Net-Net® EMS 4000 and 9000 Installation Guide · PDF fileNet-Net® EMS Installation...

Net-Net® EMSInstallation Guide

Release Version 6.0 4000 and 9000

Acme Packet, Inc.71 Third AvenueBurlington, MA 01803 USAt 781-328-4400f 781-425-5507www.acmepacket.com

Last updated: July 16, 2008Document Number: 400-0059-60 Rev. 1.0.0

NoticesRed Hat and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc. in the United States and other countries.

Linux is a registered trademark of Linus Torvalds.

Solaris and Sun Fire are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates.

©2002—2008 Acme Packet®, Inc., Burlington, Massachusetts. All rights reserved. Acme Packet®, Session Aware Networking®, Net-Net,® and related marks are registered trademarks of Acme Packet, Inc. All other brand names are trademarks, registered trademarks, or service marks of their respective companies or organizations.

Patents Pending, Acme Packet, Inc.

The Acme Packet Documentation Set and the Net-Net systems described therein are the property of Acme Packet, Inc. This documentation is provided for informational use only, and the information contained within the documentation is subject to change without notice.

Acme Packet, Inc. shall not be liable for any loss of profits, loss of use, loss of data, interruption of business, nor for indirect, special, incidental, consequential, or exemplary damages of any kind, arising in any way in connection with the Acme Packet software or hardware, third party software or hardware, or the documentation. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so the above exclusions may not apply. These limitations are independent from all other provisions and shall apply notwithstanding the failure of any remedy provided herein.

Copying or reproducing the information contained within this documentation without the express written permission of Acme Packet, Inc., 71 Third Avenue Burlington, MA 01803, USA is prohibited. No part may be reproduced or retransmitted.

Acme Packet Net-Net products are protected by one or more of the following patents: United States: 7072303, 7028092, 7002973, 7133923, 7031311, 7142532, 7151781. France: 1342348, 1289225, 1280297, 1341345, 1347621. Germany: 1342348, 1289225, 1280297, 1341345, 1347621. United Kingdom: 1342348, 1289225, 1280297, 1341345, 1347621. Other patents are pending.

Proprietary & Confidential

Contents

About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Who is Acme Packet? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Customer Questions, Comments, or Suggestions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Contact Us . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

1 Installing Net-Net EMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Net-Net EMS and Net-Net 4000 SBC Compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Net-Net EMS and Decomposed Net-Net SBC Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . 12

Net-Net EMS and Net-Net 9000 SBC Compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Client Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Using the DNS Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Information You Need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Net-Net EMS Components Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Opening Ports on the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Reconnecting After Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Where to Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

About Net-Net EMS High Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Single Database Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Database Replication Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Installing Net-Net EMS High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Setting Up EMS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Determining the Status of the EMS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Upgrading to Release 6.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Before You Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Upgrade Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Backing Up the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Reinitializing the Linux Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Stopping MySQL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Release 6.0 Net-Net EMS Installation Guide 4000 and 9000 iii


CONTENTS

Installing Net-Net EM 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Upgrading Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Upgrading on the Local System and Migrating the Database . . . . . . . . . . . . . . . . . . . . . . .21

Upgrading on a Local System without Migrating the Database. . . . . . . . . . . . . . . . . . . . . .22

Upgrading from Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Upgrading from 4.X.X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Upgrading from 5.1 to 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Before a New Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Configuring Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Including the Linux Hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Disabling the Default HTTP Daemon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Configuring Solaris. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Using HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Installing HTTPS with Third-Party Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Certificate Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Creating nnems Group and User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Solaris. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Defining sudo Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Installing Net-Net EMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Using Graphical or Text Mode Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Stopping the EMS Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Accessing the Installation Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Database Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Graphical Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Database Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

HDR and Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

EMS HA Secondary Server and Mail Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

Testing and Starting the Net-Net EMS Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

Text Mode Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Setting Database Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Database Name and Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

HDR Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

HA Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Mail Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Installing or Upgrading the License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

Verifying the Client System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Installing the Java Runtime Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Verifying the Internet Explorer Browser Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Copying the .java.policy File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Disabling Proxy Server (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Creating Banner Text for the Login Screen (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

iv Net-Net EMS Installation Guide 4000 and 9000 Release 6.0


CONTENTS

Configuring the Net-Net SBC SNMP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

HTTPS Installation Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Self-signed Certificates: Standalone or Primary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Self-signed Certificates: Standby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Third-party X.509 Certificates: Standalone or Primary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Third-party X.509 Certificates – Standby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Third Party X.509 Certificate Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Certificate Acquisition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Server Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Client Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Importing Root Certificate for Internet Explorer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Importing Root Certificate for Firefox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Importing the EMS Server as a Secure Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Configuring the Server for HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Running the Configuration Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Self-Signed Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Third-Party X.509 Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Example for a Standby Server in EMS HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Copying the Truststore.tar File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Verifying the WebStart JRE Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Extracting the Truststore.tar File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Configuring HTTPS for EMS HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

About HTTPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Net-Net EMS Already Installed with HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Configuring the Primary Server for HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Example for a Standby Server in EMS HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Copying and Extracting the Truststore.tar file to the Client . . . . . . . . . . . . . . . . . . . . . . . . 83

Verifying the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Installing the Secondary EMS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Net-Net EMS Already Installed with HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Configuring the Secondary Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Getting the Truststore.truststore from the Primary EMS Server . . . . . . . . . . . . . . . . . . . . . 84

Running the HTTPS Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Transferring Truststore.truststore Back to Primary Server . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Copying and Extracting the Truststore.tar file to the Client . . . . . . . . . . . . . . . . . . . . . . . . 86

Verifying the Required Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Starting the EMS Servers and the Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Starting the Primary Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Starting the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Starting the Secondary Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Deploying Third-Party X.509 Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Release 6.0 Net-Net EMS Installation Guide 4000 and 9000 v


CONTENTS

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Renaming the Certificates and Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Install HTTPS Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Files Generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

Setting Up a EMS Standalone Server in HTTPS Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

Setting Up Two EMS HA Servers in HTTPS Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

Starting the Net-Net EMS Client and Connecting to the Server . . . . . . . . . . . . . . . . . . . . . . .91

Starting the Net-Net EMS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

HTTP Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

HTTPS Login Using Microsoft Internet Explorer 6.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

HTTPS Login Using Mozilla Firefox 1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94

Adding Text to the Login Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

Changing Login Protocols with Self-Signed Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Changing from HTTP to HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Changing from HTTPS to HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Uninstalling Net-Net EMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Uninstalling Net-Net EMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Uninstalling in Non-Graphical Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

2 Configuring Database Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Two-Way Database Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Resolving Data Conflicts After a Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Alternate Replication Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106

Before You Configure Database Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106

About Binary Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Configuring Database Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Pre-Requisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Configuring MySQL Replication and EMS HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Setting Up Two-Way Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

Setting Up One Way Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Verifying Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

Slave. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114

Deleting the Test Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114

Configuring Reverse Replication between Master and Slave. . . . . . . . . . . . . . . . . . . . . . . . .115

Verifying Reverse Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

Slave. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Deleting the Test Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

vi Net-Net EMS Installation Guide 4000 and 9000 Release 6.0


CONTENTS

Configuring Replication in WebNMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Running the EMS Servers in HA Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Checking Replication Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Checking Action Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Release 6.0 Net-Net EMS Installation Guide 4000 and 9000 vii


CONTENTS

viii Net-Net EMS Installation Guide 4000 and 9000 Release 6.0


About this Guide

The Net-Net® EMS Installation Guide explains how to install Net-Net Element Management System (EMS). Net-Net EMS is a network element (NE) management application for Acme Packet’s Net-Net family of session border controllers.

Who is Acme Packet?

Acme Packet enables service providers to deliver trusted, first class interactive communications—voice, video and multimedia sessions—across IP network borders. Our Net-Net family of session border controllers satisfy critical security, service assurance and regulatory requirements in wireline, cable and wireless networks. Our deployments support multiple applications—from VoIP trunking to hosted enterprise and residential services; multiple protocols—SIP, H.323, MGCP/NCS and H.248; and multiple border points—interconnect, access network and data center.

Established in August 2000 by networking industry veterans, Acme Packet is a public company trading on the NASDAQ and headquartered in Burlington, Massachusetts.

Customer Questions, Comments, or Suggestions

Acme Packet is committed to providing our customers with reliable documentation. If you have any questions, comments, or suggestions regarding our documentation, please contact your Acme Packet customer support representative directly or email [email protected].

Contact Us Acme Packet 71 Third AvenueBurlington, MA 01803 USAt 781 328 4400f 781 425 5077www.acmepacket.com

Version 6.0 Acme Packet, Inc. Technical Publications ix


http://www.acmepacket.com

http://www.acmepacket.com

mailto:[email protected]

ABOUT THIS GUIDE

x Net-Net EMS Installation Guide 4000 and 9000 Version 6.0


1 Installing Net-Net EMS

OverviewThis document explains how to install or upgrade Net-Net EMS in a Linux or Solaris operating system. You should review the compatibility table to ensure the version of Net-Net EMS you are installing is compatible with the software on the Net-Net Session Border Controllers (SBCs) you plan to manage.

Also, review the specific system and client requirements that have been certified for Net-Net EMS support by Acme Packet. Other hardware configurations might work with Net-Net EMS, but Acme Packet has verified the configurations described in this chapter.

Before You StartThis section contains the information you should review before you start the installation process.

Net-Net EMS and Net-Net 4000 SBC Compatibility

You should ensure that the version of Net-Net EMS you are using is compatible with the version of software on the Net-Net 4000 SBCs you plan to manage. The following table lists the released versions of Net-Net 4000 SBC software and indicates compatibility with the Net-Net EMS releases.

Net-Net EMS Versions

Net-Net SBC

1.3 2.0 2.1 2.1.1 4.0 4.1 4.2 4.3 5.0 5.1 6.0

1.00 N N N N N N N N N N N

1.1.0 N N N N N N N N N N N



1.3.0 Y N N N N N N N N N N


2.0.0 N Y N N Y Y Y Y Y Y Y

2.0.1 N N N N Y Y Y Y Y Y Y

2.1.0 N N Y N Y Y Y Y Y Y Y

2.1.1 N N N Y Y Y Y Y Y Y Y

2.2.0 N N N N Y Y Y Y Y Y Y

4.0 N N N N Y Y Y Y Y Y Y

4.1 N N N N N Y Y Y Y Y Y

Version 6.0 Acme Packet, Inc. Technical Publications 11


INSTALLING NET-NET EMS

Contact your Acme Packet representative if you have questions about compatibility between Net-Net EMS and Net-Net 4000 SBCs.

Net-Net EMS and Decomposed Net-Net SBC Compatibility

You should ensure that the version of Net-Net EMS you are using is compatible with the version of software on the Decomposed Net-Net SBCs you plan to manage. The following table lists the released versions of Net-Net 4000 SBC software and indicates compatibility with the Net-Net EMS releases.

Contact your Acme Packet representative if you have questions about compatibility between Net-Net EMS and Decomposed Net-Net SBCs.

Net-Net EMS and Net-Net 9000 SBC Compatibility

You should ensure that the version of Net-Net EMS you are using is compatible with the version of software on the Net-Net 9000 SBCs you plan to manage. The following table lists the released versions of Net-Net 9000 SBC software and indicates compatibility with the Net-Net EMS releases.

Contact your Acme Packet representative if you have questions about compatibility between Net-Net EMS and Net-Net 9000 SBCs.

4.1.1 N N N N N Y Y Y Y Y Y

4.1.4 N N N N N N N Y Y Y

5.0 N N N N N N N Y Y Y

5.1 N N N N N N N N N Y Y

5.1.1 N N N N N N N N N N Y

5.2 N N N N N N N N N N Y


Net-Net SBC

1.3 2.0 2.1 2.1.1 4.0 4.1 4.2 4.3 5.0 5.1 6.0


Net-Net SBC 5.1 6.0

4.5 Y Y

4.5.1 N Y


Net-Net SBC 5.0 5.1 6.0

5.0 Y Y Y

5.0.1 N Y Y

5.1 N N Y

5.11 N N Y

12 Net-Net EMS Installation Guide 4000 and 9000 Version 6.0



System Requirements

Acme Packet has certified the following hardware and software server platforms; and client requirements for use with Net-Net EMS 6.0.

Note: Other hardware configurations might work with Net-Net EMS, but Acme Packet has verified the configurations listed here.

Net-Net EMS 6.0 ships with an integrated MySQL database which is installed as part of the Net-Net EMS application installation.

Solaris • Dual 1.28 GHz UltraSPARC IIIi processors or greater

• 4 GB RAM minimum

• 2 x 73 GB hard drives

• DVD-ROM drive

• Solaris 9 or Solaris 10 operating system

Linux • Single Pentium IV processor 3 GHz or higher

• 4 GB RAM minimum

• 80 GB hard drive

• CD-ROM drive

• Linux Red Hat Fedora Core 4 or Red Hat Enterprise Linux AS v4.0

Client Requirements • Windows XP Service Pack 1, Service Pack 2, or Service Pack 3; or Windows 2000

• 512 MB RAM or greater

• Internet Explorer version 6.0 and higher or Mozilla Firefox versions 1.0 and higher

• JRE requirements (supplied with the Net-Net EMS installation software). Ensure that you only have one Java runtime allocated in WebStart. Check the WebStart Preferences to verify allocation.

– GUI: JRE version 1.5.0_14 and higher is supported

– SOAP XML Provisioning: JRE version 1.4.2_4 or 1.5.0_14 is supported

• If the server is not part of your DNS domain, the hosts file on each client must be edited to include the hostname and IP address of the EMS server. The client host file is usually located in the following directory:

windows\system32\drivers\etc

• X server software, if you plan to install from the client and start the EMS server using a remote terminal emulation program, such as Telnet or SSH. (Not required if you plan to install and start using a console window locally on a system with a monitor attached or if performing a non-graphical installation.)

You must configure the shell session on the server to support X Window applications; typically by setting the shell’s DISPLAY variable to the system from which the session is initiated. That system must also be running X server software. Go to www.x.org for more information about the X Window system. Contact your system administrator if you need assistance in setting the DISPLAY variable.




Using the DNS Database

All EMS servers and clients should be configured to use the DNS database for host name lookups. EMS servers should be defined in the DNS database; which is especially important for an EMS-High Availability (HA) setup.

If you are not using the DNS service, you must ensure the hosts file on all EMS servers and clients contain entries for the EMS server (for both EMS servers in an HA setup).

Note: If you want to connect to an EMS server over a Secure Sockets Layer (SSL) connection, you must have administrator privileges on the client system.

Information You Need

Ensure that you have identified the following information before you install:

• Hostname and IP address/netmask of the Net-Net EMS server, as well as the IP addresses of its gateway, subnet mask, and DNS server

• IP address for each Net-Net SBC

• SNMP community strings for each Net-Net SBC

Net-Net EMS Components Required

Ensure you have the following at hand:

• Net-Net EMS Release 6.0 CD-ROM.

• Net-Net EMS license file (AcmePacketNetNetEMS.xml) on the server

Opening Ports on the Firewall

If you have a firewall placed between the EMS server and the Net-Net SBC or between the EMS server and the EMS clients, you must ensure the following ports are open.

Port Number

Protocol Service ConfigurableImpacts Firewall

Purpose

Between EMS server and Net-Net SBC

161 UDP SNMP N Y SNMP read/write requests between the EMS server and the Net-Net SBC.

162 UDP SNMP N Y SNMP trap reporting from the Net-Net SBC to the EMS server.

514 UDP syslog N Y Fault logging between the EMS server and the Net-Net SBC.

3000 TCP Acme Control Protocol (ACP)

N Y

3001 TCP ACP N Y

Between EMS server and EMS clients

1098 TCP/SSL RMI N Y SSL RMI

1099 TCP/SSL RMI N Y RMI registry port. Used for the RMI communication between the client and the server. SSL is used only if HTTPs setup is enabled.




Either port 9090 (HTTP) or port 8443 (HTTPS) needs to be open on the firewall, depending on which one is chosen between the EMS client and server.

Reconnecting After Failover

Clients behind a firewall cannot automatically reconnect to a standby server when it becomes the primary server during an EMS server failover. You need to manually reconnect the client to the new primary server.

Where to Start If setting up Net-Net EMS high availability, review the information in the About Net-Net EMS High Availability section. Where you go next in the installation process depends on whether you are doing a new installation or an upgrade, and whether you are installing on a Linux or Solaris system.

Linux In a Linux operating environment, do one of the following:

• If setting up Net-Net EMS high availability, start at "About Net-Net EMS High Availability”on page 16.

• If you are upgrading from releases 4.2, 4.3, or releases 5.0 or 5.1 to Release 6.0, start at "Upgrading to Release 6.0”on page 19.

• If you are performing a new installation, start at "Configuring Linux”on page 27

Solaris In a Solaris operating environment, do one of the following:

• If setting up Net-Net EMS high availability, start at "About Net-Net EMS High Availability”on page 16.

• If you are performing a new installation, start at "Configuring Solaris”on page 28.

2000 TCP HTTP N Y NMS backend (BE) port. Used for the frontend and backend server communication.

8005 TCP HTTP N Y Shutdown port that is used by the shutdown script.

8009 TCP Apache N Y Tomcat port.

8443 TCP/SSL HTTPS N Y Apache port. HTTPS port for client/server communication.

9088 TCP HTTP N Y NMS frontend. The client connects to this port on the server.

9089 TCP HTTP N Y NMS frontend (secondary). The client connects to this secondary port on the server.

9090 TCP HTTP N Y Apache port. HTTP port for client/server communication.

9999 TCP ACP N Y Server monitor port used for server to server communication. Also the shutdown script uses this port.

Port Number

Protocol Service ConfigurableImpacts Firewall

Purpose




About Net-Net EMS High AvailabilityNet-Net EMS High Availability (HA) provides continuous management of your Net-Net EMS system. You can deploy HA as two servers with a single database, as two servers with two databases using two-way database replication, or two servers with two database servers with data replication from the primary to the standby database.

Single Database Deployment

You can set up two Net-Net EMS servers that have access to a single database server. One Net-Net EMS server acts as the primary server and the other as the secondary server. The primary server is the active server and the secondary server acts as a standby, providing backup to the primary. The server on which you start Net-Net EMS first becomes the primary server, this is the server to which users login.

The standby server monitors the database for heartbeats updated by the primary server at regular intervals to determine if the active server is still running. While in standby mode, the standby server is not fully operational; clients cannot login to it and it never writes to the database.

When the standby server determines that the active server is not running, it continues to try to determine the status of the primary server for a period of time that you define. If after that time period, the primary server is still not available, the standby server takes over its functions. Because the database employed is the same, the standby server connects to it upon failover.

You can use disk mirroring techniques to provide redundancy for the database itself, as both EMS servers are connected.




Database Replication Deployment

You can deploy an EMS HA configuration, in which each EMS server has its own database and those databases are configured to automatically replicate data between them. The database instances can reside on the same server as their corresponding EMS instances or can reside on their own servers. See "Configuring Database Replication”on page 105 for details about database replication and instructions for configuring database replication.

Installing Net-Net EMS High Availability

During the installation process you are prompted to set up time intervals for the standby server. When installing a server not configured for HA (a standalone server), this information is not needed.

These time intervals specify how frequently the secondary server, acting as the standby server, checks the database for heartbeat updates made by the primary server.

When the standby server sees updates from the active server have stopped, it continues to try to determine the status of the active server for the amount of time you enter in the Fail over interval field for the number of times you enter in the Retries field. For example, if you enter 15 for the fail over interval with three retries, the standby server tries to determine the status of the active server every 15 seconds. If, after 45 seconds (15 *3), the active server is still down, the standby server becomes the active server.

Complete the information in the Mail configuration section to receive an e-mail notice when the active server goes down.

Note: Ensure both the primary and the standby server are registered in the DNS database, so that name lookups of their hostnames will yield their correct IP addresses.

Setting Up EMS Servers

Setting up the EMS servers consists of installing the Net-Net EMS software on each server. During the installation process you define the time period for the standby server to determine the status of the active server. You can also receive an e-mail notice when the active server goes down.

Note the following:

• If you attempt to access the Net-Net EMS server (for example, you click Save to SD) while the active server is down and the standby server has not yet become the active server (the standby server is still attempting to determine the status of the active server), a “connection lost” message appears. If you obtain this message, try accessing the server again.

• If you try to modify configuration data when the active server goes down and the standby server has not yet become the active server, a message appears in the client. The client continues to try to update the database three times for 15 seconds.

• If communication to the database server is lost, the Net-Net EMS server shuts down and a message appears in the client.

• There are no geographical limitations to the location of each server.




Determining the Status of the EMS Servers

You can determine which server is acting as the primary server and which is acting as the standby server. The HA status of the server can be one of the following:

• Active which indicates that this server is the primary server.

• Standby which indicates that this server is the standby server.

• Shutdown which indicates that the server is not available.

To determine the status:

1. Log in as root user or nnems user and open a Terminal window.

2. Change to the directory where the Release 6.0 of Net-Net EMS was installed.

3. Change to the bin directory.

4. Execute the EMSHAConfigs script. For example:

./EMSHAConfigs.sh

Note that if you start Net-Net EMS on the primary server only (Net-Net EMS is no longer running on the secondary server), the following appears when you run the EMSHAConfigs.sh script:

Primary server

IP Address: 10.0.0.252

HA status: Active

Standby server

IP Address: 10.0.1.42

HA status: Shutdown




Upgrading to Release 6.0This section explains how to upgrade from release 4.2, 4.2, 5.0, or 5.1 on a Linux or a Solaris system.

Before You Upgrade

Before you start an upgrade to release 6.0, review the following preliminary information. Acme Packet recommends creating a backup of your 5.X database and saving it to a different server before you upgrade, even if not migrating the database to release 6.0.

Upgrade Summary Review the following summary before starting your upgrade.

• Backup the 4.x or 5.X database and place it in a secure location on a different server. Backing up the database is an important prerequisite to upgrading. You should also continue to make periodic backups of your database to ensure you always have a current copy of your information.

• Upgrade the operating system to Fedora Core 4 or Redhat Enterprise Linux AS4. if necessary.

• If you don’t plan to migrate your Linux MySQL database, reinitialize it.

• Install Net-Net EMS release 6.0.

Backing Up the Database

Create a backup of your 4.x or 5.X database and save it to a safe location on a different server.

Note: Do not provision Net-Net EMS while executing the backupDB.sh script.

To back up the database:

1. Log in to the EMS server as root user and open a Terminal window.

2. Change directory to WebNMS/bin:

cd /opt/R.5.0.0/WebNMS/bin

3. Stop the EMS server by using either of the following commands:

• stop_ems.sh (requires administrative password)

./stop_ems.sh <administrative password>

For example:

./stop_ems.sh admin

• ShutDown_NP.sh (no password required)

./ShutDown_NP.sh

Note: Any user with root privileges can use this script to stop the EMS server. You can delete this script after installation if you do not want all root users to have that capability. For Net-Net EMS HA pairs, you can only use this script on the active server.

4. Execute the backupDB.sh script. You can run the script without arguments to use the default directory. For example:

./backupDB.sh

The backup file will be saved to /WebNMS/backup.




or

You can create a custom directory for the backup file by entering the path. For example:

./backupDB.sh /etc/backupDB/

5. When prompted, enter the location of the database that you want to back up.

The script saves the database in a file with the following format:

BackUp_<Month><Day>_<Year>_<Hour>_<Minute>.data

For example:

Backup_MAR10_2008_17_36.data

Note: Do not rename the backup file.

Reinitializing the Linux Database

If you do not plan to migrate your 5.X Linux database to release 6.0, reinitialize it. Reinitializing a database permanently wipes-out all the data it contains.

Note: You should create a backup of your database and save it to a different server before reinitializing.

To reinitialize a Linux database:

1. Login as root user to the host system where Net-Net EMS is running.

2. Change directory to the WebNMS/bin directory. For example:


3. Enter the following command to reinitialize the database:

./reinitialize_nms.sh

You can install Net-Net EMS 6.0 and upgrade without migrating the 5.X database.

Stopping MySQL You need to stop the earlier release’s MySQL database after you stop Net-Net EMS when you upgrade. The procedure differs between those releases without an embedded database (pre-5.0) and releases with the embedded database (post-5.0).

• pre-5.0: identify the MySQL instance associated with MySQL and stop it using the following command:

./mysqladmin shutdown

Note: For release 4.3, change directory to usr/bin.

• post-5.0: stop the MySQL database using the following command located in the WebNMS bin directory:

./stopMySQL.sh

Installing Net-Net EM 6.0

Install Net-Net EMS on your EMS server. See "Installing Net-Net EMS" on page 30 for instructions about the graphical and text modes of installation.




Upgrading Linux This section contains the steps for different upgrade scenarios:

• local system with database migration

• local system without database migration

Upgrading on the Local System and Migrating the Database

The following instructions explain how to upgrade on a local system and migrate your 4.x.x or 5.0 database that resides on the same server as EMS. Ensure the EMS server and MySQL are stopped.

To upgrade on a local system:

1. Log into the host machine where Net-Net EMS is running as root user.



3. Start Net-Net EMS using the following command:

./start_ems.sh

4. When prompted about continuing with the automatic migration, enter Yes.

Note: Do not allow clients to log in at this time. On first start up after migration, the server completes the first phase of the migration. (This includes the creation of groups needed for new navigation, the association of these groups with previous managed objects, and the creation of the tree navigation for each user.)

5. Apply the license.

6. Change directory to the logs directory.

7. Review the mainOut.txt log file for the message that migration has completed successfully:

“CONFIGURATION MIGRATION COMPLETED..... WITH STATUS : true”

“DB Patch was applied....”

8. Change directory to the WebNMS/bin directory.

9. If using HTTPS, run the install_httpconfig.sh script to migrate the administrator password from the prior version to the current release.

10. Stop the server by using one of the following two scripts:



For example:

./stop_ems.sh admin


./ShutDown_NP.sh


During the shutdown the securityDB.xml file is synched up with the contents in the database. It is this process that ensures that user management credentials are properly updated.




11. Restart the EMS server. The local system starts with Net-Net EMS fully migrated and ready for use.

Upgrading on a Local System without Migrating the Database

Ensure you have reinitialized the 5.x database and have installed Net-Net EMS 6.0 before upgrading.





./start_ems.sh



6. Check the startems.out log for server status.

Net-Net EMS is installed with a clean database.

Upgrading from Solaris

This section contains steps to migrate the Solaris Oracle database from a 4.x.x or 5.0 release to release 6.0 MySQL embedded database.

Upgrading from 4.X.X To migrate the Oracle database:

1. Log into the host machine where EMS is running as root user.

2. Navigate to the EMS instance currently running.



4. Perform an EMS shutdown:

./stop_ems.sh admin

5. After the EMS server has shutdown, create a backup of the database by running ./backupDB.sh from the /opt/<EMS release>/WebNMS/bin directory. For example:

./backupDB.sh

Permission available, running as root user

Enter the target directory name (default ../backup):

Please wait ! Backup in Progress........................ O.K.

Backup data file “/opt/R_4.3.0_p1/WebNMS/backup/Backup_MAY24_2008_16_32.data successfully created and taking backup is completed.

6. Install Net-Net EMS 6.0 but do not start the EMS server.

7. Navigate to the Net-Net EMS installation WebNMS/bin directory.

#cd /opt/R_6.0.0/WebNMS/bin

8. Run ./restoreDB.sh to restore the ORACLE backed up database. For example:

# ./restoreDB.sh




*******************************************

* ACMEPacket: RestoreDB for Migration. *

* Warning!!! Attempting to restore the data!!! *

* This will result in loosing your current data!!! *

*Press Ctrl+c to quit the operation. *

Version 21/DEC/2006

*******************************************

Change directory and set up environment

Please select the EMS version to target for restoration

Options: EMS420, EMS430, EMS500, EMS510

: EMS430

Selected EMS430

Restoring data for MySQL database...

Database is not running

Attempting to start Database...


Log file written to /opt/R_6.0.0/WebNMS/acmePacketEMS/migration/conf_4_3_0

Starting msqld daemon with databases from /opt/netnetems/mysql

EMSDetails table does not exist.

Database is up and running

DB_SCHEMA_FILE=/opt/R_6.0.0/WebNMS/acmePacketEMS/migration/conf_4_3_0

You are prompted for the backup filename and path.

Please provide path and file name for db backup file

9. Enter the full path for the backup file. For example:

[Previous EMS Version]/WebNMS/backup/Backup_JUL24_2007_16_32.data

The database that was originally backed up from ORACLE is restored on the MySQL database using the MySQL schema files. If successful the following message is displayed at the end of restoration:



Please wait ! Restoring in Progress...................... O.K.

Restoring is Successfully completed.

Restoring current schema files ...


EMS server is not running, it is safe to stop the database instance.

Shutting down the database instance, please wait....

STOPPING server from pid file /opt/netnetems/mysql/mysql.pid

080524 17:22:13 mysql ended




10. If using HTTPS, run the install_httpconfig.sh script to migrate the administrator password from the prior version to the current release.

11. Start the EMS server.

./start_ems.sh

If a migration is required the following message appears:

# ./start_ems.sh

Checking for permissions.....

Permission available, running as "root" user

Start EMS

EMS server is not running.




Log file written to /opt/R_6.0.0/WebNMS/mysql/mysql.log

Starting mysqld daemon with databases from /opt/netnetems/mysql

WARNING: Database schema mismatch

Found database schema version 4.3.0

Found EMS version 6.0.0

Need to migrate to EMS schema version 6.0.0

Do you want to continue with automatic migration(y/n)

12. Enter y to start automatic migration. The migration process starts. For example:

Do you want to continue with automatic migration(y/n)

y

Continuing with the Database Migration

********************************************************

* ACMEPacket: DB Migration Tool Launcher. *

* This tool sets the environment for the Database *

* Migration tool *

* Press Ctl+c to quit the operation. *

* This script only targets migration to EMS600 *

* Version 21/DEC/2006 *

********************************************************


Please select the EMS version to target for migration

Options: EMS420, EMS430, EMS500, EMS510

: Selected 4.3.0

Loading schema:

/opt/R_6.0.0_JimTest/WebNMS/acmePacketEMS/conf/SchemaHistory_4.3.0_6.0.0.xml

===============================================================




DATABASE MIGRATION TOOL v4.3.0 - v6.0.0

===============================================================

Establishing Database Connection : [ SUCCESS ]

Database schema migration : | [ SUCCESS ]

.

Restoring data for restructured tables : [ SUCCESS ]

Update version information : [ SUCCESS ]

Creating Finalize_Migration_Required.txt :

Creating file for 6.0.0 4.3.0 [ SUCCESS ]

===============================================================

DATABASE MIGRATION HAS BEEN SUCCESSFULLY COMPLETED.

===============================================================


Starting the EMS server. Please check ../logs/startems.out file for server status

Sending output to nohup.out

The EMS server starts. If running with an X server, the license GUI appears. If running in non-graphical mode refer to "Text Mode Installation" on page 41.


The migration process completes. Review the mainOut.txt log for messages that all migration is complete and patches have been applied.





15. Stop the server by using one of the following two commands:



For example:

./stop_ems.sh admin


./ShutDown_NP.sh


16. Start the EMS server again using the following command:




./start_ems.sh

Net-Net EMS starts and the database is fully migrated and ready for use.

Upgrading from 5.1 to 6.0

To upgrade from 5.1 to 6.0:





./start_ems.sh

4. When prompted about continuing with the automatic migration, enter Yes.

Note: Do not allow clients to log in at this time. On first start up after migration, the server completes the first phase of the migration. (This includes the creation of groups needed for new navigation, the association of these groups with previous managed objects, and the creation of the tree navigation for each user.)


6. Review the mainOut.txt log file for the message that migration has completed successfully:




8. If using HTTPS, run the install_httpconfig script to migrate the administrator password from the prior version to the current release.

9. Stop the server by using one of the following two scripts:



For example:

./stop_ems.sh admin


./ShutDown_NP.sh


10. Restart the EMS server. The local system starts with Net-Net EMS fully migrated and ready for use.




Before a New InstallationThis section explains how to configure your operating system before you install Net-Net EMS for the first time. It includes pre-installation instructions for Linux and Solaris.

Contact your Acme Packet systems engineer for a copy of the latest EMS Best Current Practices document. It contains step-by-step instructions on how to install the Linux and Solaris operating systems.

Configuring Linux To configure Linux:

• Include the Linux host name

• Disable the default http daemon

Note: For an HA pair, you must install (but not necessarily run) MySQL on each EMS server.

Including the Linux Hostname

You must configure the Linux system hostname during the installation of the operating system. You can determine the hostname by using the hostname command on the Linux system. For example:

[bash]$ hostname

emssvr

You need to edit the /etc/hosts file to include the Linux system hostname in the following format:

The following example shows the inclusion of a server named emssvr with an IP address of 10.0.0.252:

[bash]$ cat /etc/hosts

#Do not remove the following line, or various programs

# that require network functionality will fail.

Disabling the Default HTTP Daemon

You need to disable the default http daemon process on the EMS server.

To disable the http daemon:

1. Log in as root user and open a Terminal window.

2. From the prompt, run the setup command.

The Choose a Tool screen displaying the type of services appears.

3. Select system services to refresh the list of system services available/running on the system.

4. If listed, deselect the httpd service.

5. Save the configuration.

6. Reboot the system. The http daemon process should be disabled.

<IP address> <hostname> <hostname>.local domain

127.0.0.1 localhost localhost.localdomain

10.0.0.252 emssvr emssvr.localdomain




7. Verify the daemon is disabled by making an HTTP query.

Configuring Solaris

Net-Net EMS is installed in the /opt directory. Acme Packet recommends partition at least 10 GB for the directory.

Using HTTPS If you plan to use HTTPS, you need to download OpenSSL and install it on the Net-Net EMS server before you install Net-Net EMS. Download the following OpenSSL file from www.openssl.org/source/:

openssl-0.9.7e.tar.gz

Follow the directions supplied by OpenSSL to install the files.

If you plan to use HTTPS, You need to configure the client to support it.

Installing HTTPS with Third-Party Certificates

You can use third-party X.509 certificates instead of using self-signed certificates for HTTPS communication. You can acquire certificates from an external certificate signing authority such as Verisign or from an in-house certificate signing authority. The typical deployment involves a chain of trust in which the certificate for a particular EMS server is signed by an intermediate authority. There might be a chain of such intermediate certificate authorities whose trustworthiness is ultimately established by a root certificate authority that is known to the client browser.

Net-Net EMS supports the use of Intermediate Certificate Authorities (CAs). Intermediate CAs represent the chain of trusted certificate authorities by which trust is established from the level of a signed certificate for an individual server up to a trusted Root CA whose trustworthiness is known to the browser.

Preparing for using third-party X.509 certificates with Net-Net EMS includes:

• Certificate acquisition

• Server preparation

• Client preparation

The certificates must be accessible on the EMS server because certificates are copied into the EMS installation area

Note: If you run the script as user nnems rather than as root ensure that any third-party certificate and key files required are readable by nnems user.

Certificate Acquisition You must acquire the server certificates and any intermediate certificates in the chain of trust for each EMS server. If deploying an EMS HA pair, you need to acquire the certificates for each of the EMS servers. The certificates for the chain of trust above the EMS server might be the same, but each EMS server certificate is distinct.

The EMS server certificate and key file must be in X.509 format, PEM-encoded, and not password-protected or encrypted (other than RSA 1024 or 2048). For example, des3 is not supported.

Intermediate certificates (if used) must be in X.509 format and PEM-encoded. Certificates in .pb7 or PKCS7 format are not supported. Also, the certificates must not be encrypted or password protected.




Creating nnems Group and User

For security reasons, you can create an account named nnems and a group named nnems. (You also have to have the UNIX sudo facility installed and define sudo privileges.) After the installation, all the installed files are owned by nnems. However, all files created by the main Net-Net EMS process while it is running (including log files) are owned by the root user. The main Net-Net EMS process has to run as root in order to have access to port 162.

Linux 1. Login as root.

2. Enter the following lines:

groupadd nnems

useradd -m -g nnems -d /home/nnems -s /usr/bin/bash nnems

passwd nnems

Solaris 1. Login as root.

2. Enter the following lines:

groupadd nnems

useradd -m -g nnems -d /export/home/nnems -s /usr/bin/bash nnems

passwd nnems

Defining sudo Privileges

You must have the UNIX sudo facility installed on the server for deployments with user nnems. The user nnems must be granted sudo privilege. The sudo facility comes by default with Fedora Core 4 and RHEL AS v4.0, but not on Solaris 9 or Solaris 10. If using the Solaris versions, download the utility from the Sun site. For example:

http://www.sun.com/software/solaris/freeware/

Define sudo privileges allowing the named user account to perform the following:

• mkdir

• rmdir

• chown

• chmod

• cp

• run scripts that allow the EMS core to start as root for access to the SNMP trap port and the syslog port

Login as root (Solaris login as “su -” or directly to root from the console) and add the following line to the sudoer configuration (use the visudo tool to make the addition):

<named user> <hostname>=(ALL) ALL

For example:

nnems myemshost=(ALL) ALL

The Net-Net EMS administrator will need to provide a sudo password when starting Net-Net EMS.




Installing Net-Net EMSThis section explains how to install Net-Net EMS on the EMS server. Most of the installation steps are the same for both the Linux and Solaris operating systems. However, several steps require that you enter information that is specific for both according to the operating system.

Using Graphical or Text Mode Installation

You can install Net-Net EMS using the graphical or the text mode. The graphical mode uses a graphical interface to prompt you for the required installation information. The text mode is a question and answer session that prompts you for the required installation information.

Stopping the EMS Server

You must stop the EMS server before you install Net-Net EMS. You can stop the server by using one of the following two scripts located in the /WebNMS/bin directory of the running Net-Net EMS release:



For example:

./stop_ems.sh admin


./ShutDown_NP.sh


Accessing the Installation Script

To access Net-Net EMS installation script:

1. On the EMS server, log in as root and open a Terminal window.

Note: You need to have Superuser privilege to install Net-Net EMS through a terminal using a local or remote connection.

2. Change to the Net-Net EMS installation directory:

• Linux CD-ROM

cd /media/cdrecorder

• Solaris CD-ROM

cd /cdrom/cdrom0

You now install Net-Net EMS using either the graphical or text installation mode.

Database Security You can increase the security of the MySQL database during the Net-Net EMS installation process to ensure that the data contained in the MySQL database is protected by:

• Limiting access to the MySQL EMS data store to a named user other than root

• Guiding the user in creating a secure database user password during the installation




• Preventing unrestricted global access to the Net-Net EMS database

• Ensuring that only the Net-Net EMS application can connect to the EMS database

• Binding the database to the local host when Net-Net EMS is installed in a simplex deployment using “ –bind-address=<IP>”. You bind the database to the local host when you choose to restrict database access to the local host and enter “localhost” as the database server address.

This enhanced database security also ensures that Net-Net EMS cannot be modified or rendered inoperable. When installed the Net-Net EMS:

• Connects to the database with a uniquely named user other than root

• Restricts write access to Net-Net EMS files

You configure the database security enhancements by setting specific database parameters while performing a graphical or non-graphical Net-Net EMS installation. You can restrict access to the database to a specific server, a specific user, or both.

Note: When upgrading from a pre-5.0 version of the database, you need to use the database instance name that already exists in the older database.

Graphical Installation

1. Execute the install.sh script from the command line.

A message appears indicating the Install Shield Wizard is being initialized and the Welcome screen appears.




2. Click Next. The Acme Packet License Agreement screen appears.

3. Choose I accept the terms of the license agreement and click Next. The Readme screen appears.

4. Review the Readme and click Next. The Directory Name screen appears.

5. Retain the default directory of /opt/R_<version>/WebNMS or enter a different directory path. You can also click Browse to select a different directory.

Note: If you do not use the default directory, you must enter or choose a directory path that has WebNMS as the last entry in the path. For example:

/myDirectory/EMS6.0.0/WebNMS/




The Software already installed/new software screen appears.

6. Review the list of software that appears in this screen.

The upper section displays the versions of Net-Net EMS installed in the target directory. The lower section displays the Net-Net EMS version that will be installed in the target directory.

7. Click Next. The System Requirements screen appears. This screen displays system settings such as platform, operating system, hard disk space, RAM size, and EMS size.




8. Click Next. If your system does not have sufficient disk space, an error message appears and the installation process ends. Otherwise, the summary information screen appears.

9. Review the location for the installation and the features being installed and click Install. The Net-Net EMS installation process begins.




After the Net-Net EMS installation is completed, the Database Parameter setup screen appears.

Database Parameters 1. Enter the IP address of the database server in the Database server address field. If the database resides on the same server as Net-Net EMS, use the default value for the server’s IP address.

2. Select database user name and password for accessing the database. The default MySQL database name is NetNetDB, the default username is root and there is no password.

3. Skip to step

To restrict database access to a specific server:

1. In the Database Parameter Setup window, click the local host only checkbox.

Note: Do not click the local host only checkbox if a remote instance of the Net-Net EMS application, such as a standby server in an HA pair, will need access to the database being installed on this server.

2. Enter the IP address of the server from which you want to allow access. You can also use the string “localhost” or the loopback address 127.0.0.1. For example:

• If you want to restrict database access to a specific server using the server IP address, click the local host only checkbox and enter the IP address as the database server address.

• If you want to bind the database to the local host when installing in a simplex deployment, click the local host only checkbox and enter “localhost” as the database server address.

To restrict access to a specific user:

1. In the Database Parameter Setup window, click the named user only checkbox.

2. Enter the username.




Note: If you are upgrading from a previous version of Net-Net EMS and plan to migrate the database contents, you must use the same database username/password that is already configured in the previous installation.

3. Enter the password for the user following the appropriate guidelines.

• 3 character minimum

• 32 characters maximum

• 1 alphabetical character minimum

• 1 numeric character minimum

• 1 punctuation character minimum

You cannot repeat an alphanumeric character more than 3 times in a row.

4. Confirm the password.

5. Click Next. If you have not followed the password guidelines, an error message appears:.

6. Click Yes if you want to use the password you entered or click No to clear the message and re-enter your password.

Note: If you enter a username without checking the named user only checkbox, Net-Net EMS creates an account for the username you entered as well as an account for root user.




To restrict access to a specific server and user:

1. Check both the local host only and named user only checkboxes and enter the appropriate information.

HDR and Firewall 1. Click Next. The Historical Data Recording (HDR) collection path screen appears.

2. Retain the default path to the HDR collection file location or enter the path and filename and click Next. The NAT Firewall support screen appears.

3. If you have a firewall between the client and the EMS server that performs NAT, you must choose the NAT firewall option. The IP address textbox is activated.

4. Retain the IP address or edit the textbox.




5. Click Next. The EMS HA Secondary Configuration Setup screen appears.

Note: When installing a primary server or a server not configured for HA (a standalone server), this information is not needed.

EMS HA Secondary Server and Mail Configuration

To install a secondary server, you need to configure the Fail over interval and Retries values. The secondary server checks a field in the database at a regular interval to determine if the primary server is running. After the secondary server determines that the primary server is not running, it continues to determine the status of the primary server: for the amount of time you entered in the Fail over interval field and for the number of times you entered in the Retries field

For example, if you enter 15 for the fail over interval and 3 for the number of retries, the secondary server tries to determine the status of the primary server every 15 seconds. If, after 45 seconds (15 *3), the secondary server cannot determine the status of the primary server; the secondary server becomes the primary server.

1. Enter the length of time in seconds for the intervals between the secondary server’s checks of the primary server’s status in the Fail over field.

2. Enter the number of times you want the secondary server to check the primary server status in the Retries field.




3. Complete the information in the Mail configuration section to receive an e-mail notice when the primary server goes down and for use when configuring alarms to generate e-mail.

Note: You can change e-e-mail settings after installation by editing the FailOver_STANDBY.xml file in the WebNMS/conf directory.

4. Click Next.

If you are upgrading, a message appears indicating that you must migrate your database. For more information about migrating the database, refer to "Upgrading on the Local System and Migrating the Database”on page 21.

5. Click OK to clear the message. The Summary information screen appears.

6. Click Finish. The Net-Net EMS installation is complete.




Testing and Starting the Net-Net EMS Installation

You can then test whether the Net-Net EMS installation was successfully completed on the EMS server.

1. Ensure you have the AcmePacketNetNetEMS.xml license file on the server.


3. Change directory to the folder where the Net-Net EMS software was installed.

4. Change directory to WebNMS/bin. For example:

cd /opt/R_6.0.0/WebNMS/bin

5. Execute the start_ems.sh script. For example:

./start_ems.sh

The software license agreement screen appears.

6. Choose I accept the license agreement and click Next.

The License installation window appears.

7. Click Browse to navigate to the directory where you placed the AcmePacketNetNetEMS.xml license file.

8. Select the AcmePacketNetNetEMS.xml file and click Open.




Click Next. The License details screen appears, displaying the user and company name details.

9. Click Confirm. A license confirmation message about applying the license appears.

10. Click Yes.

11. After the server comes up, open a Web browser from a client system and connect to the server using one of the following address format:

http://<EMS server IP address>:9090

https://<EMS server IP address>:8443

Text Mode Installation

The process for installing Net-Net EMS in text mode on Linux or Solaris is the same. The examples of installation screens in this section are for a Linux installation. Your screens might differ if installing on Solaris.

1. Ensure you are root user.

2. Type the following command at the prompt to start the installation.

./install.sh –console




The following screen appears.

The Installation starts with a welcome screen.




3. Press Enter to continue. The license screen appears.

4. Press Enter to scroll through the license text or enter q and press Enter to continue. You are prompted about license acceptance.




5. Enter 1 and press Enter to choose the I accept the terms of the license agreement option.

6. Press Enter to continue.

7. Press Enter again to continue. The Readme file option appears. If the readme file is not present, a message will be displayed. If the readme file exists it will be displayed.




8. Press Enter to continue. The following screen appears.

9. Retain the default destination directory or enter a new one and press Enter.

10. Press Enter again. The software version you are installing is displayed.




11. Press Enter to continue. The following summary information appears.

12. Press Enter to continue. The following screen displaying a message about where the software will be installed and the size of the software appears.




13. Press Enter to continue. The following screen displaying an installation progress bar appears.

The installation takes approximately 10 minutes and as the installation proceeds the progress bar changes. After the installation completes, you setup your database parameters.




Setting Database Access

You can allow access to the database to all hosts and users, or you can restrict database access to one or both of the following:

• local host: bind the database to the local host when installing in a simplex deployment

• specific user:

To allow access to the database:

1. Press Enter to accept the default value Allow any IP address. You are prompted about user access to the database.

2. Press Enter to accept the default value. You are prompted for the database address.

To restrict database access to the local host:

1. Enter 1 to choose Restrict database access to local host only.

Note: Do not restrict database access to the local host only if a remote instance of the Net-Net EMS application, such as a standby server in an HA pair, will need access to the database being installed on this server.

2. Press Enter.

3. Press Enter again to confirm the selection. You are prompted about user access to the database.

To restrict database access to a specific user:

1. Enter 1 to select Restrict database access to named user only.

2. Press Enter.

3. Press Enter again to confirm the selection. You are prompted for the database address.







Database Name and Address

1. If you did not choose to restrict database access to the local host, enter the database address you want to specify or the loopback address 127.0.0.1.

2. Press Enter. You are prompted for the database name.




3. Retain the default database name or enter a new one and press Enter. You are prompted for the username.




4. Enter the specific username and press Enter. You are prompted for a password.

Note: If you are upgrading from a previous version of Net-Net EMS and plan to migrate the database contents, you must use the same database username/password that is already configured in the previous installation.

5. Enter the password for the user following the appropriate guidelines.

• 3 character minimum

• 32 characters maximum

• 1 alphabetical character minimum

• 1 numeric character minimum

• 1 punctuation character minimum

You cannot repeat an alphanumeric character more than 3 times in a row.

6. Confirm the password.

7. Press Enter. If you have not followed the password guidelines, an error message appears.

8. Enter Yes to continue using the password you entered or No to re-enter your password. (If you need to re-enter your password, you are returned to the first set of database parameter setup questions.)

9. Press Enter.




10. Press Enter again. You are prompted for HDR collection information.

HDR Collection 1. Retain the default location for the collection file that will hold the HDR data or enter the path to a different location and press Enter. You are prompted for the frequency at which you want data purged from the file.




2. Retain the default value or enter a new purge frequency in minutes and press Enter. You are prompted for the number of days at which the data is purged.

3. Retain the default or enter the and press Enter.

4. Press Enter again. You are prompted for firewall information.




5. If you do not need firewall support, press Enter to accept the default. Skip to configuring HA setup.

or

To use firewall support, enter 2 to choose the NAT firewall option and press Enter. The selection changes on the screen.

6. Press Enter to continue. You are prompted for the IP address of the system running the firewall service.




7. Enter the IP address for the NAT firewall and press Enter.

8. Press Enter to continue. EMS HA configuration setup appears.




HA Setup 1. Retain the default value of 15 for the Failover interval and press Enter. Or enter the value you want and press Enter. You are prompted for a value for Retries.

2. Retain the default value of 3 and press Enter or enter a different value and press Enter. You are prompted to setup the mail configuration.




Mail Configuration 1. Enter Y and press Enter if you want to setup the mail configuration. You are prompted for the mail server address.

2. Press Enter to accept the default or enter a different address and press Enter. You are prompted for the mail recipient (To) information.




3. Press Enter to accept the default or enter a different recipient and press Enter. You are prompted for the sender (From) information.

4. Press Enter to accept the default or enter a different sender and press Enter. You are prompted for subject information.




5. Press Enter to accept the default or enter a different subject and press Enter. You are prompted for body information.

6. Press Enter to accept the default or enter a different body and press Enter.

7. Press Enter again to complete the installation. The following screen appears.

8. Press Enter to exit the installation wizard.




Installing or Upgrading the License

You must install or upgrade your Net-Net EMS license before you start the Net-Net EMS server.

To install or upgrade the Net-Net EMS license:

1. Change to the directory where you installed the Net-Net EMS software. For example:


2. Change directory to the bin directory. For example:

cd /bin

3. Enter the following command:

./UpgradeLicense.sh TextMode

You are prompted for the path to the license file is located.

Please input the license file path & name

4. Enter the file path and license file name and press Enter. For example:AcmePacketNetNetEMS.xml

/opt/Licenses/AcmePacketNetNetEMS.xml

The Upgrade License Console appears displaying the license summary information

You are prompted about applying the license.

Do you want to apply the selected license? [Yes|No]

5. Enter Yes to apply and press Enter. The license is installed/upgraded.

6. Restart the EMS server.

./start_ems.sh

7. After the server comes up, open a Web browser from a client system and connect to the server using one of the following address format:

http://<EMS server IP address>:9090https://<EMS server IP address>:8443




Verifying the Client System Settings

You should verify the client system has the required settings to connect to the EMS server. You need to have the Net-Net EMS CD-ROM at hand while verifying the client settings.

To verify the client system settings:

1. Click Start->Run to access the Run window.

2. Enter command (or cmd) in the text box.

A command window is opened.

3. Enter the java –version command.

Check that the first line of the command output contains version 1.5.0:

java version “1.5.0****””

The “*****” means any number(s) or character(s) and its presence indicates that the JRE is already installed.

• If the first line contains the Java version information, you can proceed to verifying the browser settings if you are using an Internet Explorer browser. See "Verifying the Internet Explorer Browser Settings”on page 62.

• If the first line does not contain the Java version information, you need to install the JRE available on the Net-Net EMS CD-ROM. See "Installing the Java Runtime Engine”on page 62.

Note: Net-Net EMS requires JRE version 1.5.0_14_b13. Refer to the next section for installation instructions.

Installing the Java Runtime Engine

If the JRE is not already installed on your system, you can install the version available on the Net-Net EMS CD-ROM (or you can download it from the Sun Microsystems Web site). You need administrator privileges to install the JRE.

1. Double-click the j2re-1_5_0_14-windows-i586-p.exe and follow the default instructions.

2. Verify the installation of the JRE.

From here, you need to perform the following:

• Verify the browser settings by following the steps in the next section.

• Copy the .java.policy file located on the Net-Net EMS CD-ROM to your local drive.

Verifying the Internet Explorer Browser Settings

If using Internet Explorer as your browser, you need to verify the following settings.

1. Open the Internet Explorer browser.

2. Choose the Tools menu and click Internet options.

3. Choose the Security tab.

4. Choose the Local intranet option and click Custom Level.

5. Enable the following options (if not already enabled) then click OK.

• Run ActiveX controls and plug-ins under ActiveX controls and plug-

ins

• Active Scripting and Scripting of Java applets under Scripting

6. Choose the Internet option on the Security tab and click Custom Level. (This step is required if the client system accesses the EMS server via the Internet.)




7. Enable the following options (if not already enabled,) then click OK.

• Run ActiveX controls and plug-ins under ActiveX controls and plug-

ins

• Active Scripting and Scripting of Java applets under Scripting

8. Click OK on the Internet options window to close it.

Copying the .java.policy File

The .java.policy file provides settings which allow a client connection to be re-established to a backup server if a failover occurs on the EMS system. These settings are also important to support the Net-Net EMS client inactivity timer. You need to unzip the .java.policy file located on the CD-ROM, or in the directory in which the tar file was extracted, to your personal Documents and Settings folder. For example:

C:\Documents and Settings\<user name>

Disabling Proxy Server (Optional)

Follow these steps if your client system is configured as a proxy server and you do not want to use it for connecting with the Net-Net EMS server.

1. Open the Internet Explorer browser.

2. Choose the Tools menu and click Internet options.

3. Click the Connections tab on the Internet options screen.

4. Click LAN Settings and then click Advanced.

5. Enter the Net-Net EMS server IP address in the Exceptions panel.

6. Click OK.

7. Click OK on the Internet options window to close it.

Creating Banner Text for the Login Screen (optional)

You can create a text file called disclaimer.txt to display banner text on the screen when you login to the Net-Net EMS server from the client. (You can also create banner text using the Net-Net EMS GUI.)

To create the disclaimer.txt file:

1. Create a text file called disclaimer.txt and enter the text you want displayed on the login screen.

2. Copy the disclaimer.txt file to the <ADVENTNET_HOME>/conf directory. For example:

WebNMS/conf




Configuring the Net-Net SBC SNMP InterfaceThis section provides an example of how to configure the trap receiver and SNMP community in the Net-Net SBC to point to the EMS server. You need to configure these objects to enable Net-Net EMS to provide fault management (SNMP traps), performance management statistics, and inventory control (SNMP) for this specific Net-Net SBC.

You need to have Superuser privilege to configure your Net-Net SBC through a terminal by way of a local or remote connection.

To configure the SNMP interface:

1. Connect to the Net-Net SBC and login.

2. Enable Superuser mode. For example:

User Access Verification

Password: <User Mode password>

ACMEPACKET> enable

Password: <Superuser Mode password>

ACMEPACKET#

3. Execute the configure terminal command.

ACMEPACKET# configure terminal

4. Execute the system command.

ACMEPACKET(configure)# system

5. Execute the trap-receiver command.

ACMEPACKET(system)# trap-receiver

6. Enter the following information:

• ip-address <EMS server IP address>

• filter-level <value>

• community-name <value>

For example:

ACMEPACKET(trap-receiver)# ip-address 10.0.0.1

ACMEPACKET(trap-receiver)# filter-level all

ACMEPACKET(trap-receiver)# community-name acme

7. Create a trap receiver for each EMS server.

8. Enter done. For example:

ACMEPACKET(trap-receiver)# done

9. Enter exit to return to the system level.

ACMEPACKET(trap-receiver)# exit

10. Execute the snmp-community command.

ACMEPACKET(system)# snmp-community





• ip-address <EMS server IP address> or a list of IP addresses. For Net-Net 9000, ip-addresses add

• community-name <value>

• access-node <value> (leave at its default value)

For example:

ACMEPACKET(snmp-community)# ip-address 10.0.0.1

ACMEPACKET(snmp-community)# community-name acmepacket


ACMEPACKET(snmp-community)# done

13. Enter exit to return to the system level.

ACMEPACKET(snmp-community)# exit

14. Execute the system-config command.

ACMEPACKET(system)# system-config


ACMEPACKET(system-config)# snmp-enabled enabled


ACMEPACKET(system-config)# done

17. Verify the information.

18. Execute the save-config command (for Net-Net 9000, the save config command).

ACMEPACKET(snmp-community)# save-config

19. Execute the activate-config command to ensure SNMP is enabled (for Net-NEt 9000, the activate command).

ACMEPACKET# activate-config

20. Enter the reboot command (no need to reboot Net-Net 9000).

ACMEPACKET(snmp-community)# reboot

After the Net-Net SBC system restarts, execute the show running-config command. The output should contain a trap receiver and SNMP community objects with the information you just configured.

Note: For Net-Net 9000, you need to enable.SOAP XML. See the SOAP XML Provisioning API User Guide.




HTTPS Installation ChecklistThis section provides a summary checklist of HTTPS installation steps.

Self-signed Certificates: Standalone or Primary

This section summarizes installing HTTPS for standalone EMS or primary EMS in an EMS/HA Environment using legacy self-signed certificates (not third-party X.509 certificates).

1. Install EMS using the GUI or textmode installer.

2. Run install_httpconfig.sh

3. Copy Truststore.tar to the client machine Java runtime lib/security directory.

4. Untar Truststore.tar. This action creates Truststore.truststore and PrimaryTrans.key for the standalone/primary EMS server.

5. Ftp or unzip the appropriate java.policy file in the client machine’s Java runtime lib/security directory.

6. Verify that EMS starts and runs properly.

Self-signed Certificates: Standby

This section summarizes installing HTTPS for an EMS standby server in an EMS HA environment using legacy self-signed certificates (not third-party X.509 certificates).

1. Install EMS on the standby server using the GUI or text mode installer.

2. Copy Truststore.truststore from WebNMS/conf on the primary EMS server to WebNMS/acmePacketEMS/Truststore.truststore on the standby EMS server.

3. Run install_httpconfig.sh -- this time, supplying the location and filename of the Truststore.truststore file just copied. Use the same passwords as were used in the installation on the primary EMS server.

4. Shut down EMS on the primary server.

5. Rename the Truststore.truststore file in WebNMS/conf on the primary EMS server to Truststore_backup.truststore,

6. Copy the updated Truststore.truststore file from WebNMS/conf on the standby EMS server to WebNMS/conf on the primary EMS server.

7. Copy the updated Truststore.tar file from WebNMS/conf on the standby EMS server to the client machine’s Java runtime lib/security directory.

8. Start the EMS primary server.

9. Start the EMS standby server




Third-party X.509 Certificates: Standalone or Primary

This section summarizes installing HTTPS for an EMS standalone server or primary server in an EMS HA environment using third-party X.509 certificates.


2. Acquire the X.509 certificate and key for the standalone/primary EMS host. The common name used in the certificate should be the DNS name of the EMS server host machine. You will need to supply this common name when running the install_httpconfig.sh script.

3. If intermediate certificate authorities (CAs) are being used, acquire the X.509 certificates for the intermediate CAs and the Root CA. Concatenate these into a “chain” file that defines the chain of trust from the EMS server certificate up to the Root CA.

4. Copy the EMS server certficate and key files to a location that can be accessed by the root or nnems user who will run the install_httpconfig.sh script. The destination names must be EMSServer.cer and EMSServer.key.

5. Copy the “chain” file to a location that can be accessed by the root or nnems user who will run the install_httpconfig.sh script – the same location as the certificate and key files is OK but not required.

6. Ensure that the location(s) and files you just copied are accessible with read access to the user who will run the install_httpconfig.sh script.

7. Run install_httpconfig.sh following the Advanced usage parameters instructions.

8. Copy Truststore.tar to the client machine Java runtime lib/security directory.

9. Untar Truststore.tar. This action creates Truststore.truststore and PrimaryTrans.key for the standalone/primary EMS server.

10. FTP or unzip the appropriate java.policy file in the client machine’s Java runtime lib/security directory.

11. Verify that EMS starts and runs properly.

Third-party X.509 Certificates – Standby

This section summarizes installing HTTPS for an EMS standby server in an EMS HA environment using third-party X.509 certificates.

1. Install EMS on the standby server using the GUI or text mode installation.

2. Acquire the X.509 certificate and key for the standalone/primary EMS host. The common name used in the certificate should be the DNS name of the EMS server host machine. You will need to supply this common name when running the install_httpconfig.sh script.

If intermediate certificate authorities (CAs) are being used, it is possible that the “chain” file that was created on the primary server can also be used on the standby server if the “chain” file defines the appropriate chain of trust from the standby EMS server up to a trusted root CA. If the primary EMS server’s “chain” file is unsuitable, acquire the X.509 certificates for the intermediate CAs and the Root CA. Concatenate these into a “chain” file that defines the chain of trust from the EMS server certificate up to the Root CA.

3. Copy the EMS server certficate and key files to a location that can be accessed by the root or nnems user who will run the install_httpconfig.sh script. The destination names must be EMSServer.cer and EMSServer.key.




4. Copy the “chain” file to a location that can be accessed by the root or nnems user who will run the install_httpconfig.sh script – the same location as the certificate and key files is OK but not required.

5. Ensure that the location(s) and files you just copied are accessible with read access to the user who will run the install_httpconfig.sh script.

6. Copy Truststore.truststore from WebNMS/conf on the primary EMS server to WebNMS/acmePacketEMS/Truststore.truststore on the standby EMS server.

7. Run install_httpconfig.sh again following the Advanced Usage parameters instructions but this time supplying the location and filename of the Truststore.truststore file just copied. Use the same passwords as were used in the installation on the primary EMS server.

8. Shut down EMS on the primary server.

9. Rename the Truststore.truststore file in WebNMS/conf on the primary EMS server to Truststore_backup.truststore,


11. Copy the Truststore.tar file from WebNMS/conf on the standby EMS server to the client machine’s Java runtime lib/security directory.

12. Untar Truststore.tar. This action creates Truststore.truststore that applies to both the primary and standby EMS servers. It also creates SecondaryTrans.key that applies to the standby EMS server.

All of the following should now be present in the client machine’s Java runtime lib/security directory:

• Truststore.truststore: updated common truststore file

• PrimaryTrans.key: transport key for the primary EMS server (still present from when the primary-only Truststore.tar file was untarred)

• SecondaryTrans.key: transport key for the standby EMS server (recently untarred from the Truststore.tar from the standby EMS server).

If PrimaryTrans.key is missing, copy it from WebNMS/conf on the primary EMS server.

13. Start the EMS primary server.

14. Start the EMS standby server.




Third Party X.509 Certificate PreparationPreparing for using third-party X.509 certificates with Net-Net EMS includes:

• Certificate acquisition

• Server preparation

• Client preparation

Certificate Acquisition

You must have acquired the server certificates and any intermediate certificates in the chain of trust for each EMS server. If deploying an EMS HA pair, you need to acquire the certificates for each of the EMS servers. The certificates for the chain of trust above the EMS server might be the same, but each EMS server certificate is distinct.

The EMS server certificate and key file must be in X.509 format, PEM-encoded, and not password-protected or encrypted (other than RSA 1024 or 2048). For example, des3 is not supported.

Intermediate certificates (if used) must be in X.509 format and PEM-encoded. Certificates in .pb7 or PKCS7 format are not supported. Also, the certificates must not be encrypted or password protected.

Server Preparation The install_httpconfig.sh script copies the EMS server certificate and key and any intermediate certificates into the EMS installation area. Put the server certificate file and key file into one directory using the following naming conventions:

• EMSServer.cer

• EMSServer.key

A parameter in install_httpconfig.sh file specifies the absolute path where these files are located.

If using intermediate certificates, ensure a single “chain” file is available on the EMS server. The “chain” file contains a concatenation of the Root CA certificate and the intermediate certificate(s) in X.509 format and PEM-encoded. A .p7b or PKCS7 format is not supported. The certificates within the “chain” file must not be encrypted or password protected.

The following example illustrates the creation of the “chain” file from a root certificate file and an intermediate certificate file:

# cp root-ca-cer.pem CAChain.crt

# cat int-ca-cer.pem >>CAChain.crt

You can give the file any name; the absolute path and filename of the “chain” file are specified in the install_httpconfig.sh file. The install_httpconfig.sh script reads these files; put them in a location with suitable permissions.

If running the install_httpconfig.sh script as user nnems (the special-purpose non-root user used for running EMS), the location and permissions must allow read access by user nnems in group nnems.




Client Preparation Client preparation for compatibility with third-party X.509 certificates includes the following steps.

• Importing the root certificate authority certificate into the browser as a Trusted Root CA

• Importing the EMS server certificate into Java Webstart as a Trusted Secure Site

Please note that these client preparation steps are in addition to the existing client preparation steps involving the Truststore.tar file and the java.policy file.

Importing Root Certificate for Internet Explorer

To import the root certificate:

1. Choose Internet Options from the Tools menu. The Internet Options window appears.

2. Click the Content tab.




3. Click Certificates. The Certificates window appears.

4. Click the Trusted Root Certification Authorities tab. A table of certificates appears.




5. Click Import. The Certificate Import Wizard appears.

6. Click Next. The File to Import window appears.

7. Enter the name of the root certificate authority certificate, including the full path or click Browse to locate the file. For example:

In this example, the certificate file has the extension .pem). To ensure all files appear in the file list; select All Files (*.*) from the Files of type list.




8. Click Next. The Certificate store window appears.

9. Ensure Automatically select the certificate store based on the type of certificate is selected.

10. Click Next. The Completing the Certificate Import Wizard screen appears.

11. Click Finish.




Importing Root Certificate for Firefox

To import the root certificate:

1. Choose Options from the Tools menu. The Options window appears.

2. Click Advanced. The Advanced window appears.




3. Click the Encryption tab. The encryption options appear.

4. Click View Certificates. The Certificate Manager appears.




5. Click the Authorities tab. The list of certificates appears.

6. Click Import. The Select file window appears.




7. Choose the certificate assigned to you and click Open. The Downloading Certificate window appears.

8. Leave all checkboxes blank and click OK. The certificate you downloaded appears in the Certificate Manager list.

9. Click OK.




Importing the EMS Server as a Secure Site

To import the EMS server:

1. Open the Java Webstart Java Application Cache Viewer.

2. In the Edit menu, choose Preferences to open the Java Control Panel.

3. In the Java Control Panel, click the Security tab.

4. Click Certificates.

5. On the Certificates screen, choose Secure Site from the list.

6. Click the User tab.

7. Click Import.

8. In the Open dialog, select the certificate file of the EMS server certificate and click Open. You need to select All Files as the type in the Files of type list.

The import occurs immediately and the Certificates screen displays the newly imported certificate among the secure sites.

Configuring the Server for HTTPSThis section explains how to configure the server to support HTTPS. You need to run the install_httpconfig.sh script, transfer the Truststore.tar file from the server to the client system, access WebStart to verify the JRE directory being used, and extract the Truststore.trustore certificate and keys to that directory on the client.

If you are using third-party X.509 certificates, you need to include additional parameter information with the install_httpconfig.sh script.

Running the Configuration Script

You run the install_httpconfig.sh script to configure the support of HTTPS. The procedure differs when using third-party X.509 certificates.

Self-Signed Certificates

If using self-signed certificates, you need to run the install_httpconfig.sh script with the following parameters to configure HTTPS support:

./install_httpconfig.sh <admin passwordd> https <password>

• <admin password> is the same password used to with the stop_ems.sh command

• <password> is required only when the protocol is https

The password is the password of the Truststore file. It is also used in creating the self-signed server and transport certificates. For HTTPS with EMS HA, an optional fourth parameter is used to specify the truststore file that should be updated.

Third-Party X.509 Certificates

If using third-party X.509 certificates, you need to run the install_httpconfig.sh script with the following parameters to configure HTTPS support:

./install_httpconfig.sh <admin password> https <password> <truststore_path>|none <common_name> <certificate_path> fq_pathname_intermediate_ca_file|none

• <admin password>: is the same password used to with the stop_ems.sh command




• <password>: password for the truststore file and the transport certificate. The same password must be used for both EMS servers in an EMS HA deployment. Example: Key123

• <truststore_path>: when installing on the primary EMS server in an EMS HA installation, specify none for this parameter. When installing on the standby EMS server in an EMS HA installation, specify the pathname of the existing truststore file (copied from the EMS HA primary server) to which the certificates of the secondary EMS server will be added. You must manually copy this updated truststore file back to the primary EMS server. The Truststore.tar file generated on the standby server must also be copied to the client machine(s) and unpacked there.

Example: ./acmePacketEMS/Truststore.truststore

• <common_name>: specified when the third-party X.509 certificate was generated for the EMS server.

Example: emsserver.acmepacket.com

• <certificate_path>: path in which you have manually placed the third-party X.509 server certificate and key. This is the absolute path where the appropriate files named EMSServer.cer and EMSServer.key can be found and copied. In an EMS HA installation, the same naming convention is used for both the primary and standby EMS server. However, the files supplied must be the certificate and key file for the particular server with the server-specific files renamed to comply with the naming convention.

Example: /home/nnems/EMSCerts

• fq_pathname_intermediate_ca_file: fully-qualified pathname of a single file that contains the chain of trusted intermediate certificate authorities. Specify none if intermediate CA is not used.

Example: /home/nnems/EMSCerts/CAChain.crt

The following example shows the syntax for a standalone or a primary server in EMS HA deployment:

# ./install_httpconfig.sh admin https key123 mimosa.acmepacket.com /home/nnems/EMSCerts /home/nnems/EMSCerts/CAChain.crt

Example for a Standby Server in EMS HA

The following example shows the syntax for a standby server in EMS HA deployment:

# ./install_httpconfig.sh admin https key123 ./acmePacketEMS/Truststore.truststore reposado.acmepacket.com /home/nnems/EMSCerts /home/nnems/EMSCerts/CAChain.crt

When configuring a standby server, the certificate and key files for the standby server must be copied to the location (/home/nnems/EMSCerts in this example) on the standby server host machine with the conventional names EMSServer.cer and EMSServer.key.

The same passwords must be used on the standby server as on the primary server.

The Truststore.truststore file generated on the primary EMS server must be copied to the standby server. The path and filename of this copied Truststore.truststore file must be specified in the truststore_path parameter. In this example, the truststore file was copied to the WebNMS/acmePacketEMS directory in the installation area of the standby EMS server.




When the install_httpconfig.sh script is run, it acquires the user-supplied certificate and key and stores them in the EMS Apache subdirectory tree. The common name is also used in generating the self-signed Transport certificate and key (AdventNet constructs).

Copying the Truststore.tar File

A certificate called Truststore.tar was generated in the directory where you installed Net-Net EMS. For example:

/opt/R_6.0.0/WebNMS/conf

Transfer this file to the client system and place it in the JRE directory to which your WebStart navigates.

Verifying the WebStart JRE Directory

To verify the JRE directory:

1. On the client, click Start, then All Programs, and choose Java Web Start from the list.

or

Double-click on your desktop (if present).

The Java Web Start Application Manager appears:

Note: If Java Web Start does not appear in the list of programs, then most likely the correct JRE is not installed on the client system. Refer to "Installing the Java Runtime Engine”on page 62 for information about installation.




2. Choose Preferences from the File menu. The Java Web Start Preferences window appears:

3. Click the Java tab.

Note: Ensure you have only the Java runtime version required for Net-Net EMS enabled.

4. Expand the Command column to view the directory path where Java Web Start is installed:

C:\Program files\Java\j2re1.5.0_14\bin\javaw.exe

Note: If you do not see this exact path displayed, most likely the correct version of the JRE is not installed on the client system.

5. Make a note of the directory path. You will extract the content of the Truststore.tar file to the j2re1.5.0_14\lib\security subdirectory.

6. Exit out of the Java Web Start Application Manager.

Extracting the Truststore.tar File

To extract the Truststore.tar file:

1. On the client system, navigate to the JRE \lib\security subdirectory. For example:

C:\Program files\Java\j2re1.5.0_14\lib\security

2. Extract the content of the Truststore.tar file. For example, use Winzip to extract the Truststore.tar file. The following files should be placed in the directory:

• Truststore

• PrimaryTrans.key

• SecondaryTrans.key if EMS HA

3. Start the Net-Net EMS client and connect to the EMS server using the HTTPS protocol. See "Starting the Net-Net EMS Client and Connecting to the Server" on page 91 for details.




Configuring HTTPS for EMS HAThis section explains how to configure HTTPS for EMS HA. If you are deploying third-party X.509 certificates, see "Deploying Third-Party X.509 Certificates" on page 88.

About HTTPS Support

HTTPS support for EMS HA means:

• The Truststore.truststore file must contain both primary and secondary HA server certificates and keys. For example, Primary.cer, Primary.key and Secondary.cer, Secondary.key.

• Once fully populated, the Truststore.truststore file must be copied to both the primary and secondary EMS servers as well as the JRE security on the client.

• When the secondary server comes up it is responsible for getting the primary server credentials from the RDBMS and then through a secure RMI call, establish a connection to monitor the primary using a keep alive message.

Note: If the Truststore.truststore files on both the primary and secondary servers are not the same, the secure RMI call fails and the secondary server assumes that the primary is down and attempts to come up as the primary.

Net-Net EMS Already Installed with HTTPS

If you have already installed Net-Net EMS with the HTTPS protocol, you can run the install_httpconfig.sh script to switch to HTTP mode.

1. Change directory to the [Installation_Home]/WebNMS/bin directory.

# cd [Installation_Home]/WebNMS/bin

2. Run the install_httpconfig.sh script in the and choose the HTTP mode.

# [root@PrimaryHost bin]./install_httpconfig.sh http <Enter>

You can now configure the primary server for HTTPS.

Configuring the Primary Server for HTTPS

You run the install_httpconfig.sh script to configure the primary EMS server for HTTPS. Save the output of the script for future reference.

Note: If you run the script as user nnems rather than as root ensure that any third-party certificate and key files required are readable by nnems user.

To configure the primary server for HTTPS:



2. Run the install_httpconfig.sh script and choose the HTTPS mode, providing a preferred key as shown in the following example.

# [root@PrimaryHost bin]./install_httpconfig.sh https key123456

The PrimaryTrans.cer, PrimaryTrans.key, Truststore.truststore and Truststore.tar files are created in the [Installation_Home]/WebNMS/conf directory.

You now copy the Truststore.tar file to the client. You have to copy the Truststore.tar file to the client for each install you do.




Example for a Standby Server in EMS HA

The following example shows the syntax for a standby server in EMS HA deployment:

# ./install_httpconfig.sh admin https key123 ./acmePacketEMS/Truststore.truststore mimosa.acmepacket.com /home/nnems/EMSCerts /home/nnems/EMSCerts/CAChain.crt

When configuring a standby server, the certificate and key files for the standby server must be copied to the location (/home/nnems/EMSCerts in this example) on the standby server host machine with the conventional names EMSServer.cer and EMSServer.key.

The same passwords must be used on the standby server as on the primary server.

The Truststore.truststore file generated on the primary EMS server must be copied to the standby server. The path and filename of this copied Truststore.truststore file must be specified in the truststore_path parameter. In this example, the truststore file was copied to the WebNMS/acmePacketEMS directory in the installation area of the standby EMS server.

When the install_httpconfig.sh script is run, it acquires the user-supplied certificate and key and stores them in the EMS Apache subdirectory tree. The common name is also used in generating the self-signed Transport certificate and key (AdventNet constructs).

Copying and Extracting the Truststore.tar file to the Client

You need to copy the Truststore.tar file created on the primary EMS server to the client computer and extract it to the JRE /lib/security directory.

To copy and extract the Truststore.tar file:


./start_ems.sh

2. Copy the Truststore.tar file to the client.

3. On the client, navigate to the JRE \lib\security subdirectory. For example:


4. Extract the content of the Truststore.tar file. For example, use Winzip to extract the Truststore.tar file.

Verifying the Configuration

To verify the configuration:

1. Open a browser.

2. Connect to the Net-Net EMS server using the following address format:


3. A Security Alert screen (Internet Explorer) or Website Certified by an Unknown Authority screen (Mozilla Firefox) appears.

4. Choose the appropriate security information.

5. In the Login screen, enter your user name and password and click LOGON. (The default username is admin, with a default password of admin.)

6. Check that the client can connect successfully and the EMS application is downloaded.

7. If the client is able to connect and the application loads, shut down the client and then bring down the primary EMS server.




You can now install and configure the secondary EMS server.

Installing the Secondary EMS Server

You install Net-Net EMS on the secondary server and choose HTTP as the protocol.

1. Log into the secondary EMS server with root privileges.

2. Start the Net-Net EMS installation.

3. Complete the Net-Net EMS installation.

You can now configure the secondary EMS server for HTTPS.

Net-Net EMS Already Installed with HTTPS



2. Run the install_httpconfig.sh script in the and choose the HTTP mode.

# [root@PrimaryHost bin]./install_httpconfig.sh <admin password> http <Enter>

You can now configure the secondary server for HTTPS.

Configuring the Secondary Server

You run the script to configure the secondary EMS server for HTTPS providing it with the Truststore.trustore file generated on the primary server. This process appends the secondary certificate and key to the Truststore.truststore file. Run the install_httpconfig.sh script in the [Installation_Home]/WebNMS/bin directory and choose the https mode, providing a preferred key and the Truststore.trustore file generated on the Primary EMS server.

Getting the Truststore.truststore from the Primary EMS Server

To get the Truststore.trustore file from the primary EMS server:

1. Change directory to the acmePacketEMS directory on the secondary EMS server.

# cd [Installation_Home]/WebNMS/acmePacketEMS

2. Start a FTP session to the primary EMS server by providing user and password to log-in

# [root@SecondaryHost acmePacketEMS] ftp PrimaryHost

3. Change directory to the [Installation_Home]/WebNMS/conf directory.

# ftp> cd [Installation_Home]/WebNMS/conf

4. Set the binary mode

# ftp> bin

5. Get the Truststore.truststore file.

# ftp> get Truststore.truststore

6. Close the FTP session.

# ftp> quit <Enter>




Running the HTTPS Script

You run the install_httpconfig.sh script to configure the secondary EMS server for HTTPS. You need to provide the following inputs:

• Protocol: https.

• Key: same key used for the primary server. For example, key123456.

• Truststore file: the Truststore.trustore file from the primary server.

The script configures HTTPS support for an EMS that will initially come up as a stand-by server. Also, the secondary EMS HTTPS credentials are added to the Truststore.truststore file. You need to transfer this final version and its Truststore.tar file back to the primary server and the client.

To run the HTTPS script:



2. Run the install_httpconfig.sh script and choose the https mode. You need to include a preferred key.

# [root@SecondaryHost bin]./install_httpconfig.sh <admin password> https key123456 [Installation_Home]/WebNMS/acmePacketEMS/Truststore.truststore

You can now transfer the Trustore.tar file back to the primary server and the client.

Transferring Truststore.truststore Back to Primary Server

You need to transfer the Truststore.trustore file created on the secondary server back to the primary server and replace the file existing in the [Installation_Home]/WebNMS/conf directory.

1. Log into the primary EMS server.

2. Change directory to the installed [Installation_Home]/WebNMS/conf directory

# cd [Installation_Home]/WebNMS/conf

3. Backup the existing Truststore.truststore file

# [root@PrimaryHost conf] mv Truststore.truststore Truststore_Backup.truststore

4. Start a FTP session to secondary EMS machine, providing the user and password to log-in.

# [root@PrimaryHost conf] ftp SecondaryHost

5. Change directory to the [Installation_Home]/WebNMS/conf directory.

# ftp> cd [Installation_Home]/WebNMS/conf

6. Set the binary mode

# ftp> bin <Enter>

7. Get the Truststore.truststore file.

# ftp> get Truststore.truststore

8. Close the FP session.

# ftp> quit

You can now copy the Truststore.tar file to the client.




Copying and Extracting the Truststore.tar file to the Client

You need to copy the Truststore.tar file created on the secondary EMS server to the client computer and extract it to the JRE /lib/security directory.

To copy and extract the Truststore.tar file:


2. On the client, navigate to the JRE \lib\security subdirectory. For example:


3. Extract the content of the Truststore.tar file. For example, use Winzip to extract the Truststore.tar file.

Verifying the Required Files

You should verify that you have the following files required for EMS HA in the client’s JRE /lib/security directory:

• PrimaryTrans.key

• SecondaryTrans.key

• Truststore.truststore

Starting the EMS Servers and the Client

You can now start the primary server, the client, and the secondary server.

Starting the Primary Server

Start the primary EMS server and wait until it is ready to service port 8443.

To start the server:



3. Change directory to WebNMS/bin. For example:


4. Execute the start_ems.sh script. For example:

./start_ems.sh




Starting the Client To start the client:

1. Open a browser.

2. Connect to the Net-Net EMS server using the appropriate address format:

• self-signed certificates: https://<EMS server IP address>:8443

• third-party X.509 certificates: https://<domain name>:8443

3. A Security Alert screen (Internet Explorer) or Website Certified by an Unknown Authority screen (Mozilla Firefox) appears when logging in using a self-sgined certificate.

4. Choose the appropriate security information.

5. In the Login screen, enter your user name and password and click LOGON. (The default username is admin, with a default password of admin.)

6. Check that the client can connect successfully and the EMS application is downloaded.

Starting the Secondary Server

Start the secondary EMS server using the same procedure you used to start the primary server. The secondary server checks the database, finds the primary credentials and attempts to connect to the primary server. When connection is made, the secondary EMS server only starts the standby hot server service to monitor the primary server’s health.

The system is not running in HA mode and the client application will indicate to the end user that it is attempting to switch over server in the event that the primary fails. Because two certificates are contained in the Truststore.truststore, this is not a transparent mechanism. You will have to acknowledge failure messages and accept a new certificate.




Deploying Third-Party X.509 CertificatesYou must deploy any third-party X.509 certificates you are using. If you are not familiar with third-party X.509 certificates, see your system administrator.

Prerequisites • The certificate should be imported on the client machines. Refer to your system administrator if you have questions about what certificates have been imported to your machine.

• The certificates and the key must be available on EMS server (and on two servers in the case of EMS HA). For example:

[sgupta@fedora-ems2 certs]$ pwd

/home/sgupta/certs

[sgupta@fedora-ems2 certs]$ ls -ltr

-rw-r--r-- 1 root root 1675 May 20 18:07 server-001-cacert-key.pem

-rw-r--r-- 1 root root 1992 May 20 18:25 server-001-cacert.pem

-rw-r--r-- 1 root root 4801 May 20 18:29 CAChain.cer

That means you might have tree files, a certificate for the server, a key for the server and a certificate (CAChain.cer in this example) from an intermediate authority which might be authorized to issue the certificates.

Renaming the Certificates and Key

Rename the server certificate and the key as follows under the same directory:

server-001-cacert.pem=>EMSServer.cer

server-001-cacert-key.pem=> EMSServer.key

Note: The files should be renamed for primary and standby EMS servers if EMS HA is to be set up and shouldn’t be mistaken with the primary server.

Install HTTPS Script

The script install_http.sh processes the additional inputs required to support the external certificates as follows:

install_http.sh <protocol> <password> <truststore_path> <common_name> <certificate_path> <fq_pathname_intermediate_ca_file>

• protocol: HTTP or HTTPS

• password: required for HTTPS only

• truststore_path: required only for standby server in EMS HA, otherwise none

• common_name: generally associated with the certificates. For example, emsserver1.acmepacket.com

• certificate_path: directory where the server certificate and key are stored as EMSServer.cer and EMSServer.key

• fq_pathname_intermediate_ca_file: full path of the certificate given by an intermediate authority, otherwise none




Files Generated The following files are be generated under /opt/R_6.0.0_f2/WebNMS/conf directory:

• Truststore.tar

• Truststore.truststore

Setting Up a EMS Standalone Server in HTTPS Mode

To set up a standalone server:

1. Install Net-Net EMS 6.0 and select default security options for the embedded MySQL server. You can choose any user name and password.

2. Change directory to /opt/R_6.0.0_f2/WebNMS/bin.

3. Run install_https.sh with the proper inputs.

./install_http.sh <protocol=https> <password=key1234> <truststore_path=none> <common_name=fedora-ems2.acmepacket.com> <certificate_path=/home/sgupta/certs> <fq_pathname_intermediate_ca_file=/home/sgupta/certs/CAChain.cer>

4. Change directory to /opt/R_6.0.0_f2/WebNMS/conf directory.

5. FTP Truststore.tar file to the client system.

6. Unzip the file using Winzip. PrimaryTrans.key and Truststore.truststore files are generated.

7. Copy the PrimaryTrans.key and Truststore.truststore files to the lib/security directory on each client machine. For example:

C:\Program Files\Java\jre1.5.0_14\lib\security.

In this example JRE1.5.0_14 is installed on the clients. Substitute the appropriate information if you are using a different version of JRE.

Setting Up Two EMS HA Servers in HTTPS Mode

To setup up two servers:

1. Install EMS 6.0 on the primary server and select default security options for the embedded MySQL server. You can choose any user name and password.

2. Change directory to /opt/R_6.0.0_f2/WebNMS/bin.


./install_http.sh <protocol=https> <password=key1234> <truststore_path=none> <common_name=fedora-ems2.acmepacket.com> <certificate_path=/home/sgupta/certs> <fq_pathname_intermediate_ca_file=/home/sgupta/certs/CAChain.cer>

4. Install Net-Net EMS 6.0 on the standby server. Select default security options for the embedded MySQL server.

5. Enter the appropriate IP address.

6. Choose the same user name and password as you did for the primary server.

7. On the standby server, change directory to /opt/R_6.0.0_f2/WebNMS/acmePacketEMS/conf.

8. FTP the Truststore.truststore file from the /opt/R_6.0.0_f2/WebNMS/conf directory on the primary server.

9. On the primary server, rename Truststore.truststore file to Truststore.truststore.original.

10. On the standby server, change directory to /opt/R_6.0.0_f2/WebNMS/bin.





./install_http.sh <protocol=https> <password=key1234> <truststore_path=/opt/R_6.0.0_f2/WebNMS/acmePacketEMS/conf/Truststore.truststore> <common_name=fedora-ems3.acmepacket.com> <certificate_path=/home/sgupta/certs> <fq_pathname_intermediate_ca_file=/home/sgupta/certs/CAChain.cer>

12. On the standby server, change directory to /opt/R_6.0.0_f2/WebNMS/conf directory.

13. FTP the Truststore.truststore file to the primary server under /opt/R_6.0.0_f2/WebNMS/conf.

14. FTP the Truststore.tar file available in the /opt/R_6.0.0_f2/WebNMS/conf directory on the primary server to the client machine.

15. Unnzip the Truststore.tar file. PrimaryTrans.key and Truststore.truststore will be generated.

16. Copy only the PrimaryTrans.key to the lib\security directory. For example:

C:\Program Files\Java\jre1.5.0_14\lib\security

17. FTP the Truststore.tar file available in the /opt/R_6.0.0_f2/WebNMS/conf directory on the standby server under to the client machine.

18. Unzip the Truststore.tar file. SecondaryTrans.key and Truststore.truststore will be generated.

19. Copy both files to the lib\security directory. For example:

C:\Program Files\Java\jre1.5.0_14\lib\security

20. On the primary server, change directory to /opt/R_6.0.0_f2/WebNMS/bin.

21. Run start_ems.sh and apply EMS license.

22. Ensure that the server starts up and the client can connect to the server on port 8443.

23. On the standby server, change directory to /opt/R_6.0.0_f2/WebNMS/bin.

24. Run start_ems.sh and apply the EMS license.

25. Ensure that the EMS server starts up as standby server.




Starting the Net-Net EMS Client and Connecting to the ServerFollow the instructions in this section to start the Net-Net EMS client and log in to the server.

If logging into Net-Net EMS when third-party X.509 certificates are used for HTTPS access, specify the hostname in DNS name format. Otherwise, the HTTPS you will have to click through security warnings about hostname mismatch between common name in the certificate and the IP address specified in the JNLP.

Starting the Net-Net EMS Client

You can start the Net-Net EMS client by using either the HTTP or HTTPS login:


https://<EMS server IP address>:8443 (self-signed certificates)

https://<domain name>:8443 (third-party X.509 certificates)

Note: If using third-party X.509 certificates, use the DNS name of the host such as emsserver.acmepacket.com instead of the IP address. Then it matches the common name in the certificate.

HTTP Login To access the Net-Net EMS GUI:

1. Open a Web browser.

2. Connect to the Net-Net EMS server using one of the following address formats:


The Login screen appears.

Note: If you have created the disclaimier.txt file to display banner text on the login screen, you login screen will look different.

3. Enter your user name and password and click LOGON. (The default username is admin, with a default password of admin.)




HTTPS Login Using Microsoft Internet Explorer 6.0

The process for a secure login using Microsoft Internet Explorer 6.0 includes first accepting or rejecting the security certificate.

Note: When you log into EMS should specify the hostname in DNS name format if third-party X.509 certificates are used for HTTPS access. Otherwise, the you encounter security warnings about hostname mismatch between common name in the certificate and the IP address specified in the JNLP.

To login using Microsoft Internet Explorer 6.0:

1. Open Microsoft Internet Explorer 6.0.



A Security Alert screen appears if you are using self-signed certificates:

3. Click Yes to continue. The Warning - Security screen appears:




4. Click one of the following:

• Yes to accept the security certificate for this session only and to access the Login screen.

• No if you want to reject the security certificate and discontinue the login process.

• Always to permanently accept the security certificate, prevent this screen from appearing, and access the Login screen.

• More Details for more information.

If you choose Yes or Always, the Login screen appears.





HTTPS Login Using Mozilla Firefox 1.0

The process for a secure login using Mozilla Firefox 1.0 includes first accepting or rejecting the security certificate.

Note: When you log into EMS should specify the hostname in DNS name format if third-party X.509 certificates are used for HTTPS access. Otherwise, the you encounter security warnings about hostname mismatch between common name in the certificate and the IP address specified in the JNLP.

To login using Mozilla Firefox 1.0:

1. Open Mozilla Firefox 1.0.



A Website Certified by an Unknown Authority screen appears if you are using self-signed certificates.:

3. Click one of the following options and click OK:

• Accept the certificate permanently

• Accept the certificate temporarily for the session (this window will appear each time you login).

• Do not accept the certificate and do not connect to the Web site

If you choose to accept the certificate permanently or temporarily, the Security Warning appears:




4. Ensure the checkbox is marked if you want this warning to appear each time you view an encrypted page. If you deselect the checkbox, this warning will not appear again.

5. Click OK to clear the Security Warning. The Opening WebNMS.jnlp window appears:

6. Click Open it with the default application (JNLPFile) and Always perform this action when handling files of this type. This popup will not appear next time you connect.

7. Click OK. The Warning - Security screen appears:

8. Click one of the following:

• Yes to accept the security certificate for this session only and to access the Login screen.

• No if you want to reject the security certificate and discontinue the login process.

• Always to permanently accept the security certificate, prevent this screen from appearing, and access the Login screen.

• More Details for more information.




If you choose Yes or Always, the Login screen appears.


Adding Text to the Login Screen

You can add text to the login screen as a banner that is displayed when you login using the Net-Net EMS GUI. If you have added text by creating the disclaimer.txt file, you can edit the content using the GUI.

To add text to the login screen:

1. From the Tools menu, choose Login Banner. The Login Banner window appears.




2. Enter the text you want to display or click Browse to navigate to a text file to use for text. If you use a text file, you can edit the contents from the window.

3. Click Apply to apply your text. The next time you access the login window the text will appear.

If the text exceeds 12 lines, a scroll bar will be displayed.




Changing Login Protocols with Self-Signed Certificates

You can change the login protocol after you install Net-Net EMS. By default, the login protocol is installed as HTTP. The following steps assume you are using self-signed certificates.

Changing from HTTP to HTTPS

To change from HTTP to HTTPS:

Each time your run the script for HTTPS, you generate a new certificate.

1. Stop the EMS server.

2. Run the install_httpconfig_sh script and provide the administrator protocol and secure key of 6 or more characters. For example:

./install_httpconfig.sh <adminpwd> https key123456

A new certificate is generated.


4. On the client system, navigate to the JRE \lib\security subdirectory. For example:


5. Extract the content of the Truststore.tar file. For example, use Winzip to extract the content.


7. From the client, connect to the Net-Net EMS server using the following address format:


Changing from HTTPS to HTTP

To change from HTTPS to HTTP:

1. Stop the EMS server.

2. Run the install_httpconfig_sh script providing the protocol only. For example:

./install_httpconfig.sh <adminpwd> http


4. From the client, connect to the Net-Net EMS server using the following address format:





Uninstalling Net-Net EMSFollow the steps in this section to uninstall Net-Net EMS on the EMS server.

Uninstalling Net-Net EMS

Follow these steps to uninstall the Net-Net EMS software. If connecting from a remote machine, ensure your display is properly set.

To uninstall Net-Net EMS:

1. Ensure the EMS server is not running. You can stop the server by using one of the following two scripts located in the /WebNMS/bin directory of the running Net-Net EMS release:



For example:

./stop_ems.sh admin


./ShutDown_NP.sh




4. Change directory to WebNMS/uninstall. For example:

cd /opt/R_6.0.0/WebNMS/uninstall

5. Execute the following script for both Linux and Solaris:

./uninstall.sh




The Welcome screen appears.

6. Click Next. The summary information window appears.




7. Click Uninstall. An uninstallation message appears.

8. Click Finish when the uninstallation completes.




Uninstalling in Non-Graphical Mode

To uninstall Net-Net EMS:

1. Ensure the EMS server is not running. You can stop the server by using one of the following two scripts located in the /WebNMS/bin directory of the running Net-Net EMS release:



For example:

./stop_ems.sh admin


./ShutDown_NP.sh




4. Change directory to WebNMS/uninstall. For example:

cd /opt/R_6.0.0/WebNMS/uninstall

5. Execute the following script for both Linux and Solaris:

./uninstall.sh

The Welcome screen appears.




6. Press Enter to continue. A message confirming uninstallation appears.

7. Press Enter to continue. Net-Net EMS is uninstalled and the following message appears.

8. Press Enter to exit.






2 Configuring Database Replication

OverviewYou can deploy an EMS HA configuration, in which each EMS server has its own database and those databases are configured to automatically replicate data between them. The database instances can reside on the same server as their corresponding EMS instances or can reside on their own servers.

Two-Way Database Deployment

Two-way database replication means data written to the master database is replicated to the slave; data from the slave database is replicated to the master. However, because the standby EMS server never writes data, the dual nature of two-way replication occurs only after a failover.

For two-way database replication, you need to install two EMS nodes, each with their own database running. The databases are linked to support two-way replication. For information about configuring MySQL database pairs in two-way replication, see “Configuring Database Replication” on page 2-108.

Resolving Data Conflicts After a Failover

Data conflicts can occur as a result of EMS server failover. For example, if failover occurs because of network outage, the primary and standby servers are still operating but not communicating. This lack of communication prevents database replication from working. If the situation lasts long enough for the standby EMS server to conclude that the primary server has failed, it attempts to take over. Both the primary and standby servers then think they are primary and both will write to their databases. The two databases are then out of sync and data conflicts occur.

Net-Net EMS cannot resolve data conflicts. The database administrator needs to monitor the servers for failover. If failover occurs, the database administrator must manually re-sync the old primary database to the new one before restarting Net-Net EMS.



CONFIGURING DATABASE REPLICATION

Alternate Replication Setup

You can deploy EMS HA using two EMS servers and two database servers that have data replication occurring from the primary to the standby database. Deploying this alternate setup prevents both EMS servers from becoming the primary server at the same time when a network outage occurs. Having the two databases ensures that your database is constantly backed up. If the primary database server fails, you need to manually switch the two EMS servers over to the standby database server.

Before You Configure Database Replication

Review the following information before you start configuring database replication.

• Install Net-Net EMS nodes on both the master and slave.

• Ensure that the versions of MySQL installed on the master and slave are the same, both 5.0.21. To check the version and distribution number for MySQL, execute the following command:

[root@d165 acme]# mysql --version

• Stop the EMS server on both the master and slave. Updates to the NetNetDB database should not occur. Acme Packet recommends that NetNetDB should not have tables when database replication is to begin.

• Ensure the master and slave systems are connected.

• In case there is not DNS for host name resolution, IP address can be used where ever hostname is provided as input.

• Edit the my.cnf file in the /opt/R_6.0.0/WebNMS/mysql directory on both master and slave as recommended for database replication.

• Ideally, there should be no master/slave set-up on the master and slave before performing this procedure. If they are set-up, ensure that they are not interfering with this replication set-up. If you need to delete an existing replication:

– Delete the *.info files (master.info and relay-log.info) present under /var/lib/mysql for both master and slave.

– Ensure that the user root has privileges on both servers. To check it run:

mysql> select user,password,hosts from mysql.user;




– Delete the users created using the GRANT command on the MDB:

mysql> delete from mysql.user where host = ’10.0.45.204’ and user =’repl’;

Where user name repl and host 10.0.45.204 are the Net-Net SBC’s IP address and user name.

About Binary Logs The master keeps track of all changes to the databases (updates, deletes, and so on) in its binary logs. You must enable binary logging on the master server to use replication. Each slave receives from the master the saved updates that the master has recorded in its binary logs, and makes those same updates on its copy of the data. The slave uses the master-info and relay-log.info files to keep track of how much of the master’s binary log it has processed.

MySQL replication capabilities are implemented using three threads (one on the master server and two on the slave). When a slave starts, it creates a thread that connects to the master and asks it to send the updates recorded in its binary logs. The master creates a thread to send the binary log contents to the slave. This thread can be identified as the Binlog Dump thread in the output of SHOW PROCESSLIST on the master. The slave I/O thread reads the updates that the master Binlog Dump thread sends and copies them to local files, known as relay logs, in the slave's data directory. The slave creates a third SQL thread to read the relay logs and to execute the updates they contain.




Configuring Database ReplicationYou must have root user privileges to configure database replication.

Pre-Requisites Before installing Net-Net EMS 6.0 on two servers and configuring them as EMS HA set up it is necessary to check the following:

• Connectivity between the MDB and SDB machine. Both servers can ping each other.

• If there is not DNS for host name resolution, IP address can be used where ever hostname is provided as input.

• Verify that MySQL is not running on each server in non-embedded mode.

#ps-ef|grep mysql

Run the following to stop the non-embedded MySQL server.

#mysqladmin shutdown

• If EMS 6.0 in installed already on a server, i.e in non-HA mode it should be uninstalled. You should back up EMS database and save it.

• There should be no master/slave set up configured on SDB or MDB before performing the procedures. Look for *.info files (master.info and relay-log.info) present under /opt/netnetems/mysql directory in both MDB and SDB. If they exist, do delete them.

Configuring MySQL Replication and EMS HA

The following section refers to two-way MySQL replication procedures before configuring the servers for EMS HA with a new installation of Net-Net EMS 6.0.

To configureMySQL Replication and Net-Net EMS HA:

1. Install EMS 6.0 on each server with the option of local MySQL database server (i.e. the embedded server) and with the default instance name NetNetDB, but do not start the EMS server yet.

2. On MDB and SDB server, change the replication parameters. Go to /opt/R_6.0.0/WebNMS/conf directory and add the following line in the configuration file serverparameters.conf at the end:

DB_REPLICATION true

3. Change direcotry to the Net-Net EMS installation directory.

/opt/R_6.0.0/WebNMS/bin

4. Start MySQL server on the MDB and SDB.

/startMySQL.sh

5. Run ps -ef to make sure that the database server processes have been started successfully.

6. Change direcotry to the Net-Net EMS installation directory.


7.

8. Run any MySQL command for the embedded database server

./connectDB.sh

The >mysql prompt appears.




9. Make sure that the user root has privileges on both servers:

mysql> select user,password,host from mysql.user;

+------+----------+-------------+

| user | password | host |

+------+----------+-------------+

| root | | localhost |

| root | | fedora-ems3 |

| | | fedora-ems3 |

| | | localhost |

| root | | % |

+------+----------+-------------+

5 rows in set (0.00 sec)

mysql>

If you see some users other than root, delete them as in the following example for the user “repl”:

mysql> delete from mysql.user where host = ’172.30.10.129’ and user =’repl’;

Setting Up Two-Way Replication

Once you are done with database replication, delete the tables remaining in any database server. Make sure that the replication is still working and the NetNetDB databases on both servers are empty.

1. On the MDB, change to the installation directory.



./start_ems.sh

3. Apply the EMS license when prompted and check startems.out logs to make sure that EMS server has started.

4. Run IE or Firefox browser on a PC, launch EMS client and connect it with the server.

5. On the MDB and SDB go to the mysql prompt and run the following:

mysql>use NetNetDB;

mysql>show tables;

6. Verify that there are identical set of tables on both the servers.

1. On the SDB, change to the installation directory.



./start_ems.sh

3. Apply the EMS license when prompted and check startems.out logs to make sure that EMS server has started in as Standby.

If you are trying to migrate the database to EMS 6.0, please follow the instructions in the Installation chapter so that the database is migrated properly before EMS HA runs on two servers.




4. On the MDB and SDB go to the installation directory.


5. Run the following scripts to verify the HA status:

[root@fedora-ems2 bin]# ./EMSHAConfigs.sh


Primary server

IP Address : 172.30.10.129

HA status : Active

Standby server

IP Address : 172.30.10.126

HA status : Standby

[root@fedora-ems2 bin]# ./EMSHAStanbyHealth.sh


Current standby server

IP Address : 172.30.10.126 (reachable)

EMS status : UP

[root@fedora-ems2 bin]#

6. On the MDB and SDB access the mysql prompt and run the following:

mysql> use NetNetDB;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select * from BEFailOver;

+---------------+-----------+-----------------+-----------+------------+-----

-----------+

| HOSTADDRESS | NMSBEPORT | RMIREGISTRYPORT | LASTCOUNT SERVERROLE | STAN

SERVERNAME |

+---------------+-----------+-----------------+-----------+------------+-----

-----------+

| 172.30.10.126 | 2000 | 1099 | 20 | STANDBY | NULL

|

| 172.30.10.129 | 2000 | 1099 | 44 | PRIMARY | NULL

|

+---------------+-----------+-----------------+-----------+------------+-----

-----------+


mysql>




The output would show a table with the entries for Primary and Standby servers. The identical tables on two servers indicate that the servers are working in replicated mode and are in synch.

Setting Up One Way Replication

This section explains how to set up a one way replication between master and slave.

1. On the MDB, change to the installation directory.


2. Stop the EMS database server.

./stopMySQL.sh

3. Go to the /opt/R_6.0.0/WebNMS/mysql directory and edit my.cnf file as follows:

[sgupta@fedora-ems2 etc]$ more my.cnf

[mysqld]

#The following line will be used by Master server

log-bin=/opt/netnetems/mysql/fedora-ems3-bin

#The following line has to be used by Slave server

relay-log=/opt/netnetems/mysql/fedora-ems3-relay-bin

master-info-file=/opt/netnetems/mysql/master.info

relay-log-info-file=/opt/netnetems/mysql/relay.info

# master_id must be a positive integer value from 1 to 232

#It should have different values for Master and Slave

server-id=1

datadir=/opt/netnetems/mysql

socket=/tmp/mysql.sock

[mysql.server]

user=mysql

basedir=/opt/netnetems

[mysqld_safe]

err-log=/opt/current/WebNMS/mysql/mysql.log

pid-file=/opt/netnetems/mysql/mysql.pid

[client]

socket=/tmp/mysql.sock

[sgupta@fedora-ems2 etc]$

4. After editing the file, start mysql server. Go to /opt/R_5.0.0/WebNMS/bin and run ./startMySQL.sh

5. Create a database named NetNetDB on the slave. For example:




mysql> create database NetNetDB;

Query OK, 1 row affected (0.00 sec)

6. Transfer the dump_file.sql created on the master to a directory on the slave using FTP.

7. Run the following commands:


Database changed

mysql> source /home/sgupta/dump_file.sql

Query OK, 0 rows affected (0.01 sec)





….

….


8. Check the master status to get the bin-log file and position.

mysql> show master status;

+--------------+----------+--------------+------------------+

| File | Position | Binlog_do_db | Binlog_ignore_db |

+--------------+----------+--------------+------------------+

| d165-bin.070 | 16445 | | |

+--------------+----------+--------------+------------------+

1 row in set (0.00 sec)

9. Ensure that the slave is not running. You can check by issuing the show slave status command.

10. To identify the slave is running, run the following command. (

SLAVE STOP (which can also be found under mysqladmin)

11. Execute the following statement on the slave, replacing the option values with the actual values for your system:

mysql> CHANGE MASTER TO

MASTER_HOST='master_host_name',

MASTER_USER='replication_user_name',

MASTER_PASSWORD='replication_password',

MASTER_LOG_FILE='recorded_log_file_name',

MASTER_LOG_POS=recorded_log_position;


The following table shows the maximum length for the string options:

String option Length

MASTER_HOST 60

MASTER_USER 16

MASTER_PASSWORD 32

MASTER_LOG_FILE 255




Based on the results of the show master status on the master.

• MASTER_HOST can be the IP address /host name of the master system.

• MASTER_LOG_FILE is the file value from the show master command.

• MASTER_LOG_POS is the position value from the show master command.

For example:

mysql>CHANGE MASTER TO MASTER_HOST='10.0.46.050',

MASTER_USER='repl', MASTER_PASSWORD='repl123',

MASTER_LOG_FILE='d165-bin.070',

MASTER_LOG_POS=16445;

12. Start the slave threads on the slave.

mysql> START SLAVE;

13. Run the following command to verify “Waiting for master to send event” message.

mysql> SHOW SLAVE STATUS\G

Verifying Replication

You can verify replication on the by creating a test table on the master and verifying it is automatically replicated to the slave.

Master Create the test table.


mysql> create table test123(a varchar(2));


mysql> desc test123;

+-------+---------+------+-----+---------+-------+

| Field | Type | Null | Key | Default | Extra |

+-------+---------+------+-----+---------+-------+

| a | varchar(2) | YES | | NULL | |

+-------+---------+------+-----+---------+-------+


mysql> insert into test123 values('ab');


mysql> select * from test123;

+------+

| a |

+------+

| ab |

+------+





Slave Verify the test table.




Database changed


+-------+---------+------+-----+---------+-------+


+-------+---------+------+-----+---------+-------+

| a | varchar(2) | YES | | NULL | |

+-------+---------+------+-----+---------+-------+



+------+

| a |

+------+

| ab |

+------+


mysql>

Deleting the Test Table You should delete the test table on the master.

1. Execute the following command on the master:




Database changed

mysql>drop table test123;




Configuring Reverse Replication between Master and SlaveThis section explains how to configure reverse replication for when the slave becomes the master.

1. Create an account on the master server that the slave server can use to connect:

mysql> GRANT REPLICATION SLAVE, SUPER, RELOAD, SELECT ON *.*

-> TO 'repl'@'%.mydomain.com' IDENTIFIED BY 'slavepass';

In the following example, you create an account on the MDB with a username of repl1 that slave servers can use the account to access the master server from any host in your domain using a password of slavepass.

mysql>GRANT REPLICATION SLAVE, SUPER, RELOAD, SELECT ON *.* TO ‘repl1’@’10.0.45.150’ IDENTIFIED BY ‘repl123’;

mysql> select host, user, repl_slave_priv, super_priv, reload_priv, select_priv

2. Check the output of the following command. The outputs should match.

from mysql.user where user='repl1';

mysql> select host, user, repl_slave_priv, super_priv, reload_priv, select_priv

+-------------+-------+-----------------+------------+-------------+------------

-+

| host | user | repl_slave_priv | super_priv | reload_priv | select_priv

|

+-------------+-------+-----------------+------------+-------------+------------

-+

| 10.0.45.150 | repl1 | Y | Y | Y | Y

|

+-------------+-------+-----------------+------------+-------------+------------

-+


mysql>

3. Check the master status to get the bin-log file and position on the slave.

mysql> show master status;

+--------------+----------+--------------+------------------+

| File | Position | Binlog_do_db | Binlog_ignore_db |

+--------------+----------+--------------+------------------+

| d018-bin.005 | 342 | | |

+--------------+----------+--------------+------------------+


4. Execute the following statement on the master, replacing the option values with your system’s values:

mysql> CHANGE MASTER TO

MASTER_HOST='master_host_name',

MASTER_USER='replication_user_name',

MASTER_PASSWORD='replication_password',

MASTER_LOG_FILE='recorded_log_file_name',





The following table shows the maximum length for the string options:

Based on the results of the show master status on the slave.

• MASTER_HOST can be the IP address /host name of the master system

• MASTER_LOG_FILE is the file value from the above show master command

• MASTER_LOG_POS is the position value from the above show master command

For example:

mysql>CHANGE MASTER TO MASTER_HOST='10.0.45.204',

MASTER_USER='repl1', MASTER_PASSWORD='repl123',

MASTER_LOG_FILE='d018-bin.005',

MASTER_LOG_POS=342;

5. Start the slave threads on the master.

mysql> START SLAVE;

Verifying Reverse Replication

You can create a test table to verify reverse replication.

Slave mysql> create table test123(a varchar(2));



+-------+---------+------+-----+---------+-------+


+-------+---------+------+-----+---------+-------+

| a | char(2) | YES | | NULL | |

+-------+---------+------+-----+---------+-------+


mysql> insert into test123 values('ab');



+------+

| a |

+------+

| ab |

+------+

String option Length

MASTER_HOST 60

MASTER_USER 16

MASTER_PASSWORD 32

MASTER_LOG_FILE 255





Master mysql> use NetNetDB;



Database changed


+-------+---------+------+-----+---------+-------+


+-------+---------+------+-----+---------+-------+

| a | char(2) | YES | | NULL | |

+-------+---------+------+-----+---------+-------+



+------+

| a |

+------+

| ab |

+------+


mysql>

Deleting the Test Table On the slave, enter the following command:

mysql> drop table test123;




Configuring Replication in WebNMSYou need to configure two WebNMS configuration files for both the primary and secondary EMS servers.

1. Edit the database_params.conf file to include the name of the host system on which the MySQL server is installed and the database name. This file is located in <Web NMS Home>/conf directory. Make this edit for both master and slave.

For example:

url jdbc:mysql://<host name>/<database name> AppModules

Where <host name> is the name or IP address of the host system where MySQL is installed and <database name> is the name of the database, for example NetNetDB.

2. Configure the following two parameters in the serverparameters.conf file located in the <Web NMS Home>/conf directory:

ENABLE_DB_RECONNECTION trueDB_REPLICATION true

Running the EMS Servers in HA ModeTo run the EMS servers in HA mode:

1. Ensure no tables exist in NetNetDB, which has been replicated on the master and slave. If there are any tables in the database (created during testing the replication procedure), manually drop them from the database before proceeding.

2. Install EMS server on the master and run start_ems.sh. The tables are created for the Net-Net EMS application in NetNetDB and the database is ready to do replication and support EMS HA.

3. Install EMS server on the slave and run start_ems.sh. The server logs will show that this server is running as the standby server.

4. Login into Net-Net EMS to discover and configure Net-Net SBCs.




Checking Replication StatusYou can check the replication status on the master and slave.

To check status:

1. Issue the following command to check status.

mysql> show slave status\G

2. Check the following fields:

• Slave_IO_State

• Slave_IO_Running

• Slave_SQL_Running

For example:

mysql> show slave status\G

*************************** 1. row ***************************

Slave_IO_State: Waiting for master to send event

Master_Host: 172.30.10.125

Master_User: repl

Master_Port: 3306

Connect_Retry: 60

Master_Log_File: rhel-ems1-bin.000002

Read_Master_Log_Pos: 454

Relay_Log_File: rhel-ems1-relay-bin.000025

Relay_Log_Pos: 239

Relay_Master_Log_File: rhel-ems1-bin.000002

Slave_IO_Running: Yes

Slave_SQL_Running: Yes

Replicate_Do_DB:

Replicate_Ignore_DB:

Replicate_Do_Table:

Replicate_Ignore_Table:

Replicate_Wild_Do_Table:

Replicate_Wild_Ignore_Table:

Last_Errno: 0

Last_Error:

Skip_Counter: 0

Exec_Master_Log_Pos: 454

Relay_Log_Space: 239

Until_Condition: None

Until_Log_File:

Until_Log_Pos: 0

Master_SSL_Allowed: No

Master_SSL_CA_File:

Master_SSL_CA_Path:

Master_SSL_Cert:

Master_SSL_Cipher:

Master_SSL_Key:




Seconds_Behind_Master: 0


Checking Action Sequence

You can check the sequence of actions that confirms that the replication process has begin properly on each server.

1. Enter the following command:

mysql> show processlist\G

For example:

mysql> show processlist\G

*************************** 1. row ***************************

Id: 1

User: system user

Host:

db: NULL

Command: Connect

Time: 79826

State: Waiting for master to send event

Info: NULL

*************************** 2. row ***************************

Id: 2

User: system user

Host:

db: NULL

Command: Connect

Time: 8199

State: Has read all relay log; waiting for the slave I/O thread to update it

Info: NULL

*************************** 3. row ***************************

Id: 4

User: root

Host: localhost

db: NetNetDB

Command: Sleep

Time: 4021

State:

Info: NULL

*************************** 4. row ***************************

Id: 7

User: repl1

Host: rhe1-ems1.acmepacket.com:32779

db: NULL

Command: Binlog Dump

Time: 349

State: Has sent all binlog to slave; waiting for binlog to be updated

Info: NULL




*************************** 5. row ***************************

Id: 9

User: root

Host: localhost

db: NetNetDB

Command: Query

Time: 0

State: NULL

Info: show processlist


mysql>






Date post:	27-Feb-2018
Category:	Documents
Upload:	vuongquynh
View:	232 times
Download:	2 times