BCP Net-Net® Central 7.x Revision History Version Author Description of Changes Date Revision Completed 520-0054-01 Nikhil Rajan Initial Document Friday, April 15, 2011 520-0054-02 Nikhil Rajan BCP Format Changes Friday, April 29, 2011 520-0054-03 Nikhil Rajan SE Comments Thursday, September 01, 2011 Status of this memo Acme Packet Best Current Practices are working documents of the Professional Services department of Acme Packet, Inc. Note that other groups may also distribute working documents as Best Current Practices. Best Current Practices are working documents valid until explicitly obsoleted, and may be updated, replaced or obsoleted by other documents at any time. It is recommended to use Best Current Practices as reference material as well as to cite them in other works in progress. Copyright Notice Copyright © Acme Packet, Inc. (2011). All Rights Reserved. Abstract The use of the RFC 2119 keywords is an attempt to assign the correct requirement levels ("MUST", "SHOULD", "MAY", etc.). This document defines a series of configuration and troubleshooting recommendations (Best Current Practices) to be used when deploying a new Net-Net EMS server. When in conflict with Customer requirements or desires, the Customer’s preference SHOULD take precedence. 520-0054-03 Acme Packet Proprietary and Confidential 1 Best Current Practice Net-Net Central 7.x September 2011 Contents 1. Installing Net-Net Central ................................................................................................................ 5 1.1. Before you start ....................................................................................................................... 5 Server requirements ........................................................................................................................ 5 Client requirements ......................................................................................................................... 6 Opening ports on the firewall .......................................................................................................... 7 Using the DNS database ................................................................................................................... 8 Net-Net Central components required ............................................................................................. 8 1.2. Net-Net Central Virtual Environment on Linux .......................................................................... 8 1.3. Before a new installation.......................................................................................................... 8 Including Linux hostname ................................................................................................................ 8 Disabling the Default HTTP Daemon ................................................................................................ 9 Removing Network Manager with Fedora Core 13 ........................................................................... 9 Creating nncentral Group and User ................................................................................................ 10 Editing the sudoer configuration file .............................................................................................. 11 Allowing incoming communications with Fedora Core 13 .............................................................. 11 1.4. Installing Net-Net Central ....................................................................................................... 13 Accessing Net-Net Central Setup Files ............................................................................................ 13 Displaying Shared Libraries ............................................................................................................ 13 Creating Soft Links ......................................................................................................................... 14 Running Setup ............................................................................................................................... 14 Typical installation ......................................................................................................................... 16 Applying the license ....................................................................................................................... 17 HTTP configuration ........................................................................................................................ 20 HTTPS configuration using Self Signed Certificate........................................................................... 21 Net-Net Central Cluster Management ............................................................................................ 22 Route Manager Central configuration ............................................................................................ 25 SAML Single sign on configuration ................................................................................................. 26 Configuring Sudo user password .................................................................................................... 28 Starting the Net-Net Central server................................................................................................ 29 Stopping the Net-Net Central server .............................................................................................. 30 520-0054-03 Acme Packet Proprietary and Confidential 2 Best Current Practice Net-Net Central 7.x September 2011 Starting the NNC client and connecting to the server ..................................................................... 30 1.5. Troubleshooting ..................................................................................................................... 32 If NNC fails to load or HTTP address cannot be reached ................................................................. 32 NNC Appears slow to load and navigate through ........................................................................... 33 NNC does not start on Solaris ........................................................................................................ 33 2. Net-Net Central functionality ......................................................................................................... 33 2.1. Device Manager ..................................................................................................................... 34 Adding a Net-Net 3000/4000 Series ............................................................................................... 34 Adding a Net-Net 9000 Series ........................................................................................................ 37 Adding a device group ................................................................................................................... 37 Showing details.............................................................................................................................. 37 Rebooting a Net-Net Session Director ............................................................................................ 37 Synchronizing alarms of a Net-Net Session Director ....................................................................... 38 2.2. Security Manager ................................................................................................................... 38 Viewing Audit log ........................................................................................................................... 39 2.3. Configuration Manager .......................................................................................................... 40 Loading a configuration ................................................................................................................. 41 Editing the configuration ............................................................................................................... 42 Viewing pending changes............................................................................................................... 43 Updating the configuration ............................................................................................................ 43 Viewing task .................................................................................................................................. 44 Getting inventory........................................................................................................................... 46 2.4. Fault Manager ........................................................................................................................ 47 Viewing Events .............................................................................................................................. 48 Viewing Alarms .............................................................................................................................. 50 Trap event Mapping....................................................................................................................... 54 2.5. Performance Manager ........................................................................................................... 55 Viewing performance..................................................................................................................... 56 2.6. Route Manager ...................................................................................................................... 57 Adding a Route Set ........................................................................................................................ 58 Locking a Route Set ........................................................................................................................ 59 Managing a Route Set .................................................................................................................... 59 520-0054-03 Acme Packet Proprietary and Confidential 3 Best Current Practice Net-Net Central 7.x September 2011 Adding a route ............................................................................................................................... 60 Deleting a route ............................................................................................................................. 62 Importing routes............................................................................................................................ 62 Viewing a Route Set ....................................................................................................................... 64 Viewing a LRT ................................................................................................................................ 65 Associating a Route Set to a device ................................................................................................ 65 Viewing associated devices to a Route Set ..................................................................................... 66 Viewing associated Route Set to a device ....................................................................................... 66 Updating a device with an associated Route Set ............................................................................ 67 Committing an upgrade procedure ................................................................................................ 69 Rollback an upgrade procedure ..................................................................................................... 70 Creating Route Set scheduled backups ........................................................................................... 72 Restoring a Route Set backup ........................................................................................................ 72 3. Tools and Settings of Net-Net Central ............................................................................................ 73 3.1. Settings .................................................................................................................................. 73 Fault configuration ........................................................................................................................ 73 Trap receivers ................................................................................................................................ 74 Fault email notifications................................................................................................................. 74 Editing login banner ....................................................................................................................... 75 Alarm colors .................................................................................................................................. 76 4. Script to start and stop NNC through init framework ..................................................................... 78 520-0054-03 Acme Packet Proprietary and Confidential 4 Best Current Practice Net-Net Central 7.x September 2011 1. Installing Net-Net Central This document explains how to install or upgrade Net-Net Central in a Linux or Solaris operating system. This release of Net-Net Central supports the following versions of Net-Net SBCs: • • • • • Net-Net SBC 3800. Net-Net SBC 4250. Net-Net SBC 4500. Net-Net SBC 9200. Net-Net SBC 2600 The following Net-Net SBC OS releases are supported for Element Management and Route Management. • Element Management (configuration, fault, performance, and audit log): • S-CX6.1.0m6 S-C6.2.0 GA to S-C6.2.0m6 S-D7.0.0m6 NN-OS-E 3.6 and later Route Management: • 1.1. S-CX series Before you start This section contains the information that should be reviewed before starting the installation process. Server requirements Acme Packet has certified the following hardware and software server platforms for use with Net-Net Central 7.0. Note: other hardware configurations might work with Net-Net Central, but Acme Packet has verified the configurations listed here. Linux • • • • 520-0054-03 CPU: 4-core 2.1 GHz processor or better. 12 GB RAM minimum. 195 GB hard drive. Linux Red Hat Fedora Core 13 64 bit or Red Hat Enterprise Linux 5.5 64 bit. Acme Packet Proprietary and Confidential 5 Best Current Practice Net-Net Central 7.x September 2011 Solaris • • • • • • Netra x64/x86. CPU: 4-core 2.1 GHz processor or better. 12 GB RAM minimum. 195 GB hard drive. Solaris 10 64 bit with the following: OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006- 2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE- 2007-5135 CVE-2008-5077 CVE-2009-0590). Solaris patches: o February 2010 recommended patches. o SUNWcry and SUNWcryr for OpenSSL. Client requirements • • • 520-0054-03 Internet Explorer version 7.0 and higher or Mozilla Firefox versions 3.0 and higher. Flash player compatible with your browser installed locally. If the NNC server is not part of your DNS domain, the hosts file on each client must be edited to include the hostname and IP address of the NNC server. The client host file is usually located in the following directory: windows\system32\drivers\etc. Otherwise the access to NNC will just be done by the corresponding NNC’s IP address. Acme Packet Proprietary and Confidential 6 Best Current Practice Net-Net Central 7.x September 2011 Opening ports on the firewall If there is a firewall placed between the NNC server and the Net-Net SBC or between the NNC server and the NNC clients, the following ports must be opened. Notice that either port 8080 (HTTP) or port 8443 (HTTPS) needs to be open on the firewall, depending on which one is chosen between the NNC client and server. 520-0054-03 Acme Packet Proprietary and Confidential 7 Best Current Practice Net-Net Central 7.x September 2011 Using the DNS database All NNC servers and clients should be configured to use the DNS database for hostname lookups. NNC servers should be defined in the DNS database. If you are not using the DNS service, the hosts file on all NNC servers and clients must contain entries for the NNC server in case the NNC’s hostname is used. In a situation where clients make use of NNC’s IP address to get access into it, no further DNS configuration is required. Note: If the connections towards a NNC server want to be made over a Secure Sockets Layer (SSL) connection, administrator privileges on the client system will be required. Net-Net Central components required The appropriate tar.gz file should be requested to your Acme Packet representative as the Net-Net Central version depends of the environment where it is going to be installed. • • • NNC700Linux64bit.tar.gz for Linux RHEL v5.5 64 bit installation NNC700FC1364bit.tar.gz for Linux Fedora Core 13 64 bit installation NNC700Solaris64x86.tar.gz for Solaris 64 bit x86 installation The AcmePacketNetNetCentral.xml license file is also needed. 1.2. Net-Net Central Virtual Environment on Linux Please refer to the document titled “590-00012-00 TECH NOTE Net-Net Central 7.x Server Installation Guide”. Some of the topics covered in this document may be repeated in this document as well. It is up to the user of this document to vigilant of this fact. 1.3. Before a new installation This section explains how to configure your operating system before you install Net- Net Central for the first time. Contact your Acme Packet systems engineer for a copy of the latest NNC Best Current Practices document. It contains instructions on how to install the Linux and Solaris operating systems. Including Linux hostname During the installation of the Linux operating system a hostname is configured for the machine. This hostname can be retrieved by using the “hostname” command on the Linux system. For example: [bash]$ hostname nncsvr 520-0054-03 Acme Packet Proprietary and Confidential 8 Best Current Practice Net-Net Central 7.x September 2011 This hostname needs to be added within /etc/hosts file, so that its own hostname can be resolved quickly by NNC server. Editing such file to include the Linux system hostname in the following format: [bash]$ vi /etc/hosts <NNC´s mgmt IP address> <hostname> <hostname>.localdomain The following example shows the inclusion of a server named “nncsvr” with an IP address of “10.0.0.252”: [bash]$ cat /etc/hosts #Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost localhost.localdomain 10.0.0.252 nncsvr nncsvr.localdomain Disabling the Default HTTP Daemon The default http daemon process on the NNC server needs to be disabled. To disable the http daemon: 1. Log in as root user and open a Terminal window. 2. From the prompt, the “setup” command needs to be run. The Choose a Tool screen displaying the type of services appears. 3. Selecting system services to refresh the list of system services available/running on the system. 4. If listed, the “httpd” service has to be deselected. 5. The configuration must be saved. 6. Reboot the system. The http daemon process should be disabled. 7. Verify the daemon is disabled by making an HTTP query. Removing Network Manager with Fedora Core 13 Fedora Core 13 installs an application called Network Manager by default. Network Manager is used to configure network connections. It executes automatically when you start your session and it is visible as an applet Icon. You need to check your system to see if Fedora Core 13 installed Network Manager on your system. If installed it needs to be removed, and then turn on the network services in its stead. To check for and remove Network Manager: 1. Checking for Network Manager. service NetworkManager status 2. Shutdown the Network Manager whether NetworkManager is running as follows: service NetworkManager stop 3. Remove Network Manager using the following command: 520-0054-03 Acme Packet Proprietary and Confidential 9 Best Current Practice Net-Net Central 7.x September 2011 yum remove NetworkManager [bash]$ Is this ok [y/N]: y 4. To turn on network services: chkconfig network on service network start Note: You should also ensure that the option Controlled by NetworkManager in Network Configuration is unchecked on your system. Creating nncentral Group and User For security reasons, an account named nncentral and a group named nncentral should be created. UNIX sudo facility and define sudo privileges must also be performed. After the Net-Net Central installation, all the installed files are owned by nncentral. The main Net-Net Central process has to run as sudo user in order to have access to port 162. To create nncentral group and user: Linux 1. Login as root. 2. Enter the following lines: groupadd nncentral useradd -m -g nncentral -d /home/nncentral -s /usr/bin(sbin for Fedora Core 13)/bash nncentral Note: For FC 13 x64 and RHEL x64 “-s“ parameter must be: “-s /bin/bash” passwd nncentral [bash]$ Passwd: all authentication tokens updated successfully. Note: for step “passwd nncentral” do not create such password randomly. Please keep it in mind as it will be used during NNC´s installation process at step “configuring sudo user password”. Solaris 1. Login as root. 2. Enter the following lines: groupadd nncentral useradd -m -g nncentral -d /export/home/nncentral Fedora Core 13)/bash nncentral 520-0054-03 Acme Packet Proprietary and Confidential -s /usr/bin(sbin for 10 Best Current Practice Net-Net Central 7.x September 2011 passwd nncentral [bash]$ Passwd: all authentication tokens updated successfully. Note: for step “passwd nncentral” do not create such password randomly. Please keep it in mind as it will be used during NNC´s installation process at step “configuring sudo user password”. Editing the sudoer configuration file The visudo tool is needed to make edits to the sudoer configuration. The visudo tool is based on vi editor, so that all vi editor commands are available too. The Net-Net Central administrator needs to provide a sudo password when starting Net-Net Central. 1. Login as root. 2. Edit the sudoers configuration file as follows: visudo –f /etc/sudoers or /usr/bin/visudo –f sudoers 3. Add the following lines to the sudoer configuration using vi commands: root <DNS hostname>=(ALL) ALL Defaults:ALL timestamp_timeout=0 nncentral <DNS hostname>=(ALL) ALL For example: root nncsvr=(ALL) ALL Defaults:ALL timestamp_timeout=0 nncentral nncsvr=(ALL) ALL Allowing incoming communications with Fedora Core 13 If the 590-00012-00 TECH NOTE Net-Net Central 7.x Server Installation Guide has been referenced to setup the server then skip over this section Nearly every Linux distribution includes several security mechanisms. Those security mechanisms are normally a firewall and/or a Security-Enhanced Linux (SELinux) mechanism. Therefore, by default the Linux distribution doesn´t allow incoming connections. To allow incoming connections from the NNC´s clients to the NNC´s server, the configuration of the distribution´s firewall is needed. On “System” > “Adminsitration” > “Firewall” menu it can be configured. 520-0054-03 Acme Packet Proprietary and Confidential 11 Best Current Practice Net-Net Central 7.x September 2011 One way is adding every port of the previous table (“Opening ports on the firewall” section) through the “Other ports” functionality as it allows the declaration of the mentioned ports of such table above. Other way is just marking the NNC´s server network interfaces as “trusted interfaces” as showed on next picture. 520-0054-03 Acme Packet Proprietary and Confidential 12 Best Current Practice 1.4. Net-Net Central 7.x September 2011 Installing Net-Net Central This section explains how to install Net-Net Central on the NNC server. Most of the installation steps are the same for both the Linux and Solaris operating systems. However, some information is specific for both according to the operating system. To install Net-Net Central, the appropriate tar.gz file for your environment is needed. It can be obtained from your Acme Packet representative. An AcmePacketNetNetCentral.xml license file is also required. Accessing Net-Net Central Setup Files 1. Obtain the appropriate tar.gz file from the Acme Packet customer portal. The tar.gz files include the following: • • • NNC700Linux64bit.tar.gz for Linux RHEL v5.5 64 bit installation NNC700FC1364bit.tar.gz for Linux Fedora Core 13 64 bit installation NNC700Solaris64x86.tar.gz for Solaris 64 bit x86 installation 2. FTP the tar file to your system. 3. Unzip the tar.gz file. gunzip <filename>.tar.gz 4. Extract the files using one of the following commands: Linux tar -xvf <filename>.tar Solaris /usr/sfw/bin/gtar -xvf <filename>.tar Displaying Shared Libraries The shared libraries have to be connected. If any libraries are not connected, a soft links for them is required. For example, Fedora Core 13 might need to create soft links for two libraries. To display shared libraries: 1. As root user, change to the “httpserver bin” directory. For example: cd AcmePacket/NNC700/Apache/httpserver/bin 2. Run the following command to display the shared libraries: 520-0054-03 Acme Packet Proprietary and Confidential 13 Best Current Practice Net-Net Central 7.x September 2011 ldd httpd Output similar to the following for Fedora Core 13 appears: linux-vdso.so.1 => (0x00007fff9e8b0000) libm.so.6 => /lib64/libm.so.6 (0x0000003b7f400000) libaprutil-1.so.0 => /usr/lib64/libaprutil-1.so.0 (0x00007f85607ea000) libexpat.so.0 => (file not found) libuuid.so.1 => /lib64/libuuid.so.1 (0x0000003b83800000) librt.so.1 => /lib64/librt.so.1 (0x0000003b80400000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003b8fe00000) libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003b7fc00000) libdl.so.2 => /lib64/libdl.so.2 (0x0000003b7f800000) libc.so.6 => /lib64/libc.so.6 (0x0000003b7f000000) libdb-4.8.so => /lib64/libdb-4.8.so (0x0000003b95200000) /lib64/ld-linux-x86-64.so.2 (0x0000003b7e800000) libfreebl3.so => /lib64/libfreebl3.so (0x0000003b90200000) One of the shared libraries “libexpat.so.0” is not found. Therefore, a soft link must be created for it as showed on next section. Creating Soft Links You can create soft links for any shared libraries that are not connected. To create soft links: 1. As root user, change directory to /usr/lib64. 2. Create links for any unlinked shared libraries. For example: ln -s libexpat.so.1.5.2 libexpat.so.0 ln -s libexpat.so.1.5.2 ../../lib64/libexpat.so.0 Running Setup The process for running the setup script that installs Net-Net Central is the same for Linux or Solaris. 1. Login as root user. 2. Navigate to the bin directory. For example: cd AcmePacket/NNC700/bin 3. Run setup.sh. ./setup.sh A welcome message appears and initialization processes occur. Setup checks that minimal system requirements are met and checks system port availability for NNC components. 520-0054-03 Acme Packet Proprietary and Confidential 14 Best Current Practice Net-Net Central 7.x September 2011 Note: Disregard the warning message about free physical memory if there is one. ========================================================= Welcome to NNC Setup application Version : NNC700 OS : Linux : amd64 : 2.6.33.3-85.fc13.x86_64 ========================================================= Please wait while application loads Checking environment and setting permissions. Please wait .... 100%[===================================================] ========================================================= System Physical Memory Diagnostics Total System Physical Memory = 12032 MB Total System Free Physical Memory = 9465 MB Dynamic memory allocation in progress Previous database cache 262144000 New database cache 1836056576 Previous JVM Xmx size 1024 New JVM Xmx size 7005 ========================================================= System Disk Space Diagnostics Total System Disk Space = 393 GB Free System Disk Space = 391 GB ========================================================= System Port Availability Diagnostics The following port is available [ 5000 ] The following port is available [ 8080 ] The following port is available [ 61616 ] The following port is available [ 9000 ] The following port is available [ 8443 ] The following port is available [ 1099 ] The following port is available [ 8009 ] The following port is available [ 1098 ] The following port is available [ 8005 ] ========================================================= Set up options TYPICAL : This setup procedure walks the user through 520-0054-03 Acme Packet Proprietary and Confidential 15 Best Current Practice CUSTOM Net-Net Central 7.x September 2011 the minimal setup configuration required to configure Net-Net server. : This setup procedure provides the user with a set of options to manually pick and choose from. [X] 1 – Typical [Default] [ ] 2 - Custom [ ] 3 - Quit : Runs through most common set up options. (Recommended) : Allows manual customization. : Finish and quit setup. (Advanced users) Please select an option [1] It is recommended to choose the typical installation option the first time you install and install each option too, even the Route Management Central configuration and SAML single-sign on. After the initial install, running the setup script can be done again to access the Custom options. It can be performed as much times as needed, so it can be run repeatedly to perform additional installations. Typical installation It is worth to mention that during installation process and for every question, a value within a brackets means that it will be the default value set or replied in case of none value was indicated, otherwise the default value will be overridden by our value indicated allowing us replying the question accordingly. The following instructions show how to perform a typical installation on a Linux system. The installation is very similar for a Solaris system. The difference is that on Solaris, you have the option of configuring a “sudo password”. As stated, the option selected is the first one as it corresponds to the typical installation. Therefore, pressing just “Enter” key is enough, as the default value for such question is [1]. Set up options TYPICAL : This setup procedure walks the user through the minimal setup configuration required to configure Net-Net server. CUSTOM : This setup procedure provides the user with a set of options to manually pick and choose from. [X] 1 – Typical [Default] [ ] 2 - Custom [ ] 3 - Quit : Runs through most common set up options. (Recommended) : Allows manual customization. : Finish and quit setup. (Advanced users) Please select an option [1] 1 520-0054-03 Acme Packet Proprietary and Confidential 16 Best Current Practice Net-Net Central 7.x September 2011 Every time a question is answered during the installation process a confirmation is required. Entering “Y” and pressing “Enter” is how a previous question is asserted. Do you want to continue Yes/No?Y ========================================================= Typical Configuration Will walk through basic configuration options. [X] [ ] [ ] [ ] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [1] Applying the license At this step the AcmePacketNetNetCentral.xml license file needs to be applied selecting the option “1”. After that there are two options “Quit” or “Apply a new license”, the option “2” will be selected normally either during the first time installation or when the license has just simply expired. To point out where the license is a full-path needs to be indicated (for example: /opt/AcmePacketNetNetCentral.xml). Make sure where is your corresponding license before replying to question “Source Directory [ ]”. Once it has been provided, license´s detail will appear requesting an acceptance. To accept the license select the option [1] or just press “Enter”, as it is already selected by default. Typical Configuration Will walk through basic configuration options. [X] [ ] [ ] [ ] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup 520-0054-03 Acme Packet Proprietary and Confidential 17 Best Current Practice Net-Net Central 7.x September 2011 Please select an option [1] [X] [ ] [ ] [ ] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Do you want to continue Yes/No?Y ========================================================= Check and Apply License This option allows the end user to validate an existing license, provide a license or re-apply a Acme Packet Net-Net Central license Acme Packet Net-Net Central management Acme Packet Net-Net Central license will be checked, applied and validated. Please choose to quit license management or apply new license [X] 1 - Quit [Default] [ ] 2 - Apply new license Please select an option [1] 2 [ ] [X] 1 - Quit [Default] 2 - Apply new license Do you want to continue Yes/No?Y Please specify the source directory and file name of Acme Packet Net-Net license Source Directory [ ] /opt/AcmePacketNetNetCentral.xml Source Directory [/opt/AcmePacketNetNetCentral.xml] License Details ClientName LicenseType IssuedDate Key StartDate ExpirationDate : : : : : Acme Packet Madrid office temporary Wed Feb 23 17:44:46 EST 2011 2.0.1 2011-02-23 : 2011-05-24 Accepting this license will replace an existing license [X] 1 - Accept license [Default] 520-0054-03 Acme Packet Proprietary and Confidential 18 Best Current Practice [ ] Net-Net Central 7.x September 2011 2 - Do not accept license Please select an option [1] [X] [ ] 1 - Accept license [Default] 2 - Do not accept license Do you want to continue Yes/No?Y Valid Acme Packet Net-Net Central license exists License Details ClientName : Acme Packet Madrid office LicenseType : temporary IssuedDate : Wed Feb 23 17:44:46 EST 2011 Key : 2.0.1 StartDate : 2011-02-23 ExpirationDate : 2011-05-24 [X] [ ] 1 - Accept license [Default] 2 - Apply new license Please select an option [1] [X] [ ] 1 - Accept license [Default] 2 - Apply new license Do you want to continue Yes/No?Y [ ] [X] [ ] [ ] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [2] 520-0054-03 Acme Packet Proprietary and Confidential 19 Best Current Practice Net-Net Central 7.x September 2011 HTTP configuration After the license has been applied, choosing option “2” the HTTP/HTTPS configuration process will start. One mode corresponds to HTTP. To run the service in HTTP mode choose option “1” or just press “Enter”. To complete the process: Apache user, Apache group and Apache port number need to be filled in. The best recommendation is to leave them by default just pressing “Enter” key. Nevertheless, if they want to be changed to a different value, Apache user and Apache group will have to match with those indicated at previous section “Creating nncentral Group and User”. Moreover, an Apache port number reserved for NNC components can´t be used. [ ] [X] [ ] [ ] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [2] [ ] [X] [ ] [ ] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Do you want to continue Yes/No?Y ========================================================= HTTP/HTTPS configuration Set up HTTP or HTTPS configuration [X] 1 - HTTP mode - Configure server to run in HTTP mode [Default] [ ] 2 - HTTPS mode - Configure server to run in HTTPS mode Please select an option [1] [X] [ ] 1 - HTTP mode - Configure server to run in HTTP mode [Default] 2 - HTTPS mode - Configure server to run in HTTPS mode Do you want to continue Yes/No?Y HTTP mode 520-0054-03 Acme Packet Proprietary and Confidential 20 Best Current Practice Net-Net Central 7.x September 2011 Configure server to run in HTTP mode Enter the user name of the server process which determines what files the server is allowed to access. Any files inaccessible to this user are also inaccessible to clients connecting to the Apache HTTP Server. Apache User [nncentral] Enter the group name of the Apache HTTP Server processes Apache Group [nncentral] Enter the port number that the Apache HTTP Server should listen on Apache Port Number (1024-65535) [8080] [ ] [ ] [X] [ ] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [3] HTTPS configuration using Self Signed Certificate Select Option 2(HTTP/HTTPS Configuration) [ ] 1 - Check and Apply License [Default] [X] 2 - HTTP/HTTPS configuration [ ] 3 - Configure Sudo user password [ ] 4 - Net-Net Central cluster management. [ ] 5 - Route Manager Central configuration [ ] 6 - SAML Single sign on configuration [ ] 7 - Mail Server configuration [ ] 8 - Quit setup Select Option 2, HTTPS Mode [ ] 1 - HTTP mode - Configure server to run in HTTP mode [Default] [X] 2 - HTTPS mode - Configure server to run in HTTPS mode Enter Username (nncentral) when prompted Enter Group (nncentral) when prompted 520-0054-03 Acme Packet Proprietary and Confidential 21 Best Current Practice Net-Net Central 7.x September 2011 Accept the default port of 8443: Enter the port number that the Apache HTTP Server should listen on Apache Port Number (1024-65535) [8443] Enter the Server Name: The server name(DNS name of this server) Server name [] cse-nnc7node1 Selection Option 1 to Create a Self Signed Certificate: Would you like to create a self signed certificate? [ ] 1 - Yes [X] 2 - No [Default] Choose default certificate name(nncentral) The alias name for the certificate in the truststore Certificate alias name [nncentral] Enter in a truststore password: The truststore password Truststore password [] Net-Net Central Cluster Management Select Option 4(Net-Net Central cluster management) [ ] 1 - Check and Apply License [Default] [ ] 2 - HTTP/HTTPS configuration [ ] 3 - Configure Sudo user password [ X] 4 - Net-Net Central cluster management. [ ] 5 - Route Manager Central configuration [ ] 6 - SAML Single sign on configuration [ ] 7 - Mail Server configuration [ ] 8 - Quit setup Select Option 1 (Configure and manage members in a cluster) Please choose to quit cluster management or apply new configuration 520-0054-03 Acme Packet Proprietary and Confidential 22 Best Current Practice Net-Net Central 7.x September 2011 [X] 1 - Configure and manage members in cluster [Default] [ ] 2 - Run current host as a standalone [ ] 3 - Quit out of cluster configuration Select Option 1 (Add a new member) Use the following options to add or remove members from cluster. [X] 1 - Add a new member [ ] 2 - Remove all remote members [ ] 3 - Apply new cluster configuration [ ] 4 - Cancel out and do not apply changes [Default] Enter IP address of Cluster Node Provide the DNS name or IP address of the Host requiring membership to cluster. Member host name [ ] 172.41.200.12 This is the resulting page: Valid remote member has been added Host name | DB | MOM | Web Worker | Port | Port | Port Localhost | 9000 | 61616 | 8009 ============= Remote members ============== 172.41.200.12 | 9000 | 61616 | 8009 Use the following options to add or remove members from cluster. [ ] 1 - Add a new member [ ] 2 - Remove all remote members [X] 3 - Apply new cluster configuration [ ] 4 - Cancel out and do not apply changes [Default] If more members need to be added, repeat the previous step as necessary. Once all members have been added, Select Option 3 (Apply new cluster information) Use the following options to add or remove members from cluster. 520-0054-03 Acme Packet Proprietary and Confidential 23 Best Current Practice Net-Net Central 7.x September 2011 [ ] 1 - Add a new member [ ] 2 - Remove all remote members [X] 3 - Apply new cluster configuration [ ] 4 - Cancel out and do not apply changes [Default] This is the resulting screen. Notice, localhost has been changed to the IP of the server. Host name | DB | MOM | Web Worker | Port | Port | Port 172.41.200.17 | 9000 | 61616 | 8009 ============= Remote members ============== 172.41.200.12 | 9000 | 61616 | 8009 Please choose to quit cluster management or apply new configuration [ ] 1 - Configure and manage members in cluster [Default] [ ] 2 - Run current host as a standalone [X] 3 - Quit out of cluster configuration Select Option 3 (Quit out of cluster configuration) Select Option 1 (Yes) Will this machine be a member of a Net-Net Central cluster? [X] 1 - Yes [ ] 2 - No [Default] Enter the sftp user. (Either use root or ask the system admin to create a user with sftp privileges) Please enter the username to use to sftp files off of this machine Username [] root 520-0054-03 Acme Packet Proprietary and Confidential 24 Best Current Practice Net-Net Central 7.x September 2011 In this case, we’ll use root/abc123 Please enter the password for the username Password [] Route Manager Central configuration If the license includes credentials for Route Manager, it can be installed here. Choosing the option “3” the RMC´s configuration starts. Two details will need to be replied during the installation process. One of them is the maximum number of backups that can be handled by NNC per each route set (LRT file). By default ten backups per route set can be saved. The second is whether this machine will be a member of a Net-Net Central cluster which can be replied with easy based on the deployed architecture. [ ] [ ] [X] [ ] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [3] 3 [ ] [ ] [X] [ ] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Do you want to continue Yes/No?Y ========================================================= Route Manager Central configuration Configure Route Manager Central properties Configure number of route set backups per route set/backup type combination Route Manager Central Please enter the maximum number of route set backups per route set/backup type combination # of backups (1-500) [10] Configure sftp information Configure Route Manager Central sftp properties 520-0054-03 Acme Packet Proprietary and Confidential 25 Best Current Practice Net-Net Central 7.x September 2011 Will this machine be a member of a Net-Net Central cluster? [ ] 1 - Yes [X] 2 - No [Default] Please select an option [2] [ ] [X] 1 - Yes 2 - No [Default] Do you want to continue Yes/No?Y [ ] [ ] [ ] [X] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [4] SAML Single sign on configuration As pointed out, before the first installation it is recommended to go through the entire installation menu installing all NNC´s component, even SAML single-sign on. Net-Net RMC supports login through an external server using SAML single sign-on. The username and password used in the request to the external server for authentication is introduced here on first question. In case of using self-signed certificates, they can be imported into the Net-Net RMC certificates file (cacerts) by second question. [ ] [ ] [ ] [X] [ ] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [4] [ ] [ ] 1 - Check and Apply License 2 - HTTP/HTTPS configuration 520-0054-03 [Default] Acme Packet Proprietary and Confidential 26 Best Current Practice [ ] [X] [ ] [ ] 3 4 5 6 - Net-Net Central 7.x September 2011 Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Do you want to continue Yes/No?Y ========================================================= SAML Single sign on configuration Provides SAML Single sign on authentication. SAML Single sign on Configure SAML Single sign on Please enter the username for basic authentication to SAML Responder Username [] Please enter the password for basic authentication to SAML Responder Password [] Please enter the connection timeout to the SAML Responder Connection timeout (seconds) (5-60) [5] Would you like to import a certificate? [ ] 1 - Yes [X] 2 - No [Default] Please select an option [2] [ ] [X] 1 - Yes 2 - No [Default] Do you want to continue Yes/No?Y [ ] [ ] [ ] [ ] [X] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [5] 520-0054-03 Acme Packet Proprietary and Confidential 27 Best Current Practice Net-Net Central 7.x September 2011 Configuring Sudo user password On option “5” the sudo password for the user created at previous section “Creating nncetral Group and User” (by default it is “nncentral”) will be provided to NNC. On that way, NNC will be able to run all processes with the required credentials. [ ] [ ] [ ] [ ] [X] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [5] [ ] [ ] [ ] [ ] [X] [ ] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Do you want to continue Yes/No?Y ========================================================= Configure Sudo user password Provides the ability to set the Sudo user password in NNC to the Password that an administrator has already defined. Net-Net Central requires entry of the sudo password in order to support internal components that require sudo user privileges. The password you supply will be securely encrypted. [X] [ ] 1 - Enter sudo password 2 - Return to main menu [Default] Please select an option [1] [X] 1 - Enter sudo password 520-0054-03 [Default] Acme Packet Proprietary and Confidential 28 Best Current Practice [ ] Net-Net Central 7.x September 2011 2 - Return to main menu Do you want to continue Yes/No?Y Enter sudo password: [] Confirm sudo password: [] Sudo password entered and encrypted successfully! [ ] [ ] [ ] [ ] [ ] [X] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Please select an option [6] [ ] [ ] [ ] [ ] [ ] [X] 1 2 3 4 5 6 - Check and Apply License [Default] HTTP/HTTPS configuration Route Manager Central configuration SAML Single sign on configuration Configure Sudo user password Quit setup Do you want to continue Yes/No?y Starting the Net-Net Central server To start NNC server there is a script at the bin directory. 1. Navigate to the bin directory. For example: cd AcmePacket/NNC700/bin 2. Execute the “startnnc.sh” script as follows: 520-0054-03 Acme Packet Proprietary and Confidential 29 Best Current Practice Net-Net Central 7.x September 2011 ./startnnc.sh & Note: before starting NNC, it is suggested to run the command “ps –ef | grep AcmePacket” to be sure that there is no any leftover AcmePacket processes as result of a previous bad startup or stop. If so, kill them by command “kill -9 <PID>”. Stopping the Net-Net Central server To stop NNC server there is a script at the bin directory. 2. Navigate to the bin directory. For example: cd AcmePacket/NNC700/bin 3. Execute the “startnnc.sh” script as follows: ./stopnnc.sh & Note: after stopping NNC, it is suggested to run the command “ps –ef | grep AcmePacket” to be sure that there is no any leftover AcmePacket processes as result of a previous bad startup or stop. If so, kill them by command “kill -9 <PID>”. Starting the NNC client and connecting to the server Follow the instructions in this section to start the Net-Net Central client and log into the server. If logging into Net-Net Central when third-party X.509 certificates are used for HTTPS access, specify the hostname in DNS name format. Otherwise, the HTTPS you will have to click through security warnings about hostname mismatch between common name in the certificate and the IP address specified in the JNLP. Note: You might experience difficulty connecting to Net-Net Central because of your network’s proxy support. If you have trouble connecting, check the proxy settings for your browser and the Java Webstart panel as stated later on this section. You should verify the client system has the required settings to connect to the NNC server. You need to have the Net-Net Central files from the distribution media at hand while verifying the client settings. If using Internet Explorer as your browser, you need to verify the following settings. 1. Open the Internet Explorer browser. 2. Choose the Tools menu and click Internet options. 3. Choose the Security tab. 520-0054-03 Acme Packet Proprietary and Confidential 30 Best Current Practice Net-Net Central 7.x September 2011 4. Choose the Local intranet option and click Custom Level. 5. Enable the following options (if not already enabled) then click OK. • Run ActiveX controls and plug-ins under ActiveX controls and plugins. • Active Scripting and Scripting of Java applets under Scripting. 6. Choose the Trusted sites option and click Custom Level. 7. Enable the following options (if not already enabled) then click OK. • Automatic prompting for file downloads under Downloads. 8. Choose the Trusted sites option and click on Sites button. 9. Choose the Internet option on the Security tab and click Custom Level. (This step is required if the client system accesses the NNC server via the Internet). 10. Enable the following options (if not already enabled,) then click OK. • Run ActiveX controls and plug-ins under ActiveX controls and plugins. • Active Scripting and Scripting of Java applets under Scripting. 11. Click OK on the Internet options window to close it. Optionally follow next steps to disable proxy server if your client system is configured as a proxy server and you do not want to use it for connecting with the Net-Net Central server (for example you are experience difficulty connecting to NNC). Finally by using a web-browser NNC can be accessed as follows: 1. 2. 3. 4. 5. 6. 7. Open the web-browser. Choose the Tools menu and click Internet options. Click the Connections tab on the Internet options screen. Click LAN Settings and then click Advanced. Enter the Net-Net Central server IP address in the Exceptions panel. Click OK. Click OK on the Internet options window to close it. Either HTTP or HTTPS protocols are available: http://<NNC server IP address>:8080 https://<NNC server IP address>:8443 (self-signed certificates) https://<domain name>:8443 (third-party X.509 certificates) Note: If using third-party X.509 certificates, use the DNS name of the host such as nncserver.acmepacket.com instead of the IP address. Then it matches the common name in the certificate. 520-0054-03 Acme Packet Proprietary and Confidential 31 Best Current Practice 1.5. Net-Net Central 7.x September 2011 Troubleshooting The following guide will help narrow down issues faced while installing NNC If NNC fails to load or HTTP address cannot be reached • Run the following Commands: /shutdownnnc.sh ( in the bin directory) ps –eaf | grep Acme (case sensitive) ps –eaf | grep acme (case sensitive) • Make sure no processes show up as still running. Particularly java. • Delete all files in logs directory. For example: cd AcmePacket/NNC700/logs rm –f * (Note: Do this ONLY in the log directory) • Make sure /etc/hosts file contains no errors. For example: ncc instead of nccserver.example.com • In the bin directory, execute the following command to start up NNC: ./startnnc.sh • Change directories to the log directory. As an example: cd AcmePacket/NNC700/logs/ To see if there any issues with Apache binding to the 8080 port execute the following command: grep 8080 * 520-0054-03 Acme Packet Proprietary and Confidential 32 Best Current Practice Net-Net Central 7.x September 2011 You should see something like this, as this means apache has successfully loaded and bound to the 8080 port CheckApacheServers] - Method: [checkHttpServerIsRunning] Thread: [main:1] Msg:[Connected to http server @ localhost:8080] • If you still see NNC fail to load, run the following command in the logs directory: grep err * grep can\’t * This should give you a general idea as to where the fault lies. • Uninstall and re-install NNC. You can uninstall NNC by issuing the following command in the bin directory: ./uninstall.sh Note: Please make sure to back up your license before doing this. • If you still cannot resolve the issue, please contact your technical representative and attach the log files from the logs directory NNC Appears slow to load and navigate through In this case, make sure one of the following browsers are being used: • Internet Explorer 9+ • Mozilla Firefox 3.6+ • Google Chrome 10+ NNC does not start on Solaris Make sure the server architecture is x86 and not SPARC. NNC is not supported on SPARC platforms. 2. Net-Net Central functionality Net-Net Central provides a centralized framework for working with Net-Net SBCs (devices). It lets you add the devices deployed in your network, configure those devices, view device information, perform administrative functions, and supports additional licensed applications. 520-0054-03 Acme Packet Proprietary and Confidential 33 Best Current Practice Net-Net Central 7.x September 2011 Net-Net Central delivers: • • • • Scalability: User sessions are load balanced across a cluster of servers. On-demand configuration data: Load configurations on-demand to provision locally and then push your changes back to the device. High availability: With the clustering of NNC servers any single point of failure is minimized. Rich thin client: Client interface is delivered through your browser. 2.1. Device Manager Device Manager displays the device groups and devices under NNC´s control and hence the ones an NNC´s operator work with everyday. The summary view functionality shows a dashboard, summary of critical alarm counts, health scores, CPU usage statistics, and other data from NNC´s managed devices. Adding a Net-Net 3000/4000 Series Before a SD can be added to be managed by NNC three requirements must be accomplished: - ACP license must be installed and unexpired on such SD. - Parameter “remote-control” under “system” > “system-config” must be set to enabled on SD´s configuration. - A “snmp-community” must be created on SD´s configuration by CLI (“configure terminal” > “system” > “snmp-community”) and it must contain NNC´s server IP. On the left slider select “Device Manager” > “Devices”. On main view there will be listed a folder for each device group. By default just the device group “Home” will be present and it will be empty as none SD has been added previously. 520-0054-03 Acme Packet Proprietary and Confidential 34 Best Current Practice Net-Net Central 7.x September 2011 To add a SD just make a simple click on the device group (a logical group where the device will belong to) to add it to a specific group and click on “Add” button. The important parameters to fill out are following: IP address 1/IP address 2. In case of a HA pair the corresponding management IP of first node will be indicated as address 1 while IP´s second node of the HA pair will be indicated as address 2. Whether it is an alone SD just address 1 needs to be filled in with corresponding management IP. SNMP community name and port. “snmp community-name” field needs to be filled in with same information that “snmp-community” configuration object was created on SD´s configuration by CLI (“configure terminal” > “system” > “snmp-community”). As an example and according to screenshot below, “snmp community-name” needs to be filled in with “public” to meet the requirement. “SNMP Port” should be left by default (SNMP port=161). 520-0054-03 Acme Packet Proprietary and Confidential 35 Best Current Practice Net-Net Central 7.x September 2011 Username/Password. NNC´s credentials to get access into SD. Depending on privileges that NNC can get on a given SD, any NNC´s functionalities can´t be allowed or restricted. The credentials can be “User credentials” (by default on the SD they are as user “user” and as password “acme”) or “Superuser credentials” (by default on the SD they are as user “admin” and as password “packet”). If such credentials were modified, fill in both fields with new ones. Device group. The device group which our new SD belongs to. It will allow keeping many SDs properly organized. In case a different device group want to be selected, click on “Set device group” button. Once the form in filled in properly, there are two ways of adding the corresponding new device: - Pressing “OK” button. The current window for adding a device will be closed. It is the recommended way in case no further devices are wanted to be added. - Pressing “OK. Add more” button. The current windows for adding a device won't be closed, so that further devices can be added easily. It is quite useful when there are many devices on same management network as all fields will keep filled. Finally if the device has been added properly and it is reachable by NNC, our new added device will show an icon with green light, otherwise it will show an icon with red light as stated next: SD´s status Description The SD associated is unreachable and/or it isn´t being managed by NNC. It could be due to an incomplete configuration (snmp-community, remote-control or ACP license), but in most cases it is due a communication issue. The SD associated is reachable and it´s being managed by NNC. The HA pair associated is reachable and it´s being managed by NNC. However, the standby device in the cluster is not reachable (it is considered as “OutOfService” status). In case of a SD´s status with red light, please make sure that r above requirements are accomplished. 520-0054-03 Acme Packet Proprietary and Confidential 36 Best Current Practice Net-Net Central 7.x September 2011 Adding a Net-Net 9000 Series To discover a Net-Net 9000 series SD, the virtual management IP address (VIP) needs to be indicated as IP address 1. Additionally, the attribute “http-enable” needs to be set to enable under “system” > “soapconfig” through the ACLI. After that saving and activating the configuration. There is no ACP license needed on the Net-Net 9000 series SD. Notice that remaining requirements listed at subchapter above (Net-Net 3000/4000 Series) must be met. Adding a device group On the left slider select “Device Manager” > “Device group”. On main view there will be a list for each device group. By default just the device group “Home” will be present. A device group allows to the operator maintain hundreds of SDs fully organized based on their current location. A SD can be moved back and force between device groups even though it has been already added to NNC. Showing details A general overview of a particular SD from a hardware, software and license perspective can be performed on the left slider “Configuration Manager” > “Devices”. Select the device group which the SD is attached to, select the corresponding SD with a simple click and finally press “Show details” button. Therefore just having a look at those details, SD´s software version that is currently running, configuration backups, licenses installed and details of hardware components can be reviewed with ease. Rebooting a Net-Net Session Director In case of need, a SD can be rebooted from NNC as follows. To do it, on the left slider select “Device Manager” > “Devices”. Then, selecting the corresponding SD that has to be rebooted with a simple click, pressing “Admin” button and finally selecting “Reboot” option from the list, the SD will be rebooted as expected. 520-0054-03 Acme Packet Proprietary and Confidential 37 Best Current Practice Net-Net Central 7.x September 2011 Synchronizing alarms of a Net-Net Session Director To synchronize the alarms of a SD, select the corresponding SD with a simple click and press on “Admin” button. Selecting the option “Synchronize alarms” the process will start. Once the synchronizing process has been completed, on the left slider go to “Security Manager” > “View” (under “Audit log”). There will be listed whether such process was completed successfully or unsuccessfully. If so, on the left slider select “Fault Manager” > “Alarms”. A list will be shown all alarms received by NNC at the moment. It is worth to mention that when an event happens on a SD, it will send an alarm to NNC. Every time an alarm is received by NNC, NNC will show it automatically on this list. It means that there is no need of synchronize alarms to be aware of what happen on each SD. 2.2. Security Manager Security manager contains the user management and audit log functionalities. User management allows NNC´s operator to create group of users, users, set password rules, configure the inactivity timer, and configure the password interval. The audit log functionality on the other hand, offer the possibility of viewing the audit log, save it to a file, and set an automatic purge interval or manually purge the logs if desired. 520-0054-03 Acme Packet Proprietary and Confidential 38 Best Current Practice Net-Net Central 7.x September 2011 Viewing Audit log One of the helper functionalities is that NNC keeps and audit log showing every action a NNC´s operator makes over a SD or NNC itself, who get logging on NNC along with the time it happens, etc. It gives us a powerful database containing every event that happens on our SDs. The audit log lies on the left slider “Security Manager” > “View” (under “Audit log”). To facilitate the task of be aware what happens a such day, Security Manager offers a searching functionality on “Search” button, by which NNC will show just those events that meet the requirement specified. Also, every column can be sorted ascending or descending as desired. It will for sure facilitate the activity of checking logs every day. 520-0054-03 Acme Packet Proprietary and Confidential 39 Best Current Practice Net-Net Central 7.x September 2011 As showed on the screenshot above every main window on NNC is made up of columns, where the main window can be customized with different columns. Just as an example, a “Client IP” column showing the IP address where those changes were done from, could be shown if desired clicking on the row and selecting “Columns” > “Client IP” as showed above. To get more details of a particular event a “Detail” button is offered. After clicking on it, a new window will appear showing details as: username which made the operation, the corresponding operation, time, IP address where it was done from, the result of such operation and a description. All the events listed will be purged automatically every 7 days (by default). They can also be purged manually if desired (under “Security Manager” > “Purge”). All these events can be saved persistently through “Save to File” functionality available. 2.3. Configuration Manager Configuration Manager covers all NNC´s functionalities related to SD´s configuration. Editing the SD´s current configuration, updating the current configuration being aware of the new changes done, checking whether updating process was completed successfully, getting an inventory containing an overall sight of the current configuration are mostly the main functionalities gathered on NNC´s Configuration Manager. 520-0054-03 Acme Packet Proprietary and Confidential 40 Best Current Practice Net-Net Central 7.x September 2011 Loading a configuration Loading configuration consists on that NNC gets current SD´s configuration and saves it in its own database. So, at the time of loading a configuration there is an important fact that it is worth to mention: - If a device is reachable and managed properly by NNC (icon with green light), latest and current configuration coming from corresponding selected SD will be get and therefore it will upgrade corresponding configuration of that SD on NNC´s database. - If a device is unreachable (icon with red light), latest and current configuration coming from corresponding selected SD won´t be get as a consequence. On that situation, NNC will offer the last configuration anyway, but at this time it will come from NNC´s database. So, in case of a failed SD, NNC will contain normally the latest configuration of that failed SD so that, none SD´s configuration will be lost due to a failed SD. NNC will keep saved just one copy every SD´s configuration, it will be the latest one (if last changes before the SD´s error were done through ACLI, logically those will be unknown for NNC). To load a configuration, on the left slider go to “Configuration Manager” > “Devices”. First step is selecting the SD whose configuration wants to be loaded. So, if SDs are classified on their own corresponding device groups, open the corresponding device group and make a simple click on the SD. Finally click on “Load” button. When loading process is completed a list will appear on the left slider. Please keep in mind that even though the loading process has not been completed successfully, the slider will also appear showing latest SD´s configuration coming from NNC´s database. To certainly know which SD´s configuration is currently loaded and hence feasible of being edited using the left slider, NNC will show the SD´s name and IP at the top as showed on screenshot next. 520-0054-03 Acme Packet Proprietary and Confidential 41 Best Current Practice Net-Net Central 7.x September 2011 This fact is important to be sure that desired SD´s configuration is being changed as expected. Editing the configuration As already stated once a configuration has been loaded (it has been explained on previous subchapter), a “tree-view” will appear on the left slider under “Configuration Manager”. It is made up by many configuration objects. All SD´s configuration parameters are available to be edited from NNC. Once a object´s configuration has been edited accordingly, button “Apply” needs to be clicked to apply changes made. All configuration objects can be edited in the stated way. Once a change is applied NNC just updates its own database, so that means that NNC doesn´t apply such change straight (this means it has not been applied on the SD´s running configuration yet). It will 520-0054-03 Acme Packet Proprietary and Confidential 42 Best Current Practice Net-Net Central 7.x September 2011 allow us creating or editing a configuration in an offline way (even when a SD is unreachable) to give us the opportunity of having a configuration ready as soon as possible. To finally apply the change on the SD, it is required to trigger a process called “Updating” (Updating the configuration process explained later on). Viewing pending changes As pointed out before on the previous subchapter when a change is done using NNC over a SD, NNC will just update its own configuration. As well as creating or editing a configuration in an offline way, every pending change (this means it has not been applied on the SD´s running configuration yet) can be reviewed in detail before being effective on the SD´s live configuration. Once those changes have been updated to the SD, they won´t be consider as pending changes anymore. On the left slider “Configuration Manager” > “Devices”. Selecting the SD which has pending changes making a simple click on the corresponding SD and clicking on “View changes” button. On this last screen NNC offers the possibility of undo the pending changes (it means they won´t be considered as pending changes anymore on NCC´s database). It is a very valuable functionality. If it is considered that just one pending change needs to be discarded, select with a simple click that mentioned change and click on “Undo changes”. On the other hand, if none pending change is selected and “Undo changes” button is clicked all pending changes will be discarded leaving list of pending changes empty. Updating the configuration When a SD’s configuration is edited using NNC, it is reflected just on NNC’s database. To make such configuration live on a SD, the updating process takes sides. The updating process applies those pending changes done by NNC into a SD. 520-0054-03 Acme Packet Proprietary and Confidential 43 Best Current Practice Net-Net Central 7.x September 2011 There are several ways of updating a SD (being the result the same for everyone), but all of them needs to accomplish following requirements: - There has to be a pending change on corresponding SD to be upgraded. - The target SD´s configuration must be currently loaded before starting the upgrading process. On the left slider “Configuration Manager” > “Devices”. Selecting the SD which has pending changes making a simple click on the corresponding SD and clicking on “Update” button. If NNC´s operator wants to apply the pending changes from now on, the preferable option will be “save & activate configuration”. It will be most common case. However if such changes want to be saved but not activated (not applied, which means they won´t be effective from now on so that, they won´t be live on the SD), second option should be selected (it will require to perform third option “activate configuration” afterwards, to make them live on the SD). After that NNC will queue the updating operation as it indicates the screenshot above. NNC keeps a list of operation requested (basically “Updating” operations) so that, every update could be reviewed whenever, providing us a valuable information along with the final result of our updating operation. Viewing task Every time NNC updates a SD´s configuration by an “Updating” operation, NNC saves it keeping a list of operation requested so that, every update could be reviewed whenever, providing us a valuable 520-0054-03 Acme Packet Proprietary and Confidential 44 Best Current Practice Net-Net Central 7.x September 2011 information along with the final result of our updating operation. In that way NNC´s operator will have the opportunity of checking how the update was requested on a particular SD at a particular time. On the left slider “Configuration Manager” > “Devices” and selecting the SD which has been recently updated (or the one that want to be requested) making a simple click on the corresponding SD and clicking on “View tasks” button. As shown on the screenshot above, there could be task with a “success” status, “failed” status and “inprogress” status. In case of a “inprogress” status “Refresh” button must be clicked to update the screen up to get a final result as “success” or “failed”. Finally most recent “SaveActivate” operation (update operation) got a definitive result as shown next: Checking a task in detail is feasible. Selecting a task, as the one shown above, and clicking on “View log” button, further details regarding the corresponding selected task will appear. 520-0054-03 Acme Packet Proprietary and Confidential 45 Best Current Practice Net-Net Central 7.x September 2011 In case of a task with a “failed” status it will be especially helpful. Getting inventory 520-0054-03 Acme Packet Proprietary and Confidential 46 Best Current Practice Net-Net Central 7.x September 2011 A general overview of a particular SD´s configuration can be performed on the left slider “Configuration Manager” > “Devices” through “Getting inventory” button. It is particularly helpful to know with ease if the SD´s configuration is growing as expected. 2.4. Fault Manager Fault Manager contains information pertaining to events (caused by actions generated on the SD that trigger alarms, entries in a log file, or SNMP traps), alarms, and trap event setting for the managed devices. Events, alarms, or trap data can be monitored and those data can be saved to a file. Clearing acknowledge/unacknowledge alarms can also be performed by Fault Manager. 520-0054-03 Acme Packet Proprietary and Confidential 47 Best Current Practice Net-Net Central 7.x September 2011 Viewing Events The requirement that must be accomplished for that functionality is following: - A “trap-receiver” must be created by CLI (“configure terminal” > “system” > “trap-receiver”) and it must contain NNC´s server IP on SD´s configuration. With this object configured SDs will send SNMP traps to NNC so that, NNC will be in a position of processing them appropriately. The “ip-address” configured on the SD´s “trap-receiver” configuration object has to be the corresponding to NNC. The “community-name” of the SD´s “trap-receiver” configuration object can be filled in with same information that “snmp-community” configuration object was created on SD´s configuration by CLI (“configure terminal” > “system” > “snmp-community”). As an example and according to screenshot below, the SD will notice to NNC of everything happens on it as “filter-level=All”. When an action happens on a SD, among other things, it generates a trap towards NNC. All SNMP traps from nodes managed by NNC appear as events in the “Event” windows of the Fault Manager slider. Only subsets of traps are considered to be alarms, which appear in the “Alarms” windows of the Fault Manager slider. (Summary information about alarms can be viewed in the “Summary View” window of the Device Manager Slider). In other words an event is triggered when an action happens on a SD. For example, if a link goes down, if a link goes up, CPU consumption reaches an established threshold, due to a failed SNMP authentication, are a few examples of actions considered as events by NNC (those also are considered as an alarm by NNC). Just for the sake of an example, when the configuration is saved/activated on a SD, it generates a 520-0054-03 Acme Packet Proprietary and Confidential 48 Best Current Practice Net-Net Central 7.x September 2011 SNMP trap towards NNC, however it is considered just as an event by NNC, not being considered as an alarm because of such action is merely informative (the severity of this trap is “Info”). Other usual event is the “Polling”. NNC is polling every each interval all managed SDs so that, in case a SD is unreachable NNC will generate itself an event noticing this issue. When such SD is reachable back again, NNC will generate another event noticing it. There are eight severity levels ranging from the highest “Emergency” to the lowest severity of “Debug” with which the SD rates the fault or action: On the left slider, menu “Fault Manager” > “Events”, NNC shows a list with all events happened on the managed SDs. The events are displayed in the order of precedence based on time and in descending order by default. As explained before, it can be customized so that the data presented in the event table changing the columns that are displayed and/or the order of the table entries as follows: 520-0054-03 Acme Packet Proprietary and Confidential 49 Best Current Practice Net-Net Central 7.x September 2011 As expected, selecting an event and clicking on “View” button, further information of an event can be reviewed. A time frame to delete events and alarms data is configured by default. The default time frame for event data purge is seven days and the default time frame for alarm data purge is fourteen days. However, they can be edited on “Fault Condition” (under “Settings” option on the menu bar across the top of the screen). Viewing Alarms The requirement that must be accomplished for that functionality is following: - A “trap-receiver” must be created by CLI ((“configure terminal” > “system” > “trap-receiver”) and it must contain NNC´s server IP on SD´s configuration. With this object configured SDs will send SNMP traps to NNC so that, NNC will be in a position of processing them appropriately. The “ip-address” configured on the SD´s “trap-receiver” configuration object has to be the corresponding to NNC. The “community-name” of the SD´s “trap-receiver” configuration object can be filled in with same information that “snmp-community” configuration object was created on SD´s configuration by CLI (“configure terminal” > “system” > “snmp-community”). As an example and according to screenshot below, the SD will notice to NNC of everything happens on it as “filter-level=All”. 520-0054-03 Acme Packet Proprietary and Confidential 50 Best Current Practice Net-Net Central 7.x September 2011 When an action happens a SD, among other things, it generates a trap towards NNC . All SNMP traps from nodes managed by NNC appear as events in the “Event” windows of the Fault Manager slider. Only subsets of traps are considered to be alarms, which appear in the “Alarms” windows of the Fault Manager slider. (Summary information about alarms can be viewed in the “Summary View” window of the Device Manager Slider). Therefore, an alarm is triggered when a condition or event happens within either SD’s hardware or software. Alarms contain an alarm code, a severity level, a textual description of the event, and the time the event occurred. First levels of alarm severity have been established to allow the SD rates the fault or action: On the left slider, menu “Fault Manager” > “Alarms”, NNC shows a list with all alarms happened on the managed SDs. if a link goes down, if a link goes up, CPU consumption reaches an established threshold, due to a failed SNMP authentication, are a few examples of actions considered as alarms by NNC. Just for the sake of an example, when the configuration is saved/activated on a SD, it generates a SNMP trap towards NNC, however it is considered just as an event by NNC, not being considered as an alarm because of such action is merely informative (the severity of this trap is “Info”). Other typical alarm is the “Polling”. NNC is polling every each interval all managed SDs so that, in case a SD is unreachable NNC will generate itself an alarm noticing this issue. When such SD is reachable back again, NNC will clear the previous alarm. 520-0054-03 Acme Packet Proprietary and Confidential 51 Best Current Practice Net-Net Central 7.x September 2011 The alarms are displayed in the order of precedence based on time and in descending order by default. As explained before, it can be customized so that the data presented in the alarm table changing the columns that are displayed and/or the order of the table entries as follows: As expected, selecting an alarm and clicking on “View” button, further information of an alarm can be reviewed. 520-0054-03 Acme Packet Proprietary and Confidential 52 Best Current Practice Net-Net Central 7.x September 2011 Additionally an alarm can be: - Cleared: the alarm is displayed with a new green color and its “Severity” will display “clear”. “Time” column is also updated. If an alarm is cleared it doesn’t mean that the problem that triggered it will be fixed. However in some cases it will be needed, especially if NNC didn’t receive the corresponding associated clear for any reason. - Acknowledge: the alarm is marked and displayed as “acknowledged”. So, it is still displayed with same color (according to its severity) but fields “Acknowledge by” and “Time” are updated. Normally a NNC’s operator will prefer to acknowledge an alarm when the reason of it is fully known and under control, which will avoid more than likely confusion later on with a true or unexpected alarm. - Unacknowledge: the alarm is unmarked as acknowledged and displayed as usual. So, it is still displayed with same color (according to its severity). Fields “Acknowledge by” and “Time” are updated accordingly. - Deleted: the alarm is deleted so that, it won’t appear on alarm’s list anymore. 520-0054-03 Acme Packet Proprietary and Confidential 53 Best Current Practice Net-Net Central 7.x September 2011 Trap event Mapping If desired default severity levels of an alarm can be customized. ” it is available on the left slider, menu “Fault Manager” > “Trap event setting”. Under “SNMP Trap OIDs” are listed all traps whose alarm severity could be remapped. Selecting the one that want to be remapped, the “Current Severity” attribute can be modified. Choosing a new severity among the ones offered on the drop-down list “Current Severity”, the severity will be remapped. The “Default Severity” column will still retain the default severity for this condition in case of need it. The new value will apply to all subsequent client displays. 520-0054-03 Acme Packet Proprietary and Confidential 54 Best Current Practice 2.5. Net-Net Central 7.x September 2011 Performance Manager Performance Manager gathers all information from a performance and operational status point of view, starting from environmental variables, storage utilization, CPU consumption, Memory consumption and so on, up to current signaling sessions (SIP, H323 and MGCP), cached contacts, agent´s status, ENUM servers’ status and so forth. 520-0054-03 Acme Packet Proprietary and Confidential 55 Best Current Practice Net-Net Central 7.x September 2011 Viewing performance To know the current status of a SD, go to the left slider “Performance Manager” > “Devices”. Select the corresponding SD, and finally press the button “View”. A “tree-menu” will appear on the left slider giving us the feasible parameters that can be consulted. Mentioning that all these values could be exported to a CSV file if desired by “Save to file” button. 520-0054-03 Acme Packet Proprietary and Confidential 56 Best Current Practice 2.6. Net-Net Central 7.x September 2011 Route Manager Net-Net RM manages easily update local route table (LRT), data on a single device or on multiple devices. With Net-Net RM, the provision of large LRTs across multiple Net-Net SBCs and Net-Net Session Routers for numeric-based routing can be achieved with ease. Net-Net RM is able to: • • • • • • • Import a comma-separated values (CSV) file containing routing information. Build an XML route table from the CSV contents. Assign a list of devices to the route set. Generate a LRT file from the route set. Push the LRT file to all assigned devices. Refresh the LRT on the device using the LRT file thas was pushed. Backup, restore, and rollback route set. 520-0054-03 Acme Packet Proprietary and Confidential 57 Best Current Practice Net-Net Central 7.x September 2011 Adding a Route Set A Route Set is a group of routes. A Route Set is the same concept than a LRT, but first is applied on NNC in this case. So that before creating routes, it is required to create a Route Set to gather them. To do it, on the left slider select “Route Manager” > “Route Sets” and tab “Route Sets”. On the “Route Sets” window, button “Add” needs to be clicked. On the new screen three fields must be filled in. Field “name” refers to a name by which this Route Set will be identified on NNC. On the other hand are fields: - “Device LRT configuration name” which is an identifier that has to match field “name” of a “localrouting-config” SD´s object. - “Device LRT file name” which is an identifier that has to match field “file-name” of a “local-routingconfig” SD´s object. A “local-routing-config” object is created under “session-router” tree on the SD´s configuration. To link a new Route Set to the “local-routing-config” above, the new Route Set should be added as follow: 520-0054-03 Acme Packet Proprietary and Confidential 58 Best Current Practice Net-Net Central 7.x September 2011 Finally clicking on the “OK” button such Route Set will be linked to that “local-routing-object”. Locking a Route Set Once a route is added, none of next actions can be performed: editing this route set, making a copy of this route set, managing routes and delete this route set. Therefore, to allow those functionalities the new Route Set must be locked. An icon dictates if a Route Set is locked or not: Icon Description Route Set locked Route Set unlocked To lock a Route Set, on the left slider select “Route Manager” > “Route Sets” and tab “Route Sets”. In the menu bar below there is a button named “Lock”, but the Route Set to be locked needs to be selected before clicking on it. Managing a Route Set As stated on previous section, once a Route Set is locked managing functionalities become available. Selecting “Route Manager” > “Route Sets” and tab “Route Sets” on the left slider, then pressing button “Managing Routes” placed at the menu bar below. Therefore, selecting a Route Set by a simple click and then clicking on this button the managing screen is showed. 520-0054-03 Acme Packet Proprietary and Confidential 59 Best Current Practice Net-Net Central 7.x September 2011 On this new window there are three important functionalities that must be mentioned: adding a route, deleting a route and importing routes. Adding a route As stated on previous section, once a Route Set is locked managing functionalities become available. Selecting “Route Manager” > “Route Sets” and tab “Route Sets”. Clicking on “Add” button a new route within the previous selected Route Set can be added. 520-0054-03 Acme Packet Proprietary and Confidential 60 Best Current Practice Net-Net Central 7.x September 2011 First, field “pub-id” is required. It contains normally the “uri-user part of the R-URI” that want to be added to be routed. Moreover, either “Session Establishment Data” or “Formula” is required too. On “Session Establishment Data”, the regular expression that will generate the answer for that particular “pub-id” is indicated. Further, “Formula” contains the same information as “Session Establishment Data” but it can be made up of variables. Using the field “Formula” while provisioning a Route Set for the future LRT is even easier. For example, using next “Formula”: !(^.*)$!sip:\1;tgrp=$TRUNKGROUP@$NEXTHOP! Both “tgrp” and “uri-domain” part can be provisioned with easy, as there is no need of editing the formula every time a route want to be added. Just changing the corresponding value associated to variables “tgrp” ($TRUNKGROUP) and/or “uri-domain” ($NEXTHOP) a new route can be defined. $TRUNKGROUP=department1 520-0054-03 $NEXTHOP=ClusterAS Acme Packet Proprietary and Confidential 61 Best Current Practice Net-Net Central 7.x September 2011 After a route is added, the Route Set needs to be transferred to the corresponding SD. Once the Route Set is transferred it would be used on the associated SD if required. Deleting a route As stated on previous section, once a Route Set is locked managing functionalities become available. Selecting “Route Manager” > “Route Sets” and tab “Route Sets”. Selecting a route by clicking on it and then pressing on button “Delete”, the route will be deleted on the corresponding Route Set. After a route has been deleted, the Route Set needs to be transferred to the corresponding SD. Once the Route Set is transferred such route will be deleted of the associated SD. Importing routes A different way than “Adding a route”, is “Importing routes”. Using “Importing routes” many routes can be added to a Route Set quickly, as a “CSV” file contains all data that want to be added to the corresponding Route Set. As stated on previous section, once a Route Set is locked managing functionalities become available. Selecting “Route Manager” > “Route Sets” and tab “Route Sets”. By clicking on “Import” button the screen to import routes appears: 520-0054-03 Acme Packet Proprietary and Confidential 62 Best Current Practice Net-Net Central 7.x September 2011 As stated a “CSV” file contains all information for each route, where each row is a route. As an example: On the “CSV” showed above every row is a route. There is no a “header-line” row, as first row also contains data instead of a description of each column. Additionally in this example, each route is made up by: - Operation (Required). Value can be “add” or “delete”. Column A. Pub_ID (Required). It contains normally the “uri-user part of the R-URI” that want to be added and hence routed. Column B. Trunk group. Column C. Trunk context. Column D. Next hop. Column E. Formula (Required). Column F. Once the “CSV” file has been loaded and the question regarding “header-line” has been answered to “No” for this particular example, “Next” button needs to be pressed to move on last step. Last step consists on correlate every column with a property. According to the example: column 1 (column A) is the “operation” property, column 2 (column B) is the “Pub_ID” property, and so on. 520-0054-03 Acme Packet Proprietary and Confidential 63 Best Current Practice Net-Net Central 7.x September 2011 This correlation can be done automatically if an “Import template” has been created previously, and it is used at the previous screen. An “Import template” can be created Selecting “Route Manager” > “Route Sets” and tab “Import templates” on the left slider. After the importing process has been completed, three routes will be added, and a route will be deleted as stated on the “CSV” file. The Route Set needs to be transferred to the corresponding SD. Once the Route Set is transferred, such routes will be available on the associated SD. Viewing a Route Set Placed on “Route Manager” > “Route Sets” and tab “Route Sets” on the left slider, choose one of the current Route Sets by clicking on one, then button “View Routes” is pressed. The selected Route Set will be showed. 520-0054-03 Acme Packet Proprietary and Confidential 64 Best Current Practice Net-Net Central 7.x September 2011 Viewing a LRT A Route Set with its routes it is also a LRT. To download the LRT generated by NNC, on the left slider select “Route Manager” > “Route Sets” and finally tab “Route Sets”. Selecting a Route Set and pressing on “View LRT” button, the corresponding LRT can be downloaded. Associating a Route Set to a device Before transferring a Route Set to a SD, an association is required between them. Therefore, once an association is created, that Route Set can be transferred to a SD, allowing to such SD making use of it for routing purposes. On the left slider select “Route Manager” > “Devices” and finally tab “Device Route Sets”. 520-0054-03 Acme Packet Proprietary and Confidential 65 Best Current Practice Net-Net Central 7.x September 2011 Basically to associate a Route Set with a SD, first of all a Route Set is selected clicking among all Route Sets currently created. Then, select the SD among all devices to associate it with the selected Route Set. Finally press the “Add” button to associate it or the “Remove” button in case of a Route Set doesn’t want to be associated with such SD anymore. Button “OK” needs to be pressed to apply the changes. Viewing associated devices to a Route Set On the left slider select “Route Manager” > “Route Sets” and tab “Route Sets”, there is a button called “View Associated Devices”. Viewing associated Route Set to a device On the left slider select “Route Manager” > “Devices” and tab “Associated Devices”. A drop down list contains the devices associated with at least a Route Set. 520-0054-03 Acme Packet Proprietary and Confidential 66 Best Current Practice Net-Net Central 7.x September 2011 Updating a device with an associated Route Set Updating a device means transferring a Route Set to a device. So, before a Route Set could be transferred to a SD two requirements must be accomplished: - A “local-routing-config” object configured on the corresponding SD where such Route Set wants to be transferred, where the parameter “Device LRT configuration name” of the Route Set has to match the field “name” of the “local-routing-config” object configured and, in the same way, the parameter “Device LRT file name” of the Route Set has to match the field “file-name” of the “localrouting-config” object configured. Such “local-routing-config” object is created under “sessionrouter” tree on the SD´s configuration as follow. - The corresponding Route Set needs to be associated with the corresponding SD where such Route Set wants to be transferred. There are several ways available to transfer a Route Set to a device. One of them is selecting “Route Manager” > “Route Sets” and tab “Routes Sets” on the left slider. The corresponding Route Set needs to be selected, and after that clicking on button “Update devices”. 520-0054-03 Acme Packet Proprietary and Confidential 67 Best Current Practice Net-Net Central 7.x September 2011 Route Sets than want to be transferred must appear within the list “Devices to Update”. If a Route Set doesn´t appear on it, it can be added just selecting such Route Set on list “Route Set Devices” and clicking on “Add” button. After that, it should appear on list “Devices to Update”. Last step before stating the updating process is selecting a failure policy: - “Roll back all successfully updated devices”. If the update task included multiple target devices and rollback fails on any one device, NNC makes a rollback on all other devices automatically. “Abort the entire job”. If the update task included multiple target devices and rollback fails on any one device, NNC aborts the entire job. Therefore, Roll back should be done manually. “Skip the failed device update and continue”. If the update task included multiple target devices and rollback fails on any one device, NNC skips the failed device and continues the process with the remaining devices. Therefore, Roll back should be done manually on the failed device. To start the updating process or transfer a Route Set to a device, pressing “OK” button. 520-0054-03 Acme Packet Proprietary and Confidential 68 Best Current Practice Net-Net Central 7.x September 2011 If the updating process has been successfully completed, the status bar will show “Completed”. If the update failed and you chose rollback as the action, you can click “Retry Failures” button in the Update Task Details window to try the update again. Otherwise, exit the window as “Rollback an upgrade procedure” should be used to move back to the last SD´s right configuration. After a device has been updated, either the upgrading procedure has to be committed in case of a successful update or it has to be rolled back in case of an unsuccessful update, as while an update task is in progress the target device is locked to all other updates. Committing an upgrade procedure After a device has been updated, such update must be either committed or rolled back. If not, the device will keep locked and futures updating process won´t be allowed. If a new upgrading process is tried, a similar error will appear: 520-0054-03 Acme Packet Proprietary and Confidential 69 Best Current Practice Net-Net Central 7.x September 2011 Commit and update validates any changes made to the target device. After an update process has been completed either successfully or unsuccessfully, it must be committed. To commit an update, on the left slider select “Route Manager” > “Devices” and tab “Device Route Set Updates”. In the list displayed there is a row for each update process performed with pending actions, as commit or rollback. On each row the information displayed is: - Name of the update. - Final status of the update. As can be red on the screenshot above, “previous update was completed but not yet committed”. In an unsuccessful case it will be filled in with “failed”. - Rollback status (if the rollback procedure has been performed). It usually indicates “completed” if the roll back was completed successfully, “failed” if the roll back was unsuccessful, or is blank if rollback action has not been performed yet. - Failure action. It indicates the action that is performed in case of a failure, according to the failure policy selected for such update. So, it will match with the failure policy selected. Therefore it can be “rollback”, “abort” or “skip”. - Route Sets involved on the updating process. - Devices involved on the updating process. Finally to commit a particular update done previously, select the corresponding update with a simple click and then click on “Commit” button. After that, the lock is removed and such update row is deleted from “Device Route Set Updates” list and is moved to “Update Task History” list, which keeps tracks of all updates made. Rollback an upgrade procedure 520-0054-03 Acme Packet Proprietary and Confidential 70 Best Current Practice Net-Net Central 7.x September 2011 After a device has been updated, such update must be either committed or rolled back. If not, the device will keep locked and futures updating process won´t be allowed. If a new upgrading process is tried, a similar error will appear: Rolling back and update rolls back any changes made to the target device. Normally it is performed when the updating process has not been completed successfully due to an error. However, even though a change has been completed properly, it can be rolled back if desired. To roll back an update, on the left slider select “Route Manager” > “Devices” and tab “Device Route Set Updates”. In the list displayed there is a row for each update process performed with pending actions, as commit or rollback. On each row the information displayed is: - Name of the update. - Final status of the update. As can be red on the screenshot above, “previous update was completed but not yet committed”. In an unsuccessful case it will be filled in with “failed”. - Rollback status (if the rollback procedure has been performed). It usually indicates “completed” if the roll back was completed successfully, “failed” if the roll back was unsuccessful, or is blank if rollback action has not been performed yet. - Failure action. It indicates the action that is performed in case of a failure, according to the failure policy selected for such update. So, it will match with the failure policy selected. Therefore it can be “rollback”, “abort” or “skip”. - Route Sets involved on the updating process. - Devices involved on the updating process. Finally to roll back a particular failed update done previously, select the corresponding update with a simple click and then click on “Rollback” button. After that the update still needs to be committed, to validate the rollback process results. Then all premises for commit are performed: the lock is removed and such update row is deleted from “Device Route Set Updates” list and is moved to “Update Task History” list, which keeps tracks of all updates made. 520-0054-03 Acme Packet Proprietary and Confidential 71 Best Current Practice Net-Net Central 7.x September 2011 Creating Route Set scheduled backups On the left slider select “Route Manager” > “Backup/Restore” and tab “Route Set Scheduled Backups”. Pressing the button “Add” a backup can be scheduled. Backups scheduled daily or weekly will be shown on the Route Set Scheduled Backups window’s list, meaning that a backup will be executed as stated on “Scheduled Settings” column. A backup scheduled to run now will be deleted of the list once it has been completed, meaning that it has been executed just once and no additional backups are planned for that Route Set. Restoring a Route Set backup On the left slider select “Route Manager” > “Backup/Restore” and tab “Route Set Backups”. On that screen a list shows all backups available, listing a name, Route Set that it is associated with and number of routes. Selecting a backup and pressing button “Restore” such backup will be restored, so that the Route Set associated to this backup will lose all changes edits made after this backup. Once the backup is restored, the Route Set needs to be transferred to the corresponding SD to be effective. 520-0054-03 Acme Packet Proprietary and Confidential 72 Best Current Practice Net-Net Central 7.x September 2011 3. Tools and Settings of Net-Net Central The menu bar across the top of the screen contains sets of functions that can be performed. They are organized into different categories or menus: “Tools”, “Settings” and “Help”. 3.1. Settings Setting menu gathers really useful functionalities as: configure a period purge for fault events and alarms, configure external trap-receivers where NNC will send its own SNMP traps in case of fail, adding a recipient information for fault email notifications, editing the information that appears in the banner at login, configuring the alarms color for each alarm severity level, etc. Fault configuration A time frame to delete events and alarms data is configured by default. The default time frame for event data purge is seven days and the default time frame for alarm data purge is fourteen days. However, they can be edited on “Fault Condition” (under “Settings” option on the menu bar across the top of the screen). If these parameters are set to 0, the event and alarm data remain the databases and are not deleted. 520-0054-03 Acme Packet Proprietary and Confidential 73 Best Current Practice Net-Net Central 7.x September 2011 Trap receivers As stated before, a SD is sending SNMP traps to NNC notifying that an action happened on such SD. Similarly, this functionalities allows the same, but in this case NNC will send to its external trap sever configured here its own SNMP traps (not the ones coming from the SDs). External trap receivers are managed on “Trap receivers” (under “Settings” option on the menu bar across the top of the screen). NNC generates a trap when it detects the following: - Failure to save a SD´s configuration. - Failure to activate a SD´s configuration. - The SD´s status change from reachable to unreachable. “IP address” corresponds to the sever receiving the traps. “UDP port” for the server receiving the traps in case it doesn´t use the default value of 162. “Community string” of the SNMP community to which the server receiving traps belongs or retains the default value “public”. Fault email notifications NNC can trigger automatic email notifications when reporting alarms for certain severities. A fault email address can be configured for each severity. They can be added on “Fault email notifications” (under “Settings” option on the menu bar across the top of the screen). 520-0054-03 Acme Packet Proprietary and Confidential 74 Best Current Practice Net-Net Central 7.x September 2011 Editing login banner The information that appears in the banner at login can be customized on “Edit login banner” (under “Settings” option on the menu bar across the top of the screen). 520-0054-03 Acme Packet Proprietary and Confidential 75 Best Current Practice Net-Net Central 7.x September 2011 In next login, the banner will look like on the following screenshot: Alarm colors Colors used to indicate the different severity levels can be customized on “Alarm colors” (under “Settings” option on the menu bar across the top of the screen). By default they are: - Critical = Red. - Major = Orange. 520-0054-03 Acme Packet Proprietary and Confidential 76 Best Current Practice Net-Net Central 7.x - Minor = Yellow. - All other alarms = Green. 520-0054-03 Acme Packet Proprietary and Confidential September 2011 77 Best Current Practice Net-Net Central 7.x September 2011 4. Script to start and stop NNC through init framework Init Script This script should be copied and created in the /etc/init.d/ directory with the file name as follows: NNC Modify the NNC_DIR variable to reference where NNC is currently installed. In this example, it was installed to /opt. So if it was installed to /NNC_INSTALL. The NNC_DIR variable would look like NNC_DIR=/NNC_INSTALL/AcmePacket/NNC700 #!/bin/sh # parameters for chkconfig in RedHat linux # chkconfig: 5 98 09 # description: Startup script for Net-Net Central service # processname: nnc # Source function ib . /etc/init.d/functions export NNC_DIR=/opt/AcmePacket/NNC700 export PIDFILE=$NNC_DIR/logs/pid export STARTPIDFILE=$NNC_DIR/logs/startpid export SLEEPTIME=1 export TOMCATPID start(){ echo "Checking if Net-Net Central is running" if [ -f $STARTPIDFILE ]; then PID=`cat $STARTPIDFILE` echo NNC already running: $PID exit 2; elif [ -f $PIDFILE ]; then PID=`cat $PIDFILE` echo NNC already running: $PID exit 2; else echo "Starting Net-Net Central" cd $NNC_DIR/bin ./startnnc.sh >> $NNC_DIR/logs/startnnc.log 2>&1 & touch /var/lock/subsys/nnc touch $NNC_DIR/logs/nnc.pid TOMCATPID=$(ps -ef | grep 'httpserver' | grep -v grep | awk '{print $2}') echo $TOMCATPID while [ -z "$TOMCATPID" ]; do echo -n -e ".\c" sleep $SLEEPTIME TOMCATPID=$(ps -ef | grep 'httpserver' | grep -v grep | awk '{print $2}') done PID=$(ps -ef | grep '/opt/AcmePacket' | grep -v grep | awk '{print $2}') echo $PID>$PIDFILE echo "NNC started" return fi } stop(){ echo "Stopping Net-Net Central" cd $NNC_DIR/bin 520-0054-03 Acme Packet Proprietary and Confidential 78 Best Current Practice Net-Net Central 7.x September 2011 ./shutdownnnc.sh >> $NNC_DIR/logs/stopnnc.log 2>&1 rm -f /var/lock/subsys/nnc return } status(){ echo "Checking if Net-Net Central is running" status # PID=$(ps -ef | grep '/opt/AcmePacket' | grep -v grep | awk '{print $2}') # PID=$(ps -ef | grep '/opt/ACMEPacket/current/classes/ACMEPacketCommon.jar' | grep -v grep | awk '{print $2}') # echo $PID } case "$1" in start) start ;; stop) stop ;; status) status ;; restart) stop start ;; *) echo "Usage: nnc {start|stop|status|restart}" exit 1 esac exit 0 Once the file has been created, as root, execute chmod 755 /etc/init.d/NNC Usage To start NNC via this script, you would execute the following command to start NNC: /etc/init.d/NNC start To Stop NNC, execute: /etc/init.d/NNC stop 520-0054-03 Acme Packet Proprietary and Confidential 79 Best Current Practice 520-0054-03 Net-Net Central 7.x Acme Packet Proprietary and Confidential September 2011 80