2. NetMaster Installation
2.3 Post Installation
2.3.1 NetMaster Server post installation
This section describes post installation steps for a NetMaster Server installation.
This guide requires that the steps for NetMaster Installation on Windows or NetMaster Installation on Solaris already have been completed.
Note that for a new and upgrade installation, NetMaster is not ready to run until System Manager's NetMaster Initial Setup wizard is completed.
Windows only: Windows Services and Server Monitor
At the end of an installation on Windows platform, the NetMaster Server is installed as a Windows service and a Server Monitor application is automatically started (look for the systray icon ). If you don't want the NetMaster Server to start automatically upon computer reboot, you can set the mode of the NetMaster Service to manual in the Services applet in the Control Panel.
Ceragon Proprietary and Confidential Page 35 of 68 Windows 2003 only:
In order to manage devices of the IP-20 family, a change in the Windows registry must be made to avoid running out of sockets.
This change is described in http://support.microsoft.com/kb/196271
Windows Server Installation
To enable System Manager to open with Internet Explorer 11 following the completion of a NetMaster installation or upgrade, do the following:
In Internet Explorer 11, add localhost, or the site where you installed the System Manager, to the Compatibility View. See the example below.
2.3.1.2 NetMaster Recommended Settings
The settings are dependent on the network size. The following table presents the recommended settings for various sizes:
Network
size Max Connection Pool Size Max Thread Pool Size Heap Size
4000 NEs 500 250 10000
2000 NEs 300 130 5000
1000 NEs 250 100 3000
Ceragon Proprietary and Confidential Page 36 of 68
2.3.1.3 System Manager
The System Manager tool contains database related tasks and also general NetMaster maintenance tasks intended to ease NetMaster configuration. After closing the NetMaster Installer you will be prompted to start the System Manager to complete the NetMaster configuration (this is only valid for Windows platform - for Solaris platform, System Manager must be launched manually)
Log in using System Manager administrator user. System Manager will if needed automatically launch the NetMaster Initial Setup wizard that will help you through the necessary setup pages.
The initial authentication credentials for the System Manager administrator are:
User name: root Password: pw
Note: It is strongly recommended to change the password of the root account as soon as possible to prevent unauthorized access. To change the password, open the System Manager Settings view.
See System Manager online help or PDF document on install media for more information.
2.3.1.4 NetMaster Heap Size configuration
NetMaster is predefined with a Maximum Heap Size of 768 MB. However this parameter should be tuned on servers where the number of managed network elements is expected to increase above 100. The maximum allowed heap size is highly dependent on available memory on the server.
To configure the heap size:
1. In the NetMaster System Manager: open the Settings menu and click NetMaster Server.
2. Change the default value for Maximum Heap Size to a new value. i.e. 1400.
3. Restart NetMaster Server
If the server fails to start, reset the Maximum Heap Size, as above, using a lower value than the one suggested.
If the server starts successfully, leave the server running or increase the value even further until server start fails. Then use the last value it successfully started with.
Server should now have an optimal Heap Size.
2.3.1.5 Firewall settings
If connecting any remote NetMaster clients to the server, and the computer’s firewall is enabled, it is necessary to configure the firewall to allow the following ports to be opened towards the NetMaster application server:
Ceragon Proprietary and Confidential Page 37 of 68
Port Description
TCP port 1098 Java RMI Activation Port. TCP port at which the activation system (rmid) listens
TCP port 1099 Java RMI Registry Port.
TCP port 8089 NetMaster's report feature
TCP port 3873 JBoss EJB 3 socket based invoker layer TCP port 4446 JBoss EJB3 remote method invocation
TCP port 61616 Used by NetMaster client to connect to an enterprise messaging queue that runs within NetMaster, used to push events to the client about changes in services.
In order for NetMaster server to manage network elements, it is necessary to configure the firewall to allow the following ports to be opened towards the network elements:
Port Description
TCP port 80 HTTP - Hypertext Transfer Protocol
TCP port 443 HTTPS - Hypertext Transfer Protocol Secure
In order for NetMaster server to act as an FTP server, the following ports must be opened toward the NetMaster application server:
Port Description
TCP port 20 FTP - File Transfer Protocol [default data]
TCP port 21 FTP - File Transfer Protocol [Control]
In order for NetMaster server to act as an SFTP server, the following ports must be opened toward the NetMaster application server:
Port Description
TCP port 20 SFTP – Secure File Transfer Protocol [default data]
TCP port 22 SFTP – Secure File Transfer Protocol [Control]
Important Note: To use SFTP, the root directory of the SFTP user must be the SFTP user's home directory. This requires SSH software that supports the ability to change the root directory, such as OpenSSH.
In order for the NetMaster server to receive traps from network elements, the following port must be opened:
Port Description
UDP port 162, or any other user defined port
SNMP trap port.
Default port is 162, but can be set to a different port in the Snmp Trap Port Number field in the NMS Server system manager view
Ceragon Proprietary and Confidential Page 38 of 68
The following ports are in use internally on the server machine and therefore should not be used for other applications on that machine:
Port Description
UDP port 1621 SNMPv1 and SNMPv2c internal trap port. In use on the server machine when either SNMPv1 or SNMPv2c traps are received from the device on the SNMP trap port (default: 162). This port does not need to be opened on the firewall.
UDP port 1622 SNMPv3 internal trap port, in use on the server machine when SNMPv3 traps are received from the device on the SNMP trap port (default: 162).
This port does not need to be opened on the firewall.
TCP port 1090 RMI/JRMP socket for connecting to the JMX MBeanServer.
This port does not need to be opened on the firewall.
TCP port 1091 RMI server socket.
This port does not need to be opened on the firewall.
If the SNMP agent is installed, the following port must be open:
Port Description
UDP port 161 SNMP get/set port
Ports to be opened at the machine where the Database is installed:
Port Description
TCP Port 1521 Oracle Database server TCP Port 5432 postgres SQL Database server
Ports to be opened at the machine where the System Manager is installed:
Port Description
TCP port 18005 Shutdown port TCP port 18010 AJP connector port TCP port 18080 Connector port TCP port 18443 Redirect port
Ports to be opened at the machine where Northbound SNMP manager is installed:
Port Description
UDP port 162 Northbound SNMP Trap Port
For Windows Firewall, these ports can be opened as follows:
1. Open the Windows Firewall in the Windows Control Panel
2. In the General tab, make sure that On (recommended) is selected and that Don’t allow exceptions is not checked.
3. In the Exceptions tab, click the Add Port. Repeat for all ports to allow.
4. Type the name, i.e. “NetMaster JNDI Port”.
Ceragon Proprietary and Confidential Page 39 of 68 5. Type the port number, i.e. “1098”.
6. Make sure that TCP is selected.
7. If you want to limit the IP addresses that are allowed to connect using this port, click the Change scope button:
Select Custom list and specify the IP-addresses of all GUI Client computers, or
Select My network (subnet) only to only allow GUI Clients within your local subnet.
8. Click OK 9. Click OK
10. In the Advanced tab, make sure that the network connection your computer is using is enabled (checked) in the Network Connection Settings list.
For other firewalls, different procedures may be required.
2.3.1.6 NetMaster GUI Client
Start the NetMaster Client from the program shortcut folder selected during the installation process. A Login window will be displayed where the authentication credentials and the server host name must be entered.
The authentication credentials for the root administrator are:
User name: root Password: pw
Note: It is strongly recommended to change the password of the root account immediately after the first login to prevent
unauthorized access. To change the password, open the User Settings preferences menu.
See the Login dialog section for more information.
The next step is now to discover your network.
Opening two NetMaster Clients on the same machine
You may wish to open two NetMaster Clients on the same machine. To do so, you must remove the following lines from the Ngnms.ini file, located by default under C:\Program Files (x86)\NetMaster\GUI_Client:
-Dcom.sun.management.jmxremote.port=9011 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
Ceragon Proprietary and Confidential Page 40 of 68
2.3.1.7 NetMaster license
In order to run NetMaster, it is necessary to have a license and this can be activated with a file (sw-nms.key).
If this key file was not available when performing the installation the license can easily be activated when you receive this from Customer Support. Unzip the .zip file you received from Customer Support.
Use the System Manager or Server Monitor application to activate the license.
If you do not have a NetMaster license, contact us by making a Technical Support request or contact your sales representative for an offer.
After the activation of the license, take note that this is only a temporary license and that it is necessary to make a permanent license.
2.3.1.8 Database administrator user privileges
In order to be able to run the wizards that can be found in the Database Task view in the NetMaster System Manager on an Oracle database, you need to create database users with sufficient privileges to perform the tasks:
In order to do initial setup and create and delete user/schema, you need to have a Database administrator user with similar privileges as a SYSTEM user.
In order to do set active and analyze user/schema, you need to have a
Database administrator user with at least CONNECT, RESOURCE, and SELECT on SYS.USER$ privileges.
In order to do backup user/schema, you need to have a Database
administrator user with at least CONNECT, RESOURCE, SELECT on SYS.USER$, SELECT on V_$INSTANCE privileges.
In order to do restore and reinitialize user/schema, you need to have CONNECT, RESOURCE, SELECT on SYS.USER$, SELECT on V_$INSTANCE , SELECT on V_$SESSION, SELECT on V_$TRANSACTION and SELECT on V_$ROLLNAME privileges.
In order to upgrade user/schema, you need to have a Database administrator user CONNECT, RESOURCE, SELECT on SYS.USER$, SELECT on V_$SESSION, SELECT on V_$TRANSACTION and SELECT on V_$ROLLNAME, SELECT on V_$PARAMETER, SELECT on V_$INSTANCE privileges.
For some Oracle releases, in order to do backup and restore user/schema, the Database administrator user must have in addition CREATE ANY DIRECTORY privileges.
Ceragon Proprietary and Confidential Page 41 of 68
2.3.1.9 Maintenance issues
NetMaster Server generates different log files. These files tend to grow large when managing networks with many elements and heavy traffic.
Delete old server log files
Locate your NetMaster log file directory and remove all files older than three months:
Installation directory:
<NetMaster installation>\ Server\JBoss-4.2.3\server\ngnms\log Example for Windows:
C:\Program Files (x86)\NetMaster\Server\JBoss-4.2.3\server\ngnms\log
Backup important files and folders
A full system recovery is likely to take less time if these files and folders are backed up regularly:
License file for NetMaster:
<NetMaster installation>\Server\JBoss-4.2.3\server\ngnms\license\*.key
Database server connection parameters and other settings (also copy sub folders):
<NetMaster installation>\SystemManager\conf\*
Database backup files. Can be stored on user configurable folders. Default folder for Windows is:
C:\NgNMS\backup\database
Ceragon Proprietary and Confidential Page 42 of 68