SecoManager V500R020C00 Software Installation

Revision Record Do Not Print this Page
Course Code Product Product Version Course Version
SecoManager V500R020C00 1.0
Author/ID Date Reviewer/ID New/ Update
Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
SecoManager V500R020C00 Software
Installation
Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Foreword
 The SecoManager can be installed on physical servers and VMs. Based on the number of
nodes to be installed, the installation can be classified into standalone installation (single-
node installation) and cluster installation (three-node installation). The cluster installation
mode can effectively prevent single point of failure (SPOF) that may occur during
standalone installation and improve system reliability.
 The SecoManager can be deployed independently, integrated with the iMaster NCE-Fabric,
and integrated with the iMaster NCE-Campus. In integrated deployment, the
SecoManager is installed on the NCE Controller as a security service component. The NCE
Controller uniformly displays the configuration UI for administrators to configure and
maintain services.
Objectives
 Secomanager installation process and precautions.
 Different installation scenarios of secomanager.
 Secomanager installation steps.
 Common problems during installation.
Contents
1. Before Your Installation
2. (Optional) Installing an Operating System on the Physical Machine Using an Image File
3. Installing the SecoManager (Independent Deployment)
4. Installing the SecoManager (Integrated Deployment)
5. Common Installation Faults
Before Your Installation (1)
Supported 64-bit operating systems:
• SUSE Linux Enterprise Server 12 SP2
• Euler2.0 SP5
• CentOS 7.3
The security hardening and upgrade services are provided only for the Huawei Euler
operating system. Operating systems provided by customers need to be installed and
maintained by the customers themselves.
Mandatory software required for SecoManager installation
Software Package Function
EasySuite deployment tool, used to deploy the
SecoManager_EasySuite_Tools.zip
SecoManager.
SecoManager_xxx.zip Installation package, used to install the SecoManager.
SecoManager_os_euler2sp5_x64_dvd1.is Euler OS image package, used to set up the Euler

o environment.
During the SecoManager installation, the database GaussDB100 is automatically

installed without any manual operation.
Server planning
Type Standalone Deployment Cluster Deployment
CPU 16 x vCPU (>= 2.4 GHz) 16 x vCPU (>= 2.4 GHz)
Memory 64 GB 64 GB
Hard disk 2 x 600 GB (RAID 1) 2 x 600 GB (RAID 1)
Hard disk read/write rate 20 MB/s 20 MB/s
Requirements on the installation executor (used to run the installation

program)
Software Type Requirement
OS Windows Server 2008, Windows 7, or later
Browser • Microsoft Internet Explorer 11 or later
• Google Chrome 50 or later
• Mozilla Firefox 35 or later
• Microsoft Edge 20 (64-bit) or later
Resolution Recommended: 1366 x 768 (px) or higher; optimal: 1920 x 1080 (px)
Networking and IP address planning in standalone deployment
Solution IP Address Plan

eth0 (northbound communication
network adapter): 192.168.12.10
Two planes
eth1 (southbound communication
network adapter): 192.168.2.10
Single plane eth0: 192.168.12.10
Administrator
Network
management
Enterprise intranet center
Northbound communication
channel
Southbound communication
channel
Networking and IP address planning in cluster deployment
Administrator
Enterprise intranet
Internal communication channel Network

Northbound communication channel management
Southbound communication channel center
Networking and IP address planning in cluster deployment
Cluste
Solutio
r IP Address Plan Public IP Address
n
Node
eth0 (internal communication network adapter): 192.168.1.10
Server1 eth1 (southbound communication network adapter): 192.168.3.10 Southbound floating IP address: 192.168.3.100
eth2 (northbound communication network adapter): 192.168.12.10 Northbound floating IP address: 192.168.12.100
Note:
eth0 (internal communication network adapter): 192.168.1.11 • The southbound floating IP address and the IP address of
Three
Server2 eth1 (southbound communication network adapter): 192.168.3.11 the southbound communication network adapter must
planes
eth2 (northbound communication network adapter): 192.168.12.11 be on the same subnet.
• The northbound floating IP address and the IP address of
eth0 (internal communication network adapter): 192.168.1.12 the northbound communication network adapter must be
Server3 eth1 (southbound communication network adapter): 192.168.3.12 on the same subnet.
eth2 (northbound communication network adapter): 192.168.12.12
eth0 (network adapter for internal communication and northbound Southbound floating IP address: 192.168.2.100
Server1 communication): 192.168.12.10 Northbound floating IP address: 192.168.12.100
eth1 (southbound communication network adapter): 192.168.2.10 Note:
• The southbound floating IP address and the IP address of
eth0 (network adapter for internal communication and northbound the southbound communication network adapter must
Two planes Server2 communication): 192.168.12.11 be on the same subnet.
eth1 (southbound communication network adapter): 192.168.2.11 • The northbound floating IP address and the IP address of
the internal communication & northbound
eth0 (network adapter for internal communication and northbound
communication network adapter must be on the same
Server3 communication): 192.168.12.12
subnet.
eth1 (southbound communication network adapter): 192.168.2.12
Server1 eth0: 192.168.12.10 Southbound floating IP address: 192.168.12.100

Northbound floating IP address: 192.168.12.101
Single Server2 eth0: 192.168.12.11 Note: The southbound floating IP address, northbound
plane
floating IP address, and IP address of the eth0 network
Server3 eth0: 192.168.12.12 adapter must be on the same subnet.
Quiz
1. (multiple choice) the number of support nodes currently installed by secomanager ()
A. Single node
B. Three nodes
C. Five nodes
D. Seven nodes
Summary
 This chapter mainly introduces the software installation, including networking and server
planning
 Networking: distinguish single machine, three machine cluster and five machine cluster
 Server: CPU, memory, hard disk and other hardware requirements
Contents
2. (Optional) Installing an Operating System on the Physical Machine Using an Image

File
Installing an Operating System on the
Physical Machine (1)
If customers purchase Huawei servers, the server model is 2288H V5. By default, the EulerOS operating system is installed
before delivery.
If customers provide servers themselves, they need to install an operating system on the servers. It is recommended that
EulerOS be installed using the image file released with the SecoManager.
Huawei FusionServer 2288H V5 (2288H

V5 for short) is a 2 U 2-socket rack server
for Internet, Internet data center (IDC),
cloud computing, enterprise, and telecom
service applications.
Step 1 Obtain the image file SecoManager_os_euler2sp5_x64_dvd1.iso from the Huawei technical support
website.
Step 2 Log in to the iBMC web page of the server. Operations vary depending on the server model. For
details, see the server product documentation. RH1288 V5 is used as an example.
The default iBMC web URL of the RH1288 V5 server is https://192.168.2.100. The default user name and
password of the iBMC system are root and Huawei12#$ respectively.
Step 3 Load the image file and install the operating system as prompted.
On the remote console, click the CD-ROM icon, select Image File, click Browse, select the Huawei
customized ISO installation package, and click Connect.
Step 4 Restart the server. The operating system installation wizard window is displayed. Select Install EulerOS
V2.0SP5.
The system automatically completes the installation. After the installation is complete, the server restarts. Select
Boot from Hard Disk when the server restarts.
Step 5 After the server restarts, the login page is displayed, indicating that the operating system is
installed.
Log in as the root user and change the default password.

You must change the password of the root user upon the first login. The default password is
Changeme_123.
Setting Network Parameters of the
Server (1)
Step 6 Set the fixed IP address and mask of the system. Assign a fixed IP address, subnet mask,
and gateway to the server as required.
The network
Step 6.1 Log in to the operating system as the root user. adapter startup
mode is static.
Step 6.2 Go to the /etc/sysconfig/network-scripts/
directory.
cd /etc/sysconfig/network-scripts/
Step 6.3 Run the vi command to open the ifcfg-eth0 file.
vi ifcfg-eth0
Enable the network
Step 6.4 Press I to enter the editing mode and modify theto start
adapter
upon system
parameters of the corresponding network adapter. startup.
Sep 6.5 Press Esc to exit the editing mode. Set the IP address,
subnet mask, and
Enter :wq to exit the vi editor. gateway of the
network adapter.
Step 6.6 Restart the network adapter for the
settings to take effect.
service network restart.
Setting Network Parameters of the
Server (2)
Step 6 Set the fixed IP address and mask of the system. Assign a fixed IP address, subnet mask, and
gateway to the server as required. Network adapter
configuration
information
Step 6.7 Check whether the network

adapter settings take effect.
ifconfig
route -n
Step 6.8 To add the information about Route

configuration
the second network adapter (for information
example, eth1), repeat steps 6.1 to 6.7
and you only need to change eth0 in
the configuration items to eth1.
Quiz
1. Secomanager currently recommends image files ()
A. Euler 2.5
B. Euler 2.8
C. Suse 12
D. CentOS
Summary
 Operating procedures of physical machine installation operating system
Contents
Installing the SecoManager (1)
Step 1 Obtain the EasySuite installation tool and SecoManager software package from Huawei technical
support website.
Step 2 Get ready the EasySuite and log in to it.
Step 2.1 Decompress the EasySuite tool package SecoManager_EasySuite_Tools.zip to a specified directory,
for example, D:\SecoManager_EasySuite_Tools.
Step 2.2 Start the EasySuite service. Go to the EasySuite installation directory and execute the start.bat script as
the administrator.
Verify that the EasySuite is started successfully. If information similar to "Start the server successfully" is
displayed, the EasySuite service is started successfully.
Step 2.3 Access the EasySuite at https://localhost:19090.

Enter the user name and password on the login page. The user name is invariably admin and the default password is
Changeme_123.
You are required to change the password upon the first login. Set a new password based on the password rule and
use the new password to log in to the EasySuite again.
Step 3 Prepare the SecoManager software package.
Step 3.1 Copy the SecoManager_XXXX.zip installation package to the

SecoManager_EasySuite_Tools \var\software directory in the EasySuite installation directory.
Step 3.2 Decompress the SecoManager_XXX.zip

package to a local directory.
Step 3.3 Refresh the EasySuite page.
Step 4 Create a SecoManager installation task and execute the task.
Step 4.1 Create a SecoManager installation task. Log in to the EasySuite, and click New Project under
Installation.
Step 4.3 Select the CPU architecture type. To install ARM, select
Step 4.2 Enter basic task information. ARM. To install x86, select x86. Click Save and then Next. The
Configuration Plan page is displayed.
Step 4.4 Click Product Configuration, set parameters, and click Save (standalone).
The network adapter

The EasySuite uses this IP
name, IP address, and
address to communicate
subnet mask must be
with the SecoManager
the same as the actual
installation node.
ones.
Use the root user for the

first login. After security
hardening, use the
ossadm user to install the
SecoManager.
In a standalone system, the default

backup server is the local server.
After the installation is complete,
you can log in to the management
plane (https://IP address of the
northbound network
adapter:31945) to change the IP
address.
The configuration items of

the cluster are similar to those
of the standalone system.
Enter the information about
the network adapters of the
three servers according to the
actual situation.
Step 4.4 Click Product Configuration, set parameters, and click Save (cluster).
The IP address of the cluster backup

server can be the IP address of the
internal communication network
adapter of any node in the cluster.
After the installation is complete, you
can change the IP address on the
management plane
(https://Northbound floating IP
address:31945).
Step 4.5 Choose Software List > Software Package Verification > OK to check whether the software
package is complete.
After the check is complete, click Next. Passed
Failed
Note:
If the check result is displayed in red, the
Step 4.5 Check whether the settings are correct before check fails.
You are advised to rectify the fault based
the installation. on the error guide. Perform the installation
after the environment check is successful.
Passed
Failed
After the check is complete, click Next.
Step 4.6 Click Start Install. In the Confirm dialog box, click OK. Wait until the
installation is complete.
Step 5 Verify the installation.
After the installation and configuration tasks are complete, verify that you can log in to the
SecoManager.
Login URL: https://SecoManager northbound floating IP address for a cluster or IP address of the northbound
network adapter for a standalone system:31943
Default user name/password: admin/Changeme_123 (Change the password after login.)
Quiz
1. As for the secomanager independent deployment, the following statement is correct ()
A. CPU architecture type can be arm and x86
B. Stand alone environment supports single plane, double plane and three plane scenes
C. Five node independent cluster can be installed
D. Cluster environment supports single plane, double plane and three plane scenes
Summary
 How to install secomanager (independent deployment)
Contents
Step 1 Obtain the SecoManager software from the Huawei technical support website, including SecoManager-
xxx_for_DCN_x64.7z (software package) , SecoManager-xxx_for_DCN_x64.7z.cms and SecoManager-
xxx_for_DCN_x64.7z.crl (signature file).
Step 2 Log in to the Agile Controller-DCN management plane, choose Product >> Manage Software Packages,
and upload the product package and signature file. After the upload, the system automatically scans the files. If
automatic scanning is not started, click Scan to start it manually.
Step 2 Check the software package scanning process. In normal cases, the process reaches 100%.
Step 3 Choose Product > Software Management > Deploy Product Software.
Step 4 Click Install.
Step 5 Click Add and select the SecoManager software package.
Step 6 On the Scenario page, ensure that basesm is selected. Click OK to start the installation. The installation
takes about 20 minutes.
Step 7 Log in to the Agile Controller-DCN web

UI to check the installation result. Check whether
the Security page is displayed.
Quiz
1. Secomanager currently supports integrated deployment scenarios ()
A. Integrated deployment of imaster nce fabric controller
B. Integrated deployment of imaster nce campus controller
C. Integrated deployment of imaster nce IP controller
D. Integrated deployment of imaster nce-t controller
Summary
 Specific steps of secomanager product integration scenario installation
Contents
Checking the Failure Log (1)
If the installation fails, click Install of the corresponding task to view
the failure details.
Checking the Failure Log (2)
Navigate to the task details and view the error information.
Common Installation Faults (1)
The installation fails and the error message "Install bc-1.06.95-13.el7.x86_64.rpm
createrepo-0.9.9-23.el7.noarch.rpm
DeployAgent and Services failed" is displayed. deltarpm-3.6-3.el7.x86_64.rpm
hdparm-9.43-5.el7.x86_64.rpm
Check whether any basic dependency package is missing
iptables-services-1.4.21-13.el7.x86_64.rpm
against the list of components on which the system depends. ksh-20120801-22.el7.x86_64.rpm
libstdc++-4.8.3-9.el7.i686.rpm
1. Log in to the server as the root user.
libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm
2. Run the following command to check whether the RPM lm_sensors-libs-3.3.4-11.el7.x86_64.rpm
lsof-4.87-4.el7.x86_64.rpm
packages have been installed:
net-tools-2.0-0.17.20131004git.el7.x86_64.rpm
# rpm -qa Wildcard of the software package name sysstat-10.1.5-7.el7.x86_64.rpm
unzip-6.0-13.el7.x86_64.rpm
3. If an RPM package is not installed, copy it to the target vsftpd-3.0.2-9.el7.x86_64.rpm
environment. dos2unix-6.0.3-4.el7.x86_64.rpm
expat-2.1.0-8.el7.x86_64.rpm
4. Go to the directory where the RPM package is stored and expect-5.45-12.el7.x86_64.rpm
openssl-libs-1.0.1e-42.el7.x86_64.rpm
install the RPM package.
openssl-1.0.1e-42.el7.x86_64.rpm
# rpm -ivh Software package name --force --nodeps haveged-1.9.1-1.el7.x86_64.rpm
compat-libstdc++-33-3.2.3-72.el7.i686.rpm
5. Check whether the software package is installed
ntp-4.2.6p5-19.el7.centos.x86_64.rpm
successfully. glibc-2.17-78.el7.i686.rpm
# rpm -qa Software package name

The installation fails and the error message "execute cmd cd /opt/install && bash -l config_ICMR.sh OMP
failed" is displayed.
1. Check whether the system is configured with a fixed IP address and mask.
2. Check whether the system restart time exceeds 30 minutes.
3. Check whether the operating system version is supported.
The installation fails and the error message "upload XXX failed" is displayed.
1. Check whether the target operating system can be connected successfully.
2. Check whether the installation package exists under /var/software in the EasySuite directory.
The installation fails and the error message "set product failed" is displayed.
 Log in to the installation node and run the ping command to check whether the hosts in the cluster can
communicate with each other. If they cannot ping each other, rectify the network fault and try again.
 Run the ssh ossadm@IP address command on each node to check whether you can log in to other nodes.
IP address is the IP address of the node you attempt to log in to. If the login fails, rectify the login fault
and try again.
Quiz
1. The installation process failed with the error "upload XXX failed",The following statement is
wrong ()
A. Check whether the target operating system can connect normally.
B. Check whether the installation package exists in the easysuite directory / var / software.
C. Check that the system is configured with fixed IP and mask.
D. Check whether the system restart time is more than 30 minutes
Summary
 SecoManager installation FAQ location guide
Thank You
www.huawei.com

SecoManager V500R020C00 Software Installation

Uploaded by

Copyright:

Available Formats

You might also like

SecoManager V500R020C00 Software Installation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SecoManager V500R020C00 Software Installation

Uploaded by

Copyright:

Available Formats

Revision Record Do Not Print this Page

Course Code Product Product Version Course Version

SecoManager V500R020C00 1.0

Author/ID Date Reviewer/ID New/ Update

1. Before Your Installation

3. Installing the SecoManager (Independent Deployment)

4. Installing the SecoManager (Integrated Deployment)

5. Common Installation Faults

SecoManager_xxx.zip Installation package, used to install the SecoManager.

SecoManager_os_euler2sp5_x64_dvd1.is Euler OS image package, used to set up the Euler

During the SecoManager installation, the database GaussDB100 is automatically

Requirements on the installation executor (used to run the installation

Solution IP Address Plan

Internal communication channel Network

Server1 eth0: 192.168.12.10 Southbound floating IP address: 192.168.12.100

1. Before Your Installation

2. (Optional) Installing an Operating System on the Physical Machine Using an Image

3. Installing the SecoManager (Independent Deployment)

4. Installing the SecoManager (Integrated Deployment)

5. Common Installation Faults

Huawei FusionServer 2288H V5 (2288H

Log in as the root user and change the default password.

Step 6.7 Check whether the network

Step 6.8 To add the information about Route

1. Before Your Installation

3. Installing the SecoManager (Independent Deployment)

4. Installing the SecoManager (Integrated Deployment)

5. Common Installation Faults

Step 2.3 Access the EasySuite at https://localhost:19090.

Step 3.1 Copy the SecoManager_XXXX.zip installation package to the

Step 3.2 Decompress the SecoManager_XXX.zip

Step 3.3 Refresh the EasySuite page.

The network adapter

Use the root user for the

In a standalone system, the default

The configuration items of

The IP address of the cluster backup

After the check is complete, click Next.

A. CPU architecture type can be arm and x86

C. Five node independent cluster can be installed

1. Before Your Installation

3. Installing the SecoManager (Independent Deployment)

4. Installing the SecoManager (Integrated Deployment)

5. Common Installation Faults

Step 5 Click Add and select the SecoManager software package.

Step 7 Log in to the Agile Controller-DCN web

A. Integrated deployment of imaster nce fabric controller

B. Integrated deployment of imaster nce campus controller

C. Integrated deployment of imaster nce IP controller

D. Integrated deployment of imaster nce-t controller

1. Before Your Installation

3. Installing the SecoManager (Independent Deployment)

4. Installing the SecoManager (Integrated Deployment)

5. Common Installation Faults

# rpm -qa Software package name

2. Check whether the system restart time exceeds 30 minutes.

3. Check whether the operating system version is supported.

1. Check whether the target operating system can be connected successfully.

A. Check whether the target operating system can connect normally.