license file to update the license, a message is displayed, indicating that the license
file fails to be checked.

U2000
Possible Causes
The ESN of the license file used by the OSS does not match the MAC address of the OSS
server, and the keep-alive period for the license has ended. Therefore, the license file fails to
be checked.
NOTE
l Keep-alive period: indicates the days during which a license can still be used when the ESN in the
substitute license file does not match the MAC address of the server, or the license has expired. After the
keep-alive period for a license ends, the license cannot be used.
l If you initially use a license file whose ESN does not match the MAC address of the server to replace the
original license file, the license is updated successfully. After the keep-alive period for the license ends,
the substitute license file becomes invalid.
l The ESN in the current license file does not match the MAC address of the server, and the keep-alive
period for the license does not end. When you use another license file whose ESN does not match the
MAC address of the server to replace the original license file, the keep-alive period for the license does
not change.
Procedure
Step 1 Obtain an ESN matching the MAC address of the server again to apply for a new license and
replace the original license file with the new one.
----End
14.10.4 What Do I Do If No Information Dialog Box Is Displayed

Prompting Me to Immediately Update the License After the
License Is Revoked?
Symptom
The OSS simultaneously uses the permanent commercial license and fixed-period license of a
product. If the permanent commercial license is revoked, no information dialog box is
displayed, prompting you to immediately update the license.
Possible Causes
If no new license is used after the permanent commercial license is revoked, the U2000
detects the license update status every hour. If the license is not updated, the U2000 displays
an information dialog box, prompting you to immediately update the license and providing
License SN, Revocation Time, Valid Date (last day when a license can still be used after it is
revoked), and License File information.
14.11 U2000 License Consumption Statistics Rule

This document describes the rules of collecting statistics on the consumption of U2000
license resource control items on the U2000 client.
For details, see U2000 License Consumption Statistics Rule Reference.

U2000
ATAE Cluster System Administrator Guide (SUSE) 15 Monitoring the U2000 Server
15 Monitoring the U2000 Server
About This Chapter
You can monitor the service status, hard disk status, database status, resource status,
component information of the U2000 server, and log information on system monitor
operations. If the Trace Server independently deployed in the ATAE cluster system or virtual
cluster system is used with the U2000, the Trace Server status can also be monitored. The
status query method is the same as that of the U2000. The U2000 monitoring parameters also
take effect on the Trace Server. Therefore, you do not need to set monitoring parameters for
the Trace Server.
15.1 Setting the Monitoring Parameters

You can set parameters for server monitoring, hard disk monitoring, database monitoring, and
service monitoring. When a threshold is reached, the U2000 generates an alarm.
15.2 Monitoring the Status of the U2000 Server
By monitoring the running status and resource status of the U2000, you can understand the
health condition of the U2000 and handle the exceptions of the U2000 hardware and software
in time.
15.3 Reference of Monitoring the U2000 Server GUI
This chapter describes the GUI and parameters for monitoring the U2000 server.

U2000
15.1 Setting the Monitoring Parameters

You can set parameters for server monitoring, hard disk monitoring, database monitoring, and
service monitoring. When a threshold is reached, the U2000 generates an alarm.
15.1.1 Setting the Parameters for Monitoring the U2000 Server

You can set the server monitoring parameters to monitor the performance of the U2000 server,
including the CPU usage and memory usage. This helps you to identify and handle
performance exceptions in time, ensuring efficient running of the U2000 server. When the
CPU usage or memory usage reaches the specified threshold, the U2000 client receives an
alarm.
Context
l The parameter Server usage sampling interval indicates the sampling interval. The
CPU and memory usage is sampled at the specified interval.
l CPU overload indicates that the CPU usage is higher than or equal to the alarm
generation threshold.
l If the CPU usage sampled each time is higher than or equal to the alarm generation
threshold, the CPU is continuously overloaded. In this case, the number of continuous
CPU overload times is equal to that of continuous sampling times.
Procedure
Step 1 Choose Monitor > System Monitor > Settings (traditional style); alternatively, double-click
System Management in Application Center and choose System > System Monitor >
Settings from the main menu (application style).
Step 2 In the System Monitor Settings dialog box, click the Server Monitor tab.
Step 3 On the Server Monitor tab, set the required parameters.
The default value of Alarm Generation Threshold and Alarm Clearance Threshold, both
parameters for Swap memory usage, are 95 and 85, respectively. You are advised to use the
default values. You can perform the following operations to change their values.
1. Run the following command to view the value of Total Physical Memory.
~> cat /proc/meminfo | grep MemTotal
2. Run the following command to view the swap space size.
~> cat /proc/meminfo | grep SwapTotal
3. Use the following formulas to calculate the values of Alarm Generation Threshold and
Alarm Clearance Threshold. The parameter value is the calculation result rounded up
to an integer. For example, if the calculation result is 66.3, the parameter value is 67.
– Alarm generation threshold = (Total physical memory + 0.7 x Swap space size) /
(Total physical memory + Swap space size)
– Alarm clearance threshold = (Total physical memory + 0.6 x Swap space size) /
(Total physical memory + Swap space size)
Step 4 Click OK.
----End

U2000
Result
l If the number of consecutive times that the CPU is overloaded reaches the value
specified by Max. consecutive CPU overloads for alarm, a high CPU usage alarm is
generated. When the CPU usage sampled is lower than the alarm clearance threshold, the
high CPU usage alarm is cleared.
l When the swap memory usage is higher than or equal to the alarm generation threshold,
a high swap usage alarm is generated. When the swap memory usage is lower than the
alarm clearance threshold, the high swap usage alarm is cleared.
l When a high usage alarm is generated, the icon in the CPU Usage, or Swap Memory
Usage column changes from to on the Server Monitor tab of the System Monitor
Browser window. If you have enabled the function of displaying pop-up messages, you
will receive messages on the status bar of the client, prompting you of performance
exceptions.
Related Tasks
15.2.5 Monitoring the Resource Status of the U2000 Server
Related References
15.3.1 Parameters for Setting the Monitoring Thresholds of the U2000 Server
15.3.1 Parameters for Setting the Monitoring Thresholds of the U2000 Server
15.1.2 Setting the Parameters for Monitoring the Disk Usage of

the U2000 Server
You can set the disk monitoring parameters to monitor the disk usage of the U2000 server.
This helps you to identify and handle insufficiency issues of the disk space in time, thereby
preventing service exceptions. When the disk usage reaches the specified threshold, the
U2000 client receives a high disk usage alarm. You can also specify whether to display pop-
up messages on the client.
Procedure
Step 2 In the System Monitor Settings dialog box, click the Hard Disk Monitor tab.
Step 3 On the Hard Disk Monitor tab, set Hard disk usage sampling interval, Alarm Generation
Threshold, and Alarm Clearance Threshold.
l Under the Default node, set default values shared by all hard disks. Click + before
Default, and then set the thresholds for generating and clearing alarms of each severity.
The threshold specified for generating alarms of a low severity must be smaller than that
for generating alarms of a high severity.
l Under the Custom node, set values specific to a hard disk. Expand Custom and click +
before the server name. You will find that all disks use the default thresholds. To specify
other values for a disk, click + before the disk name, and then click the cell next to the
disk name. In the drop-down list, select Customize value. Now, the threshold for
generating alarms of each severity can be changed. To change a threshold, in the text box

U2000
next to the desired alarm severity, enter a value. If you do not want to receive alarms of a
disk, select Disable alarm generation from the drop-down list next to the disk name.
Step 4 Optional: Expand Custom and click + before the server name. Then the disk names are
displayed. In the Show Pop-Up Message column, select Yes or No from the drop-down list
next to the desired disk name.
Step 5 Click OK.
----End
Result
l When the hard disk space usage reaches the threshold for generating an alarm of a
certain severity, the corresponding alarm is generated. When the usage reaches the
threshold for generating an alarm of a higher severity, the alarm of the higher severity is
generated and the existing alarm of a lower severity is automatically cleared. When the
usage is lower than a threshold for clearing alarms of a severity, the alarm of this severity
is cleared.
l When a high disk usage alarm is generated, the icon in the Status column changes from
to on the Hard Disk Monitor tab of the System Monitor Browser window. If you
enable the function of displaying pop-up messages, the message The hard disk
partition is abnormal is displayed on the status bar of the client.
Related Tasks
15.2.3 Monitoring the Disk Status of the U2000 Server
Related References
15.3.2 Parameters for Setting the Hard Disk Monitoring Thresholds of the U2000 Server
15.3.2 Parameters for Setting the Hard Disk Monitoring Thresholds of the U2000 Server
15.1.3 Setting the Parameters for Monitoring the Database Usage

of the U2000 Server
You can set the database monitoring parameters to monitor the U2000 database usage. This
helps you to identify and handle insufficiency issues of the database space in time, thereby
preventing service exceptions. When the database usage of the U2000 server reaches the
specified threshold, the U2000 client receives a high database usage alarm.
Procedure
Step 2 In the System Monitor Settings dialog box, click the Database Monitor tab.
Step 3 On the Database Monitor tab, set Database usage sampling interval and the alarm
generation thresholds.
l Under the Default node, set default values shared by all databases. Click + before
Default, and then set the thresholds for generating alarms of each severity. The threshold
specified for generating alarms of a low severity must be smaller than that for generating
alarms of a high severity.

U2000
l Under the Custom node, set values specific to a database. Expand Custom, and click +
before the server name and database instance name. You will find that all databases use
the default thresholds. To specify other values for a database, click + before the database
name, and then click the cell next to the database name. In the drop-down list, select
Customize value. Now, the threshold for generating alarms of each severity can be
changed. To change a threshold, in the text box next to the desired alarm severity, enter a
value. If you do not want to monitor the usage of a database, select Disabled
Monitoring from the drop-down list next to the database name.
Step 4 After the setting, click OK.
----End
Result
l When the database usage of the U2000 server reaches the threshold for generating an
alarm of a certain severity, the corresponding alarm is generated. When the usage
reaches the threshold for generating an alarm of a higher severity, the alarm of the higher
severity is generated and the existing alarm of a lower severity is automatically cleared.
When the usage is smaller than the threshold, the corresponding clear alarm is generated.
l When the condition for generating a high database usage alarm is met, the icon in the
Status column changes from to on the Database Monitor tab of the System
Monitor Browser window.
Related References
15.3.3 Parameters for Setting the Database Monitoring Thresholds of the U2000 Server
15.1.4 Setting the Parameters for Monitoring the Service Status of

the U2000 Server
This topic describes the parameters for monitoring the service status. Users can set the
monitor frequency and specify whether to show the pop-up message as required. This helps
users learn about the service status, and identify and rectify faults in a timely manner,
ensuring proper running of the services on the U2000 server.
Procedure
Step 2 In the System Monitor Settings dialog box, click the Service Monitor tab.
Step 3 On the Service Monitor tab, set Service status sampling interval and specify whether to
display pop-up messages.
Step 4 Click OK.
----End
Result
l The information displayed on the Service Monitor tab of the System Monitor Browser
window is refreshed at the specified interval.

U2000
l If you enable the function of display pop-up messages for some services, a status
indicator is displayed on the status bar in the lower-right corner of the client. When all of
these services are running, the status indicator turns green. When one or some of these
services is stopped, the status indicator turns red and a pop-up message is displayed.
Related References
15.3.4 Parameters for Setting the Service Monitoring Thresholds of the U2000 Server
15.2 Monitoring the Status of the U2000 Server

By monitoring the running status and resource status of the U2000, you can understand the
health condition of the U2000 and handle the exceptions of the U2000 hardware and software
in time.
15.2.1 Monitoring the Service Status of the U2000 Server

You can view information such as the service names and service status of the U2000, to
understand the running status of the U2000 server. The information helps you identify and
handle exceptions in time, ensuring efficient running of the U2000 server.
Context
If a service is stopped or abnormal, its status icon is displayed in red.
Procedure
Step 1 Choose Monitor > System Monitor > Browser (traditional style); alternatively, double-click
Browser (application style).
Step 2 In the System Monitor Browser window, click the Service Monitor tab.
Step 3 On the Service Monitor tab, right-click a service and choose Details from the shortcut menu.
NOTE
You can also double-click a service to open the Service Details dialog box.
Step 4 In the Service Details dialog box, view the service details and dependencies.
----End
Related References
15.3.5 Parameters for Monitoring the Service Status of the U2000 Server
15.2.2 Monitoring the Process Status of the U2000 Server

You can view information such as process names, process IDs, and number of threads, you
can understand the process status of the U2000 server. The information helps you identify and

U2000
Procedure
Step 2 In the System Monitor Browser window, click the Process Monitor tab.
Step 3 On the Process Monitor tab, view the process status of the server.
----End
Related References
15.3.6 Parameters for Monitoring the Process Status of the U2000 Server

You can view information such as the total disk capacity and disk usage to understand the disk
status of the U2000 server. The information helps you identify and handle exceptions in time,
ensuring efficient running of the U2000 server. If the disk usage is very high, you need to
clean up or expand the disk.
Procedure
Step 2 In the System Monitor Browser window, click the Hard Disk Monitor tab.
Step 3 On the Hard Disk Monitor tab, view the disk status of the server.
The Status depends on the specified alarm generation thresholds. When the usage of the
hard disk partition is higher than or equal to the threshold, Status changes to Abnormal.
----End
Related Tasks
15.1.2 Setting the Parameters for Monitoring the Disk Usage of the U2000 Server
Related References
15.3.7 Parameters for Monitoring the Hard Disk Status of the U2000 Server
15.2.4 Monitoring the Database Status of the U2000 Server

You can view information such as the database name, server name, and database status to
understand the running status of the U2000 server. The information helps you identify and
Procedure

U2000
Step 2 In the System Monitor Browser window, click the Database Monitor tab.
Step 3 On the Database Monitor tab, view the database status of the U2000 server.
Status of a database depends on the database process running status, status of connection
between the server and database, log space usage in the database, and specified alarm
threshold. When a database process is abnormal, the connection between the server and
database is abnormal, the log space usage in the database is excessively high, or the database
usage is higher than or equal to the specified alarm threshold, Status changes to Abnormal.
----End
Related References
15.3.8 Parameters for Monitoring the Database Status of the U2000 Server

You can view the system resource usage of the U2000 server that you have logged in to. The
information helps you identify and handle exceptions in time, ensuring efficient running of
the U2000 server.
Procedure
Step 2 In the System Monitor Browser window, click the Server Monitor tab.
Step 3 On the Server Monitor tab, view the resource status of the U2000 server.
----End
Related Tasks
Related References
15.3.9 Parameters for Monitoring the Status of the U2000 Server
15.2.6 Viewing Logs of System Monitoring Operations

This function enables you to view logs of system monitoring operations performed by users.
Procedure
Step 2 In the System Monitor Browser window, select the Operation Logs tab.
Operation logs are listed.

U2000
Step 3 In the Time range drop-down list, select a time range of the logs to be viewed.
Step 4 Right-click an operation log and choose Details from the shortcut menu. In the displayed Log
Details dialog box, view the details of the operation log.
NOTE
You can also double-click an operation log to access the Log Details dialog box.
----End
Related References
15.3.10 Parameters for Viewing System Monitoring Operation Logs
15.2.7 Refreshing the Monitoring Information

The monitoring information on the U2000 client is automatically refreshed at the specified
monitoring interval. If you want to refresh the monitoring information immediately, you can
click Refresh on each monitoring tab.
Context
l Only the current tab is refreshed.
l After you switch to another monitor tab, the monitoring information on this tab is
refreshed immediately.
Procedure
Step 2 In the System Monitor Browser window, click the tab corresponding to the monitoring
information to be refreshed.
Step 3 Click Refresh.
----End
15.2.8 Saving the Monitoring Information

You can save the monitoring information for future analysis.
Procedure
Step 2 In the System Monitor Browser window, click the tab corresponding to the monitoring
information and click Save As.

U2000
NOTE
l The monitoring information can be saved in TXT, HTML, CSV, or XML format.
l For .txt files, code formats ISO-8859-1 and UTF-8 are supported. The default encoding format is
ISO-8859-1. You are advised to use the default encoding format if the saved file does not need to
support multiple languages; otherwise, UTF-8 is recommended.
Step 3 In the Save dialog box, select a path, enter a file name, and click Save.
NOTE
After the file is saved successfully, you can open the file or navigate to the folder that stores the file.
----End
15.3 Reference of Monitoring the U2000 Server GUI

This chapter describes the GUI and parameters for monitoring the U2000 server.
15.3.1 Parameters for Setting the Monitoring Thresholds of the

U2000 Server
This topic describes the parameters on the Server Monitor tab in the System Monitor
Settings dialog box, including the CPU and memory monitoring thresholds and sampling
parameters.

U2000
Parameters
Paramete Max. Description: Value:

r Settings consecutive Number of consecutive Value range: 10-400
CPU times that the CPU usage
overloads for Default value: 40
is higher than or equal to
alarm Alarm Generation Configuration Guidelines:
(10-400) Threshold. When the The default value 40 is
number of consecutive recommended. You can observe
times reaches the value the U2000 service performance
specified by this after The CPU Usage Is High
parameter, the CPU usage alarms are generated and change
is considered high. the setting if required, to ensure
Impact on System: that The CPU Usage Is High
alarms reflect the actual impact
If the number of of high CPU usage on the U2000
consecutive times that the services.
CPU usage is higher than
or equal to Alarm l If the U2000 frequently
Generation Threshold generates The CPU Usage Is
reaches the value specified High alarms but the U2000
by this parameter, alarm services work properly, you
The CPU Usage Is High can set Max. consecutive
is generated. CPU overloads for alarm to
a larger value.
l If the U2000 services run
slowly, (for example, the
client responds slowly or no
alarms are reported) but no
The CPU Usage Is High
alarm is reported, you can set
Max. consecutive CPU
overloads for alarm to a
smaller value.

U2000
Server usage Description: Value:

sampling Interval for sampling the Value length: 2-60
interval CPU usage and memory
(2-60 Default value: 15
usage.
seconds) Configuration Guidelines:
Impact on System:
The default value 15 is
High sampling frequency recommended. You can observe
occupies too much server the U2000 service performance
resources, which affects after The CPU Usage Is High
the server performance. and The Memory Usage Is Too
High alarms are generated and
change the setting if required, to
ensure that The CPU Usage Is
High and The Memory Usage Is
Too High alarms reflect the
actual impact of high usage on
the U2000 services.
l If the U2000 frequently
generates The CPU Usage Is
High and The Memory
Usage Is Too High alarms but
the U2000 services work
properly, you can set this
parameter to a larger value.
The CPU Usage Is High or
The Memory Usage Is Too
High alarm is reported, you
can set this parameter to a
smaller value.

U2000
Threshol CPU usage Description: Value:

d CPU usage. This The value range of Alarm
Settings parameter defines the Generation Threshold is 1-99.
following parameters: The default value is 90.
l Alarm Generation The value range of Alarm
Threshold: The CPU Clearance Threshold is 1-99.
is overloaded when the The default value is 70.
CPU usage reaches Configuration Guidelines:
Alarm Generation
Threshold. The default value is
recommended. You can observe
l Alarm Clearance the U2000 service performance
Threshold: When the after The CPU Usage Is High
CPU usage is smaller alarms are generated and change
than Alarm Clearance the setting if required, to ensure
Threshold, the U2000 that The CPU Usage Is High
marks the generated alarms reflect the actual impact
The CPU Usage Is of high CPU usage on the U2000
High alarm Cleared. services.
l Show Pop-up l If the U2000 frequently
Message: If Show generates The CPU Usage Is
Pop-up Message is set High alarms but the U2000
to Yes, a pop-up services work properly, you
message is displayed can set Alarm Generation
on the U2000 client Threshold to a larger value.
when the CPU usage
reaches Alarm l If the U2000 services run
Generation slowly, (for example, the
Threshold. When the client responds slowly or no
CPU usage is smaller alarms are reported) but no
than Alarm Clearance The CPU Usage Is High
Threshold, the pop-up alarm is reported, you can set
message disappears. Alarm Generation
Threshold to a smaller value.
l To prevent alarms from being
frequently cleared and then
reported, you are advised to
set Alarm Clearance
Threshold to a value at least
20% smaller than the value
specified by Alarm
Generation Threshold.

U2000
Swap Description: Value:

memory Swap memory usage. This The value range of Alarm
usage parameter defines the Generation Threshold is 1-99.
Threshold: If the Clearance Threshold is 1-99.
memory usage reaches The default value is 85.
Alarm Generation Configuration Guidelines:
Threshold, the U2000
generates The The default value is
Memory Usage Is Too recommended. To adjust the
High alarms. value, perform step 3 in 15.1.1
Setting the Parameters for
l Alarm Clearance Monitoring the U2000 Server,
Threshold: When the or observe the U2000 service
memory usage is performance after The swap
smaller than Alarm Usage Is High alarms are
Clearance Threshold, generated and change the setting
the U2000 marks the if required, to ensure that The
generated The swap Usage Is High alarms
Memory Usage Is Too reflect the actual impact of high
High alarm Cleared. swap usage on the U2000
l Show Pop-up services.
Message: If Show l If the U2000 frequently
Pop-up Message is set generates The swap Usage Is
to Yes, a pop-up High alarms but the U2000
message is displayed services work properly, you
on the U2000 client can set Alarm Generation
when the memory Threshold to a larger value.
usage reaches Alarm
Generation l If the U2000 services run
Threshold. When the slowly, (for example, the
memory usage is client responds slowly or no
smaller than Alarm alarms are reported) but no
Clearance Threshold, The swap Usage Is High
the pop-up message alarm is reported, you can set
disappears. Alarm Generation
NOTE
This parameter is available l To prevent alarms from being
only when the U2000 server frequently cleared and then
runs on Solaris or SUSE reported, you are advised to
Linux. set Alarm Clearance
specified by Alarm
Related Tasks

U2000
15.3.2 Parameters for Setting the Hard Disk Monitoring

Thresholds of the U2000 Server
This topic describes the parameters displayed on the Hard Disk Monitor tab in the System
Monitor Settings dialog box.
Parameters
Parameter Hard disk Description: Value:

Settings usage Interval of sampling the Value range: 60-3600
sampling disk usage.
interval Default value: 60
(60-3600 Impact on System: Configuration
seconds) A high sampling frequency Guidelines:
occupies many server The default value 60 is
resources, which affects recommended. A short
the server performance. sampling period reflects the
disk usage in time.
Sampling the hard disk
usage every 60 seconds has
only a slight impact on the
U2000 server performance.

U2000
Threshold Default Description: Setting method:

Settings Default threshold for Click + to expand Default.
generating and clearing Set the default thresholds
alarm The Disk Usage Is for generating and clearing
Too High. The parameters high hard disk usage alarms
are described as follows: of different severities.
l Alarm Generation Value:
Threshold: If the disk Value range: 1-99
usage reaches the
threshold for generating Default value of Alarm
the Alarm Generation Generation Threshold:
Threshold alarm of a l Warning: 60
severity, the U2000 l Minor: 70
generates the The Disk
Usage Is Too High l Major: 80
alarm of this severity. l Critical: 90
l Alarm Clearance Default value of Alarm
Threshold: If the disk Clearance Threshold:
usage is smaller than l Warning: 55
the threshold for
l Minor: 65
generating the Alarm
Clearance Threshold l Major: 75
alarm, the U2000 clears l Critical: 85
the generated The Disk
Configuration
Usage Is Too High
Guidelines:
alarm and sets it as
Cleared. The default value is
recommended.
l Show Pop-up
Message: You can l Alarm Generation
enable the function of Threshold: Insufficient
displaying pop-up disk space affects
messages in Custom. service running of the
U2000; therefore, the
Alarm Generation
Threshold values for
the four alarm severities
must reflect their actual
impacts on the U2000
services.
l Alarm Clearance
Threshold: It is
recommended that
Alarm Clearance
Threshold be smaller
than Alarm
Generation Threshold
by 5% or more,
preventing alarms from

U2000
being frequently cleared

and then reported.

U2000
Custom Description: Setting method:

User-defined Alarm 1. Click + before Custom
Generation Threshold to expand the nodes.
and Alarm Clearance 2. Click + before the
Threshold values of the server name to expand
The Disk Usage Is Too nodes.
High alarm for each
partition of the disk. 3. Click + before a disk
partition name to
l Modes for setting expand nodes:
thresholds:
l Selecting modes for
– Default value: The
setting thresholds: In
values in Default
the Alarm
are used as the
Generation
Alarm Generation
Threshold drop-
Threshold and
down list, select
Alarm Clearance
Customize Value,
Threshold values of
Custom value, or
each disk partition.
Disable alarm
– Customize value: generation.
Users need to
l Show Pop-up
specify the values of
Message: In the
Alarm Generation
Show Pop-up
Threshold and
Message drop-down
Alarm Clearance
list on the right of
Threshold for each
the disk partition
disk partition.
name, select Yes or
– If Disable alarm No.
generation is
Configuration
selected, the U2000
Guidelines:
does not report The
Disk Usage Is Too The option Default value
High alarm for the is recommended.
specified disk
partition.
l Alarm Generation
Threshold: Users need
to specify Alarm
for generating The
Disk Usage Is Too
High alarms of all
severities.
l Alarm Clearance
to specify Alarm
Clearance Threshold
for clearing The Disk
Usage Is Too High
alarms of all severities.

U2000
l Show Pop-up
Message: If Show Pop-
up Message is set to
Yes for a disk partition,
a pop-up message is
displayed on the U2000
client when the usage of
the disk partition
reaches Alarm
When the usage is
smaller than Alarm
Clearance Threshold,
the pop-up message
disappears.
Related Tasks
15.3.3 Parameters for Setting the Database Monitoring Thresholds

of the U2000 Server
This topic describes the parameters displayed on the Database Monitor tab in the System
Monitor Settings dialog box.
Parameters
Parameter Settings Database usage Description: Value:

sampling interval Interval of sampling Value range:
(300-3600 seconds) the database usage. 300-3600
The sampled Default value: 300
database usage is
displayed on the Configuration
Database Monitor Guidelines:
tab in the System The default value is
Monitor Browser recommended. To
window. slow sampling,
increase the value of
the parameter.

U2000
Threshold Settings Default Description: Setting method:

Default threshold for Click + to expand
generating the high Default. Set the
database usage default threshold for
alarm of the U2000 generating high
server. database usage
NOTE alarms of different
l When the
severities.
database usage Value:
reaches the alarm
generation Value range: 1-100
threshold, a high Default value:
database usage
alarm is l Warning: 85
generated. When l Minor: 90
the database
usage is smaller l Major: 95
than the l Critical: 98
threshold, the
alarm is Configuration
automatically Guidelines:
cleared.
To quickly set the
l Thresholds are alarm generation
set separately
based on different
threshold, you can
alarm severities. set a default value
and select Default
l When the usage
reaches the value in Custom.
threshold for
generating an
alarm of a certain
severity, the
corresponding
alarm is
generated. When
the usage reaches
the threshold for
generating an
alarm of a higher
severity, the
alarm of the
higher severity is
generated and the
existing alarm is
automatically
cleared.
Relationship with
Other Parameters:
If you select Default
value from
Threshold in
Custom, the default
value is used as the

U2000
alarm generation
threshold.

U2000

User-defined 1. Click + before
thresholds for Custom to
generating the high expand nodes.
database usage 2. Click + before
alarm of the U2000 the server name
server. Users can set to expand nodes.
thresholds for
different databases. 3. Click + before
the database
instance name to
expand nodes.
4. Click + before a
database name to
expand nodes. In
the Threshold
drop-down list
next to the
database name,
select a threshold
setting mode.
Value:
The threshold
setting mode
includes the
following values:
l Default value:
Values in
Default are used
as thresholds for
generating high
database usage
alarms of
different
severities.
l Customize
value:
Customize
thresholds for the
database usage
alarms of
different
severities.
Value range:
1-100
Default value:
value in Default.
l Disabled
Monitoring:

U2000
Disable the
database
monitoring.
Related Tasks
15.1.3 Setting the Parameters for Monitoring the Database Usage of the U2000 Server
15.3.4 Parameters for Setting the Service Monitoring Thresholds

of the U2000 Server
This topic describes the parameters on the Service Monitor tab in the System Monitor
Settings dialog box.
Parameters
Parameter Settings Service status Description: Value:

(60-3600 seconds) the service running 60-3600
status. The sampling Default value: 60
result is displayed
on the Service
Monitor tab in the
System Monitor
Browser dialog box.
Impact on System:
A shorter refresh
interval means more
server resources
occupied.
Screen Tip Settings Default Group Description: Setting method:

If Show Pop-up Select a service from
Message is set to the Service Name
Yes for a service, a drop-down list.
pop-up message is Select Yes or No in
displayed on the the corresponding
U2000 client when Show Pop-up
the service is Message drop-down
abnormal. When the list.
service resumes the
normal running
status, the pop-up
message disappears.

U2000
Related Tasks
15.1.4 Setting the Parameters for Monitoring the Service Status of the U2000 Server
15.3.5 Parameters for Monitoring the Service Status of the U2000

Server
This topic describes the parameters in the query results on the Service Monitor tab that is
displayed when you check the service status of the U2000 server.
Shortcut Menu Items

Shortcut Description
Menu
Refresh Refreshes the status information.
Find 1. Select one or more logs in the query window, right-click, and choose
Find from the shortcut menu.
2. Enter a keyword in Find what in the Find dialog box for search.
NOTE
l Match case: determines whether the case of search contents matches the case of
the keyword. By default, the cases do not match.
l Match entire cell contents: If you want the search contents to partially match the
cell contents, clear Match entire cell contents. If you want the search contents
to exactly match the cell contents, select Match entire cell contents. By
default, Match entire cell contents is cleared.
Details Indicates the general information about the selected services and
dependencies among these services.
Parameters
Service Name Description:

Name of a service monitored by the U2000.
Process Name Description:

Name of the process corresponding to a service monitored by the U2000
Description Description:
Description of functions, interfaces, and other information of a service.
Status Description:
Status of a service. The value is Running, Unknown or Stopped.
Startup Mode Description:

Service startup mode. The value is Automatic, Manual, or Disabled.
NOTE
Startup Mode can be set to Disabled only for services that have been stopped.

U2000
Auto Restart Description:

Times Number of times the service can automatically restarts when the service is
stopped abnormally.
The number of restart times is cleared after the U2000 is restarted.
NOTE
l The service automatically restarts when Startup Mode is set to Automatic or
Manual for the service.
l By default, this menu item is not displayed. You can press Ctrl+Alt+R to
display it.
Start Time Description:

Time when a service is started.
Server Name Description:

Name of the monitored server.
Related Tasks
15.2.1 Monitoring the Service Status of the U2000 Server
15.3.6 Parameters for Monitoring the Process Status of the U2000

Server
This topic describes the parameters in the query result on the Process Monitor tab that is
displayed when you check the process status of the U2000 server.
Shortcut Menu Items

Menu
Refresh Refreshes monitoring information.
NOTE

U2000
Parameters
Process Name Description:

Name of a process.
Process ID Description:
ID of a process.
Handles Description:
Number of handles occupied by a process.
NOTE
This parameter is displayed as a hyphen (-) if the process is a
database process or the process status cannot be obtained in the
event of the Trace Server (TS) service.
CPU Usage (%) Description:

CPU usage of a process.
NOTE
This parameter is displayed as a hyphen (-) if the process status
cannot be obtained in the event of the TS service.
Memory Usage (MB) Description:

Virtual memory usage of a process.
NOTE
Database Connections Description:

Number of database connections used by a process.
NOTE
This parameter is displayed as a hyphen (-) if the U2000 does
not monitor the number of database connections used by the
corresponding process or the process status cannot be obtained
in the event of the TS service.
Threads Description:
Number of threads generated by a process.
NOTE
Related Tasks
15.2.2 Monitoring the Process Status of the U2000 Server
15.3.7 Parameters for Monitoring the Hard Disk Status of the

U2000 Server
This topic describes the parameters in the query result on the Hard Disk Monitor tab that is
displayed when you check the hard disk status of the U2000 server.

U2000
Shortcut Menu Items

Menu
NOTE
Parameters
File System Description:

Hard disk partitions and their paths.
Total Space (MB) Description:

Total size of a specified partition. It is the sum of Used Size
and Free Size.
Used Space (MB) Description:

Size of space used by a specified partition.
NOTE
To ensure that the alarm The Disk Usage Is Too High reported by
the U2000 server that runs Solaris or SUSE Linux indicates the
accurate hard disk usage, specify Used Space of a hard disk to the
sum of space used by applications and space reserved for the
operating system (OS). Applications cannot occupy the space
reserved for the OS.
To obtain the size of space used by applications, run the df -h
command on the U2000 server and check the value of used.
Free Space (MB) Description:

Size of the remaining space of a specified partition.
Usage (%) Description:

Usage of a specified partition.
Usage = (Used Space/Total Space) x 100%

U2000
Status Description:
Status of a specified partition. The value is Normal,
Unknown or Abnormal. In the event of the TS service, if
the hard disk status cannot be obtained, the value is
Unknown. If the hard disk usage is greater than or equal to
the threshold, the value is Abnormal.
Related Tasks
15.3.8 Parameters for Monitoring the Database Status of the U2000

Server
This topic describes the parameters in the query result on the Database Monitor tab that is
displayed when you check the database status of the U2000 server.
Shortcut Menu Items

Menu
NOTE
Parameters for the Sybase Database

Database Name Description:

Name of the database on the U2000 server.
Total Data Space (MB) Description:

Total size of the data space in the database.

U2000
Free Data Space (MB) Description:

Size of the remaining data space in the database.
Data Space Usage (%) Description:

Percentage of the used data space in the total data
space.
Total Log Space (MB) Description:

Log space of the database.
Free Log Space (MB) Description:

Remaining log space of the database.
Log Space Usage (%) Description:

Percentage of the used log space in the total log
space.
NOTE
Log space usage is calculated using the following formula:
Log space usage = (Total log space - Remaining log
space)/Total log space x 100%.
Status Description:
The value is Normal or Abnormal. If the database
usage is larger than or equal to the threshold, the
state is Abnormal.
Database description of the U2000 server.
Parameters for the Oracle Database

Database Name Description:

Name of the database on the U2000 server.
Total Data Space (MB) Description:

Total size of the data space in the database.
Free Data Space (MB) Description:

Size of the remaining data space in the database.
Total Data Space Usage (%) Description:

Percentage of the used data space in the total data
space in the database.

U2000
Table Space Usage (%) Description:

Percentage of the used table space in the total table
space in the database.
NOTE
The Oracle database occupies the table space in a greedy
manner. The high-water mark determines the used and
unused blocks in a segment. The high-water mark
increases after data is added, but does not decrease after
data is deleted from the table. The U2000 calculates the
data usage of the Oracle database by monitoring the high-
water mark. Therefore, the Oracle data usage monitored by
the U2000 does not decrease after data is deleted from the
table.
Status Description:
The value is Normal or Abnormal. If the database
usage is larger than or equal to the threshold, the
state is Abnormal.
Database description of the U2000 server.
Related Tasks
15.2.4 Monitoring the Database Status of the U2000 Server

This topic describes the parameters in the query result on the Server Monitor tab that is
displayed when you check the status of the U2000 server.
Shortcut Menu Items

Menu
NOTE

U2000
Parameters
Server Name Description:

Name of the U2000 server.
Server Status Description:

State of the U2000 server. The value is Active,
Unknown or Standby.
OS Description:
Operating system of the server.
Total Physical Memory (MB) Description:

Total capacity of the physical memory on the server.
Free Physical Memory (MB) Description:

Remaining capacity of the physical memory on the
server.
Total Swap Memory (MB) Description:

Total virtual memory space of the U2000 server.
Free Swap Memory (MB) Description:

Remaining virtual memory space of the U2000 server.
CPU Usage (%) Description:

Usage of the CPU.
Swap Memory Usage (%) Description:

Usage of the swap memory.
Related Tasks
15.3.10 Parameters for Viewing System Monitoring Operation

Logs
This topic describes the parameters in the query result on the Operation Logs tab page.
Parameters
User Name Description:

U2000 user who performs an operation.

U2000
Operation Name Description:

Name of an operation.
Operation Time Description:

Time when a user performs an operation.
Client Description:
IP address of the system monitor client where a user performs an
operation.
Result Description:
Operation result, namely, success or failure.
Details Description:
Operation description.
Related Tasks
15.2.6 Viewing Logs of System Monitoring Operations

U2000
ATAE Cluster System Administrator Guide (SUSE) 16 Managing OSS Tasks Centrally
16 Managing OSS Tasks Centrally
About This Chapter
The U2000 provides the function of centrally managing scheduled tasks. You can browse
information such as the task status and the progress as well as create, modify, and delete user-
scheduled tasks. In addition, you can suspend, restore, cancel scheduled tasks, and save task
result files to the client.
16.1 Overview of Task Management

Task management integrates such concepts as task types, task scheduling parameters, states of
scheduled tasks, and so on. Such knowledge helps you perform operations related to task
management.
16.2 Customizing the Interface for Managing Scheduled Tasks
This topic describes how to customize the interface for managing scheduled tasks. The system
can display scheduled tasks of the specified type in the navigation tree or display the
scheduled tasks that meet the specified conditions in the task list.
16.3 Creating User Scheduled Tasks
You can set some network maintenance functions provided by the U2000 in the form of user
scheduled tasks. When the conditions for performing user scheduled tasks are satisfied, the
U2000 automatically performs the corresponding network maintenance functions.
16.4 Managing Scheduled Tasks
User scheduled tasks refer to the scheduled tasks managed by a user. The user can delete,
suspend, resume, cancel, terminate, and roll back user scheduled tasks.
16.5 Viewing Scheduled Tasks
The U2000 supports viewing of scheduled tasks. You can view information, such as task
names, creators, progress, and execution results, about the tasks to which you have
permissions. This function helps you adjust scheduled tasks based on execution conditions.
16.6 Downloading Task Execution Tasks
You can download the execution file of NodeB license allocation tasks to a local PC and then
check the specific resource allocation information.
16.7 Downloading Result Files
This section describes how to download the results of timing tasks. You can save the results of
timing tasks on the server to the local client in .txt format.

U2000
16.8 Reference of the Integrated Task Management GUI

This part describes the integrated task management interfaces and related information such as
the parameters used in the integrated task management. This helps you understand the
functions of integrated task management easily.

U2000
16.1 Overview of Task Management

Task management integrates such concepts as task types, task scheduling parameters, states of
scheduled tasks, and so on. Such knowledge helps you perform operations related to task
management.
16.1.1 Task Types

The U2000 classifies managed scheduled tasks into different types according to the task
execution period, function, and feature.
Tasks Grouped According to the Execution Period

According to the execution period, the U2000 classifies managed scheduled tasks into one-
time tasks and periodic tasks. Table 16-1 describes each type of task.
Table 16-1 Tasks grouped according to the execution period

Task Types Description
Once Refers to a task that is performed only once at a

specified time.
Period Refers to a task that is performed periodically since a

specified time.
Tasks Grouped According to the Function

According to the task function, the U2000 classifies managed scheduled tasks into database
capacity management tasks, file interface tasks, manual dump tasks, NE Information
Collector (NIC) tasks, synchronization tasks, backup tasks, CM report tasks, CME tasks, and
other tasks. Table 16-2 describes each type of task.
NOTE
The NEs that support CME tasks are the RNC, NodeB, BSC6000, BSC6900 GSM, BSC6900 UMTS,
BSC6900 GU, BSC6910 GSM, BSC6910 UMTS and BSC6910 GU .CME tasks are available only after
the CME software corresponding to the NE version is installed.
Table 16-2 Tasks grouped according to the function

Database Capacity The U2000 periodically deletes the data whose storage duration
Management reaches the specified Save Days from the database. Database
capacity management tasks ensure that the database capacity is
maintained within a proper range, avoiding database faults
caused by insufficient database capacity.
File Interface Various types of data is periodically exported to a specified

directory on the server.

U2000
Manual Dump By manually executing a dump task, you can dump alarm/
event/log data from database to the specific file on the U2000
server. Dumped alarms/events/logs are deleted from the
database, thereby preventing insufficiency of database space.
NIC NIC tasks provide the Nastar with the NE data required for
analyzing system performance, querying and verifying
configuration data, scanning uplink frequencies, and optimizing
neighboring cells.
Synchronization Certain data may be missing due to causes such as

communication interruption. The synchronization function
enables you to ensure that the data on the U2000 is consistent
with the data on NEs.
Backup The U2000 allows you to save server data and NE data in
backup files to a specified directory on the U2000 server. The
stored server data and NE data can be used for restoring the
system and NEs in case of any data loss or any exception in the
system and NEs.
CM Report The U2000 periodically exports configuration reports in files to

a specified directory on the U2000 server. You can use this
function to save data outside the system. The exported data is
still stored in the database.
The types of reports that can be exported consist of RAN report,
core network resource report, NE report, NE Statistical report,
and NE link report.
CME Scheduled CME tasks. For example, scheduled data

synchronization tasks and data consistency check tasks.
Others Scheduled tasks except the previously mentioned task types.
Tasks Grouped According to the Feature

According to the task feature, the U2000 classifies managed scheduled tasks into system
scheduled tasks and user scheduled tasks. Table 16-3 describes each type of task.
Table 16-3 Tasks grouped according to the feature

System Scheduled Task System scheduled tasks are the tasks required for the normal
operation of the U2000 system. For details about these tasks,
see 16.1.2 System Scheduled Tasks.
User Scheduled Task User scheduled tasks are the tasks customized to meet the
requirements of network maintenance. For details about these
tasks, see 16.1.3 User Scheduled Tasks.

U2000
16.1.2 System Scheduled Tasks

System scheduled tasks are created during the installation or upgrade of the U2000 system.
The Creator parameter of each system scheduled task is displayed as OSS.
The U2000 uses to identify system scheduled tasks and uses to identify user scheduled
tasks.
NOTE
l A system scheduled task can be browsed and managed only by users in the Administrators group
and the common user bond with the permissions for the system scheduled task. It is recommended
that the management domain of the common user include all network devices. If the system
scheduled task supports template export, it is recommended that the user have the permission to
view all templates. Otherwise, during task modification, the user cannot view the NEs or templates
selected by other users due to insufficient permission. As a result, the modifications will replace
the settings of other users.
l System scheduled tasks cannot be copied. Only some parameters of system scheduled tasks can be
modified. These parameters, however, cannot be deleted.
l Some system scheduled tasks can be suspended or canceled.
l The NEs that support CME tasks are the RNC, NodeB, BSC6000, BSC6900 GSM, BSC6900
UMTS, BSC6900 GU, BSC6910 GSM, BSC6910 UMTS and BSC6910 GU .CME tasks are
available only after the CME software corresponding to the NE version is installed.
For details about system scheduled tasks, see Table 16-4.
Table 16-4 System scheduled tasks
Task Task Name Description References

Type
Database Alarm/Event The system periodically For details, see Parameters

Capacity Log Dump deletes the data whose for Setting Alarm/Event Log
Managem storage duration reaches the Dump.
ent specified Save Days from the
Performance database. Database capacity For details, see Parameters
Data management tasks ensure for Managing Scheduled
that the database capacity is Tasks and Performance
maintained within a proper Database Capacity.
Operation range, thereby avoiding For details, see Parameters

Log Dump database faults caused by for Setting U2000 Log
insufficient database Periodic Dump.
System Log capacity.
Dump Data dumped in different
tasks is as follows:
l Alarm/Event Log Dump:
alarms/events data of the
U2000 and all NEs.
l Performance Data: NE
performance
measurement data.
l Operation Log Dump:
U2000 operation logs.

U2000

Type
Security Log l System Log Dump:

Dump U2000 system logs.
l Security Log Dump:
U2000 security logs.
Tasks related After the MBB backhaul For details see Bearer
to the MBB device management Network Management >
backhaul component is installed, the Basic Configuration of
device, such task is available. MBB Backhaul Devices >
as Task Management of
Performance iManager U2000 MBB
Event Period Backhaul Device
Dump Management Compoment
Product Documentation. You
can log in to the http://
support.huawei.com website
and search for the product
documentation with
iManager U2000 MBB
Backhaul Device
Management Compoment
Product Documentation as
the keyword.
File Performance Various types of data is For details, see Parameters

Interface Data Export periodically exported to a for Exporting Performance
specified directory on the Measurement Results.
server.
Configuration For details, see Parameters
Data exported in different
Data Export for Modifying Configuration
tasks is as follows:
Data Export Tasks.
l Performance Data
NE License Export: NE performance For details, see 16.8.4
Data Export measurement data. Parameters for Scheduled
l Configuration Data Task Attributes.
OSS License Export: NE configuration For details, see 14.9.5

Export data. Parameters for Setting
l NE License Data Export: U2000 License Periodic
license files of eNodeB, Export.
NodeB, BTS3900,
NE Operation BSC6900 GSM, For details, see Parameters
Log Export BSC6900 GU, BSC6900 for Exporting NE Logs.
UMTS, BSC6910 GSM,
NE Security
BSC6910 GU, BSC6910
Log Export
UMTS.
NE Running l OSS License Export:
Log Export OSS License.

U2000

Type
NE Upgrade l NE Operation Log For details, see 16.8.8

Log Export Export: NE operation Parameters for Modifying
logs. the Export of NE Upgrade
l NE Security Log Export: Log.
NE security logs.
Inventory For details, see Parameters
Data Export l Inventory Data Export: for Modifying the Export of
NE inventory data. Inventory Data.
l Alarm/Event Log Export:
Alarm/Event alarms/events logs that For details, see Parameters
Log Export meet filter criteria such as for Setting an Alarm or
alarm/event category, Event Log Export Task.
Operation type, and severity. For details, see Parameters

Log Export l Operation Log Export: for Setting U2000 Log
U2000 operation logs. Periodic Export.
System Log
l System Log Export:
Export
U2000 system logs.
Security Log l Security Log Export:
Export U2000 security logs.
Manual Alarm You can manually dump For details, see Parameters
Dump Manual alarms, events, operation for Manually Dumping
Dump logs, security logs or system Alarms/Events.
logs. Dumped alarms,
Event Manual events, operation logs,
Dump security logs or system logs
Operation are deleted from the For details, see Parameters
Log Manual database, thereby preventing for Manually Dumping
Dump insufficiency of database U2000 Logs.
space.
Security Log l Alarm Manual Dump:
Manual alarms data of the U2000
Dump and all NEs.
System Log l Event Manual Dump:
Manual events data of the U2000
Dump and all NEs.
l Operation Log Manual
Dump: U2000 operation
logs.
l System Log Manual
Dump: U2000 system
logs.
l Security Log Manual
Dump: U2000 security
logs.

U2000

Type
NIC Network These tasks are used for For details, see Parameters
Logs collecting the CHR logs of for Modifying a Network
Collection WiMAX BTS and eNodeB Log Data Collection Task.
and neighboring cell
relationship logs and
interference logs of WiMAX
BTS, providing the Nastar
with the data about abnormal
call events, terminal
handover events, and base
station frequency
interference.
Synchroni NE The U2000 obtains the latest For details, see Parameters
zation Configuration data from NEs on a for Modifying an NE
Data scheduled basis by Configuration Data
Synchronizati performing an NE Synchronization Task.
on configuration data
synchronization task, NE log
Inventory synchronization task, NE For details, see Parameters
Data inventory data for Modifying Inventory
Synchronizati synchronization task, alarm Data Synchronization Tasks.
on scheduled synchronization
NE Log task, or MBTS correlation For details, see 16.8.4
Synchronizati synchronization task. Parameters for Scheduled
on Task Attributes.
Alarm
Synchronizati
on
MBTS
Correlation
Synchronizati
on
NE Upgrade
Log
Synchronizati
on

U2000

Type
Maintenance Through a maintenance

Mode mode synchronization task,
Synchronizati the NE maintenance mode
on information stored on the
U2000 is delivered to NEs
on a scheduled basis.
NOTE
This function applies only to
CBSCs, CBTSs, eNodeBs
earlier than eRAN3.0, and
WiMAX base stationss earlier
than V300R005C00.
MOC Through a MOC

Configuration configuration
Synchronizati synchronization task to
on synchronize NE data to the
U2000 at intervals to keep
data consistency between the
U2000 and NEs.
Backup Server The dynamic service data of For details, see Extended
Backup the U2000 system and Parameters for Backing Up
certain CME data can be Server Data.
backed up. The operating
system data, however, cannot
be backed up.
Signal Backup the tables of a For details, see 16.8.4

NetWork NE signaling network NE, such Parameters for Scheduled
Data Backup as the destination signaling Task Attributes.
point (DSP) table, routing
table, link table and link set
table, at the scheduled time.
Base Station The U2000 saves base For details, see Parameters
Backup station data in backup files to for Backing Up Base Station
the specified directory on the on Schedule.
server periodically or on a
scheduled basis. The backup
files are used for restoring
base stations in case of any
data loss or base station
exception.
Security Customize Customized command For details, see Parameters

Command groups saved on the U2000 for Synchronizing
Group are synchronized to the Customized MML
Synchronizati corresponding NEs on a Command Groups.
on scheduled basis.

U2000

Type
Others PM Object The U2000 periodically For details, see 16.8.4

Synchronizati synchronizes NE objects to Parameters for Scheduled
on ensure that the performance Task Attributes.
measurement (PM) objects
on the U2000 are consistent
with those on NEs.
Clear Power- The system periodically

Saving Data clears power consumption
on Schedule data of base stations.
NE License The system automatically

Scheduled collects the license
Collection information about controllers
for users to learn the
information on the GUI.
MS You can set the MS For details, see Parameters

Differentiated Differentiated Processing for the MS Differentiated
Processing EMR task to share BSC data Processing EMR Task.
EMR about whether mobile
stations (MSs) support
enhanced measurement
report (EMR) blacklist with
other BSCs on a scheduled
basis. The purpose to prevent
EMB-incapable MSs from
deteriorating network KPIs
when EMR is enabled.
SAIC You can set the SAIC For details, see Parameters
Terminal Terminal Capability for the SAIC Terminal
Capability Sharing task to share with Capability Sharing Task.
Sharing other BSCs the BSC data
identified by VAMOS SAIC
capability identification on a
scheduled basis.
Overflow Alarm After you set alarm/event For details, see Parameters
Dump Overflow overflow dump, the U2000 for Setting an Alarm or
NOTE Dump periodically checks whether Event Overflow Dump Task.
This the number of alarms or
function events in the database
can only reaches the specified
be used in
threshold. If the overflow
a virtual
system. dump condition is met, the
U2000 automatically dumps
alarm/event logs. The
dumped alarm/event logs are
deleted from the database,

U2000

Type
Event avoiding insufficient For details, see Parameters

Overflow database space. for Setting an Alarm or
Dump Event Overflow Dump Task.
CME CME System You can optimize CME None

Task performance by setting
system-scheduled tasks on
the CME. After such tasks
are set, the CME updates
data in the current data area,
planned data areas, and CME
database on a scheduled
basis.
Feature You can set a scheduled task

Status Query for querying feature
activation status on a
scheduled basis. You can
also export the query results
to a specified directory on
the server. Other products
(for example, the PRS) can
obtain the query result file
from the directory to query
the feature activation status
on the live network.
16.1.3 User Scheduled Tasks

User scheduled tasks are customized to meet the requirements of network maintenance.
l User scheduled tasks can be created, modified, or deleted.
l Some user scheduled tasks can be suspended or canceled.
l The U2000 uses to identify system scheduled tasks and uses to identify user
scheduled tasks.
For details about user scheduled tasks, see Table 16-5.
NOTE
l The NEs that support CME tasks are the RNC, NodeB, BSC6000, BSC6900 GSM, BSC6900
UMTS, BSC6900 GU, BSC6910 GSM, BSC6910 UMTS, and BSC6910 GU . CME tasks are
available only after the CME software mapping the NE version is installed.
l User scheduled tasks can be managed only by the creator and the users in the administrator group. If
the users in the non-Administrators groups have the Task Management permission, they can view
user tasks but cannot manage these tasks.

U2000
Table 16-5 Description of user scheduled tasks

Task Task Name Description Reference
Type
Backup NE Backup The U2000 saves NE data in For details, see Parameters
backup files to the specified for Backing Up NE Data
directory on the server on Schedule.
periodically or on a scheduled
basis. The backup files are used
for restoring NEs in case of any
data loss or NE exception. You
can back up the data of all the
NEs on the entire network, NEs
of a specified type, or specified
NEs.
NE License The activated license files on None

Backup NEs are backed up and uploaded
to a specified directory on the
U2000 server on a scheduled
basis. The license files are used
for restoring NEs in case of any
license file loss or NE
exception.
CM RAN Report The U2000 periodically exports For details, see Parameters
Report Export configuration reports in files to a for Creating, Modifying,
specified directory on the or Copying a
Core Network U2000 server. You can use this Configuration Report
Resource function to save data outside the Export Task.
Report Export system. The exported data is
NE Report still stored in the database.
Export
NE Statistical
Report Export
Link Report
Export
MBTS
Relationship
Report Export
NIC 2G/3G This task is used for collecting None

Neighboring the information about
Cell neighboring GSM cells for 3G
Optimization neighboring relationship
analysis.
This task is created on the
Nastar. You only need to view
the task progress on the U2000.

U2000

Type
Cell RF Data The U2000 provides the cell RF For details, see Parameters
Collection data collection function. The for Creating a Cell RF
collected data is used as input Data Collection Task.
for network planning and
optimization tools.
FFT Data The U2000 provides the fast For details, see Parameters
Collection Fourier transformation (FFT) for Creating an FFT Data
data collection function. Before Collection Task.
collecting the FFT data, you
must create an RF data
collection task and export the
required configuration file using
a network planning and
optimization tool.
RTWP Data This task provides the Nastar None

Collection with NodeB interference data.
Daemon NIC This task provides the Nastar None

Task with various types of data, such
as the interference data, intra-
frequency neighboring cell
optimization data, complaint
handling data of the CDMA
network, and the intra-frequency
neighboring cell optimization
data and coverage analysis data
of the UMTS network.
Frequency This task provides the Nastar For details, see Parameters
Scan with uplink frequency data for for Creating an Uplink
uplink interference analysis. ARFCN Data Collection
This task is controlled by the Task.
U2000 license.
Neighboring This task provides the Nastar For details, see Creating a
Cell with neighboring cell Data Collection Task for
Optimization optimization data for Neighboring Cell
neighboring cell analysis. This Optimization.
task is controlled by the U2000
license.

U2000

Type
Synchro NE Operating The U2000 obtains the latest For details, see 16.8.4
nization System Log data from NEs on a scheduled Parameters for
Synchronizatio basis by performing an NE Scheduled Task
n operating system log Attributes.
Synchronization
synchronization task.
Security NE Security You can create an NE security For details, see Parameters
Monitoring monitoring task to promptly for NE Security
identify security attacks and Monitoring Tasks.
risks on NEs so that you can
take appropriate security
protection measures.
CME BSC Node This section describes how to None

Redundancy check BSC node redundancy
Consistency data on a scheduled basis. You
Check can create scheduled tasks on
the U2000 to check and
synchronize dual-homed GBTS
or eGBTS data on the primary
and secondary base station
controllers on a scheduled basis.
Parameters This section describes how to

Compare perform parameter comparison
tasks on a scheduled basis.
Besides manually comparing
parameters on the CME, you
can use task management of the
U2000 to perform parameter
comparison tasks on a scheduled
basis. The comparison results
can be used as references for
parameter reconfiguration. This
operation is applicable to
scenarios where scheduled tasks
need to be performed and where
the comparison takes an
excessive amount of time, for
example, parameter comparison
on the entire network.
Consistency The CME checks whether the

Check NE data in the current data area
complies with the selected
check rules.

U2000

Type
Pool This section describes how to

Consistency check RNC in Pool data. In the
Check RNC in Pool scenario, after data
is reconfigured on the master
RNC, the CME can check for
differentiated data between the
master RNC and backup or
overflow RNC and then correct
the differentiated data. In this
way, the configuration data on
the master RNC is synchronized
to the backup or overflow RNC.
Current Area The U2000 exports the data in

Export the current data area through
northbound interfaces,
facilitating the management of
the current data area.
Inter-OSS You can set a specified interval

System or a time to import the
Neighboring neighboring cell data of other
Cell Import systems' CMEs and check the
neighboring cell data. Then you
can adjust the neighboring cell
data based on the check result to
ensure that the neighboring cell
data is consistent within the
entire network.
Inter-OSS You can set a specified interval

System or a time to export the
Neighboring neighboring cell data of the
Cell Export current system to other systems'
CMEs and check the
neighboring cell data. Then you
can adjust the neighboring cell
data based on the check result to
ensure that the neighboring cell
data is consistent within the
entire network.
Configuration This section describes how to

Report export configuration reports on
a scheduled basis. You can set a
scheduled task for exporting
configuration reports on the
U2000. This helps you
conveniently view configuration
report data and statistics.

U2000

Type
Others MML Script After an MML script is For details, see Parameters
configured, the U2000 issues the for Creating/Modifying/
commands in the script in Copying MML Command
batches on a scheduled basis. Script Tasks.
Therefore, you do not need to
manually issue the commands
one by one.
Base Station The U2000 performs scheduled For details, see Parameters
License tasks for allocating Base Station for Creating/Modifying
Scheduled license resources at a specified Scheduled NodeB License
Distribution time, reducing manual Allocation Tasks.
operations.
PRS You can set PRS scheduled For details, see Parameter
Scheduled tasks on the U2000 for the Description: Creating,
Task desired performance reports. Viewing, or Modifying a
Then the U2000 collects Scheduled Report Task.
performance data and generates
performance reports on a
scheduled basis.
BSC/RNC The U2000 performs scheduled For details, see Parameters

License Timed tasks for downloading and for Creating/Modifying
Activation activating BSC/RNC license Scheduled Controller
files at a specified time, License Activation Tasks.
reducing manual operations.
RSSI Test The U2000 collects the RSSI For details, see 16.8.7
values of base stations on a Parameters for
scheduled basis. Therefore, Creating/Modifying/
exceptions in the radio Copying an RSSI Test
frequency (RF) subsystem of a Task.
base station can be identified in
time and voice quality can be
ensured. Performing an RSSI
test task consumes a large
number of system resources.
Therefore, you are advised to
perform such a task only for
batch test. Currently, only
CBTSs and CBSCs support
RSSI test tasks.
RTWP Routine The U2000 collects the RTWP None

Test values of base stations on a
scheduled basis.

U2000

Type
Upgrade The U2000 checks whether the For details, see Parameters
Checking services are functioning for Creating an NE
normally after an NE is Upgrade Verification
upgraded. Task.
Dual Home The U2000 checks the data of For details, see
Auto NEs that have the dual-homing Parameters for
Consistency relation periodically or on a Creating/Modifying/
Check scheduled basis. Therefore, you Copying a Dual-Homing
Management can ensure that an MSCServer Auto Consistency Check
can take over some or all data Task of the dual homing.
on the other MSCServer in case
of a dual-homing failover.
Alarm Check The U2000 analyzes NE alarm For details, see Parameters
trends, comparisons between for Setting Special Alarm
alarms, common alarm TopNs, Check Tasks.
TopN alarm features, alarm
maintenance, and fault alarms
and generates check reports
in .html format on a scheduled
basis, enabling you to analyze
network faults in detail.
Top Power The U2000 collects the value of For details, see 16.8.6
Test the transmit power on top of the Parameters for
cabinet on a scheduled basis. Creating/Modifying/
Therefore, exceptions in the Copying a Task for
radio frequency (RF) subsystem Testing BTS Cabinet-
of a base station can be Top Power.
identified in time and voice
quality can be ensured.
Performing a top power test task
consumes a large number of
system resources. Therefore,
you are advised to perform such
a task only for batch test.
Currently, only CBTSs and
CBSCs support RSSI test tasks.
Script Timer By running the preset HSL For details, seeParameters

Task scripts, you can perform for Script Timer Task
operations such as modifying Attributes.
NE parameters and obtaining
alarm data.

U2000

Type
Interference The U2000 checks RF For details, see Parameters

Measurement interference on managed base for Intermodulation
stations or boards, which Interference Detection.
facilitates fault locating and
improves network OM
efficiency.
Transfer NE The U2000 system enables you For details, see18.4

Management to use NE migration tasks to Parameters for Setting
migrate NE data between an NE Migration Task.
servers.
Tasks related After the MBB backhaul device For details see Bearer
to the MBB management component is Network Management >
backhaul installed, the task is available. Basic Configuration of
device MBB Backhaul Devices
> Task Management of
iManager U2000 MBB
Backhaul Device
Management Compoment
You can log in to the
http://support.huawei.com
website and search for the
product documentation
with iManager U2000
MBB Backhaul Device
Management
Compoment Product
Documentation as the
keyword.
16.1.4 States of Scheduled Tasks

A scheduled task has four states: idle, running, suspended, and finished.
For details about the states of scheduled tasks, see Table 16-6.
Table 16-6 States of scheduled tasks
State Description
Idle A scheduled task is in the idle state after it is initially created.
Running After being dispatched, an idle task changes to the running state.
Finished A task is in the finished state if it does not require to be dispatched.

It requires to be dispatched, its state changes to idle.

U2000
State Description
Suspended You can suspend an idle scheduled task. Then, the task is in the
suspended state.
The suspended task changes to the idle state if you resume it.
The state of a scheduled task changes with operations performed by users. For details, see
Figure 16-1.
Figure 16-1 State change of a timing task
State change of a timer task is described as follows:

l A timer task is in the idle state after it is initially created.
l An idle task is changed to a running task after being scheduled.
l An idle task is changed to a suspended task after being suspended.
NOTE
Certain idle tasks such as dump tasks are not allowed to be suspended to ensure the proper running
of the U2000. In other word, these idle tasks are never in the suspended state.
l A running periodic task is changed to the idle state after being canceled. A running one-
time task is changed to the finished state after being canceled.
l If a task does not need to be scheduled when the task is complete, it is in the finished
state. If the task needs to be scheduled again, it restores to the idle state.
l A finished one-time task can be manually rescheduled. After rescheduling, the task is
changed to a running task. A finished periodic task cannot be rescheduled.
Users can delete user timer tasks in the idle, suspended or finished state. Users in non-
Administrators groups can delete only user timer tasks created by themselves. Users in the
Administrators group can delete all user timer tasks.

U2000
16.1.5 Technical Specifications of Task Management

This section describes the technical specifications related to the task management function.
Function Category Specification Item Value
Task Maximum size of task MML task: 2

execution results (unit: MB) Other tasks: 1
If the execution result of a task
except MML tasks exceeds 1
MB, it cannot be displayed on
the client. You need to
download the result to your
local PC to view it.
Maximum size of the script ≤5

uploaded for an MML task
(unit: MB)
User task Total number of scheduled NE 50 (The number of NEs that

backup tasks can be backed up through a
task is unlimited.)
Total number of MML script l 2000 equivalent NEs or

configuration tasks (including less: 500
dual-homing consistency check l 3200 equivalent NEs: 750
tasks)
l 4000 equivalent NEs: 1000
Maximum number of iSStar l 2000 equivalent NEs or

script tasks less: 200
Maximum number of CME l 2000 equivalent NEs or

upload tasks less: 50
Maximum number of dual- 50

homing management tasks
Maximum number of TMO 100

configuration import tasks
Total number of scheduled 50

software download tasks

U2000
16.2 Customizing the Interface for Managing Scheduled

Tasks
This topic describes how to customize the interface for managing scheduled tasks. The system
can display scheduled tasks of the specified type in the navigation tree or display the
scheduled tasks that meet the specified conditions in the task list.
Procedure
Step 2 In the Task Management window, perform operations based on custom requirements.
Custom Operation
Requirement
Customize the 1. Right-click in the navigation tree and choose Type Filter from
navigation tree the shortcut menu.
2. In the Type Filter dialog box, select the type of the scheduled
tasks to be displayed. By default, all types of scheduled tasks that
the current user is authorized to browse are displayed.
Customize the task 1. Right-click the task list and choose Filter from the shortcut
list menu.
2. In the Filter dialog box, set the filter criteria, including Created
By, Category, Task Status, and Execution Result. For details
about the parameters, see 16.8.2 Parameters for Setting Task
Filter Criteria.
Step 3 Click OK to save the settings.
----End
16.3 Creating User Scheduled Tasks

You can set some network maintenance functions provided by the U2000 in the form of user
scheduled tasks. When the conditions for performing user scheduled tasks are satisfied, the
U2000 automatically performs the corresponding network maintenance functions.
Context
l This topic describes the common procedure for creating a user scheduled task. The
parameter settings vary according to different user scheduled tasks. When creating a user
scheduled task on the task creation interface, you can press F1 to view the help
information about the task.
l To quickly create tasks, you can copy a multi-instance user scheduled task (this task
enables you to create multiple tasks) and then modify its parameters.

U2000
l The instance quantity of the scheduled tasks of a specific type is limited. If the instance
quantity of the existing scheduled tasks of a specific type reaches the maximum, you
cannot create or copy a scheduled task of this type.
l If right control is set for tasks of a specific type and you are not authorized, you cannot
create or copy these tasks.
l The U2000 server may respond slowly due to too many scheduled tasks. The total
number of scheduled tasks (including system scheduled tasks and user scheduled tasks)
cannot exceed 500. The total number of script timer tasks cannot exceed 200.
l When creating scheduled tasks, users can set whether the scheduled tasks are
automatically deleted after executed. If the scheduled tasks are set to be automatically
deleted after executed, no excessive user tasks are accumulated in the system, which
facilitates task management. One-time tasks are automatically deleted two days after
Expiration time and periodic tasks are automatically deleted two days after executed.
l Excessive short-period scheduled tasks may occupy a large number of U2000 server
resources. As a result, the server responds slowly and other services may be affected.
Carefully consider the task object, content, execution type, and period when creating a
scheduled task. Do not create excessive short-period scheduled tasks. When the CPU or
memory usage is excessively high and the server responds slowly, these short-period
scheduled tasks need to be canceled or parameters for them need to be adjusted so that
the U2000 can run properly.
Procedure
Step 2 In the Task Management window, create a user scheduled task.
You can create a user scheduled task by using any of the following methods:
l In general, click New.
l To quickly create a task of the specified type, double-click a user scheduled task in the
Task Type navigation tree.
l To quickly create a multi-instance user scheduled task whose parameter settings are
similar to those of a specified task, select the multi-instance user scheduled task, and
then click Copy.
Step 3 In the New Task or Copy Task dialog box, set the parameters of the created user scheduled
task.

U2000
Parameter Setting
Common 1. Set Task Name, Task Type, and Execution Type:

Parameters – Task Name: Enter the task name in Task Name.
– Task Type: Select the type of the task to be created in the Task
Type navigation tree.
– Execution Type: Select One-time or Periodic in the Execution
Type area.
NOTE
The value of Execution Type for certain tasks is fixed to One-time or
Periodic because the execution type of such tasks is not configurable.
2. Click Next.
3. Set Start time, Period Settings and Deletion Settings:
– Start time: In the Time Settings area, set Start time.
– Period Settings: In the Period Settings area, set Execution
interval, and then select a periodic execution mode, namely, Times
or End time.
– Deletion Settings: In the Deletion Settings area, set whether to
delete the task automatically.
NOTE
– For a one-time task, you can select Run now to run the task at once after it is
created.
– For a periodic task, you need to set the parameters in the Period Settings
area. If the execution interval is one month and Start time is set to a specific
time on the thirty-first day of a month, the task is executed at the specified
time. If the month does not have the thirty-first day, the task is executed at the
specified time on the last day of the month.
– For a one-time task, you can select Delete automatically to set the
Expiration time, Expiration time must be later than Start time.
– For a periodic task, you can select Delete automatically only when Times is
not 0 or End time is selected.
Extended Set advanced parameters according to the task requirements.

Parameters
Step 4 Click Finish.
The created user scheduled task is displayed in the task list.
NOTICE
iSStar scripts can deliver MML commands to NEs. If an iSStar script contains MML
commands, confirm the impact of the commands on NE services before they are delivered and
exercise caution.
----End

U2000
16.4 Managing Scheduled Tasks

User scheduled tasks refer to the scheduled tasks managed by a user. The user can delete,
suspend, resume, cancel, terminate, and roll back user scheduled tasks.
16.4.1 Modifying Scheduled Tasks

This section describes how to modify the attributes of user scheduled tasks or system
scheduled tasks.
Prerequisites
You have logged in to the U2000 client successfully.
Context
l Scheduled tasks are classified into 16.1.2 System Scheduled Tasks and 16.1.3 User
Scheduled Tasks.
l If you are not authorized to operate certain tasks, you can only view the attributes of the
tasks created by other users, but cannot modify these attributes.
Procedure
Step 2 In the Task Management window, modify the attributes of a scheduled task by using any of
the following methods:
l Select a task from the task list, and then click Attributes. In the Attributes dialog box,
modify common and extended parameters.
l Double-click a task in the task list. In the displayed Attributes dialog box, modify
common and extended parameters.
NOTICE
If a user needs to modify a system scheduled task, it is recommended that the management
domain of the user include all network devices and the user have the permissions for the
system scheduled task. If the system scheduled task supports template export, it is
recommended that the user have the permission to view all templates. Otherwise, during task
modification, the user cannot view the NEs or templates selected by other users due to
insufficient permission. As a result, the modifications will replace the settings of other users.
Step 3 Click OK.
----End

U2000
16.4.2 Suspending Scheduled Tasks

To delay task execution, you can suspend idle scheduled tasks. After tasks are suspended,
their status is changed to suspended.
Context
l Only idle tasks can be scheduled.
l Certain idle tasks, such as dump tasks, cannot be suspended. This is to ensure the proper
running of the U2000.
l If right control is disabled, users can suspend only the tasks created by themselves. If
right control is enabled, authorized users can suspend the tasks created by themselves
and other users. The users of the Administrators user group can suspend the tasks
created by all users.
Procedure
Step 2 In the Task Management window, choose Task Type in the navigation tree.
Step 3 Suspend one or more idle tasks with either of the following methods:
l Manual suspending
Select one or more idle tasks in the task list in the right pane, right-click the task(s) and
choose Suspend from the shortcut menu. In the Confirm dialog box, click Yes.
NOTE
If the shortcut menu displayed after you right-click a selected scheduled task does not contain
Suspend, the selected scheduled task does not support suspend. If the shortcut menus displayed
after you right-click multiple selected scheduled tasks do not contain Suspend, the selected
scheduled tasks do not support concurrent suspend.
l Automatic suspending
Select one or more scheduled tasks to be automatically suspended in the task list in the
right pane, right-click the task(s) and choose Suspend/Resume Schedule from the
shortcut menu. In the Suspend/Resume Schedule dialog box, select Suspension time
and then set the time. Click OK.
NOTE
– If the shortcut menu displayed after you right-click a selected scheduled task does not contain
Suspend/Resume Schedule, the selected scheduled task does not support scheduled suspend.
If the shortcut menus displayed after you right-click multiple selected scheduled tasks do not
contain Suspend/Resume Schedule, the selected scheduled tasks do not support concurrent
scheduled suspend.
– Automatic suspending supports a maximum of 500 tasks at a time.
For details about how to set the time for automatic suspension, see 16.8.5 Parameters
for Automatically Suspending and Resuming a Scheduled Task.
After the task is suspended, the U2000 does not schedule it until its status changes to idle.
----End

U2000
16.4.3 Resuming Scheduled Tasks

You can resume suspended tasks. A resumed task changes to the idle state and is ready to be
scheduled.
Prerequisites
At least one suspended scheduled task exists.
Context
l Only idle tasks can be scheduled.
l If right control is disabled, users can resume only the tasks created by themselves. If
right control is enabled, authorized users can resume the tasks suspended by themselves
and other users. The users of the Administrators user group can resume the tasks
suspended by all users.
Procedure
Step 3 Resume a suspended task by using either of the following methods:

l Manual resuming
Select one or more suspended tasks in the task list in the right pane, right-click the
task(s) and choose Resume from the shortcut menu. In the Confirm dialog box, click
Yes.
NOTE
If the shortcut menu displayed after you right-click a selected scheduled task does not contain
Resume, the selected scheduled task does not support resume. If the shortcut menus displayed
after you right-click multiple selected scheduled tasks do not contain Resume, the selected
scheduled tasks do not support concurrent resume.
l Automatic resuming
Select one or more scheduled tasks to be automatically resumed in the task list in the
right pane, right-click the task(s) and choose Suspend/Resume Schedule from the
shortcut menu. In the Suspend/Resume Schedule dialog box, select Resuming time and
then set the time. Click OK.
NOTE
– If the shortcut menu displayed after you right-click a selected scheduled task does not contain
Suspend/Resume Schedule, the selected scheduled task does not support scheduled resume. If
the shortcut menus displayed after you right-click multiple selected scheduled tasks do not
contain Suspend/Resume Schedule, the selected scheduled tasks do not support concurrent
scheduled resume.
– Automatic resuming supports a maximum of 500 tasks at a time.
For details about how to set the time for automatic resuming, see 16.8.5 Parameters for
Automatically Suspending and Resuming a Scheduled Task.
----End

U2000
16.4.4 Cancelling Scheduled Tasks

You can cancel a task in the Running state. The task status is changed to Idle after being
cancelled.
Prerequisites
l At least one scheduled task in the Running state exists.
Context
If the tasks are not controlled by permission, you can cancel only the tasks created by
yourself. If the tasks are controlled by permission, authorized users can cancel the tasks
created by other users. The users in the Administrators user group can cancel the tasks of all
users.
Procedure
Step 2 In the Task Management window, select Task Type in the navigation tree.
Step 3 Select one or more running tasks in the task list in the right pane. Right-click the task and
select Cancel.
NOTE
If the Cancel menu item is not contained in the shortcut menu of a scheduled task, this task cannot be
cancelled.

l After a one-time task has been successfully executed, the task status changes from
Running to Finished.
l After a periodic task has been successfully executed, the task status changes from
Running to Idle.
----End
16.4.5 Deleting Scheduled Tasks

You can delete scheduled tasks to save system resources.
Context
l If right control is disabled, users can delete only the tasks created by themselves. If right
control is enabled, authorized users can delete the tasks created by themselves and other
users. The users of the Administrators user group can delete the tasks created by all
users.
l You cannot delete system tasks.
l You cannot delete the running tasks. You can delete only the user tasks in the idle,
suspended, or finished state.

U2000
l Deleting a scheduled task will delete the execution result files generated during task
execution. If multiple tasks are deleted at a time, system response may time out.
l When creating scheduled tasks, users can set whether the scheduled tasks are
automatically deleted after executed. If the scheduled tasks are set to be automatically
deleted after executed, no excessive user tasks are accumulated in the system, which
facilitates task management. One-time tasks are automatically deleted two days after
Expiration time and periodic tasks are automatically deleted two days after executed.
Procedure
Step 3 Select one or more user tasks in the task list in the right pane.
Step 4 Click Delete.

The task is deleted from the task list.
----End
16.4.6 Saving Scheduled Tasks

The U2000 provides the function of saving scheduled tasks. Users can save scheduled tasks in
the OSS system in the required formats and export the tasks to the local computer. This
enables users to quickly query and understand task changes.
Procedure
Step 2 In the task list on the right of Task Management, right-click the selected record and choose
Save Selected Records from the shortcut menu or right-click in the current area and choose
Save All Records from the shortcut menu.
Step 3 In the displayed Save dialog box, select Save In, enter File Name, and select File Type.
NOTE
l File Type can be set to .txt, .html, .csv, .pdf, .xls, and .xlsx.
l For .txt files, code formats ISO-8859-1 and UTF-8 are supported. The default encoding format is
ISO-8859-1. You are advised to use the default encoding format if the saved file does not need to
support multiple languages; otherwise, UTF-8 is recommended.
Step 4 Click Save.
----End

U2000
16.5 Viewing Scheduled Tasks

The U2000 supports viewing of scheduled tasks. You can view information, such as task
names, creators, progress, and execution results, about the tasks to which you have
permissions. This function helps you adjust scheduled tasks based on execution conditions.
Prerequisites
l At least one scheduled task exists.
l You have the permission to perform operations in the Task Management window.
Procedure
Step 2 In the Task Management window, perform operations based on various scheduled task
viewing requirements.
Viewing Operation
Scheduled
Tasks
1. In the Task Management window, choose Task Type in the navigation

tree.
NOTE
You can view the details about the tasks from the task list on the right of the
window.
You can download execution result log files of script timer tasks from the server.
The files can be saved to the client. This enables you to view the historical
execution results of the tasks at any time. To download the log file of a task,
perform the following operations:
1. Select a task whose log files can be downloaded, and click Save Log.
Browsing the 2. In the Selecting the Logs to Be Saved dialog box, select the log file to be
Information saved, and click OK.
About If you are saving the log file of a one-time script timer task, skip this step.
Scheduled 3. In the Select Folder dialog box, select the path for saving the log file, and
Tasks click Save.
2. In the task list in the right pane, double-click a task, or select the task
and click Attributes.
The Attributes dialog box is displayed. On the Common Parameters
tab and Extended Parameters tab, you can view the task information.
NOTE
– To browse information about a manual dump task, right-click the task and
choose Run from the shortcut menu.
– If Status of a task is Idle, Suspended, or Running, you can modify the task
information in the Attributes dialog box.

U2000
Viewing Operation
Scheduled
Tasks
Viewing In the navigation tree of the Task Management window, choose the task
Task whose progress you want to view. In the Progress column of the task list in
Progress the right pane of the window, view the task progress.
In the Task Management window, choose Task Type in the navigation

Viewing tree.
Task
l View the execution results in the Execution Result column in the task
Execution
list in the right pane.
Results
l You can view the detailed results in the Result area.
----End
16.6 Downloading Task Execution Tasks

You can download the execution file of NodeB license allocation tasks to a local PC and then
check the specific resource allocation information.
Prerequisites
l NodeB license allocation tasks are available in the system.
Procedure
Management (application style). The Task Management window is displayed.
Step 2 In the navigation tree, choose Task Type > Other > Base Station License Scheduled
Distribution.
Step 3 In the task list on the right, right-click a task, and then choose Download Task File from the
shortcut menu to download the license resource allocation file set in the task to a local PC.
----End
16.7 Downloading Result Files

This section describes how to download the results of timing tasks. You can save the results of
timing tasks on the server to the local client in .txt format.
Prerequisites
l The timing task that is used for downloading the result files exists and it is run for at
least once.

U2000
Context
The allowable operations vary depending on the task type, as shown in Table 16-7.
Table 16-7 Allowable operations for different task types

Task Type Allowable Operation
Script Timer Task The task result is saved on the server in logs. The Result Info
area displays only the information about the last task execution.
The result logs are not displayed.
You can download all the result files to the local client. Result
files of multiple tasks can be downloaded concurrently.
MML Script task You can download the latest result file to the local client. Result
files of multiple tasks can be downloaded concurrently.
NOTE
In a remote HA system, task result files cannot be downloaded if the
active and standby servers are switched over.
Alarm Check task You can download the result file of the selected task. Result files
of multiple tasks can not be downloaded concurrently.
Dual Home You can view the latest consistency check result on line.
Management task
Timing task, and NE If a task is performed at least once, you can save the messages in
Backup task the Result Info area to a local path.
RAN Report Export You can download the latest result file to the local client. Result
files of multiple tasks can not be downloaded concurrently.
NOTE
Link Report Export You can download the latest result file to the local client. Result
files of multiple tasks can not be downloaded concurrently.
NOTE
Procedure
Management (application style). The Task Management window is displayed.
Step 2 In the navigation tree, select the type of the task that is used to download the result files.
Select the specific tasks in the right pane.
Step 3 Perform the following operations according to the task type.

U2000
Task Type Procedure
Script Timer To download the result logs of a download task, perform the following
Task steps:
1. Select the task whose result logs you plan to download.
2. Click Save Log. In the displayed Please select a directory dialog
box, set the save path
3. Click OK.
NOTE
The system generates a folder for the log file generated each time and saves
the folder to the specified path. The result log file is named in the format
YYYY-MM-DD_HH-MM-SS, for example, 2008-04-18_10-27-53.
MML Script To download the result files of a single task, do as follows:

task 1. Select the MML script task whose result files you plan to download.
2. Right-click a task and choose Save MML Result on the shortcut
menu. Alternatively, you can right-click the Result Info field and
choose Save AS on the shortcut menu.
3. Set the save path in the displayed Save dialog box, and then click
Save.
To download the result files of multiple tasks, do as follows:
1. Press Ctrl or Shift to select multiple MML script tasks in the task
list.
2. Right-click the tasks and choose Save MML Result on the shortcut
menu.
Save. Save the execution results of multiple MML script tasks to the
same file.
Alarm Check 1. Select the task whose result files you plan to download.
task 2. Right-click a task and choose Alarm Check Report on the shortcut
menu.
3. In the displayed Alarm Check Report dialog box, select the check
report based on Report Name and then click Save.
NOTE
You can click Open to view the contents of the check report and decide
whether the report needs to be downloaded.
4. Set the save path in the displayed Please select a directory dialog
box.
5. Click OK.
Dual Home Right-click a task and choose Checked Result from the shortcut menu.
Management NOTE
task If data inconsistency exists, you need to generate a script to adjust the data
difference and synchronize the data.

U2000
Task Type Procedure
Timing task, and To download the result information about a download task, perform the
NE Backup task following steps:
1. Select a task whose result information needs to be downloaded.
2. Right-click in the Result Info area can choose Save As from the
shortcut menu.
Save.
RAN Report 1. Select the task whose result files you plan to download.
Export 2. Right-click a task and choose Download File on the shortcut menu.
Link Report 1. Select the task whose result files you plan to download.
Export 2. Right-click a task and choose Download File on the shortcut menu.
----End
16.8 Reference of the Integrated Task Management GUI

This part describes the integrated task management interfaces and related information such as
the parameters used in the integrated task management. This helps you understand the
functions of integrated task management easily.
16.8.1 GUIs for Managing Scheduled Tasks

This section describes the Task Management window and relevant parameters. You can refer
to this part when performing related operations.
After you log in to the server, the Task Management window is displayed, as shown in
Figure 16-2. For the description of Figure 16-2, see Table 16-8.

U2000
Figure 16-2 Task Management window
Table 16-8 Description of the Task Management window

No. Name Description
1 Navigation tree You can locate the object of a scheduled

task through the navigation tree.
2 Task result information After a task is completed, the task result is

panel displayed on the task result information
panel. You can browse through the result
of the latest task on the panel. Only the
result of the currently selected task is
displayed on the panel. If multiple tasks
are selected in the task list, the result of
only the firstly selected task is displayed.
3 Button panel The buttons used for performing central

task management are available on the
button panel.
4 Task list You can browse through the scheduled

tasks existing on the server and their
details. In the task list, different colors
indicate different task statuses. Gray:
complete; Orange: suspended; Blue:
active; White: idle. After you select a
task in the list, the color of the task
becomes darker than before.

U2000
16.8.2 Parameters for Setting Task Filter Criteria

This topic describes the parameters in the Filter dialog box. You can refer to this topic when
setting task filter criteria.
Parameters
Created Logged in Description:

By user The user who has logged in to the client.
Other users Description:

Users except the current user.
Catego User task Description:

ry The task created by a user.
System task Description:

The task created during system installation or upgrade.
Task Idle Description:

Status A task is ready to be scheduled by the system.
Running Description:
A task is being scheduled by the system.
Suspended Description:
A task is not ready to be scheduled.
Finished Description:
Indicates that a task has been executed by the system.
Executi Successful Description:

on Indicates that a task is successfully executed.
Result
Processing Description:
A task is being processed by the system.
Partially Description:
successful Execution of a task was partially successful.
Failed Description:
A task failed.

U2000
Missed Description:
execution A task was not scheduled because the server was running
time abnormally or the task was suspended before scheduling.
A task will miss scheduling in any of the following conditions:
l The ItmService is running abnormally.
l The task is manually suspended before the execution time.
l The CPU usage reaches or crosses the threshold configured
for the type of the task.
l The memory usage reaches or crosses the threshold
configured for the type of the task.
NOTE
If a task misses scheduling because the CPU or memory usage reaches or
crosses the upper threshold specified for the related task type, execution
of the task is delayed or canceled. The delayed task is executed at the
next scheduling time without checking whether the CPU or memory
usage has reached or crossed the upper threshold.
Unknown Description:
The task execution result is lost due to a service exception or
power failure. After recovery, the task execution result cannot be
restored.
Not executed Description:

A task is not executed.
16.8.3 Parameters for Creating a Scheduled Task

This topic describes the parameters in the New Task or Copy Task dialog box. You can refer
to this topic when creating or copying user scheduled tasks.
Parameters
Table 16-9 Common parameters for one-time tasks

Task Name Description: Value:

Name of a scheduled task. The task name:
l Consists of a maximum of
64 characters.
l Must be unique and must
not be empty.
l Is case sensitive.
Task Type Description: -


U2000
Execution Description: Value:

Type l One-time: If you select this option, the l One-time
system runs the created task once at
l Periodic
the specified point of time.
NOTE
l Periodic: If you select this option, the The execution type cannot be
system runs the created task reconfigured after the task is
periodically at the specified intervals. created.

Time when a task is started. The start time should be
ahead of the time displayed
on the server.
NOTE
Start time is dimmed when you
select Run now.
Expiration Description: Value:

time After you select Delete automatically, Expiration time must be
the task will be automatically deleted two later than Start time.
days after the time set in Expiration
time.
Table 16-10 Common parameters for periodic tasks

Task Name Description: Value:

Name of a scheduled task. The task name:
l Consists of a maximum of
64 characters.
l Must be unique and must
not be empty.
Task Type Description: -


Type l One-time: If you select this option, the l One-time
system runs the created task once at
l Periodic
the specified point of time.
NOTE
l Periodic: If you select this option, the The execution type cannot be
system runs the created task reconfigured after the task is
periodically. created.

U2000

Time when a task is started. The start time should be
NOTE ahead of the time displayed
If the execution interval is one month and on the server.
Start time is set to a specific time on the 31st
day of a month, the task is executed at the
specified time. If the month does not have the
31st day, the task is executed at the specified
time on the last day of the month.

interval Intervals between periodic tasks. The l The period can be
settings of this parameter include the configured based on any
intervals between execution periods and of the following units:
the unit minute, hour, day, week,
and month. Second is not
supported. The period
unit varies depending on
the task type.
l The value ranges of the
intervals between
execution periods are as
follows:
– Minutes: 1-527040
(527040 = 366 x 24 x
60)
– Hours: 1-8784 (8784
= 366 x 24)
– Days: 1-366
– Weeks: 1-52
– Months: 1-12
Times Description: Value:

Number of times a periodic task is 0-65535.
executed. NOTE
The repeat times cannot be
reconfigured after the task is
created.
End time Description: Value:

End time of a periodic task. Ahead of Start time, and
behind 01/18/2038 11:14:07.
NOTE
The end time cannot be
reconfigured after the task is
created.

U2000
Delete Description: -
automatically The periodic task will be automatically
deleted two days after executed.
16.8.4 Parameters for Scheduled Task Attributes

This topic describes the common parameters in the Attributes dialog box. When you modify
a user scheduled task or a system scheduled task, you need to set these parameters.
Parameters
Table 16-11 Common parameters for one-time tasks


Name of a scheduled task. l Consists of a maximum of 64
characters.
l Must be unique and must not be
empty.
type Indicates whether the task is a

Time when a task is started. The start time should be ahead of the
time displayed on the server.

Expiration Description: Value:

time After you select Delete Expiration time must be later than
automatically, the task will be Start time.
automatically deleted two days
after the time set in Expiration
time.

U2000
Table 16-12 Common Parameters for Periodic Tasks


Name of a scheduled task. l Consists of a maximum of 64
characters.
l Must be unique and must not be
empty.
type Indicates whether the task is a

NOTE time displayed on the server.
If the execution interval is one month
and Start time is set to a specific
time on the 31st day of a month, the
task is executed at the specified time.
If the month does not have the 31st
day, the task is executed at the
specified time on the last day of the
month.

Interval Description: Value:

Intervals between periodic tasks. l The period can be configured
The settings of this parameter based on any of the following
include the intervals between units: minute, hour, day, week,
execution periods and the unit. and month. Second is not
supported. The period unit varies
depending on the task type.
l The value ranges of the intervals
between execution periods are as
follows:
– Minutes: 1-527040 (527040 =
366 x 24 x 60)
– Hours: 1-8784 (8784 = 366 x
24)
– Days: 1-366
– Weeks: 1-52
– Months: 1-12

U2000
Times Description: Value:

Number of times a periodic task 0-65535.
is executed. NOTE
NOTE 0 indicates that the number of times for
This parameter is displayed in the executing periodic tasks is not restricted.
Common Parameters tab of the
Attributes dialog box only after you
have configured it when creating and
copying a periodic task.
Delete Description: -
automatically The periodic task will be
automatically deleted two days
after executed.
16.8.5 Parameters for Automatically Suspending and Resuming a

Scheduled Task
This topic describes the parameters in the Suspend/Resume Schedule dialog box. You can
refer to this topic when setting the time for automatically suspending and resuming a
scheduled task.
Parameters
Suspension time Description: Setting method:

The system suspends the idle You can enter the time directly.
scheduled task at the specified Alternatively, you can click
time to delay scheduling of the and select the time from the time
task. If the scheduled task is not selection panel.
in the Idle state at the specified
time, the suspension fails. The time format is MM/dd/yyyy
HH:mm:ss.
l MM indicates month.
l dd indicates day.
l yyyy indicates year.
l HH indicates hour.
l mm indicates minute.
l ss sindicates second.

U2000
Resuming time Description: Setting method:

The system resumes a For details on how to set the
Suspended task at the specified resuming time, see the
time. After resumption, the task description of the Suspension
is in the Idle state and ready to time parameter.
be scheduled. If a scheduled task
is not in the Suspended state at
the specified time, the
resumption fails.
16.8.6 Parameters for Creating/Modifying/Copying a Task for

Testing BTS Cabinet-Top Power
This section describes the parameters of a task for testing BTS cabinet-top power. You can
refer to this section when creating or modifying such a task.
Parameter Value Range Description
Execution 3-120 minutes Maximum execution duration of a task

Duration
(minutes)
NE None Existing NE that supports cabinet-top power

test.
16.8.7 Parameters for Creating/Modifying/Copying an RSSI Test

Task
This section describes the parameters of an RSSI test task. You can refer to this section when
creating or modifying an RSSI test task.
Execution 3-120 minutes Maximum execution duration of a task

Duration
NE None Existing NE that supports RSSI test.

U2000
Frequency 0-2047 Frequency to be tested in an RSSI task.

The default value is
null, which indicates
that all frequencies are
tested.
16.8.8 Parameters for Modifying the Export of NE Upgrade Log

This section describes the parameters for exporting NE logs and can be taken as reference
during the parameter modification.
Table 16-13 lists the extended parameters.
Table 16-13 Description of extended parameters

Please Select NE None. Refers to all the NEs on the

entire network.
Start Time The start time must meet the All NE upgrade logs within the
requirement of time format. time range specified by the start
time and end time are to be
queried.
End Time The end time must meet the All NE upgrade logs within the
requirement of time format. time range specified by the start
time and end time are to be
queried.
File Format The default file format must be Operation logs are exported
retained. to .xml files.
File Path The default file path must be Refers to the path for saving NE
retained. logs.
The default path is /opt/oss/
server/var/field/
UpgradeHistorystory.

U2000
ATAE Cluster System Administrator Guide (SUSE) 17 Collecting Basic Data of NEs
17 Collecting Basic Data of NEs
About This Chapter
You can use the NE data collection function provided by the U2000 to collect configuration
data and basic information of NEs and save the collected data to a specified directory. The
Nastar, PRS, and TranSight can then navigate to the directory and obtain NE data for network
analysis and optimization analysis.
17.1 Collecting Configuration Data of NEs

The U2000 allows you to export the configuration data of NEs for the Nastar, PRS, and
TranSight to query and check NE configuration data.
17.2 Collecting Basic Information of NEs
The U2000 allows you to export the basic information of NEs to provide data source for
performance analysis of the Nastar, PRS, and TranSight.
17.3 Viewing Exported Tasks
The U2000 allows users to view status of NE configuration data and NE basic information
export tasks.
17.4 GUIs and Parameters for NE Data Collection
This section describes the GUIs and parameters for NE data collection settings.

U2000
17.1 Collecting Configuration Data of NEs

The U2000 allows you to export the configuration data of NEs for the Nastar, PRS, and
TranSight to query and check NE configuration data.
Procedure
Step 1 Choose Maintenance > NE Data Collection Settings (traditional style); alternatively,
double-click Trace and Maintenance in Application Center and choose Maintenance > NE
Data Collection Settings (application style) .
Step 2 In the navigation tree of the NE Data Collection Settings dialog box, choose Periodic
Export or Immediate Export under Configuration Data.
If you choose... Then...
Periodic Export 1. In the right pane, set periodic export parameters. For details, see
17.4.1 Parameters for Modifying NE Configuration Data
Collection Settings.
2. Click Save.
3. In the Confirm dialog box, click Yes.
Immediate 1. In the right pane, select the desired NEs and click Immediate Export.
Export 2. In the Confirm dialog box, click Yes.
----End
17.2 Collecting Basic Information of NEs

The U2000 allows you to export the basic information of NEs to provide data source for
performance analysis of the Nastar, PRS, and TranSight.
Procedure
Step 2 In the navigation tree of the NE Data Collection Settings dialog box, choose Basic
Information.
Step 3 In the right pane, click Export Now.
----End

U2000
17.3 Viewing Exported Tasks

The U2000 allows users to view status of NE configuration data and NE basic information
export tasks.
Procedure
Step 2 In the NE Data Collection Settings dialog box, click the Browse Export Task node in the
left navigation tree to view status of the export tasks.
----End
17.4 GUIs and Parameters for NE Data Collection

This section describes the GUIs and parameters for NE data collection settings.
17.4.1 Parameters for Modifying NE Configuration Data

Collection Settings
This section describes parameters for Periodically Export Settings and Immediately Export
Settings of NE configuration data. You can refer to this part when modifying parameters.
Table 17-1 and Table 17-2 describe the extended parameters for NE Configuration Data
Export.
Table 17-1 Extended parameters for the Periodically Export Settings task
Periodically This parameter is When this option is selected, NE configuration data

Export NE not selected by is exported periodically at a specified interval.
Configuration default.
Data
Start time This parameter This parameter specifies the start time of an
can be set based exported configuration data file.
on site
requirements.
Export period Default value, This parameter specifies the time interval at which
which cannot be configuration data files are exported periodically.
changed.
Default value: one
day.

U2000
Export path Default value, This parameter specifies the path for saving the
which cannot be exported configuration data files on the U2000
changed. server.
Export by You need to select l All NEs

NEs from the NE The U2000 will export the configuration data of
navigation tree all NEs.
based on site l NE Type
requirements. After you select the type of NEs whose
configuration data needs to be exported, the
U2000 will export the configuration data of all
the NEs of this type.
l NE
After you select the NEs whose configuration
data needs to be exported, the U2000 will export
the configuration data of the selected NEs.
Table 17-2 Extended parameters for the Immediately Export Settings task
Export path Default value, This parameter specifies the path for saving the
which cannot be exported configuration data files on the U2000
changed. server
Export by You need to select l NE Type

NEs from the NE After you select the type of NEs whose
navigation tree configuration data needs to be exported, the
based on site U2000 will export the configuration data of all
requirements. the NEs of this type.
l NE
After you select the NEs whose configuration
data needs to be exported, the U2000 will export
the configuration data of the selected NEs.
17.4.2 Parameters for Modifying NE Basic Information Collection

Settings
This section describes the parameters involved in the NE basic information export task.
Parameter description
The U2000 provides the function of exporting NE basic information. Thus, it can provide data
to the Nastar, PRS, and TranSight for performance analysis.

U2000
Export period Basic information of NEs will be exported according

to this period.
Export path Files containing NE basic information will be

exported to opt/oss/server/var/fileint/network/ on
the U2000 server.

U2000
ATAE Cluster System Administrator Guide (SUSE) 18 Migrating NEs Managed by the U2000
18 Migrating NEs Managed by the U2000
About This Chapter
When the U2000 is deployed in an SLS ,virtual or ATAE cluster system, NEs are allocated to
different U2000 servers for management. NEs can be migrated from one server to another
when a server manages too many NEs or a server is added to the SLS or ATAE cluster system.
NE migration helps balance load between servers.
18.1 NE Migration Overview

The management capability of the server determines whether NEs need to be migrated. If the
number of NEs managed on a server exceeds its management capability, migrate some NEs to
another server. NE migration helps balance load between servers.
18.2 Migrating NEs Managed by the U2000
The U2000 system enables you to use NE migration tasks to migrate NE data between
servers. NE migration tasks are one-time tasks. The U2000 cannot manage an NE when the
NE migration task is being performed and can manage the NE after the NE migration task is
complete.
18.3 Querying Historical Performance Data on the Source Server After NE Migration
This section describes how to query historical performance data on the source server after NE
migration.
18.4 Parameters for Setting an NE Migration Task
This section describes how to set parameters for an NE migration task. You can refer to this
section when creating or modifying an NE migration task.

U2000
18.1 NE Migration Overview

The management capability of the server determines whether NEs need to be migrated. If the
number of NEs managed on a server exceeds its management capability, migrate some NEs to
another server. NE migration helps balance load between servers.
Migration Scenarios
l In the U2000 SLS system, NEs can be migrated:
– From the master server to slave server
– From slave server to the master server
– From slave server A to slave server B
l In an ATAE cluster system, the master server does not connect to any NE, and therefore
NEs can only be relocated between slave servers.
NOTICE
Migrate NEs when the impact of migration on the network is small because a large amount of
data is migrated during NE migration.
NE Migration Impact
l NE status has no impact on NE migration. Therefore, an NE disconnected from the
U2000 can also be migrated.
l The performance measurement status is abnormal during the NE migration and becomes
normal after the NE migration. You do not need to pay attention to the performance
measurement status.
l Historical performance data is not migrated during NE migration. You can query
historical performance data on the source server after NE migration.
l If information about the NE to be migrated is configured on the NMS, reconfigure the
NMS after the NE migration.
l Data for the NEs that failed to be migrated is still saved on the source server, and you
can still manage the NEs on the U2000.
18.2 Migrating NEs Managed by the U2000

The U2000 system enables you to use NE migration tasks to migrate NE data between
servers. NE migration tasks are one-time tasks. The U2000 cannot manage an NE when the
NE migration task is being performed and can manage the NE after the NE migration task is
complete.
Prerequisites
l You have logged in to the OSMU through a web browser. For details, see Logging In to
the OSMU by Using a Web Browser.

U2000
l You have logged in to the U2000 client as a user granted with permissions to migrate
NEs.
– For details about how to grant users with permissions to migrate NEs, see .
– When setting operation sets for a user, grant the user with the Transfer NE
Management operation rights.
– When setting object sets for a user, grant the user with the management rights of the
NE to be migrated.
l The U2000 service is running properly.
l If a switchover (for example, from the master or a slave server to the standby server)
occurs, NE migration is not allowed.
l The routes between the master server and the NEs to be migrated are reachable.
l The routes between the slave server and the NEs to be migrated are reachable.
l When multiple network planes are used, migrate an NE to another board on the same
network plane. If the NE is migrated to a board on another network plane, the NE may
be disconnected.
Context
NOTICE
l The U2000 automatically divides NEs to be migrated into groups, each of which contains
a maximum of 100 NEs. In a virtual system, migrating a group of NEs takes about 15
minutes. In non-virtual systems, migrating a group of NEs takes about 6 minutes. If the
destination slave node is newly added or measurement information about the NEs to be
migrated has significantly changed, NE migration takes a longer period of time.
l The source subarea for an NE indicates the source server that manages the NE before
migration, and the destination subarea for the NE indicates the destination server that will
manage the NE after migration.
l Do not perform any operation on the NE being migrated.
l The ALM-301 NE Is Disconnected alarm may be reported during NE migration. It will be
automatically cleared after a certain seconds, and therefore you can ignore it.
l During NE migration, threshold alarms may not be properly reported. If this occurs, check
whether threshold alarms are reported properly after two to three periods. If they are still
not reported, contact Huawei technical support.
l When you migrate the CGPOMU deployed on the Advanced Telecom Computing
Architecture (ATCA) platform, its sub-NEs are migrated to the destination server at the
same time. The sub-NEs of the CGPOMU cannot be migrated separately. If no med
partition has sufficient space to save data about the CGPOMU and its sub-NEs, the
CGPOMU cannot be migrated.
Procedure

U2000
The board whose System is U2000 must be in the Normal state.
NOTICE
If the board whose System is U2000 is in the Switched Over state, manually switch
services and then perform subsequent operations. Otherwise, you cannot perform NE
migration. For detailed operations, see Switching Resources Between U2000 Nodes
Manually (Oracle) or Switching Resources Between U2000 Nodes Manually (Sybase).
Management (application style) .
Step 3 In the Task Management window, click New.
NOTE
Only one NE migration task can be created in the U2000 system. If there is an NE migration task in the
U2000 system, no new NE migration task can be created.
Step 4 Set the basic information about the task, and click Next.
l Enter the name of the scheduled task in the Task Name field.
l Select Transfer NE Management from Task Type.
l Select One-time in the Execution Type area.
Step 5 Click , and select the start time for performing the task in the displayed dialog box.
NOTE
Select Run now to perform the task immediately after the task is created.
Step 6 Click Next, select NEs to be migrated and servers that manage these NEs before and after
migration.
l In Source NE subarea, select the logical IP address of the server that manages the NE
before migration.
l In Destination NE subarea, select the logical IP address of the server that will manage
the NE after migration.
l Select the NEs to be migrated from the navigation tree.
Step 7 Click Finish.
l If the task execution result is Successful, perform Step 8.
l If the task execution result is Partially successful or Failed, contact Huawei technical
support engineers.

U2000
NOTE
l The new task is displayed in the task list. Perform the NE migration task immediately or at the
specified time.
l When the NE migration task is being performed, migration status of each NE is displayed in Result
Information.
l The following are possible causes of migration failures:
– The installed NE mediation is incorrect.
– The U2000 system services are not running properly.
– The database system is not running properly.
Step 8 Check whether NEs are migrated successfully.
NOTICE
The selected NE must be in the connection state. If the NE is disconnected, connect it and
then perform the following steps.
Perform the following operations on the U2000 client:

l Check whether NE configuration data is manually synchronized successfully.
l Set the performance measurement of NEs, subscribe to measurement data, and check
whether the performance data can be saved into the database.
NOTE
After the migration is complete, the U2000 automatically synchronizes the performance
measurement status of the migrated NEs.
If the preceding operations are successful, NEs are migrated successfully. Otherwise, contact
----End
18.3 Querying Historical Performance Data on the Source

Server After NE Migration
This section describes how to query historical performance data on the source server after NE
migration.
Procedure
Step 1 Choose Performance > Query Result (traditional style); alternatively, double-click
Performance in Application Center and choose Result > Query Result (application style),
and click New Query.
Step 2 Set Organization Style to Object type or Function subset.
Step 3 In the navigation tree in the left pane of the New Query dialog box, select the NE type node
of the NEs to be migrated.
NEs that you can select are displayed in the navigation tree in the Available Objects area of
the Object tab page.

U2000
Step 4 On Object tab page, set search criteria.

In the Available Objects area, select NEs to be migrated and click . The selected
NEs are added to the Selected Objects area.
Step 5 On the Counter and Time tab pages, set other search criteria.
Step 6 Click Query.
----End
18.4 Parameters for Setting an NE Migration Task

This section describes how to set parameters for an NE migration task. You can refer to this
section when creating or modifying an NE migration task.
Parameters
Task Name Description:

Name of a scheduled task.
l Consists of a maximum of 64 characters.
l Must be unique and must not be empty.
Task Type Description:

Execution Type Description:

One-time: If you select this option, the system runs the created
task once at the specified point of time.
NOTE
The execution type cannot be reconfigured after the task is created.
Start time Description:

time displayed on the server.
NOTE
Start time is dimmed when you select Run now.
Expiration time Description:

After you select Delete automatically, the task will be
automatically deleted two days after the time set in Expiration
time.Expiration time must be later than Start time.
Source NE Subarea Description:

Logical IP address of the server that manages the NEs before
migration.On the U2000 client, you can query different NE
partitions.For details about related operations, seeQuerying NE
Partitions.

U2000
Target NE Subarea Description:

Logical IP address of the server that will manage the NEs after
migration.On the U2000 client, you can query different NE
partitions.For details about related operations, seeQuerying NE
Partitions.
NE Description:
If you select this option, the system performs the created task once
at the specified time point.
Description:
Select NEs to be migrated.
NOTE
Use the filter or search function to quickly locate NEs to be migrated.

U2000
ATAE Cluster System Administrator Guide (SUSE) 19 Managing U2000 Logs
19 Managing U2000 Logs
About This Chapter
Logs record the operations on the U2000 and important system events. In the log
management, you can query and collect statistics on the log information.
Context
NOTE
This section describes operating system logs and how to set U2000 log forwarding. For details about
other types of logs and the log management functions on the client, see U2000 Log Management User
Guide.
19.1 Log Management Functions

Log management enables the U2000 to record system logs, security logs, and operation logs
that are generated when it is running. You can query the logs to learn about the U2000
running status, system security status, and specific user operations. In addition, you can save
logs to a file or print them for queries.
19.2 Log Types
The U2000 provides various types of logs, including NE operation logs and security logs,
OSS operation logs, system logs, NE logs, and security logs, and operating system logs. The
contents in these types of logs are different.
19.3 Log Forwarding
In routine operation and maintenance, a large number of logs are generated. To ensure that the
U2000 server has sufficient space for storing new logs, historical logs are deleted as new logs
are increasing. If historical logs are not dumped to other servers in a timely manner, these logs
are discarded and cannot be restored. Operation records and system running records in these
logs cannot be found any more. With the log forwarding service, the U2000 can send OSS
logs and NE logs as Syslog packets to a third-party Syslog server for unified management.
The third-party Syslog server software can be one of the following: Syslog Watcher, Kiwi
Syslog Daemon, 3CDaemon, WinSyslog.

U2000
19.1 Log Management Functions

Log management enables the U2000 to record system logs, security logs, and operation logs
that are generated when it is running. You can query the logs to learn about the U2000
running status, system security status, and specific user operations. In addition, you can save
logs to a file or print them for queries.
U2000 log management includes the functions such as querying logs, managing log
templates, saving logs, and printing logs.
19.2 Log Types

The U2000 provides various types of logs, including NE operation logs and security logs,
OSS operation logs, system logs, NE logs, and security logs, and operating system logs. The
contents in these types of logs are different.
NOTE
This section describes operating system logs. For details about other types of logs, see Log Types in
U2000 Log Management User Guide.
19.2.1 SUSE Linux Operating System Logs

This section describes the information about the logs of the SUSE Linux operating system
(SUSE logs for short), including log content, log path, and log format. By viewing SUSE
logs, maintenance personnel can learn about the running status of the SUSE Linux operating
system in time. Querying SUSE logs requires few system resources and does not affect
system performance.
Log Content
SUSE logs records boot messages during the startup of the SUSE Linux operating system,
and other status messages during system running.
Log Path
SUSE logs are recorded in the messages file in /var/log.
Log Format
SUSE logs are recorded in the following format:
Date and time of events Host name Event description
Log Check
Generally, the messages file does not contain error information such as error, Error, failed
and Failed. If the file has any error information, contact technical support personnel for
assistance.

U2000
19.2.2 System Tool Logs

This section describes the contents, paths, and formats of the system tool logs. With the
system tool logs, security administrators can audit users' operations on a scheduled basis. This
helps to identify unauthorized user operations.
Log Content
The system tool logs consist of the U2000 application system log, OSS Self-Maintenance
Unit system log (OSMU), operating system (OS) background tool log, and FTP log.
Log Path
l The U2000 application system log and OS background tool log are saved in the
localmessages file in the /var/log path.
l The FTP log is saved in the vsftpd.log file in the /var/log path.
l The OSMU system log is saved in the Operation.log file in the /export/home/
omc_control path.
localmessages Log Format

The localmessages log format is as follows:
Date and time Host name User name: Command name;Result;Details
vsftpd.log Log Format

The vsftpd.log log format is as follows:
Date and time [Thread ID] [Login user] Operation object: Login IP, Operation
result
Operation.log Log Format

The Operation.log log format is as follows:
Date and time [Login user, Login IP] Details
Log Dump
The system automatically dumps a log file that exceeds 20 MB, and a maximum of 10 log
files can be dumped at a time.
l The log dump path is the same as its save path.
l A dumped log file is named in the following format: source log file name-
YYYYMMDD.number.
For example, localmessages-20120423.0.
19.3 Log Forwarding

In routine operation and maintenance, a large number of logs are generated. To ensure that the
U2000 server has sufficient space for storing new logs, historical logs are deleted as new logs
are increasing. If historical logs are not dumped to other servers in a timely manner, these logs

U2000
are discarded and cannot be restored. Operation records and system running records in these
logs cannot be found any more. With the log forwarding service, the U2000 can send OSS
logs and NE logs as Syslog packets to a third-party Syslog server for unified management.
The third-party Syslog server software can be one of the following: Syslog Watcher, Kiwi
Syslog Daemon, 3CDaemon, WinSyslog.
19.3.1 Getting to Know Log Forwarding

Before enabling the U2000 to forward logs, learn the working principles, which facilitate
operations and prevent errors.
The U2000 log forwarding service reads logs from the U2000 Syslog database every 5
seconds, converts the logs into Syslog packets, and sends them to the third-party Syslog
server. In this process, the BSD Syslog protocol defined under RFC3164 UDP, RFC3195
TCP, and RFC5424 TLS is used.
Figure 19-1 illustrates the position of the log forwarding service in the entire log forwarding
system.
Figure 19-1 Position of the log forwarding service in the entire log forwarding system
Fault Service Syslog Server
Topo Service
DB Syslog Forwarding agent Syslog Server
Security Service
... ...
Figure 19-2 illustrates the log forwarding process.

U2000
Figure 19-2 Log forwarding process

U2000
NOTE
l The logs in the U2000 Syslog database (omcDB) are written by each service module (such as the
fault, topology, and security modules). Log data in the OSS database is not deleted after logs are
forwarded.
l Satisfy the following two conditions to implement the log forwarding function:
l Related logs have been written into the Syslog database. For details about the write function
configuration method, see Enabling Logging to U2000 Syslog Database in U2000
Administrator Guide.
l The U2000 and a third-party Syslog server haven been interconnected and can communicate
with each other. For details about the interconnection configuration method, see Setting the
Interconnection Between the U2000 and the Syslog Server.
19.3.2 Enabling Logging to U2000 Syslog Database

The function of writing the logs into the Syslog database can be enabled or disabled on the
U2000 server. By default, the function is disabled, that is, the logs are not written into the
Syslog database of the U2000. Before using the log forwarding function, you must enable the
function of writing the logs into the Syslog database.
Context
For HA and ATAE cluster system, perform the following operations on the active server.
Procedure
Step 2 Run the vi command to open the /opt/oss/server/etc/conf/IMAP_logsvc.xml file.
~> vi /opt/oss/server/etc/conf/IMAP_logsvc.xml
Step 3 Set syslogReportFlag of the log to 1. The function of writing the logs into the Syslog
database is enabled.
The following is an example of writing the system logs, operation logs, and security logs of
the U2000 into the Syslog database.
<syslog name="syslogReport">
<logType name="41">

<param name="syslogReportFlag">1</param>


<param name="syslogReportLevel">2</param>
</logType>
<logType name="42">

</logType>
<logType name="43">



U2000


<param name="syslogReportLevel">1</param>
</logType>
</syslog>
NOTE
Log level selection is not provided for operation logs (42) because operation logs at all levels are
reported.
Step 4 Run the vi command to save and exit from the file. Run the following commands to
import /opt/oss/server/etc/conf/IMAP_logsvc.xml to the database:
~> . svc_profile.sh
~> SettingTool -cmd import -file /opt/oss/server/etc/conf/IMAP_logsvc.xml
Step 5 Restart the LogService.

~> svc_adm -cmd restartsvc LogService
NOTE
l When log service is restarted, all the dependent services will also be restarted.
l You can check the list of dependent services of log service on the System Monitor Browser
window of U2000 client through double clicking LogService on the Service Monitor tab.
----End
19.3.3 Setting NE Log Forwarding

This section describes how to enable the NE log forwarding function on the U2000 server to
forward operation logs, security logs, and system logs of NEs.
Context
For HA and ATAE cluster system, perform the following operations on the active server.
Procedure
Step 2 Perform the following operations, enabling NE Operation Log Forwarding and NE Security
Log Forwarding.
1. Run the vi command to modify the /opt/oss/server/etc/SWMService/Fixture/NeLog/
ne_syslog_forward.xml file. Refer to the following example to set NEOperationLog
and NESecurityLog to 1.
<syslogReport>

<logType name="NEOperationLog">1</logType>
<logType name="NESecurityLog">1</logType>
</syslogReport>
2. Save the file and exit the vi.
3. Run the following command to restart SWMService service.
~> svc_adm -cmd restartsvc SWMService

U2000
Step 3 Run the following commands,enabling NE System Log Forwarding.

~> svc_adm -cmd enable -svcname SyslogCollectorDM
NOTE
The NE system log forwarding function relies on the SyslogCollectorDM service. Therefore, you must
enable the SyslogCollectorDM service before enabling NE system log forwarding.
----End
19.3.4 Setting Filter Criteria for Forwarding Logs

In the Solaris and SUSE Linux operating systems, string-based filtering supports regular
expressions. Administrators can set regular expressions to filter logs. Then, the U2000
forwards matched logs to the specified server so that the administrators can view U2000
information or NE information, for example, running status.
Procedure
Step 2 Run the following command to open the configuration file /opt/oss/server/etc/conf/
IMAP_syslogsvc.xml:
~> vi /opt/oss/server/etc/conf/IMAP_syslogsvc.xml
Step 3 Based on the format of logs to be forwarded, add or modify configuration items that specify
regular expressions under filterRegexList. By default, the configuration file provides the
following configuration item that specifies the regular expression for filtering and forwarding
NE security logs:
<filterRegexList name="filterRegexList">
<param name="r01">$s$(\[[0-9]+\])?:</param>
</filterRegexList>
NOTE
When adding a configuration item, specify a number and a regular expression for the configuration item.
The configuration item number must be unique in the file. For example, to filter and forward NE
operation logs, add <param name="r02">$l$(\[[0-9]+\])?:</param> under filterRegexList.
Step 4 Press Esc to switch to the command-line interface (CLI) mode. Run the :wq! command to
save and close the IMAP_syslogsvc.xml file.
Step 5 Run the following command to import the configuration file into the database:
~> SettingTool -cmd import -file /opt/oss/server/etc/conf/IMAP_syslogsvc.xml
~> svc_adm -cmd reload
Step 6 When setting the interconnection between the U2000 and the Syslog server on a client, set
String filter to a regular expression specified in the configuration file so that logs that match
the regular expression can be forwarded to the specified server. For details, see 19.3.5 Setting
the Interconnection Between the U2000 and the Syslog Server. If the value of String filter
on the client is different from the regular expression or the configuration file does not contain
the regular expression, logs are filtered based on the value of String filter, which is used as a
common string. That is, if logs contain the value of String filter, the U2000 forwards the
logs. Otherwise, the U2000 does not forward the logs.
For example, if the regular expression $s$(\[[0-9]+\])?: for filtering and forwarding NE
security logs is specified on the server, you can set String filter to $s$(\[[0-9]+\])?: on a

U2000
client so that the U2000 forwards NE security logs that contain (s): or (s)[n]: (n indicates a
non-negative integer) to the specified server.
----End
19.3.5 Setting the Interconnection Between the U2000 and the

Syslog Server
The U2000 can forward logs from the Syslog database to the third-party Syslog server only
when the U2000 communicates with the third-party Syslog server properly; therefore, you
need to set the information about the Syslog server on an U2000 client.
Context
The log forwarding server forwards only security logs, operation logs, and system logs.
Procedure
Step 1 Choose System > Log Management > Log Forwarding Servers (traditional style);
alternatively, double-click Security Management in Application Center and choose
Settings > Log Forwarding Servers (application style) from .
Step 2 You can perform the following operations in the Log Forwarding Servers window.

U2000
Operation Name Operation Method
Add Click Add. In the Create Log Forwarding Server dialog

box, set the server that receives logs.
NOTE
l To enable the log forwarding function, select Yes from the
Enable drop-down list.
l The IP address cannot be set to a loopback address.
l In the Solaris and SUSE Linux operating systems, string-
based filtering supports regular expressions. If the value of
String filter on a client is the same as a regular expression
specified in the configuration file on the server, logs are
filtered based on the regular expression. If the value of String
filter on the client is different from the regular expression or
the configuration file does not contain the regular expression,
logs are filtered based on the value of String filter, which is
used as a common string. That is, if logs contain the value of
String filter, the U2000 forwards the logs. Otherwise, the
U2000 does not forward the logs. For details, see Setting
Filter Criteria for Forwarding Logs in the U2000
administrator guide corresponding to the server type and
networking.
l String filter does not support wildcards.
l If the value of Protocol is TCP or TLS, the log forwarding
service tries to connect to the primary server first. If the log
forwarding service fails to connect to the primary server, it
tries to connect to the secondary server. When the primary
server recovers, it takes over the service back from the
secondary server. If the value of Protocol is UDP, log
forwarding service sends the Syslog records only to the
primary server.
If the value of Protocol is TLS, you need to deploy the SSL
certificate for the log forwarding service. For details about
how to deploy the SSL certificate for the log forwarding
service, see Deploying Log Forwarding Service Certificates
in the U2000 administrator guide corresponding to the server
type and networking.
l If the value of Protocol is UDP, the U2000 cannot determine
whether the IP addresses and ports on the remote Syslog
server are valid, because the UDP cannot ensure transmission
reliability. Therefore, State in the Log Forwarding Servers
dialog box indicates whether the U2000 log forwarding server
can successfully send logs in Syslog packet mode, but does
not indicate that these packets can be successfully received by
the Syslog server.
l The Transport Layer Security (TLS) protocol secures data
transfer through data encryption. If the value of Protocol is
TLS, the U2000 log forwarding server encrypts and sends
logs to the Syslog server.
l TLS is recommended because it is more secure than UDP and
TCP.
l A maximum of five servers can be configured for receiving
logs.

U2000
Operation Name Operation Method
Delete Select a server record and click Delete.
Modify Select a server record and click Modify. In the Modify

Log Forwarding Server dialog box, set the server
information included in logs.
Refresh After another user updates the information about the log
forwarding server, click Refresh to obtain the updated
information.
Cancel Exit the Log Forwarding Servers dialog box.
----End
19.3.6 Monitoring the Connection Between the U2000 and Syslog

Server
If the U2000 connects to the Syslog server abnormally, alarms are generated and sent to
U2000 clients. You need to clear the alarms in a timely manner to ensure normal
communication between the U2000 and the Syslog server.
Context
When TCP or Transport Layer Security (TLS) mode is configured for Syslog servers, there
are three situations:
1. If the U2000 successfully connects to the primary Syslog server, it forwards logs only to
this Syslog server.
2. If the U2000 fails to connect to the primary Syslog server, it attempts to connect to the
secondary Syslog server. If the connection is successful, the U2000 forwards logs only to
the secondary Syslog server.
3. If U2000 fails to connect to either of the primary and secondary Syslog servers, log
forwarding is unavailable for the Syslog servers.
The log forwarding service reports the following two alarms to the fault module when the
connection is abnormal:
l ALM-121 Alarm of the Switchover to the Standby Syslog Server: This alarm is
reported when the U2000 fails to connect to the primary Syslog server and attempts to
connect to the secondary Syslog server.
l ALM-122 Alarm of the Failure to Connect the Master and Standby Syslog Servers:
This alarm is reported when the U2000 fails to connect to either of the primary and
secondary Syslog servers.
To ensure proper communication between the U2000 and Syslog server, you must clear the
alarm in a timely manner.

U2000
Procedure
l Clear the ALM-121 Alarm of the Switchover to the Standby Syslog Server alarm by
following the procedure provided in ALM-121 Alarm of the Switchover to the
Standby Syslog Server in the online help.
l Clear the ALM-122 Alarm of the Failure to Connect the Master and Standby Syslog
Servers alarm by following the procedure provided in ALM-122 Alarm of the Failure
to Connect the Master and Standby Syslog Servers in the online help.
----End
19.3.7 Deploying and Updating Log Forwarding Service

Certificates
The U2000 server can transfer logs to a third-party Syslog server using the UDP, TCP, or TLS
protocol. TLS is recommended because it provides the highest security. Trust certificates of
the third-party Syslog server must be deployed on the U2000 server. If the trust certificates of
the third-party Syslog server are changed, you need to update trust certificates of the third-
party Syslog server on the U2000 server.
Scenario Introduction
If the trust certificates of the third-party Syslog server are changed, you need to update the
trust certificates deployed on the U2000 server. For detailed operations in a specific scenario,
see Table 19-1.
Table 19-1 Managing trust certificates of the Syslog server on the U2000 server
Scenario Operation
The third-party Syslog log 19.3.7.1 Deploying Log Forwarding Service Certificates
forwarding server is used NOTE
for the first time. When forwarding logs using the TLS protocol, the U2000 uses the
certificate of the U2000 server by default. The certificate is saved in
the /opt/oss/server/etc/ssl directory. To prevent the certificates from
affecting each other in different scenarios, you are advised to deploy
the certificate in the /opt/oss/server/etc/ssl/syslog directory.

U2000
Scenario Operation
The CA granting l If the CAs granting certificates to the U2000 server and to
certificates to the third- the third-party Syslog log forwarding server are the same,
party Syslog log or are two sub-CAs in the same CA, perform the following
forwarding server it not operations:
changed, and the trust 19.3.7.2 Updating Log Forwarding Service Certificates
certificates are updated. l If the CAs granting certificates to the U2000 server and to
the third-party Syslog log forwarding server are different,
and are not two sub-CAs in the same CA, perform the
1. Delete old trust certificates of the third-party Syslog
log forwarding server by following the instructions
provided in 19.3.7.4 Deleting Trust Certificates of the
Third-party Syslog Server from the U2000 Server.
2. Add new trust certificates of the third-party Syslog log
forwarding server by following the instructions
provided in 19.3.7.3 Adding Trust Certificates of the
Third-party Syslog Server to the U2000 Server.
The server trusts a new 19.3.7.3 Adding Trust Certificates of the Third-party
CA granting certificates to Syslog Server to the U2000 Server
the third-party Syslog log
forwarding server.
The third-party Syslog log Query the file name and issuer of the trust certificate of the
forwarding server is no third-party Syslog log forwarding server by following the
longer used. instructions provided in ssl_adm -cmd queryCA.
l If the file name and issuer of the trust certificate exist,
follow the instructions provided in 19.3.7.4 Deleting
Trust Certificates of the Third-party Syslog Server
from the U2000 Server.
l If the file name and issuer of the trust certificate do not
exist, no further action is required.
19.3.7.1 Deploying Log Forwarding Service Certificates

The U2000 server can forward logs to a third-party Syslog server in compliance with the
UDP, TCP, and TLS protocols. To ensure security, TLS is recommended. If the U2000 server
and the third-party Syslog server trust respective CAs, deploy related certificates on the
U2000 server to ensure proper operating of log forwarding services.
Prerequisites
The following certificates have been obtained:
server.p12 and its encrypted password
l Trust certificate of the third-party Syslog server
l Optional: Certificate revocation list (CRL) issued by CA trusted by the third-party
Syslog server

U2000
NOTE
The identify certificate of the U2000 server and the trust certificate of the third-party Syslog server must
be issued by the same CA or two sub-CAs in the same CA. When they are issued by two sub-CAs in the
same CA, the trust certificates of both the CA and the two sub-CAs must be prepared.
Context
l The authentication mode including unidirectional and bidirectional authentication for the
log forwarding services is configured on the third-party Syslog server. To ensure
security, bidirectional authentication is recommended.
l If the U2000 server and the third-party Syslog server trust the same CA, they can use the
certificate deployed on the U2000 server during the mutual authentication. Certificate
deployment is not required.
l If unidirectional authentication (only the U2000 server authenticates the third-party
Syslog server) is applied and the U2000 server and the third-party Syslog server trust
respective CAs, deploy the trust certificate of the third-party Syslog server and the CRL
issued by an authorized CA on the U2000 server.
l If bidirectional authentication is applied and the U2000 server and the third-party Syslog
server trust respective CAs, deploy the trust certificate of the third-party Syslog server
and the CRL issued by an authorized CA on the U2000 server. In addition, deploy the
trust certificate of the U2000 server and the CRL issued by an authorized CA on the
third-party Syslog server.
l This section describes how to deploy a trust certificate and the CRL for the third-party
Syslog server on the U2000 server. In ATAE cluster system, run this command on the
master server only.
Procedure
server/syslogcertificates is created.
~> mkdir syslogcertificates
Step 3 Use FileZilla to upload the trust certificate, identity certificate, and CRL to the U2000 server.
For details about how to use the FileZilla tool, see Transferring Files by Using FileZilla. You
must set the following information when uploading the certificates:
l File path on the server: /opt/oss/server/syslogcertificates
Step 5 Run the following command on the server to back up the certificates. If the certificates have
not been deployed, perform Step 6.
~> ssl_adm -cmd backup -app syslog -backpath var/backup/deployssl

U2000
NOTE
to/opt/oss/server.
l Assume that certificates are backed up to /opt/oss/server/var/backup/deployssl/ssl/syslog.
Step 6 Run the following command to deploy the log forwarding service certificates.
~> ssl_adm -cmd replace_certs -app syslog -dir /opt/oss/server/syslogcertificates
NOTE
l In this command, /opt/oss/server/syslogcertificates is the path to the SSL certificates.

deployed to /opt/oss/server/etc/ssl/syslog.
l After the log forwarding service certificates are deployed, the certificate directory structure is similar
to the directory structure described in Certificate Save Path and Naming Conventions.
l If the message SSL certificates are deployed successfully is
displayed, certificates are deployed successfully, go to Step 7.
~> ssl_adm -cmd restore -app syslog -backpath var/backup/deployssl
NOTE
If the failure persists, contact Huawei technical support engineers.
Step 7 Modify the configuration file /opt/oss/server/etc/conf/sf_config.xml to specify the path

where the certificate for log forwarding services is stored.
1. Run the following command to open the configuration file:
~> vi /opt/oss/server/etc/conf/sf_config.xml

U2000
2. Change the value of sslpath under the syslogAgent node to $(IMAP_ROOT)/etc/ssl/

syslog.
3. Press Esc to switch to the command-line interface (CLI) mode, and run :wq! to save the
sf_config.xml file and exit.
----End
19.3.7.2 Updating Log Forwarding Service Certificates

This section describes how to update the log forwarding service certificates when the
certificates deployed on the U2000 server will expire or the trust certificate on the third-party
Syslog server is updated. The certificate update function enables you to replace the original
identity certificate and trust certificate and incrementally update the certificate revocation list
(CRL).
Prerequisites
The following certificates have been obtained:
server.p12 and its encrypted password
l Trust certificate of the third-party Syslog server
l Optional: Certificate revocation list (CRL) issued by CA trusted by the third-party
Syslog server
NOTE
The identify certificate of the U2000 server and the trust certificate of the third-party Syslog server must
be issued by the same CA or two sub-CAs in the same CA. When they are issued by two sub-CAs in the
same CA, the trust certificates of both the CA and the two sub-CAs must be prepared.
Context
Procedure
server/syslogcertificates is created.
~> mkdir syslogcertificates
Step 3 Use FileZilla to upload the trust certificate, identity certificate, and CRL to the U2000 server.
For details about how to use the FileZilla tool, see Transferring Files by Using FileZilla. You
must set the following information when uploading the certificates:

U2000
l File path on the server: /opt/oss/server/syslogcertificates

Step 5 Run the following command on the server to back up the certificates.
~> ssl_adm -cmd backup -app syslog -backpath var/backup/deployssl
NOTE
to/opt/oss/server.
l Assume that certificates are backed up to /opt/oss/server/var/backup/deployssl/ssl/syslog.
Step 6 Run the following command to update the log forwarding service certificates.
~> ssl_adm -cmd update_certs -app syslog -dir /opt/oss/server/syslogcertificates
NOTE
l In this command, /opt/oss/server/syslogcertificates is the path to the SSL certificates.

l After the log forwarding service certificates are deployed, the certificate directory structure is similar
to the directory structure described in Certificate Save Path and Naming Conventions.
l If the message SSL certificates are deployed successfully is
displayed, certificates are deployed successfully, go to Step 7.
~> ssl_adm -cmd restore -app syslog -backpath var/backup/deployssl
NOTE
After the certificates are restored, perform Step 6 to deploy the certificate again.

U2000
If the failure persists, contact Huawei technical support engineers.
----End
19.3.7.3 Adding Trust Certificates of the Third-party Syslog Server to the U2000
Server
To allow the U2000 server to properly communicate with the third-party Syslog server using
SSL or TLS, deploy the trust certificates of the third-party Syslog server on the U2000 server.
If the U2000 server trusts a new CA granting certificates to the third-party Syslog server, or if
the trust certificate is updated, the CA granting certificates to the third-party Syslog server is
not changed but different from that granting certificates to the U2000 server, and the two CAs
are not sub-CAs in the same CA, add the new trust certificate of the third-party Syslog server
to the U2000 server.
Prerequisites
obtained.
Context
l When the U2000 server functions as an SSL client, the peer is authenticated by default.
provided in 19.3.7.4 Deleting Trust Certificates of the Third-party Syslog Server
from the U2000 Server, and then add it again.
l To update trust certificates of the third-party Syslog server, delete the trust certificate that
is no longer trusted by following the instructions provided in 19.3.7.4 Deleting Trust
Certificates of the Third-party Syslog Server from the U2000 Server, and add a trust
certificate again.
Procedure

U2000
NOTE
Step 5 Run the following commands to add trust certificates of the third-party Syslog server to the
U2000 server.
~> ssl_adm -cmd addCA -dir /opt/oss/server/certificates -app syslog
NOTE
certificates.
l For details about the certificate directory after certificates are added, see Certificate Save Path and
Naming Conventions.
Execution result:
NOTE

----End
19.3.7.4 Deleting Trust Certificates of the Third-party Syslog Server from the
U2000 Server
When the U2000 server communicates with the third-party Syslog server using SSL or TLS,
deploy the trust certificate of the third-party Syslog server on the U2000 server. If you no
longer use the third-party Syslog log forwarding server, delete the trust certificates of the
third-party Syslog server from the U2000 server.

U2000
Prerequisites
server. For details, see 19.3.7.3 Adding Trust Certificates of the Third-party Syslog Server
to the U2000 Server.
Context
Procedure
the third-party Syslog server.
~> ssl_adm -cmd queryCA -app syslog
Execution result:
name: issuer:
Step 4 Run the following commands to delete trust certificates of the third-party Syslog server from
the U2000 server. The trust certificate 600755ba.0 is used as an example.
~> ssl_adm -cmd deleteCA -name 600755ba.0 -app syslog
Execution result:
NOTE

directory.

U2000
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 20 Trace Server Component Management
20 Trace Server Component Management
About This Chapter
If the Trace Server and U2000 are deployed on different ATAE server boards but in the same
ATAE subrack, The Trace Server maintenance and measurement tool and OSS Management
Tool can be used to collect service logs, analyze reported abnormal data, query the
subscription content, and NE distribution to quickly maintain the Trace Server system when
the Trace Server system is running.
Context
l Trace Server maintenance and measurement tool is supported in Trace Server
V200R015C10SPC230 and later.
l Only one user can use the Trace Server maintenance and measurement tool at a time. If
the system displays the message This script is being used by another
user when you use this tool, another user is using the tool. Ensure that the tool is not
used by others before using it.
l The Trace Server maintenance and measurement tool must be running in the U2000
server.
20.1 Querying System Information
This section describes how to query the deployment mode, IP address, and software version
of the Trace Server using Trace Server maintenance and measurement tool.
20.2 Subscription and Collection
This section describes how to perform subscription and collection operations on the Trace
Server, such as querying and synchronizing subscription information between the Trace
Server and its upper-layer application.
20.3 Enabling the Trace Server to Process Data of an RNC with Extra-large Specifications
If data generated on an RNC exceeds the processing capability of a single Trace Server board
(the RNC is referred to as an RNC with extra-large specifications), configure the Trace Server
so that RNC data can be offloaded to other Trace Server board. If the Trace Server does not
need to collect or process the data of such RNCs, skip this section.
20.4 Configuring the Trace Server to Process Data of PS Domain NEs
The reporting mechanism for data of PS domain NEs is different from that for data of RAN
NEs. By default, the Trace Server cannot process data of PS domain NEs and RAN NEs at the

U2000
same time. If the Trace Server manages both PS domain NEs and RAN NEs, you need to
configure the Trace Server by following the operations provided in this section. Otherwise,
skip this section.
20.5 Managing Trace Server Load
If the Trace Server load is high, the system may become slow or have no response. If
resource-related alarms, such as high CPU, memory, or disk usage, are generated, you can
collect statistics on and analyze Trace Server load and migrate NEs in a timely manner to
ensure that the Trace Server runs properly.
20.6 Fault Locating and Handling
This section describes how to locate and handle common faults.
20.7 Configuring the LTE Cell Management Capability
This section describes how to use Trace Server maintenance and measurement tool to
configure the LTE cell management capability of the Trace Server.
20.8 Managing the NEs in Trace Server

U2000
20.1 Querying System Information

This section describes how to query the deployment mode, IP address, and software version
of the Trace Server using Trace Server maintenance and measurement tool.
Prerequisites
The U2000 Server services runs properly.
Procedure
Step 1 Use PuTTY to log in to the master server in SSH mode as user ossuser.
Step 2 Run the following commands to run the Trace Server maintenance and measurement tool:
~> cd /opt/oss/server/rancn/bin/tsfOMTools
~> sh tsfOMtools.sh
Step 3 Choose Information Collection > Trace Server Basic Information and query the system
information about the Trace Server.
Trace Server Deploy Type :
Co-deployed with the U2000 in the ATAE cluster system
Trace Server Version :

Product Name: iManagerU2000
Version: iManagerU2000V200R016ENGC00SPC***
Release Date: 06/25/15
Slave IP :
10.144.255.38
U2000 Master IP :
10.144.255.28
Table 20-1 lists description of parameters in the preceding command output.
Trace Server Deployment modes of the Trace Server:

Deploy Type l The Trace Server is independently deployed in the ATAE cluster
system.
l The Trace Server is a standby board and co-deployed with the
U2000 in the ATAE cluster system.
l The Trace Server is independently deployed in an HP server.
Trace Server The Trace Server version.

Version
Slave IP Slave IP: IP address of the Trace Server board.

U2000
U2000 Master IP The IP address of the U2000 corresponding to the Trace Server. If the
U2000 is not deployed on a single server, this parameter specifies the
IP address of the host U2000.
NOTE
The query results are saved in the /opt/oss/server/rancn/bin/tsfOMTools/collectResult/basicInfo/

basicInfo.txt file on master Trace Server. You can obtain and view this file as user ossuser.
----End
20.2 Subscription and Collection

This section describes how to perform subscription and collection operations on the Trace
Server, such as querying and synchronizing subscription information between the Trace
Server and its upper-layer application.
20.2.1 Querying Information About NE Distribution and LTE Cell

Subscription
This section describes how to query the information about NE distribution and cell
subscription, which helps you to analyze load imbalance problems due to unbalanced service
distribution on the Trace Server and adjust the load in a timely manner.
Prerequisites
Context
Trace Server maintenance and measurement tool saves seven latest querying result files only
and automatically deletes files generated earlier in time sequence.
Procedure
Step 2 Run the following commands to execute the Trace Server maintenance and measurement tool:
~> sh tsfOMtools.sh
Step 3 Choose Statistics and Migrate > Query Subscribe Information > By NE.
NOTE
This function can only be used to query information about NE distribution and cell subscription on a
specific server or all servers at a time.

U2000
When information similar to the following is displayed, a slave server is deployed in the
system. Enter the IP address of one board on which the information needs to be queried as
prompted. Alternatively, press Enter to query the information about all service boards.
All Trace Server IP :
10.144.48.42 10.144.48.45 10.144.48.46
Enter the IP address of a Trace Server. If the IP address is empty, the
information of all Trace Server boards are collected by default:
l When information similar to the following is displayed, the information about NE

distribution and LTE cell subscription is saved in the generated file result.csv. The file is
saved in the /opt/oss/server/rancn/bin/tsfOMTools/collectResult/
subscribeInfomation/Start time_Process ID of the tool directory on the master Trace
Server. You can obtain the file to query the information as user ossuser.
Subscribe information is stored in path /opt/oss/server/rancn/bin/tsfOMTools/
collectResult/subscribeInfomation/Start time_Process ID of the tool.
l When information similar to the following is displayed, the information about there is
not NE subscription information on the board of Trace Server.
No subscribe information.
Table 20-2 lists the description of parameters in the query result.
boardip IP address of the board.
NENAME Name of an NE.
NEFDN FDN of an NE.
appName Name of an upper-layer application.
service Name of a service whose information is

collected.
eventlist Subscription event list.
Step 4 Perform the following operations to query detailed NE distribution information on all boards
by data collection service using the Trace Server maintenance and measurement tool.
1. Run the following commands, to run the Trace Server maintenance and measurement
tool.
~> sh tsfOMtools.sh
2. Choose Statistics and Migrate > Query NE Information.
IP,TSPARTITION,NEFDN,NETYPE
10.144.48.41,TSCollector0301,NE=256,eNodeBNE
10.144.48.41,TSCollector0303,NULL,NULL
The preceding command output is used as an example. The parameters are describes as
follows:

U2000
– IP indicates the IP address of the server that manages NEs.

– TSPARTITION indicates names of data collection instances on the corresponding
server.
– NEFDN indicates the FDN number of an NE. If the value of this parameter is
NULL, the corresponding data collect service does not manage NEs.
– NETYPE indicates the type of an NE. If the value of this parameter is NULL, the
corresponding data collect service does not manage NEs.
NOTE
The NE partition information file RelationsOfNE2TSPartiationYYYYMMDDhhmmss.csv is

saved in the /opt/oss/server/var/TSService directory of the master server. You can go to this
directory to obtain the file as ossuser user.
YYYYMMDDhhmmss in the file name indicates the time when the file is generated. For
example, RelationsOfNE2TSPartiation20140920145333.csv indicates that the file is generated
at 14:53:33 on September 20th, 2014.
----End
20.2.2 Synchronizing NE Subscription Information

If the subscription information recorded on NEs is inconsistent with that issued by the Trace
Server, you can manually synchronize the NE subscription information to NEs.
Prerequisites
Context
l Trace Server maintenance and measurement tool supports synchronization of
subscription information to all NEs or specified NEs.
l Trace Server maintenance and measurement tool supports synchronization of
subscription information only to LTE NEs.
Procedure
Step 2 Choose the synchronization mode based on actual requirements:

l Synchronizing subscription information to all NEs
a. Run the following commands to execute the Trace Server maintenance and
measurement tool:
~> sh tsfOMtools.sh
b. Choose Statistics and Migrate > Synchronize NE subscription information to
NEs > Synchronize all LTE NE subscription information to NEs.
c. When the following information is displayed, enter y/Y to start the synchronization.
Are you sure you want to synchronize all LTE NE subscription information
to NEs(Y/N)? y
d. If the message Successful is displayed, the synchronization is successful.

U2000
If the displayed information contains TSCollector0X0Y Service

Exception, the synchronization fails because of exceptions in subscription
information synchronization to NEs in all or some subareas. In this case, contact
Huawei technical support engineers.
l Synchronizing subscription information to specified NEs
Trace Server maintenance and measurement tool supports two ways of synchronizing
subscription information to specified NEs: enter the eNodeB ID by the command line or
batch import the eNodeB ID. Choose the mode based on actual requirements.
– By the command line (Only Trace Server V200R016C10SPC240 or later version
support this function):
i. Run the following commands to execute the Trace Server maintenance and
measurement tool:
~> sh tsfOMtools.sh
ii. Choose Statistics and Migrate > Synchronize NE subscription information
to NEs > Synchronize LTE NE subscription information to specified NEs
> By the command line.
iii. Input the ID of which eNodeB you want to synchronize and press Enter if the
information similar to the following is displayed by the system.
Please input enodeB IDs which you want to synchronize, such as:
123;456;111;222;555 or enter q/Q to quit.
NOTE
○ You can input multiple eNodeB IDs and separate them by a semicolon (;). And the
content you input must end with a complete eNodeB ID without ;.
○ If the subscription information needs to be synchronized to eNodeBs whose IDs
are 123, 456, 111, 222, and 555, the content you input is as follows:
123;456;111;222;555
iv. Confirm the number of specified NEs and enter y/Y when the information
similar to the following is displayed by the system, then press Enter to start
synchronize.
The number of specified NEs is X.Are you sure you want to
synchronize LTE subscription information to these NEs(Y/N)? y
NOTE
The X in the information displayed by the system stands for the number of specified
NEs. It varies based on actual situation.
v. If the message Successful is displayed, the synchronization is successful.
Otherwise, handle the synchronization failure according to the displayed
instructions.
○ If the displayed information contains The eNodeB ID is invalid,
it indicates that there are invalid eNodeB IDs. In this case, choose
Synchronize NE subscription information to NEs > Synchronize LTE
NE subscription information to specified NEs > By the command line
in the menu displayed by the system and input right eNodeB IDs and then
execute the synchronization. If the system still displays The eNodeB
ID is invalid, query whether the configuration data of the
corresponding eNodeB has been synchronized successfully or not by
referring the section Viewing NE Configuration Data Synchronization
Information in U2000 Online Help. If the data has been synchronized
successfully, contact Huawei technical support engineers. Otherwise,

U2000
synchronize the configuration data of the corresponding eNodeB by

referring the section Synchronizing NE Configuration Data in U2000
Online Help. And then synchronize the subscription by referring this
section.
○ If the displayed information contains TSCollector0X0Y Service
Exception, the data collection service in the subarea to which the
specified NEs belong is abnormal. In this case, contact Huawei technical
support engineers.
○ If the displayed information contains This NE is subscribing, a
subscription task is being executed for this NE. Subscription information
is automatically checked during a subscription task. You can ignore the
information.
vi. Run the following commands to delete the synchronization list file.
~> cd /opt/oss/server/var/TSService
~> rm synSubscribe.txt
– By the batch importing:
i. Create or edit the synchronization list file synSubscribe.txt by using PC.
The content of the synchronization list file should be in the following format:
eNodeB ID 1;eNodeB ID 2;...eNodeB ID N;
NOTE
If the subscription information needs to be synchronized to eNodeBs whose IDs are

123, 456, 111, 222, and 555, the content of the synchronization list file is as follows:
123;456;111;222;555
○ eNodeB IDs are separated by a semicolon (;).
○ eNodeB IDs can be entered in multiple lines. Each line must be end with a
complete eNodeB ID without ;. For example, the following content has the same
meaning as the preceding content:
123;456;111
222;555
ii. Upload the synchronization list file synSubscribe.txt to the path /opt/oss/
server/var/TSService on the master server by using FileZilla as user ossuser.
For details, see Transferring Files to the Trace Server by Using FileZilla.
iii. Run the following command to change the file format.
~> dos2unix /opt/oss/server/var/TSService/synSubscribe.txt
iv. Run the following commands to execute the Trace Server maintenance and
measurement tool:
~> sh tsfOMtools.sh
v. Choose the corresponding operation based on the version of Trace Server:
○ If Trace Server is V200R016C10SPC240 or later version, choose
Statistics and Migrate > Synchronize NE subscription information to
NEs > Synchronize LTE NE subscription information to specified
NEs > By uploading file.
○ If Trace Server is other version, choose Statistics and Migrate >
Synchronize NE subscription information to NEs > Synchronize LTE
NE subscription information to specified NEs.

U2000
vi. Confirm the number of specified NEs and enter y/Y when the information
similar to the following is displayed by the system, then press Enter to start
synchronize.
The number of specified NEs is X. Are you sure you want to
synchronize LTE subscription information to these NEs(Y/N)? y
X stands for the number of the NEs whose subscription information needs to
be synchronized. If the number of NEs in the displayed information is
inconsistent with that in the synchronization list file, enter n/N, and perform
Step 2.i again to modify the synchronization list file and synchronize
subscription information after uploading the list file to Trace Server.
vii. If the message Successful is displayed, the synchronization is successful.
Otherwise, handle the synchronization failure according to the displayed
instructions.
○ If the displayed information contains The eNodeB ID is invalid,
the synchronization list file contains invalid eNodeB IDs. In this case,
perform Step 2.i to correct the format or eNodeB IDs, and execute the
synchronization after uploading the list file to the Trace Server. If the
system still displays The eNodeB ID is invalid, query whether
the configuration data of the corresponding eNodeB has been
synchronized successfully or not by referring the section Viewing NE
Configuration Data Synchronization Information in U2000 Online
Help. If the data has been synchronized successfully, contact Huawei
technical support engineers. Otherwise, synchronize the configuration
data of the corresponding eNodeB by referring the section Synchronizing
NE Configuration Data in U2000 Online Help. And then synchronize
the subscription by referring this section.
○ If the displayed information contains TSCollector0X0Y Service
Exception, the data collection service in the subarea to which the
specified NEs belong is abnormal. In this case, contact Huawei technical
support engineers.
○ If the displayed information contains This NE is subscribing, a
subscription task is being executed for this NE. Subscription information
is automatically checked during a subscription task. You can ignore the
information.
viii. Run the following commands to delete the synchronization list file.
~> rm synSubscribe.txt
----End
20.3 Enabling the Trace Server to Process Data of an RNC

with Extra-large Specifications
If data generated on an RNC exceeds the processing capability of a single Trace Server board
(the RNC is referred to as an RNC with extra-large specifications), configure the Trace Server
so that RNC data can be offloaded to other Trace Server board. If the Trace Server does not
need to collect or process the data of such RNCs, skip this section.

U2000
20.3.1 Querying Master Partition Information

This section describes how to query information about Master partitions of an RNC .
Prerequisites
l The U2000 services are running properly.
l You have obtained the FDN of the RNC.
Context
If the Trace Server is not enabled to process data of an RNC with extra-large specifications
and the existing partition is used to manage the RNC, the partition is the Master partition for
the RNC by default.
Procedure
Step 2 Perform the following operations to query Master partition information of the RNC:
1. Run the following commands to export a partition information file of all NEs:
~> sh getNeToTSRelation.sh
If information similar to Generate NeToTSRelation complete!File

is /opt/oss/server/var/TSService/
RelationsOfNE2TSPartiationYYYYMMDDhhmmss.csv is displayed, the
partition information file RelationsOfNE2TSPartiationYYYYMMDDhhmmss.csv has
been exported and saved in the /opt/oss/server/var/TSService directory. Record the
actual name of the partition information file.
2. Run the following command to query Master partition information of the RNC:
~> more /opt/oss/server/var/TSService/
RelationsOfNE2TSPartiationYYYYMMDDhhmmss.csv | grep FDN of the RNC
– If no information is displayed, the RNC is not managed by the existing partition.
– If information similar to 10.144.48.43,TSCollectorXXXX,NE=XXX is
displayed, the RNC is managed by the TSCollectorXXXX partition. This partition
is the Master partition of the RNC.
NOTE
– Replace RelationsOfNE2TSPartiationYYYYMMDDhhmmss.csv and FDN of the RNC in the

preceding command based on the actual condition.
– To query the distribution of multiple RNCs in the Trace Server, perform this step for each
RNC.
----End
20.3.2 Configuring Master Partition Information

This section describes how to configure information about Master partitions of an RNC using
the Trace Server maintenance and measurement tool.

U2000
Prerequisites
l You have contacted Huawei technical support engineers to confirm the Master partition
name for an RNC.
Context
l For an RNC, the sum of the load ratios of Master and Overflow partitions processing
services is 100. Use the Trace Server maintenance and measurement tool to modify the
load ratio of an Overflow partition. After the modification, the load ratio of the Master
partition automatically changes.
l Only one Master partition can be allocated to a given RNC.
Procedure
l Add the Master partition.
a. Create or modify the configuration file by using PC:
NOTE
When you initially create the MasterPatitions file during function commissioning, create
and save this file as a CSV file using Notepad. To perform maintenance operations in the file
using Notepad, obtain the file from the /opt/oss/server/var/TSService directory on the
Trace Server master board as user ossuser using FileZilla.
i. Add information about the RNC to the file. The format is as follows:
FDN of the RNC,TSCollectorXXXX
If the FDN of an RNC is NE=256 and the Master partition to be added is
TSCollector0101, add the following information to the file:
NE=256,TSCollector0101
NOTE
l In a given row, the Master partition can be configured for only one RNC.
l In the preceding command, TSCollectorXXXX indicates the data collection
service. Replace it with the actual name.
l FDN of the RNC and TSCollectorXXXX are separated by a comma (,).
ii. Upload the configuration file MasterPatitions.csv to the path /opt/oss/
server/var/TSService on the master server by using Filezilla as user ossuser.
For details, see Transferring Files to the Trace Server by Using FileZilla.
b. Use PuTTY to log in to the master server of Trace Server in SSH mode as ossuser.
For details, see Logging In to a Board Using PuTTY.
c. Run the following command to change the format of the configuration file.
~> dos2unix /opt/oss/server/var/TSService/MasterPatitions.csv
d. Run the following commands to run the Trace Server maintenance and
measurement tool:
~> sh tsfOMtools.sh
e. Choose Statistics and Migrate > Add NE Master Partition. Add a Master
partition to the RNC.

U2000
If information similar to Add NE Master Partition Successfully. is

displayed, the Master partition has been added successfully. Otherwise, handle the
problem according to the displayed error information, or contact Huawei technical
support engineers.
l Modify the Master partition.
To modify the Master partition information, you only need to migrate the RNC to the
target partition. For details, see 20.8.2 Migrating NEs in the Trace Server System
(U2000 Client) in U2000 ATAE Cluster System Administrator Guide.
----End
20.3.3 Querying Overflow Partition Information

This section describes how to query information about Overflow partitions of an RNC using
the Trace Server maintenance and measurement tool.
Prerequisites
The U2000 services are running properly.
Procedure
~> sh tsfOMtools.sh
Step 3 Choose Statistics and Migrate > Export Overflow Partition Information. Export the
Overflow partition information file of the RNC.
If information similar to the following is displayed, the Overflow partition information file
has been exported successfully. Otherwise, contact Huawei technical support engineers.
Export overflow partition information successfully! Result file is /opt/oss/
server/var/TSService/OverFlowPartitionInfosYYYYMMDDhhmmss.csv
NOTE
l The Overflow partition information file OverFlowPartitionInfosYYYYMMDDhhmmss.csv is

saved in the /opt/oss/server/var/TSService directory of the master server. You can go to this
directory to obtain the file as user ossuser.
In the file name, YYYYMMDDhhmmss is the time when the file is generated. For example,
OverFlowPartitionInfos20150728145636.csv indicates that the file was generated at 14:56:36 on
July 28, 2015.
l A maximum of 20 Overflow partition information files can be saved. If more files need to be saved,
the Trace Server maintenance and measurement tool automatically deletes the earliest files based on
the file generation time.
Step 4 Run the following commands to view the Overflow partition information file of the RNC:
~> cat Overflow partition information file name

NEFDN,OVERFLOWPARTITION,OVERFLOWRATIO
NE=256,TSCollector0201,30

U2000
The preceding command output is for reference only. These parameters are described as
follows:
l NEFDN: indicates the FDN of the RNC.

l OVERFLOWPARTITION: indicates the Overflow partition the RNC belongs to.
l OVERFLOWRATIO: indicates the load ratio of the Overflow partition.
NOTE
l If no Overflow partitions are configured for the RNC, the file contains only the parameter name line.
This is a normal phenomenon, and you can ignore it.
l For an RNC, the sum of the load ratios of Master and Overflow partitions is 100. After obtaining the
load ratio of each Overflow partition, subtract the sum of these values from 100 to obtain the load
ratio of the Master partition.
----End
20.3.4 Configuring Overflow Partition Information

This section describes how to configure information about Overflow partitions of an RNC
using the Trace Server maintenance and measurement tool.
Prerequisites
l You have added the Master partition to the RNC.
Context
For an RNC, the sum of the load ratios of Master and Overflow partitions processing services
is 100. Use the Trace Server maintenance and measurement tool to modify the load ratio of an
Overflow partition. After the modification, the load ratio of the Master partition automatically
changes.
Procedure
~> sh tsfOMtools.sh
Step 3 Choose Statistics and Migrate > Export Overflow Partition Information. Export the
Overflow partition information file of the RNC.
If information similar to the following is displayed, the Overflow partition information file
has been exported successfully. Otherwise, contact Huawei technical support engineers.
Export overflow partition information successfully! Result file is /opt/oss/
server/var/TSService/OverFlowPartitionInfosYYYYMMDDhhmmss.csv

U2000
The name of the Overflow partition information file in the preceding command output is for
reference only. Use the actual file name.
Step 4 Choose Quit > Quit to exit the Trace Server maintenance and measurement tool.
Step 5 Download the partition information file to the PC and change its name to
ModifyOverFlowPartition.csv.
Step 6 Run the following command to modify Overflow partition information:

1. Edit the Overflow partition information file. Add ,operation identifier to the end of the
row to be modified. After the modification, press Esc, and enter :wq to save the
modification and exit the text editor. Operator identifiers are defined as follows:
– ADD: Add partition information.
– DELETE: Delete partition information.
– UPDATE: Modify partition information.
– If no operator identifier is added to a row, no operations are performed for the row.
The following is a modification task example:
In this example, the contents of the Overflow partition information file are as follows:
Modify partition information according to Table 20-3.
Table 20-3 RNC partition information

FDN Partition Information Before Partition Information After
of the Modification Modification
RNC
Load Ratio of Load Ratios of Load Ratio of Load Ratios of
the Master the Overflow the Master the Overflow
Partition Partitions Partition Partitions
NE=2 70 TSCollector0201 40 TSCollector0201

56 , 30 , 20
- TSCollector0302
, 40
NE=2 40 TSCollector0301 80 -
57 , 40
TSCollector0401 TSCollector0401
, 20 , 20
After the modification, the contents of the Overflow partition information file are as
follows:
NE=256,TSCollector0201,20,UPDATE
NE=257,TSCollector0301,40,DELETE
NE=256,TSCollector0302,40,ADD

U2000
NOTE
– All the Overflow partitions of an RNC must be located on different servers from each other.
The Overflow partitions of an RNC must be located on different servers from its Master
partition. Check whether any two partitions are located on the same server based on the
partition names. If the second digits of certain partition names are the same, these partitions
are located on the same server. For example, TSCollector0301 and TSCollector0302 are
located on the same server.
For details about how to query the Master partition an RNC belongs to, see Querying Master
Partition Information.
– OVERFLOWRATIO indicates the load ratio, which is an integer ranging from 1 to 99.
– When modifying the load ratio of a partition for an RNC, ensure that the partition information
is in the same row.
– For an RNC, the maximum total load ratio of Overflow partitions is 99.
– If performing multiple operations on an Overflow partition for an RNC on the same server, for
example, adding, modifying, and deleting an Overflow partition, modify and import the
partition information file one operation at a time.
2. Upload the partition information file to the path /opt/oss/server/var/TSService on the
master server by using Filezilla as user ossuser. For details, see Transferring Files to the
Trace Server by Using FileZilla.
Step 7 Run the command to change the format of the partition information file.
~> dos2unix /opt/oss/server/var/TSService/ModifyOverFlowPartition.csv
~> sh tsfOMtools.sh
Step 9 Choose Statistics and Migrate > Import Overflow Partition Information. Import the
partition information file modified to make the modification effective.
...
Total 4 rows imported.
1 rows added. 1 rows updated, 1 rows deleted, 1 rows ignored, 0 rows failed.
Import overflow partition operations success.
In the preceding command output, four rows of configuration information have been
successfully imported: one row added, one row modified, one row deleted, and one row
unchanged.
If any row fails to be imported, check whether the contents of the partition information file
ModifyOverFlowPartition.csv are correct. If they are incorrect, go to Step 6 to correct the
contents, and import the file again. If the import failure persists, contact Huawei technical
support engineers.
----End
20.4 Configuring the Trace Server to Process Data of PS

Domain NEs
The reporting mechanism for data of PS domain NEs is different from that for data of RAN
NEs. By default, the Trace Server cannot process data of PS domain NEs and RAN NEs at the
same time. If the Trace Server manages both PS domain NEs and RAN NEs, you need to
configure the Trace Server by following the operations provided in this section. Otherwise,
skip this section.

U2000
20.4.1 Configuring Boards as PS Boards

If the Trace Server needs to manage NEs in the RAN and PS domains, configure boards
planned to process NE services in the PS domain to receive NE data only in the PS domain.
That is, isolate hardware resources of Trace Server boards to enable the Trace Server to
manage NEs in the RAN and PS domains. When the Trace Server manages NEs only in the
RAN or PS domain, skip this section.
Prerequisites
l IP addresses of the Trace Server boards planned to process NE services in the PS domain
have been obtained.
Procedure
~> sh tsfOMtools.sh
Step 3 Chosse Statistics and Migrate > Set PS Partition > Add.
Input the IP addresses of the boards planned to process NE services in the PS domain when
the system displays the following information. Use space to separate multiple IP addresses.
Please input the PS node IP. If there is more than one IP, use blank to separate
them.
NOTE
l If the IP address of Trace Server is translated using NAT, input the IP address of the default network
port before translated.
l If the service network plane isolation is used, input the IP address of the default network port.
When the system displays the following information, it indicates that you configured
successfully. Otherwise, contact the Huawei engineer.
Set successfully.
----End
Follow-up Procedure
After configuring the Trace Server board as PS board, activate the data reporting function of
NEs in the PS domain. For detailed operations, see Activating Data Reporting of NEs in the
PS Domain.
20.4.2 Allocating PS Domain NEs

The Trace Server cannot automatically allocate PS domain NEs to Trace Server servers and
relevant partitions due to different management mechanism about these NEs on the Trace
Server servers. This section describes how to plan Trace Server servers for PS domain NEs
and allocate these NEs to the Trace Server servers.

U2000
Prerequisites
You have contacted Huawei technical support to obtain iManager U2000 Network
Management Capacity Specification and Trace Server Management Capability Calculation
used with the Trace Server version. You also have obtained the NE traffic model on the live
network and calculated the number of Trace Server servers with which PS domain NEs need
to be connected.
Context
NOTICE
Unless otherwise specified in calculation and operation procedures of this section, upper-layer
applications, NEs, and Trace Server servers indicate upper-layer applications using PS
services, PS domain NEs, and Trace Server servers managing PS domain NEs, respectively.
Before allocating PS domain NE to Trace Server servers, you need to know the following
concepts:
l Number of Trace Server servers with which NEs are to be connected: It indicates the
number of Trace Server servers with which PS domain NEs are to be connected for a
specified traffic model.
Contact Huawei technical support to calculate this number based on the traffic model on
the live network by following the instructions provided in iManager U2000 Network
Management Capacity Specification and Trace Server Management Capability
Calculation.
l Bandwidth: It indicates the bandwidth over the network interface on a Trace Server
server.
Use Trace Server maintenance and measurement tool to calculate the bandwidth over the
network interface by following the instructions provided Collecting Load Statistics in
l Number of data copies to be forwarded: It indicates the number of data copies provided
by the Trace Server for upper-layer applications, including the NMS. This number
increases by 1 each time the Trace Server provides data collection for one upper-layer
application. If the Trace Server uses the northbound feature, this number also increases
by 1.
For example, if the Trace Server provides data collection for the PRS and uses the
northbound feature, this number is 2.
l NE type: It indicates the type of PS domain NEs to be connected with the Trace Server.
USNs include those with the EVU board and those without the EVU board.
l Service type: It indicates the service type for different data processing specifications
when the Trace Server forwards data to the NMS and when the Trace Server does not
forward data to the NMS. The service types include enabled and disabled northbound
features.
l Available load margin: It indicates the available load margin for NE services on a Trace
Server server. The available load margin for the Trace Server server managing no NEs is
1.

U2000
The available load margin is calculated based on the bandwidth, service type, and other
parameters. When the Trace Server is commissioned, the available load margin for each
Trace Server server planned for managing PS domain NE is 1 because no NEs connected
to the Trace Server.
Comply with the following principle when allocating PS domain NE to Trace Server servers:
Available load margin > Number of Trace Server servers with which NEs are to be connected.
Only values of the two parameters need to be compared, and parameter units can be ignored.
Procedure
l If the Trace Server is commissioned, perform the following procedure:
NOTICE
All calculations and operations in this procedure applies only to Trace Server servers
managing PS domain NEs.
a. Plan the Trace Server servers for all PS domain NEs based on the principle:
Available load margin > Number of Trace Server servers with which NEs are to be
connected.
If the number of Trace Server servers with which a single PS domain NE is to be
connected is greater than the available load margin, perform the following
operations:
n For the USN with the EVU board, allocate the EVU board to multiple Trace
Server servers.
n For the USN without the EVU board, contact Huawei technical support.
NOTE
l If more PS domain NEs need to be connected with Trace Server servers and Trace
Server servers cannot be planned for these NEs based on the preceding principle, contact
Huawei technical support to expand the capacity of Trace Server servers.
l When the preceding principle is met, preferentially allocate the same PS domain NE to a
single Trace Server server.
Types of PS domain NEs to be connected with Trace Server servers are used as
examples in Table 20-4. IP addresses of Trace Server servers are 10.1.1.1, 10.1.1.2,
and 10.1.1.3, respectively. Table 20-5 lists the NE allocation planning.
Table 20-4 PS domain NE

NE Name NE Type Number of Trace
Server Servers with
Which NEs Are To Be
Connected
AAA USN without the EVU 0.3

board
BBB USN with the EVU 1.2

board

U2000
Table 20-5 NE allocation planning

NE Name IP Address of the Trace Server
AAA 10.1.1.1
BBB 10.1.1.2, 10.1.1.3
b. Contact Huawei technical support to activate data reporting of PS domain NEs and
set the IP addresses of CHR servers of USNs to those of planned Trace Server
servers. For details, see Activating Data Reporting of NEs in the PS Domain in
The PS domain NEs in step 1 are used as examples. You can set the IP address of
the CHR server of AAA to 10.1.1.1 and set IP addresses of the CHR server of BBB
to 10.1.1.2 and 10.1.1.3.
l If the Trace Server is in O&M mode, perform the following procedure:
NOTICE
All calculations and operations in this procedure applies only to Trace Server servers
managing PS domain NEs.
a. Perform the following operations to calculate the available load margin of a Trace
Server server.
i. Calculate the bandwidth over the network interface on a Trace Server server
by following the instructions provided Collecting Load Statistics in U2000
Trace Server User Guide (ATAE Cluster, Standalone).
When service network planes of the Trace Server are isolated, calculate the
bandwidth over the network interface sharing the same planes with PS domain
NEs.
ii. Calculate the throughput rate of NE-reported data for a Trace Server server
based on the following formula:
Throughput rate = Bandwidth/(1 + Number of data copies to the forwarded)
In the preceding formula, 1 indicates the number of NE-reported data copies,
and the number of data copies to be forwarded indicates the number of data
copies provided by the Trace Server for upper-layer applications, including the
NMS.
For example, if the IP addresses of three Trace Server servers providing data
forwarding for two applications and using the northbound feature are 10.1.1.1,
10.1.1.2, and 10.1.1.3, respectively, and the throughput rates are listed in Table
20-6 based on relevant IP addresses and bandwidths.

U2000
Table 20-6 Throughput rate

IP Address of the Bandwidth (Mbit/s) Throughput Rate
Trace Server (Mbit/s)
10.1.1.1 22 =22/(1 + 2 (Number of

upper-layer
applications) + 1
(Number of
northbound features)) =
5.5
10.1.1.2 30 =30/(1 + 2 + 1) = 7.5
10.1.1.3 50 =50/(1 + 2 + 1) = 12.5
iii. Calculate the available load margin of a Trace Server server based on the
following formula.
Available load margin = 1 - Bandwidth/Data processing specifications
Data processing specifications of Trace Server servers depend on types of PS
domain NEs to be connected with the Trace Server servers and Trace Server
service features, as listed in Table 20-7.
NOTE
If NEs of multiple types are to be connected with a Trace Server server, the data
processing specifications of the Trace Server server are subject to the smaller data
processing specifications for these NEs.
Table 20-7 Specifications of Trace Server servers

NE Type Service Type Data Processing
Specifications
(Mbit/s)
USN with the EVU Disabled northbound 113

board feature
Enabled northbound 56.5

feature
USN without the EVU Disabled northbound 56.5

board feature
Enabled northbound 56.5

feature
Table 20-8 lists the available load margins for Trace Server servers based on
the throughput rates obtained in a.ii when NEs to be connected with the Trace
Server servers include USNs with EVU boards and those without EVU boards.

U2000
Table 20-8 Available load margin
IP Address of the Throughput Rate Available Load

Trace Server (Mbit/s) Margin
10.1.1.1 5.5 1 - 5.5/56.5 = 0.9
10.1.1.2 7.5 1 - 7.5/56.5 = 0.86
10.1.1.3 12.5 1 - 12.5/56.5 = 0.77
b. Plan the Trace Server servers for all PS domain NEs based on the principle:
Available load margin > Number of Trace Server servers with which NEs are to be
connected.
If the number of Trace Server servers with which a single PS domain NE is to be

connected is greater than the available load margin, perform the following
operations:
n For the USN with the EVU board, allocate the EVU board to multiple Trace
Server servers.
n For the USN without the EVU board, contact Huawei technical support.
NOTE
l If more PS domain NEs need to be connected with Trace Server servers and Trace
Server servers cannot be planned for these NEs based on the preceding principle, contact
Huawei technical support to expand the capacity of Trace Server servers.
l When the preceding principle is met, preferentially allocate the same PS domain NE to a
single Trace Server server.
Types of PS domain NEs to be connected with Trace Server servers are used as
examples in Table 20-9. IP addresses of Trace Server servers are 10.1.1.1, 10.1.1.2,
and 10.1.1.3, respectively. Table 20-10 lists the NE allocation planning.
Table 20-9 PS domain NE
NE Name NE Type Number of Trace

Server Servers with
Which NEs Are To Be
Connected
AAA USN without the EVU 0.3

board
BBB USN with the EVU 1.2

board
Table 20-10 NE allocation planning
AAA 10.1.1.1

U2000
BBB 10.1.1.2, 10.1.1.3
c. Contact Huawei technical support to activate data reporting of PS domain NEs and
set the IP addresses of CHR servers of USNs to those of planned Trace Server
servers. For details, see Activating Data Reporting of NEs in the PS Domain in
The PS domain NEs in step 1 are used as examples. You can set the IP address of
the CHR server of AAA to 10.1.1.1 and set IP addresses of the CHR server of BBB
to 10.1.1.2 and 10.1.1.3.
----End
20.4.3 Query PS Partition

This section describes how to query the IP address of the service board that processes the data
generated by the NEs in the PS domain.
Prerequisites
Procedure
Step 2 Run the following command to execute the Trace Server maintenance and measurement tool.
~> sh tsfOMtools.sh
Step 3 Choose Statistics and Migrate > Set PS Partition > Query to query the IP address of the
server that processes the data generated by the NEs in the PS domain.
l The system displays the IP address of the corresponding service board. The following is
an example.
10.185.196.141 10.185.196.142
l When the system displays the following information, it indicates that there is no service
board can manage NEs in the PS domain.
There is no PS node.
----End
20.4.4 Delete the PS Partition

This section describes how to delete the PS partition on the Trace Server board by using the
Trace Server maintenance and measurement tool.
Prerequisites

U2000
Procedure
Step 2 Run the following command to execute the Trace Server maintenance and measurement tool.
~> sh tsfOMtools.sh
Step 3 Choose Statistics and Migrate > Set PS Partition > Delete to delete the PS partition on the
Trace Server board.
When the system displays the following information, input the IP address of the Trace Server
board whose PS partition needs to be deleted. Use space to separate multiple IP addresses.
Please input the PS node IP. If there is more than one IP, use blank to separate
them.
When the system displays the following information, it indicates that you configured
successfully. Otherwise, contact the Huawei engineer.
setPSPart success.
----End
20.4.5 Activating Data Reporting of NEs in the PS Domain

Before NEs in the PS domain deliver subscription events, activate the data reporting function
of these NEs. If the Trace Server does not manage NEs in the PS domain, skip this section.
All the operations for the NEs in the PS domain are performed by the core network
O&M personnel.
Procedure
l Activating the CHR data reporting function of USNs.
For details, see Activating the Call History Record Feature in USN9810 Product
Documentation for a specific USN version.
NOTE
l Set the IP address of the CHR server to that of the PS board described in 20.4.1 Configuring
Boards as PS Boards. If Network Address Translation (NAT) is performed during
communication between the Trace Server and the USN, set the IP address to the translated IP
address of the PS board.
l If the EVU board is configured on the USN, set the port number to 31132. If the EVU board is
not configured on the USN, set the port number to 31131.
----End
20.5 Managing Trace Server Load

If the Trace Server load is high, the system may become slow or have no response. If
resource-related alarms, such as high CPU, memory, or disk usage, are generated, you can
collect statistics on and analyze Trace Server load and migrate NEs in a timely manner to
ensure that the Trace Server runs properly.

U2000
When resource-related alarms are generated, you are advised to analyze and handle faults
based on the following procedure:
1. Collect statistics on Trace Server load. Obtain the resource usage of all servers within a
certain period of time.
The recommended statistical period is 7 days. Set it based on site requirements. For
details about how to collect statistics on Trace Server load, see 20.5.1 Collecting Load
Statistics.
2. Preliminarily determine whether the servers are busy or idle:
– Busy: The average CPU usage is greater than or equal to 75%.
– Idle: The average CPU usage is less than 75%.
Perform the corresponding operation:
– If all servers are busy, you are advised to enable the flow control function of the
Trace Server. When this function is enabled, you do not need to perform subsequent
operations.
For details about how to query and set the flow control function, see 20.5.3 Setting
the Trace Server Flow Control Switch.
NOTE
If all servers are still busy after flow control is enabled, contact Huawei technical support.
– If some servers are idle, perform the following operations:
3. Query the distribution of NEs and subscription information on the servers. For details,
see 20.2.1 Querying Information About NE Distribution and LTE Cell
Subscription.
4. Collect data traffic statistical results reported by NEs. For details, see 20.5.2 Collecting
Data Traffic Statistical Results of NEs.
5. Contact Huawei technical support to identify busy subareas based on the statistical
results obtained in 3 and 4.
6. Migrate NEs from busy subareas to idle subareas. For details, see 20.8 Managing the
NEs in Trace Server.
NOTICE
During NE migration, pay attention to the following principles:
l The type of NE to be migrated must be the same as the existing NE type in the target
subarea.
l Generally, the RNC generates a large amount of data. You are advised to migrate the
RNC to an empty subarea.
20.5.1 Collecting Load Statistics

This section describes how to use the Trace Server maintenance and measurement tool to
collect the CPU usage, memory usage, and bandwidth usage on the Trace Server.
Prerequisites

U2000
Context
The Trace Server maintenance and measurement tool collects the CPU usage, memory usage,
and bandwidth usage in real time and obtains the maximum, minimum, and average usage of
these resources in the specified period. The Trace Server maintenance and measurement tool
is able to display real-time resource usage on the client, save the usage data in files, and
analyze the data on the server. You can set the tool to perform only statistics tasks on the
server. The real-time usage and load are saved in different files under the /opt/oss/server/
rancn/bin/tsfOMTools/collectResult/staticResult directory of the Trace Servermaster server.
You can obtain and view these files as user ossuser. The other files in this directory are
process files, which can be ignored.
l Information about real-time usage of resources is saved in the

ts_io_load_info_total_YYYYMMDD.csv file.
l The analysis results are saved in the TSboradloadStatic_YYYYMMDD.csv file.
l Only one statistic task can be executed in the system at a time.
l Trace Server maintenance and measurement tool generates the statistics file in the unit of
day. If a statistics task (including the task that you manually stop) is complete one day,
the Trace Server maintenance and measurement tool writes the statistics into the existing
result file when you execute another statistics task that day.
Procedure
~> sh tsfOMtools.sh
Step 3 Perform the following operations to query and collect load statistics on the Trace Server:
1. Choose Statistics and Migrate > IO Load Statistics.
2. If information similar to the following is displayed, a statistics task is running. Perform
the operations based on the actual requirements. Otherwise, go to Step 3.3.
This function is running in background.
Are you want to stop it(y or n)?
– If you need to stop the running statistics task, enter y, press Enter, and go to Step
3.3 for starting a new task.
– If you do not process the running statistics task, enter n, press Enter, and return to
the upper-level menu. No further operation is needed.
3. When information similar to the following is displayed, enter the duration for load
statistics collection, and press Enter:
Enter an integer of hours from 1-168,representing time IO Load Statistics
execution.If the input is empty,24 is used by default.
NOTE
– The digit to be entered is hour quantity and is an integer ranging from 1 to 168.
– If you do not enter a digit but press Enter, the system will collect load statistics generated
within the latest 24 hours.
4. If the following information is displayed, enter the load measurement period and press
Enter:

U2000
Enter a period for collecting load statistics: [15,30,60,1440] minutes (If

you press Enter, the period is set to 15 minutes by default.)
NOTE
– This function is supported in U2000 V200R015C10SPC240 and later.

– The digits to be entered indicate the load measurement period (unit: minute). The load
measurement period can be set to 15, 30, 60, or 1440 minutes. The default period is 15
minutes.
– After the measurement period is entered, press Enter. The system calculates the maximum,
and minimum, and average CPU and memory usage within the configured measurement
period based on the raw load measurement results and writes the calculation results to the
TSboradloadStatic_YYYYMMDD.csv file.
– The measurement task runs only on the server. For details, see the
TSboradloadStatic_YYYYMMDD.csv file in the /opt/oss/server/rancn/bin/tsfOMTools/
collectResult/staticResult directory on the U2000 server. The parameters in this file are
described as follows:
n time: measurement time points within a measurement period
n boradIP: IP address of the server
n cpuMaxUsage(%): maximum CPU usage of the server within a measurement period
n cpuMinUsage(%): minimum CPU usage of the server within a measurement period
n cpuAveUsage(%): average CPU usage of the server within a measurement period
n memMaxUsage(%): maximum memory usage of the server within a measurement
period
n memMinUsage(%): minimum memory usage of the server within a measurement
period
n memAveUsage(%): average memory usage of the server within a measurement period
5. When the following information is displayed, select a mode for load statistics collection
based on the actual requirements:
A|a) Foreground
B|b) Background
Please make a choice:

U2000
If You... Then...
Choose A|a) The system displays the statistics in command output and
Foreground refreshes it every 30s. You can wait until the task is complete
or press Enter to stop statistics collection and return to the
upper-level menu.
boradIP cpuUsage(%) memUsage(%) bond1(Mbps)
bond2(Mbps) bond3(Mbps) bond4(Mbps) loadAverage
10.144.48.43 1 7 0.098777
NIL NIL NIL 0.150
10.144.48.43 1 7 0.098777
NIL NIL NIL 0.150
The preceding command output is for reference only. These

parameters are described as follows:
– boradIP: IP addresses of the server.
– cpuUsage(%): CPU usage of the server.
– memUsage(%): Memory usage of the server.
– bond1(Mbps)/bond2(Mbps)/bond3(Mbps)/bond4(Mbps):
Bandwidth rate of the server. The unit is Mbit/s.
– loadAverage: Average load of the server.
NOTE
– The command output displays only the calculation results after
Step 3.3 is performed.
– The bandwidth rate may be NIL in the first statistical period. In
this case, wait for the next statistical period. If the bandwidth of a
port is always displayed as NIL during subsequent measurement
periods, run the ifconfig command to check whether this port
exists. If this port exists and the value is always NIL, contact
Huawei technical support engineers; if this port does not exist,
this port has not been configured. In this example, only the
bandwidth information about bond1 is displayed, indicating that
only one port (bond1) exists. The displayed bandwidth
information depends on the actual environment.
Choose B|b) If the following information is displayed, the statistics task

Background starts to be run on the background and will automatically
return to the upper-level menu:
IO Load Statistics is started to run in
background.The result file is stored in path /opt/oss/
server/rancn/bin/tsfOMTools/collectResult/
staticResult/ts_io_load_info_total_YYYYMMDD.csv.
----End
20.5.2 Collecting Data Traffic Statistical Results of NEs

This section describes how to collect data traffic statistical results of NEs on the Trace Server.
The statistical results are saved in the /dataCollectionStatistics directory of the master Trace
Server board.
Prerequisites
l The Trace Server services are running properly.

U2000

l The Trace Server has issued subscription tasks, and NEs have reported data to the Trace
Server.
Context
l The Trace Server Maintenance and Measurement Tool is able to collect data traffic
statistical results of RNCs, eNodeBs, NodeBs, and BSCs.
l The Trace Server maintenance and measurement tool saves seven most recent statistical
result files only and automatically deletes files generated earlier in time sequence.
Procedure
~> sh tsfOMtools.sh
Step 3 Perform the following operations to collect data traffic statistical results of NEs on the Trace
Server:
1. Choose Information Collection > DataCollectionStatistics Collection.
2. When information similar to the following is displayed, enter the start date for statistics
collection, and press Enter:
Please input the start time, such as 20150714:
NOTE
– The format of the start date is YYYYMMDD, for example, 20150714.

– The start date entered must be earlier than the current date.
– If you press Enter without entering any digits, the system collects all the data traffic statistical
results generated regardless of the date.
3. When information similar to the following is displayed, enter the end date for statistics
collection, and press Enter:
Please input the end time, such as 20150714, today is used by default:
NOTE
– The end date entered must be later than the start date.
– If you press Enter without entering any digits, the system collects all the data traffic statistical
results generated until the current date.
4. When information similar to the following is displayed, enter the IP address of the Trace
Server whose statistical results need to be collected, and press Enter:
10.144.48.43 10.144.48.44 10.144.48.45
Please input the IP address of servers you want to collect
DataCollectionStatistics [ Press Enter key to collect all servers ]:
NOTE
If you press Enter without entering the IP address, the system collects the data traffic statistical
results on all Trace Server boards.
5. If the following information is displayed, the statistical results are collected successfully.
Otherwise, contact Huawei technical support engineers.

U2000
Collect DataCollectionStatistics successfully. Result file path : /opt/oss/

server/rancn/bin/tsfOMTools/collectResult/dataCollectionStatistics/
DataCollectionStatistics_ 20150714200906.tar.gz
The statistical results are saved in the /opt/oss/server/rancn/bin/tsfOMTools/

collectResult/dataCollectionStatistics directory on the master U2000 board. You can
obtain and view the results as user ossuser.
NOTE
– During a measurement period, if an NE reports data to the Trace Server, a result file is
generated; otherwise, no result file is generated.
– The result files are named in the following format: Data type_Board IP address_Service
name_Date (YYYYMMDD).csv. A result file whose Data type is unknow supports other date
types besides the NE data types collected.
– Parameters in the title line of a result file are described as follows:
n periodStartTime: indicates the start time of the measurement period.
n neFdn: indicates the NE identifier.
n neName: indicates the name of NE.
n dataType: indicates the data type of collected statistics.
n fileSize(KB): indicates the size (KB) of files collected during the measurement period.
n fileCount: indicates the number of files collected during the measurement period.
– Data in each line of the result file is collected at a 5-minute interval after the start time of the
collection.
----End
20.5.3 Setting the Trace Server Flow Control Switch

enable or disable the NE data flow control function. This function is disabled by default.
Context
l If a large amount of NE data flows into the Trace Server, the CPU usage of the Trace
Server may become excessively high, causing switchovers or no response of the
operating system. The NE data flow control function is used to restrict the NE data
amount processed by the Trace Server when the CPU usage is high, thereby ensuring the
normal operating of the Trace Server.
NOTE
This function cannot be used to control data amount of NEs in the PS domain.
l The flow control function is implemented as follows:
– When the average CPU usage is lower than 85%:
n If the CPU usage is always lower than 85% and the system has not entered the
flow control phase, the flow control function is not implemented on NE data.
n If the system has entered the flow control phase and the CPU usage decreases
to below 85%, the flow control function cancels the restriction on NE data
amount and resumes the parsing of NE data files that account for a specified
proportion.
– When the average CPU usage is within the range of 85%–90%:
n If the CPU usage increased from a value less than 85% to a value within this
range, the status before the flow control is maintained.

U2000
n If the CPU usage decreased from a value greater than 90% to a value within
this range, the status after the flow control is maintained.
– When the average CPU usage is greater than 90%, the system automatically sorts
NE data files in the descending order of NE data amount and stops the parsing of
NE data files that account for a specified proportion. In this way, the CPU usage can
gradually decrease to a normal value.
NOTE
l The Trace Server measures the average CPU usage once every 10 minutes.
l For the NEs whose data traffic is filtered out in the flow control phase, the Trace Server stops
reporting required result files to upper-layer applications, such as FARS, Nastar, and NMS.
l After the Trace Server enters the flow control state, a system log is generated on the
U2000 client, and the value of the Basic Information column for the log is Flow
Control. For details about how to query system logs, see section Querying OSS Logs in
U2000 Online Help.
Procedure
~> sh tsfOMtools.sh
Step 3 Choose Set Trace Server Param > Set the switch of flow control to enter the flow control
switch setting interface.
Flow control is enabled
Please make a choice:

A--Enable flow control
B--Disable flow control
Q--Quit
NOTE
Flow control is enabled indicates that flow control has been enabled. Flow control is disabled
indicated that flow control has been disabled. Set the flow control switch based on actual requirements.
l To enable flow control, type A or a. When the following information is displayed, flow
control is enabled. Otherwise, contact Huawei technical support engineers.
Enable flow control successfully.
l To disable flow control, type B or b. When the following information is displayed, flow
control is disabled. Otherwise, contact Huawei technical support engineers.
Disable flow control successfully.
l Type Q or q to close the operation interface.
----End
20.6 Fault Locating and Handling

This section describes how to locate and handle common faults.

U2000
20.6.1 Collecting Service Logs

This section describes how to collect the service logs of Trace Server using Trace Server
maintenance and measurement tool.
Prerequisites
Context
The Trace Server maintenance and measurement tool can collect service logs of all current
service boards in the Trace Server system.
Procedure
Step 2 Run the following command to check and configure the available space size of the root
directory on the master server required for the Trace Server maintenance and measurement
tool and size of collected service logs:
~> vi /opt/oss/server/rancn/bin/tsfOMTools/inc/tsfOMTools.ini
LOG_SIZE=5120MB
NEEDSPACE=5GB
l LOG_SIZE: Total size of logs collected byTrace Server maintenance and measurement
tool. It is 5120 MB by default.
l NEEDSPACE: Available space size of the root directory on the master server required
for log collection function. It is 5 GB by default. For details about how to check the disk
usage of the server, see Querying the Disk Usage of the Trace Server (Cluster, ATAE).
NOTE
l The value of LOG_SIZE is an integer greater than 0 (MB), for example, 123 MB.
l The value of NEEDSPACE is an integer greater than 0 (GB), for example, 123 GB.
Change the two parameters based on actual requirements. After the change, press Esc,
enter :wq! to save the changed parameter, and exit the vi editor. If no modification is needed,
press Esc, enter :q!, and exit the vi editor.
~> sh tsfOMtools.sh
Step 4 Perform the following operations to collect service logs.

1. Choose Information Collection > Trace Collection.
2. If the slave server is deployed, enter the IP address of the server on which the logs need
to be collected as prompted. If no slave server is deployed, go to Step 4.3.
NOTE
– Press Enter to collect logs of all service boards.

– Server IP addresses are separated using a space.

U2000
3. Enter the start time and end time of log collection as prompted.
NOTE
– Press Enter to collect logs generated in the latest 24 hours by default.

– The entered time format is YYYYMMDDhhmm. YYYY, MM, DD, hh, and mm indicate the year,
month, date, hour, and minute respectively.
– If the displayed information contains please input a short period. in the
command output and the system automatically returns to the upper-level menu, the size of
collected logs exceeds the upper limit. Reconfigure the size or enter a shorter collection
duration. For details, see Step 2.
4. When information similar to the following is displayed, logs have been collected
successfully. Otherwise, contact Huawei technical support engineers.
Collect trace successfully.Trace path : /opt/oss/server/rancn/bin/tsfOMTools/
collectResult/traceCollection/20150513104529/
Trace_collect_TS_20150513104505.tar.gz
– The service log is saved in the /opt/oss/server/rancn/bin/tsfOMTools/

collectResult/traceCollection/YYYYMMDDhhmmss on the U2000 master server.
YYYYMMDDhhmmss is the start time of the collection task. You can obtain the log
as user ossuser.
– The Trace Server maintenance and measurement tool reserves service logs collected
in the last 7 tasks.
----End
20.6.2 Analyzing Data Abnormality

analyze data abnormality when upper-layer applications have successfully delivered the
subscription but NEs fail to report the data or some data reported by NEs is missing.
Prerequisites
Context
l Trace Server maintenance and measurement tool can analyze data abnormality generated
within 12 hours.
l Trace Server maintenance and measurement tool can analyze data abnormality of
eNodeBs and NodeBs.
l Ensure that Trace Server maintenance and measurement tool is used to analyze data
abnormality after at least one subscription task has been complete. Otherwise, the
analysis result may be incorrect. You are advised to use the analysis function after the
subscription task is complete 1 hour later.
l Trace Server maintenance and measurement tool saves seven latest analysis result files
only and automatically deletes files generated earlier in time sequence.
Procedure

U2000
~> sh tsfOMtools.sh
Step 3 Choose Collection Issue > Missing File Locate to analyze data abnormality.
Step 4 When the following information is displayed, enter the required duration for data analysis. If
you press Enter, this tool analyzes the data generated within 2 hours by default.
NOTE
This function can only be used to analyze data abnormality on a specific server or all servers at a time.
Use this function 1 hour after subscription is delivered. Enter an integer from
1-12, which indicates a time 1 to 12 hours earlier than the current time. The
default value is 2.
When information similar to the following is displayed, Enter the IP address of the board
which need to be analyzed as prompted. Alternatively, press Enter to analyze all the service
boards.
10.144.48.42 10.144.48.45 10.144.48.46
Enter the IP address of a Trace Server. If the IP address is empty, the
information of all Trace Server boards are collected by default:
If information similar to the following is displayed, Trace Server maintenance and

measurement tool has completed the analysis. Otherwise, contact Huawei technical support
engineers.
Missing files information is stored in path /opt/oss/server/rancn/bin/tsfOMTools/
collectResult/southdataAnaResult/20150225161035.
Trace Server maintenance and measurement tool generates the analysis result file
AnaResult_NE type_Board IP address_Random number by NE type and board IP address,
saves the file in the /opt/oss/server/rancn/bin/tsfOMTools/collectResult/
southdataAnaResult/YYYYMMDDhhmmss directory on the master server.
YYYYMMDDhhmmss is the exact start time for the task analysis. You can obtain the analysis
result file as user ossuser. Table 20-11 lists description of parameters in the analysis result
file.

neFDN FDN of an NE.
neName Name of an NE.
lostFileNum Number of lost files.

In normal cases, the value of this parameter
is 0. Otherwise, files may be lost between
the Trace Server and an NE. In this case,
contact Huawei technical support engineers.

U2000
reportFileNum Number of reported files.

is not 0. Otherwise, the possible causes are
as follows:
l The upper-layer application does not
deliver the NE subscription.
l Faults may exist between the Trace
Server and the upper-layer application so
that the subscription fails to be delivered.
In this case, contact Huawei technical
support engineers.
reportFileSize(MByte) Size of reported files (unit: MB).

is not 0. Otherwise, the possible causes are
as follows:
l The upper-layer application does not
deliver the NE subscription.
l Faults may exist between the Trace
Server and the upper-layer application so
that the subscription fails to be delivered.
In this case, contact Huawei technical
support engineers.
----End
20.7 Configuring the LTE Cell Management Capability

This section describes how to use Trace Server maintenance and measurement tool to
configure the LTE cell management capability of the Trace Server.
Prerequisites
Context
Four data collection processes TSCollectorXXXX are deployed on the Trace Server service
board. All the four processes have the same LTE cell management capability. If the network
planning is changed, the number of LTE NEs is also changed. When the number exceeds the
current management capability, the Trace Server automatically adjusts the management
capability of each data collection process and ensures that the capability does not exceed the
maximum management capability. Use Trace Server maintenance and measurement tool to
change the management capability of each process and adjust it based on the actual
requirements on the live network when it exceeds the upper threshold.

U2000
Procedure
~> sh tsfOMtools.sh
Step 3 Perform the following operations to configure the LTE cell management capability of the
Trace Server:
1. Choose Set Trace Server Param > Set the number of cells managed by each
TSCollector.
2. If the following information is displayed, set the LTE cell management capability of a
collection process. The value is an integer ranging from 100 to 3000.
The value of MaxCellCntPerPartition in the current configuration file is 1500.
Enter the value of MaxCellCntPerPartition. Value range:[100,3000](If you
press Enter, MaxCellCntPerPartition is set to 1500 by default.), or enter q/Q
to quit.
NOTE
– If you press Enter, the management capability is set to 1500 cells.

– Type Q or q to close the operation interface.
– The command output contains the current LTE cell management capability of each collection
process. The preceding command output is used as an example in which the LTE cell
management capability is 1500 cells. If you do not want to change the value, enter the same
digit as that in the command output.
– The maximum management capability of each collection process is 3000 cells.
– If an entered digit is less than the current management capability, the following information
will be displayed. Ensure that the NEs for which the management capability exceeds the LTE
cell management capability have been migrated to other boards or other collection processes
and then enter y to proceed. Otherwise, enter n to return to the upper-level menu.
Warning: Setting a value less than the value currently in effect, make
sure you have completed the migration redundant NE, whether to
continue (Y/N)
3. When the following information is displayed, enter the margin for which the system can
automatically increase the management capability after the NE quantity exceeds the LTE
cell management capability. The value is an integer ranging from 0 to 1500.
The value of AllowAddCellCnt in the current configuration file is 1000.
Enter the value of AllowAddCellCnt you want to set:[0,1500](If you press
Enter, AllowAddCellCnt is set to 1000 by default.), or enter q/Q to quit.
NOTE
– If you press Enter, the management capability will be automatically increased by 1000 cells.
– Type Q or q to close the operation interface.
– The command output contains the current management capability increasing margin. The
preceding command output is used as an example in which the LTE cell management
capability increasing margin is 1000 cells.
4. When the following information is displayed, enter y. The system will automatically
restart the TSService service to make the change take effect.
The entered values of configuration items verified successfully.
Are you sure to restart the TSService service, whether to continue (Y/N)

U2000
When the system displays The TSService service restarted

successfully, the change has taken effect. Otherwise, contact Huawei technical
support engineers.
----End
20.8 Managing the NEs in Trace Server

This section describes how to manage the NEs in Trace Server system.
20.8.1 Querying Subarea Information of NEs Managed by the

Trace Server
This section describes how to use the U2000 client to query subarea information of NEs
managed by the Trace Server.
Prerequisites
l You have obtained the permission on Trace Server NE Management and have logged
in to the U2000 client as a user who has permission on Network Management
Application.
For details about how to grant permissions on NE migration to users if required, see .
l The Trace Server service is running properly.
l Subscription tasks have been issued to the NEs managed by the Trace Server.
Context
Due to management mechanism differences between PS domain NEs and other NEs, you
cannot query subarea information about PS domain NEs that have accessed the Trace Server.
Contact maintenance engineers of the core network to check configurations of these NEs.
Procedure
Step 1 Choose Maintenance > Trace Server Maintenance > NE Partition Management
(traditional style) or double click Trace and Maintenance in Application Center and choose
Trace Server Maintenance > NE Partition Management (application style).
Step 2 Click Query and select the query type based on the actual requirements.
l Query subarea information by service name.
a. In the Query Criteria area box, select Trace Server service, enter the keyword of
the Trace Server service name to be queried in the text box, or select the Trace
Server service name to be queried from the navigation tree.
b. Click Query. Information about the NEs managed by the specified service is
displayed in the right area.
l Query subarea information by NE name.
a. In the Query Criteria area box, select NE, and enter the keyword of the NE name
to be queried in the text box, or select the NEs to be queried.

U2000
b. Click Query. Information about the NEs whose names include the keyword entered
is displayed in the right area.
Application in the query result indicates the names of upper-layer applications that have
issued subscription tasks to the selected NEs. Table 20-12 lists the mapping between
keywords in Application and upper-layer application names.
Table 20-12 Mapping between keywords in Application and upper-layer application names
Keyword in Application Upper-layer Application Name
FARS FARS
Nastar Nastar
EBC EBC
NIC NIC
l eCoordinator SONMaster
l SONMaster
PRS PRS
SEQ SmartCare SEQ Analyst
TSP TSP
l TS_NBI Northbound
l TS_KCDR
l TS_CDR
l TS_TDS
l OSSii_NBI
l TSNBI_MCMR
l NMS_FLOW_TS
l TS_NBITC
l NMS_FILE
l NMS_FLOW
Step 3 Click Save in the lower right corner. Set the file name and save path. Export the query result
and save it to your local PC.
By default, an NE subarea information file is named in the format of User name_NE subarea
information file_YYYYMMDD_HHMMSS. The file can be saved in .xls, .csv, or .xlsx
format.
Step 4 In the displayed dialog box indicating that the file is saved successfully, click OK.
----End
20.8.2 Migrating NEs in the Trace Server System (U2000 Client)

This section describes how to migrate some NEs on one data collect service to the other to
realize the load balance when excessive NEs on a Trace Server cause the system management

U2000
capability of the server to decrease in the Trace Server system. You are not allowed to deliver
NEs or cancel the subscription task while migrating NEs. After the migration is complete, you
can deliver NEs and cancel the subscription task. This section describes how to use the U2000
client to migrate NEs in the Trace Server system.
Prerequisites
l You have obtained the permission on Trace Server NE Management and have logged
in to the U2000 client as a user who has permission on Network Management
Application.
For details about how to grant permissions on NE migration to users if required, see .
l The Trace Server service is running properly.
l Subscription tasks have been issued to the NEs to be migrated.
Context
NOTICE
l If the function of processing data of RNCs with extra-large specifications has been enabled
for the Trace Server, you can migrate the master subarea of such an RNC only by using the
U2000 client, and you cannot migrate the master subarea to the server where overflow
subareas are located.
l Only one NE migration task can exist in the Trace Server system. If an NE migration task
is running on the U2000 client or Trace Server Maintenance and Measurement Tool, a new
NE migration task cannot be executed.
l The Trace Server supports BSC, RNC, eNodeB, NodeB, BTS3900 or MAG9811
migration.
l If the service network plane solution is used, you are advised to migrate NEs between
servers on the same service network plane. If NEs are migrated between servers on
different service network planes, NEs may be disconnected.
l This section uses the related NE information as an example. You can perform the
operation according to the actual conditions.
l The management mechanism for PS domain NEs is different from that for other NEs. If
PS domain NEs need to be migrated, change the CHR server of the PS domain NEs to the
new CHR server by following the instructions provided in the corresponding NE product
documentation.
Procedure
Step 1 Choose Maintenance > Trace Server Maintenance > NE Partition Management
(traditional style) or double click Trace and Maintenance in Application Center and choose
Trace Server Maintenance > NE Partition Management (application style).
Step 2 Perform the following operations to migrate NEs based on the actual condition:

U2000
NOTE
If the NE Partition Management window has been opened, and if the Trace Server system capacity has
been expanded or the subarea managing PS domain NEs is added or modified, close and re-open the NE
Partition Management window to ensure that all available servers are properly displayed during NE
migration.
l Migrate to multiple batches
Migrate the NEs managed by different subareas to other subareas in batches.
a. Export the NE subarea information file. For details, see 20.8.1 Querying Subarea
Information of NEs Managed by the Trace Server.
b. Open and edit the NE subarea information file.
Change Trace Server IP Address and Trace Server Service Name of the NEs to
be migrated to Trace Server IP Address and Trace Server Service Name of the
destination subarea. Do not change other information in the file. Otherwise, NE
migration will fail.
NOTE
You may not specify Trace Server Service Name when editing the NE subarea information
file. If it is not specified, the system automatically allocates Trace Server services based on
Trace Server service load on the destination server.
c. Click the Migrate tab.
d. Choose Migrate to multiple batches, then click and select the modified file.
e. Click Migrate. In the displayed dialog box, confirm the number of migration
records, and click Yes to start the migration.
You can view the progress and execution result of the NE migration task on the
GUI. If an NE fails to be migrated, modify the NE subarea information file based
on the recorded failure information, and import the file again. If the migration still
fails, contact Huawei technical support.
l Migrate to a board
Migrate NEs between different boards or between different Trace Server services on the
same board.
a. Click Migrate tab.
b. Choose Migrate to a board.
c. In the Source Subarea area box, select the source server IP address and source
service name of the NEs to be migrated.
d. In the Destination Subarea area box, select the destination server IP address and
destination service name of the NEs to be migrated.
NOTE
When Allocated automatically is selected for Service name, the system automatically
allocates Trace Server services based on Trace Server service load on the destination server.
e. In the navigation tree in the Select NEs area box, select the NEs to be migrated.
f. Click Migrate. In the displayed dialog box, confirm the number of migration
records, and click Yes to start the migration.
You can view the progress and execution result of the NE migration task on the
GUI. If an NE fails to be migrated, contact Huawei technical support.
----End

U2000
20.8.3 Migrating NEs in the Trace Server System (Maintenance

and Measurement Tool)
This section describes how to migrate some NEs on one data collect service to the other to
realize the load balance when excessive NEs on a Trace Server cause the system management
capability of the server to decrease in the Trace Server system. You are not allowed to deliver
NEs or cancel the subscription task while migrating NEs. After the migration is complete, you
can deliver NEs and cancel the subscription task. This section describes how to migrate NEs
by the maintenance and measurement tool.
Prerequisites
l The Trace Server services runs properly. For details about querying the status of Trace
Server services, see Querying the Status of Trace Server Services (OSMU).
l The U2000 services runs properly.
Context
NOTICE
l If the function of processing data of RNCs with extra-large specifications has been enabled
for the Trace Server, you can migrate the master subarea of such an RNC only by using the
U2000 client, and you cannot migrate the master subarea to the server where overflow
subareas are located.
l Only one NE migration task can exist in the Trace Server system. If an NE migration task
is running on the U2000 client or Trace Server Maintenance and Measurement Tool, a new
NE migration task cannot be executed.
l The Trace Server supports BSC, RNC, eNodeB, NodeB, BTS3900 or MAG9811
migration.
l If the service network plane solution is used, you are advised to migrate NEs between
servers on the same service network plane. If NEs are migrated between servers on
different service network planes, NEs may be disconnected.
l This section uses the related NE information as an example. You can perform the
operation according to the actual conditions.
l The management mechanism for PS domain NEs is different from that for other NEs. If
PS domain NEs need to be migrated, change the CHR server of the PS domain NEs to the
new CHR server by following the instructions provided in the corresponding NE product
documentation.
Procedure
Step 1 Use PuTTY to log in to the master server of Trace Server in SSH mode as ossuser. For
details, see Logging In to a Board Using PuTTY.
Step 2 Run the following commands to export a partition information file of all NEs:
~> sh getNeToTSRelation.sh

U2000
If the Generate NeToTSRelation complete! information is displayed, the file has

been exported successfully.
NOTE
The NE partition information file RelationsOfNE2TSPartiationYYYYMMDDhhmmss.csv is saved in

the /opt/oss/server/var/TSService directory of the master server. You can go to this directory to obtain
the file as ossuser user.
YYYYMMDDhhmmss in the file name indicates the time when the file is generated. For example,
RelationsOfNE2TSPartiation20140920145333.csv indicates that the file is generated at 14:53:33 on
September 20th, 2014.
Step 3 Check the NE partition information file, and record the information of NEs to be migrated.
Assume that the contents of the NE partition information file are as follows:
IP,TSPARTITION,NEFDN,NETYPE
......
l IP indicates the IP address of the server that manages NEs.

l TSPARTITION indicates names of data collection instances on the corresponding
server.
l NEFDN indicates the FDN number of an NE. If the value of this parameter is NULL,
the corresponding data collect service does not manage NEs.
l NETYPE indicates the type of an NE. If the value of this parameter is NULL, the
corresponding data collect service does not manage NEs.
You need to record the NEFDN of NEs to be migrated and the TSPARTITION of the target
data collect service.
Step 4 Perform the following operations to migrate NEs by using Trace Server maintenance and
measurement tool.
1. Create NE migration configuration file MigrateNE.csv and upload it by using Notepad
on PC:
Add information about NE migration to the file, and the format is as follows:
NEs to be migrated NEFDN, and TSPARTITION of the target data collect service
For example, to migrate NEs with FDN numbers 256 from the data collect service
TSCollector0301 to the other data collect service TSCollector0303, and migrate the
NES with FDN numbers 257 from the data collect service TSCollector0302 to the data
collect service TSCollector0401 on the other Trace Server, add the following contents.
NOTE
– One piece of NE migration information can be configured in each row.

– Use a comma (,) to separate NEFDN and TSPARTITION.
Upload the NE migration configuration file to the path /opt/oss/server/var/TSService
on the master server by using Filezilla as user ossuser. For details, see Transferring Files
to the Trace Server by Using FileZilla.

U2000
2. Run the following command to change the file format.

~> dos2unix /opt/oss/server/var/TSService/MigrateNE.csv
3. Run the following commands to execute Trace Server maintenance and measurement
tool.
~> sh tsfOMtools.sh
4. Choose Statistics and Migrate > Migrate NE.
If the information similar to All NEs have been migrated successfully.
is displayed by the system, NEs have been migrated successfully. Otherwise, problem is
occurring during NE migrating. Contact Huawei technical support engineers.
5. Choose Quit > Quit to exit Trace Server maintenance and measurement tool.
6. Run the following commands to delete the NE migration configuration file.
~> rm MigrateNE.csv
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 21 Backing Up and Restoring the U2000
21 Backing Up and Restoring the U2000
About This Chapter
This section describes how to back up and restore the U2000.
NOTICE
You do not need to perform operations related to standby boards if they do not exist, and the
board will not be in the Standby or Switched Over state.
21.1 Description of Policies on U2000 Backup and Restore

This section describes the policies on backup and restore of the U2000 based on backup
scenarios, restoration scenarios, and naming conventions of backup files.
21.2 Backing Up the U2000 (Static Data and Operating System Data, ATAE Cluster System)
This section describes how to back up the static data and operating system of the U2000 using
the OSMU.
21.3 Backing Up the U2000 (Dynamic Data)
This section describes how to back up the dynamic data of the U2000.
21.4 Restoring the U2000 (ATAE Cluster System)
This section describes how to restore the operating system, static data, and dynamic data of
the U2000 through the OSMU.

U2000
21.1 Description of Policies on U2000 Backup and Restore

This section describes the policies on backup and restore of the U2000 based on backup
21.1.1 Hierarchy of Data for Backup and Restore

This section describes the types and dependence of U2000 system data.
Hierarchy of U2000 System Data

U2000 system data is classified into operating system data, static data, and dynamic data.
Figure 21-1 shows the hierarchy of the three types of data.
When backing up and restoring the three types of data, note that:
l You can back up any type of data independently.
l Before restoring upper-layer data, ensure that its lower-layer data is restored.
– If you want to restore the three types of data, sequentially restore operating system
data, static data, and dynamic data.
– If you want to restore static data and dynamic data, restore static data first.
NOTE
Figure 21-1 shows only data hierarchy rather than data size.
Figure 21-1 Hierarchy of data for backup and restore

U2000
Backup and Restore Means of the U2000 System Data

Table 21-1 describes the U2000 system data for backup and restore and the means for
backing up and restoring the data.
Table 21-1 Data for backup and restore

Data Backup and How to Back How to
Restore Means Up the Data Restore the
Data
U200 Operating system data Backing up and For detailed For detailed
0 restoring data by operations, see operations, see
board using the 21.2 Backing 21.4 Restoring
OSMU. Up the U2000 the U2000
(Static Data (ATAE Cluster
Static Static data Backing up and and Operating System).
data of the restoring data by System Data,
U2000 U2000 system ATAE Cluster
system using the System).
OSMU.
Static data Backing up and

of the restoring data by
U2000 board using the
system OSMU.
database
Dynamic data Backing up data For detailed

through the operations, see
U2000 software 21.3 Backing
and restoring Up the U2000
data using the (Dynamic
OSMU. Data).
21.1.2 Storage Medium for Backup Data

The storage medium for backup data of the ATAE cluster system can the backup storage
subrack (BSS) or the OSMU hard disk or main storage subrack (MSS) where backup space
has been planned. The storage medium varies with the service deployment and hardware
configuration.
Table 21-2 describes the storage medium and application scenarios.
Table 21-2 Storage medium for backup data

Scenario Storage Medium Remarks
The ATAE cluster system is deployed BSS This is the typical

with the BSS. scenario.

U2000
Scenario Storage Medium Remarks
The ATAE cluster system is not OSMU hard disk where This scenario applies
deployed with the BSS, and the backup space has been to initially installed
capacity of the OSMU board hard disk planned OSMUs in
is 600 GB or above. V200R001C01 or later
versions.
The ATAE cluster system is not MSS where backup None

deployed with the BSS, and the space has been planned
capacity of the OSMU board hard disk
is 300 GB.
21.1.3 Policies on Backup and Restore of the Operating System

Data
This section describes the policies on backup and restore of the U2000 operating system
based on backup scenarios, restoration scenarios, and naming conventions of backup files.
Scenarios for Operating System Backup

l You need to back up the operating system after service software is installed successfully.
l You need to back up the operating system of the board added for capacity expansion.
l You need to back up the operating system after the operating system is upgraded or an
operating system patch is installed.
l You need to back up the operating system after the IP address or host name of a board, or
password of an operating system user is changed.
Scenarios for Operating System Restoration

When the operating system of an U2000 server cannot be started or the system service
experiences an error, restore the operating system to the latest available state.
NOTICE
If the operating system malfunctions and no backup of the operating system is available,
contact Huawei technical support.
Introduction to Operating System Backup

Table 21-3 describes the backup contents, backup mode, storage media, save path of the
backup files, and naming conventions for backup files.

U2000
Table 21-3 Introduction to operating system backup
Item Content
Backup contents l Operating system of the board where the U2000 database
is deployed
l Operating system of the board where the U2000
applications are deployed
Backup mode You can manually create a backup task for full backup as
required.
Storage media l BSS

l MSS where backup space has been planned
l OSMU hard disk where backup space has been planned
Save path of the backup The operating system backup files are saved in /export/home/
files backup/os of the OSMU board and the latest three backup
data can be saved at most. A folder named in the fXsY-
YYYYMMDDhhmmss format is generated under this
directory each time the operating system is backed up.
In fXsY_YYYYMMDDhhmmss, YYYYMMDDhhmmss
indicates the start time of the backup task, X indicates the
subrack number, and Y indicates the slot number.
For example, f1s2_20130505153020 is the name of the folder
created for backing up the operating system data on the board
in slot 2 of subrack 1 at 15:30:20 on May 5, 2013.
Naming conventions The fXsY_YYYYMMDDhhmmss backup directory contains

backup files: exclude-list.access, filesystems-info.cfg,
log.txt, os.tar.gz, os.tar.gz.size, package_info.cfg, and
partition-table.cfg.
21.1.4 Policies on Backup and Restore of the Static Data

This section describes the policies on backup and restore of the static data based on backup
Scenarios for Static Data Backup

l You need to back up the U2000 static data and the database static data after the initial
installation is complete.
l You need to back up the U2000 static data after the U2000 is upgraded.
l You need to back up the database static data after the database is upgraded.
l You need to back up the database static data after the password for the U2000 database
user is changed.
l You need to back up the U2000 static data and the database static data after the IP
address of a service board, standby service board, DB board, or standby DB board is
changed.

U2000
l You need to back up the U2000 static data and the database static data after the service
board, standby service board, DB board, or standby DB board is replaced.
NOTICE
After you perform the initial backup for static data, no backup is required unless the database
application or the U2000 application is upgraded, the service board or DB board IP address is
changed, or the service board or DB board is replaced.
Scenarios for Static Data Restoration

l When an application of an U2000 server malfunctions or the static configuration files are
lost, restore the U2000 static data to the most recent available state.
l When the database malfunctions or the static configuration files are lost, restore the
database static data to the most recent available state.
Introduction to Static Data Backup

Static data backup refers to the backup of the U2000 static data or the database static data.
Table 21-4 describes the backup contents, backup mode, storage media, save path of the
backup files, and naming conventions for backup files.
Table 21-4 Introduction to static data backup

Item Content
Backup U2000 static data All files in the installation path of the U2000
contents application. For example, the installation path of
the U2000 static data is /opt/oss.
Database static data l Oracle database: all files in the /export/home/

oracle directory.
l Sybase database: files in the /export/home/
sybase, /export/home/sybdev, and /export/
home/dbuser directories.
NOTE
The data folder in the /export/home/sybase directory
does not backup.
Backup You can manually create a backup task for full backup as required.
mode
Storage l BSS
media l MSS where the backup space has been planned
l OSMU hard disk where the backup space has been planned

U2000
Item Content
Save path The backup files of the static data are saved in the OSMU board is saved in the
of the folder /export/home/backup/static/<Product name or DB>/
backup YYYYMMDDhhmmss/fXsY_YYYYMMDDhhmmss and the latest five backup
files files can be saved at most.
In fXsY_YYYYMMDDhhmmss, YYYYMMDDhhmmss indicates the start time
of the backup task, X indicates the subrack number, and Y indicates the slot
number.
For example, /export/home/backup/static/U2000/20100505153020/
f1s2_20100505153020 is the name of the folder generated for backing up the
static data on the board in slot 2 of subrack 1 at 15:30:20 on May 5, 2010.
Naming Backup files in the backup folder are named in

conventi package_YYYYMMDDhhmmss_random value.tar.gz format.
ons
21.1.5 Policies on Backup and Restore of the Dynamic Data

This section describes the policies on backup and restore of the dynamic data based on backup
Scenarios for Dynamic Data Backup

Dynamic data backup is applicable to routine maintenance. The database supports full backup
only.
Scenarios for Dynamic Data Restoration

When the U2000 runs properly, dynamic data can be restored to roll the system back to a
previous state, for example, the state in the previous week.
NOTICE
If the password of OS user ftpuser is changed after the backup time of the backup data to be
restored, restore the OS data that is in the same period as the dynamic data. Otherwise, the
passwords of user ftpuser recorded in the OS data and dynamic data are different. As a result,
some U2000 functions become invalid.
Introduction to Dynamic Data Backup

Dynamic data backup refers to backup of the dynamic data of the U2000. Table 21-5
describes the backup contents, backup modes, storage media, save path of the backup files,
and naming conventions for backup files.

U2000
Table 21-5 Introduction to dynamic data backup

Item Content
Backup contents l Database data

For details, see 27.10 U2000 Database.
l U2000 system files
Files stored in /opt/oss, /export/home/omc, and /export/home/
sysm.
Backup modes l Periodic backup: You can create a periodic backup task to perform
a full backup.
l Manual backup: You can create a backup task as required to
perform a full backup.
Storage media l BSS

l MSS where the backup space has been planned
l OSMU hard disk where the backup space has been planned
Save path of the The directory for saving the backup files of the dynamic data on the
backup files OSMU board is as follows:
/export/home/backup/dynamic/<Product name>/
YYYYMMDDhhmmss/<Backup folder name>.
The latest 10 backup files can be saved at most. For details, see 21.3.3
Setting Policies for Saving Dynamic Data Backup Packages.
In /export/home/backup/dynamic/<Product name>/
YYYYMMDDhhmmss, YYYYMMDDhhmmss indicates the start time
of the backup task.
For example, /export/home/backup/dynamic/
U2000/20120728170553 indicates the folder that stores the static data
backup file generated at 17:05:53 on July 28, 2012.
Naming l Backup folders are named in Master server name_Standby server

conventions name, Slave server name_Standby server name, Standby server
name_Master server name, Standby server name_Slave server
name, Master server name, or Slave server name format.
l Backup files in the backup folder are named in all-
YYYYMMDDhhmmss.tar format.
21.2 Backing Up the U2000 (Static Data and Operating

System Data, ATAE Cluster System)
This section describes how to back up the static data and operating system of the U2000 using
the OSMU.
Prerequisites

U2000

l U2000 has been installed. Otherwise, the registration information about the U2000 will
be lost after you restore the data, as a result of which you have to reinstall the U2000.
Context
NOTE
When the Sybase database is used, U2000 service boards and U2000 DB boards share the same standby
board. You can perform the operation on standby board by referring to the description of standby service
board.
When backing up the static data and operating system of the U2000 through the OSMU, as
listed in Table 21-6.
NOTE
The dynamic data of the U2000 is backed up through the U2000's own backup function. For details, see
21.3 Backing Up the U2000 (Dynamic Data).
Table 21-6 Description of backing up U2000 data
Data to Be Backed Up Involved Data
U2000 static data l U2000 applications

l U2000 static configuration file
U2000 database static l U2000 database applications

data l U2000 database static configuration file
U2000 operating system l Operating system of the board where the U2000 database is
deployed
l Operating system of the board where the U2000
applications are deployed
Procedure
Step 1 In the left pane of the OSMU window, expand the Service System navigation tree and choose
Service Management > Board Services.
Step 2 On the Board Services tab page, check the status of the boards whose data you want to back
up by scenario.
NOTICE
If any board is in a state other than those mentioned in the following steps, contact Huawei
technical support.

U2000
Back up the U2000 Ensure that the board where U2000 applications are deployed is in
static data the Normal, Standby, or Service Stopped state.
If any board is in the Switched Over state, switch the boards based
on the original active/standby relationship by referring to 5.5
Switching Resources Between U2000 Nodes Manually (Oracle) or
(Sybase).
Back up the U2000 Ensure that the board where the U2000 database is deployed is in the
database static data Normal, Standby, or Service Stopped state.
If any board is in the Switched Over state, switch the boards based
on the original active/standby relationship by referring to 5.5
Switching Resources Between U2000 Nodes Manually (Oracle) or
(Sybase).
Back up the U2000 Ensure that the board where the U2000 operating system is deployed
operating system is in the Normal, Standby, Switched Over, Service Stopped, or
Service Takeover state.
Step 3 Create backup tasks by scenario and ensure that the backup succeeds.
NOTICE
l You must ensure that the space for storing the backup data is sufficient. Otherwise, the
backup task will fail.
l You must ensure that no other tasks are being performed before you start a backup task.
Otherwise, the backup task will fail.

U2000
Back up the U2000 1. In the left pane of the OSMU window, expand the Routine
static data Maintenance navigation tree and choose Backup and Restore.
2. Click Create in the Backup area box on the right.
3. In Backup Task Wizard, select OSS application data (static
data) and click Next.
4. Select the U2000.
5. Click Finish. In the displayed dialog box, click OK to create a
backup task.
NOTE
It takes about 10 to 240 minutes to back up the static data, depending on
the size of data stored in the disk array partition of the board.
6. In the Centralized Task Management area, verify that the task is
executed successfully.
database static data Maintenance navigation tree and choose Backup and Restore.
3. In Backup Task Wizard, select DB application data (static
data) and click Next.
4. Select the board where the U2000 database is deployed and
whose data you want to back up.
5. Click Finish. Then click OK to create a backup task.
NOTE
It takes about 10 to 240 minutes to back up the static data, depending on
6. In the Centralized Task Management area, verify that the task is

U2000
operating system Maintenance navigation tree and choose Backup and Restore.
3. In Backup Task Wizard, select OS data and click Next.
4. Select the board whose U2000 operating system you want to back
up.
NOTICE
The OS backup can be performed for a maximum of 10 boards at a time.
5. Click Finish. Then click OK to create a backup task.
NOTE
– It takes about 10 to 150 minutes to back up the operating system,
depending on the size of data stored in the disk array partition of the
board.
– Do not perform operations on the OSMU operating system during a
backup task, such as switching over boards and changing IP addresses.
6. In the Centralized Task Management area, verify that the task
has been executed.
NOTICE
Do not perform any operation on the board if the backup fails. Try to
backup data again. If the backup task still fails, contact Huawei technical
support.
----End
21.3 Backing Up the U2000 (Dynamic Data)

This section describes how to back up the dynamic data of the U2000.
21.3.1 Periodically Backing Up U2000 Dynamic Data (ATAE)

This section describes how to periodically back up U2000 dynamic data.
Prerequisites
l You have logged in to the U2000 client as a member of Administrators user group.
l A hard disk has sufficient free space if you plan to back up data on the hard disk.
Context
Generally, U2000 dynamic data is backed up periodically. The periodic backup of the
dynamic data is performed in full backup mode.
Dynamic data backup has no restriction on backup time. The backup can be performed during
the system operation. The time required for backing up U2000 dynamic data is related to the
actual environment. Generally, it takes about 2.5 hours to 3 hours to back up the dynamic
data.

U2000
NOTE
Do not suspend a periodic backup task. The reasons are as follows:

l The latest data fails to be restored after data loss caused by an accident, for example, the power-off
of the server.
l The database logs dumped by the Sybase database are not cleared in time, which causes /export/
home to be used up.
Procedure
Step 1 In the main window, choose Maintenance > Task Management (traditional style);
alternatively, double-click System Management in Application Center and choose Task
Schedule > Task Management (application style).
Step 2 Choose Task Type > Backup > Server Backup in the navigation tree and double-click the
node. The Attribute dialog box of server periodic backup is displayed, as shown in Figure
21-2.
Figure 21-2 Periodic backup
Step 3 Click Common Parameters, and set Task Name and Start Time.
Step 4 Click the Extended Parameters tab and then set the backup period, as shown in Figure 21-3.
Select a backup period from the Backup Period (days) drop-down list. The backup period
can be set to 1 to 7.

U2000
Figure 21-3 Periodic backup
Step 5 Click OK.

The system will periodically back up the dynamic data. If a periodic backup failure occurs,
you can locate faults and resolve the problem by following instructions provided in 26.1.13
Solving the U2000 Backup or Restore Failure Problem. If the problem persists, contact
----End
21.3.2 Manually Backing Up U2000 Dynamic Data (ATAE)

This section describes how to manually back up U2000 dynamic data.
Prerequisites
l You are authorized to perform relevant operations.
l A hard disk has sufficient free space if you plan to back up data on the hard disk.
Context
Manual backup is required in special or emergency situations such as the failure of the U2000
system.
Dynamic data backup has no restriction on backup time. The backup can be performed during
the system operation. The time required for backing up U2000 dynamic data is related to the
actual environment. Generally, it takes about 2.5 hours to 3 hours to back up the dynamic
data.

U2000
Procedure
Step 1 In the main window, choose Maintenance > Backup Management > System Backup
and choose System > System Backup (application style). The System Backup window is
displayed.
Figure 21-4 Manual backup
Step 2 In the System Backup window shown in Figure 21-4, click Full Backup.
When the Status displays Succeeded, the full backup is successful. If a backup failure occurs,
you can locate faults and resolve the problem by following instructions provided in 26.1.13
Solving the U2000 Backup or Restore Failure Problem. If the problem persists, contact
----End
21.3.3 Setting Policies for Saving Dynamic Data Backup Packages

This section describes how to use the OSMU to set the number of dynamic data backup
packages that can be stored. If system space is insufficient, the OSMU automatically deletes
dynamic data backup packages to free up the backup space until the packages are decreased to
the specified quantities.
Prerequisites

U2000
Procedure
choose Backup and Restore.
Step 2 In the Backup Data Management area in the right pane, click Create.
Step 3 In the Backup Data Management dialog box, select Set the policy of saving dynamic data
backup package and click Next.
Step 4 Select U2000 in the System Name, and select the quantities of packages in the Reserved
Backup Packages drop-down list.
Step 5 Click Finish. In the displayed dialog box, click OK.

NOTE
If the backup space is still insufficient after the dynamic data backup packages are decreased to the
specified quantities, the OSMU will continue to delete such packages to ensure sufficient backup space.
----End
21.4 Restoring the U2000 (ATAE Cluster System)

This section describes how to restore the operating system, static data, and dynamic data of
the U2000 through the OSMU.
Prerequisites
l You have obtained the backup data package used for U2000 restoration.
Context
NOTE
When the Sybase database is used, U2000 service boards and U2000 DB boards share the same standby
board. You can perform the operation on standby board by referring to the description of standby service
board.
When restoring U2000 data through the OSMU, strictly follow the sequence in Table 21-7.
Table 21-7 Sequence of restoring the U2000

Sequ Data to Be Restored Involved Data
ence
1 U2000 DB board and l Operating system of the U2000 DB board.

standby DB board operating l Operating system of the U2000 standby DB
system board.
2 U2000 database static data l U2000 database applications

l U2000 database static configuration file

U2000
Sequ Data to Be Restored Involved Data

ence
3 U2000 service board and l Operating system of the U2000 service board.
standby service board l Operating system of the U2000 standby
operating system service board.
4 U2000 static data l U2000 applications

l U2000 static configuration file
5 U2000 dynamic data l Database data

l Configuration file that changes dynamically
when the U2000 server is running
Procedure
Step 2 On the Board Services tab page, check the status of the boards whose data you want to
restore by scenario to ensure that the status meets the restoration requirements.
NOTICE
If any board is in a state other than those mentioned in the following steps, contact Huawei
technical support.
Restore the Ensure that the DB board and standby DB board are in the Normal,
operating system of Standby, Switched Over, Service Stopped and Faulty of any one
the U2000 DB state.
board and standby
DB board

U2000
Restore the U2000 1. Ensure that the boards where the U2000 database are in the
database static data Service Stopped state.
– If any board is in the Switched Over state, do as follows:
a. Switch the boards based on their original active/standby
relationship by referring to 5.5 Switching Resources
Between U2000 Nodes Manually (Oracle) or 5.6
Switching Resources Between U2000 Nodes Manually
(Sybase).
b. Stop the service of the board where the U2000 database is
deployed by referring to 4.4 Stopping the Database
Service.
– If the boards where the U2000 database are deployed in the
Normal state, stop the service by referring to 4.6 Stopping
U2000 Services.
2. Select the board where the U2000 database is deployed and click
View Resource Status to check that the resources whose names
containing mount are in the online state.
If any resource is in the offline state, contact Huawei technical
support.
Restore the Ensure that the service board and standby service board are in the
operating system of Normal, Standby, Active, Switched Over, Service Stopped or
the U2000 service Faulty of any one state.
board and standby
Ensure that the DB board and standby DB board are in the Normal
service board
and Standby state.
Restore the U2000 1. Ensure that the boards deployed with U2000 applications are in
static data the Service Stopped state.
– If any board is in the Switched Over state, switch the boards
based on the original active/standby relationship by referring
to 5.5 Switching Resources Between U2000 Nodes
Manually (Oracle) or 5.6 Switching Resources Between
U2000 Nodes Manually (Sybase). Then, stop U2000 system
– If any board is in the Normal state, stop U2000 system
2. Select the board where U2000 applications are deployed and click
View Resource Status to check that the resources whose names
containing mount are in the online state.
If any resource is in the offline state, contact Huawei technical
support.

U2000
Restore U2000 1. Ensure that the boards deployed with the U2000 database are in
dynamic data the Normal, Switched Over, Service Stopped or Standby state.
If the Sybase database is used and any board is in the Service
Stopped state, start the U2000 database service by referring to
4.3 Starting the Database Service.
2. Ensure that the boards deployed with U2000 applications are in
the Service Stopped, Switched Over, or Standby state.
If any board is in the Normal state, stop U2000 system services
choose Backup and Restore.
Step 4 In the Restore area in the right pane, click Restore.
Step 5 Create restoration tasks by scenario and ensure that the restoration succeeds.

U2000
Restore the 1. In Restoration Task Wizard, select OS data, and click Next.
operating system of 2. Select the DB board and standby DB board whose operating
the U2000 DB system data you want to restore from the list.
board and standby
DB board 3. Specify Data Backup Time to restore the operating system of the
board by using the backup file created at this time.
restoration task.
NOTE
– It takes about 10 to 100 minutes to restore operating system data,
board.
– A board will restart when you restore the operating system data and
the board will be displayed as Faulty on the OSMU device panel
when the board is restarting. After the board is successfully restarted,
its status becomes normal.
5. Check in the Centralized Task Management area that the task is
NOTICE
Do not perform any operation on the board if the restoration fails. Try to
restore data again. If the restoration still fails, contact Huawei technical
support.
6. In the left pane of the OSMU window, expand the Service
System navigation tree and choose Service Management >
Board Services.
7. Check on the Board Services tab page that the boards whose data
has been restored are in the Normal or Standby state.
If DB board is in the Switched Over state, services on the
standby DB board might have started earlier than those on the DB
board. In this case, switch the boards based on the original active/
standby relationship by referring to 5.5 Switching Resources
Between U2000 Nodes Manually (Oracle) or 5.6 Switching
Resources Between U2000 Nodes Manually (Sybase).

U2000
Restore the U2000 1. In Restoration Task Wizard, select DB application data (static
database static data data), and click Next.
2. Select the board where the U2000 database is deployed and
whose data you want to restore.
3. Specify Data Backup Time to restore the database static data of
the board by using the backup file created at this time.
4. Click Finish to create a restoration task.
NOTE
It takes about 10 to 60 minutes to restore static data, depending on the size
of data stored in the disk array partition of the board.
Board Services.
has been restored are in the Service Stopped or Standby state.

U2000
Restore the 1. In Restoration Task Wizard, select OS data, and click Next.
operating system of 2. Select the service board and standby service board whose
the U2000 service operating system data you want to restore from the list.
board and standby
service board 3. Specify Data Backup Time to restore the operating system of the
board by using the backup file created at this time.
restoration task.
NOTE
– It takes about 10 to 100 minutes to restore operating system data,
board.
– A board will restart when you restore the operating system data and
the board will be displayed as Faulty on the OSMU device panel
when the board is restarting. After the board is successfully restarted,
its status becomes normal. If the board is still in the Faulty state after
the restart, contact Huawei technical support.
– If the DB board and standby DB board are in the Service Stopped
state during operating system restoration, the service board and
standby service board are in the Faulty state after the operating
system is restored and boards are restarted. When this occurs, start
services on the DB board and standby DB board by referring to 4.3
Starting the Database Service and then perform a soft reset on the
service board and standby service board. If the service board and
standby service board are still in the Faulty state, contact Huawei
technical support.
NOTICE
Do not perform any operation on the board if the restoration fails. Try to
restore data again. If the restoration still fails, contact Huawei technical
support.
Board Services.
has been restored are in the Normal, Standby or Active state.
If service board is in the Switched Over state, services on the
standby service board might have started earlier than those on the
service board. In this case, switch the boards based on the original
active/standby relationship by referring to 5.5 Switching
Resources Between U2000 Nodes Manually (Oracle) or 5.6
Switching Resources Between U2000 Nodes Manually
(Sybase).

U2000
Restore the U2000 1. In Restoration Task Wizard, select OSS application data
static data (static data), and click Next.
2. Select the U2000 whose static data you want to restore.
3. Specify Restore to data backup time to restore the static data of
the selected U2000 by using the backup file created at this time.
NOTE
It takes about 10 to 60 minutes to restore static data, depending on the size
of data stored in the disk array partition of the board.
Board Services.
7. Check on the Board Services tab page that the boards deployed
with U2000 applications are in the Service Stopped or Standby
state after the restoration.

U2000
Restore the U2000 1. In Restoration Task Wizard, select OSS dynamic data, and
dynamic data click Next.
2. Select the U2000 whose dynamic data you want to restore.
3. Specify Restore to data backup time to restore the dynamic data
of the selected U2000 by using the backup file created at this
time.
NOTICE
– If the Oracle database is used and The db service is not running. Are
you sure want to continue based on the product configuration?
dialog box is displayed, click YES.to continue.
– If you have changed the server's IP address or the database user
password, you need to select a time following the latest modification
for Restore to data backup time. Otherwise, the restoration will fail.
NOTE
It takes about 30 to 5000 minutes to restore dynamic data, depending on
Board Services.
7. Check on the Board Services tab page that the boards deployed
with U2000 applications are in the Normal or Standby state after
the restoration.
If any board is in the Service Stopped state, start U2000 system
services by referring to 4.5 Starting U2000 Services.
8. Manually synchronize the NE measurement result.
After the dynamic data restores, manually recollect the NE
performance result data that is lost within the restoration period.
For details, see How Do I Synchronize Performance Results
Forcibly? in U2000 Performance Measurement Management
User Guide.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 22 U2000 Routine Maintenance
22 U2000 Routine Maintenance
About This Chapter
This section describes how to perform the U2000 routine maintenance and recommends some
maintenance items and procedures.
22.1 Daily Maintenance Operations

This section describes the daily maintenance operations that need to be performed in the
U2000 cluster system.
22.2 Weekly Maintenance Operations
This section describes the weekly maintenance operations that need to be performed in the
22.3 Monthly Maintenance Operations
This section describes the monthly maintenance operations that need to be performed in the

U2000
22.1 Daily Maintenance Operations

This section describes the daily maintenance operations that need to be performed in the
22.1.1 Checking the Status of U2000 Resources

Prerequisites
Procedure
System Services.
Step 2 Select the cluster to be viewed from the list on the right side. Click View Resource Status.
You can view all the resource groups and their status in the cluster in the displayed dialog
box.
NOTE

l Select U2000 to check the resource groups of the service cluster in the system:
-- SYSTEM STATE
A SR5S2 RUNNING 0
A SR5S3 RUNNING 0
A SR5S4 RUNNING 0
-- GROUP STATE
State
ONLINE
OFFLINE
OFFLINE
ONLINE
OFFLINE
ONLINE
OFFLINE
The displayed information indicates that the service cluster consists of three resource
groups.
– Resource group U2000ClusterSnmpGroup consists of nodes SR5S2, SR5S3, and
SR5S4.

U2000

Correct status of the resource groups in the service cluster are described as follows:
– Resource group U2000ClusterSnmpGroup is in the ONLINE state on only one
node.
For example, in the previous information, resource group
U2000ClusterSnmpGroup is in the ONLINE state on node SR5S2 only.
– Resource group sr5s2_oss_sg is in the ONLINE state on only one node. The same
is true for resource group sr5s3_oss_sg.
For example, in the preceding information, resource group sr5s2_oss_sg is in the
ONLINE state on node SR5S2 only, and resource group sr5s3_oss_sg is in the
ONLINE state on node SR5S3 only. Resource groups sr5s2_oss_sg and
sr5s3_oss_sg are both in the OFFLINE state on node SR5S4. This indicates that
node SR5S4 is the standby node of nodes SR5S2 and SR5S3. If the master node in
either resource group is faulty, services are switched to node SR5S4.
l Select DB to check the resource groups of the DB cluster in the system:
-- SYSTEM STATE
A SR5S11 RUNNING 0
A SR5S14 RUNNING 0
A SR6S4 RUNNING 0
-- GROUP STATE
State
ONLINE
OFFLINE
OFFLINE
ONLINE
OFFLINE
OFFLINE
ONLINE
NOTE
The system will show all products's DB resource groups as database boards of all products
constitute one database cluster that share one standby DB board.
The displayed information indicates that the DB cluster consists of three resource
groups.
– Resource group DBClusterSnmpGroup consists of nodes SR5S11, SR5S14, and
SR6S4.
Correct status of the resource groups in the DB cluster is described as follows:
– Resource group DBClusterSnmpGroup is in the ONLINE state on only one node.
For example, in the preceding information, resource group DBClusterSnmpGroup
is in the ONLINE state on node SR5S11 only.

U2000
– Resource group sr5s11_db_sg is in the ONLINE state on only one node. The same
is true for resource group sr6s4_db_sg.
For example, in the preceding information, resource group sr5s11_db_sg is in the
ONLINE state on node SR5S11 only, and resource group sr6s4_db_sg is in the
ONLINE state on node SR6S4 only. Resource groups sr5s11_db_sg and
sr6s4_db_sg are both in the OFFLINE state on node SR5S14. This indicates that
node SR5S14 is the standby node of nodes SR5S11 and SR6S4. If the master node
in either resource group is faulty, services are switched to node SR5S14.
Step 3 Click OK. Then, the Query Cluster Resource dialog box is closed.
Step 4 Choose Service System > Service Management > Board Services from the navigation tree
in the left pane.
Step 5 Select the board where the cluster system resource status needs to be viewed from board list
on the right side. Click View Resource Status. The Query Board Resource dialog box is
displayed. Then the cluster system resource status on the board can be viewed.
NOTE
The cluster system resource status of boards is updated every 30 seconds.
Step 6 Click OK. Then the Query Board Resource dialog box is closed.
----End
22.1.2 Checking the Status of Performance Measurement

Performance measurement status indicates whether the current measurement of an NE is
normal during different measurement periods. By viewing the measurement status, you can
obtain the exception information about the measurement. If an exception occurs during the
measurement, it may cause the loss of NE performance data. In such a case, you can locate
and handle the exception as prompted.
Prerequisites
l You are authorized to perform performance management.
Procedure
Step 1 Choose Performance > Measurement Management (traditional style); alternatively, double-
click Performance in Application Center and choose Measurement > Measurement
Management (application style) . The Measurement Management window is displayed.
Step 2 On the Display By tab page, select Object type or Function subset.
Step 3 In the navigation tree in the upper left pane, select an NE type, object type, or a function
subset, select an NE from the NE navigation tree on the lower left.
Step 4 Click the Status tab page to view measurement status information about the selected NE.
You can click on the toolbar to filter by measurement status.
----End

U2000
Expected Result
The measurement status information about the selected NE are normal. In addition, the alarm,
indicating that the value of a measurement entity reaches the preset threshold, is not
generated.
Exception Handling
If any fault occurs, contact Huawei technical support.
22.1.3 Checking Performance Result Loss

This section describes how to diagnose performance result loss and how to troubleshoot
performance result loss based on the diagnosed results.
Prerequisites
l You have permission to perform performance management.
Context
The diagnosis function applies only to performance results that meet the following
requirements:
l The query period is not a summary period.
l The query objects are not neighboring cells.
l The query time segment is continuous.
l The query counters are not busy-hour counters.
l The result loss diagnosis for the process of reporting 5-minute results is not supported.
l The result loss diagnosis for the process of reporting CBSC results is not supported.
Procedure
Step 1 Choose Performance > Query Result (traditional style); alternatively, double-click
Performance in Application Center and choose Result > Query Result (application style).
The Query Result window is displayed.
Step 2 In the lower part of the window, click Diagnose Result Loss.
Step 3 In the displayed Diagnose Condition window, set the relevant parameters.
For details about the parameters, see section Parameters for Setting Result Loss Diagnosis
Criteria in U2000 Performance Measurement Management User Guide.
Step 4 Click Diagnose.
Step 5 In the displayed Diagnose Result Loss window, check the cause of and solution to
performance result loss.
For details about the causes of and solutions to performance result loss, see section
Diagnosing Measurement Result Loss in U2000 Performance Measurement Management
User Guide.
----End

U2000
22.1.4 Checking Alarm Reception

This section describes how to check alarm reception to ensure that the U2000 can receive
alarms reported by NEs in real time.
Prerequisites
l You have permission to perform fault management.
Procedure
Step 1 Choose Monitor > Browse Current Alarms (traditional style); alternatively, double-click
Fault Management in Application Center and choose Browse Alarm > Browse Current
Alarms (application style). The Filter window is displayed.
If you have set the default template, or have specified that the Filter dialog box is not
automatically displayed by following the procedure described in Alarm/Event Filtering, you
need to click Filter to open the Filter dialog box.
Step 2 Set filter criteria and click OK.
Step 3 Verify that the U2000 can receive alarms reported by NEs in real time.
----End
22.1.5 Checking the NMS Connection

This section describes how to check the NMS connection and to ensure that the NMS
connection is normal.
Procedure
Step 1 Ensure that the NMS can collect the alarms and performance data reported from the U2000.
----End
22.1.6 Checking the Functionality of the Alarm Box

This section describes how to check the function of generating visual and audible alarms for
the alarm box and ensure that the alarm box can indicate the alarms on the U2000 in real time.
Prerequisites
l You have logged in to the U2000 .
l You are authorized to perform fault management.
Procedure
Step 1 Choose Monitor > Alarm Settings > Options (traditional style); alternatively, double-click
Fault Management in Application Center and choose Alarm Settings > Options
(application style). The Alarm Option window is displayed.

U2000
Step 2 View the settings. Ensure that alarms generated from the NEs, which satisfy the conditions,
can be indicated on the alarm box in real time.
----End
22.1.7 Checking OSS Alarms and Events

This section describes how to check alarms and events generated on the U2000 of the ATAE
hardware system to determine whether the U2000 of the ATAE hardware system is running
properly.
Prerequisites
l You have permission to query alarms and events.
Procedure
Step 1 In the U2000 client, choose Topology > Main Topology (traditional style); alternatively,
double-click Topo View in Application Center and choose Topology > Main Topology
(application style).
Step 2 In the topology view, check whether the OSS icon has an alarm indicator.
When the system is running properly, no alarm is generated. The OSS icon is not colored and
displays no alarm balloon.
Step 3 Right-click the OSS icon and choose Query Alarm/Event > Current Alarm from the
shortcut menu.
The Browse Current Alarms window is displayed.
l If you see an alarm listed in Table 22-1, handle the alarm immediately.
Table 22-1 Alarms that need to be handled immediately
Alarm Name Alarm ID
VCS Monitor Warning Alarm 1040 or 1041
OceanStor Storage System Alarm 1043
Abnormal Data Synchronization in ATAE 1059

Cluster Online Remote HA System
Low Temperature 50001 or 50002
High Temperature 50004 or 50005
Low Voltage 50007 or 50008
High Voltage 50010 or 50011
CPU Kernel Overheated 50013

U2000
Alarm Name Alarm ID
Abnormal Network Interfaces Used for 50026

Data Synchronization Between the Active
and Standby SMMs
ATAE Low Fan Speed 50042
ATAE Fan Assembly Failure 50044 or 50045
ATAE Board Failure 50048
ATAE Subrack SMM Board Failure 50051
ATAE Subrack Power Supply Failure 50055
ATAE PEM's IPMB One-Sided 50056

Connection
ATAE SMM Board Failover Failure 50057
ATAE Data File Damaged 50058
ATAE LSW Board BASE Port Failure 50059
ATAE OSMU Board NTP Failure 50060
Faulty hard disk on an ATAE board 51002
Over high temperature of the hard disk on 51003

an ATAE board
Abnormal SMART status of the hard disk 51004

on an ATAE board
Abnormal ECC status of the ATAE board 51005

RAM
Abnormal capacity of the ATAE board 51006

RAM
Disconnected links of ATAE network 51007

ports
Faulty CPU of an ATAE board 51009
Disconnected links of the FC card on an 51010

ATAE board
Faulty FC card on an ATAE board 51011
ATAE Board Power-Off 50065
ATAE Board Is Not Present 50066
l If you see an alarm listed in Table 22-2, handle the alarm within one day.

U2000
Table 22-2 Alarms that need to be handled within one day
Alarm Name Alarm ID
VCS Monitor Warning Alarm 1038 or 1039
Lower Handle Opened 50014
Upper Handle Opened 50015
The SMM Is Not Properly Inserted 50027
ATAE Board Failure 50047
ATAE Subrack SMM Board Failure 50050
ATAE Fan Speed Inconsistency 50054
Step 4 Right-click the OSS icon and choose Query Alarm/Event > Event Logs from the shortcut
menu.
The Query Event Logs window is displayed.
If you see an event listed in Table 22-3, handle the event immediately.
Table 22-3 Events that need to be handled immediately
Event Name Event ID
Abnormal RAID1 status of the hard disk on 51014

an ATAE board
Changed working mode of ATAE network 51008

ports
----End
22.1.8 Checking the Connection Status Between the U2000 and

NEs
This section describes how to check the connection status between the U2000 and NEs.
Prerequisites
l You have permission to query the connection status of NEs.
Procedure
Step 1 Choose System > NE Monitor (traditional style) or double-click Configuration in
Application Center and choose Browser > NE Monitor (application style). The NE
Monitor dialog box is displayed.

U2000
You can query the connection status of NEs. The connection status includes Normal and
Offline.
----End
Expected Result
When NEs are in the Normal state, they are properly connected to the U2000.
Exception Handling
If NEs are in the Offline state, the NEs cannot be pinged on the U2000 because the device is
shut down or deliberately isolated, the network communication is faulty, or NEs are not
allowed to communicate with the U2000. When this occurs, contact Huawei technical
support.
22.1.9 Checking the U2000 Operation Logs

U2000 operation logs record the details about user operations, such as user name, start time,
and end time. The U2000 system administrators and operators can query operation logs.
Prerequisites
l You have logged in to the U2000.
l You are authorized to check U2000 logs.
Procedure
Step 1 Choose System > Log Management > Query Operation Logs (traditional style);
alternatively, double-click Security Management in Application Center and choose Log
Management > Query Operation Logs (application style).
The Query Operation Logs window is displayed. By default, the system opens the Filter
window automatically.
Step 2 Set search criteria in the Filter window and click OK.
User logs can be queried based on users, operations, terminals, time ranges, results, or objects.
----End
Expected Result
The U2000 operation logs do not contain the records about abnormal operations, malicious
operations, or unauthorized logins.
Exception Handling
Make sure that the related operations are valid. You can reset the operation rights of a user if
necessary. For details about how to set the user rights, see Viewing Operation Rights of a User
or User Group in U2000 User Management User Guide.

U2000
22.1.10 Checking the U2000 System Logs

This section describes the U2000 system logs. System logs record the operation of the U2000
system. System logs also record the files and data tables of various types of information,
which can be queried by the U2000 administrator.
Prerequisites
l You have the relevant operation rights.
Context
l Querying the system logs requires only a few system resources and does not affect the
system operation.
l The contents of the system logs:
– Risk Level: System logs can be categorized into three levels in descending order:
Risk, Minor, Info.
– Source: Sources, such as Fault Management, Integrated Task Management, are
identified by the logos of the subsystems in the U2000 system.
– Operation Time: Identifies the time when a system log is recorded.
– Basic information: Provides the basic information on system operation, such as the
information about service startup.
– Operation Result: Identifies the result of operation.
– Details: Provides the details on system operation.
Procedure
Step 1 Choose System > Log Management > Query System Logs (traditional style); alternatively,
double-click Security Management in Application Center and choose Log Management >
Query System Logs (application style). The Filter dialog box is displayed.
Step 2 Set the filter criteria in the Filter dialog box, and then click OK. The Query System Logs
window is displayed.
Step 3 Double-click a record to view the detailed information.
In the displayed Log Details dialog box, the system displays details about a successful
operation or a failed operation.
Step 4 Right-click a record and save the specified system logs as a file.
----End
22.1.11 Checking the Disk Usage of the Server

This section describes how to check the disk usage and remove the expired log files,
temporary files, and other files that are no longer in use. This operation requires very few
system resources and does not affect system operation. You need to perform this operation on
all the nodes in the cluster system. For an ATAE cluster online remote HA system, you need
to perform the following steps on the active site and the standby site.

U2000
Prerequisites
Procedure
Step 1 Run the following command:
# df -h
Details about the disk space usage are displayed.
Step 2 View the disk usage.

l Generally, the disk usage should be lower than 80%. That is, capacity is lower than 80%
in the command output.
l View the partition with the largest remaining space. The remaining space must be
sufficient to back up the U2000.
Step 3 Handle problems.
Clean up the disk space if the disk space is insufficient. For details, see 12.3 Clearing the
Disk Space of the U2000 Server.
Step 4 Check whether the disk usage of the server is in the required range.
Generally, the disk usage should be lower than 80%. That is, capacity is lower than 80% in
the command output.
----End
22.1.12 Checking the States of U2000 Databases

This section describes how to check the status of the U2000 database services, database
status, and database usage. This operation requires only a few system resources and does not
affect the system operation.
Prerequisites
Procedure
The System Monitor Browser window is displayed.
Step 2 Click the Database Monitor tab.
The information about the database of the U2000 server is displayed.
----End

U2000
Expected Result
The database works properly and the database usage is smaller than 90%.
Exception Handling
Clear the database usage if the database usage is insufficient. For details, see 12.2 Clearing
U2000 Databases. The clearing operation does not affect the system operation.
22.1.13 Checking the States of U2000 Services

This section describes how to check the status of U2000 services. This operation requires very
few system resources and does not affect system operation.
Prerequisites
Procedure
The System Monitor Browser window is displayed.
Step 2 Click the Service Monitor or Process Monitor tab to monitor the processes running on the
U2000 server.
----End
Expected Result
The Status of all U2000 services is Running.
Exception Handling
In case a process is running incorrectly or a process is terminated unexpectedly, log in to the
U2000 server as user ossuser. Run the kill -9 pid command to forcibly kill the process, where
pid indicates the process No.. The start_svc command is used to start all the U2000 services.
If some sessions are not started, run the start_svc command again. If a certain progress is still
inactive, contact Huawei technical support for assistance.
22.1.14 Checking Core Files

This section describes how to check the files whose names begin with core in the /opt/oss/
server/var/logs directory. For an ATAE cluster online remote HA system, you need to
Prerequisites

U2000
Procedure
Step 1 Navigate to the /opt/oss/server/var/logs directory.
# cd /opt/oss/server/var/logs
Step 2 Find files whose names begin with core in the /opt/oss/server/var/logs directory.
# ls -ltr core*
The files are listed in order of time from the earliest to the latest.
Step 3 Do as follows to ensure that there is no file whose name begins with core in the /opt/oss/
server/var/logs directory:
l Delete the files whose names begin with core generated one week ago or earlier.
l Contact Huawei technical support to handle the files whose names begin with core
generated within one week.
----End
22.2 Weekly Maintenance Operations

This section describes the weekly maintenance operations that need to be performed in the
22.2.1 Collecting Environment Information

This section describes how to collect hardware status information of each board in the ATAE
cluster system (including the operating system, database, volume manager, and disk array) as
well as information about each U2000 service module.
Prerequisites
Context
The disk array information of each board and tape controller is collected by a task for
collecting environment information, and a result file containing environment information is
generated. The collected information includes:
l Subrack information and disk array information
l Operating system information of a board, database information, logical volume manager
information, and cluster system information
l Information of each U2000 service module
For details about the collection items and the check results of environment information, see
Result Files for Environment Information in OSMU Online Help.
NOTE
You are advised to collect environment information of the ATAE cluster system once a week to find
potential system risks in time and prevent system faults.

U2000
Procedure
Step 1 From the navigation tree in the OSMU main window, choose Routine Maintenance >
Collect and Check System Info.
Step 2 Click Collect on the Collect and Check System Info tab page in the right pane. The Collect
and Check System Info dialog box is displayed.
Step 3 Set Select information type to collect to Environment information, and click Next.
Step 4 Set Select collect type to Collect exception items info or Collect all items info and click
Next.
Step 5 In the dialog box, select all the devices (by default) or select the devices whose environment
information you want to collect, and click Finish. The Information dialog box is displayed,
click OK.
Step 6 In the Centralized Task Management window, check the operating status of the task for
collecting environment information, and perform operations based on the execution result.
If... Then...
Status is Succeeded Perform Step 7.
Status is Failed 1. Solve the problem according to the information in Remarks.

2. Execute the task for collecting environment information by
performing Step 2 through Step 6. If Status is still Failed, contact
Step 7 View the collected environment information.

1. On the Collect and Check System Info tab page in the right pane, click the name of the
file corresponding to the task.
After information is successfully collected and checked, the Collect and Check System
Info tab page displays the file name in the hyperlink format. You can click the file name
to obtain the result file containing environment information.
2. In the displayed File Downloading dialog box, download the result file.
3. Decompress the public IP address of the OSMU
server_env_info_YYYYMMDDhhmmssXXX.zip package by using the decompression
tool. Open the AutoCheckReportsInfo_YYYYMMDDhhmmssXXX.html to view the
environment summary information.
For the method of viewing the environment summary information and the method of
handling the exception of the checked object, see Result Files for Health Check
Information in OSMU Help.
The Product folder records the results of each service module. For details about the
check items, see Health Check Verification Items in Appendix of the OSS management
tool online help. To ensure that data in Country, City, and Customer name in the report
is correct, set related parameters on the OSS Health Check page of the OSS
management tool. The settings are effective for future data collection. The setting
method is as follows: In the navigation tree of the OSMU, choose Service System >
U2000 > OSS Management Tool to open the OSS Management Tool window. Then,
set related parameters by referring to the description in section Performing Health
Check for U2000 of the Help of the OSS management tool.

U2000
NOTE
If you want to view other files in the Rack1 folder, open these files by using the UltraEdit tool. If
you open these files by using the Notepad of the Windows operating system, the file format
becomes incorrect.
Step 8 Optional: Delete the result files that are not required to save system resources.
1. On the Collect and Check System Info tab page in the right pane, select the files that
you want to delete.
2. Click Delete.
----End
22.2.2 Collecting Locating Information

This section describes how to collect customized preventive maintenance inspection (PMI)
information based on selected collection items to meet locating requirements.
Prerequisites
Context
You select collection items based on required software and hardware information. The
collection items include:
l Subrack information, disk array information, and logs generated during switching board
operation
l Operating system information of a board, database information, logical volume manager
information, and cluster system information
l Run logs of the OSMU
Procedure
Step 1 In the navigation tree of the main window, choose Routine Maintenance > Collect and
Check System Info.
Step 2 On the Collect and Check System Info tab page in the right pane, click Collect.
Step 3 In the displayed Collect and Check System Info dialog box, select Location information,
and click Next.
Step 4 In this dialog box, select required collection items, and click Next. Then, select all the devices
(by default) or select the devices whose environment information you want to collect, and
click Finish. In the next displayed dialog box, click OK.
NOTICE
If the required collection items include Switch Board Logs, the Switch Board Logs dialog
box is displayed, asking you to enter the password for user osmuuser.

U2000
Step 5 In the Centralized Task Management window, check the operating status of the task for
collecting locating information, and perform operations based on the execution result.
If... Then...
Status is Succeeded Perform Step 6.
Status is Failed 1. Rectify the fault based on the information in Remarks.

2. Perform Step 2 through Step 5 to execute the task for collecting
locating information again. If Status is still Failed, contact
Step 6 View the collected locating information.

1. On the Collect and Check System Info tab page in the right pane, click the name of the
file corresponding to the task.
After locating information is successfully collected and checked, the Collect and Check
System Info tab page displays the file name in the hyperlink format. You can click the
file name to obtain locating information.
2. In the displayed File Downloading dialog box, download the result file.
3. Decompress the public IP address of the OSMU
server_location_info_YYYYMMDDhhmmssXXX.zip package by using the
decompression tool, and view the collected locating information.
NOTE
If you want to view other files in the Rack1 folder, open these files by using the UltraEdit tool. If
you open these files by using the Notepad of the Windows operating system, the file format
becomes incorrect.
Step 7 Optional: Delete the result files that are not required to save system resources.
1. On the Collect and Check System Info tab page in the right pane, select the files that
you want to delete.
2. Click Delete.
----End
22.2.3 Collecting Kdump Information of the Board

You can collect the Kdump information of the operating system to obtain the memory
information and the relevant locating information of the operating system.
Prerequisites
l Kdump information has been generated. For details, see 26.1.11 Generating Kdump
Information of the Board

U2000
Procedure
choose Collect and Check System Info.
Step 2 Click Collect in the Collect and Check System Info tab on the right. The Collect and
Check System Info dialog box is displayed.
Step 3 Set Select information type to collect to Operating system Kdump information. Click
Next.
Step 4 Select the board whose operating system Kdump information you want to collect, and click
Finish. The Information dialog box is displayed.
Step 5 Click OK.
Step 6 View the running state of the task of collecting Kdump information in the Centralized Task
Management window and perform the relevant operation based on the running result.
If... Then...
Status is Succeeded Go to Step 7.
Status is Failed 1. Solve the problem according to the information in Remarks.

2. Perform the task of collecting the Kdump information again by
performing Step 2 to Step 6. If Status is still Failed, contact
Step 7 Collect Kdump information.

1. Click the file name of the relevant task in the Collect and Check System Info tab on the
right.
After the task of collecting Kdump information is successfully executed, the file name in
the hyperlink format is displayed in the Collect and Check System Info page. You can
click the file name to obtain the Kdump information.
2. Download the Kdump information file in the displayed File Downloading dialog box.
3. Decompress the downloaded file by using the decompression tool to view the Kdump
information file.
Step 8 Optional: Delete the Kdump information file that is not required to save system resources.
1. Select the check box in front of the file that is to be deleted in the Collect and Check
System Info tab on the right.
2. Click Delete.
----End
22.2.4 Checking the Configuration of Alarm Timing

This section describes how to check whether the policy on automatically dumping alarm data
from the alarm database is appropriate.

U2000
Prerequisites
l You are authorized to check the configuration of U2000 integrated task management.
Procedure
Step 2 Under the Database Capacity Management node in the Task Type navigation tree in the left
pane, choose the Alarm Data node.
You can also double-click the Alarm/Event Log Dump node to open the Attributes window.
Step 3 Select the task in the right pane and click Attribute.
Step 4 In the Attribute window, check the configuration of automatic alarm data dumping.
Step 5 Ensure that the configuration of automatic alarm data dumping is correct.
----End
22.2.5 Checking the Configuration of Automatic Log Dump

This section describes how to check whether the policy on automatically dumping log data
from the log database is appropriate.
Prerequisites
Procedure
Step 2 Check the configuration of automatic dump of U2000 operation logs.
1. Under the Database Capacity Management node in the Task Type navigation tree in
the left pane, choose Operation Log Dump.
2. Select the task in the right pane. Click Attribute.
3. Check the configuration of automatic dump of operation logs in the Attribute window.
4. Ensure that the configuration is appropriate.
Step 3 Check the configuration of automatic dump of U2000 system logs.
the left pane, choose System Log Dump.

U2000
3. Check the configuration of automatic dump of system logs in the Attribute window.
Step 4 Check the configuration of automatic dump of U2000 security logs.

the left pane, choose Security Log Dump.
3. Check the configuration of automatic dump of security logs in the Attribute window.
----End
22.2.6 Checking the Synchronization Time of NE Log

This section describes how to check whether the configuration of the time for synchronizing
NE logs is appropriate. The purpose is to avoid the server overload owing to the conflict of
time when you perform tasks on the server.
Prerequisites
Context
You need to run the operation only if the NE supporting this function exists.
Procedure
Step 2 Under the Synchronization node in the Task Type navigation tree in the left pane, choose
NE Log Synchronization.
Step 3 Select the task in the right pane, and click Attribute.
Step 4 View the configuration of the time for synchronizing NE logs in the Attribute dialog box.
Step 5 Ensure that the configuration is correct.

You are advised to synchronize NE logs when the traffic is not heavy. Generally, this
operation is performed at night when no other tasks are performed.
----End
22.2.7 Checking the Configuration of the File Server

This section describes how to check whether the configuration of the file server is appropriate.

U2000
Prerequisites
l You are authorized to check the configuration of the U2000 file server.
Procedure
Step 1 Choose Software > File Server Settings (traditional style); alternatively, double-click
Configuration in Application Center and choose Settings > File Server Settings
(application style).
The File Server Setting window is displayed.
Step 2 Choose the NE type from the ROOT navigation tree in the left pane.
Step 3 Check the name and IP address of the file server in the right pane.
Step 4 Ensure that the configuration of the file server is appropriate.
----End
22.2.8 Checking the Configuration of System Backup

This section describes how to check whether the periodic backup of the U2000 server and
NEs are started and whether the start time is correct. The purpose is to avoid the server
overload owing to the conflict of time when you perform tasks on the server. This section also
describes how to check whether backup files are generated in the disk.
Prerequisites
l You are authorized to check the configuration of U2000 integration task management.
Procedure
Step 2 Check whether the periodic backup of the U2000 server is started and whether the start time is
correct.
1. Under the Backup node in the Task Type navigation tree in the left pane, choose the
Server Backup node.
2. View Last Run Time and State in the right pane. Ensure that the task is running in the
execution time.
3. Select the task in the right pane, and click Attribute.
4. View the configuration of periodic backup time for the U2000 server in the Attribute
dialog box.
5. Ensure that the configuration is correct.
Step 3 Check whether the periodic backup of the NE is started and whether the start time is
appropriate.

U2000
1. Under the Backup node in the Task Type navigation tree in the left pane, choose the NE
Backup node.
2. View Last Run Time and State in the right pane. Ensure that the task is running in the
execution time.
3. Select the task in the right pane, and click Attribute.
4. View the configuration of periodic backup time for NEs in the Attribute dialog box.
Ensure that the configuration is correct.
----End
Expected Result
The periodic auto-backup tasks of the U2000 server and the NE are started, and the start time
is set properly. The backup files exist in the backup directories of the U2000 server and the
NE.
Exception Handling
If the periodic auto-backup task of the U2000 or an NE is not started, you can reset the
backup task.
22.2.9 Checking the Configuration of System Monitoring

This section describes how to check the configuration of system monitoring.
Context
The recommended thresholds of the CPU usage, memory usage, and database usage are 80%.
Procedure
The System Monitor Settings dialog box is displayed.
Step 2 Click the Server Monitor tab to check whether the settings of the CPU usage and memory
usage thresholds are appropriate.
Step 3 Click the Hard Disk Monitor tab to check whether the settings of the disk usage thresholds
are appropriate.
Step 4 Click the Database Monitor tab to check whether the settings of the database usage
thresholds are appropriate.
Step 5 Click the Service Monitor tab to check whether the settings of the service status refresh
interval thresholds are appropriate.
----End
Example
For details about the parameters for monitoring the server, see Server Monitor.

U2000
Paramete Max. Description: Value:

r Settings consecutive Number of consecutive Value range: 10-400
CPU times that the CPU usage
overloads for Default value: 40
is higher than or equal to
alarm Alarm Generation Configuration Guidelines:
(10-400) Threshold. When the The default value 40 is
number of consecutive recommended. You can observe
times reaches the value the U2000 service performance
specified by this after The CPU Usage Is High
parameter, the CPU usage alarms are generated and change
is considered high. the setting if required, to ensure
Impact on System: that The CPU Usage Is High
alarms reflect the actual impact
If the number of of high CPU usage on the U2000
consecutive times that the services.
CPU usage is higher than
or equal to Alarm l If the U2000 frequently
Generation Threshold generates The CPU Usage Is
reaches the value specified High alarms but the U2000
by this parameter, alarm services work properly, you
The CPU Usage Is High can set Max. consecutive
is generated. CPU overloads for alarm to
a larger value.
The CPU Usage Is High
alarm is reported, you can set
Max. consecutive CPU
overloads for alarm to a
smaller value.

U2000
Server usage Description: Value:

sampling Interval for sampling the Value length: 2-60
interval CPU usage and memory
(2-60 Default value: 15
usage.
seconds) Configuration Guidelines:
Impact on System:
The default value 15 is
High sampling frequency recommended. You can observe
occupies too much server the U2000 service performance
resources, which affects after The CPU Usage Is High
the server performance. and The Memory Usage Is Too
High alarms are generated and
change the setting if required, to
ensure that The CPU Usage Is
High and The Memory Usage Is
Too High alarms reflect the
actual impact of high usage on
the U2000 services.
l If the U2000 frequently
generates The CPU Usage Is
High and The Memory
Usage Is Too High alarms but
the U2000 services work
properly, you can set this
parameter to a larger value.
The CPU Usage Is High or
The Memory Usage Is Too
High alarm is reported, you
can set this parameter to a
smaller value.

U2000
Threshol CPU usage Description: Value:

d CPU usage. This The value range of Alarm
Settings parameter defines the Generation Threshold is 1-99.
Threshold: The CPU Clearance Threshold is 1-99.
is overloaded when the The default value is 70.
CPU usage reaches Configuration Guidelines:
Alarm Generation
Threshold. The default value is
recommended. You can observe
l Alarm Clearance the U2000 service performance
Threshold: When the after The CPU Usage Is High
CPU usage is smaller alarms are generated and change
than Alarm Clearance the setting if required, to ensure
Threshold, the U2000 that The CPU Usage Is High
marks the generated alarms reflect the actual impact
The CPU Usage Is of high CPU usage on the U2000
High alarm Cleared. services.
l Show Pop-up l If the U2000 frequently
Message: If Show generates The CPU Usage Is
Pop-up Message is set High alarms but the U2000
to Yes, a pop-up services work properly, you
message is displayed can set Alarm Generation
on the U2000 client Threshold to a larger value.
when the CPU usage
reaches Alarm l If the U2000 services run
Generation slowly, (for example, the
Threshold. When the client responds slowly or no
CPU usage is smaller alarms are reported) but no
than Alarm Clearance The CPU Usage Is High
Threshold, the pop-up alarm is reported, you can set
message disappears. Alarm Generation
l To prevent alarms from being
frequently cleared and then
reported, you are advised to
set Alarm Clearance
specified by Alarm

U2000
Swap Description: Value:

memory Swap memory usage. This The value range of Alarm
usage parameter defines the Generation Threshold is 1-99.
Threshold: If the Clearance Threshold is 1-99.
memory usage reaches The default value is 85.
Alarm Generation Configuration Guidelines:
Threshold, the U2000
generates The The default value is
Memory Usage Is Too recommended. To adjust the
High alarms. value, perform step 3 in 15.1.1
Setting the Parameters for
l Alarm Clearance Monitoring the U2000 Server,
Threshold: When the or observe the U2000 service
memory usage is performance after The swap
smaller than Alarm Usage Is High alarms are
Clearance Threshold, generated and change the setting
the U2000 marks the if required, to ensure that The
generated The swap Usage Is High alarms
Memory Usage Is Too reflect the actual impact of high
High alarm Cleared. swap usage on the U2000
l Show Pop-up services.
Message: If Show l If the U2000 frequently
Pop-up Message is set generates The swap Usage Is
to Yes, a pop-up High alarms but the U2000
message is displayed services work properly, you
on the U2000 client can set Alarm Generation
when the memory Threshold to a larger value.
usage reaches Alarm
Generation l If the U2000 services run
Threshold. When the slowly, (for example, the
memory usage is client responds slowly or no
smaller than Alarm alarms are reported) but no
Clearance Threshold, The swap Usage Is High
the pop-up message alarm is reported, you can set
disappears. Alarm Generation
NOTE
This parameter is available l To prevent alarms from being
only when the U2000 server frequently cleared and then
runs on Solaris or SUSE reported, you are advised to
Linux. set Alarm Clearance
specified by Alarm
For details about the parameters for monitoring the disks of the server, see Hard Disk
Monitor.

U2000
Parameter Hard disk Description: Value:

Settings usage Interval of sampling the Value range: 60-3600
sampling disk usage.
interval Default value: 60
(60-3600 Impact on System: Configuration
seconds) A high sampling frequency Guidelines:
occupies many server The default value 60 is
resources, which affects recommended. A short
the server performance. sampling period reflects the
disk usage in time.
Sampling the hard disk
usage every 60 seconds has
only a slight impact on the
U2000 server performance.

U2000
Threshold Default Description: Setting method:

Settings Default threshold for Click + to expand Default.
generating and clearing Set the default thresholds
alarm The Disk Usage Is for generating and clearing
Too High. The parameters high hard disk usage alarms
are described as follows: of different severities.
l Alarm Generation Value:
Threshold: If the disk Value range: 1-99
usage reaches the
threshold for generating Default value of Alarm
the Alarm Generation Generation Threshold:
Threshold alarm of a l Warning: 60
severity, the U2000 l Minor: 70
generates the The Disk
Usage Is Too High l Major: 80
alarm of this severity. l Critical: 90
l Alarm Clearance Default value of Alarm
Threshold: If the disk Clearance Threshold:
usage is smaller than l Warning: 55
the threshold for
l Minor: 65
generating the Alarm
Clearance Threshold l Major: 75
alarm, the U2000 clears l Critical: 85
the generated The Disk
Configuration
Usage Is Too High
Guidelines:
alarm and sets it as
Cleared. The default value is
recommended.
l Show Pop-up
Message: You can l Alarm Generation
enable the function of Threshold: Insufficient
displaying pop-up disk space affects
messages in Custom. service running of the
U2000; therefore, the
Alarm Generation
Threshold values for
the four alarm severities
must reflect their actual
impacts on the U2000
services.
l Alarm Clearance
Threshold: It is
recommended that
Alarm Clearance
Threshold be smaller
than Alarm
by 5% or more,
preventing alarms from

U2000
being frequently cleared

and then reported.

U2000

User-defined Alarm 1. Click + before Custom
Generation Threshold to expand the nodes.
and Alarm Clearance 2. Click + before the
Threshold values of the server name to expand
The Disk Usage Is Too nodes.
High alarm for each
partition of the disk. 3. Click + before a disk
partition name to
l Modes for setting expand nodes:
thresholds:
l Selecting modes for
– Default value: The
setting thresholds: In
values in Default
the Alarm
are used as the
Generation
Alarm Generation
Threshold drop-
Threshold and
down list, select
Alarm Clearance
Customize Value,
Threshold values of
Custom value, or
each disk partition.
Disable alarm
– Customize value: generation.
Users need to
l Show Pop-up
specify the values of
Message: In the
Alarm Generation
Show Pop-up
Threshold and
Message drop-down
Alarm Clearance
list on the right of
Threshold for each
the disk partition
disk partition.
name, select Yes or
– If Disable alarm No.
generation is
Configuration
selected, the U2000
Guidelines:
does not report The
Disk Usage Is Too The option Default value
High alarm for the is recommended.
specified disk
partition.
l Alarm Generation
to specify Alarm
for generating The
Disk Usage Is Too
High alarms of all
severities.
l Alarm Clearance
to specify Alarm
Clearance Threshold
for clearing The Disk
Usage Is Too High
alarms of all severities.

U2000
l Show Pop-up
Message: If Show Pop-
up Message is set to
Yes for a disk partition,
a pop-up message is
displayed on the U2000
client when the usage of
the disk partition
reaches Alarm
When the usage is
smaller than Alarm
Clearance Threshold,
the pop-up message
disappears.
For details about the parameters for monitoring the database of the server, see Database
Monitor.
Parameter Settings Database usage Description: Value:

(300-3600 seconds) the database usage. 300-3600
The sampled Default value: 300
database usage is
displayed on the Configuration
Database Monitor Guidelines:
tab in the System The default value is
Monitor Browser recommended. To
window. slow sampling,
increase the value of
the parameter.

U2000
Threshold Settings Default Description: Setting method:

Default threshold for Click + to expand
generating the high Default. Set the
database usage default threshold for
alarm of the U2000 generating high
server. database usage
NOTE alarms of different
l When the
severities.
database usage Value:
reaches the alarm
generation Value range: 1-100
threshold, a high Default value:
database usage
alarm is l Warning: 85
generated. When l Minor: 90
the database
usage is smaller l Major: 95
than the l Critical: 98
threshold, the
alarm is Configuration
automatically Guidelines:
cleared.
To quickly set the
l Thresholds are alarm generation
set separately
based on different
threshold, you can
alarm severities. set a default value
and select Default
l When the usage
reaches the value in Custom.
threshold for
generating an
alarm of a certain
severity, the
corresponding
alarm is
generated. When
the usage reaches
the threshold for
generating an
alarm of a higher
severity, the
alarm of the
higher severity is
generated and the
existing alarm is
automatically
cleared.
Relationship with
Other Parameters:
If you select Default
value from
Threshold in
Custom, the default
value is used as the

U2000
alarm generation
threshold.

U2000

User-defined 1. Click + before
thresholds for Custom to
generating the high expand nodes.
database usage 2. Click + before
alarm of the U2000 the server name
server. Users can set to expand nodes.
thresholds for
different databases. 3. Click + before
the database
instance name to
expand nodes.
4. Click + before a
database name to
expand nodes. In
the Threshold
drop-down list
next to the
database name,
select a threshold
setting mode.
Value:
The threshold
setting mode
includes the
following values:
l Default value:
Values in
Default are used
as thresholds for
generating high
database usage
alarms of
different
severities.
l Customize
value:
Customize
thresholds for the
database usage
alarms of
different
severities.
Value range:
1-100
Default value:
value in Default.
l Disabled
Monitoring:

U2000
Disable the
database
monitoring.
For details about the parameters for monitoring the server services, see Service Monitor.
Parameter Settings Service status Description: Value:

(60-3600 seconds) the service running 60-3600
status. The sampling Default value: 60
result is displayed
on the Service
Monitor tab in the
System Monitor
Browser dialog box.
Impact on System:
A shorter refresh
interval means more
server resources
occupied.
Screen Tip Settings Default Group Description: Setting method:

If Show Pop-up Select a service from
Message is set to the Service Name
Yes for a service, a drop-down list.
pop-up message is Select Yes or No in
displayed on the the corresponding
U2000 client when Show Pop-up
the service is Message drop-down
abnormal. When the list.
service resumes the
normal running
status, the pop-up
message disappears.
22.2.10 Checking the Synchronization Time of NE Configuration

This section describes how to check whether the time for synchronizing NE configuration
data is appropriate. The purpose is to avoid the server overload. The server overload may
occur when the synchronization together with other tasks on the server is performed at the
same time.

U2000
Prerequisites
l You are authorized to check the configuration of the U2000 integrated task management.
Context
You need to run the operation only if the NE supporting this function exists.
Procedure
Step 2 Under the Synchronization node in the Task Type navigation tree in the left pane, select the
NE Configuration Data Synchronization node.
Step 3 Select the task in the right pane. Click Attribute.
Step 4 View the setting of the time for synchronizing NE configuration data in the Attribute dialog
box.
Step 5 Ensure that the configuration is correct.
----End
22.2.11 Checking the Threshold of Network Management

Capability
This section describes how to check whether the U2000 management capability exceeds the
threshold. Ensure that the number of equivalent NEs managed by the U2000 is not beyond the
capability limit.
Procedure
Step 1 Check whether the U2000 management capability exceeds the threshold. Ensure that the
number of equivalent NEs managed by the U2000 is not beyond the capacity.
Contact Huawei technical support.
----End
22.2.12 Backing Up the U2000 System (SUSE)

This section describes how to back up the U2000 system. The U2000 backup refers to the
backup of U2000 databases and system files. The U2000 system files refer to those files
stored in /opt/oss, /export/home/omc and /export/home/sysm directories.
Prerequisites
l You are authorized to back up the U2000 system.

U2000
Procedure
Step 1 Choose Maintenance > Backup Management > System Backup (traditional style);
alternatively, double-click System Management in Application Center and choose System
> System Backup (application style) in the main window.
Step 2 On the System Backup dialog box is displayed, click Full Backup.
----End
22.2.13 Checking the U2000 Server Time

This section describes how to check the time of the U2000 server.
Prerequisites
Procedure
Step 1 In the navigation tree in the left pane, choose Routine Maintenance > Time Management.
Step 2 In Time and Time Zone in the right pane, check whether the system time is correct.
If the time is incorrect, change it by following instructions provided in 3.10 Changing the
Time and Time Zone of the U2000 Server.
----End
22.3 Monthly Maintenance Operations

This section describes the monthly maintenance operations that need to be performed in the
22.3.1 Check Whether Application Resources Are Switched to the

Standby Node
This section describes how to query the switchovers in the U2000 service cluster and U2000
DB cluster. Skip this section if no standby node exists.
Prerequisites
Procedure
Board Services.
The basic information of all boards is listed in the right pane.

U2000
Step 2 Table 22-4 describes the current status of U2000 services and database services.
Table 22-4 Service status
System Subsystem Status Description
U2000 l BASE,PM,DS, Normal The U2000 services are running

FARS,ITF,CM properly. To learn about the
E,CORE,CM,F specific status of all services,
M proceed with Step 3.
l MED,DS,COR
Service Stopped The U2000 services are stopped.
E
l TS,CORE Switched Over The U2000 services on this node
l CME,DS,COR have been switched to the standby
E node.
l DS,CORE,NE Others The U2000 is not installed or
MGR,NW abnormal.
l PW
U2000DB l For the Oracle Normal The database services are running
database: properly.
– OSSDB
Service Stopped The database services are
– OSSPMDB stopped.
l For the Sybase
database: The Switched Over The database services on this
one whose node have been switched to the
name contains standby node.
DBSVR Others The database services are not
installed or are abnormal.
Standby Subsystem is Standby The standby node is in the normal

Standby and state.
Cluster Name is
U2000Cluster. Service Stopped The U2000 services on other
nodes are switched over to this
node, but the U2000 services are
not started yet.
Normal The U2000 services on other

node and are running properly.
Others The U2000 is not installed or is

abnormal.
Subsystem is Standby The standby node is in the normal

Standby and state.
Cluster Name is
DBCluster. Service Stopped The database services on other
NOTICE
Sybase database node, but the database services
does not have this are not started yet.
node.

U2000
System Subsystem Status Description
Normal The database services on other

node and are running properly.
Others The database services are not

installed or abnormal.
NOTE
When a node is in the Switched Over state, you can perform the following operations to check whether
the switchover is normal:
1. In the navigation tree in the main window, choose Device Management > Device Information >
Details.
2. Select the board that is in the Switched Over state and view the status of the board service in the
Details area.
– If the value of Service software running status is StoppedSwitchOver, the switchover is a
normal one and there are no abnormal resources on the node.
– If the value of Service software running status is AbnormalSwitchOver, the switchover is
caused by a fault and there are abnormal resources on the node.
Step 3 Check the U2000 service status.
NOTICE
The Veritas Cluster Software (VCS) in the ATAE cluster system monitors only the daemon
process of each board. Even if the daemon process is normal, U2000 services on some boards
may be abnormal. You can perform the following operations to check the status of all U2000
services.
1. In the navigation tree in the left pane, choose Service System > Service Management >
Board Services.
2. On the Board Services tab page in the right pane, find boards whose System is U2000
and that are in the Normal state, and record SN of these boards.
3. Log in to any of the boards found in Step 3.2 as user root using the keyboard, video, and
mouse (KVM) of the OSMU. For details, see 26.1.2 Logging In to the board by Using
the KVM of the OSMU.
4. Run the following commands to check the U2000 service status:
# cd /opt/oss/server
# . ./svc_profile.sh
# svc_adm -cmd status -sysagent all

SystemConfigurator: running
Host: 10.10.10.102
Service Agent: 3rdTool_agent [1 service(s)] pid: 16379
...
Host: 10.10.10.103

U2000
Service Agent: FMPreService0201_agent [1 service(s)] pid: 849
– In the system output, if Not Running of all Host is 0, all U2000 services are
started.
– In the system output, if Running of all Host is 0, all U2000 services are stopped.
NOTE
The U2000 system generates processes and services dynamically during its operation.
Accordingly, the number of the processes and services that are found changes dynamically.
----End
22.3.2 Checking Basic Software Versions

This section describes how to check the kernel versions of the SUSE Linux operating system
(OS), database, and Veritas Cluster Server (VCS) software of the server and ensure that they
meet application requirements.
Prerequisites
l You have applied for an account at http://support.huawei.com and have permission to
download related documents.
l You have contacted Huawei technical support engineers and asked them to download the
latest iManager OSMU V200R002C50CP2001 Release Notes at http://
support.huawei.com.
Huawei technical support engineers can obtain iManager OSMU(3rd-Upgrade_X.
0)V200R002C50CP2001 Third-Party Software Upgrade Guide and iManager OSMU
V200R002C50CP2001 Release Notes from iManager OSMU(3rd-Upgrade_X.0)target
version ReleaseDoc_ENG and iManager OSMU(Upgrade_X.0)target version
ReleaseDoc_ENG in the following path of http://support.huawei.com: Software >
Wireless Network > SingleOSS-MBB > SingleOSS-MBB > M2000-Common >
iManager OSMU.
Context
NOTICE
You must check the kernel versions of the SUSE Linux OS, Oracle/Sybase database, and VCS
software. If the kernel version of one software is earlier than that required in the iManager
OSMU V200R002C50CP2001 Release Notes, you must upgrade the software by referring to
the latest iManager OSMU(3rd-Upgrade_X.0)V200R002C50CP2001 Third-Party Software
Upgrade Guide.
Procedure

U2000
Step 2 On the Board Services tab page in the right pane, check that the boards running basic
software are in any of the following states: Active, Service Stopped, Normal, Standby, and
Service Takeover.
Step 3 In the left pane of the OSMU window, expand the Software Management navigation tree
and choose OEM Part Version.
Step 4 On the OEM Part Version tab page in the right pane, select the relevant board and click
Query Version.
A dialog box is displayed, showing the versions of the basic software installed on the board.
Table 22-5 Basic software information
Software Version Information Description

Type
OS OS: SUSE11SP3 3.0.101-0.47.71- This version information is

default indicates that the OS version is available in all boards.
SuSE11SP3 and OS kernel version is
3.0.101-0.47.71-default.
Database DB: Oracle Database 11g This version information is

Enterprise Edition Release available only on the DB
11.2.0.4.0 - 64bit Production board where the Oracle
indicates that the Oracle database version is database has been installed.
11.2.0.4.0.
DB: Sybase 15.7 EBF 25127 SMP This version information is
SP136 indicates that the Sybase database available only on the DB
version is 15.7 and the installed patch version board where the Sybase
is 25127. database has been installed.
Veritas l VxVM: VRTSvxvm-6.1.1.200- This version information is

Software SLES11 available only on boards
l VCS: VRTSvcs-6.1.1.000-SLES11 where the Veritas Software
has been installed.
Indicates that the Veritas software version is
6.1.1.000-SLES11.
NOTE
The basic software installed on boards varies from one board to another. If a software has not been
installed on a board, the version information is N/A.
Check the basic software version in the release notes.

l If the basic software version that you have queried on the board is consistent with that in
the release notes, the software version is correct.
l If the basic software version that you have queried on the board is inconsistent with that
in the release notes, the software version is low. If you need to upgrade the software, see
Context.
----End

U2000
22.3.3 Checking the Running Status of Anti-Virus Software

This section describes how to check the running status of antivirus software. You must install
OS patches in time, install the antivirus software, and search for viruses to prevent the server
and computer from affecting network viruses and to ensure the normal running of the U2000.
Prerequisites
You have contact Huawei technical support engineers to obtained the corresponding version
of SUSE Linux SPLX User Guide from http://support.huawei.com.
Procedure
Step 1 Install OS patches in time.
Step 2 Install antivirus software and check for antivirus software is successfully installed and
running properly.
For detailed operations, see SUSE Linux SPLX User Guide.
Step 3 Configure scan periods and periodic search for viruses.
For detailed operations, see SUSE Linux SPLX User Guide.
----End
22.3.4 Checking the Front Panel of a Disk Array

This section describes how to check the front panel of each disk array to determine whether a
disk array is damaged.
Procedure
Step 1 Check whether the LED indicator of the front panel of a disk array is yellow. If the LED
indicator is yellow, a configuration or hardware fault occurs on the power supply, controller,
or disk array. In this case, contact Huawei technical support for assistance.
----End
22.3.5 Checking the Status of the U2000 License

Context
l When the period between the current day and Overflow Time of the license is less than
or equal to 30 days, the system displays a dialog box after a user logs in, prompting the
user to update the license. In addition, the system reminds the user of a license update
every 12 hours.
l If a user does not apply a new license after the license expires, the U2000 sends the
ALM-297 The OSS License Expired indicating that the license has expired. In addition,
the client periodically displays an expiration notification dialog box. Table 22-6
describes the frequency of displaying the expiration notification dialog box on the client.

U2000
Table 22-6 Frequency of displaying the license expiration notification dialog box
Duration After Expiration Frequency of Display
Less than or equal to 30 days Once every 24 hours
More than 30 days but less than or equal to Once every 6 hours
60 days
More than 60 days Once every 2 hours
l Assume that the permanent commercial and fixed-period license files of a product are
used simultaneously on the OSS. If the fixed-period license file enters the retention
period, the U2000 reports ALM-294 Expired OSS License File.
l If a user uses the temporary license file of a product on the OSS, the OSS displays a
dialog box indicating that the temporary license file is used after the user logs in to a
client.
Procedure
NOTE
l License information of different products is displayed on tabs named after products.

l Date Format in the figure indicates the date format of Authorization Expiration Time and
Overflow Time, which can be set in Region Settings. For details, see Setting the Date Format of the
Client.
Step 2 In the License Information dialog box, query the license information about resources and
functions on the Resource Control Item and Function Control Item tabs.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 23 Hardware Routine Maintenance
23 Hardware Routine Maintenance
About This Chapter
23.1 Daily Maintenance Instructions

Daily maintenance items involve device maintenance tasks that are performed by maintenance
personnel on a daily basis.
23.2 Monthly Maintenance Instructions
Monthly maintenance items involve device maintenance tasks that are performed by
maintenance personnel on a monthly basis.
23.3 Yearly Maintenance Instructions
Yearly maintenance items involve device maintenance tasks that are performed by the
maintenance personnel on a yearly basis. All tasks for the yearly maintenance are important
projects.

U2000
23.1 Daily Maintenance Instructions

Daily maintenance items involve device maintenance tasks that are performed by maintenance
personnel on a daily basis.
23.1.1 Checking the Equipment Room Environment

Check that the equipment room environment is proper for devices to run stably and reliably
for a long time and decrease the fault rate.
Reference Standard
l In normal cases, the temperature in equipment rooms ranges from 10°C to 35°C.
l In normal cases, the relative humidity in equipment rooms ranges from 10% to 80%.
Procedure
1. Observe the thermometers in the equipment room.
2. Observe the hygrometers in the equipment room.
Exception Handling
If the temperature and humidity of an equipment room do not meet requirements, perform the
1. Check whether air conditioners are started.
If the air conditioners are not started, start them.
2. Check whether the air conditioners are faulty.
If the air conditioners are faulty, contact air conditioner maintenance engineers for
troubleshooting.
3. Check whether water penetration, leakage, or dew condensation appears in the
equipment room.
23.1.2 Checking PDB Status

If a power distribution box (PDB) is abnormal, devices in the cabinet may run abnormally due
to insufficient power supply.
Reference Standard
l The RUN indicator is green.
l The ALM indicator is off.
Procedure
1. Access the equipment room where the cabinet is located.
2. Observe the indicator on the PDB on the cabinet.
RUN indicates a run indicator, and ALM indicates an alarm indicator.

U2000
Exception Handling
If the PDB indicator is abnormal, perform the following operations:
1. Check whether the telecommunications room is powered on properly.
2. Check whether the cables in the cabinet are connected properly.
3. If the PDB indicator is still faulty, contact Huawei technical support.
23.2 Monthly Maintenance Instructions

Monthly maintenance items involve device maintenance tasks that are performed by
maintenance personnel on a monthly basis.
23.2.1 Checking Vacant Slots in a Shelf

You must install filler panels for vacant slots in a shelf. Otherwise, heat dissipation may be
affected so that device performance may deteriorate or the devices may be damaged.
Reference Standard
The vacant slots in the shelf are installed with filler panels.
Procedure
1. Go to the equipment room where the shelf is located.
2. Check whether the slots in the shelf are installed with filler panels.
Exception Handling
Install the filler panels if the slots in the shelf are not installed with filler panels.
23.2.2 Checking a Cabinet

Check cabinet device cable, ventilation, and dust status to ensure that the devices can stably
run for a long time.
Reference Standard
l There is no dust on the surface of the cabinet and around the air intake vents at the
bottom of the cabinet.
l There is no foreign object inside a cabinet or on top of it.
l All the rodent-proof nets are bundled well. There is no damage.
l The power cables and signal cables are laid out from both sides of the cabinet.
l The optical fibers cannot be bent heavily or stretched forcibly.
Procedure
1. Check whether there is dust on the cabinet.
2. Check cabinet protection status.

U2000
a. Check for any foreign object that may have been attached to the top of the cabinet
or may have fallen into the cabinet.
b. Check whether the rodent-proof nets at the exits of signal cables on the top or at the
bottom of each cabinet are wrapped and bundled properly. Make sure that they are
not damaged.
3. Check the layout situation of the power cables and signal cables in the cabinet.
Exception Handling
If there is any dust on the cabinet, use clean and dry cotton gauze to clean the surface of
cabinet, and use a vacuum cleaner to clean the air exhaust vent at the bottom of the cabinet.
23.2.3 Checking Spare Parts

This topic describes the methods and reference standards of checking spare parts.
Reference Standard
l The spare parts must be stored in a specialized warehouse.
l Boards must be stored in ESD packages.
l At least one spare board is available for each model of board.
l At least one spare fan module, one spare power module, and two spare hard disks are
available.
l All spare parts are intact and complete without being damaged or eroded. The damaged
parts must be sent for repair in time.
Procedure
1. Check the conditions of the warehouses for storing spare parts.
Check the conditions of the warehouses, such as fire resistance, dust-proof, magnetic
resistance, damp-proof, ventilation, and shock-proof conditions.
2. Check the number of the spare parts.
Make sure that the number and types of spare parts can meet the maintenance
requirements.
Exception Handling
l If the spare part library does not meet requirements, optimize the repository.
l If the number of spare parts is insufficient, contact Huawei technical support engineers to
apply for spare parts.
23.3 Yearly Maintenance Instructions

Yearly maintenance items involve device maintenance tasks that are performed by the
maintenance personnel on a yearly basis. All tasks for the yearly maintenance are important
projects.

U2000
23.3.1 Checking the Grounding System

The grounding system eliminates electrostatic of devices in equipment rooms. If the
grounding system is faulty, the validity periods of devices may be shortened.
Reference Standard
l The grounding system appearance is not damaged, aging, corroded, or arc burned.
l The ground terminal and captive screws are well contacted.
l The ground resistance of each component in the cabinet is about 1 ohm.
l The ground resistance of the ground network of the equipment room is less than 10 ohm.
Procedure
1. Check the appearance of ground cables.
2. Check connections of ground cables.
All the connection terminals and captive screws in the cabinet are not loose and eroded.
3. Use a multimeter to check whether all the components in a cabinet are grounded
properly.
a. Adjust the multimeter to the ohm range. Then connect one probe to a fixed
grounding point in the equipment room.
b. Connect the other probe to the grounding points in the cabinet in turn to measure
the resistance of each grounding point. The measurement resistance for each
grounding point must be about 1 ohm.
4. Use the ground resistance tester to measure the ground resistance of the ground network.
The ground resistance must be less than 10 ohm.
During the measurement, place the voltage pole and current pole of the earth resistance
tester as shown in Figure 23-1.
Figure 23-1 Layout of poles of earth resistance tester
The basic requirements for the measurement are as follows:

U2000
– The current pole is kept at a distance from the edge of the grounding network with
d1, which is four to five times of the maximum diagonal length (D) of the
grounding network.
– The voltage is kept at a distance from the edge of the grounding network with d2,
which is 50% to 60% of the distance d1 between the current pole and the grounding
network.
– When measuring the resistance, move the voltage pole three times along the line
between the current pole and the grounding network. The distance moved each time
is 5% of d1. If the resistance value measured for three times are close, take the
average value of the three values. This value is the resistance of the grounding
network.
– If d1 cannot be four to five times of D:
n Set d1 to 2D and d2 to D in areas with even earth resistance rate.
n Set d1 to 3D and d2 to 1.7D in areas with uneven earth resistance rate.
Cautions for measuring the grounding resistance:
– Place the current pole and voltage pole vertical to the line or the underground metal
pipe.
– Do not measure the grounding resistance immediately after rainfall.
Exception Handling
NOTICE
Before rectifying cable connection problems, take ESD or other measures to protect human
and device security.
l If the ground cable appearance does not meet requirements, replace the corresponding
ground cables.
l If ground cables are loose, use a tool to fasten them.
l If the measurement resistance of a grounding point is obviously greater than 1 ohm,
check ground cables, connection terminals, and captive screws of the grounding point
and take proper measures to rectify any problems.
l If the ground resistance of the ground network is obviously greater than 10 ohm, take
proper measures to rectify the problem.
23.3.2 Checking Cable Connections

Ensure that cables are properly connected to cabinets. If cable connections are abnormal,
services run abnormally.
Reference Standard
l All cables must not be damaged, aged, eroded, or burnt by electricity.
l The characters on the labels are clear. The label information is correct and the labels are
tightly fixed on cables.
l All the connecting points must be connected tightly and reliably. No erosion occurs.

U2000
Procedure
1. Check the power cables, ground cables, and signal cables in the cabinet.
2. Check whether the power cables of the shelf, and related disk arrays must be tightly
inserted into the power socket.
3. Check whether the signal and data cables are firmly inserted to connect the ATAE to the
related disk arrays and switches.
4. Check whether the terminals and captive screws of all ground cables in the cabinet are
connected well. Check whether any erosion occurs.
Exception Handling
NOTICE
l Cable connection problem rectification may affect services. Estimate the impact and then
rectify cable connection problems.
l Before rectifying cable connection problems, take ESD or other measures to protect
human and device security.
l If the cables in a cabinet do not meet requirements, replace cable labels or replace the
cables.
l If cable connections are abnormal, rectify the problem based on the site requirements.

U2000
ATAE Cluster System Administrator Guide (SUSE) 24 U2000 Emergency Maintenance
24 U2000 Emergency Maintenance
About This Chapter
When the U2000 server or the U2000 client incurs an emergency or a severe fault (for
example, the power failure of the U2000 server), you need to handle the emergency or severe
fault to minimize the loss.
24.1 Emergency Maintenance of the Server
This section describes the guide to emergency maintenance of the U2000 server. If the U2000
server breaks down, you can use the backup files to restore it. If the system cannot be
restored, install the operating system again.
24.2 Emergency Maintenance of the U2000 Client
This section provides guidance for emergency maintenance of the U2000 client.

U2000
ATAE Cluster System Administrator Guide (SUSE) 24 U2000 Emergency Maintenance
24.1 Emergency Maintenance of the Server

This section describes the guide to emergency maintenance of the U2000 server. If the U2000
server breaks down, you can use the backup files to restore it. If the system cannot be
restored, install the operating system again.
l If the power failure occurs in the equipment room accidentally and the board operating
system cannot be started normally after the board is powered on, contact Huawei
technical support.
l The emergency maintenance for the U2000 server is implemented through backup files.
If the server breaks down or a fault occurs, you need to restore the server using the
following method:
Reinstall the operating system. If the system is not backed up, all the user data is lost
when the system breaks down. In this case, all the data cannot be restored, and therefore
you need to install the operating system again.
l If only a board is faulty, replace the faulty board after the HA function is triggered.
When the HA function is triggered, VMs carried by the faulty board are automatically
migrated to the disaster recovery board. During the migration, the VM operating system
restarts, and OSS services are interrupted.
l If many boards are faulty, contact the virtualization hardware supplier.
l If virtualization software is abnormal, contact Huawei technical support engineers.
l When underlying hardware and virtualization software are normal:
– If the VM operating system is normal and service software is abnormal, reinstall
service software, and restore service data by restoring dynamic data. If service
software remains abnormal, contact Huawei technical support engineers.
– If the VM operating system is abnormal, redeploy VMs using the VM template, and
restore service data by restoring dynamic data. If the fault persists, contact Huawei
technical support engineers.
24.2 Emergency Maintenance of the U2000 Client

This section provides guidance for emergency maintenance of the U2000 client.
If the U2000 client breaks down or a fault occurs in the client, you can restore the client in the
following ways:
l Reinstall the operating system on the U2000 client.
l Reinstall the U2000 system.

U2000
ATAE Cluster System Administrator Guide (SUSE) 25 U2000 Troubleshooting
25 U2000 Troubleshooting
About This Chapter
This section describes the procedures for troubleshooting the U2000.
25.1 Procedure for Troubleshooting the U2000

This section describes the procedure for troubleshooting the U2000. The procedure consists of
three phases: collecting data, locating faults, and handling faults.
25.2 Collecting Site and U2000 Software Information
This section describes how to collect site and U2000 software information.

U2000
25.1 Procedure for Troubleshooting the U2000

This section describes the procedure for troubleshooting the U2000. The procedure consists of
three phases: collecting data, locating faults, and handling faults.
Collecting Data
When a fault occurs, collect the following data:
l Time and place the fault has occurred
l Description of the fault
l Measures taken and the results
l Version information
l IP addresses
l Alarm information
l Logs
Logs are categorized into user logs, system logs, and trace files.
l Internal fault locating information
l Database deadlock information
NOTE
You can collect the information for locating faults by using the OSMU. For details, see 22.2.1
Collecting Environment Information.
Locating Faults
This part describes the procedure for locating faults. The collection and analysis of faults help
you know the causes of the faults.
The U2000 system faults are categorized into hardware faults and software faults.
l Hardware faults
Hardware faults are the faults that occur in the U2000 server, client, or other network
devices. The appearance of the hardware and indicators indicate the hardware faults
clearly.
l Software faults
Software faults are the faults that occur in the U2000 software, Linux operating system,
and Oracle or Sybase database.
Handling Faults
This part describes how to handle faults based on different fault causes:
l Hardware faults
Refer to the manuals delivered with the associated hardware.
l Software faults
For details on alarms, see the Help of the U2000 Mobile Element Management System.
For details on faults of software installation, see U2000 Software Installation Guide of
the relevant server type.

U2000
For details on the client faults, see the U2000 Online Help.
For details on the server faults, see 26.1 Operations Performed on the Server.
l Linux faults
See the Linux System Administrators Guide.
l Oracle or Sybase database faults
See the Oracle System Administrators Guide or Sybase System Administrators Guide.
The documents can be obtained from the CD-ROM delivered with the server.
l Uncleared faults
For the uncleared faults, collect all the information related to the faults by following
instructions provided in Collecting Data and contact Huawei technical support for
assistance.
25.2 Collecting Site and U2000 Software Information

This section describes how to collect site and U2000 software information.
25.2.1 Collecting the U2000 Site Information

This section describes how to collect the U2000 site information.
Procedure
Step 1 Collect the U2000 site information.
The site information to be collected includes the site name, customer contact details, hardware
model, time when a fault occurs, and fault description.
----End
25.2.2 Collecting the Time of U2000 Fault Occurrence

This section describes how to find out the time when U2000 faults occur.
Procedure
Step 2 Run the date command to check the time.
----End
Example
~> date
Thu Jul 28 09:56:39 EDT 2005
25.2.3 Collecting the IP Address of the U2000 Server

This section describes how to obtain the IP address of the U2000 server.

U2000
Procedure
Step 2 Run the ifconfig -a command to obtain the IP address, subnet mask, and MAC address of the
U2000 server.
----End
Example
$ ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.161.94.254 netmask ffffff00 broadcast 10.161.94.255
ether 0:3:ba:12:bb:93
25.2.4 Collecting SUSE Version Information

This section describes how to obtain the version information about the SUSE Linux operating
system.
Prerequisites
You have logged in to the U2000 server in SSH mode using PuTTY as user ossuser.
Procedure
~> su - root
Step 2 Run the cat /etc/SuSE-release command to collect the version information about the SUSE
Linux operating system.
----End
Example
# cat /etc/SuSE-release
SUSE Linux Enterprise Server 11 (ia64)
VERSION = 11
PATCHLEVEL = 3
25.2.5 Collecting Oracle Version Information

This section describes how to collect the version information about the Oracle database.
Procedure
Step 1 Use PuTTY to log in to the DB board as user oracle in SSH mode.
Step 2 Run the following commands to view the database software and its patch:

U2000
oracle@osssvr:~>sqlplus / as SYSDBA
SQL> select * from v$version;

BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
Using the preceding system output as an example, 11.2.0.4.0 indicates the version of the
Oracle database. If the Oracle database version is inconsistent with those described in the
U2000 version mapping table, contact Huawei technical support.
----End
25.2.6 Collecting Sybase Version Information

This section describes how to collect the version information about the Sybase database.
Procedure
Step 1 Use PuTTY to log in to the U2000 server in SSH mode as user dbuser.
Step 2 Run the following commands:

~> isql -Sdatabase server name -Udatabase administrator
Password: password of database administrator
1>select @@version
2>go
NOTE
Replace the database server name with the actual name onsite. For details about how to query the actual
database server name, see 26.1.9 Checking the Sybase Database Server Name.
The system output is similar to the following information:

Adaptive Server Enterprise/15.7/EBF 23724 SMP SP131 /P/x86_64/Enterprise Linux/
ase157sp131x/3896/64-bit/FBO/Mon Nov 3 20:37:35 2014
Using the preceding system output as an example, 15.7 indicates the version of the Sybase
database. 23724 indicates the version of the patch that has been installed. If the Sybase
database version and patch are inconsistent with those described in the U2000 version
mapping table, contact Huawei technical support.
----End
25.2.7 Obtaining U2000 Version Information

This section describes how to obtain the version information about U2000.
Procedure
Step 1 Use PuTTY to log in to the active node in SSH mode as user ossuser.

U2000
Step 2 Excutes the displayVersion -a command, to obtain all version information, including the
versions of the U2000, U2000 cold patch, components, and mediation.
----End
Example
~> displayVersion -a
------------------------OSS Version--------------------------
Product Name: iManagerU2000
Version: iManagerU2000V***R***ENGC**SPC***
------------------------OSS Workaround Version---------------

ColdPatch: iManagerU2000V***R***C**CP****
Upgrade Date: Thu Mar 8 09:54:58 CST 2012
-----------------Installed Component Version-----------------

Component Name: CM Express
Version: CMEV***R***C**SPC***
-----------------Installed Mediation Version-----------------

<BSC6900GSM>
Match Version : iManagerOSS_BSC6900GSM_MATCH_ENG_V200R009C00B026
NE Version is : BSC6900-GOV900R011ENGC00B026
Match Version : iManagerOSS_BSC6900GSM_MATCH_ENG_V200R011C00SPC552

NE Version is : V900R013ENGC00SPH552
25.2.8 Collecting Fault Information

This section describes how to collect the locating information of network problems on the
U2000. The locating information is collected by scenario. The trace, configuration file, and
database that are used for locating problems are collected.
Prerequisites
Procedure
If the system prompts Security Warning, configure the parameters for the browser by
Firefox.
Step 2 In the OSS Management Tool main window, click Smart Assistant.
Step 3 Choose Trouble Shooting > Trace Collection.
Step 4 Click Help in the upper right corner. Then, perform operations according to the online help on
the Trace Collection tab page.
----End

U2000
25.2.9 Querying NE Partitions

This section describes how to query NE partitions. An NE partition is the U2000 server that
manages the NE. If the U2000 servers are deployed in a non-single-server system, NEs can be
managed by different servers (partitions). On the U2000 client, you can query different NE
partitions.
Prerequisites
You have logged in to the U2000 client.
Procedure
Step 1 Choose System > NE Partition (traditional style); alternatively, double-click Configuration
in Application Center and choose Browser > NE Partition (application style) to navigate to
the NE Partition window.
Step 2 Select a query condition and click Query.
You can query NE partitions by NE partition or NE name.
l Querying NE partitions by NE partition: In the Query Result dialog box, NE
distribution and NE information, such as No, NE Name, NE Version, and Number of
NEs, is displayed. In the Information dialog box, partition information, such as IP
addresses and database instance names, is displayed.
l Querying NE partitions by NE name: In the Query Result dialog box, NE distribution
and NE information, such as No, NE Name, NE Version, and Number of NEs, is
displayed. In the Information dialog box, partition information, such as IP addresses
and database instance names, is displayed.
NOTE
l You can click Save to save the query results in a file.

l After you navigate to the NE Partition window of the U2000 client, information about added boards
is not updated if you expand the NE partition capacity. Capacity expansion results are displayed only
after you navigate to the window again.
For detailed parameter descriptions, see Table 25-1.
Table 25-1 Parameters for NE Partitioning Information

Query Criteria NE Subarea Host name of an NE partition. When you

query the specific partitioning information,
you can select names of all partitions or the
name of a specific partition from the drop-
down list.
NE Name Indicates the NE Name.

U2000
Query Result No. Contains the following information:

Partition: indicates a partition, for example,
10.144.173.20 (HOST01). In this example,
10.144.173.20 is the partition ID, and
(HOST01) is the partition name.
NE type: indicates the type of an NE.
NE: indicates the serial number of an NE,
which helps you collect statistics on the
number of NEs.
NE Name Indicates the NE Name.
NE Version Indicates the NE version.
Number of NEs Indicates the number of NEs in a partition or

of a certain NE type.
Information Indicates partition information about an NE,

including the IP address and the instance
name of the database.
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 26 General Operation
26 General Operation
About This Chapter
26.1 Operations Performed on the Server

26.2 Operations Performed on the PC
26.3 Operations on Disk Array

U2000
26.1 Operations Performed on the Server

26.1.1 Logging In to the Board by Using PuTTY
This section describes how to log in to the server in Secure Shell (SSH) mode. You need to
log in to the server in SSH mode after the operating system is installed. You are advised to use
PuTTY. This section uses the PuTTY 0.62 as an example.
Prerequisites
l The operating system has been installed.
support.huawei.com.
Context
For details about how to log in to a board using the KVM of the OSMU, see 26.1.2 Logging
In to the board by Using the KVM of the OSMU.
Procedure
Step 1 Decompress PuTTY.zip. In the decompressed folder, double-click putty.exe. A dialog box is
displayed, as shown in Figure 26-1.

U2000
Figure 26-1 PuTTY Configuration dialog box
Step 2 In Host Name (or IP address), enter the IP address of the server that you want to log in to.
Step 3 Set Connection type to SSH.
Step 4 In the Close window on exit: area, select Only on clean exit.
Step 5 Click Open.

If you use PuTTY for the first time, the following dialog box may be displayed. When this
occurs, click Yes.

U2000
Figure 26-2 PuTTY Security Alert
Step 6 When the following information is displayed, enter the user name and press Enter.
login as: osmuuser
NOTICE
l Assume that the user name is osmuuser.
l The operating system is hardened by default during installation. After operating system
hardening is performed, you cannot log in to the server as user root in SSH mode. To
switch to user root, you need to log in to the server as a user other than root and then run
the su - root command. After upgraded to V200R013 or later version, you cannot log in to
the server as user ftpuser.
Step 7 When the following information is displayed, enter the user password and press Enter.
Password:
When the information similar to osmuuser@SR5S1:~> is displayed, the login is

successful.
----End
26.1.2 Logging In to the board by Using the KVM of the OSMU

The keyboard, video, and mouse (KVM) allows users to monitor and control remote devices
on the client by using the local keyboard, video, and mouse. The KVM enables users to log in
to the OSMU and maintain the boards using commands.

U2000
Prerequisites
l JRE 1.8.0_45 version, 1.8.0_51 version or 1.8.0_65 version has been installed on the PC.
For details about how to check the JRE version, see 26.2.8 Checking the JRE Version
on the PC.
Context
For details about how to log in to a board in SSH mode using PuTTY, see 26.1.1 Logging In
to the Board by Using PuTTY.
After logging in to the boards through the OSMU KVM, you can remotely perform the
l Monitors the operating system startup process.
l Views the system running information.
l Terminates ongoing applications.
l Restarts the operating system.
Procedure
Step 1 Type the https://<public IP address of the OSMU server>:30088/osmu in the Address bar of
the browser on the PC and press Enter. Then, log in to the OSMU as user admin.
NOTE
Firefox.
select the cabinet and subrack housing the KVM you want to log in to under the KVM node.
Step 3 If a dialog box requiring the user name and password is displayed, enter OS user root of the
SMM board and its password and click OK. Otherwise, skip this step.
NOTE
For SMM board in a version earlier than OSTA2.0 V200R009C00, if the dialog box is not displayed,
you need to close all the opened browser pages and re-log in to the OSMU to select the KVM. You can
view the SMM board version on the device panel. Specifically, right-click the SMM board in the same
subrack as the KVM that you have logged in to and choose SMM Info from the shortcut menu.
Step 4 If a dialog box similar to Security Warning is displayed, configure the dialog box by
referring to 26.2.1 Setting Internet Explorer or 26.2.2 Setting Firefox. Otherwise, skip this
step.
Step 5 If a dialog box similar to Application Blocked is displayed, configure the dialog box by
referring to 26.1.35 Setting the KVM. Otherwise, skip this step.
Step 6 Click the board icon similar to to connect the board that you want to log in to.

U2000
NOTE
l Board icons from 0 to 13 correspond to board slots from 1 to 14 in the subrack, respectively. For
example, board icon 0 corresponds to board slot 1.
l The maximum number of boards that can be supported by the KVM depends on the model of the
SMM board. For details about how to query the SMM board model, see Checking the Model of the
Board.
– If SMM board model is SMMD, you can connect a maximum of 4 boards simultaneously
using the OSMU KVM (including OSMU and OGPU boards) .
– If SMM board model is SMME, you can connect a maximum of 12 boards simultaneously
using the OSMU KVM (including OSMU and OGPU boards) .
Figure 26-3 KVM remote monitoring interface
Table 26-1 Icons on the KVM tab page

Icon Description
Sends a combination of function keys.
Displays in full screen.

NOTE
In full-screen mode, you need to press Ctrl+Alt
+Shift to display the KVM toolbar. To exit the
full-screen mode, click .

U2000
Icon Description
Configures color bits.
Synchronizes the operations of the local PC

mouse and the remote KVM mouse.
Disconnects the board.
Displays in split screens.

NOTE
In split-screen mode, you need to press Ctrl+Alt
+Shift to display the KVM toolbar. To exit the
split-screen mode, click .
Refreshes the displayed tab page.
Selects the board you want to log in to.
Displays the keyboard indicator state of the

controlled board.
Step 7 When the boardX tab page is displayed, press Enter. In the command-line interface, log in to
the board using the operating system user and password.
Step 8 To improve system security, you are advised to close the KVM window and browser after the
operation is complete.
----End
26.1.3 Viewing Device States by Using the OSMU

This section describes how to view the device status using the OSMU. In a cabinet, the
devices that can be managed using the OSMU include the devices in the ATAE subrack
(OSMU board, OGPU board, SMM board, and fan assembly) and disk arrays. A device can
be in any of the following state: in-position, running, standby, or active. The device panel of
the OSMU visually displays the status of each device, helping users identify device
exceptions and take measures in a timely manner.
Prerequisites
l The PC communicates with the OSMU properly.
l You have obtained the password of OSMU web user for logging in to the OSMU board.
To learn the initial passwords of users, see Default Users and Initial Passwords.

U2000
Procedure
Step 1 Type the following website in the Address bar of the browser on the PC and press Enter.

NOTE
l The OSMU server has a private IP address and a public IP address. When you log in to the OSMU
by using the private IP address of the OSMU server, the PC must be connected to the base network
port on the RTM of the switching board through a network cable. You are advised to log in to the
OSMU by using the private IP address of the OSMU server only in scenarios where the public IP
address of the OSMU server is not set or when a network failure occurs. For details about the IP
address planning of the OSMU server, see 27.3 Default Host Names and IP Addresses of
Boards.
Firefox.
Step 2 In the left pane of the OSMU, expand the Device Management navigation tree and select a
rack number under the Device Panel node.
Step 3 On the rack tab page in the right, view the device status. Table 26-2 describes the device
states.
Table 26-2 Description of device status
Color Status Description
Empty No hardware device is installed or inserted in this

position.
Unknown In this state, one of the following cases might

occur:
l The monitoring module of the OSMU does
not report the status.
l The monitoring module of the OSMU reports
the Unknown state.
Not Configured The board is inserted into the subrack but the
data is not configured.
Not Installed The data is configured but the board is not

inserted into the subrack.
Powered Off The board is powered off.

U2000
Color Status Description
Inactive The data is configured and the board is powered

on. The board, however, is not activated.
Therefore, U2000 server software cannot be
installed. This state is available only to the
OGPU board and standby OSMU board.
Faulty In this state, one of the following cases might

occur:
l A hardware fault is detected.
l A software fault is detected. That means that
services are functioning improperly.
l The actual board name is different from the
planned board name.
Active The board is activated and U2000 server

software can be installed. This state is available
only to the OGPU board.
Service Stopped U2000 services are stopped. This state is

available only to the OGPU board.
Normal The device is functioning properly.
Switched Over Resources on the board have been successfully

switched to the standby board.
Standby The standby board is functioning properly.
Service Takeover The U2000 services and database services are

taken over by the board. This status is applicable
to the board displayed as ES on the device panel.
No Alarms Alarm indicator. No alarm is generated on the

device.
Alarms Detected Alarm indicator. One or more alarms are

generated on the device. You can right-click the
device and choose health events from the
shortcut menu to view alarm information.
----End
26.1.4 Starting the OSMU Service

This topic describes how to log in to the OSMU board using PuTTY and start the OSMU
service.
Prerequisites
You have contacted Huawei technical support to obtain PuTTY.zip at http://
support.huawei.com and decompressed it to your PC. Huawei technical support can quickly

U2000
search for the tool package using its name as the keyword after clicking Search by Category
> Tools at http://support.huawei.com.
Procedure
~> su - root
Step 3 Run the following command to start the OSMU service:

# rcosmu start
l When the system displays information similar to the following, the OSMU service has
been started:
l When the system displays information similar to the following, the standby OSMU
board is not deployed in the system and the OSMU service is running:
OSMUWatchdog service is running skipped
OSMU service is running skipped
board is deployed in the system and the OSMU service is running on the peer server:
[192.168.128.100](Remote) OSMU service has already running
board is deployed in the system and the OSMU service is running on the current server:
[192.168.128.100](Local) OSMU service has already running
In scenarios except the preceding ones, contact Huawei technical support.
----End
26.1.5 Stopping the OSMU Service

This topic describes how to log in to the OSMU board using PuTTY and stop the OSMU
service.
Prerequisites
You have contacted Huawei technical support to obtain PuTTY.zip at http://
support.huawei.com and decompressed it to your PC. Huawei technical support can quickly
search for the tool package using its name as the keyword after clicking Search by Category
> Tools at http://support.huawei.com.
Procedure
~> su - root

U2000
Step 3 Run the following command to stop the OSMU service:

# rcosmu stop
l When the following information is displayed, the OSMU service is stopped successfully:
Stopping OSMUWatchdog service: done
Stopping OSMU service: done
l When the following information is displayed, the OSMU service has been stopped:
NOTE
If the standby OSMU board is deployed in the system, the OSMU service has been stopped on the
local server. To stop the OSMU service on the peer server, log in to the peer server to perform this
operation.
OSMUWatchdog service was unused skipped
OSMU service was unused skipped
When the following information is displayed, the OSMU service is stopped successfully.
Stopping OSMU service: done
----End
26.1.6 Viewing the OSMU Server Software Version

You can view the OSMU server software version in two means: Log in to the OSMU server
by using the PuTTY or log in to the OSMU server by using a web browser.
Prerequisites
l You have obtained the IP address for the OSMU board. For detailed operations, see 27.3
Default Host Names and IP Addresses of Boards.
l You have obtained the passwords for users osmuuser, and root of the OSMU. To learn
the initial passwords for users, see 27.1 Default Users and Initial Passwords.
Procedure
l Log in to the OSMU server by using a web browser to view the OSMU version.
a. Type the following website in the Address bar of the browser on the PC and press
Enter. Then, log in to the OSMU as an OSMU web user.
https://<public IP address of the OSMU server>:30088/osmu or https://<private
IP address of the OSMU server>:30084/osmu

U2000
NOTE
l The OSMU server has a private IP address and a public IP address. When you log in to
the OSMU by using the private IP address of the OSMU server, the PC must be
connected to the base network port on the RTM of the switching board through a
network cable. You are advised to log in to the OSMU by using the private IP address
of the OSMU server only in scenarios where the public IP address of the OSMU server
is not set or when a network failure occurs. For details about the IP address planning of
the OSMU server, see 27.3 Default Host Names and IP Addresses of Boards.
l If the OSMU login window is not displayed after you type the preceding website in the
address bar of the browser and press Enter, perform the following operations:
l If you use Internet Explorer to access the OSMU, perform the operations
described in 26.2.1 Setting Internet Explorer. If the problem persists, perform
the operations described in 26.1.4 Starting the OSMU Service.
l If the OSMU login window is not displayed after you use Mozilla Firefox to
access the OSMU, perform the operations described in 26.1.4 Starting the
OSMU Service.
l If a message indicating that the website is insecure is displayed on the browser after
login to the OSMU, solve the problem by referring to 26.2.1 Setting Internet
Explorer or 26.2.2 Setting Firefox.
b. Click About in the upper right corner of the OSMU GUI, and view the OSMU
version in the displayed dialog box.
l Log in to the OSMU server by using PuTTY to view the OSMU version.
a. Use PuTTY to log in to the OSMU board in SSH mode as user omsuuser.
~> su - root
c. Run the following command to view the OSMU version:
# cat /opt/osmu/version /opt/osmu/patch.version

Version : iManagerOSMUV200R002C50SPC200
Build Date : 03/02/2015
Patch Version : iManagerOSMUV200R002C50CP2001
Build Date : 05/16/2015
In the system output similar to the preceding information, Version indicates the
OSMU base version, Patch Version indicates the OSMU patch version.
----End
26.1.7 Viewing the U2000 Software Server Version

You can view the U2000 server software version in two means: Log in to the OSMU server
by using a web browser or log in to the U2000 server by using PuTTY.
Prerequisites
You have logged in to the OSMU using a web browser. For details, see 26.2.5 Logging In to
the OSMU by Using a Web Browser.
Procedure
l Log in to the OSMU server using a web browser to view the U2000 server version.

U2000
a. In the left pane of the OSMU window, expand the Service System navigation tree
and choose Service Management > System Services.
b. Select U2000 system on the right list. Click Query Version. You can view the
version of the system in the displayed dialog box.
c. Click OK. Then the Query Version dialog box is closed.
l Log in to the U2000 server by using PuTTY to view the U2000 version.
For details, see 25.2.7 Obtaining U2000 Version Information.
----End
26.1.8 Checking the Operating System Version of Boards

This section describes how to log in to the OSMU or U2000 server using PuTTY and query
the operating system (OS) version.
Prerequisites
l The communication between the PC and the OSMU board or OGPU board is normal.
l The PuTTY.zip file has been downloaded to the PC by Huawei technical support
engineers from http://support.huawei.com and has been decompressed.
support.huawei.com.
Procedure
l Log in to the OSMU server by using a web browser to view the OS version of the
OSMU server. For detailed operations, see 22.3.2 Checking Basic Software Versions.
l Use PuTTY to log in to the OSMU or U2000 server in SSH mode.
a. 26.1.1 Logging In to the Board by Using PuTTY.
b. Check the version information about the server's OS:
i. Run the following command to view the OS version.
# cat /etc/SuSE-release
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 3
In the preceding command output, the OS version is SuSE11 SP3.

ii. Run the following command to view the OS kernel version.
# uname -r
3.0.101-0.47.71-default
In the preceding command output, the OS kernel version is 3.0.101-0.47.71-

default.
----End
26.1.9 Checking the Sybase Database Server Name

U2000
Prerequisites
You have contacted Huawei technical support engineers to obtain PuTTY.zip at http://
support.huawei.com and decompressed it to your PC.Huawei technical support engineers
can quickly search for the tool package using its name as the keyword after clicking Search
by Category > Tools at http://support.huawei.com.
Procedure
Step 1 Use PuTTY to log in to the U2000 DB active node in SSH mode as user dbuser.
Step 2 Run the following command to view the name of the Sybase server:
~> ls /opt/sybase/ASE-15_0 |grep cfg |awk -F'.' '{print $1}' |uniq
In the following command output, the name of the database server is DBSVR1:
DBSVR1
----End
26.1.10 Changing All the Board's Time Manually

All OGPU boards become faulty if you change the ATAE cluster system time to a value
beyond the security certificate's validity period (from May 24, 2012 to March 9, 2027). In this
case, you must log in to each board and run commands to manually change all the board's
time for restoring all faulty OGPU boards.
Prerequisites
You have obtained the private IP address for the OSMU board and all OGPU boards of the
ATAE cluster system. For detailed operations, see 27.3 Default Host Names and IP
Addresses of Boards.
Procedure
Step 1 Use PuTTY to log in to the OSMU server in SSH mode as user osmuuser. For detailed
~> su - root
Step 3 Run the following command to change the OSMU board time to the local standard time.
2013-04-12 16:39:21 is used as an example. Replace it based on actual requirements.
# date -s '2013-04-12 16:39:21'
Step 4 Run the following command to change the OGPU board time to the local standard time.
Log in to all OGPU boards of the ATAE cluster system in SSH mode and change the time in
sequence. In the following example, users log in to No. 2 board whose private IP address is
192.168.128.158 and the time is 2013-04-12 16:39:21. Replace them based on actual
requirements.
# ssh 192.168.128.158

U2000
# date -s '2013-04-12 16:39:21'
Step 5 Run the following commands to restart the OSMU service.

The following command use 192.168.128.100 as the private IP address of the OSMU board,
you need to replace it based on actual requirements.
# ssh 192.168.128.100
# rcosmu restart
When the system displays the following information, the OSMU service has been started.
Step 6 Check whether all faulty OGPU boards in the cabinet have been restored. For detailed
operations, see 26.1.3 Viewing Device States by Using the OSMU.
l If the boards have been restored, rechange the time to ensure that all boards' time is the
same. For detailed operations, see 3.10 Changing the Time and Time Zone of the
U2000 Server.
l If the boards have not been restored, contact Huawei technical support.
----End
26.1.11 Generating Kdump Information of the Board

If the operating system of a board does not respond, you must forcibly restart the operating
system. After the operating system is restarted, the data in the cache fails to be obtained,
leading to a problem location failure. To solve this problem, you must use the Kdump
software to obtain the data in the cache and related operating system information for problem
location.
Prerequisites
Context
NOTICE
Use the function with caution, because the operating system is forcibly restarted after clicking
the Generate Kdump Info.
Procedure
choose Hardware Device > Board.
Step 2 Select the board that needs to be restarted because the board does not respond or breaks down
from the Board List on the right. Click Generate Kdump Info.

U2000
NOTE
You are allowed to select one or multiple boards in this step.
Step 3 Click Yes in the displayed Confirm dialog box.
Step 4 Click OK in the displayed dialog box.

Configuring the task of generating Kdump information is complete. You can view the
execution progress of the task in the Centralized Task Management area.
You can collect and view the Kdump information when the Status is Normal. For details, see
22.2.3 Collecting Kdump Information of the Board.
----End
26.1.12 Transferring Files by Using FileZilla

The U2000 uses SFTP transfer by default to improve file transfer security. FileZilla is a
dedicated file transfer tool that supports both SFTP transfer and resumable download. You are
advised to use FileZilla to transfer files. In this section, FileZilla 3.3.5.1 is used as an
example.
Prerequisites
l You have obtained the IP address of the destination U2000 server.
l The communication between the PC and the destination U2000 server is normal.
l You have obtained the file to be uploaded to the U2000 server and have saved the file to
the PC.
l You have contacted Huawei technical support engineers to obtain FileZilla.zip at http://
support.huawei.com.
l You have obtained the user password of the destination U2000 server.
Procedure
Step 1 Double-click filezilla.exe to start the tool.
Step 2 In the upper left area of the FileZilla window, click .
Step 3 In the lower left area of the Site Manager dialog box, click New Site.
Step 4 On the General tab page, set site parameters by referring to Table 26-3.
Table 26-3 Parameters in the Site Manager dialog box

Host Enter the IP address of the destination U2000 server.
Port 22
Port 22 is the default port for SFTP transfer.

U2000
Server type SFTP
Logon type Normal
User Enter the user name and password of the destination U2000 server. The
user has the permission to access the destination directory.
Password
NOTE
l A user who wants to upload or download files must have the permission to
upload from or download to the destination directory.
l After operating system security hardening is performed, you cannot connect to
the server through SFTP as user root using FileZilla. To connect to the server
through SFTP, you must use a user account other than root, for example, ossuser.
After upgraded to V200R013 or later version, you cannot log in to the server as
user ftpuser.
Step 5 Click Connect.

NOTE
l If a dialog box is displayed during the connection, click OK.

l After the connection is successful, the Remote Site area displays directory information on the
remote server.
Step 6 In the Remote site area, set the destination directory on the U2000 server.
After you set the directory, the Remote site area displays all files stored in this directory.
Step 7 In the Local site area, set the source directory on the PC.
After you set the directory, the Local site area displays all files stored in this directory.
NOTICE
l The name of the software package consists only of letters, numerals, hyphens,
underscores, and dots. You are not allowed to upload a software package whose name does
not meet the naming convention. Otherwise, the package fails to be identified.
l The available disk space in the partition for saving the uploaded file on the server must be
twice greater than the size of the software package to be uploaded.
Step 8 Perform the following operations as required.
Purpose Operation
Upload files In the Local site area, right-click the file to be uploaded and choose
Upload from the shortcut menu.
Download files In the Remote site area, right-click the file to be downloaded and choose
Download from the shortcut menu.

U2000
NOTE
You can click the Successful transfers or Failed transfers tab to view the upload process. If the upload
or download fails, click the Failed transfers tab in the lower left area of the FileZilla window. Then
right-click the file that fails to be transferred and choose Reset and requeue selected files from the
shortcut menu to resume the file transfer.
Step 9 If the file to be uploaded is a text file in DOS format, perform the following operations to
convert the text file from the DOS format to the ISO format.
NOTE
The FileZilla does not convert the text file from the DOS format to the ISO format while uploading.
Therefore, you need to manually convert the text file from the DOS format to the ISO format.
Otherwise, the Solaris or Linux operating system cannot recognize the text file correctly.
1. Use PuTTY to log in to the server as a user who has sufficient rights, for example, user
ossuser.
2. Run the following commands to convert the text file from the DOS format to the ISO
format.
– For the Linux operating system, run the following command:
cd directory for saving the file
dos2unix -n file name nattemp.txt
cat nattemp.txt > file name
rm nattemp.txt
– For the Solaris operating system, run the following commands:
cd directory for saving the file
dos2unix file name > nattemp.txt
cat nattemp.txt > file name
rm nattemp.txt
----End
26.1.13 Solving the U2000 Backup or Restore Failure Problem
Context
The reasons for data backup failures are as follows:
l The OSMU server does not have a backup disk array or the available disk space in the
disk array is insufficient. Handle the problem by following instructions provided in Step
1.
l The trust relationship is not configured between the OSMU board and the board for data
backup. Handle the problem by following instructions provided in Step 3.
l The board for data backup is not in the Normal or Standby state. For details about how
to check the board status, see 4.1 Checking the U2000 Service Status.
The reasons for data restoration failures are as follows:

l The board for data restoration does not have sufficient available disk space. Handle the
problem by instructions provded in Step 2.
l The trust relationship is not configured between the OSMU board and the board for data
restoration. Handle the problem by instructions provded in Step 3.

U2000
l The board for data restoration is not in the Normal or Standby state. For details about
how to check the board status, see 4.1 Checking the U2000 Service Status.
Procedure
Step 1 Check the backup disk array of the OSMU server.
1. Use PuTTY to log in to the OSMU board in SSH mode as user osmuuser. For detailed
~> su - root
3. Run the following command to check the disk space.
# df -h
The following information is displayed:

Filesystem Size Used Avail Use% Mounted on
/dev/sda1 41G 1.3G 40G 4% /
udev 12G 236K 12G 1% /dev
/dev/sda2 6.9G 45M 6.8G 1% /boot
/dev/sda5 14G 33M 14G 1% /root
/dev/sda6 33G 5.6G 28G 17% /opt
/dev/mapper/DG_OSMU_SR2S1-ExportHome
2.2T 174G 2.1T 8% /export/home
– Check whether the /export/home directory is contained in the displayed

information. If the directory is contained, it indicates that a backup disk array is
configured. Otherwise, contact Huawei technical support.
– You need to check whether the space usage of the /export/home directory is 100%.
If the space usage is 100%, remove the expired or trash files from the /export/home
directory to ensure that the space usage is less than 95%.
Step 2 Check the disk space of the board for data restoration.
1. Use PuTTY to log in to the board for data restoration in SSH mode as user ossuser. For
~> su - root
3. Run the following command to check the disk space.
# df -h
The following information is displayed:

Filesystem Size Used Avail Use% Mounted on
/dev/sda1 22G 1.5G 20G 8% /
udev 12G 300K 12G 1% /dev
/dev/sda2 3.6G 45M 3.5G 2% /boot
/dev/sda5 7.1G 34M 7.0G 1% /root
/dev/sda6 17G 3.5G 14G 21% /opt
tmpfs 4.0K 0 4.0K 0% /dev/vx
Check whether any value in the Use% column is 100%. If certain value is 100%, remove
the expired or trash files from the corresponding partition to ensure that the space usage
is less than 95%.

U2000
Step 3 Check whether the trust relationship is configured between the OSMU board and a service
board.
1. Use PuTTY to log in to the OSMU board in SSH mode as user osmuuser. For detailed
~> su - root
3. Run the following command to log in to a service board.
#ssh Private IP address of a board
If the login is successful, the trust relationship is configured. Otherwise, the trust
relationship is not configured. When this occurs, contact Huawei technical support.
----End
26.1.14 Solving the U2000 Disk Space Shortage Problem
Context
You can use any of the following methods to check the server disk space:
l View the information output area at the bottom of the U2000 client window. If the disk
partition usage reaches the threshold, you need to clean up the disk space immediately.
l View the disk partition usage in the Hard Disk Monitoring window on the U2000
client.
l Run the df -k command to check the disk partition usage.
Procedure
l If the system notifies you of the high disk space usage of the partition where the /data
directory is saved, do not delete or transfer any files. In this case, contact Huawei
technical support for assistance.
l If the system notifies you of the high disk space usage of the /export/home partition, see
12.3 Clearing the Disk Space of the U2000 Server to troubleshoot.
l If the system notifies you of the high disk space usage of the root partition / or /opt,
perform the following operations:
a. Use PuTTY to log in to the U2000 server in SSH mode as user ossuser. For details,
~> su - root
c. Run the following command to collect related information:
# du -ak / | sort -nr > /tmp/du.out

d. Transfer the du.out file from the server to the PC by using the FileZilla tool.

U2000
For details about how to use the FileZilla tool, see 26.1.12 Transferring Files by
Using FileZilla. The configuration information required for transferring the files is
as follows:
n User and password: ossuser user and its password
n Directory of files on the server: /tmp
e. Send the collected results to Huawei technical support.
----End
26.1.15 Uninstalling the U2000 Server Software
Procedure
For details, see 4.6 Stopping U2000 Services.
Step 2 Restart database services.
1. For details about how to stop database services, see 4.4 Stopping the Database Service.
2. For details about how to start database services, see 4.3 Starting the Database Service.
Step 3 In the navigation tree in the left pane, choose Device Management > Hardware Device >
Board.
Step 4 Query the slot number of the U2000 master server.
View and record the slot number of the board whose System is U2000 and Subsystem
contains BASE on the Board tab page in the right pane. This board serves as the U2000
master server.
Step 5 Log in to the U2000 master server using the KVM of the OSMU as user root. For details, see
26.1.2 Logging In to the board by Using the KVM of the OSMU.
Step 6 In the command line window, run the following commands to uninstall the U2000 server
software.
# /opt/oss/server/rancn/CBB/engineering/uninstall/uninstall_OSS_slt.sh -t all
Step 7 When the system displays the following information, enter Y to start uninstalling the U2000
server software.
Do you really want to uninstall U2000 server? [Y/N]:
When the system displays the # prompt, the uninstallation is complete.
----End
26.1.16 Viewing VCS Resources Status

This section describes how to view the resource status by board or cluster.
Prerequisites

U2000
Context
NOTICE
This operation is allowed only when the Veritas Cluster Server (VCS) software has been
installed.
Procedure
l Perform operations by scenario.
View the VCS 1. Choose Service System > Service Management > Board
resource status Services from the navigation tree on the left.
by board 2. In the board list in the right pane, select the board whose cluster
resource status you want to view, and click View Resource
Status. Then, view the cluster resource status in the displayed
Query Board Resource dialog box.
NOTE
The cluster resource status of boards is updated every 30 seconds.
3. Click OK. The Query Board Resource dialog box is closed.
View the VCS NOTE

resources status Only the U2000 cluster exists if a Sybase DB is installed.
by cluster 1. Choose Service System > Service Management > System
Services from the navigation tree on the left.
2. Select the cluster needs to be viewed in the right list. Click
View Resource Status. You can view all the resource status of
the cluster in the displayed dialog box.
NOTE
3. Click OK. Then the Query Cluster Resource dialog box is
closed.
----End
26.1.17 Checking the License of the Veritas

This section describes how to check the information about the Veritas license in the system
where the Veritas software is installed.
Procedure
Step 1 Use PuTTY to log in to the master node in SSH mode as user ossuser.
Step 2 Run the following command to check the license of the Veritas:

U2000

~> su - root
2. Run the following command to check if there is temporary license.

# vxkeyless display
– If the system displays SFHASTD or SFHAENT_VVR_GCO, you can infer that there
is temporary license, perform Step 2.3.
– If the system displays No keys installed, you can infer that there is not
temporary license, perform Step 2.4.
3. Run the following commands to remove the temporary license.
# vxkeyless set NONE
When the system displays the following information, type y and press Enter.
Continue (y/n)? y
4. Run the following command to check the license of the Veritas.

# vxlicrep -s
......
Product Name = VERITAS Volume Manager
License Type = PERMANENT
......
Product Name = VERITAS Cluster Server
License Type = PERMANENT
– In the system output, if the value of License Type corresponding to the VERITAS
Cluster Server and VERITAS Volume Manager are PERMANENT, you can
infer that the license of the Veritas is permanent and the following operation are not
required.
– If the system displays no command output, the commercial license is not installed:
n If the commercial license can be obtained and installed within a short time. In
this case, perform Step 3 to install the commercial license of the Veritas.
NOTICE
Before the commercial license is installed successfully, do not restart the
server or the VCS service. Otherwise, the VCS service is not running properly.
n If the commercial license cannot be obtained and installed within a short time,
run the following command to recover temporary license.
# vxkeyless set SFHASTD
When the following information is displayed, type y and press Enter.
Continue (y/n)? y
Run the following command to check if the temporary license is take effect.
# vxkeyless display
If the system displays SFHASTD, you can infer that there is temporary license;
otherwise, contact Huawei technical support engineers.

U2000
NOTICE
You must apply for and install the Veritas commercial license timely.
Otherwise, legal disputes with third-party companies may arise.
Step 3 Obtain and install the commercial license of the Veritas.
For details, see the ATAE Cluster System Product Documentation.
----End
26.1.18 Connecting the PC and SMM Board

This section describes how to connect the PC and SMM board for local operation and
maintenance (OM). This section uses the PuTTY 0.62 as an example.
Prerequisites
l A serial cable or a network cable is available. One end of the serial cable uses the RJ45
connector and the other end uses the DB9 connector.
l A PC is available.
support.huawei.com.
l The subrack housing the SMM board has been powered on. For details, see 1.1
Powering On the System in U2000 ATAE Cluster System Administrator Guide.
l You have obtained the password for user root of the SMM board. To learn the initial
passwords for users, see Default Users and Initial Passwords.
Procedure
l (Recommended) Connect the PC and the SMM board using a network cable.
a. Connect the ETH0 network interface on the SMM board and the network interface
on the PC using a network cable. Figure 26-4 shows the position of the ETH0
network interface on the SMM board.
Figure 26-4 SMM panel
1. Minor alarm indicator 2. Major alarm indicator 3. Critical alarm indicator

U2000
4. COM serial port 5. ETH0 network interface 6. HOTSWAP indicator
7. Ejector lever 8. Reset button 9. User indicator
10. HEALTHY indicator - -
b. The private IP address of the ETH0 network interface on the SMM board is
192.168.255.87 or 192.168.255.88 and the subnet mask is 255.255.255.0. Set the IP
address and subnet mask of the PC to 192.168.255.100 and 255.255.255.0 to ensure
that the IP address of the PC and the private IP address of the ETH0 network
interface on the SMM board are on the same network segment.
c. Choose Start > Run on the PC. In the displayed Run window, enter the cmd
command and press Enter.
d. Run the following command to test and record the private IP address of the SMM
board that can be pinged:
ping private IP address of the ETH0 network interface on the SMM board
e. Log in to the SMM board by using PuTTY.
i. Double-click putty.exe to start PuTTY.
ii. Enter the private IP address of the SMM board in Host Name (or IP address).
iii. Select SSH in the Connection type field.
iv. In the Close window on exit: field, select Only on clean exit and click Open.
If the PuTTY Security Alert interface is displayed, click Yes.
v. When login as: is displayed, type the user name root and press Enter.
vi. When the system displays root@<private IP address of the SMM
board>'s password:, type the password for user root and press Enter to
log in to the SMM board.
When the system displays # , the login is successful.
l Connect the PC and the SMM board using a serial cable.
a. Use the serial cable to connect the serial port of the SMM board to that of the PC.
One end of the serial cable is an RJ45 connector that is connected to the serial port
of the SMM board (COM), as shown in Figure 26-4. The other end is a DB9
connector that is connected to the serial port of the PC (COM1 or COM2).
After the PC and the SMM board are connected, the physical connection between
the PC and the SMM board is set up.
b. Connect the SMM board through a serial port by using PuTTY.
ii. Choose Connection > Serial from the navigation tree in the left pane on
PuTTY. A dialog box for setting the serial port connection parameters is
displayed.
iii. In the dialog box, set the serial port connection parameters by referring to
Table 26-4.

U2000

Parameter Value
Serial line to Specify a serial port, for example, COM1, for the PC
connect to terminal to connect to the SMM board.
NOTE
The PC may contain several serial ports, and you can check
the name and number of the serial port by performing the
following procedures:
On a PC running on Windows 7 operating system, choose
Control Panel and locate Device Manager. In the displayed
Device Manager, choose Port to check the name and number
of the serial port.
Speed 115200
Data bits 8
Stop bits 1
Parity None
Flow control None
iv. Choose Session from the navigation tree in the left pane. In the right pane,
choose Serial, and click Open.
c. Log in to the SMM board as user root.
MontaVista(R) Linux(R) Professional Edition 4.0.1 (0502020)
Linux/ppc 2.6.10_mvl401-8272ads
SMM login:
Password:
----End
26.1.19 Viewing and Setting the IP Addresses for the SMM Board
This section describes how to view and set the IP addresses for the SMM board by logging in
to the SMM board.
Prerequisites
l The subrack housing the SMM board whose IP addresses need to be changed has been
powered on. For details, see 1.1 Powering On the System in U2000 ATAE Cluster
System Administrator Guide.
l You have obtained the password for user root of the SMM board. To learn the initial
NOTICE
The default IP addresses for SMM board network interfaces in all ATAE subracks are the
same. When you need to install multiple ATAE subracks in one cabinet, you need to power on
the subracks and then immediately change the IP addresses for the SMM board to avoid IP
address conflicts.

U2000
Context
For details about the planned default IP addresses of SMM boards, see Table 26-5.
Table 26-5 Planned default IP addresses of SMM boards

Subr
ack SMM Networ Physical IP Logical IP Subnet Broadcast
Typ board k Port Address Address Mask Address
e
MPS Active vbond0 192.168.128 192.168.128 255.255.248 192.168.135

SMM .23 .25 .0 .255
board NOTICE NOTICE
(SMM1) If a new If a new
version is version is
Standby vbond0 192.168.128 deployed deployed
SMM .24 through through
board upgrade, upgrade,
you can you can
(SMM2)
keep using keep using
the previous the previous
EPS Active vbond0 192.168.128 192.168.128
subnet broadcast
SMM .26 .28 mask. The address. The
board subnet mask broadcast
(SMM1) is address is
255.255.0.0 192.168.255
Standby vbond0 192.168.128 in versions .255 in
SMM .27 earlier than versions
board OSMU earlier than
V200R002 OSMU
(SMM2)
C00. V200R002C
00.
NOTE
l For the scenario of an EPS is newly added, if the IP address of the maintenance plane in the MPS
have been changed. That is, the first two fields of the IP address may have been changed. If this
occurs, you must change the first two fields 192.168 of the default SMM board IP address for the
EPS to the current values of the first two fields of the IP address for the MPS.
l For the scenario of an EPS is newly added, the subnet mask of the maintenance plane in the MPS
has been changed. When setting the subnet mask of the maintenance plane for the SMM boards in
the new EPS, set the subnet mask to be the same as that in the MPS.
Procedure
Step 1 26.1.18 Connecting the PC and SMM Board.
Step 2 Run the following command to check the active and standby status of the SMM board that
you have logged in to:
# smmget -l smm -d redundancy
The Redundancy States of SMMs:
SMM1: Present(active)*
SMM2: Present(standby)
* = The SMM you are currently logged into.

U2000
In the system output similar to the preceding information, * indicates the SMM board that you
have logged in to. Present whose value is active indicates the active SMM board. Present
whose value is standby indicates the standby SMM board.
l If the SMM board that you have logged in to is the active SMM board, perform Step 3.
l If the SMM board that you have logged in to is the standby SMM board, perform Step 4.
Step 3 The SMM board that you have logged in to is the active SMM board.
1. Run the following command to check whether vbond0 of the SMM board is configured
successfully and whether its physical IP address is consistent with the plan:
# ifconfig vbond0
– If the system displays information similar to the following, the vbond0 Ethernet
port has not been configured. Perform Step 3.2.
vbond0: error fetching interface information: Device not found
port has been configured. If the displayed IP address is consistent with the plan, do
not perform Step 3.2; If the displayed IP address is inconsistent with the plan,
perform Step 3.2.
vbond0 Link encap:Ethernet HWaddr 00:18:82:B0:A7:34
255.255.248.0
UP BROADCAST RUNNING MASTER MTU:1500 Metric:1
RX bytes:227733989 (217.1 MiB) TX bytes:371623257 (354.4 MiB)
2. Run the following command to change the physical IP address, subnet mask, and
gateway of vbond0 on the current SMM board to ensure that they are consistent with the
plan.
NOTE
To view and change the physical IP address for vbond0 on an SMM board, you need to log in to
the SMM board.
# smmset -l smm -t vbond0 -d staticip -v physical IP address for vbond0 on the SMM
board subnet mask broadcast address
WARNING:changing the network IP maybe interrupt the connection

you can reload by the setting IP Address.continue?[Y/N]:
When the preceding information is displayed, type y to confirm the change. When the
following information is displayed, the physical IP address for vbond0 on the current
SMM board has been changed successfully.
Success
3. Run the following command to view the logical IP address for vbond0 on the two SMM
boards.
NOTE
The network interfaces vbond0 on the two SMM boards in a subrack work in active/standby
mode. You can only log in to the active SMM board to view and change the logical IP address.
# smmget -l smm -t vbond0 -d floatip
– If the system displays information similar to the following, the logical IP address
for vbond0 on the two SMM boards has not been set. Then, performStep 3.4.
IP address does not exist.

U2000
– If the system displays information similar to the following, the logical IP address
for vbond0 on the two SMM boards has been set. If the displayed IP address is
consistent with the plan, do not perform Step 3.4; If the displayed IP address is
inconsistent with the plan, perform Step 3.4.
Ip address : 192.168.128.25
Mask : 255.255.248.0
Broadcast address : 192.168.135.255
4. Run the following command to change the logical IP address, subnet mask, and gateway
for vbond0 on the two SMM boards and ensure that they are consistent with the plan:
# smmset -l smm -t vbond0 -d floatip -v logical IP address for vbond0 on the SMM
5. Repeat Step 1 through Step 2 to connect the SMM boards in all ATAE subracks until the
physical IP addresses, logical IP addresses, subnet masks, and gateways for vbond0 on
all SMM boards have been changed by referring to Table 26-5.
Step 4 The SMM board that you have logged in to is the standby SMM board.
1. Run the following command to check whether vbond0 of the SMM board is configured
successfully and whether its physical IP address is consistent with the plan:
# ifconfig vbond0
port has not been configured. Perform Step 4.2.
vbond0: error fetching interface information: Device not found
port has been configured. If the displayed IP address is consistent with the plan, do
not perform Step 4.2; If the displayed IP address is inconsistent with the plan,
perform Step 4.2.
vbond0 Link encap:Ethernet HWaddr 00:18:82:B0:A7:34
255.255.248.0
UP BROADCAST RUNNING MASTER MTU:1500 Metric:1
RX bytes:227733989 (217.1 MiB) TX bytes:371623257 (354.4 MiB)
2. Run the following command to change the physical IP address, subnet mask, and
gateway of vbond0 on the current SMM board to ensure that they are consistent with the
plan.
NOTE
To view and change the physical IP address for vbond0 on an SMM board, you need to log in to
the SMM board.
# smmset -l smm -t vbond0 -d staticip -v physical IP address for vbond0 on the SMM
WARNING:changing the network IP maybe interrupt the connection

you can reload by the setting IP Address.continue?[Y/N]:
When the preceding information is displayed, type y to confirm the change. When the
following information is displayed, the physical IP address for vbond0 on the current
SMM board has been changed successfully.
Success

U2000
3. Repeat Step 1 through Step 2 to connect the SMM boards in all ATAE subracks until the
physical IP addresses, logical IP addresses, subnet masks, and gateways for vbond0 on
all SMM boards have been changed by referring to Table 26-5.
----End
26.1.20 Uninstalling the NE Mediation Software by Using

Commands
This section describes how to uninstall an NE mediation in the ATAE cluster system. You
need to perform this operation only on the master node.
Prerequisites
You have contacted Huawei technical support engineers to obtain PuTTY.zip at http://
support.huawei.com and decompressed it to your PC.Huawei technical support engineers
can quickly search for the tool package using its name as the keyword after clicking Search
by Category > Tools at http://support.huawei.com.
Context
NOTICE
l Using this method, only the NE mediation of a certain version and its patches are
uninstalled. The uninstallation does not affect the use of mediations of other versions or
history traffic statistics.
l Before uninstallation, you must be familiar with the uninstallation procedure and strictly
perform the uninstallation operation in accordance with the procedure described in the
guide.
l During uninstallation, run a command and wait until the system responds with a
message, indicating that the command is successfully executed.
l When a switchover from a slave server to the standby server is triggered, the
uninstallation of the mediation application is not supported.
This takes the uninstall of the

iManagerOSS_CBTS3601C_MATCH_ENG_V200R007C05SPC001 as an example. You
need to uninstall an NE mediation according to its version on site.
Procedure
Step 1 Delete the NE instances mapping the NE mediation to be uninstalled from the U2000 client.
Step 2 Use PuTTY to log in to the master node in SSH mode as user ossuser. Run the following
command to set the operating environment of the U2000:
Step 3 Run the following command to check whether the NE mediation is installed:
~> displayVersion -ne NE type

U2000
In this case, run the following command:

~> displayVersion -ne CBTS3601C
<CBTS3601C>
Match Version : iManagerOSS_CBTS3601C_MATCH_ENG_V200R007C05SPC001
NE Version is: CBTS3601CV200R007C05SPC001
l If the system output contains the previous information, the NE mediation is installed.
Then, proceed to Step 4.
l If the system output does not contain the previous information, the NE mediation is not
installed. You do not need to perform the uninstallation.
Step 4 Stop U2000 services. For detailed operations, see 4.6 Stopping U2000 Services.
Step 5 Run the following commands to uninstall the mediation:
~> cd /opt/oss/server/med/CBTS3601CNE/
iManagerOSS_CBTS3601C_MATCH_ENG_V200R007C05SPC001
~> uninstallmed.sh
When the system displays the following information, type y, and press Enter:
the Uninstall NE Type is : CBTS3601C
the Uninstall NE Version is :
iManagerOSS_CBTS3601C_MATCH_ENG_V200R007C05SPC001
the OSS environment variable is : /opt/oss/server
Are you sure to continue? [y/n] y
NOTE
l This process takes about 20 minutes.

l If you type any other character instead of y, you exit the uninstallation.
l The uninstallation procedure is logged in the /opt/oss/server/var/logs/mediation/
med_uninstall.log file on the server.
l During uninstallation, check whether the system output contains error or fail. If the system output
contains no error or fail, the uninstallation is successful and complete. If the system output
contains error or fail, contact Huawei technical support.
Step 6 Start U2000 services. For detailed operations, see 4.5 Starting U2000 Services.
----End
26.1.21 Uninstalling the NE Mediation Software by Using the

OSMU
This section describes how to uninstall the mediation software. When the mediation software
is being uninstalled, the U2000 services stop, and services on the live network are affected.
After the mediation software is uninstalled, the U2000 services automatically restart.
Prerequisites
Procedure
Step 1 In the navigation tree in the left pane, choose Service System > U2000 > OSS Management
Tool.

U2000
If the system prompts Security Warning, configure the parameters according to the browser
by referring to 26.2.1 Setting Internet Explorer or 26.2.2 Setting Firefox.
Step 3 Choose Mediation Package Management from the navigation tree in the left pane. The page
for managing mediation software is displayed.
Step 4 Click the Mediation Installation tab in the right pane. The tab page for installing mediation
software is displayed.
Step 5 Click the mediation software to be uninstalled in the Installed Mediation area, and click
Uninstall.
The mediation software can be uninstalled in batches. You can select multiple pieces of
mediation software for batch uninstallation.
Step 6 In the displayed dialog box, the mediation software to be uninstalled is displayed. If the
displayed information is correct, click OK.
Step 7 In the displayed dialog box, click Yes to start uninstallation.
NOTICE
l Ensure that you have deleted from the U2000 client the NE instances matching the NE
mediation to be uninstalled.
l When uninstalling a mediation, the OSMU will automatically stop and start the U2000
services. It takes about 15 to 20 minutes to stop and start the U2000 services, depending
on the actual environment.
l It takes about 3 to 10 minutes to uninstall a mediation (excluding the time on starting and
stopping the U2000 services).
During the uninstallation, you can view the uninstallation process in the Mediation
Uninstallation Log area. If error or fail exists in the uninstallation log, contact Huawei
technical support.
Step 8 After the mediation software is uninstalled, the system displays a dialog box, indicating that
the installation is successful. Click OK.
After the uninstallation is complete, click Download to download the log file to check
whether the mediation software has been uninstalled successfully. If error or fail exists in the
uninstallation log, contact Huawei technical support.
NOTE
You can click Clear to clear uninstallation information in the Mediation Uninstallation Log area.
When you perform this operation, the historical records in the uninstallation log are not deleted. To view
historical records in the uninstallation log, navigate to the /opt/oss/server/var/logs/mediation/
med_uninstall.log file.
----End
26.1.22 Starting the Services that Are Disabled by Default

U2000
Prerequisites
You have logged in to the master node in SSH mode using PuTTY as user ossuser.
Context
The services listed in Table 26-6 are disabled by default. You can start the services as
required. Table 26-6 describes the configuration files of each service.
Table 26-6 Mapping between services and configuration files

Service Description
NGNFullFillService Supports NGN service provision.
NGNNIService Supports service provision using the TL1 NBI.
NGNNI112Service Supports subscriber line test management of fixed network

devices.
NGNTestManageSer- Supports test management of fixed network devices.

vice
SNMService Supports signaling network device management, including

signaling network topology management, resource status statistics,
and port check tool.
FNLicenseService The FNLicenseService provides the fix network management

function of managing the license authorization information about
U2000. The number of purchased licenses determines the number
of available resources and whether the user can use a specific
functional component.
SyslogCollectorDM The SyslogCollectorDM provides management for NE syslog run

logs.
ConfigExport The ConfigExport service provides a transparent channel which

enables the northbound NMS to directly obtain configuration from
the GBSS data and set NE configurations.

U2000
NOTICE
l The NGNNIService is dependent on the NGNFullFillService and the FNLicenseService.
To use the service provisioning function of the TL1 NBI, you need to enable the
NGNNIService, NGNFullFillService, and FNLicenseService manually at the same time.
For details how to start the NGNNIService, see U2000 TL1 NBI User Guide .
l The NGNNI112Service is dependent on the NGNTestManageService and the
FNLicenseService. To use the 112 NBI test management function of a fixed network
device, you need to enable the NGNNI112Service, NGNTestManageService, and
FNLicenseService manually at the same time. For details how to start the
NGNNI112Service, see U2000 Line Test NBI User Guide..
l The SyslogCollectorDM service on the U2000 and the syslog service in the SUSE Linux
operating system collect information through the port 514. Both services cannot be used
concurrently. Before enabling the SyslogCollectorDM service, see 26.1.25 Solving the
Problem of the Port for the U2000 SyslogCollectorDM Service and the syslog Service
Conflicts and disable the syslog service in the SUSE Linux operating system.
Procedure
l Run the following command to start the service that is disabled.
~> svc_adm -cmd enable -svcname service name
For example:
~> svc_adm -cmd enable -svcname NGNFullFillService
----End
26.1.23 Configuring the ACL for the PortTrunking Service

The LMTs of certain NEs cannot connect to NEs using the existing proxy function provided
by the U2000. To enable these tools to connect to NEs through the U2000, the PortTrunking
service must be used. The PortTrunking service provides a network proxy function that
enables users to set up connections with NEs using the PortTrunking service. The access
control list (ACL) for the PortTrunking service can limit the NEs that a user can access.
Therefore, configure the ACL for the PortTrunking service properly to ensure network
security.
Context
l The NE LMT must be installed on the U2000 client PC.
l ACL rules must be configured on both the NEs and U2000 client. If you configure ACL
rules only on the NEs or U2000 client, connections between the NEs and the U2000
cannot be set up.
– The ACL rule configuration file for NEs is named acl_ne_rule.cfg and is saved in
the /opt/oss/server/etc/porttrunking directory.
– The ACL rule configuration file for the U2000 client must be set on the U2000
client GUI.

U2000
l Configure the IP addresses and ports in the ACL rule configuration file to limit the NEs
that a user can access. The configured ACL rules take effect for new proxy connections
but do not take effect for proxy connections that have been set up. To apply the
configured ACL rules for proxy connections that have been set up, close and set up the
connections again.
l If the networking includes gateway devices such as the Network Address Translation
(NAT) device, and NEs are located on the internal NAT network, you must set IP
addresses in ACL rule configuration files to IP addresses that are stored on the NAT
device and can be connected to by the U2000 server. Do not set IP addresses to internal
network IP addresses to which NEs are bound.
NOTICE
IP addresses configuration on the NAT device may pose security risks. Assess
networking security before the configuration.
l If the BSC6000 LMT requires access to NEs through the U2000, the ports used when
you configure the ACL for the PortTrunking service are described in Table 26-7.
Table 26-7 BSC6000 LMT port description

NE Port ID Description
BSC6000 6000 This port is used to transfer MML

maintenance commands.
6001 This port is used to transfer MML alarm data.
16006 These are the BSC6000 BIN server ports.
l To start the LMT of the CGPOMU through the U2000 proxy, the ACL must be
configured for PortTrunking service. The ports listed in the Table 26-8 are used.
Table 26-8 CGPOMU LMT port description

CGPOMU 9101 and These ports are used to connect the LMT to the
11101 (SSL) OMU. 9101 is the ID of an ordinary port. 11101 is
the ID of an encrypted port using SSL.
21, 2000 to These ports are used by LMTs to transfer files. 21

2019 is the ID of a default FTP and FTPS control port.
2000 to 2019 are IDs of default FTP or FTPS data
ports.
2198 and 2199 The ports are control port and data port used for
KVM over IP function on the WEBUI.

U2000
9095 and 9443 The ports are provided for the update of the LMT.
(SSL) 9095 is the ID of an ordinary port. 9443 is the ID
of an encrypted port using SSL.
l To remotely upgrade the LMT of the MSC Server, MSCe, or SOFTX3000 through the
U2000 proxy, the ACL must be configured for PortTrunking service. The ports listed in
the Table 26-9 are used.
Table 26-9 MSC Server, MSCe, and SOFTX3000 LMT port description
Port ID Description
21 This is an FTP control port, used to upgrade LMTs remotely.
1024 to 65535 This is an FTP data port, used to upgrade LMTs remotely.
The supported port ID range is too wide. Before configuring the
PortTrunking ACL, run the SET FTPSSRV command to set the
port ID range as required on the MML command client.
l To use remote SSH functions of the SBC, SE2600, SVN, CX600, ViewPoint, MAG9811
and Eudemon, the ACL must be configured for PortTrunking service. The 22 port is
used.
l To use remote SSH functions of the VNF, the ACL must be configured for PortTrunking
service. The 6000 port is used.
Procedure
For details, see 26.1.1 Logging In to the Board by Using PuTTY.
Step 2 Run the following command to write the IP address and port to the rule file:
~> cd /opt/oss/server/etc/porttrunking
~> echo "10.146.60.53/23,22|80|9990-9995,A" >> acl_ne_rule.cfg

U2000
NOTE
In the preceding command, 10.146.60.53/23,22|80|9990-9995,A is used as an example. Replace it as

required.
l 10.146.60.53 is the IP address of NE.
l 23 indicates the network segment mask. The value ranges from 0 to 32. The IP address and
network segment mask is separated by a slash (/).
l 22|80|9990-9995 are the ports. The vertical bar (|) separates multiple ports, and the hyphen (-)
indicates the port range.
l A indicates the rule action. A indicates that you can use the PortTrunking service to access the
specified IP address and port. R indicates that you cannot use the PortTrunking service to access
the specified IP address or port.
l Run the following command to query the configured IP address and port.
~> cat /opt/oss/server/etc/porttrunking/acl_ne_rule.cfg
l If you set 10.146.60.53/23 to 0.0.0.0/0 and the rule action to A, the client can access all NEs using
the PortTrunking service.
Step 3 To add other IP addresses or ports to the rule file, repeat Step 2.
Step 4 Perform the following steps to add the information about the PC where the U2000 client is
installed to Proxy Service ACL.
1. Log in to the U2000 client and choose Security > Proxy Service ACL (traditional
style); alternatively, double-click Security Management in Application Center and
choose OSS Security > Settings > Proxy Service ACL (application style).
2. In the Proxy Service ACL dialog box, click Add.
3. In the Add Access Control Item dialog box, configure IP Address or Network
Segment for the PC where the U2000 client is installed, set Operation to Accept, and
click OK.
NOTE
If IP Address or Network Segment is set to 0.0.0.0/0 in the access control list and Operation is
set to Accept, the clients on all network segments can access NEs.
----End
Follow-up Procedure
After you connect to NEs from a client by using the PortTrunking service and perform
required operations, manually delete rules that you have written in the ACL configuration
files to prevent other users from connecting to the NEs based on the rules.
1. Use PuTTY to log in to the master server in SSH mode as user ossuser.
2. Run the following command to delete the IP address and port from the rule file:
~> cd /opt/oss/server/etc/porttrunking
~> sed '/10.146.60.53\/23,22|80|9990-9995,A/d' acl_ne_rule.cfg >
acl_ne_rule.cfg.bak
~> cp acl_ne_rule.cfg.bak acl_ne_rule.cfg
NOTE
l In the preceding command, 10.146.60.53/23,22|80|9990-9995,A is used as an example.

l Run the following command to query the configured IP address and port.
~> cat /opt/oss/server/etc/porttrunking/acl_ne_rule.cfg

U2000
3. To delete other IP addresses or ports, repeat 2.

4. Perform the following steps to delete the information about the PC where the U2000
client is installed from Proxy Service ACL.
a. Log in to the U2000 client and choose Security > Proxy Service ACL (traditional
style); alternatively, double-click Security Management in Application Center
and choose OSS Security > Settings > Proxy Service ACL (application style).
b. In the Proxy Service ACL dialog box, select the information item of the PC where
the U2000 client is installed to be deleted and click Delete.
c. In the Confirm dialog box, click Yes.
26.1.24 Switching the LMT Login Mode

The local maintenance terminal (LMT) is the local OM system of an NE. LMT login mode
supports secure mode and compatible mode. For an ATAE cluster online remote HA system,
you need to perform the following steps on the active site and the standby site.
Procedure
Step 1 Use PuTTY to log in to the master server as user ossuser in SSH mode. For details, see 26.1.1
Logging In to the Board by Using PuTTY.
Step 2 Run the following command to run the U2000 environment variables:
Step 3 Run commands according to the following table to switch the LMT login mode.
If you want to... Then...
Switch the LMT Run the following commands:

login modes to
secure mode ~> cd /opt/oss/server/rancn/bin
~> ./setLMTSecMode.sh enable
Switch the LMT Run the following commands:

login modes to
compatible mode ~> cd /opt/oss/server/rancn/bin
~> ./setLMTSecMode.sh disable
l When the system displays the following information, the LMT login mode has been
switched:
Success !
l When the system displays information different from the preceding information, contact
----End

U2000
26.1.25 Solving the Problem of the Port for the U2000

SyslogCollectorDM Service and the syslog Service Conflicts
The syslog service of the SUSE Linux operating system uses the UDP-based port 514 to
receive remote logs. After you install the U2000 on SUSE Linux, the SyslogCollectorDM
service of the U2000 also uses port 514 to receive remote logs. If the syslog service is enabled
before the U2000 is upgraded, a port conflict occurs after the upgrade. As a result, the
SyslogCollectorDM service is disabled and the attempt to start the SyslogCollectorDM
service fails.
Context
To ensure that the NE logs are properly displayed on the U2000 client, disable the function for
receiving remote logs for the syslog service on the operating system, and allow the U2000
SyslogCollectorDM service instead of the OS receives the remote logs. Perform the following
operations on the nodes where the SyslogCollectorDM service has been deployed to ensure
that UDP port 514 is not used by the OS.
Procedure

~> su - root

Step 4 Run the following command to enable the U2000 SyslogCollectorDM service:
# svc_adm -cmd enable -svcname SyslogCollectorDM
l If the SyslogCollectorDM service is started, the problem is not caused by the port
conflict. The procedure ends.
l If the SyslogCollectorDM service is not started, perform Step 5.
Step 5 Run the following command to view the usage of port UDP 514:
# lsof -i:514
If the following information is displayed, port UDP 514 has been occupied by the syslog
service of the OS:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
syslog-ng 8786 root 5u IPv4 8511952 UDP *:syslog
Step 6 Disable the syslog service function for receiving remote logs in the operating system.
1. Run the following command to stop the syslog service on the OS:
# service syslog stop
2. Run vi to modify the syslog-ng.conf file in /etc/syslog-ng.
Comment on the udp<ip<"0.0.0.0"> port<514>> line. Run :wq! to save the
file and exit.

U2000
unix-dgram("/dev/log");
#
# uncomment to process log messages from network:
#
# udp<ip<"0.0.0.0"> port<514>>;
3. Run the following command to restart the syslog service:

# service syslog start
Step 7 Run the following command to check whether the U2000 SyslogCollectorDM service is
running.
# svc_adm -cmd status
If the service is not running, run the following command to start the SyslogCollectorDM
service:
# svc_adm -cmd startsvc SyslogCollectorDM
Step 8 Run the following command to view the usage of port UDP 514 again:
# lsof -i:514
If the following information is displayed, the U2000 SyslogCollectorDM service has occupied
this port.
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
SyslogCol 11101 root 31u IPv4 8519207 UDP *:syslog
----End
26.1.26 Checking Whether a User Has Logged In to the Board by

Using KVM
This section describes how to check whether a user has logged in to the board by using KVM.
The KVM function provided by the OSMU allows only one user to log in to a board by using
KVM at a time.
Prerequisites
You have obtained the private IP address of the board. For detailed operations, see 27.3
Procedure
Step 1 Log in to the OSMU board as user osmuuser in Secure Shell (SSH) mode using PuTTY. For
Step 2 Run the following command to switch to user root:
~> su - root
Step 3 Run the following command to log in to the board in SSH mode:
# ssh private IP address of the board
Step 4 Run the following command to check the users who have logged in to the board:

U2000
# who
If tty1 is displayed, a user has been logged in to the board by using KVM. The following is
shown as an example:
root tty1 Sep 18 16:05
root pts/0 Sep 16 12:27 (10.10.10.1)
root pts/1 Sep 18 15:10 (10.10.10.2)
----End
26.1.27 Downloading Files from the Specified Path on the Server

Because security hardening has been performed on the system, when the FTP or SFTP
protocol is used to downloaded files from the server, a user cannot log in or the file cannot be
downloaded. If the preceding problem occurs during the operations, perform related
operations by referring to this section.
Context
NOTE
Using the FTP protocol has security risks, it is recommended that you use the SFTP protocol to perform
related operations.
The symptom, cause, and solution of the problem that users cannot download files using the
FTP or SFTP protocol are as follows:
l User root cannot log in to the server using FTP or SFTP.
Cause: Due to security requirements, user root is prohibited from logging in to the server
using FTP or SFTP.
Solution: When logging in to the server using the FTP protocol, use user ftpuser; and
when logging in to the server using the SFTP protocol, use a account other than user
root (for example, ossuser).
l The login user cannot navigate to the path saving the file to be downloaded on the server.
FileZilla is used as an example. The following information is displayed:
Error: Directory /etc/ntp: permission denied
Error: Failed to retrieve directory listing
Cause: The login user does not have the right to access the file save path.
Solution: Copy the file to be downloaded to the home directory of the login user, add
related permissions, and download it by referring to this section.
l The login user can access the file path on the server but fails to download the file.
Cause: The read permission of the file is insufficient. For example, if the owner of the
file to be downloaded is root and the permission is rwx------, only user root can read the
file.
Solution: Copy the file to be downloaded to the home directory of the login user, add
related permissions, and download it by referring to this section.
NOTE
Users can run the ls command to query the file owner and related permissions. For details about
how to use the ls command, see the chapter ls of U2000 Command Reference.

U2000
Table 26-10 Description of the user's home directory

User Home Directory
ftpuser /export/home/sysm
ossuser /export/ossuser
oracle /export/home/oracle
dbuser /export/home/sybase
osmuuser /home/osmu
Procedure
Step 1 Use PuTTY to log in to the server as user ossuser in SSH mode.
NOTE
l In this section, user ossuser is used as an example to explain the operations. When a user other than
ossuser is used to download files, perform operations by referring to this section.
l Assume that the file to be downloaded is abc.txt, the file owner is root, the permission is rwx------,
and the file save path on the server is /etc/ntp.

~> su - root
Step 3 Run the following command to go to the path saving the file to be downloaded:
# cd /etc/ntp
Step 4 Run the following command to copy the file to the home directory of user ossuser:
# cp abc.txt /export/ossuser
NOTE
l The home directory of user ossuser is /export/ossuser. When a user other than ossuser is used to
download files, replace the home directory.
l If the files to be downloaded is too many, you can run the tar command to pack the files and copy the
package to the home directory of user ossuser. For details about how to use the tar command, see the
chapter tar of U2000 Command Reference.
Step 5 Run the following commands to grant the read permission to the file to be downloaded:
# cd /export/ossuser
# chmod o+r abc.txt
Step 6 Use FileZilla to download the file as user ossuser. For details about how to use the FileZilla,
see section 26.1.12 Transferring Files by Using FileZilla.
Step 7 Run the following commands on the server to delete the copied file in the homer directory of
user ossuser:

U2000
# rm abc.txt
----End
26.1.28 Uploading Files to the Specified Path on the Server

Because security hardening has been performed on the system, when the FTP or SFTP
protocol is used to upload files to the server, the login user cannot access the upload path on
the server. In such case, perform related operations by referring to this section.
Context
NOTE
l Due to security requirements, user root is prohibited from logging in to the server using FTP or
SFTP. When logging in to the server using the FTP protocol, use user ftpuser; and when logging in
to the server using the SFTP protocol, use a account other than user root (for example, ossuser).
l Using the FTP protocol has security risks, it is recommended that you use the SFTP protocol to
perform related operations.
Table 26-11 Description of the user's home directory

User Home Directory
ftpuser /export/home/sysm
ossuser /export/ossuser
oracle /export/home/oracle
dbuser /export/home/sybase
osmuuser /home/osmu
Procedure
Step 1 Use FileZilla to upload the file as user ossuser to the home directory of user ossuser.
NOTE
l In this section, user ossuser is used as an example to explain the operations. Assume that the file to
be uploaded is abc.txt and the save path after the file is uploaded to the server is /etc/ntp.
l The home directory of user ossuser is /export/ossuser. When a user other than ossuser is used to
upload files, replace the home directory. When user ftpuser is used to log in to the server, the upload
file must be set to /export/home/sysm/ftproot.
l For details about how to use the FileZilla, see section 26.1.12 Transferring Files by Using
FileZilla.
l The format of some files needs to be changed after being uploaded to the server. Before uploading
such files, contact Huawei technical support to confirm whether the format needs to be changed.
Step 2 Use PuTTY to log in to the server as user ossuser in SSH mode.

~> su - root

U2000
Step 4 Run the following command to go to the path saving the uploaded file:
Step 5 Run the following command to copy the file to the save path:
# cp abc.txt /etc/ntp
Step 6 Run the following commands to change the file owner and grant the corresponding
permissions:
# cd /etc/ntp
# chown ossuser abc.txt
# chmod u+rwx abc.txt
# chmod g+rx abc.txt
NOTE
l The chown command is used to change the file owner. For details about how to use the chown
command, see the chapter chown of U2000 Command Reference.
l The chmod command is used to change the read, write, and execute permissions for the file. For
details about how to use the chmod command, see the chapter chmod of U2000 Command
Reference.
----End
26.1.29 Setting a DHCP Listening IP Address

This section describes how to set a DHCP listening IP address so that the DHCP service can
listen to the IP address specified by the customer, meeting customer's security requirements.
Prerequisites
l A network interface is available on the U2000 server for setting the DHCP listening IP
address. If no such a network interface is available, add a network adapter which
interconnects with the network on the NE side. In a non-single-server system, you only
need to ensure that a network interface for DHCP listening IP address exists on the
active server.
l The IP address of the idle network interface on the U2000 server has been set to the
DHCP listening IP address.
Context
With the DHCP function, the destination IP address used by NEs to send DHCP messages can
be different from the southbound IP address of the U2000. By default, the DHCP service
listens to the DHCP port for which the southbound IP address of the U2000 is configured. To
listen to other IP addresses of the U2000 server, perform the following operations mentioned
in this section.
NOTICE
For ATAE Cluster Remote HA System, after a switchover of the systems in active/standby
mode, you need to set the DHCP listening IP address again on the node taking over services.

U2000
Procedure
Step 1 Use PuTTY to log in to U2000 server in SSH mode as user dbuser.
In a non-single-server system, log in to the active (or master) server.
Step 2 Run the following command to modify the DHCPIP.xml file:
~> vi /opt/oss/server/etc/ADNService/DHCPManager/DHCPIP.xml
Add the listening IP address to IP value, for example, 10.71.15.20. The file contents after the
modification are as follows:
<?xml version="1.0" encoding="utf-8"?>
<root>
<IP value="10.71.15.20" />
<root>
The value of IP value is the DHCP listening IP address.
Step 3 After the modification, press Esc and run the :wq command to save the modification and exit.
Step 4 Run the following commands to restart the ADNService service:
~> svc_adm -cmd restartsvc ADNService
~> su - root
Step 6 Run the following commands to change the port mapping relationship:
# cd /opt/oss/server/rancn/lbin/
# ./mapDhcpPort.sh
----End
Follow-up Procedure
If you need to restore the settings, delete the listening IP address from the DHCPIP.xml file
and restart the ADNService service. For details, see Step 1 to Step 6.
26.1.30 How Do I Unlock an Oracle Database Account?

This section describes how to unlock an oracle database account.
Procedure
Step 1 Use PuTTY to log in to the U2000 server as user oracle in SSH mode.
NOTE
In an HA system, log in to only the active server. In an ATAE cluster system or an ATAE cluster online
remote HA system, log in to the database board whose database account is locked.

U2000
Step 2 Run the following command to log in to the database:

sqlplus / as sysdba
Step 3 Run the following command to unlock the account:

SQL> alter user username account unlock;
NOTE
Replace username with the account to be unlocked.
If User altered. is displayed in the command output, the account is successfully

unlocked. Otherwise, contact Huawei technical support.
Step 4 Run the following command to exit the database:

SQL> exit
----End
26.1.31 How Do I Unlock a Sybase Database Account?
Context
This section describes how to unlock a sybase database account by an administrator account.
If the administrator account is locked, contact Huawei technical support engineers.
Procedure
Step 1 Use PuTTY to log in to the database board whose database account is locked in SSH mode as
user dbuser.
Step 2 Run the following command to log in to the Sybase database:
~> isql -SDBSVR -Udatabase administrator
Password: password of database administrator
NOTE
DBSVR is the name of the database server, For details about how to query the actual database server
name, see 26.1.9 Checking the Sybase Database Server Name.
Step 3 Run the following command to unlock a database account:

NOTE
The following uses how to unlock user sybuser as an example. You need to replace sybuser with the
actual account to be unlocked.
1> sp_locklogin sybuser,'unlock'
2> go
Step 4 Run the following command to exit the database:
1> exit
----End

U2000
26.1.32 Enabling SUSE Linux Operating System Audit (SUSE10)

This section describes how to set audit rules and perform audit-related operations on the
SUSE Linux operating system. If you do not have audit requirements for the operating
system, skip this section. In the non-single-server system, the operation needs to be performed
on each node.
Context
l After the audit is performed, all operations performed by operating system users are
recorded in audit logs. The audit logs are in turn recorded to audit.log, audit.log.1,
audit.log.2, and audit.log.3. audit.log is the latest log file, and audit.log.3 is the oldest
log file.
l The path of the audit logs is defined by log_file in the auditd.conf file. The default path
is /var/log/audit/audit.log.
l After the operating system log audit function is enabled, audit logs will record the
commands and parameters used by users. The information may include sensitive user
information, which brings risks. Therefore, use this function with caution. If users have
enabled this function, keep the audit log files properly.
NOTE
l The directory of the audit logs must have sufficient space. The minimum space is 2 GB, and it is
recommended that a file system with 20 GB space be created for the directory.
l The audit logs (the audit.log.N files) must be manually backed up. The bakcup interval depends on
the number of generated logs. It is recommended that the logs be backed up at least once every
week.
Procedure
~> su - root
Step 3 Run the following command to check whether the Audit Framework and related libs files
have been installed in the SUSE Linux operating system:
# rpm -qa|grep audit
l If a file similar to audit-1.2.9-6.19 is displayed in the command output, the Audit

Framework has been installed in the operating system.
l If files similar to audit-libs-1.2.9-6.19 and audit-libs-1.2.9-6.19 are displayed in the
command output, the required libs files have been installed in the operating system.
NOTE
If the Audit Framework and related libs files are not installed in the SUSE Linux operating system,
Step 4 Run the following command to set parameters in the /etc/sysconfig/auditd file:
# vi /etc/sysconfig/auditd
l Set AUDITD_LANG to en_US.

U2000
l Set AUDITD_DISABLE_CONTEXTS to no.

AUDITD_LANG="en_US"
AUDITD_DISABLE_CONTEXTS="no"
Step 5 Run the following command to set parameters in the /etc/auditd.conf file:
# vi /etc/auditd.conf
l Set max_log_file to 2000.

l Set space_left to 1000.
l Set admin_space_left to 100.
l Set admin_space_left_action to SYSLOG.
l Set max_log_file_action to ROTATE.
max_log_file = 2000
space_left = 1000
admin_space_left = 100
admin_space_left_action = SYSLOG
max_log_file_action = ROTATE
NOTE
You can run the man auditd.conf command to query the description of each parameter in the
auditd.conf file.
Step 6 Run the following command to check the login, sshd, crond, and atd files under the /etc/
pam.d directory and verify that each file contains the following contents:
# vi /etc/pam.d/file name
session required pam_loginuid.so
session include common-session
Step 7 Run the following command to edit configuration file /etc/audit.rules:

Copy the following contents to the system and then execute them.
echo "# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all

-D
# Increase the buffers to survive stress events.

# Make this bigger for busy systems
-b 25600
# Enable the audit subsystem.

-e 1
# Set the failure flag to use when the kernel needs to handle critical errors.
# Possible values are 0 (silent), 1 (printk, print a failure message),
# and 2 (panic, halt the system).
-f 1
# Feel free to add below this line. See auditctl man page
# Set watches on the at and cron configuration and the scheduled jobs
# and assign labels to these events.
-w /var/spool/at -k Cron_cfg
-w /etc/at.allow -k Cron_cfg
-w /etc/at.deny -k Cron_cfg
-w /etc/cron.allow -p wa -k Cron_cfg
-w /etc/cron.deny -p wa -k Cron_cfg

U2000
-w /etc/cron.d/ -p wa -k Cron_cfg
-w /etc/cron.daily/ -p wa -k Cron_cfg
-w /etc/cron.hourly/ -p wa -k Cron_cfg
-w /etc/cron.monthly/ -p wa -k Cron_cfg
-w /etc/cron.weekly/ -p wa -k Cron_cfg
-w /etc/crontab -p wa -k Cron_cfg
-w /var/spool/cron/root -k Cron_cfg
# Set watches on the user, group, password, and login databases and logs
# and set labels to better identify any login-related events,
# such as failed login attempts.
-w /etc/group -p wa -k LoginFile_access
-w /etc/passwd -p wa -k LoginFile_access
-w /etc/shadow -k LoginFile_access
-w /etc/login.defs -p wa -k LoginFile_access
-w /etc/securetty -k LoginFile_access
-w /var/log/faillog -k LoginFile_access
-w /var/log/lastlog -k LoginFile_access
# Set a watch and a label on the static hostname configuration in /etc/hosts.

# Track changes to the system configuration directory, /etc/sysconfig. Enable
# per-file watches if you are interested in file events. Set watches and labels
# for changes to the boot configuration in /etc/inittab and the /etc/init.d
# directory. Enable per-file watches if you are interested in file events. Set
# watches and labels for any changes to the linker configuration
# in /etc/ld.so.conf.
# Set watches and a label for /etc/localtime. Set watches and labels for the
# kernel configuration files /etc/sysctl.conf, /etc/modprobe.d/, /etc/
# modprobe.conf.local, and /etc/modprobe.conf.
-w /etc/hosts -p wa -k SysFile_mod
-w /etc/sysconfig/ -k SysDir_access
-w /etc/inittab -p wa -k SysFile_mod
-w /etc/init.d/ -k SysDir_access
-w /etc/init.d/auditd -p wa -k SysFile_mod
-w /etc/ld.so.conf -p wa -k SysFile_mod
-w /etc/localtime -p wa -k SysFile_mod
-w /etc/sysctl.conf -p wa -k SysFile_mod
-w /etc/modprobe.d/ -k SysDir_access
-w /etc/modprobe.conf.local -p wa -k SysFile_mod
-w /etc/modprobe.conf -p wa -k SysFile_mod
# Set watches on the PAM configuration directory.
# If you are interested in particular files below the directory level,
# add explicit watches to these files as well.
-w /etc/pam.d/ -k PamDir_access
# Set watches to the postfix configuration to log any write attempt or
# attribute change and use labels for better tracking in the logs.
-w /etc/aliases -p wa -k Aliases_cfg
-w /etc/postfix/ -p wa -k Postfix_cfg
# Set watches and labels on the ssh configuration files.
-w /etc/ssh/sshd_config -k SSH_cfg
# Perform an audit of the sethostname system call and set watches and labels
# on the system identification configuration in /etc/issue and /etc/issue.net.
-a exit,always -S sethostname -k SetHostName
-w /etc/issue -p wa -k IssueInf_mod
-w /etc/issue.net -p wa -k IssueInf_mod
# Set a watch on the directory where the audit log is located. Trigger an
# event for any type of access attempt to this directory.
-w /var/log/audit/ -k AuditDir_access
-w /var/log/audit/audit.log -k AuditLog_access
# Set a watch on an audit configuration file. Log all write and attribute
# change attempts to this file.
-w /etc/auditd.conf -p wa -k Audit_cfg
-w /etc/audit.rules -p wa -k Audit_cfg
-w /etc/libaudit.conf -p wa -k Audit_cfg
-w /etc/sysconfig/auditd -p wa -k Audit_cfg
# Enable an audit context for system calls related to changing

# file ownership and permissions.

U2000
-a entry,always -S chmod -S fchmod -S chown -S fchown -S lchown -k FileAttr_mod

# Enable an audit context for system calls related to file content modification.
# This will affect the performance greatly.
#-a entry,always -S creat -S open -S truncate -S ftruncate -k File_opr
# Enable an audit context for any directory operation,
# like creating or removing a directory.
-a entry,always -S mkdir -S rmdir -k Dir_opr
# Enable an audit context for any linking operation,
# such as symlink,link,unlink,or rename.
-a entry,always -S unlink -S rename -S link -S symlink -k Link_opr
# Enable an audit context for any operation related to
# extended file system attributes.
-a entry,always -S setxattr -k FS_Attr_opr
-a entry,always -S lsetxattr -k FS_Attr_opr
-a entry,always -S fsetxattr -k FS_Attr_opr
-a entry,always -S removexattr -k FS_Attr_opr
-a entry,always -S lremovexattr -k FS_Attr_opr
-a entry,always -S fremovexattr -k FS_Attr_opr
# Enable an audit context for the mknod system call,
# which creates special (device) files.
-a entry,always -S mknod -k MakeNode
# Enable an audit context for any mount or umount operation.
-a entry,always -S mount -S umount2 -k Mount_opr
# Track task creation.
-a entry,always -S clone -S fork -S vfork -k Task_create
# Add an audit context to the umask system call.
-a entry,always -S umask -k Umask
# setuid Operation
-a entry,always -S setuid -k Setuid_Opr
# setgid Operation
-a entry,always -S setgid -k Setgid_Opr
# Track attempts to change the system time. adjtimex can be used to
# skew the time. settimeofday sets the absolute time.
-a entry,always -S adjtimex -S settimeofday -k Time_mod
# execute program
-a entry,always -S execve -k Execute_program
# kill operation
-a entry,always -S kill -k Kill_opr
# reboot or enable/disable Ctrl-Alt -Del
-a entry,always -S reboot -k Reboot " > /etc/audit.rules
Step 8 Run the following command to load audit rules:

# auditctl -D
No rules
# dos2unix /etc/audit.rules
dos2unix: converting file /etc/audit.rules to UNIX format ...
# auditctl -R /etc/audit.rules
No rules
AUDIT_STATUS: enabled=1 flag=1 pid=5749 rate_limit=0 backlog_limit=25600
lost=1049 backlog=0
lost=1049 backlog=0
lost=1049 backlog=0
Step 9 Run the following command to restart the audit service:

# rcauditd restart
Shutting down auditd done
Starting auditd done
----End

U2000
26.1.33 Enabling SUSE Linux Operating System Audit (SUSE11)

This section describes how to set audit rules and perform audit-related operations on the
SUSE Linux operating system. If you do not have audit requirements for the operating
system, skip this section. In the non-single-server system, the operation needs to be performed
on each node.
Context
l After the audit is performed, all operations performed by operating system users are
recorded in audit logs. The audit logs are in turn recorded to audit.log, audit.log.1,
audit.log.2, and audit.log.3. audit.log is the latest log file, and audit.log.3 is the oldest
log file.
l The path of the audit logs is defined by log_file in the auditd.conf file. The default path
is /var/log/audit/audit.log.
l After the operating system log audit function is enabled, audit logs will record the
commands and parameters used by users. The information may include sensitive user
information, which brings risks. Therefore, use this function with caution. If users have
enabled this function, keep the audit log files properly.
NOTE
l The directory of the audit logs must have sufficient space. The minimum space is 2 GB, and it is
recommended that a file system with 20 GB space be created for the directory.
l The audit logs (the audit.log.N files) must be manually backed up. The bakcup interval depends on
the number of generated logs. It is recommended that the logs be backed up at least once every
week.
Procedure
~> su - root
Step 3 Run the following command to check whether the Audit Framework and related libs files
have been installed in the SUSE Linux operating system:
# rpm -qa|grep audit
l If a file similar to audit-1.2.9-6.19 is displayed in the command output, the Audit

Framework has been installed in the operating system.
l If files similar to audit-libs-1.2.9-6.19 and audit-libs-1.2.9-6.19 are displayed in the
command output, the required libs files have been installed in the operating system.
NOTE
If the Audit Framework and related libs files are not installed in the SUSE Linux operating system,
Step 4 Run the following command to set parameters in the /etc/sysconfig/auditd file:
# vi /etc/sysconfig/auditd
l Set AUDITD_LANG to en_US.

U2000
l Set AUDITD_DISABLE_CONTEXTS to no.

AUDITD_LANG="en_US"
AUDITD_DISABLE_CONTEXTS="no"
Step 5 Run the following command to set parameters in the /etc/audit/auditd.conf file:
# vi /etc/audit/auditd.conf
l Set max_log_file to 2000.

l Set space_left to 1000.
l Set admin_space_left to 100.
l Set admin_space_left_action to SYSLOG.
l Set max_log_file_action to ROTATE.
max_log_file = 2000
space_left = 1000
admin_space_left = 100
admin_space_left_action = SYSLOG
max_log_file_action = ROTATE
NOTE
You can run the man auditd.conf command to query the description of each parameter in the
auditd.conf file.
Step 6 Run the following command to check the login, sshd, crond, and atd files under the /etc/
pam.d directory and verify that each file contains the following contents:
# vi /etc/pam.d/file name
session required pam_loginuid.so
session include common-session
Step 7 Run the following command to edit configuration file /etc/audit/audit.rules:

Copy the following contents to the system and then execute them.
echo "# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
-D
-b 25600
-e 1
-f 1
-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change
-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change
-a always,exit -F arch=b64 -S clock_settime -k time-change
-a always,exit -F arch=b32 -S clock_settime -k time-change
-w /etc/localtime -p wa -k time-change
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/security/opasswd -p wa -k identity
-a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale
-a exit,always -F arch=b32 -S sethostname -S setdomainname -k system-locale
-w /etc/issue -p wa -k system-locale
-w /etc/issue.net -p wa -k system-locale
-w /etc/hosts -p wa -k system-locale
-w /etc/sysconfig/network -p wa -k system-locale
-w /etc/selinux/ -p wa -k MAC-policy
-w /var/log/faillog -p wa -k logins
-w /var/log/lastlog -p wa -k logins
-w /var/log/tallylog -p wa -k logins
-w /var/run/utmp -p wa -k session

U2000
-w /var/log/wtmp -p wa -k session
-w /var/log/btmp -p wa -k session
-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!
=4294967295 -k perm_mod
-a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!
=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=500 -
F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=500 -
F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -
S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -
S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F
exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access
exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access
exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access
exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access
-a always,exit -F path=/bin/umount -F perm=x -F auid>=500 -F auid!=4294967295 -k
privileged
-a always,exit -F path=/bin/login -F perm=x -F auid>=500 -F auid!=4294967295 -k
privileged
-a always,exit -F path=/bin/su -F perm=x -F auid>=500 -F auid!=4294967295 -k
privileged
-a always,exit -F path=/bin/ping6 -F perm=x -F auid>=500 -F auid!=4294967295 -k
privileged
-a always,exit -F path=/bin/eject -F perm=x -F auid>=500 -F auid!=4294967295 -k
privileged
-a always,exit -F path=/bin/ping -F perm=x -F auid>=500 -F auid!=4294967295 -k
privileged
-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid>=500 -F auid!
=4294967295 -k privileged
-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid>=500 -F auid!
=4294967295 -k privileged
-a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k mounts
-a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k mounts
-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F
auid>=500 -F auid!=4294967295 -k delete
-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F
auid>=500 -F auid!=4294967295 -k delete
-a always,exit -F arch=b64 -S init_module -S delete_module -k modules
-w /etc/sudoers -p wa -k scope
-w /var/log/sudo.log -p wa -k actions
-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules " > /etc/audit/audit.rules
Step 8 Run the following command to load audit rules:

# auditctl -D
No rules
# dos2unix /etc/audit/audit.rules
dos2unix: converting file /etc/audit/audit.rules to UNIX format ...
# auditctl -R /etc/audit/audit.rules
No rules
lost=1049 backlog=0
lost=1049 backlog=0
lost=1049 backlog=0

U2000
Step 9 Run the following command to restart the audit service:
# rcauditd restart
Starting auditd done
----End
26.1.34 Disabling SUSE Linux Operating System Audit

This section describes how to disable SUSE Linux operating system audit.In the non-single-
server system, the operation needs to be performed on each node.
Procedure
~> su - root
Step 3 Run the following command to disable SUSE Linux operating system audit:
# rcauditd stop
----End
26.1.35 Setting the KVM

When you attempt to open the KVM page on the OSMU, a message is displayed stating that
the KVM page is unavailable because of security settings. This section uses the Windows 7
operating system as an example and describes how to set the KVM page to ensure its normal
operation in this scenario.
Prerequisites
Context
The KVM page is unavailable when one of the following conditions is met:
l Java security settings stop the execution of signed and unsigned applications on the JRE
of an earlier version.
l The current system JRE is out of date.
Procedure
Step 1 Click Start on the PC and choose Control Panel.
Step 2 In the displayed window, set View by to Large icons or Small icons.

U2000
Step 3 Click Java. The Java Control Panel dialog box is displayed.
Step 4 In the displayed dialog box, as shown in Figure 26-5, click the Security tab. Then, click Edit
Site List.
Figure 26-5 Java Control Panel dialog box
Step 5 In the displayed Exception Site List dialog box, click Add.
Step 6 Enter the URL of the OSMU in Location. Then, click OK.

U2000
Figure 26-6 Exception Site List dialog box
Step 7 In the left pane of the OSMU page, choose Routine Maintenance > KVM.
Step 8 In the displayed dialog box, select I accept the risk and want to run this application. and
click Run. The KVM page on the OSMU is opened.
Figure 26-7 Security Warning dialog box
----End

U2000
26.1.36 Configuring the Iptables Firewall

After the U2000 server is successfully installed, you can deploy a hardware firewall to reduce
attack risks on the server and improve system security. If no hardware firewall is deployed on
the server, you are advised to configure an OS firewall to enhance U2000 server security. If
OS firewall rules are numerous, U2000 server performance is affected. In this situation, you
are advised to deploy a hardware firewall. This section describes how to configure an iptables
firewall (OS firewall). In a non-single-server system, perform this operation on all servers.
Prerequisites
The firewall function of the operating system has been enabled.
Procedure
NOTE
the OSMU.

~> su - root
Step 3 Initiate the iptables firewall.

1. Run the following commands to set the rules of three iptables chains to ACCEPT:
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD ACCEPT

2. Run the following command to clear all rules in the filter table:
# iptables -F
3. Run the following command to zero out the packet and byte counters of all chains:
# iptables -Z
4. Run the following command to delete all user-defined chains:
# iptables -X
Step 4 Set the whitelist to add the IP addresses or network segments that are allowed to access the
server.
1. Run the following command to add the local IP address of the server to the whitelist:
# iptables -A INPUT -s <Local IP address of the server> -j ACCEPT

U2000
NOTE
For an ATAE cluster system or ATAE cluster online remote HA system, you need to add the IP
address (including private and public IP addresses) of each board to the whitelist.
2. Run the following command to add an IP address or network segment that is allowed to
remotely access the server to the whitelist:
# iptables -A INPUT -s <IP address or network segment that can remotely access the
server> -j ACCEPT
For example, run the following commands to add 10.229.154.94 and 10.229.39.64/26 to
the whitelist:
# iptables -A INPUT -s 10.229.154.94 -j ACCEPT
# iptables -A INPUT -s 10.229.39.64/26 -j ACCEPT
Step 5 Run the following command to configure a blacklist:

# iptables -P INPUT DROP
NOTE
l After the blacklist is configured, only the IP addresses and network segments on the whitelist can
access the server.
l Ensure that the whitelist is configured before the blacklist. Otherwise, all IP addresses and
network segments are prohibited from accessing the server.
----End
Follow-up Procedure
Run the following commands to cancel the whitelist and blacklist:
# iptables -P INPUT ACCEPT
# iptables -D INPUT -s <IP address or network segment> -j ACCEPT
NOTE
In the preceding command, <IP address or network segment> refers to the IP address or network
segment added in Step 4.
26.1.37 Setting the ACL of the OSMU Web Service (Optional)

The access control list (ACL) is not set for the OSMU web service upon the delivery of the
ATAE cluster system. Therefore, OSMU web users can use the browser to access the OSMU
web page through a PC of any IP address. Users can determine whether to set the OSMU web
service ACL as required. Set the OSMU web service ACL to enable OSMU web users to
access the OSMU web page only through the PC whose IP address is within the IP address
range, improving the system security.
Prerequisites

U2000
support.huawei.com.
l You have obtained the passwords for users osmuuser and root of the OSMU board. To
learn the initial passwords for users, see Default Users and Initial Passwords.
l You have obtained the IP address of the PC from which you want to log in to the OSMU
server.
Context
OSMU boards include the active OSMU board and standby OSMU board when the standby
OSMU board is deployed. The active OSMU board is installed in slot 1 of the first subrack
(XY-MPS-1-5-1). The standby OSMU board is installed in a subrack based on the service
deployment. For example, the standby OSMU board can be installed in slot 14 in the first
subrack (XY-MPS-1-5-14) or in the second subrack (XY-EPS-1-6-14).
Procedure
Step 2 Run the following commands to add the IP address of the PC to the whitelist of the OSMU
server:
# cd /opt/osmu/tomcat/webapps/osmu/WEB-INF/
# vi web.xml
Find the following information in the file, and add the IP address of the PC next to the
param-value parameter.
NOTICE
l The value of the param-value parameter is empty by default, indicating that the ACL of
the OSMU web service is not set.
l You are allowed to add multiple IP addresses at a time. The IP addresses must be separated
by single-byte commas (,) and no space character is allowed.
l You are allowed to add an IP address segment. For example, if you want to enable all PCs
whose IP addresses are between 10.67.140.0 and 10.67.150.255 to access the OSMU
server, add 10.67.140-150.0-255 next to the param-value parameter.
l If you want to enable the PC to access the OSMU server through one or more proxy
servers, you need to add the IP addresses of the PC and the proxy servers to the whitelist
of the OSMU server.
10.67.53.52 and IP addresses are between 10.67.140.0 and 10.67.150.255 are used as an
example in the following part. You can replace them based on site requirements.
<filter>
<filter-name>ClientIpFilter</filter-name>
<filter-class>imap.vts.osmu.servlet.ClientIpFilter</filter-class>
<init-param>
<param-name>IPList</param-name>

U2000
<param-value>10.67.53.52,10.67.140-150.0-255</param-value>
</init-param>
</filter>
Step 3 Save the changes and exit the vi editor.

When the changes are complete, press Esc. Then, run the :wq! command to save the file and
exit the vi editor.
Step 4 Run the following command to restart the OSMU:
# rcosmu restart
When the following information is displayed, the OSMU service has been started. Otherwise,
----End
26.1.38 Disabling/Enabling the Proxy Function of the U2000

Server
The U2000 server provides the proxy function by default. With this function, various LMTs,
such as the NE LMT, can transmit information using the U2000 server as a proxy. To improve
U2000 system security, you can disable the proxy function.
Context
l For an ATAE cluster online remote HA system, you need to perform related operations at
the active site.
l If the proxy function of the U2000 server is disabled, the following ports are disabled:
6000, 6001, 6002, 6003, 6006, 6007, 6008, 6010, 6021, 7000, 7001, 7007, 7011, and
7021
After these ports are disabled, LMT functions based on the proxy function of the U2000
server are affected. For details about the impact, see U2000 Communication Matrix.
Procedure
~> su - root
Step 3 Run the following commands to check whether the proxy function of the U2000 server is
disabled.
# cd /opt/oss/server/rancn/tools/ProxyTools
# ./U2000ProxyAdm.sh query

U2000
l If the system displays the following information, the proxy function of the U2000 server
is disabled.
The proxy function disabled
l If the system displays the following information, the proxy function of the U2000 server
is enabled.
The proxy function enabled
Step 4 Enable or disable the proxy function of the U2000 server as required.
l To disable the proxy function of the U2000 server, run the following command:
# ./U2000ProxyAdm.sh disable
If the system displays Disabled proxy function successfully..., the
proxy function of the U2000 server is disabled. Otherwise, contact Huawei technical
support.
l To enable the proxy function of the U2000 server, run the following command:
# ./U2000ProxyAdm.sh enable
If the system displays Enabled proxy function successfully..., the
proxy function of the U2000 server is enabled. Otherwise, contact Huawei technical
support.
----End
26.1.39 Updating the ACL for Internal Ports on the U2000 Server
After security hardening is performed on internal ports on the U2000 server, other products or
tools can update the internal port whitelist to set trust relationships with the U2000 server for
accessing the internal ports on the server.
Context
l In the ATAE cluster online remote HA system, perform operations in this section only on
the master server at both the active and standby sites.
Procedure
Step 1 Run the following commands to check whether security hardening has been performed for
internal ports of the U2000 server:
1. Use PuTTY to log in to the U2000 server in SSH mode as user ossuser.
NOTE
system is unavailable. When performing operations at the standby site, log in to the U2000 board
using either of the following two modes:
– Log in to the OSMU of the standby site, and then log in to the U2000 board through the
KVM of the OSMU.
– Use PuTTY to log in to the OSMU board at the standby site in SSH mode as user osmuuser,
~> su - root

U2000
3. Run the following command to check the security hardening for internal ports of the
U2000 server:
performed for internal ports of the U2000 server. Perform security unhardening for
the service port by referring to 8.8 Performing Security Hardening/Unhardening
for Internal Ports of the U2000 Server and perform Step 2.
The security hardening rules have been set for internal ports on the OSS
server.
performed for internal ports of the U2000 server. Then, proceed with Step 2.
The security hardening rules have not been set for internal ports on the
OSS server.
Step 2 Perform the following operations to update the internal port whitelist of the U2000 server.
After security hardening are performed on the ports, only the IP addresses in the U2000
whitelist can access these ports.
1. Run the following command to exit user root:
# exit
2. Run the vi command to change the IP addresses saved in the internal port whitelist.
~> cd /opt/oss/server/etc/conf
~> vi iplist.cfg
NOTE
In file iplist.cfg, you can enter an IP address in each line or enter multiple IP addresses in one line.
If you enter multiple IP addresses in one line, separate them with a comma (,). The example is as
follows:
10.10.10.1,10.10.10.2
10.10.10.100,10.10,10.101
After editing the file, press Esc, and then run the :wq! command to save the file and exit
the vi editor.
3. Run the following command to update the whitelist:
~> svc_deploy -cmd update_iplist

Revise and synchronize the iplist.cfg successfully.
If the system displays information similar to the preceding, the whitelist between is
updated successfully. Otherwise, contact Huawei technical support engineers.
Step 3 Performing security hardening for internal ports of the U2000 server. For detailed operations,
see 8.8 Performing Security Hardening/Unhardening for Internal Ports of the U2000
Server.
----End

U2000
26.1.40 How Do I Resolve LTE Subscription and Data Reporting

Failures
Symptom
An upper-layer application (such as the U2000 client) fails to issue LTE cell trace subscription
to an eNodeB through the Trace Server. The connections of the eNodeB are normal. The
eNodeB reported cell trace data properly but no longer reports cell trace data after a specific
time point.
Possible Causes
The SIGReportSwitch switch on the eNodeB is turned off.
In eRAN11.1 and later, the SIGReportSwitch switch is provided for eNodeBs and is used to
enable or disable the SIG log reporting function. This switch is turned on by default. When
this switch is turned on, the eNodeB is able to receive subscription and reports cell trace data.
If the eNodeB becomes faulty, maintenance personnel may turn off this switch to protect
eNodeB services. After this switch is turned off, the eNodeB no longer reports cell trace data
or receives subscription.
Fault Diagnosis
On the U2000 client, issue the specified MML command to the eNodeB encountering this
problem to query the status of the SIGReportSwitch switch.
l If this switch is turned off, contact NE maintenance engineers to check whether it can be
turned on. After it is turned on, issue the subscription again, and check whether the
eNodeB reports cell trace data properly. If the problem persists, contact Huawei technical
support.
l If this switch is turned on, the problem is caused by other reasons. In this case, contact
Procedure
1. On the U2000 client, choose Topology > Main Topology (traditional style);
alternatively, double-click Topo View in Application Center and choose Topology >
Main Topology (application style).
2. In the navigation tree, right-click the eNodeB encountering the subscription or data
reporting failure, and choose MML Command from the shortcut menu.
The MML Command window is displayed.
3. In the Command (F5) text box, enter DSP ENODEBCHROUTPUTCTRL. Click
Exec to query the value of SIGReportSwitch.
The value of SIGReportSwitch is displayed in the command output area box.
– If the command output contains SIG Report Switch = Off, this switch is
turned off.
Contact NE maintenance engineers to check whether it can be turned on. To turn on
this switch, enter SET ENODEBCHROUTPUTCTRL in the Command (F5) text
box, set SIGReportSwitch to ON (on), and click Exec.
If the command output contains Operation succeeded., the
SIGReportSwitch switch has been turned on. Issue the subscription again, and

U2000
check whether the eNodeB reports cell trace data properly. If the eNodeB reports
cell trace data properly, the problem has been resolved. Otherwise, contact Huawei
technical support.
– If the command output contains SIG Report Switch = On, this switch is
turned on. In this case, the problem is caused by other reasons. Contact Huawei
technical support.
26.1.41 Collecting Device Asset Information

This section describes how to collect device asset information.
Prerequisites
l U2000 services are running properly.
Context
The device asset information includes:
l Device name
l Version information of all software installed on the ATAE board (include Trace Server,
Linux, VERITAS Volume Manager, VERITAS Cluster Software)
l Usage of licenses for common northbound interfaces
Procedure
Step 1 Check the board status by performing the following operations:
1. In the left pane of the OSMU window, expand the Service System navigation tree and
choose Service Management > Board Services.
2. On the Board Services tab page, check the status of the boards whose asset information
you want to collect.
The status of the boards whose asset information you want to collect must be in the
Standby or Normal state.
choose Device Information > Device Asset Information.
Step 3 Click Collect under the main operation area. In the displayed dialog box, click OK. The
Collect device asset information_YYYYMMDDhhmmssXXX task is added in the
centralized task management list. You can view the execution progress of the task in the
Centralized Task Management area.
l If the collection task is successful or part of the device asset information is collected, the
device asset information file name is displayed in the form of hyperlink in the main
operation area. Otherwise, no information is displayed.
l All the collected files are packed into a zip package. The files are named in the format of
CollectAssetInfo_YYYYMMDDhhmmssXXX.zip. YYYY indicates year. MM indicates
month. DD indicates day. hh indicates hour. mm indicates minute. ss indicates second.
XXX indicates millisecond. For example, the device asset information file collected at 15:
25: 25 on September 1, 2011 is named in the format of
CollectAssetInfo_20110901152525302.zip.

U2000
NOTE
You can click Refresh to update the list.
Step 4 Click the hyperlink of the device asset information file name. Click Save in the displayed File
Downloading dialog box. After setting a save path, click Save.
NOTE
Select Select all, and click Delete. You can delete all the device asset files in the main operation area.
Step 5 Import the collected information into the Integrated Business Management System (IBMS).
For detailed operations, see Guide to Preparing NMS Archives. Contact Huawei technical
support engineers to obtain this guide.
NOTE
If the Trace Server is co-deployed with the U2000 in the ATAE cluster system, after
CollectAssetInfo_YYYYMMDDhhmmssXXX.zip decompressed, please import the collected
information of U2000 and Trace Server into IBMS together.
----End
26.2 Operations Performed on the PC

26.2.1 Setting Internet Explorer
This section describes how to set Internet Explorer. The purpose is to solve the following
problems when users log in to the OSMU by using Internet Explorer: the login window is not
displayed; a security certificate message or a security alert message is displayed; GUI
elements are displayed incompletely; and the U2000 management tool GUI fails to be opened.
This section uses the Internet Explorer 9.0 as an example.
Procedure
Step 1 You have to take required actions for issues that arise when you log in to the OSMU through
Internet Explorer.
If... Then...
The OSMU login Perform Step 2.

window is not
displayed.
A security certificate Perform Step 2 through Step 3.

message or a security
alert message is
displayed or the GUI
elements are displayed
incompletely.

U2000
If... Then...
On the Service System 1. In the navigation tree of the OSMU, choose Device
in the navigation tree of Management > Device Information > Details to check and
the OSMU, choose record the public IP address of the U2000 master service
U2000 management board.
tool node. The expected 2. On the menu bar of Internet Explorer, choose Tools >
operation GUI is not Internet options.
displayed on the opened
window. 3. In the dialog box, choose Security > Trusted sites and click
Sites.
4. In the displayed dialog box, do not select Require server
verification (https:) for all sites in this zone.
5. Enter the public IP address of the U2000 master service
board. Then, click Add.
Check whether the public IP address of the U2000 master
service board is listed in the Websites list box. If the IP
address exists, the operation is successful; if the IP address
does not exist, add the IP address again.
6. Click Close.
7. In the Internet Options dialog box, click OK to close the
dialog box.
8. On the Service System in the navigation tree of the OSMU,
choose U2000 management tool node to open the operation
GUI again.
In most cases, the operation GUI will be displayed on the
opened window. If the GUI is still not displayed, check
whether the added IP address is correct. If the problem
persists, contact Huawei technical support.
Step 2 Set Internet Explorer parameters.

1. Log in to the Windows operating system as a member of the Administrators user group
and start Internet Explorer.
NOTICE
To run Internet Explorer 9.0 on Windows 7, choose Start > All Programs, right-click
Internet Explorer, and choose Run as administrator from the shortcut menu.
2. On the menu bar of Internet Explorer, choose View > Zoom, and set Zoom to 100%.
3. On the menu bar of Internet Explorer, choose Tools > Compatibility View Settings.
4. In the displayed Compatibility View Settings dialog box, select Display all websites in
Compatibility View, and click Close.
5. On the menu bar of Internet Explorer, choose Tools > Internet options.
6. In the displayed Internet Options dialog box, set parameters on the following tab pages,
and click OK.

U2000
a. On the General tab page, click Settings in the Browsing history area. In the
displayed dialog box, set Check for newer versions of stored pages to Every time
I visit the webpage, and click OK.
b. On the Security tab page, click Internet, and then click Custom level, set
Miscellaneous > Display mixed content to Enable, and click OK. In the displayed
dialog box, click Yes.
c. On the Privacy tab page, set the privacy level to Low, and click Apply.
d. On the Connections tab page, click LAN settings. Do not select Use a proxy
server for your LAN, and click OK.
e. On the Advanced tab page, perform the following operations and click Apply.
n Deselect Warn about certificate address mismatch, Use SSL 2.0, Use SSL
3.0, and Use TLS 1.0 under Security.
n Select Use TLS 1.1 and Use TLS 1.2 under Security.
NOTE
The secure protocol in the configuration file and Internet Explorer must be modified at the same
time. For details, see setting SSL protocols of OSMU web services in ATAE Cluster System
Step 3 Restart Internet Explorer and log in to the OSMU.
If the system displays... Then...
The security certificate expired or has not taken Click Continue, input username
effect. Are you sure you want to continue? and password to log in to the
OSMU, no further action is
required.
1. Click View Certificate.

2. Perform Step 4 to Step 5.

U2000
If the system displays... Then...
1. Click Continue to this

website (not recommended).
2. Click on
the right of the address bar of
Internet Explorer.
3. In the displayed dialog box,
click View certificates.
4. Perform Step 4 to Step 5.
Step 4 Install the certificate.

1. In the displayed Certificate dialog box, click the Install Certificate on the displayed
General tab page.
2. In the displayed Certificate Import Wizard dialog box, click Next.
3. Set Certificate store to Trusted Root Certification Authorities, as shown in Figure
26-8.
Figure 26-8 Setting the certificate store
4. Click Next. After confirming that the certificate has been imported, click Finish.
5. In the displayed Security Warning dialog box, click Yes. When the system displays The
import was successful., click OK.
6. In the Certificate dialog box, click OK to close the dialog box.
Step 5 Close all Internet Explorer web pages, restart Internet Explorer, and log in to the OSMU.

U2000
In most cases, the following problems will not arise: A security certificate message or a
security alert message is displayed or the GUI elements are displayed incompletely.
----End
26.2.2 Setting Firefox

This section describes how to set Firefox parameters to solve the following problems that
occur when you log in to the OSMU using Firefox: This Connection Is Untrusted is
displayed, the U2000 management tool window is not displayed, and the user name and
password are required when you navigate to the U2000 upgrade window. This section uses the
Firefox ESR 10 as an example.
Procedure
Step 1 Log in to the Windows operating system as a member of the Administrators user group and
start Firefox.
NOTICE
To run Firefox on Windows 7, choose Start > All Programs, right-click Mozilla Firefox, and
choose Run as administrator from the shortcut menu.
Step 2 Set no network proxy for Firefox.

1. On the main menu of Firefox, choose Tools > Options.
2. In the displayed Options dialog box, choose Advanced, click the Network tab, and
click Settings.
3. In the displayed Connection Settings dialog box, set Configure Proxies to Access the
Internet to No Proxy and click OK twice.
Step 3 Add the public IP address of the U2000 master service board to the security exception dialog
box of Firefox.
1. On the main menu of Firefox, choose Tools > Options.
2. In the displayed Options dialog box, select Advanced and click the Encryption tab. On
the displayed Encryption tab page, click View Certificates.
3. In the displayed Certificate Manager dialog box, click the Servers tab. On the
displayed Servers tab page, click Add Exception.
4. In the displayed Add Security Exception dialog box, enter https://Public IP address of
the U2000 master service board:31123 and click Get Certificate. Then, click Confirm
Security Exception and click OK twice.
Step 4 Use the following address and log in to the OSMU as OSMU web user with its password
again.

If the web browser displays a message shown in Figure 26-9, click Add Exception. Then, in
the displayed dialog box, click Confirm Security Exception.

U2000
Figure 26-9 Connection error message
----End
26.2.3 Solving the Problem that Web-based U2000 Services Fail to

Be Started
Symptom
When the IP address of the client is on the same network segment as that of the U2000 server
and the client is properly connected to the U2000 server, accessing the web-based U2000
services fails, such as the login Web page fails to be displayed or a function fails to be
executed.
For example, when you access the web-based U2000 services by performing the following
operations, the login Web page fails to be displayed:
l Open the U2000 client installation Web page.

http://IP address of the U2000 server/cau/ or https://IP address of the U2000 server/cau/
https://IP address of the U2000 server:31040/nic
Possible Causes
This problem may be caused by the proxy server settings of the Web browser. When the
configured proxy server cannot connect to the required Web site through the browser, the
proxy server fails to forward a request. As a result, visiting a Web site using the browser fails.

U2000
Fault Diagnosis
If the proxy server is configured as the domain name or IP address of the U2000 server, the
proxy server settings need to be canceled. If the proxy server is not configured as the domain
name or IP address of the U2000 server, add the domain name or IP address of the U2000
server to the proxy server exception list.
Procedure
l To handle the problem in the Internet Explorer, perform the following operations:
a. In the Internet Explorer browser of U2000 client, choose Tools > Internet Options.
The Internet Options dialog box is displayed.
b. Click the Connections tab.
c. Click LAN Settings. The Local Area Network(LAN) Settings dialog box is
displayed.
d. In the Proxy server area, check whether the Use a proxy server for your LAN
(These settings will not apply to dial-up or VPN connections) option is selected.
n If the proxy server is configured as the domain name or IP address of the
U2000 server, deselect the Use a proxy server for your LAN (These settings
will not apply to dial-up or VPN connections) option.
n If the proxy server is not configured as the domain name or IP address of the
U2000 server, perform e through g.
e. Click Advanced. The Proxy Settings dialog box is displayed.
f. In the Exceptions area, add the domain name or IP address of the U2000 server to
the proxy server exception list.
For example, if the IP address of the U2000 server is 10.144.72.90, type
10.144.72.90 in the Exceptions area, as shown in Figure 26-10.

U2000
Figure 26-10 Example of typing an IP address in the Exceptions area
g. Click OK.
l To handle the problem in the Firefox browser, perform the following operations:
a. In the Firefox browser of U2000 client, choose Tools > Options. The Options
dialog box is displayed.
b. Click Advanced.
c. Click the Network tab.
d. In the Connection area, click Settings. The Connection Settings dialog box is
displayed.
n If the proxy server is configured as the domain name or IP address of the
U2000 server, select No proxy.
n If the proxy server is not configured as the domain name or IP address of the
U2000 server, select Manual proxy configuration.
Then, select No Proxy for, and add the domain name or IP address of the
U2000 server to the proxy server exception list.
e. Click OK.
----End

U2000
26.2.4 Solving the Problem that the U2000 Web Page Cannot be
Opened
Symptom
This section provides the solution to a failure in opening the U2000 web page. Generally, if
the U2000 client and server are on the same network segment and they are communicating
with each other properly, the login web page is displayed when you access to web-based
U2000 services. After a successful login, however, the U2000 web page may not be
displayed.
For example, when you perform one of the following operations, the U2000 web page may
not be displayed:
l Open the web page for installing the U2000 client.
http://IP address of the U2000 server/cau or https://IP address of the U2000 server/cau
https://IP address of the U2000 server:31040/nic
Possible Causes
l The Citrix access solution is used on the live network. In this solution, Windows Server
2003 has been installed on the Citrix server and the default security level for Internet
Explorer is high. As a result, you cannot open the U2000 web page on the Citrix client.
l Windows Server 2003 has been installed on the PC running the U2000 client and the
default security level for Internet Explorer is high. As a result, you cannot open the
U2000 web page on the client.
Procedure
Step 1 Add the logical IP address of the U2000 server to the list of trusted sites on Internet Explorer.
1. On the menu bar of Internet Explorer, choose Tools > Internet Options.
2. In the displayed Internet Options dialog box, click Security.
3. Click Trusted sites and Sites in sequence.
4. In Add this Web site to the zone, type the logical IP address of the U2000 server. Then,
click Add.
Step 2 Enable all add-ins for Internet Explorer.

1. On the menu bar of Internet Explorer, choose Tools > Manage Add-ons.
2. Select Currently loaded add-ons from the drop-down list. Then, enable all add-ins.
----End
26.2.5 Logging In to the OSMU by Using a Web Browser

This section describes how to log in to the OSMU. The OSMU works in Browser/Server
(B/S) mode. You can manage and maintain devices in the ATAE cluster system after logging
in to the OSMU server by using a web browser on the PC.

U2000
Prerequisites
l You have obtained the name and password for OSMU web user for logging in to the
OSMU. To learn the initial passwords for users, see Default Users and Initial Passwords.
Context
l If you have set the access control list (ACL) by referring to 26.1.37 Setting the ACL of
the OSMU Web Service (Optional), you can log in to the OSMU properly only when
the IP address of the PC is included in the ACL. Therefore, you need to ensure that the
IP address of the PC is included in the OSMU web service ACL.
l If you have set the SSL protocol by referring to Setting SSL Protocols of OSMU Web
Services, you can log in to the OSMU properly only when the browser supports the
preset SSL protocol. Therefore, you need to ensure that the browser supports the preset
SSL protocol and related information has been set.
l The PC configuration and web browser version must meet the following requirements:
– The RAM size is 1 GB or above.
– Internet Explorer 8.0, Internet Explorer 9.0, Internet Explorer 10.0, Internet
Explorer 11.0, Firefox ESR 10.x, Firefox ESR 17.x, Firefox ESR 24.x, or Firefox
ESR 31.x have been installed on the PC.
– The operating system version is Microsoft Windows 7 Professional.
NOTICE
l If you have entered incorrect accounts, passwords or verification codes for eight
consecutive times, the IP address for logging in to the OSMU will be locked for 10
minutes. 10 minutes later, you are allowed to use the IP address to log in again.
l If the IP address has been locked, you can ask the administrator to unlock the IP address
by restarting the OSMU service.
l If the dialog box to change the default password of OSMU web user is displayed, modify
the user's password.
l A password must contain at least one special character ~ ! @ # $ % ^ & *
( ) - _ = + | { } [ ] ; : " \ ' , < . > / ?
l A password must not be the same as the user name or the reverse order of the user
name.
l A password cannot contain three or more consecutive characters that are the same
(for example, AAA and 111).

U2000
Procedure
l Type the following website in the Address bar of the browser on the PC and press Enter.
https://<public IP address of the OSMU server>:30088/osmu or https://<private IP
address of the OSMU server>:30084/osmu
NOTE
l The OSMU server has a private IP address and a public IP address. When you log in to the
OSMU by using the private IP address of the OSMU server, the PC must be connected to the
base network port on the RTM of the switching board through a network cable. You are
advised to log in to the OSMU by using the private IP address of the OSMU server only in
scenarios where the public IP address of the OSMU server is not set or when a network
failure occurs. For details about the IP address planning of the OSMU server, see 27.3
l If the OSMU login window is not displayed after you type the preceding website in the
address bar of the browser and press Enter, perform the following operations:
l If you use Internet Explorer to access the OSMU, perform the operations described in
26.2.1 Setting Internet Explorer. If the problem persists, perform the operations
described in 26.1.4 Starting the OSMU Service.
l If the OSMU login window is not displayed after you use Mozilla Firefox to access the
l If a message indicating that the website is insecure is displayed on the browser after login to
the OSMU, solve the problem by referring to 26.2.1 Setting Internet Explorer or 26.2.2
Setting Firefox.
----End
26.2.6 Logging In to the U2000 Client

The U2000 is deployed in client/server mode. You can perform operations on the client only
after the client is successfully connected to the server.
Prerequisites
The U2000 client and server are connected properly, and the server works properly.
Context
l The default port number of the server is 31039. Do not change it in normal conditions.
Otherwise, you cannot log in to the U2000 client.
l The U2000 server provides the default user account admin. User admin has all
operation rights, and the password is Changeme_123 by default. After you successfully
log in to the U2000 client for the first time, change the password immediately.
l By default, you log in to the U2000 client in Secure Sockets Layer (SSL) mode. You can
switch to the common mode. If the SSL mode is used, data is encrypted and transmitted
between the client and server. If the common mode is used, data is not encrypted. To
ensure data transmission security, you are advised to use the SSL mode.
l By default, if you do not log in to the U2000 client for more than 60 days, your account
automatically changes to the suspend state except that you are an U2000 user.
l The user with the rights of the security administrator group can click a hibernated
account in the navigation tree in the Security Management window on the U2000, and
then set Disable user account to No on the Details tab to enable this account.

U2000
l It is not recommended to run the clients of two different versions on the same PC.
Procedure
Step 1 Start the U2000 client.
Step 2 In the Login dialog box, perform the following operations to select a server where you want
to log in:
l If the server list does not exist:
a. Click on the right of Server drop-down list.

b. In the Server List dialog box, click Add.
c. In the Add Server Information dialog box, set Name, Server Name (or IP
Address), Port and Mode.
d. Click OK to return to the Server List dialog box.
In the Server List dialog box, the server that you set is selected by default.
e. In the Server List dialog box, click OK.
l If servers are listed in the Server drop-down list:
Select a server from the Server drop-down list.
Step 3 In the Login dialog box, enter the user name and password.
NOTE
l If the U2000 server is initially installed, the default password of user admin is Changeme_123.
After login, change the default password of user admin to ensure system security.
l The password of user admin is stored on the U2000 server. This password is set to Changeme_123
only when the U2000 server but not the U2000 client is initially installed.
Step 4 Click Login.

NOTE
l If the user name and password are correct, the Loading dialog box is displayed, indicating the
loading progress.
l If the user name or password is incorrect, the Information dialog box is displayed with the message
login failed. Please enter the correct user name and password.
l If the password is about to expire, the system prompts you to change the password before expiration.
l If the license is about to expire, the system notifies you of the expiration date.
l If you use a temporary license, you are prompted to apply for a commercial license.
l It takes about 30 seconds to 50 seconds to load software when the client logs in to the server. If the
client does not log in to the server for a long time, contact Huawei technical support.
----End
26.2.7 Uninstall the U2000 Client Software
Procedure
Step 1 Exit the U2000 client.
Step 2 Perform the following operations to uninstall the U2000 client software:

U2000
If you uninstall the software... Then...
By using the uninstallation tool U2000 Perform only Step 3.
By Control Panel Perform only Step 4.
Step 3 Use the uninstallation tool U2000 to uninstall the client software.
1. Choose Start > All Programs > iManager U2000 MBB Client > Uninstall Client.
2. In the displayed Confirm dialog box, click Yes.
3. When the uninstallation is complete, click Finished to close the dialog box.
A dialog box is displayed, prompting you to delete the installation directory, click Close
to close the dialog box.
4. Delete the relevant U2000 installation directory.
Step 4 Use Control Panel to uninstall the software on Windows 7 as an example.

1. Choose Start > Control Panel.
2. In the upper right corner of the Control Panel window, set View by to Small icons, and
then choose Programs and Features.
3. In the displayed dialog box, right-click iManager U2000 and choose Uninstall/Change.
4. In the displayed Confirm dialog box, click Yes.
5. When the uninstallation is complete, click Finished to close the dialog box.
A dialog box is displayed, prompting you to delete the installation directory, click Close
to close the dialog box.
6. Delete the relevant U2000 installation directory.
----End
26.2.8 Checking the JRE Version on the PC

This section describes how to check the JRE version on the PC.
Procedure
Step 1 Choose Start > Run, enter the command cmd, and then press Enter.
Step 2 In the displayed window, enter the following command:
java -version
The possible results are as follows:
l When the system displays information similar to the following example, java version
indicates the JRE version installed on the PC.
java version "1.7.0_71"
Java(TM) SE Runtime Environment (build 1.7.0_71-b14)
Java HotSpot(TM) Client VM (build 24.71-b01, mixed mode, sharing)
NOTE
If 64-bit is showed after the Java HotSpot(TM) means that the JRE version is not 32-bit and
sholud be reinstalled.

U2000
l If the system displays a message indicating that the command is not found, it indicates
that no JRE is installed. You can obtain the required JRE version from the Internet or in
the U2000 client web installation window.
----End
26.2.9 Resolving the Problem that a System Error Occurs During

the Performance Measurement Result Query Process and Users
Cannot Query the Performance Measurement Results
Symptom
When users query performance measurement results on the U2000 client, the following
information is displayed.
Possible Causes
1. The network connection is abnormal. Check whether the network connection is normal.
Then, check whether the network connection between the U2000 client and the master
and slave servers is normal. If the routes between the U2000 client and the master and
slave servers are not configured properly, modify the route settings by referring to 2.2
Setting the Routes of the U2000 Server.
2. Some U2000 services are not running properly. Check whether the U2000 services are
running properly. For detailes, see 4.1 Checking the U2000 Service Status.
3. If the problem persists after the preceding operations are performed, contact Huawei
technical support.
26.2.10 Deploying Certificates on a Browser

This topic describes how to deploy an identity certificate and a trust certificate on a browser.
This ensures that the browser properly connects to the server in Hypertext Transfer Protocol
Secure (HTTPS) mode.

U2000
Prerequisites
l The identity certificate of the PKCS#12 type (with file name extension .p12) and its
password are obtained.
l Trust certificates with the .cer file name extension are obtained. The certificates include
the rootCA.cer certificate issued by the root certification authorities, and the
subCA1.cer and subCA2.cer certificates issued by the intermediate certification
authorities.
Context
The certificate of the U2000 client can be deployed on a browser. After the U2000 client is
installed, the certificate is available in the corresponding path. You can deploy the preset
certificate before a new certificate is applied. Certificate files deployed on a client are saved
in the client installation directory \client\client\style\defaultstyle\conf\ssl. The save paths
for certificate files are the same on the U2000 server. For details, see 9.4 Certificate Save
Path and Naming Conventions. To improve system security, apply for and deploy the new
certificate in a timely manner.
Procedure
Step 1 Perform the following operations according to the browser type.
The following describes how to deploy certificates on Windows Internet Explorer 8.0 and
Firefox 17. There are various browser types and versions. If you encounter a problem during
configuration, view the online help of the browser.
Browser Operation
Windows Internet Explorer 8.0 Perform Step 2 and Step 3.
Firefox 17 Perform Step 4 and Step 5.
Step 2 Deploy an identity certificate on Windows Internet Explorer 8.0.

1. Choose Tools > Internet Options on the menu bar of Windows Internet Explorer.
2. In the Internet Options dialog box, click the Content tab.
3. Click Certificates.
4. In the Certificates dialog box, click the Personal tab.
5. Click Import.
6. In the Certificate Import Wizard dialog box, click Next.
7. In the Certificate Import Wizard dialog box, click Browse and select a .p12 identity
certificate.
NOTE
The Open dialog box is displayed after you click Browse. The .p12 identify certificate is
displayed after you select Personal Information or All Files from the File name drop-down list
in the Open dialog box.
8. Click Next.
9. In the Certificate Import Wizard dialog box, enter the password of the identity
certificate and click Next.

U2000
NOTE
10. In the Certificate Import Wizard dialog box, retain the default settings of Certificate
Store, and click Next.
The message Completing the Certificate Import Wizard is displayed in
the Certificate Import Wizard dialog box.
11. Click Finish.
12. The import was successful is displayed in the Certificate Import Wizard
dialog box, click OK.
Step 3 Deploy a trust certificate on Windows Internet Explorer 8.0.

1. Choose Tools > Internet Options on the menu bar of Windows Internet Explorer.
2. In the Internet Options dialog box, click the Content tab.
3. Click Certificates.
4. In the Certificates window, click the Trusted Root Certification Authorities tab.
NOTE
The following describes how to deploy a rootCA.cer trust certificate. If you need to deploy the
subCA1.cer and subCA2.cer trust certificates, click the Intermediate Certification Authorities
tab.
5. Click Import.
6. In the Certificate Import Wizard dialog box, click Next.
7. In the Certificate Import Wizard dialog box, click Browse and select a .cer certificate.
8. Click Next.
9. In the Certificate Import Wizard dialog box, retain the default settings of Certificate
Store, and click Next.
The message Completing the Certificate Import Wizard is displayed in
the Certificate Import Wizard dialog box.
10. Click Finish.
11. Read the information in the Security Warning dialog box carefully to have a full
understanding of risks. Then click Yes.
NOTE
The Security Warning dialog box is displayed when you deploy the certificate issued by only the
root certification authorities. If you click the Intermediate Certification Authorities tab and
deploy the certificates issued by the intermediate certification authorities, this dialog box is not
displayed in Step 3.4.
12. The import was successful is displayed in the Certificate Import Wizard
dialog box, click OK.
Step 4 Deploy identity certificates on Firefox 17.

1. Choose Tools > Options on the menu bar of Firefox 17.
2. In the Options window, click Advanced.
3. Click the Encryption tab.
4. In Certificates, click View Certificates.
5. In the Certificates Manager window, click the Your Certificates tab.

U2000
6. Click Import.
7. In the Certificate File to Import dialog box, select a .p12 identity certificate.
8. In the Password Entry Dialog dialog box, enter the password of the identity certificate
and click OK.
NOTE
9. In the Alert dialog box, click OK.
10. In the Certificates Manager window, click OK.
Step 5 Deploy trust certificates on Firefox 17.
The methods for deploying the rootCA.cer certificate and the subCA1.cer and subCA2.cer
certificates are the same.
1. On the menu bar of Firefox 17, choose Tools > Options.
2. In the Options window, click Advanced.
3. Click the Encryption tab.
4. In Certificates, click View Certificates.
5. In the Certificates Manager window, click the Authorities tab.
6. Click Import.
7. In the Select File containing CA certificate(s) to import dialog box, select a .cer trust
certificate.
8. In the Downloading Certificate dialog box, select Trust this CA to identify websites
and click OK.
NOTE
You can repeat Step 5.6 through Step 5.8 to import multiple certificate files. The following
information is displayed if you import a certificate that is already imported:
This certificate is already installed as a certificate authority.
9. In the Certificates Manager window, click OK.
----End
26.2.11 Setting Browser

To better browse and operate the OSMU, you need to set a browser before logging in to the
OSMU. This section uses Internet Explorer 8.0 as an example.
Procedure
l Change the advanced settings.
a. Log in to the Windows operating system as a member of the Administrators user
group and start Internet Explorer.
NOTICE
To run Internet Explorer 8.0 on Windows 7, choose Start > All Programs, right-
click Internet Explorer, and choose Run as administrator from the shortcut
menu.

U2000
b. On the menu bar of Internet Explorer, choose View > Zoom, and set Zoom to
100%.
c. On the menu bar of Internet Explorer, choose Tools > Internet Options.
d. In the Internet Options dialog box, click the Advanced tab.
e. On the Advanced tab page, select Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2
under the Security node.
f. Click OK.
g. Restart the browser.
l Set Internet Explorer parameters.
a. On the menu bar of Internet Explorer, choose Tools > Compatibility View
Settings.
b. In the displayed Compatibility View Settings dialog box, select Display all
websites in Compatibility View, and click OK.
c. On the menu bar of Internet Explorer, choose Tools > Internet Options.
d. In the displayed Internet Options dialog box, set parameters on the following tab
pages, and click OK.
i. On the General tab page, click Settings in the Browsing history area. In the
displayed dialog box, set Check for newer versions of stored pages to Every
time I visit the webpage, and click OK.
ii. On the Security tab page, click Internet, and then click Custom level, set
Miscellaneous > Display mixed content to Enable, and click OK. In the
displayed dialog box, click Yes.
iii. On the Privacy tab page, set the privacy level to Low, and click Apply.
iv. On the Connections tab page, click LAN settings. Do not select Use a Proxy
server for your LAN, and click OK.
v. On the Advanced tab page, do not select Security > Warn about certificate
address mismatch, and click Apply.
e. Restart the browser.
----End
26.3 Operations on Disk Array
26.3.1 Using PuTTY to Log In to the S3900 Disk Array

This section describes how to log in to the S3900 disk array as user admin using PuTTY.
Prerequisites
l You have obtained the IP address for the S3900 disk array.
l You have connected the PC and the S3900 disk array. For detailed operations, see 26.3.2
Connecting the PC and the S3900 Controller Enclosure.

U2000
support.huawei.com.
l You have obtained the password of user admin for the S3900 disk array. To learn the
initial passwords of users, see Default Users and Initial Passwords.
Procedure
Step 1 Double-click putty.exe on the PC to run PuTTY, as shown in Figure 26-11.
Figure 26-11 PuTTY Configuration
Step 2 Enter the IP address of the connected controller in Host Name (or IP address).
Step 3 Select SSH in the Connection type field.
Step 4 In the Close window on exit: field, select Only on clean exit and click Open.
If the PuTTY Security Alert dialog box as shown in Figure 26-12, click Yes.

U2000
Figure 26-12 PuTTY Security Alert
Step 5 When login as: is displayed, type the user name admin and press Enter.
Step 6 When the system displays admin@<IP address of the controller>'s

password:, type the password of user admin and press Enter to log in to the disk array.
When the information Last login: Wed Oct 31 11:59:36 2012 from <IP
address of the PC> is displayed, the login is successful.
----End
26.3.2 Connecting the PC and the S3900 Controller Enclosure

This section describes how to connect the PC and the S3900 controller enclosure using a
serial cable or network cable to achieve local operation and maintenance (OM).
Prerequisites
l A serial cable or a network cable is available. One end of the serial cable uses the RJ45
connector and the other end uses the DB9 connector.
l A PC is available.
l You have powered on the S3900 controller enclosure. For detailed operations, see 1.1
Powering On the System in U2000 ATAE Cluster System Administrator Guide.
support.huawei.com.

U2000
Procedure
l (Recommended) Connect the PC and the S3900 controller enclosure using a network
cable.
a. Connect the network ports on the S3900 controller enclosure and PC using a
network cable based on the scenarios described in Table 26-12. Figure 26-13
shows the network ports on the S3900 controller enclosure.
Table 26-12 Connecting network ports

Connect to controller A Insert one end of the network cable into the network
port on controller A and insert the other end of the
network cable into the network port on the PC.
Connect to controller B Insert one end of the network cable into the network
port on controller B and insert the other end of the
network cable into the network port on the PC.
Figure 26-13 Rear view of the S3900 controller enclosure
1. Network port on controller 2. Serial port on controller A

A
3. Network port on controller 4. Serial port on controller B

B
b. Set the IP address and subnet mask of the PC to 192.168.128.48 and 255.255.255.0.
Ensure that the initial IP addresses of the PC and S3900 controller enclosure are on
the same network segment. To learn the initial IP addresses, see 27.6 Default IP
Addresses of the S3900 Storage System.
c. Run the following command on the PC to check whether the PC can communicate
properly with the S3900 controller enclosure:
ping <Initial IP address of the controller>
The following example command is based on controller A of the S3900 controller

enclosure.
ping 192.168.128.101

U2000
l Connect the PC and the S3900 controller enclosure using a serial cable.
a. Connect the serial ports on the S3900 controller enclosure and PC using a serial
cable based on the scenarios described in Table 26-13. Figure 26-13 shows the
serial ports on the S3900 controller enclosure.
Table 26-13 Connecting serial ports
Connect to controller A Insert the RJ45 connector at one end of the serial
cable into the serial port on controller A and insert the
DB9 connector at the other end of the serial cable into
the serial port (COM1 or COM2) on the PC.
Connect to controller B Insert the RJ45 connector at one end of the serial
cable into the serial port on controller B and insert the
DB9 connector at the other end of the serial cable into
the serial port (COM1 or COM2) on the PC.
After the preceding operations are completed, the physical connection between the
PC and the S3900 controller enclosure is established.
b. Connect the S3900 Controller Enclosure through a serial port by using PuTTY.
ii. Choose Connection > Serial from the navigation tree in the left pane on
PuTTY. A dialog box for setting the serial port connection parameters is
displayed.
iii. In the dialog box, set the serial port connection parameters by referring to
Table 26-14.
Parameter Value
Serial line to Specify a serial port, for example, COM1, for the PC
connect to terminal to connect to the S3900 Controller Enclosure.
NOTE
The PC may contain several serial ports, and you can check
the name and number of the serial port by performing the
following procedures:
On a PC running on Windows 7 operating system, choose
Control Panel and locate Device Manager. In the displayed
Device Manager, choose Port to check the name and number
of the serial port.
Speed 115200
Data bits 8
Stop bits 1
Parity None

U2000
Parameter Value
Flow control None
iv. Choose Session from the navigation tree in the left pane. In the right pane,
choose Serial, and click Open.
The following information is displayed in the window of the PuTTY:
Storage Login:
----End
26.3.3 Checking the S3900 Disk Array Version

This section describes how to log in to the S3900 disk array through a network port or serial
port on the PC to check the disk array version.
Prerequisites
l You have obtained the password for user admin of the S3900. To learn the initial
support.huawei.com.
Procedure
Step 1 Connect the PC and the S3900 disk array. For detailed operations, see 26.3.2 Connecting the
PC and the S3900 Controller Enclosure.

U2000
If... Then...
You connect the PC and 1. 26.3.1 Using PuTTY to Log In to the S3900 Disk Array.
the S3900 disk array 2. Run the following command to check the disk array
using a network cable version:
admin:/>showupgradepkginfo -t 1
====================================================
====
Upgrade Package Information
----------------------------------------------------
----
Controller ID Package Version Package
Status
----------------------------------------------------
----
A V100R005C02SPC300 Running
B V100R005C02SPC300 Running
====================================================
====
The value of Package Version is the S3900 disk array

version.

U2000
If... Then...
You connect the PC and 1. Log in to the disk array controller as user admin with its
the S3900 disk array password.
using a serial cable When the following information is displayed, logging in to
the disk array controller is successful.
--------------------- Welcome
-----------------------
-----------------System
Information------------------
| System Name | SN_210235G6R8Z0B9000003
|
| Device Type | OceanStor S3900-M300
|
| Current System Mode | Double Controllers
Normal|
| Mirroring Link Status | Link Up
|
| Location |
|
| Time | 2013-03-11 07:51:09
|
| Device Serial Number | 210235G6R8Z0B9000003
|
| Product Version | V100R002C00
|
----------------------------------------------------
-
2. Run the following command to check the disk array

version:
admin:/>showupgradepkginfo -t 1
====================================================
====
Upgrade Package Information
----------------------------------------------------
----
Controller ID Package Version Package
Status
----------------------------------------------------
----
A V100R002C00SPC008 Running
B V100R002C00SPC008 Running
====================================================
====
The value of Package Version is the S3900 disk array

version.
----End
26.3.4 Changing the Initial IP Address of the S3900 Controller

Enclosure
This section describes how to change the initial IP address of the management network port
based on default plan. To do so, you need to connect the PC and disk array using a serial cable
or network cable and then log in to the management network port on the controller enclosure.

U2000
Prerequisites
l You have obtained the password for user admin of the S3900. To learn the initial
support.huawei.com.
l You have obtained the initial IP address and default planned IP address of the S3900
controller enclosure. For detailed operations, see 27.6 Default IP Addresses of the
S3900 Storage System.
Procedure
Step 1 Connect the PC and the S3900 disk array. For detailed operations, see 26.3.2 Connecting the
PC and the S3900 Controller Enclosure.
Change the initial IP address of There are two ways of connecting them:
controller A
l Connect the PC and controller B on the S3900 disk
array using a network cable.
l Connect the PC and any controller on the S3900
disk array using a serial cable.
Change the initial IP address of There are two ways of connecting them:
controller B
l Connect the PC and controller A on the S3900 disk
array using a network cable.
l Connect the PC and any controller on the S3900
disk array using a serial cable.
Step 2 Change the initial IP address of the S3900 controller enclosure by scenario.

U2000
If... Then...
You connect the PC and the 1. 26.3.1 Using PuTTY to Log In to the S3900 Disk
S3900 disk array using a Array.
network cable and want to 2. Run the following command to change the initial IP
change the initial IP address of address of controller A:
controller A admin:/> chgctrlip -c a -ip <default planned IP
address of controller A> -mask 255.255.248.0 -gw
192.168.128.1
NOTE
a indicates controller A, 255.255.248.0 indicates the
subnet mask, and 192.168.128.1 indicates the IP address of
the gateway.
When the following information is displayed, enter y
to confirm.
Are you sure to continue?(y/n)
When the following information is displayed, the

change is successful.
command operates successfully.
3. Run the following command to check whether the IP

address of the controller is changed successfully:
admin:/> showctrlip
In the command ouput similar to the following,
check whether the IP address of the controller is
changed successfully.
NOTE
If the IP address of the controller is not changed to the
planned IP address, perform the preceding step again. If
the inconsistency persists, contact Huawei technical
support.
==============================================
=============================================
Controller IP
----------------------------------------------
---------------------------------------------
Controller ID IP Address
Mask Gateway MAC
Address
----------------------------------------------
---------------------------------------------
A 192.168.128.203
255.255.248.0 192.168.128.1
20:0b:c7:9c:cc:75
B 192.168.128.204
255.255.248.0 192.168.128.1
20:0b:c7:9c:fd:1e
==============================================
=============================================

U2000
If... Then...
You connect the PC and the 1. Log in to the disk array controller as user admin
S3900 disk array using a serial with its password.
cable and want to change the When the following information is displayed,
initial IP address of controller A logging in to the disk array controller is successful.
The values of Device Type and Product Version
differ from one type of disk array controller to
another based on actual disk array configuration.
--------------------- Welcome
-----------------------
-----------------System
Information------------------
| System Name |
SN_210235G6R8Z0B9000003 |
| Device Type | OceanStor S3900-
M300 |
Normal|
| Mirroring Link Status | Link
Up |
| Location
| |
| Time | 2013-03-11
07:51:09 |
| Device Serial Number |
210235G6R8Z0B9000003 |
| Product Version |
V100R002C00 |
----------------------------------------------
-------
2. Run the following command to change the initial IP

address of controller A:
admin:/> chgctrlip -c a -ip <default planned IP
address of controller A> -mask 255.255.248.0 -gw
192.168.128.1
NOTE
a indicates controller A, 255.255.248.0 indicates the
the gateway.
to confirm.


admin:/> showctrlip

U2000
If... Then...
NOTE
support.
==============================================
=============================================
Controller IP
----------------------------------------------
---------------------------------------------
Mask Gateway MAC
Address
----------------------------------------------
---------------------------------------------
A 192.168.128.203
255.255.248.0 192.168.128.1
20:0b:c7:9c:cc:75
B 192.168.128.204
255.255.248.0 192.168.128.1
20:0b:c7:9c:fd:1e
==============================================
=============================================

U2000
If... Then...
You connect the PC and the 1. 26.3.1 Using PuTTY to Log In to the S3900 Disk
S3900 disk array using a Array.
network cable and want to 2. Run the following command to change the initial IP
change the initial IP address of address of controller B:
controller B admin:/> chgctrlip -c b -ip <default planned IP
address of controller B> -mask 255.255.248.0 -gw
192.168.128.1
NOTE
b indicates controller B, 255.255.248.0 indicates the
the gateway.
to confirm.


admin:/> showctrlip
NOTE
support.
==============================================
=============================================
Controller IP
----------------------------------------------
---------------------------------------------
Mask Gateway MAC
Address
----------------------------------------------
---------------------------------------------
A 192.168.128.203
255.255.248.0 192.168.128.1
20:0b:c7:9c:cc:75
B 192.168.128.204
255.255.248.0 192.168.128.1
20:0b:c7:9c:fd:1e
==============================================
=============================================

U2000
If... Then...
You connect the PC and the 1. Log in to the disk array controller as user admin
S3900 disk array using a serial with its password.
cable and want to change the When the following information is displayed,
initial IP address of controller B logging in to the disk array controller is successful.
The values of Device Type and Product Version
differ from one type of disk array controller to
another based on actual disk array configuration.
--------------------- Welcome
-----------------------
-----------------System
Information------------------
| System Name |
SN_210235G6R8Z0B9000003 |
| Device Type | OceanStor S3900-
M300 |
Normal|
| Mirroring Link Status | Link
Up |
| Location
| |
| Time | 2013-03-11
07:51:09 |
| Device Serial Number |
210235G6R8Z0B9000003 |
| Product Version |
V100R002C00 |
----------------------------------------------
-------
2. Run the following command to change the initial IP

address of controller B:
admin:/> chgctrlip -c b -ip <default planned IP
address of controller B> -mask 255.255.248.0 -gw
192.168.128.1
NOTE
b indicates controller B, 255.255.248.0 indicates the
the gateway.
to confirm.


admin:/> showctrlip

U2000
If... Then...
NOTE
support.
==============================================
=============================================
Controller IP
----------------------------------------------
---------------------------------------------
Mask Gateway MAC
Address
----------------------------------------------
---------------------------------------------
A 192.168.128.203
255.255.248.0 192.168.128.1
20:0b:c7:9c:cc:75
B 192.168.128.204
255.255.248.0 192.168.128.1
20:0b:c7:9c:fd:1e
==============================================
=============================================
----End

U2000
ATAE Cluster System Administrator Guide (SUSE) 27 Appendix
27 Appendix
About This Chapter
27.1 Default Users and Initial Passwords

This section provides user accounts and initial passwords required during installation and
operation of the U2000 ATAE cluster system.
27.2 Partitioning of Storage Space
This section describes how to partition ATAE cluster system storage space provided by
OSMU board local disks and the S3900 storage system. Before the delivery of the ATAE
cluster system or during the initial software installation, the OSMU board local disks have
been partitioned and the redundancy mode of the S3900 storage system has been set.
27.3 Default Host Names and IP Addresses of Boards
This section describes the default host names and IP addresses of boards in the ATAE
subrack. The host names and IP addresses of the OSMU board and OGPU boards are set
before board delivery and those of the other boards are initially set during board activation.
27.4 Default IP Addresses of Switching Boards
There are two switching boards in each ATAE subrack. You need to plan and set IP addresses
for each switching board.
27.5 Default IP Addresses of SMM Boards
There are two SMM boards in each ATAE subrack, which work in active/standby mode. You
need to plan and set IP addresses for each SMM board.
27.6 Default IP Addresses of the S3900 Storage System
The S3900 storage system consists of MSS and BSS that use controller enclosures and ESS
that uses a disk enclosure. Each controller enclosure is configured with two controllers
(controller A and controller B) that each has an initial IP address. The two IP addresses are
the same for all controller enclosures. When the ATAE cluster system is configured with
multiple controller enclosures, IP address conflict may occur. In this situation, you need to
plan and reset controller IP addresses for each controller enclosure.
27.7 List of Web Access Paths
This topic describes the web access paths provided by the OSS server.
27.8 Introduction to U2000 Processes and Services
When the U2000 is running, the U2000 server automatically starts the processes related to the
U2000 system. Each process provides different services and functions. In the ATAE cluster

U2000
system, the master node starts all the U2000 processes, the slave nodes start some processes,
whereas the standby node does not run any U2000 process.
27.9 Trace Server altogether cluster deployment related explanation
If the U2000 is co-deployed with the Trace Server in an ATAE cluster system, the Trace
Server functions as a slave server of the U2000, then, you does not need the independent
maintenance Trace Server board, the related operate please refer to the U2000 maintenance
operate.
27.10 U2000 Database
The U2000 databases consist of the Sybase database, Oracle database and the U2000 server
database. This chapter describes only the U2000 server database. After the installation of the
U2000 server application software, the size of the U2000 server database is fixed.

U2000
27.1 Default Users and Initial Passwords

This section provides user accounts and initial passwords required during installation and
operation of the U2000 ATAE cluster system.
NOTICE
Keep the passwords of the users mentioned in the U2000 system secure. A password cannot
be reset or found after being missing. When this happens, you need to reinstall the operating
system, database, or U2000 server software, which has great impact on the O&M.
l For details about the users created on U2000-related boards and their passwords, see
Table 27-1. For details about the user groups, shell resolution programs, and directories
of operating system users, see Table 27-2.
l For details about the users created for the OSMU board and their passwords, see Table
27-3.
l For details about the users created for the SMM board, FC module of the switching
board and S3900 disk array and their passwords, see Table 27-4.
l For details about the SNMPv3 protocol users and their private keys, see Table 27-5.
l For details about the VCS user created for the OGPU board and password, see Table
27-6.
l For details about the default password for the grub on the OSMU board and OGPU
board, see Table 27-7.
l OS users are created when the OS is installed. Because the login rights of these users are
restricted by the OS, you cannot use the OS users. To prevent the OS exception, deleting
these users is forbidden. Table 27-8 describes these OS users.
NOTICE
l The passwords of users in the U2000 system must be managed properly. To improve
system security, change the initial passwords set before product delivery.
l Change the passwords periodically (at an interval of 3 or 6 months) to improve system
security and avoid security risks, such as violent password cracking.
l For details about the policies of changing the initial passwords for operating system
users, see Policies on Passwords for Operating System Users.
l For details about the policies of changing the initial passwords for database users, see
Policies on Passwords for Database Users (Sybase) or Policies on Passwords for
Database Users (Oracle).

U2000
NOTICE
l The password of - in Table 27-1 indicates that the user is not created.
l A user is created only for the service boards or DB boards if no standby board exists.
l If a new version is deployed through upgrade, one can keep using the previous password.
Table 27-1 Default users of the ATAE cluster system (U2000)

System User Defaul Default Description How to Change
or Device Name t Password in the Password
Passwo V200R012 or
rd in a Later
V200R Version
011
User root is the

default user of the
system. User root
is authorized to
control all
resources, create
other user
accounts, grant l For ATAE
permissions to cluster
other users, and system, see
perform all 11.1.2
OS user system Changing the
NOTE operations. Passwords of
For
details Creation location: Operating
about its on all OGPU System
user boards Users.
group, Changeme_1
root huawei NOTE l For ATAE
shell 23
The operating cluster online
resolution
system is remote HA
program,
hardened by
and
default during
system, see
directory, Changing the
installation. After
see Table Passwords for
operating system
27-2.
hardening is Operating
performed, you System Users
cannot log in to of Active and
the server as user
root in SSH
Standby Sites.
mode. To switch
to user root, you
need to log in to
the server as a
user other than
root and then run
the su - root
command.

U2000

Passwo V200R012 or
rd in a Later
V200R Version
011
User oracle
enables the
U2000 to install,
start, stop, and
Changeme_1 manage the
oracle oracle Oracle database.
23
Creation location:
on the DB boards
and standby DB
boards
User dbuser
enables the
U2000 to install,
Changeme_1 start, stop, and
dbuser - manage the
23
Sybase database.
Creation location:
on the DB boards
Operator of the
U2000. User
ossuser performs
routine operation
and maintenance
on the U2000
system. For
example, it can
Changeme_1 query system
ossuser -
23 status and back
up and restore the
system.
Creation location:
on the service
board and
standby service
board

U2000

Passwo V200R012 or
rd in a Later
V200R Version
011
User ftpuser is
used by the
U2000
applications to
perform software
Changeme_1 management and
ftpuser ftpuser file transfer.
23
Creation location:
on the service
board and
standby service
boards
User iscript is
created during
installation of the
U2000 server
software. User
iscript is the OS
Changeme_1 user for executing
iscript -
23 the iSStar script.
Creation location:
on the master
service board and
standby service
boards
User webuser is
created during
installation of the
U2000 server
software. User
webuser is the
OS user for
webuse Changeme_1 running the
-
r 23 tomcat and
apache.
Creation location:
on the master
service board and
standby service
board
CMED Changeme_1 These users are l For ATAE

DB user emsems
B 23 created when the cluster

U2000

Passwo V200R012 or
rd in a Later
V200R Version
011
FARSD Changeme_1 Oracle database is system, see

emsems
B 23 installed. These 11.2.2
users are used for Changing the
ITFND Changeme_1 managing the Passwords of
emsems
B 23 Oracle database Database
SWMD Changeme_1 table spaces. Users
emsems Creation location: (Oracle) or
B 23
on the DB boards 11.2.3
Changeme_1 and standby DB Changing the
PMDB emsems
23 board. Passwords of
Database
PMCO Changeme_1 Users
emsems
MDB 23 (Sybase).
Changeme_1 l For ATAE
FMDB emsems cluster online
23
remote HA
OSSTE system, see
MPDB Changing
NOTE Passwords for
For Database
V200R Users of
011 Active and
that is
Changeme_1 Standby Sites
newly emsems
installe 23 (Oracle) or
d, the Changing
user Passwords for
name Database
is Users of
OMC
Active and
TEMP
DB. Standby Sites
(Sybase).
EAMD
B
NOTE
For
V200R
011
that is
newly Changeme_1
emsems
installe 23
d, the
user
name
is
OMC
EAMD
B.

U2000

Passwo V200R012 or
rd in a Later
V200R Version
011
SMDB
NOTE
For
V200R
011
that is
newly Changeme_1
emsems
installe 23
d, the
user
name
is
OMCS
MDB.
LOGD
B
NOTE
For
V200R
011
that is
newly Changeme_1
emsems
installe 23
d, the
user
name
is
OMC
LOGD
B.
OMCD Changeme_1
emsems
B 23
TOPO Changeme_1
-
DB 23
Changeme_1 These users are

SYS emsems
23 created when the
Oracle database is
SYSTE Changeme_1 installed. These
emsems
M 23 users are the
administrators for
managing the
Oracle database.
SYSM Changeme_1
emsems Creation location:
AN 23
on the DB boards
and standby DB
board.

U2000

Passwo V200R012 or
rd in a Later
V200R Version
011
l The
default
password
is
Changem
e_123 for
a newly
deployed
V200R012
version.
l This user
is Used by a third-
automatica party system to
AutoCf CfgPwd lly created log in to the
g Ac and the northbound
password database.
must be
configured
during
database
interface
installatio
n for a
newly
deployed
V200R013
or later
version.

U2000

Passwo V200R012 or
rd in a Later
V200R Version
011
This user is
created when the
Sybase database
is installed. This
user is the
administrator of
the Sybase
database.
Creation location:
on the DB boards.
NOTE
Changeme_1 The database
sa - administrator sa is
23
created by default.
To prevent the
potential security
risk of the default
database
administrator
being spread,
users can
manually disable
the database
administrator and
create a new
database
administrator.
This user is
created when the
Sybase database
is installed. This
Changeme_1 user is the
sybuser - operation user of
23
the Sybase
database.
Creation location:
on the DB boards.

U2000

Passwo V200R012 or
rd in a Later
V200R Version
011
This user is an
operation user of
the redis
database. The
redis database is
installed with the
CME software.
l If the database
is Sybase
database, the
password of
the redis
database user
is the same as
that of the user
sybuser. If
Default you change
user of the password
the redis of user
database sybuser, the
(the password of
Changeme_1
redis - the redis
23
database database user
does not will be also
open changed.
this user l If the database
name) is Oracle
database, the
password of
the redis
database user
is the same as
that of the user
SYSTEM. If
you change
the password
of user
SYSTEM, the
password of
the redis
database user
will be also
changed.

U2000

Passwo V200R012 or
rd in a Later
V200R Version
011
Created during
installation of the
Sybase database.
User probe is an
internal user of
the Sybase, and
Sybase does not
Unknow disclose the
probe Unknown password. This
n
user is mainly
used for the two
phase commit
process of the
Remote
procedure call
(RPC) and
transaction.
guest,
usedb_user are
internal users of Not involved.
the Sybase
database, and
therefore cannot
be used to log in
to the Sybase
database system.
These two users
guest, can be used only
usedb_ None None for database
user authority
allocation and
management and
can identify the
database
administrators
and operation
users in different
databases (such as
master and
omcdb).

U2000

Passwo V200R012 or
rd in a Later
V200R Version
011
l When you log

in to the
U2000 client
for the first
time, the
system
Created during requires you
installation of the to change the
U2000 server login
U2000 Changeme_1 software. password for
admin Empty
client 23 user admin.
System
administrator of l If you want to
the U2000 client. change the
password for
user admin
during routine
maintenance,
see U2000
Online Help.
Created during
installation of the
U2000 server
software.
User proxyuser
is the web proxy
user. To increase For details, see
proxyus Change Changeme_1 system security, 11.3.4 Changing
Web proxy you must enter
er me_123 23 Web Proxy User
the web proxy Passwords.
user name and the
password for
authentication
when accessing
NEs over the web
using the U2000
server as a proxy.
NOTE
User usedb_user listed in Table 27-1 exists only in the Sybase 15.7 database. Other users exist in all
Sybase databases.

U2000
Table 27-2 Operating system user groups and directories

User Name User Group Shell Resolution Directory
Program
root root /bin/bash /root
ossuser ossgroup, sys, trusted, /bin/bash /export/ossuser

webgroup
ftpuser ossgroup /usr/lib64/ssh/sftp- /export/home/sysm

server.sh NOTE
User ftpuser has the
write permission on /
export/home/sysm/
ftproot but does not
have the write
permission on /export/
home/sysm.
oracle oinstall, dba /bin/bash /export/home/oracle
dbuser dbgroup, ossgroup /bin/bash /export/home/dbuser
iscript ossgroup /bin/false /export/iscript
webuser ossgroup, webgroup /bin/false /export/webuser

U2000
Table 27-3 Default users of the ATAE cluster system (OSMU board)
System or User Default Description How to Change
Device Name Password the Password
This user is created

when the SUSE
operating system is
installed and is the
Changeme_123 administrator for
NOTICE managing the SUSE
If a new version operating system.
is deployed Creation location: on
through
OSMU board.
upgrade, one
can keep using NOTE
the previous The operating system
root
password. The is hardened by default
initial password during installation.
for the user is After operating
system hardening is
For details, see
huawei in
OSMU performed, you section Reference >
V100R002C00S cannot log in to the General Operation
PC210 and server as user root in > Operations on
earlier versions. SSH mode. To switch Board > Changing
to user root, you need Passwords for
OS user to log in to the server
as a user other than
Default Users of
root and then run the the OSMU Board
su - root command. Operating System
in ATAE Cluster
This user is created System Product
when the OSMU Documentation.
server software is
osmuuse
Changeme_123 installed and is used
r
for logging in to the
OSMU board
operating system.

when the OSMU
server software is
installed and is used
postgres Changeme_123
for managing the
PostgreSQL
database of the
OSMU.

U2000


when the OSMU
server software is
installed. It is used
for logging into the
admin Admin@123
OSMU using a web
browser but not used
for logging to the
OSMU board
operating system.
This user is the

For details, see
administrator for
section Operation
managing the
and Maintenance >
PostgreSQL
Routine
database.
Maintenance >
OSMU NOTE Security
The OSMU uses the
database postgres Changeme_123 Management >
embedded
user PostgreSQL database User Management
to store data. Only > OSMU Database
user postgres is User Management
allowed to access and in ATAE Cluster
manage the System Product
PostgreSQL database
Documentation.
locally.
Admin@123
NOTE This user account is For details, see
You are created when the section Operation
prompted to OSMU server and Maintenance >
change the software is installed
default
Routine
and is used for Maintenance >
password upon
the first login to logging into the Security
the web-based OSMU through a Management >
OSMU web client for the web browser but not User Management
admin newly installed used for logging to
user > OSMU Web User
OSMU in the the OSMU board
version of
Management >
operating system. Changing the
V200R001C01
or later. You are Use the new name if Current User
not required to you changed the Password in ATAE
do so if the name of the default Cluster System
OSMU is Product
upgraded to
OSMU web user
V200R001C01 admin. Documentation.
or later.

U2000
Table 27-4 Default users of the ATAE cluster system (SMM board/switching board/S3900
disk array)
hwosta2.0
NOTICE
If a new version
is deployed This is the
through administrator of the
upgrade, one
SMM board
Operating can keep using For details, see 11.5
the previous operating system. It
system user Managing ATAE
root password. The is used to log in to
of the SMM Cluster System
initial password the operating system
board Devices Users.
for the user is of the SMM board
huaweiosta or and it can run all
hwosta2.0 in
commands.
OSMU
V200R001C00S
PC200 and
earlier versions.

U2000

hwosta2.0
NOTICE
l If a new
version is
deployed
through
upgrade, one
can keep
using the
previous
password.
The initial
password
for the user
is
huaweiosta
in OSMU
V200R001C
00SPC200
and earlier
versions. This user is used for
l To be authentication when
compatible the OSMU board
with the and SMM board
SNMP OSMU of communicate with
protocol earlier
root each other according
user of the versions,
passwords
to the SNMP
SMM board
of the protocol. It can run
SNMP users commands dedicated
on the to the SNMP
OSMU are protocol.
encrypted
using the
DES and
MD5
algorithms.
In OSTA2.0,
passwords
of the
SNMP users
on OSMU
V200R007C
01SPC302B
010 and
later are
encrypted
using the
HMAC-
SHA and
AES128
security
algorithms.

U2000

This user is used for

logging in to and
User of the
managing the Base
switching
plane and Fabric
planes of the root hwosta2.0
plane of the
switching
switching boards
boards
whose model is
AXCBF1.
This is the
administrator of the
hwosta2.0 FC module's
root
NOTICE operating system. It
If a new version can run all
is deployed commands.
through
upgrade, one This is the
can keep using administrator of the
the previous FC module's
password. The
User of the admin initial password
operating system. It
FC module for the user is can run most query
of the password in and modification
switching OSMU commands.
V100R002C00S
board PC220 and This is the common
earlier versions. user of the FC
In module's operating
user V200R001C00
and
system. It can run
V200R001C01, only some query
the initial commands.
password is
Changeme_123 This is a reserved
. account of the FC
factory
module's operating
system.
admin is the
admin Admin@storage administrator of the
S3900 disk array.
Kaimse@storag
e
S3900 disk NOTICE This user is used to
array When the S3900 report fault alarm
disk array for from the S3900 disk
Kaimse V100R002C00S array to the OSMU
PC013 and
server using the
earlier versions,
the initial SNMPv3 protocol.
password for the
user is Kaimse.

U2000

Changeme_123
NOTICE
If a new version
is deployed
through
upgrade, one
can keep using This user manages
osmuuse the previous the S3900 disk array
r password. The
using the OSMU.
initial password
for the user is
osmuuser in
OSMU
V100R002C00S
PC200 and
earlier versions.
Changeme_123
NOTICE
If a new version
is deployed
through
upgrade, one
can keep using This user manages
osmumo the previous the disk array using
nitoruser password. The
the OSMU.
initial password
for the user is
osmumonitorus
er in OSMU
V100R002C00S
PC200 and
earlier versions.
To change the
password for this
_super_a Resets the password
Admin@revive user, apply for the
dmin for user admin.
reference material
from Huawei.

U2000
Table 27-5 SNMPv3 protocol user description

User Name Default Private Description How to Change
Key the Password
amosagent l Authentication This user is used to For details, see 11.4

private key: report resource Managing SNMPv3
Changeme_123 monitoring alarm, Users.
l Encryption threshold alarms and
private key: hardware alarms
Modify_key0 from the PRS to the
U2000 server using
NOTE
If you deploy the
the SNMPv3
latest version by protocol. User
upgrading the system, amosagent is used
encryption private in the SNMPv3
key do not change protocol. The
after the upgrade, The original
initial encryption
private key is
authentication
Changeme_123 in private key of user
U2000 amosagent may be
V200R015C00SPC1 amosagent
00 and earlier depending on the
versions. OSS version.
v3username l The password of v3username

the indicates the user
authentication used by the OSS
protocol : Self Management
Changeme_123 Unit (OSMU) or
l The password of Alarm Monitor of
the data Outsourcing System
encryption (AMOS) and U2000
protocol : to exchange
Modify_key0 SNMPv3 messages.
i@a#$$ l Authentication The OSMU alarm

protocol module send
password: #a heartbeat
$*u* t!h information to the
l Data encryption OSS product as user
protocol i@a#$$.
password: p~r $
%i^vx
sonagent l Authentication sonagent indicates

protocol the user used by the
password: SONMaster and
Changeme_123 U2000 to exchange
l Data encryption SNMPv3 messages.
protocol
password:
Modify_key0

U2000
User Name Default Private Description How to Change

Key the Password
tspagent l Authentication tspagent indicates

protocol the user used by the
password: TSP and U2000 to
Changeme_123 exchange SNMPv3
l Data encryption messages.
protocol
password:
Modify_key0
Table 27-6 ATAE cluster system default users (VCS installed on the OGPU board)
User Password Change
User Type Password Description
Name Reference
This user account is

created when the
For details, see 11.8
OGPU board is
Changing the
activated and is used
VCS user admin Changeme_123 Password for the
for managing system
Default User of the
resources that have
VCS.
been registered with
the VCS.
Table 27-7 ATAE cluster system default users (grub on the OSMU board and OGPU board)
User Password
User
Typ Password Description Change
Name
e Reference
For details, see

Changing the
Default
The user is used for Password for
grub logging in to the grub and the grub in
- Changeme_123
user has the permission to edit ATAE Cluster
grub menus. System
Product
Documentatio
n.

U2000
Table 27-8 OS Users

User Pass Description Password
Name wor Change
d Reference
at Not at is a user who has minimum permissions and is You are not
invol created automatically by the system. The user is advised to
ved used when tasks are scheduled in batches and has change the
been prohibited. However, the user cannot be password of the
deleted. user that has
been disabled. If
bin bin is a user who has minimum permissions and is you need to
created automatically by the system. The user is change the
used for managing binary file processes and has password, use
been prohibited. However, the user cannot be the passwd
deleted. command.
daemon daemon is a user who has minimum permissions
and is created automatically by the system. The
user is used for background processes and has
been prohibited. However, the user cannot be
deleted.
dhcpd dhcpd is a user who is automatically created

when the system is installed and services are
started. The user is used for the DHCP service
daemon process and has been prohibited.
However, the user cannot be deleted.
ftp ftp is a user who is automatically created when

the system is installed and services are started.
The user is created for FTP service and has been
prohibited. However, the user cannot be deleted.
games games is a user who has minimum permissions

user is game user and has been prohibited.
haldaemo haldaemon is a user who has minimum

n permissions and is created automatically by the
system. The user is used for the hardware
information collection service daemon processes
and has been prohibited. However, the user cannot
be deleted.
ldap ldap is a user who is automatically created when

The user is used for the ldap service daemon
process and has been prohibited. However, the
user cannot be deleted.

U2000

Name wor Change
d Reference
lp lp is a user who has minimum permissions and is

created automatically by the system. The user is
used for the print daemon process and has been
mail mail is a user who has minimum permissions and

is created automatically by the system. The user is
used for the email daemon process and has been
man man is a user who has minimum permissions and

used for the Man reading tool and has been
messageb messagebus is a user who has minimum

us permissions and is created automatically by the
system. The user is used for inter-process
communication services and has been prohibited.
named named is a user who is automatically created

started. The user is used for the dns service
news news is a user who has minimum permissions and

news group user and has been prohibited.
nobody nobody is a user who has minimum permissions

user has been prohibited and cannot be deleted.
ntp ntp is a user who is automatically created when

The user is used for the NTP service daemon
polkituse polkituser is a user who is automatically created

r when the system is installed and services are
started. The user is used for the PolicyKit service

U2000

Name wor Change
d Reference
postfix postfix is a user who is automatically created

started. The user is used for the postfix service
puppet puppet is a user who is automatically created

started. The user is used for centralized
configuration management and has been
sshd sshd is a user who is automatically created when

The user is used for the sshd service daemon
suse-ncc suse-ncc is a user who has minimum permissions

user is Novell customer center user and has been
squid squid is a user who is automatically created when

The user is used for the squid service daemon
uucp uucp is a user who has minimum permissions and

used for Unix-to-Unix Copy service process and
has been prohibited. However, the user cannot be
deleted.
uuidd uuidd is a user who is automatically created when

The user is used for the uuid service daemon
wwwrun wwwrun is a user who is automatically created

started. The user is used for the www service

U2000
NOTE
Users ldap, named, polkituser, puppet, squid and uuidd listed in Table 27-8 exist only in the SUSE11
OS. Other users exist in both SUSE11 and SUSE10.
Policies on Passwords for Operating System Users

pair, and so on).
Policies on Passwords for Database Users (Sybase)

uppercase letters A to Z, and special characters. To improve password security, you are
advised to use the following password policies:
[{}]:./?=%.
name.
Policies on Passwords for Database Users (Oracle)

uppercase letters A to Z, and special characters underscores (_). To improve password
security, you are advised to use the following password policies:

U2000

l The password must contain the special character underscore (_).
name.
l The password cannot be reused within one year.
l The password that has been used in the recent 20 times cannot be reused.
27.2 Partitioning of Storage Space

This section describes how to partition ATAE cluster system storage space provided by
OSMU board local disks and the S3900 storage system. Before the delivery of the ATAE
cluster system or during the initial software installation, the OSMU board local disks have
been partitioned and the redundancy mode of the S3900 storage system has been set.
Partitioning of OSMU board local disks

In the ATAE cluster system, the OSMU board is configured with two 300 GB or 600 GB local
disks.
l For details about the partitioning of OSMU board local hard disks when you install
OSMU V200R002C20 or later for the first time, see Table 27-9.
l For details about the partitioning of OSMU board local hard disks when you install the
OSMU whose version is between V200R001C01 and V200R002C10 for the first time,
see Table 27-10.
l For details about the partitioning of OSMU board local hard disks when you install
OSMU V200R001C00 for the first time, see Table 27-11.
NOTE
It is normal that the partition sizes you have queried have a deviation of -2 GB to 2 GB with the values
listed in the following table.
Table 27-9 Partitioning of OSMU board local disks (for initially installing OSMU
V200R002C20 and later versions)
Disk No. Partition Partition Size Description
Name
1 / 35 GB Root partition
/opt 40 GB -
/home 5 GB -
/tmp 20 GB -
/boot 1 GB -

U2000

Name
swap 16 GB Swap partition
All remaining space (not divided during initial installation)
2 Mirroring disk of the first disk
Table 27-10 Partitioning of OSMU board local disks (for initially installing the OSMU whose
version is between V200R001C01 and V200R002C10)
Name
1 / 100 GB Root partition
/boot 1 GB -
swap 16 GB Swap partition
All remaining space (not divided during initial installation)
Table 27-11 Partitioning of OSMU board local disks (for initially installing OSMU
V200R001C00)
Name
/ 28% Root partition
/boot 1% -
1
swap 11% Swap partition
none 60% -
Storage space of the S3900 storage system

The S3900 storage system consists of the MSS and BSS that use controller enclosures and the
ESS that uses a disk enclosure.
l MSS: The MSS has two controllers, and it consists of twelve 600 GB disks, twenty-four
600 GB disks, or twenty-four 900 GB disks. The MSS saves the service data of U2000
products, including the data in the database and in files.
l ESS: The ESS does not have controllers, and it consists of twenty-four 600 GB or 900
GB disks. The ESS saves the service data of U2000 products as the MSS does. Only
when the storage space provided by the MSS is insufficient, the ESS is configured.

U2000
l BSS: The BSS has two controllers, and it consists of twelve 2000 GB disks or twenty-
four 600 GB disks. The BSS saves the backup data of the ATAE cluster system,
including the backup data of the OSMU and U2000 products.
NOTE
You can learn the capacity of a disk in the disk array by viewing the label at the top of the front
view of the hard disk.
Table 27-12 describes the number of MSSs, the number of BSSs, and the number of ESSs
that can be configured and the redundancy mode.
Table 27-12 Configuration and settings of the S3900 storage system

Disk Array Quantity Available Space Redundancy Means
Type on Each Disk
Array
One disk array l The available l If twelve 600 GB disks are

must be space is 2600 GB configured, No.1 to No.10
configured. if twelve 600 GB disks work in RAID 10
disks are level and No.11 and No.12
configured. serve as hot spare disks.
l The available l If twenty-four 600 GB
space is 5800 GB disks are configured, No.1
if twenty-four to No.22 disks work in
MSS 600 GB disks are RAID 10 level and No.23
configured. and No.24 serve as hot
l The available spare disks.
space is 8800 GB l If twenty-four 900 GB
if twenty-four disks are configured, No.1
900 GB disks are to No.22 disks work in
configured. RAID 10 level and No.23
and No.24 serve as hot
spare disks.
ESS A maximum of l The available No.1 to No.22 disks work in

two disk arrays space is 6100 GB RAID 10 level and No.23 and
can be if twenty-four No.24 serve as hot spare
configured 600 GB disks are disks.
based on site configured.
requirements. l The available
space is 9100 GB
if twenty-four
900 GB disks are
configured.

U2000
Disk Array Quantity Available Space Redundancy Means

Type on Each Disk
Array
BSS It is used to l The available l If twelve 2000 GB disks

store backup space is 16,600 are configured, No.1 to
data. At most GB if twelve No.4 disks and No.5 to
one BSS can be 2000 GB disks No.11 disks work in RAID
configured are configured. 5 level, and No.12 disk
based on site l The available serves as a hot spare disk.
requirements. space is 11,000 l If twenty-four 600 GB
GB if twenty- disks are configured, No.1
four 600 GB to No.4 disks, No.5 to No.
disks are 13 disks and No.14 to No.
configured. 23 disks work in RAID 5
level, and No.24 disk
serves as a hot spare disk.
27.3 Default Host Names and IP Addresses of Boards

This section describes the default host names and IP addresses of boards in the ATAE
subrack. The host names and IP addresses of the OSMU board and OGPU boards are set
before board delivery and those of the other boards are initially set during board activation.
In the ATAE cluster system and ATAE cluster online remote HA system, the host names and
IP addresses of boards in the ATAE subrack are set to the default values listed in Table 27-13
upon delivery or activation. When commissioning the ATAE cluster system onsite, retain the
default settings for the Host Name, Private IP Address and Private Subnet Mask; reset the
Public IP Address for the OSMU board, service board, and DB board based on the IP
address plan for users to remotely access these boards. You do not need to set the Public IP
Address for the standby service board, standby DB board, and switching board.
NOTE
The switching boards are installed in slots 7 and 8 in each subrack. For the default IP addresses of the
switching boards, see 27.4 Default IP Addresses of Switching Boards.

U2000
NOTICE
l XY in label in the following description is a random number generated at delivery. You
need to select the cabinet, subrack, board, disk array, and cables with the same random
number for onsite installation. For example, in a cabinet having the label AB-MPRII-1, the
label of main processing subrack (MPS) is AB-MPS-1-5 and the label of the board in slot
1 is AB-MPS-1-5-1.
l OSMU boards include the active OSMU board and standby OSMU board when the
standby OSMU board is deployed. The active OSMU board is installed in slot 1 of the first
subrack (XY-MPS-1-5-1). The standby OSMU board is installed in a subrack based on the
service deployment. For example, the standby OSMU board can be installed in slot 14 in
the first subrack (XY-MPS-1-5-14) or in the second subrack (XY-EPS-1-6-14). In the latter
case, the OGPU board of the corresponding slot in Table 27-13 is standby OSMU board.
l You need to reset the public IP address of the OSMU board only when you commission
the ATAE cluster system for the first time. You do not need to reset it while deploying a
new U2000.
Table 27-13 Planned host names and IP addresses of boards

S Host Private Private Public Public
Board S
Type R Na IP Subnet IP Subnet
Label N
N me Address Mask Address Mask
XY-
OSMU SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 1
board S1 28.100 48.0 101 55.0
-1
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 2
S2 28.158 48.0 102 55.0
-2
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 3
S3 28.159 48.0 103 55.0
-3
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 4
S4 28.160 48.0 104 55.0
OGPU -4
board XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 5
S5 28.161 48.0 105 55.0
-5
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 6
S6 28.162 48.0 106 55.0
-6
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 9
S9 28.165 48.0 109 55.0
-9

U2000

Board S
Label N
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 10
S10 28.166 48.0 110 55.0
-10
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 11
S11 28.167 48.0 111 55.0
-11
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 12
S12 28.168 48.0 112 55.0
-12
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 13
S13 28.169 48.0 113 55.0
-13
XY-
SR5 192.168.1 255.255.2 10.10.10. 255.255.2
MPS-1-5 5 14
S14 28.170 48.0 114 55.0
-14
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 1
S1 28.171 48.0 115 55.0
-1
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 2
S2 28.172 48.0 116 55.0
-2
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 3
S3 28.173 48.0 117 55.0
-3
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 4
S4 28.174 48.0 118 55.0
-4
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 5
S5 28.175 48.0 119 55.0
-5
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 6
S6 28.176 48.0 120 55.0
-6
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 9
S9 28.179 48.0 123 55.0
-9
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 10
S10 28.180 48.0 124 55.0
-10

U2000

Board S
Label N
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 11
S11 28.181 48.0 125 55.0
-11
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 12
S12 28.182 48.0 126 55.0
-12
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 13
S13 28.183 48.0 127 55.0
-13
XY-
SR6 192.168.1 255.255.2 10.10.10. 255.255.2
EPS-1-6 6 14
S14 28.184 48.0 128 55.0
-14
27.4 Default IP Addresses of Switching Boards

There are two switching boards in each ATAE subrack. You need to plan and set IP addresses
for each switching board.
In the ATAE cluster system, the switching boards provide the Base switching plane, Fabric
switching plane, and FC switching plane. Private IP addresses are set for each plane. Each of
the private IP addresses is used only for the communications on the corresponding switching
plane. You cannot log in to the switching boards, the Base switching plane, or the FC
switching plane by using the private IP addresses. For the planned default IP addresses of the
Base switching plane, see Table 27-14. For the planned default IP addresses of the FC
switching plane, see Table 27-15. For the planned default IP addresses of the Fabric switching
plane, see Table 27-16.
The IP addresses of switching boards in the MPS and EPS are set to the default values before
the delivery of the ATAE cluster system. You do not need to change the default IP addresses
while reinstalling or commissioning the ATAE cluster system onsite.
Table 27-14 Planned default IP addresses of switching boards (Base switching plane)
Sub
rack Private IP Broadcast
SN Board Label Subnet Mask
Typ Address Address
e
MPS 7 XY-MPS-1-5-7 192.168.128.16 255.255.248.0 192.168.135.25

3 5
8 XY-MPS-1-5-8 192.168.128.16
4

U2000
Sub
Typ Address Address
e
EPS 7 XY-EPS-1-6-7 192.168.128.17 NOTICE NOTICE

7 If a new If a new
8 XY-EPS-1-6-8 192.168.128.17 deployed deployed
through through
8 upgrade, you upgrade, you
can keep using can keep using
subnet mask. broadcast
The subnet address. The
mask is broadcast
255.255.0.0 in address is
versions earlier 192.168.255.25
than OSMU 5 in versions
V200R002C00. earlier than
OSMU
V200R002C00.
Table 27-15 Planned default IP addresses of switching boards (FC switching plane)
Sub
Typ Address Address
e
MPS 7 XY-MPS-1-5-7 192.168.128.10 255.255.248.0 192.168.135.25

6 NOTICE 5
If a new NOTICE
8 XY-MPS-1-5-8 192.168.128.10 version is If a new
8 deployed version is
through deployed
EPS 7 XY-EPS-1-6-7 192.168.128.11 upgrade, you through
0 can keep using upgrade, you
the previous can keep using
8 XY-EPS-1-6-8 192.168.128.11 subnet mask. the previous
2 The subnet broadcast
mask is address. The
255.255.0.0 in broadcast
versions earlier address is
than OSMU 192.168.255.25
V200R002C00. 5 in versions
earlier than
OSMU
V200R002C00.

U2000
Table 27-16 Planned default IP addresses of switching boards (Fabric switching plane)
Sub
Typ Address Address
e
MPS 7 XY-MPS-1-5-7 192.168.128.11 255.255.248.0 192.168.135.25

6 NOTICE 5
If a new NOTICE
8 XY-MPS-1-5-8 192.168.128.11 version is If a new
8 deployed version is
through deployed
EPS 7 XY-EPS-1-6-7 192.168.128.12 upgrade, you through
0 can keep using upgrade, you
the previous can keep using
8 XY-EPS-1-6-8 192.168.128.12 subnet mask. the previous
2 The subnet broadcast
mask is address. The
255.255.0.0 in broadcast
versions earlier address is
than OSMU 192.168.255.25
V200R002C00. 5 in versions
earlier than
OSMU
V200R002C00.
27.5 Default IP Addresses of SMM Boards

There are two SMM boards in each ATAE subrack, which work in active/standby mode. You
need to plan and set IP addresses for each SMM board.
The IP addresses of SMM boards in the MPS and EPS are set to the default values listed in
Table 27-17 before the delivery of the ATAE cluster system. You do not need to change the
default IP addresses while reinstalling or commissioning the ATAE cluster system onsite.
NOTICE
If an EPS is added for deploying a new U2000, you need to manually change IP addresses of
SMM boards in the added EPS by referring to Table 27-17. For details, see 26.1.19 Viewing
and Setting the IP Addresses for the SMM Board.

U2000
Table 27-17 Planned default IP addresses of SMM boards

Subr
ack SMM Networ Physical IP Logical IP Subnet Broadcast
Typ board k Port Address Address Mask Address
e
MPS Active vbond0 192.168.128 192.168.128 255.255.248 192.168.135

SMM .23 .25 .0 .255
board NOTICE NOTICE
(SMM1) If a new If a new
Standby vbond0 192.168.128 deployed deployed
SMM .24 through through
board upgrade, upgrade,
you can you can
(SMM2)
keep using keep using
EPS Active vbond0 192.168.128 192.168.128
subnet broadcast
SMM .26 .28 mask. The address. The
board subnet mask broadcast
(SMM1) is address is
255.255.0.0 192.168.255
Standby vbond0 192.168.128 in versions .255 in
SMM .27 earlier than versions
board OSMU earlier than
V200R002 OSMU
(SMM2)
C00. V200R002C
00.
NOTE
eth1 and eth2 of each SMM board should be bound, and the resulting logical network interface is named
vbond0. For newly deployed devices, eth1 and eth2 of the SMM board are bound by default after
preinstallation; for the subracks that are introduced for new OSS product deployment or for capacity
expansion purpose, eth1 and eth2 of the SMM board must be manually bound onsite.
27.6 Default IP Addresses of the S3900 Storage System

The S3900 storage system consists of MSS and BSS that use controller enclosures and ESS
that uses a disk enclosure. Each controller enclosure is configured with two controllers
(controller A and controller B) that each has an initial IP address. The two IP addresses are
the same for all controller enclosures. When the ATAE cluster system is configured with
multiple controller enclosures, IP address conflict may occur. In this situation, you need to
plan and reset controller IP addresses for each controller enclosure.
Table 27-18 describes the initial IP addresses of controllers. The disk enclosure has no
controller.
The IP addresses of the controllers will be reset based on the default plan in Table 27-19
during ATAE cluster system preinstallation upon delivery.

U2000
Table 27-18 Initial IP addresses of the S3900 storage system

Disk Array Type Controller Private IP Address
Controller A 192.168.128.101
Controller enclosure
Controller B 192.168.128.102
Disk enclosure Without controller -
Table 27-19 Planned default IP addresses of the S3900 storage system

Private IP
Disk Array Type Controller Subnet Mask
Address
Controller A 192.168.128.203 255.255.248.0

MSS NOTICE
Controller B 192.168.128.204 If a new version is
deployed through
Controller A 192.168.128.201 upgrade, you can
keep using the
Controller B 192.168.128.202 previous subnet
BSS mask. The subnet
mask is 255.255.0.0
in versions earlier
than OSMU
V200R002C00.
ESS Without controller - -
27.7 List of Web Access Paths

This topic describes the web access paths provided by the OSS server.
Web Access Path Function
http(s)://Server IP Displays the web-based login window of the CAU for

address/cau installing and upgrading clients.
http(s)://Server IP Displays the OSS help.

address/hedex
http(s)://Server IP Displays the web-based login window of the Network

address/nic Information Collection (NIC).
https://Server IP address: NOTE
31040/nic l You can use http://Server IP address:31038/nic to access the
login window of the NIC only when the OSS server is in the both
http://Server IP address:
communication mode.
31038/nic
l You can use http(s)://Server IP address/nic to access the login
window of the NIC only when the OSS server is in the both or
common communication mode.

U2000
https://Server IP address: Displays the web-based OSS login window.

31040 NOTE
http://Server IP address: You can use http://Server IP address:31038 to access the OSS login
window only when the OSS server is in the both communication
31038
mode.
http(s)://Server IP Displays the login window of the centralized account

address:31048 management module.
http://server IP address: Is used for logging in to the main window of the PRS
8010/prs management tool.
https://server IP address:
8449/prs
http://server IP address: Is used for logging in to the main window of the OSS
8090 Management Tool.
https://server IP address: NOTE
31123 You can also use https://OSMU IP address:31123 to access the main
window of the OSS Management Tool when switchover has not been
triggered for the two boards.
http://server IP address: Is used for logging in to the main window of the antenna
31038/ams management system.
https://server IP address:
31040/ams
http://server IP address: Provides the common methods of the antenna management

31038/util system. The web address is invoked by the software, and users
cannot perform operations.
http(s)://Server IP Constructs the web-based OSS framework. The access uses

address/framework the reverse proxy rule provided by the Apache. The web
address is only invoked by software and does not support user
access.
http(s)://Server IP Displays the web-based OSS framework. The access uses the
address/jse reverse proxy rule provided by the Apache. The web address is
only invoked by software and does not support user access.
http(s)://Server IP Provides internationalization resources. The access uses the

address/locale reverse proxy rule provided by the Apache. The web address is
only invoked by software and does not support user access.
http(s)://Server IP Provides resources of the web-based OSS login and password

address/security change windows. The access uses the reverse proxy rule
provided by the Apache. The web address is only invoked by
software and does not support user access.
http(s)://Server IP Provides menus of the web-based OSS main window. The

address/productInfo.xml access uses the reverse proxy rule provided by the Apache.
The web address is only invoked by software and does not
support user access.

U2000
http(s)://Server IP Provides clients with the server RPC interfaces. The access
address/api uses the reverse proxy rule provided by the Apache. The web
address is only invoked by software and does not support user
access.
http(s)://Server IP Provides web-based OSS login functions, such as verification

address/login codes, logins, single sign-on (SSO), and one-time key
retrieval. The access uses the reverse proxy rule provided by
the Apache. The web address is only invoked by software and
does not support user access.
http://server IP Provides the EBC counter management function.

address/EBC NOTE
https://server IP You can enter the EBC window only through the menu Performance
> EBC Counter Management (traditional style); alternatively,
address/EBC
double-click Performance in Application Center and choose
Measurement > EBC Counter Management (application style) of
U2000 client rather than direct login using the web browser.
https://server IP address: Provides the FMA system login window.

31943 NOTE
You can enter the FMA system through the following method rather
than direct login using the web browser.
Log in to the U2000 client, choose Maintenance > FMA from the
main menu (traditional style); alternatively, double-click Trace and
Maintenance in Application Center and choose Maintenance >
FMA from the main menu (application style).
https://server IP address: Displays the FMA Online Help.

31943/hedex/hedex.do
NOTE
l You are advised to use the web addresses that do not contain port numbers.
l The default communication mode of OSS server is SSL mode. When the OSS server is in the SSL
communication mode, you can use only HTTPS-based web addresses, for example, https://Server IP
address/hedex.
l When the OSS server is in the both or common communication mode, HTTPS-based access is
recommended.
l The Apache provides some proxy access modes as follows:
l The Apache provides the reverse proxy function on ports 80 and 443. For details about the
access paths, see the access paths that use the reverse proxy rule in the table above.
l The Apache provides the reverse proxy function on port 8080. When the OSS server is in the
non-SSL communication mode, the access path is http://Server IP address:8080/NE IP
address. When the OSS server is in the SSL communication mode, the access is unavailable.
l The Apache provides the forward proxy function on port 8080 to forward HTTP requests from
OSS clients to NEs.
27.8 Introduction to U2000 Processes and Services

When the U2000 is running, the U2000 server automatically starts the processes related to the
U2000 system. Each process provides different services and functions. In the ATAE cluster

U2000
system, the master node starts all the U2000 processes, the slave nodes start some processes,
whereas the standby node does not run any U2000 process.
For details, see U2000 Processes and Services Reference.
27.9 Trace Server altogether cluster deployment related

explanation
If the U2000 is co-deployed with the Trace Server in an ATAE cluster system, the Trace
Server functions as a slave server of the U2000, then, you does not need the independent
maintenance Trace Server board, the related operate please refer to the U2000 maintenance
operate.
27.10 U2000 Database

The U2000 databases consist of the Sybase database, Oracle database and the U2000 server
database. This chapter describes only the U2000 server database. After the installation of the
U2000 server application software, the size of the U2000 server database is fixed.
27.10.1 BMSDB Database

The bmsdb database stores the data related to access network devices.
Table 27-20 shows the names and functions of the tables in the bmsdb database.
Table 27-20 Names and functions of the tables in the BMSDB
Name Function
bms_desc_Asn1ParaDesc It records the information related to the descway

development mode.
bms_desc_CmdDesc It records the descriptions of commands.
bms_desc_DBOperDesc It records the descriptions of database operations.
bms_desc_MIBOperDesc It records the descriptions of MIB operations.
bms_desc_SerFlowDesc It records the descriptions of the descway process.
bms_frm_MemTable It records the descriptions of the database tables that

need to be loaded to the memory.
bms_frm_MemTableLoad It records the loading status of the memory table.
bms_frm_PollFinishDev It records the synchronized device information.
bms_frm_PollFinishTask It records the synchronized task information.
bms_frm_Res2ServiceTab It records the relation between resource types and

supported services.

U2000
Name Function
bms_gdm_DeviceTab It records the details on the devices managed by the

U2000.
bms_gdm_LinkTab It records the information about inter-subrack links

on the device.
bms_gdm_NodeInfoDev It records the information about the submap where

the device is located.
bms_gdm_NodeInfoSub It records the information about the submap where

another submap is located.
bms_gdm_ObjectTab It records the information about all resources on the

device.
Other table It records other data of access network devices.
27.10.2 cmedb Database

The cmedb database is used to store the NE configuration data on the CME, including the
configuration data in the current and planned data areas.
The cmedb database requires at least 10 GB data space.
Table 27-21 lists the names and functions of the tables in the cmedb database.
Table 27-21 Names and functions of tables in the cmedb database
Table Name Function
Table with the t_c_ Stores NE data in the current data area.
prefix
Table with the t_p_ Stores NE data in the planned data area.
prefix
Table with the t_ prefix Support table of the tool type, which stores NE data.
Other tables Record internal data on the CME.
27.10.3 cmedb1 Database

The cmedb1 database is used to store the NE configuration data on the CME, including the
The cmedb1 database requires at least 10 GB data space.
Table 27-22 lists the names and functions of the tables in the cmedb1 database.

U2000
Table 27-22 Names and functions of tables in the cmedb1 database

Table Name Function
prefix
prefix
27.10.4 cmedb2 Database

The cmedb2 database is used to store the NE configuration data on the CME, including the
The cmedb2 database requires at least 10 GB data space.
Table 27-23 lists the names and functions of the tables in the cmedb2 database.
Table 27-23 Names and functions of tables in the cmedb2 database

Table Name Function
prefix
prefix
27.10.5 eamdb Database

This section describes the eamdb database. The eamdb database is used to store the data of
network management objects, such as NEs, subnets, and links. The eamdb database must exist
in the U2000 system.
The eamdb database requires more than 500 MB disk space.
Table 27-24 lists the name and function of each table in the eamdb database.
Table 27-24 Name and function of each table in the eamdb database
Table Name Function
tbl_sn Subnet information table

U2000
Table Name Function
tbl_ne NE information table
tbl_nefeature NE feature table
tbl_link Link information table
tbl_idresource NMS object identification management table
tbl_sntype Subnet type table
tbl_netype NE type table
tbl_linktype Link type table
tbl_sync Data synchronization table
tbl_nerelation NE relation table
tbl_maintenanceinfo Maintenance personnel information table
tbl_locationinfo Device maintenance information table
tbl_negroup NE group information table
tbl_negroupclass NE group mode table
tbl_negroup2ne NE group and NE relation table
tbl_negrouptype NE group type table
tbl_devsnmppara SNMP device parameter table
tbl_dftsnmppara Default SNMP parameter table
tbl_autodiscfilter Auto-search IP filter table
tbl_autodischistory Auto-search history record table
tbl_eamschedule Scheduled-search parameter table
tbl_autodiscresult Auto-search result table
tbl_SubareaInfo Refers to the partition information table, which records the

information about each node.
tbl_SubareaRes Refers to the partition resource table, which records the

resources of each node.
Other tables Record the internal processing data
27.10.6 farsdb Database

The farsdb database stores the signaling data of all the NEs managed by the U2000.
The farsdb database requires at least 10 GB data space and 3 GB log space.
The farsdb database consists of the following types of tables:

U2000
l Static configuration data table

l Task table
l Task data table
Table 27-25 describes the name and function of each table in the farsdb database.
Table 27-25 Tables of the farsdb database and the corresponding functions
Table Name Function
tbl_ProcessorInfo Static service configuration table
tbl_Field Static field configuration table
tbl_TaskInfo Dynamic task record table
tbl_TaskNE Table recording the tasks reported to NEs
Message type Task data table created dynamically, which records the signaling
name_task ID data of the message type corresponding to a task
O_TBL_task ID Table recording the signaling messages reported by NEs
27.10.7 fmdb Database

This section describes the fmdb database, which stores the alarm and event logs of the U2000
and the managed NEs.
The space of the fmdb database must be greater than 3,700 MB.
In the Sun SLS system, the fmdb database is deployed along with the FMGroup service
group. You can deploy the fmdb database on the master node or a slave node. Normally, the
fmdb database is deployed on the master node or a slave node. In some special cases, you
must deploy the fmdb database and the omcdb database on the same slave node. The pmdb
database is not deployed on the slave node.
Table 27-26 lists the names and functions of tables in the fmdb database.
Table 27-26 Tables of the fmdb database and the corresponding functions
Table Name Function
tbl_alm_log Records alarm logs.
tbl_event_log Records event logs.
Other tables Record the internal processing data of alarms.
NOTE
The system automatically divides the tbl_alm_log and tbl_event_log tables according to the size of
alarms and events. For example, the fmdb database may contain multiple alarm log tables such as
tbl_alm_log_1 and tbl_alm_log_2.

U2000
27.10.8 itfndb Database

This section describes the itfndb database, which stores the northbound configuration data,
performance tasks, and performance threshold data.
The itfndb database is optional. It requires a disk space of at least 200 MB. Table 27-27 lists
the name and function of each table.
Table 27-27 Tables of the itfndb database and the corresponding functions
Table Name Function
tbl_JGeneralInfo Records the general information about tasks.
tbl_JMoInstance Records the instances of tasks.
tbl_JStatusRecord Records the Status of tasks.
tbl_JMeasurementCategory Records the measurement categories of tasks.
tbl_JSchedule Records the task scheduling.
tbl_MGeneralInfo Records the general information about thresholds.
tbl_MMoInstance Records the instances of thresholds.
tbl_MMeasurementCategory Records the measurement categories of thresholds.
tbl_MThresholdPackElemen Records the details of thresholds.
tbl_MAlarmRecord Records the alarm records of thresholds.
tbl_MStatusRecord Records the status of thresholds.
Other tables Records the information about northbound

implementation.
27.10.9 logdb Database

This section describes the logdb database, which stores the U2000 log management data. The
logdb database must exist in the U2000 system.
The logdb database requires more than 500 MB disk space.
Table 27-28 lists the names and functions of the tables in the logdb database.
Table 27-28 Names and functions of the tables in the logdb database
Table Name Function
tbl_Audit Records the logs of user operations.
tbl_SysLog Records the logs of system operations.
tbl_SysLogResultDef Records the result information about system logs.

U2000
Table Name Function
tbl_SysLogStaticInfo Records the static information about system logs.
Other tables Records the information about other logs.
27.10.10 omcdb Database

This section describes the omcdb database. The omcdb database stores the U2000
configuration data, security data, and internal data.
The omcdb database requires at least 1,000 MB data space.
In the ATAE cluster system, the omcdb database is deployed along with the CMGroup service
group. The omcdb database is deployed on the database node.
Table 27-29 lists the names and functions of the tables in the omcdb database.
Table 27-29 Names and functions of tables in the omcdb database

Table Name Function
Tables with moi_ as the prefix Records the information about MO examples.
Tables with mos_ver_ as the Records the information about versions.

prefix
Tables with nbmmlNe_ as the Records the information about the format of messages
prefix transferred between the NEs.
Tables with sm_ as the prefix Records the information about service data.
Tables with softx3000_ as the Records dual-homing relationship.

prefix
Views with gv_view_cmcyw_ Records service Database Central (DC) data.

as the prefix
Views with view_cmcyw_ as Records basic service data.

the prefix
tbl_AllNeInfo Records information about NEs.
Processes with proc_sm_ as Records the processes of service data.

the prefix
Processes with sm_ as the Records the processes of service AMG data.
prefix
tbl_Resource Records NE resource data.
Tables with ums_ as the prefix Record the information about error codes.
Tables with ne_ as the prefix Records the information about NE models.
Tables with omc_ as the prefix Records the data about network management.

U2000
Table Name Function
Tables with rel_ as the prefix Records the associations between MOs.
tbl_ADAllNeList Records the information about the NodeBs to be

commissioned.
tbl_ADNeStatus Records the information about the statuses of the NodeBs

to be commissioned.
tbl_IPExg Records the IP configuration information about the NAT

translation table.
tbl_OmcSslOption Records the SSL connection policy of the U2000 for NEs.
tbl_nelicBaseInfo Records the basic information about NEs.
tbl_nelicTask Records the information about operation tasks.
tbl_nelicTaskEnv Records the information flow interacted between the

U2000 server and client.
tbl_NicAllNeBasicInfo Records the basic information of the NEs on the WebNIC.
tbl_NicAllNeExtendInfo Records the extension information of the NEs on the

WebNIC.
session_SessionEntity Records the information about the operated NEs during a

session.
session_SessionMoc Records the information about the operated MOCs during

a session.
session_SessionOpInfo Records the information about the user operations during

a session.
Other tables Records other configuration data of the U2000.
27.10.11 pmcomdb Database

The pmcomdb database is used for storing the static performance measurement data of NEs.
If the remaining space of the pmcomdb database is insufficient, the system generates an
alarm.
The pmcomdb database consists of the following types of tables:
l Counter tables
l Template Tables
l Function Subsets and Period Tables
l Other table

U2000
Counter tables
Compared with the data in other types of tables, the data in these tables is stable. Table 27-30
lists the name and function of each table.
Table 27-30 Counter information tables in the pmcomdb database and the corresponding
functions
Table Name Function
systbl_NeType Records all possible NE types in U2000.
systbl_FunctionSet Records the function sets of all NEs.
systbl_FunctionSubSet Records the measurement units of all

function sets.
systbl_Counters Records all measurement counters.
systbl_Counter_Unit Records the units of all counters.
systbl_AllCounterCategory Records the service features of each

version.
systbl_ComputeCounters Records only the counters involved in

calculation.
Template Tables
Template tables contain several tables that record measurement information. Table 27-31 lists
the name and function of each table.
Table 27-31 Template information tables in the pmcomdb database and the corresponding
functions
Table Name Function
tbl_ObjectInstance Records measurement objects.
tbl_MeasurementPeriod Records measurement periods.
tbl_MeasurementCounter Records measurement counters.
tbl_MeasurementSuspendInfo Records the information on suspended

tasks.
tbl_CounterCategory Records the status of each service

feature.
tbl_CounterLevel Records the status of each service

counter.
tbl_FeatureStatus Records the status of all the service

features on the U2000 operating
environment.

U2000
Function Subsets and Period Tables

The measurement results are saved according to the function subset and period. Table 27-32
lists the name and function of each subset and table.
Table 27-32 Function subsets and period tables in the pmcomdb database and their functions
Table Name Function
In the table name, XXX refers to the

function subset ID and Y refers to the
period index that ranges from 0 to 4. By
comparing the tbl_MeasObject_XXX_Y
with the result table named
tbl_Result_XXX_Y, you can check the loss
status and integrity of the results.
Each time when the measured object
changes, a message is recorded in the list.
Other Table
Table 27-33 Function subsets and period tables in the pmcomdb database and their functions
Table Name Function
tbl_UscdbFePmPlugino In the table name, XXX refers to the

function subset ID and Y refers to the
period index that ranges from 0 to 4. By
comparing the tbl_MeasObject_XXX_Y
with the result table named
tbl_Result_XXX_Y, you can check the loss
status and integrity of the results.
Each time when the measured object
changes, a message is recorded in the list.
27.10.12 pmdb Database

This section describes the pmdb database, which stores the performance structure tables and
performance measurement results of NEs. The pmdb database must exist in the U2000
system.
The pmdb database stores the NE performance measurement data. A disk space of more than
13,000 MB is required for the storage.
If the pmdb database is fully occupied, the U2000 raises an alarm.
After the storage period of the performance measurement data expires, the most recent data
overwrites the earlier data on a daily basis.
If the data is saved for less than 30 days old but the pmdb database is fully occupied, you
must change the number of days till when the data can be stored. Otherwise, the pmdb

U2000
database is suspended and it cannot process any performance data from the NEs. Change the
number of saving days when the remaining space of the pmdb database is insufficient.
To calculate the number of days till when the data can be stored, perform the following steps:
1. Observe the usage of the pmdb database when the U2000 runs for half a month.
2. Calculate the space of the pmdb database used a day.
3. Calculate the number of days that the pmdb database lasts.
The pmdb database consists of the following types of tables:
l Template Tables
l Function Subsets and Period Tables
Template Tables
Template tables record measurement information. Table 27-34 lists the name and function of
the table.
Table 27-34 Template tables in the pmdb database and their functions
Table Name Function
tbl_SyncInfo Records the supplementary collection queues

of performance results.
Function Subsets and Period Tables

The pmdb database stores the tables of measurement results categorized by function subsets
and periods. Table 27-35 lists the name and function of the table.
Table 27-35 Function subset tables and period tables in the pmdb database and the
corresponding functions
Table Name Function
tbl_Result_XXX_Y Records periodic results. In the table name, XXX is

the ID of the function subset and Y is the period
index between 0 and 4.
27.10.13 smdb Database

This section describes the smdb database, which stores the security management data. The
smdb database must exist in the U2000 system.
Table 27-36 lists the names and functions of the tables in the smdb database.

U2000
Table 27-36 Tables of the smdb database and the corresponding functions
Table Name Function
tbl_AccessTable Records the binding relations between user

groups and privileges.
tbl_AccessViewNodeRelTable Records the relations between the privilege

display nodes.
tbl_AccessViewNodeTable Records the privilege display nodes.
tbl_IDTable Records the reclaimed IDs.
tbl_SMAccessPolicyItem Records the privilege statistics for binding user

groups.
tbl_SMGroup Records the basic information about user

groups.
tbl_SMGroupUserMap Records the binding relations between user

groups and users.
tbl_SMLoginRec Stores the history records on user login.
tbl_SMNEUser Records the basic information about NE users.
tbl_SMPrivateGroupUserMap Records the binding relations between private

groups and users.
tbl_SMSecurityPolicy Records the security policy.
tbl_SMTerm Records the basic information about terminals.
tbl_SMUser Records the basic information about users.
tbl_SMUserHistoryRec Records history user passwords.
tbl_SMUserNEUserMap Records the binding relations between users and

NE users.
tbl_SMUserTerminalMap Records the binding relations between users and

terminals.
tbl_SecurityObjectTable Records security objects.
tbl_SessionTable Records session information.
tbl_StaticTypeRelationTable Records the relations between privileges.
tbl_StaticTypeTable Records the static security information about

object types, privileges, and operations.
tbl_StaticTypeViewTable Records the static security information.
Other tables Records the information about internal

implementation.

U2000
27.10.14 sumdb Database

The sumdb database stores the summarized performance data of NEs for performance reports.
If the U2000 system is not configured with the PRS, the sumdb database is not available.
The size of the sumdb database equals to one thirds of the size of the pmdb database. That is,
at least 4,500 MB database space is required.
The sumdb database consists of the following types of tables:
l Object type information table

l System setting information table
l Report information table
l Performance result table
Object Type Information Table

The object type information table consists of 12 tables, which save a group of relatively stable
information. Table 27-37 lists the name and function of each table.
Table 27-37 Name and function of each object type information table in the sumdb database
Table Name Function
t_NeType Records the NE type and manages the relevant information.
t_PRSObjectType Records the information about object types of each class.
t_GroupObjType Records the information about object types of object

groups.
t_AttrObjType Records the information about object types of attribute

classes.
t_ConfigObjType Records the information about object types of

configuration classes.
t_ConfigObjTypeAttr Records the attribute information about the configuration

object type.
t_CombObjType Records the information about object types of combination

classes.
t_PmObjType Records the relation between the PRS object type and the
performance object type.
t_CombTable Records the rule information about the combination table.
t_FSS Records the information about the extracted function

subsets.
t_Item Records counter information.
t_ObjTypeAggrRelation Records the summarization relation between objects.

U2000
System Setting Information Table

The system setting information consists of 15 tables that record information related to system
setting. Table 27-38 lists the name and function of each table.
Table 27-38 Name and function of each system setting information table in the sumdb
database
Table Name Function
t_Week Records the start date of a week.
t_SpecialDate Records the definition information about special dates.
t_BusyRule Records the information about busy-hour planning.
t_BusyTime Records the information about busy hours.
t_BusyTimeArith Records the information about the statistics on monthly

busy hours.
t_DefaultPeriod Records the information about default periods.
t_RawPeriod Records the information about the extraction period of

original results.
t_DefaultStorage Records the default storage duration of results.
t_CustomStorag Records the storage duration of results.
t_LoadFlag Records the information about the summarization and

extraction.
t_MaxItemId Records the IDs of maximum available counters of NEs.
t_RawHistoryInf Records the history of extracting original result tables.
t_RawResultNo Records the result numbers of original result tables.
t_SumHistoryInfo Records the history of extracting summarization result

tables.
t_BusyHistoryInfo Records the information about busy-hour summarization

result tables.
Report Information Table

The report information table consists of eight tables that record the information about the
queried tables. Table 27-39 lists the name and function of each table.
Table 27-39 Name and function of each report information table in the sumdb database
Table Name Function
t_Report Records the information about reports.

U2000
Table Name Function
t_Sheet Records the information about the sheets.
t_SheetItem Records the counters of sheets.
t_SheetFilter Records filtering information.
t_ItemFormat Records the counter format information.
t_RelateReport Records the relation between reports.
t_TemplateInfo Records the basic information about the templates.
t_TemplateObjInfo Records the basic information about the templates and the
objects.
Performance Result Table

The performance result table consists of multiple tables, which records the performance
measurement results based on the function subset and the measurement period. Table 27-40
lists the name and function of each table.
In Table 27-40, fssName, ObjLevel, and XXX in the tables whose names begin with d_ can be
configured in the configuration file.
l fssName refers to the name of a function subset.

l ObjLevel refers to the dimension of an object.
l In the tables whose names begin with d_, XXX refers to the ID of an object type.
Table 27-40 Name and function of each performance result table in the sumdb database
Table Name Function
f_fssName_Raw Indicates original result serial tables which record the

original results.
If the function subset is not extracted internally, the
administration tool (AT) automatically names the function
subset in the following format: F + ID of the function
subset.
f_fssName_ObjLevel_H Indicates hourly serial tables which records the result

information at hour dimension. The hourly summarization
is based on the original results.
f_fssName_ObjLevel_D Indicates daily serial tables which record the result

information at day dimension. The hourly summarization is
based on hourly summarization.
f_fssName_ObjLevel_W Indicates daily serial tables which record the result

information at week dimension. The weekly summarization
is based on daily summarization.

U2000
Table Name Function
f_fssName_ObjLevel_M Indicates monthly serial tables which record the result

information at month dimension. The monthly
summarization is based on weekly summarization.
f_fssName_ObjLevel_WH Indicates the weekly busy-hour serial tables which record

the weekly busy-hour results.
f_fssName_ObjLevel_MH Indicates the monthly busy-hour serial tables which record

the monthly busy-hour results.
d_XXX Records the information about the objects to be configured.
d_XXXGrp Records the information about the type of object groups.
d_XXXGrpObject Records the information about object instances of object

groups.
27.10.15 swmdb Database

This section describes the swmdb database, which stores the file information about the
software management module and the configuration data of NE versions. The swmdb
database must exist in the U2000 system.
The swmdb database stores the files managed by the software management module and the
NE version configuration data. A disk of more than 3,000 MB is required for storage. Table
27-41 lists the name and function of each table.
Table 27-41 Tables of the swmdb database and the corresponding functions
Table Name Function
tbl_VersionRelation Records the information about version relations.
tbl_NELogTable Records the NE operation logs.
Other tables Records the information about internal

implementation.
27.10.16 topodb Database

This section describes the topodb database, which stores the topology management data. The
topodb database must exist in the U2000 system.
The topodb database requires a disk space of more than 550 MB.
Table 27-42 lists the names and functions of the tables in the topodb database.

U2000
Table 27-42 Names and functions of the tables in the topodb database
Table Name Function
TSLink Records the information on topology links.
TSNode Records the information on topology NEs.
TSView Records the information on topology views.
TSTempLoc Records the temporary table that stores the longitude and latitude
coordinates of the e-map.
TSTempPos Records the temporary table that stores the x-axis and y-axis
coordinates of common physical topology.
Other tables Records the information about internal implementation.
27.10.17 sqlite Database

The sqlite database provides wireless performance fault management and transmission fault
management functions. This database is mandatory in the U2000 system.
The sqlite database requires at least 2,048 MB disk space.
Table 27-43 describes the name and function of each table in the sqlite database.
Table 27-43 Tables of the topodb database and the corresponding functions
Table Name Function
office.db Stores U2000-related information.
fm.db Stores NE alarm data.
cm.db Stores NE configuration data.
tm.db Stores one-click fault diagnosis information.
topo.db Stores topology view data, including borders, lines, and extension
information.
27.10.18 OMSMODEL Database

The OMSMODEL database is used to store the iEMP system library and save configuration
information.
Table 27-44 lists the names and functions of tables in the OMSMODEL database

U2000
Table 27-44 Names and functions of tables in the OMSMODEL database

Table Name Function
TBL_MOPKG_CHANG Mediation package change table

EINFO
TBL_MOPKG_CHANG Change result table

EPROCRESULT
TBL_MOPKG_COMP Change component name table
TBL_TOBASICATTR Basic information table of physical topological objects
TBL_TOEXTENDATT Extended information table of topological objects

R
TBL_TORELATION Relationship table of topological objects
TBL_TOCUSTOMVIE Content and data information table of self-defined topological

WDATA views
TBL_TOCUSTOMVIE Extended information table of objects in self-defined

WDATAEXT topological views
TBL_TOCUSTOMVIE Basic information table of self-defined topological views

WINFO
TBL_TOCUSTOMVIE Relationship table for views and their creators

WUSERRELATION
27.10.19 OMSSYS Database

The OMSSYS database is used to store the iEMP system library and save configuration
information.
Table 27-45 lists the names and functions of tables in the OMSSYS database.
Table 27-45 Names and functions of tables in the OMSSYS database

Table Name Function
EMAIL_SERVER Email server table
LOWERNMS_SERVER Lower-layer NMS server table
REMOTENOTICEUSE Remote notification user table

R
REMOTENOTICEUSE Remote notification user group table

RGROUP
REMOTENOTICEUSE Relationship table for remote notification users and user groups
RMAP

U2000
Table Name Function
REMOTENOTICEUSE Remote notification user time table

RTIME
SM_GATEWAY SM gateway table
SM_ MODEM SM modem table
T_BACKUPCONFIG_I Dump configuration table

NFO
T_LICENSE_FEATURE License item table
T_CUSTOM_MENU Product defined menu item table
T_CUSTOM_PORTLET Product defined portlet table
T_HOMEPAGE_CUST Product defined home page table

OM
T_PORTAL Product defined window table
TBL_MORE_APP Mobile O&M application table
TBL_USER_ATTENTI User defined NE information table

ONME
TBL_USER_ATTENTI User setting information table

ONME
27.10.20 OMSSM Database

The OMSSM database is used to store topo data, as well as hot and cold deployment data.
Table 27-46 lists the names and functions of tables in the OMSSM database.
Table 27-46 Names and functions of tables in the OMSSM database
Table Name Function
ACCOUNTPROFILE Account policies
HISTORYPASSWORD History password table
OMSUSER User table
OPERATION_RELATI Operation relationship table

ON
OPERATION_TYPE_V Operation type table

ERSION
OPERATION Operation table
PASSWORDPROFILE Password policy table

U2000
Table Name Function
ROLE_OP_RELATION Permission table
ROLE_SO_RELATION Relationship table for roles and managed objects
ROLE Role table
SECURITY_OBJECT_F Parent and child relationship table for security objects

ILIATION
SECURITY_OBJECT Security object table
T_HOMEPAGE_CUST Idle exit table

OM
T_OPERATIONDETAI Detailed information table of operation logs

L
T_OPERATIONLOG Operation log table
T_SECURITYLOG Security log table
T_SYSTEMLOG System log table
TBL_DOMAIN_OP_RE Relationship table for sub-domains and operations

LATION
TBL_DOMAIN_SO_RE Relationship table for sub-domains and managed objects

LATION
TBL_DOMAIN_USER_ Sub-domain and user table

RELATION
TBL_DOMAIN Sub-domain table
TBL_LOGININFO User login information table
TERMINAL IP ACL table
TIMEPROFILE Session login time policy table
TOKEN Session table
USER_ROLE_RELATI Relationship table for users and roles

ON
USER_TERMINAL_RE Relationship table for users and terminals

LATION
27.10.21 IEMPEAM Database

The IEMPEAM database is used to store the iEMP resource library and save platform
resource management objects, such as NEs and links.
Table 27-47 lists the names and functions of tables in the IEMPEAM database.

U2000
Table 27-47 Names and functions of tables in the IEMPEAM database

Table Name Function
AGENT_EXTEND Agent extension table
AGENT Link agent table of managed objects
COLOR_CONFIG Color configuration table
DN_GENERATOR Maximum DN value table
GROUP_MEMBER Group member table
GROUP_RULE_COND Relationship table for groups, rules, and conditions

ITION
GROUP_RULE Relationship table for groups and rules
LINK Link table
LOG_CLEAR_TIME Log clear time table
ME_TYPE Managed object type table
NODE_DELETED_LO Node deletion time table

G
NODE_EXTEND Node extension table
NODE_GROUP Node group table
NODE Node information table
OBJECT_CHANGED_ Object change record table

LOG
OBJECT_DELETE_LO Object deletion record table

G
PARTITION_CHANGE Partition change record table

D_LOG
PARTITION_ME Relationship table between partitions and managed objects
PARTITION_MED Relationship table between partitions and MEDs
PARTITION Partition table
PRODUCT_REST_PAT Product extension resource interface table

H
PROTOCOL_TEMPLA Object protocol template table

TE_AGENT
RELATION Managed object relationship table
RESOURCE_PATH Type resource interface table of managed objects
STATUS Managed object status table

U2000
27.10.22 Database Associated with Transport NEs, Switches,

Routers, and Security NEs
This topic describes the databases used for managing transport NEs, switches, routers, and
security NEs.
For details see Operation and Maintenance > OSS Information of the MBB Backhaul
Device Management Component of iManager U2000 MBB Backhaul Device Management
Component Product Documentation. You can log in to the http://support.huawei.com
website and search for the product documentation with iManager U2000 MBB Backhaul
Device Management Component Product Documentation as the keyword.
27.10.23 Database Related to the Site Power Management

Application
This section describes the database related to the site power management application.
The site power management application software uses the MySQL database. For details of the
database, see iManager U2000-Site Power Management Product Documentation. You can log
in to the http://support.huawei.com website and search for the product documentation with
iManager U2000-Site Power Management Product Documentation as the keyword.

U2000 ATAE Cluster System Administrator Guide (SUSE) (V200R016C10 - 05) PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

U2000 ATAE Cluster System Administrator Guide (SUSE) (V200R016C10 - 05) PDF

Uploaded by

Copyright:

Available Formats

U2000

ATAE Cluster System Administrator

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 05 (2016-08-30) Huawei Proprietary and Confidential i

About This Document

Product Name Version

Issue 05 (2016-08-30) Huawei Proprietary and Confidential ii

Section Change Description

8.17 Configuring the DH Key Length for Added.

20.4.2 Allocating PS Domain NEs Added.

Viewing Flow Data Amount on the Deleted.

4.8 Querying and Changing the Added.

2.3.8 Configuring the Mapping Modified the description.

2.3.9 Connecting the Switches to

8.5 Replacing the SSL Certificate

8.6 Changing the Password of the

20.3.2 Configuring Master

2.3.3 Planning Switches' VLANs

Issue 05 (2016-08-30) Huawei Proprietary and Confidential iii

20.5 Managing Trace Server Load Added.

Viewing Flow Data Amount on the

20 Trace Server Component Modified the description.

2.1 Changing the Public IP

2.4 Changing the IP Addresses

2.3.10 Configuring Parameters for Added.

20.4.3 Query PS Partition

20.4.4 Delete the PS Partition

2.3.7 Configuring Network Modified the description.

8.4 Replacing the Root Key of the

8.3 Replacing the Encrypted Key

Issue 05 (2016-08-30) Huawei Proprietary and Confidential iv

20.8 Managing the NEs in Trace Added.

20.8.1 Querying Subarea

20.8.2 Migrating NEs in the Trace

20.8.3 Migrating NEs in the Trace

2.1 Changing the Public IP Modified the description.

2.3.7 Configuring Network

2.5 Deleting the Network Interface

4.7 Service Groups

11.2.1 Changing the Database

Issue 05 (2016-08-30) Huawei Proprietary and Confidential v

Issue 05 (2016-08-30) Huawei Proprietary and Confidential vi

15 Monitoring the U2000 Server

24 U2000 Emergency Maintenance

Issue 05 (2016-08-30) Huawei Proprietary and Confidential vii

This section describes the procedures for troubleshooting the U2000.

Indicates an imminently hazardous situation which, if not

Indicates a potentially hazardous situation which, if not

Indicates a potentially hazardous situation which, if not

Indicates a potentially hazardous situation which, if not

Calls attention to important information, best practices and

Times New Roman Normal paragraphs are in Times New Roman.

Boldface Names of files, directories, folders, and users are in

Italic Book titles are in italics.

Issue 05 (2016-08-30) Huawei Proprietary and Confidential viii

Courier New Examples of information displayed on the screen are in

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated by

[ x | y | ... ] Optional items are grouped in brackets and separated by