iManager U2000 Administration Training

(1)

Huawei

OptiX iManager U2000

Administration Training

(2)

All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei technologies Co., Ltd

Trademarks

HUAWEI, C&C08, EAST8000, HONET, ViewPoint, Intess, ETS, DMC, TELLIN, InfoLink, Netkey, Quidway, SYNLOCK, Radium, M900/M1800, TELESIGHT, Quidview, Musa, Airbridge, Tellwin, Inmedia, VRP, DOPRA, iTELLIN, HUAWEI OptiX, C&C08 iNET, NETENGINE, Optix, SoftX, iSite, U-SYS, iMUSE, OpenEye, Lansway, SmartAX are trademarks of Huawei Technologies Co., Ltd.

All other trademarks mentioned in this manual are the property of their respective holders.

Notice

The information in this manual is subject to change without notice, every effort has been made in the preparation of this manual to ensure accuracy of the contents, but all statements, information, and recommendations in this manual do not constitute a warranty of any kind, express or implied.

(3)

Huawei Technologies

TABLE OF

TABLE OF CONTEN

CONTEN

CONTENT

CONTEN

T

• OptiX iManager U2000 CORBA Interface

• OptiX iManager U2000 SNMP Interface

• iManager U2000 V100R002 Security and Data Management

Practice Guide

(4)

(5)

iManager U2000 CORBA Interface P-1

OSS: Operating Support System Reference book

iManager U2000 Unified Network Management System Northbound

(6)

(7)

(8)

As a model and standard of software development, the Common Object Request Broker

Architecture (CORBA) provides necessary services and toolkit to develop software. Architecture (CORBA) provides necessary services and toolkit to develop software.

The CORBA northbound interface (NBI) functions to integrate the distributed software at the

element management layer with that at the network management layer.

The CORBA NBI has the following features:

Complying with the CORBA 2.3 specification of the Object Management Group (OMG) and

supporting the IIOP 1.1 and IIOP 1.2.

Adopting the standard CORBA Naming Service 1.1 and Notification Service 1.0.

The current version that uses The ACE ORB (TAO) 1.3 is highly efficient. Capable of being

smoothly transplanted to other ORB platforms.

It supports the interconnection between different ORB platforms, including:

– IONA Orbix2000 – IONA Orbix 6.1 – InterBus – JacORB – Borland VisiBroker – Borland BES

Supporting cross-platform operation

– Windows 2000, Windows 2003, Solaris 8, Solaris 10

The CORBA NBI complies with the following standards recommended by the Tele

Management Forum (TMF): TMF 513 V2.1

TMF 608 V2.1

(9)

Network element (NE): It refers to the device in the network. The NE reports alarms to

the element management system (EMS) . the element management system (EMS) .

EMS: The network devices provided by Huawei can be managed by the iManager

U2000. The iManager U2000 is at the EMS layer and interconnects with the third-party NMS through the NBI.

NMS: It refers to the NMS of a carrier.

(10)

Querying the Current Alarms of the EMS and All NEs in Real-Time

This function allows the superior NMS to query the current alarms of the EMS and all This function allows the superior NMS to query the current alarms of the EMS and all

NEs and set alarm severity levels to filter the alarms. The filter for the notification service does not affect the query result. The current alarm refers to a fault alarm that is uncleared and unacknowledged, uncleared but acknowledged, or cleared but

unacknowledged. NMS can obtain the real-time alarms of the EMS and NEs. The EMS detects the alarms returned to the caller. The NMS needs to perform this task

periodically to obtain the real-time alarms.

Filtering Alarms

This function allows the superior NMS to set the filtering rules for the EMS or NE alarms and set the alarm severity levels, event type, and device type to filter the alarms.

Alarm Synchronization

This function allows the superior NMS to synchronize alarm information with the EMS.

Resource changing report

This function allows the EMS to report the resource changing information to the superior NMS .

Resource querying

This function allows the superior NMS to query the resource information such as the main type of EMS resource, topology information of EMS, etc.

Service deployment

This function allows the superior NMS to deploy services such as SDH, WDM path creation, active, deactive, delete, etc.

Current performance querying

This function allows the superior NMS to query the current performance data.

(11)

(12)

There are three parts of the CORBA interface: standard naming service, notifying

service and CORBA agent. service and CORBA agent.

Naming service: provides the interface for the OSS to access the U2000 CORBA. The

uniqueness of the name of the EMS must be guaranteed in the NMS management domain.

Notifying service: is responsible for the adding/deleting events monitoring, receiving

alarm/performance/report.

CORBA agent: transform the internal data of U2000 to the CORBA data complying

with the international standard and transform the request from OSS to the internal data of U2000 to guarantee the integration of OSS and U2000.

(13)

IDL: Interface Definition Language. IDL is not a programming language and its only

purpose is to allow the CORBA interface being defined as a programming language purpose is to allow the CORBA interface being defined as a programming language independent mode, and allow the inter-operation of applications programmed with different languages. IDL can not be programmed and compiled, and is only applicable to describe the CORBA interface and define the data type of the objects.

Language mapping defines how to translate the IDL file into different programming

languages. The third party software can be used such as TAO, JacORB. Huawei uses TAO to translate CORBA language into C++.

NMS and EMS invoke functions such as getNEName{} to query and report alarm,

(14)

getEMSSession: Obtain the reference of Ems Session to set up a session. getEventChannel: Obtain an event channel.

getSupportedManagers: Obtain the name list of the Manager objects supported by

the EMS.

(15)

When OSS connects to U2000, U2000 establishes a session between them. U2000

performs the “ping” every 30 seconds and if there is no reply to the “ping” for 4 times, performs the “ping” every 30 seconds and if there is no reply to the “ping” for 4 times, U2000 will abort the session; meanwhile, U2000 sends a heartbeat notifying message to OSS every 30 seconds.

(16)

getAllManagedElements: Query the NE resource information of the EMS and all NEs getAllActiveAlarms: Query the current alarms of the EMS and all NEs

getAllCurrentPMData: Query the current performance data of the EMS and all NEs NT_ALARM: Alarm notifying

(17)

(18)

The working process is as follows:

1 start the naming service 2 start the notify service 3 start the CORBA agent

4 CORBA agent registers to naming service 5 CORBA agent creates the event channel 6 OSS connects to naming service

7 OSS identifies CORBA agent through naming service 8 OSS connects to notify service through naming service 9 OSS connects to CORBA agent

(19)

(20)

CORBA NBI software component is controlled by MSUITE. The U2000 installation

package has integrated the MSUITE software, after installing the U2000, the MSUITE is installed together. So there is no need to install the MSUITE separately. CORBA Agent also need the license support. Without license, it does not work. After the MSUITE is started, we need to configure some parameters of CORBA Agent.

Steps to start the MSUITE:

Click the MSUITE icon on the desktop or click the program below:

%MSUITE%\engineering\ startclient.bat.

Enter the IP address and the user name, password to login MSUITE.

After login, select NBI > Configure CORBA Interface Instance from the main

menu to configure the CORBA NBI parameters.

Note:

If you need to install CORBA component, select Deploy > Add Component

(21)

Notify Service: Namely TAO notification service, it is a non-persistent notification

service and the default deployment type of the U2000. service and the default deployment type of the U2000.

Orbix Notify Service: Namely Orbix notification service, it is a persistent service. That

is, when the upper layer NMS is disconnected from the U2000 abnormally, the

notification component can save the notification events generated by the U2000 during this period of time to the disk or memory. After the connection between the upper layer NMS and the U2000 recovers, the notification component reports the saved

notification events to the upper layer NMS. If the connection between the upper layer NMS and the U2000 is normal, the notification component does not save any

notification event.

If the Orbix notification service is required, you need to purchase a license from

the component developer, then rename the license file to license.txt and save it in the %IMAP%/../cbb/nbi/nbicbb_3p/tools/orbix/etc/ directory.

Default Value of Port

Common Mode SSL Mode

Naming service port: 12001 Notify service port: 12002 CORBA Agent port: 12003

Naming service SSL port: 22001 Notify service SSL port: 22002 CORBA Agent SSL port: 22003

(22)

The advanced configuration items are as follows:

Character-set switch Set EMS Name

Maximum capacity of log file Whether Filter VirtualNE Log output mode

OTN Slot Rules Enable log level Enable the NE ID Enable the virtual NE

(23)

1. Click the Process Monitor tab on the Sysmonitor.

2. Stop the CORBA Service, CORBA Naming Service and CORBA Notify

Service(TAO) processes.

select the CORBA Service process, right-click, and choose Stop the Process

to stop the process. To stop CORBA Naming Service and CORBA Notify Service(TAO) processes, perform the same operations.

3. Start the CORBA Service, CORBA Naming Service and CORBA Notify

select the CORBA Service process, right-click, and choose Start the Process

to start the process. To start CORBA Naming Service and CORBA Notify Service(TAO) processes, perform the same operations.

4. Disable the CORBA Service, CORBA Naming Service and CORBA Notify

select the CORBA Service process, right-click, and choose Start Mode >

Disabled. To disable CORBA Naming Service and CORBA Notify

(24)

(25)

(26)

(27)

(28)

(29)

The strategy to deal with the interface type problems:

Query operation log to confirm the reason; OSS collects error information.

The interface connection type problem need to analyze the log file. It is complex. If

(30)

(31)

(32)

(33)

(34)

(35)

(36)

iManager U2000 SNMP Interface P-2

At the beginning, the network and service are simple. We can use ICMP and Ping

command to manage and monitor the network. As time went by, the Ping command cannot manage the network. How to develop the new NMS protocol which is easy to the maintenance engineer is the next step for R&D. In this background SNMP (Simple Network Management Protocol) is developed.

(37)

SNMP is in the application layer of the TCP/IP stack;

SNMP is above the UDP layer and the default UDP port number is 161 between NE

and U2000;

SNMP trap message is used to send the emergency information to NMS voluntarily,

when there is a link down. SNMP trap uses UDP port 162;

SNMP has three versions

SNMP v1 uses community for authentication , SNMP v1 can’t provide

encryption.

SNMP v2 improved SNMP v1 with a new concept named getbulk , it can

provide more error message , but still can not provide encryption.

SNMP v3 improved the security with USM (User Security Module) and VACM

(View-based Access Control Model), USM is used for encryption ,and VACM is used for access control.

(38)

Many telecom level equipment support SNMP, such as Huawei Access and IP

equipment. If we enable the SNMP function, and then the U2000 is server for the equipment. In this case, SNMP is a southbound interface for U2000.

Actually, SNMP is a type of NBI of U2000, which will transfer data to higher layer

OSS.

The relationship between SNMP and COBRA:

The basic function of SNMP and COBRA is to report the information to upper

level NMS;

SNMP is protocol which is applied between NMS and EMS or EMS and NEs;

but COBRA is only applied between NMS and EMS;

(39)

OSS（（（（Operating Support System））））

Software which runs on the workstation or PC to manage and monitor the

whole network.

Agent

Process which run on the managed equipments or low level NMS (U2000).

When it receive the requirement from the OSS, the Agent will give response. The main function is collecting the status information of the NEs, the realizing the remote operation from the NMS to NEs, and sending the alarm message to the OSS.

MIB

MIB (Management Information Base), is the virtual database, and it is status

set which is in the managed object. Normally the agent query the equipment status from the MIB, and the MIB will reply it from its tree topology structure directory. MIB (Management Information Base).

(40)

SNMP is divided into NMS U2000 and AGENT. U2000, the NMS sends request to

Agent. Agent is a process or task residing in managed equipment. When Agent receives the enquiry packet from the NMS, it performs decoding analysis and gets value of management variable from relevant modules. Then it generates Response message, sends the packet back to the NMS after it is encoded.

SNMP is the application layer protocol that defines the transfer of management

(41)

To simplify the development of the Agent side, SNMP only defines two kinds of

operations --- Get and Set. Get is used to obtain management information from

operations --- Get and Set. Get is used to obtain management information from managed equipment. And Set is used to configure managed equipment via setting the value of variable.

NMS and Agent transfer management information to each other via packet. And

SNMP V1 only defines five kinds of packets:

Get Request packet: Used to get the value of specified management variable. GetNext Request packet: Used to continuously get the values of a group of

variables.

GetResponse packet: Used to respond request, return value for request or

error type, etc.

Set Request packet: Used to set the specified management variable. Trap packet: Used for managed equipment to send information to NMS

initiatively in urgent cases.

GetRequest and GetNextRequest are used to obtain information of the managed

object in NM. SetRequest is used to configure the managed object. These three kinds of requests correspond with three kinds of SNMP messages. Agent responds them via sending GetResponse message.

(42)

SNMP is base on TCP/IP, and it is in the application layer of TCP/IP. SNMP provides

one simple command set for communication, and it use UDP to send and receive massage between NMS and Agent.

Version: version of SNMP;

Community: user name of NMS to login Agent.

SNMP PDU：SNMP PDU（Protocol Data Unit), SNMP protocol message

(43)

Normally:

The OSS will send message to Agent, such as request operations, after the

Agent receive the message, at first, it will check the version, community and operation objective of SNMP message. If they are matched, the Agent will give the feedback message and report what the OSS want to know.

In emergency:

Such as the NIC port is down and repaired, and then the Agent will send

(44)

1. The agent receives an SNMP request packet from the NM station through UDP

port 161.

2. The agent decodes the packet based on ASN.1 basic coding rules and represents

it in an internal data structure. The agent discards the packet if there is a decoding failure.

3. The agent gets the version number from the packet. The agent discards the packet

if the version is inconsistent with the SNMP version it supports.

4. The agent gets the community name from the packet. The community name is filled

by the NM station that sends the request. If the community name is inconsistent with that of the agent, the packet is discarded. A trap message or an Inform packet is generated simultaneously.

5. The agent gets PDUs from the authenticated ASN.1 object. If the agent fails to get

the PDUs, the agent discards the packet; otherwise, the agent processes the PDUs.

6. The agent processes PDUs differently and gets the management variables of the

corresponding protocol modules by searching nodes that correspond to management variables in the MIB.

7. The agent encapsulates the values of management variables in a PDU, uses the

source IP address and port of the request packet as the destination IP address and port, and adds the SNMP version number. A response packet is then generated. After being coded, the response packet is sent to the NM station.

(45)

(46)

SNMP NBI software component is controlled by MSUITE. The U2000 installation

package has integrated the MSUITE software, after installing the U2000, the MSUITE is installed together. So there is no need to install the MSUITE separately. SNMP Agent also need the license support. Without license, it does not work. After the MSUITE is started, we need to configure some parameters of the SNMP.

Steps to start the MSUITE:

Click the MSUITE icon on the desktop or click the program below:

%MSUITE%\engineering\ startclient.bat.

Enter the IP address and the user name, password to login MSUITE.

After login, select NBI > Configure SNMP Interface Instance from the main

menu to configure the SNMP NBI parameters.

Note:

If you need to install SNMP component, select Deploy > Add Component

(47)

Input the Send Trap address and Port, etc.

The following table lists the description and the value of the parameters.

Name Description Value

Send Trap address

Specifies the address that is set on the SNMP agent and is used to send traps to the upper level network management system OSS. IP address Default: U2000 server IP address Send Trap Port

Specifies the port that transmits trap packets. 1 to 65535 Default: 982 Receive Request from NMS address

Specifies IP address that receives the request messages from the upper level network management system OSS.

IP address Default: U2000 server IP address Receive Request from NMS Port

Specifies the port that receives the request messages from the upper level network management system.

1 to 65535 Recommended value: >1024 Default: 9812

(48)

The SNMP agent supports a maximum of 10 read/write communities. The Community

can not be empty. The default value of Read Community is public and Write can not be empty. The default value of Read Community is public and Write Community is private.

Input the OSS Receive Trap Address and Port, etc. The default port is 6666. The following table lists the description and the value of the parameters.

Name Description Value

NMS Receive Trap Address

Specifies the IP address of the third-party NMS.

IP address

Default: OSS IP address

Port Specifies the port of the third party NMS for receiving traps.

1-65535 Default: 6666 Read /Write

Community

When the third-party NMS uses the SNMP v1 or v2c protocol, the authentication control between the SNMP agent and the upper-layer NMS is implemented through

community information. To be specific, only when the set community is the same as that of the upper-layer NMS, the third party NMS responds to the alarm query requests received. Otherwise, the third-party NMS ignores the requests.

The default read/write community is public/private. You can also enter any character string consisting of 255 characters at most.

(49)

The advanced settings include the following items.

Heartbeat Settings Alarm Field Settings Set reporting notification Report Date Format Settings Encoding Format Settings Other Settings

(50)

After we add the SNMP Agent instant, we can start and stop the process by right

(51)

Entrance

Choose Administration > NE Communicate Parameter > Default Access

Protocol Parameters from the main menu.

In the Default Access Protocol Parameters tab, click the SNMP version tab to

switch to the page for configuring protocol parameters.

Configure the NE SNMP parameter template as follows:

Add a parameter template.

Click Add. After setting all the parameters in the parameter setting

area at the bottom of the window, click OK.

Modify a parameter template.

Double-click the template to be modified in the parameter template list.

Modify the related parameters in the Common parameters area. Then, click Apply.

(52)

18

For U2000 SBI, we need to configure on U2000 and configure SNMP parameters in

the managed equipment, such as DSLAM and Router. iManager U2000 SNMP Interface

the managed equipment, such as DSLAM and Router.

(53)

P-19

Pre-configuration Tasks

Before Configuring, complete the following tasks:

iManager U2000 SNMP Interface

Before Configuring, complete the following tasks:

Assigning an IP address to the router

Configuring the routing protocol to make the router and the NM Station

accessible

snmp-agent

The SNMP agent function is enabled.

snmp-agent sys-info version all

The SNMP version is configured. By default, only SNMPv3 is configured.

snmp-agent mib-view { excluded | included } view-name oid-tree

A MIB view is created.

snmp-agent community { read | write } community-name mib-view view-name

MIB-view-based access control is configured.

snmp-agent trap enable [ Trap-type [ Trap-list ] ]

The router is enabled to send alarms.

In the VRP system, alarms generated by the interface-name-change, port

and standard are enabled through the snmp-agent trap enable command.

snmp-agent target-host trap address udp-domain ip-address [ udp-port

port-number | vpn-instance vpn-intance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ]]

(54)

(55)

(56)

For more detailed steps, please refer 《 Northbound SNMP Interface User Guide

(U2000 V100R002C01) 》 (U2000 V100R002C01) 》

(57)

(58)

(59)

Performance indexes of the SNMP alarm NBI

Item Index

Maximum concurrent

NMS connections 10

Alarm Forwarding capacity

Not less than 60 alarms per second (three NMSs connected)

Alarm forwarding delay Less than 10 seconds (three NMSs connected)

SNMP request response delay

Less than 5 seconds (CPU usage is less than

(60)

(61)

iManager U2000 Security and Data Management P-0

(62)

(63)

(64)

(65)

security management strategy: The security management function provides the

role-based and domain-role-based management for the U2000 and NEs. With this function, the U2000 can also monitor in real time the users that already log in to the U2000 and NEs. In this way, the network and data security ensures that login failures or illegal operations are captured.

(66)

After installing U2000 on Solaris platform, there will be three system users: root,

sybase, nmsuser. Usually we use nmsuser to log in the JDE and start U2000 server.

root: this user is the super user of the OS and it has the highest authority in the

system. The root user is used to create other users with relevant authorities. The default password of root is rootkit.

sybase: this user is the database operation user. It is responsible for setting

Sybase environment variables, installing, maintaining and managing the Sybase database, As the owner of the directory /opt/sybase, the sybase user can manage the Sybase database, for example, configuring Sybase

environment variables and starting/stopping the Sybase service.

nmsuser: During the U2000 installation, the software creates a nmsuser user

of the operating system automatically. The nmsuser user is responsible for setting environment variables of the U2000 server and starting the U2000 server. The nmsuser user has all the rights of its home directory. The file .profile in this directory records environment variables for the U2000 running.

After database initialization, there are two default users: sa and NMSuser.

sa is the super user of the database. The default password is ‘changeme’. NMSuser is the database user which is used for U2000 to login database. The

default password is NMSuser

(67)

The logs include the U2000 security log, the U2000 operation log, the system logs

and the NE log. The logs record operations performed by operators to the U2000 or an NE.

Security logs record the security operations that the user performs in the

U2000, for example, login, logout, locking, and unlocking. By viewing the logs, an administrator can track and check the security operations of the users.

Operation logs record the information about the non-security operations that

the user performs in the U2000, for example, creating subnets, and muting and unmuting the alarm sound. By viewing the logs, an administrator can track and check the user operations.

System logs record the operations or tasks that the U2000 performs

automatically, for example, scheduled tasks and system tasks.

The NE syslog running logs record the running information of U2000 NEs. By

obtaining all NE syslog running logs from NEs through the U2000, you can view the NE syslog running logs managed by the U2000 through the U2000, instead of viewing the NE syslog running logs on each NE.

(68)

Procedure:

Choose Administration > Log Management > Query Operation Logs. You can also select Query System Logs or Query Security Logs to browse system or security logs. In the Filter window as follows, set the filtering conditions, and then click OK.

(69)

Procedure:

Choose Administration > Log Management > Operation Log Statistics

from the main menu. You can also select System Log Statistics or Security Log Statistics items.

In the Statistic Filter window, set the statistical items and statistical conditions,

(70)

Dump log can avoid that the logs reach the maximum storage capacity of the

database and that the system performance is degraded. database and that the system performance is degraded.

There are three types of dump: scheduled dump, manual dump and overflow dump. Setting the log timing dump:

Choose Administration > Task Schedule > Task Management from the

main menu.

In the Task Management window, select Database Capacity Management

in the navigation tree.

Double-click the Operation Log Dump task in the task list. You can configure

the timing dump parameters as follows and the presentation. The file type support CSV and XML.

(71)

In the network planning, you can configure and plan the data transmission according

to certain network security isolation policy. In this way, you can ensure the security and reliability of the network and data of the U2000 system, and avoid illegal login and data loss or theft.

(72)

After the SSL(Security Socket Layer) protocol is enabled, the communication

between the client and server is encrypted and secured. This can avoid hacker attacks.

Procedure:

Run ssl_adm –cmd query command in U2000\server\bin to query data

transmission modes in the server. You must run ssl_adm -cmd query command as the nmsuser user in the OS of Solaris and SUSE Linux.

Stop U2000 server if it is running.

Run ssl_adm –cmd setmode ssl to enable SSL mode. Start U2000 server.

On the computer of the U2000 client, double-click the U2000 Client icon on

the desktop

Enter the User Name, Password

The server mode of the user need to be set to SSL

Value Description

Normal Indicates that the connection between the U2000 and client is not encrypted.

SSL Indicates that the connection between the U2000 and client is encrypted. Both Indicates that both the situations when the connection between the U2000

(73)

The ACL (Access Control List) is a secure access control mechanism. It restricts a

user to log in to the server through only the clients with the specified IP addresses.

Procedure:

Choose Administration > NMS Security > ACL from the Main Menu. The ACL

dialog box is displayed

Click Add and the New System Access Control Item box is displayed Set parameters of the IP address or network segment, and click OK Click Close to close the System ACL dialog box

(74)

Procedure:

Choose Administration > NMS Security > NMS User Management from the

Main Menu.

In the NMS User Management area, double-click Users and select a desired

user.

In the right-hand pane, click the ACL Settings tab.

Select Use all the ACLs in the system or Use the specified ACLs according to

requirements.

Click Set ACL and the ACL dialog box is displayed.

NOTES:

If you select Use System ACL, the U2000 user can log in to the clients

corresponding to all IP addresses or network segments in the list by default.

If you select Use User ACL, you need to select an IP address or network

(75)

Procedure:

Click Add and the New System Access Control Item dialog box is displayed. Set parameters of the IP address or network segment, and click OK.

(76)

Procedure:

Optional: If Use the specified ACLs is selected, you need to check the Access

Permitted check box corresponding to the IP address or network segment. Click Apply.

(77)

(78)

Procedure:

Choose Administration > NMS Security > Security Policies… from the Main

Menu. The Security Policy dialog box is displayed

In the Security Policy dialog box, click the Password Policy tab.

Set the basic and advanced parameters of the password policy as required. Click OK.

In the Security Policy dialog box, click the Account Policy tab. Set the account policy as required.

(79)

Procedure:

Log in the Msuite system.

(80)

The U2000 remote maintenance function allows login to the U2000 server from a

remote client. Strict management for the remote maintenance user not only ensures U2000 system security, but also makes maintenance operations easier.

Procedure:

Choose Administration > NMS Security > Remote Maintenance User

Management from the Main Menu. The Remote Maintenance User

Management dialog box is displayed. Enable the remote maintenance user and set its other parameters

Set the Operation Authority. You can select Query or Configuration as needed Set Valid Forever or Not to No

Set Validity Period Click OK

(81)

By DCN or other types, you can access the U2000 server by remote maintenance

user. Then maintenance command can be done by this function.

Remote maintenance client login procedure.

On the Windows platform, click startup_cmdclient_global.bat under the

\U2000\client directory;

Input the user and password, then the windows display as the slide; Double click the NE, and input the command.

(82)

User: The user name and password of a U2000 user identifies the U2000

management rights entitled to the user. When a user is added to a user group, the user has all the operation rights of this user group. The U2000 provides a default user: admin. It is the super user of the system and has a higher authority than the system administrator group. You can neither modify the rights of the user admin, nor add user admin to other user groups.

Procedure:

Main Menu

In the NMS User Management area, double-click Users, right-click and choose

New User from the shortcut menu

Complete the information in the New User dialog box

For network maintenance purposes, you can create U2000 users and assign different

authorities to them. Apart from user admin, all the users to operate the U2000 need to create corresponding accounts, that is, the U2000 user accounts.

(83)

You can specify the user group of a U2000 user so that the user can have the

management rights and operation rights of the user group.

Usually, we assign the user with certain user authorities by adding the user to a user

group rather than assigning specific authorities for the user.

Procedure:

Main Menu

In the NMS User Management area, double-click Users and select a desired

user

In the right-hand pane, click the Groups tab

Optional: Select a desired user group and click Delete Click Add and the Add User Groups dialog box is displayed Select a user group that you want to add, and click OK In the right-hand pane, click the Operation Rights tab

(84)

User Group: This is a collection of the U2000 users that have the same management

rights. The default user groups are maintainer group, manager group, monitor group, operator group and security manager. The attributes of the user groups include name, description, member and authority.

Procedure:

Main Menu.

In the NMS User Management area, double-click User Group, right-click and

choose New User Group from the shortcut menu. In the New User Group dialog box that is displayed, input the information of a new user group.

(85)

The principle of assigning user authorities is as follows:

After creating a U2000 user, you assign the user with certain user authorities

by adding the user to a user group rather than assigning specific authorities for the user.

If the user authorities are limited, and the user cannot perform certain

operations after the user is added to a default user group, you can create user group. After adding authorities to this user group, you can assign the user to this new user group.

In practice, you may need to add or delete specific authorities for a user

without creating new user groups. In this case, follow the rules below.

To modify specific authorities for a number of NEs, do not directly

select these NEs. Creating an Object Set for the NEs that require more authorities, and assign authorities for the equipment set.

To assign a number of operation authorities to a user, do not directly

select all these operation authorities. Creating an Operation Set for these operations and assign the operation set to the user.

(86)

Operation Set: This is a collection of client-side operations. Operation sets are

established to facilitate the user right management. Different client-side operations have different impacts on the system security. Those operations that impose similar impacts on the system security are allocated to the same operation set. In this way, if a user (or user group) is authorized with the rights of an operation set, the user (or user group) can perform all the operations in the operation set. If the default operation sets do not meet the requirements for the right allocation, you can create new

operation sets as required.

Procedure:

Main Menu.

In the NMS User Management area, right-click Operation Set and choose New

Operation Set from the shortcut menu.

In the New Operation Set dialog box displayed, input the information of a new

operation set.

Click the Members tab. Check the Select button (display in the slide) or Copy

member from operation button to add members to the operation set.

Click OK.

U2000 supports modifying an operation set, deleting an operation set, exporting or

(87)

Object Set: It is a collection of manageable devices and device services. By default,

the U2000 provides All Objects. If a user or user group can manage an object set, it indicates that the user or user group can manage all the objects in the object set. The administrator can create an object set, add objects that can be managed in a

centralized manner to the object set, and specify a user or user group to manage the objects in the object set. In this way, the management cost of the administrator can be reduced.

Procedure:

Main Menu

In the NMS User Management area, click Object Set, right-click and choose

New Object Set from the shortcut menu

In the New Object Set dialog box that is displayed, input the information of a

new equipment set

Click the Members tab. Check the Select button (display in the slide) or Copy members from object button to add device to the object set.

(88)

Procedure：

Main Menu

In the NMS User Management area, double-click User Groups, and select a

U2000 user group

In the right-hand pane, click the Operation Rights tab

Optional: Select one or more desired operation authorities and click Delete Click Select and the Select Operation Rights dialog box is displayed Select the operation and operation set

(89)

Procedure:

main menu

In the NMS User Management navigation tree, expand the User Groups node,

and then select a user group

Click the Domain tab to view the managed domain of the user group

Click Select button. In the Select Domain dialog box, select the devices and

object sets.

(90)

(91)

You can back up and restore the U2000 data in two ways: Back up and restore all

data in U2000 databases, and back up and restore the U2000 network configuration data by using scripts.

The following data is not backed up when you back up the U2000 database:

The data save at the NE side that cannot be uploaded. The custom options of the system.

Comparison of Two Data Maintenance Methods

Method Characteristics Application Scenario

Backing up and restoring all data in the U2000 databases

1. Backs up the structure and contents of the U2000 database. The data is in the binary mode.

2. Backs up all data.

3. The processing speed is fast, and the backup file is big.

The backed up data for a certain type of database cannot be restored to the data for a different type of database.

Backing up and restoring the

1. Exports the configuration data in the U2000 to a txt file that is similar to the

This method is usually used to upgrade the

(92)

Databases used by U2000 NMS and LCT

Sybase 15 database (Solaris OS)

a relationship database which uses tables to store data MS SQL Server database (Windows OS)

the function is similar to Sybase, which supports graphic user interface.

MS SQL Server 2000 is used by U2000.

Sybase database server

All the operations about backup and restoration are implemented via backup

server

Precondition: backup server and master server must be installed in the

same computer

Procedure: sends out backup or restore commands by SQL language,

the backup server executes data input or output of disk after receiving the commands

(93)

Back up is a method used to store important data to prevent the damage of the

original data. You can back up network configuration data, alarm data and performance data.

Dump is a method used to store the log information in databases as operating system

files in text format, to clear database space. The dumped objects are various types of logs, including alarm events, abnormal events, operation logs and different types of performance events.

(94)

Procedure :

Choose Administration > Back Up/Restore NMS Data > Database Backup

from the Main Menu

Set a backup directory for the server, and click Backup. The U2000 starts to

back up the database. A progress bar is displayed showing the status of the operation.

Notes: The default directory for database backup is as below:

On the UNIX platform, /U2000/server/var/backup On the Windows platform, d:\U2000\server\var\backup

(95)

Procedure:

1. Login to the U2000 client.

2. Choose Administration > Task Schedule > Task Management from the main

menu.

3. Click New. The New Task dialog box is displayed.

4. Select DB Backup as the task type and enter a name for the scheduled task.

Select Period as the run type. Then click Next.

5. In Time Setting, set the planed start time of the task. In Period Setting, set

the planed period and execution times of the task. Then, click Next.

6. Select Back up the data to the local server and enter a backup path on the

local server. Then click Finish. The created scheduled task is displayed in the Task Management window.

(96)

Procedure for backup:

1. Start the NMS Maintenance Suite

In Solaris and Linux, run the following commands:

# cd /opt/HWENGR/engineering # ./startclient.sh

In Windows, access the C:\HWENGR\engineering path, and then run

the startclient.bat file.

2. Log in to the MSuite. The default user name and password are both admin. 3. Select Back Up and Restore -> Back Up System Data.

Procedure for Restore:

1. Shut down U2000 client and server.

2. Start the U2000 MSuite, login MSuite client.

3. On the NMS maintenance tool client, choose Backup and Restore >

Restore System Data.

4. Select the backup file and click Next.

5. The system starts the restoration preprocessing and data restoration, and

displays the restoration progress in a progress bar. Wait patiently.

6. After the backup is complete, click Finish. 7. Start U2000 server and client.

Prerequisite for backup:

On UNIX and Linux, the current user is root and the Sybase database must be

started.

(97)

Procedure for backup:

4. Select Data Backup – Binary Mode (Recommended). Then click Next. 5. Select Back up the data to the local server.

6. Set the backup path on the local server. Then click Next.

7. The system starts the backup preprocessing and data backup process. A

progress bar is displayed to show the backup progress. Wait patiently.

8. After the backup is complete, click Finish.

(98)

Procedure for Initialization:

1. Start the U2000 MSuite

2. Log in to the client. The default user name and password are both admin. 3. Choose System > Initialize NMS from the main menu. .

4. Click Next.

5. The system starts initializing the database and displays the initialization

progress in a progress bar. Wait patiently.

6. After the initialization is complete, click Finish

Prerequisite for database initialization:

The U2000 server application is stopped.

On UNIX and Linux, the current user is root and the Sybase database must be

started.

On Windows, the current user must have the administrator authority of the

(99)

This method is usually used to upgrade the U2000 and to back up and restore the

basic configuration data for a single NE. This method also restores the user-defined data. The new U2000 version is compatible with the scripts of the old version.

Procedure:

Choose Administration > Back Up/ Restore NMS Data > Import/Export Script

File from the Main Menu

Select a file format. Then select a script file type from the Script File Type field Select the NE for which you want to export script files from the Export NE List Click Create File Directory to create a directory where the exported script files

are to be saved

Enter the directory name and click OK Select a directory and click Apply

In the Confirm dialog box, click OK. A progress bar appears showing the

status of the export

(100)

Procedure:

Choose Administration > Back Up/ Restore NMS Data > Import/Export Script

File from the Main Menu.

Click the Import option button.

Select the file format and select the script file type from the Script File Type

field.

In the Operation Directory List, select the directory where the script file is to be

imported is located.

Select the script file to import from the Import File List.

Click Apply. The system prompts you twice that the import of the configuration

script will result in data inconsistency between the U2000 and the NE.

Click OK. A progress bar appears showing the status of the import.

NOTES:

(101)

Procedure:

Choose Administration > Task Schedule > Task Management from the main

menu.

In the Task Management window, select Database Capacity Management,

Manual Dump or Overflow Dump in the navigation tree.

Double-click the task in the task list. You can configure the dump parameters

as the presentation. The file type support CSV and XML.

overflow dump :It is performed when the logs in the databases reach the maximum

storage capacity. You can specify the number of logs to dump.

Maximum Capacity : The maximum piece of data that can be saved when the

U2000 server works normally. If exceeded, the overflow occurs

scheduled dump : It is the alternative method of overflow dump, is optional. You can

set whether to create a scheduled task, and if you create a scheduled task you can specify the schedule time and duration.

(102)

(103)

(104)

iManager U2000 Security and Data

Management Practice Guide

(105)

iManager U2000 Security and Data Management Practice Guide

1.1 Manually Backing Up the U2000 Database ... 20 1.2 Automatically Backing Up the U2000 Database ... 21 1.3 Manually Backing Up the U2000 Data by Script ... 21 1.4 Initializing the U2000 Database (HA System) (Optional) ... 22 1.5 Initializing the U2000 Database ... 22 1.6 Restoring the U2000 Database (HA System) (Optional) ... 22 1.7 Restoring the U2000 Database ... 23 1.8 Restoring the U2000 Data by Script ... 23 1.9 Viewing the Status of the Databases ... 24

Task 6 Log Management ... 25

1.1 Browsing Security Logs ... 25 1.2 Period dump of security logs ... 25 1.3 Setting the Overflow Dump for Security Logs ... 27 1.4 Dumping Security Logs Manually ... 28 1.5 Browsing Operation Logs ... 30 1.6 Period dump of operation logs ... 30 1.7 Setting the Overflow Dump for Operation Logs ... 31 1.8 Dumping Operation Logs Manually ... 31 1.9 Browsing System Logs ... 31 1.10 Period dump of System logs ... 32 1.11 Setting the System Dump for Operation Logs ... 32 1.12 Dumping System Logs Manually ... 33

Task 7 File System and Disk Management ... 34

1.1 Checking the Disk Status of the U2000 Server ... 34 1.1.1 On the UNIX Platform ... 34

(107)

1.2 Checking the Disk Space of the U2000 Server ... 34 1.2.1 On the UNIX Platform ... 34

1.2.2 On the Windows Platform ... 35

1.3 Clearing Disk Space of the U2000 Server ... 35 1.3.1 On the UNIX Platform ... 35

1.3.2 On the Windows Platform ... 35

1.4 Clearing Disk Space of the U2000 Client ... 36 1.4.1 On the Windows Platform_{... 36}

Task 10 MSUITE Operation (Optional) ... 37

1.1 Logging in the MSUITE ... 37 1.2 Refreshing the Information of the Network Management System ... 38 1.3 Synchronizing the Information of Network Management System ... 38 1.4 Adding component ... 39 1.5 Deleting component ... 40 1.6 Adding the Instance ... 40 1.7 Modifying the Instance Information ... 41 1.8 Deleting the Instance ... 41 1.9 Configuring the CORBA Interface Instance (Optional) ... 42 1.10 Exiting the MSUITE Client ... 42

(108)

Task 1 Starting and Shutting Down U2000

1.1 Starting U2000

iManager U2000 (U2000 for short as below) includes three parts:

So to start U2000, there are three steps: 1) Starting the database;

2) Starting the U2000 Server; 3) Starting the U2000 Client.

U2000 can be installed on the UNIX/Linux and Windows platforms, and it provides the same functions and shares the same operations on these platforms.

1.1.1 On the UNIX Platform

The database always starts with the Operating System (OS), and you can check in by inputting the commands on the terminal window: (Here we use nmsuser user)

$cd /opt/sybase/ASE-15_0/install $ ./showserver

If it replies at least two processes as below, it means sybase has started correctly. /opt/sybase/ASE-15_0/bin/dataserver –sDBSVR –d/opt/sybase/data/lv_master /opt/sybase/ASE-15_0/bin/backupserver –SDBSVR_back –e/opt/sybase/ASE-15_0/ And then start the U2000 Server and the U2000 Client as follows:

Step Action

1

Starting the U2000 Server

Method 1: U2000 server will automatically start with OS;

Method 2: Enter the following commands in the terminal window. $cd /opt/U2000/server/bin

(109)

Step Action

$ ./startnms.sh

2

Starting the U2000 System Monitor

Method 1: Double-click the "U2000 System Monitor " icon on the desktop; Method 2: Enter the following commands in the terminal window.

$cd /opt/U2000/client

$ ./startup_sysmonitor_global.sh

3

Enter the user, password and server. For example, User: admin

Password: XXXXX (The initial password of the admin user is null. When you log in

to the system for the first time, the system requires you to change the password.)

Server: Local

4

Click <Login> Notes:

Wait a few minutes until the NE Manager, Security Process, Topology Processr, etc. processes of Automatic start mode are all in "Running" status. Then the U2000 server starts successfully.

5

Starting the U2000 Client

Method 1: Double-click the "U2000Client" icon on the desktop. Method 2: Enter the following commands on the terminal window: $cd /opt/U2000/client

$./startup_all_global.sh

6

Enter the user name, password and server. For example: User: admin

Password: XXXXX (The same password as you login system monitor) Server: <Local>

Notes:

If the UU2000 Server and the U2000 Client are on different computers, click icon to edit the IP Address and port where the U2000 Server is installed.

(110)

Double-click the icon to see the status. If it is not in running status, then click Start. And then start the U2000 Server and U2000 Client as follow:

Step Action

1

Starting the U2000 Server

Method 1: Double-click the "U2000Server" icon on the desktop;

Method 2: In the directory C:\U2000\server\bin, double-click “startnms.bat”.

2

Starting the U2000 System Monitor

Method 1: Double-click the "U2000 System Monitor " icon on the desktop; Method 2: In the directory C:\U2000\client, double-click

“startup_sysmonitor_global.bat”.

3

Enter the user, password and server. For example, User: admin

Password: XXXXX (The initial password of the admin user is null. When you log in

to the system for the first time, the system requires you to change the password.)

Server: Local

4

Click <Login> Notes:

Wait a few minutes until the NE Manager, Security Process, Topology Processr, etc. processes of Automatic start mode are all in "Running" status. Then the U2000 server starts successfully.

5

Start the U2000 Client

Method 1: On the computer of the U2000 client, double-click the "U2000 Client" icon on the desktop.

Method 2: In the directory C:\U2000\client, double click “startup_all_global.bat”.

6

Enter the user name, password and server. For example: User: admin

Password: XXXXX(The same password as you login system monitor) Server: <Local>

Notes:

If the U2000 Server and the U2000 Client are on different computers, click icon to edit the IP Address and port where the U2000 Server is installed.

(111)

1.2 Shutting Down U2000

To shut down U2000, there are two steps: Shutting down the U2000 Client; Shutting down the U2000 Server;

1.2.1 On the UNIX Platform

Step Action

1

Shutting down the U2000 client: Select [File/Exit] on the main menu.

2 Click <OK> on the Logout Confirmation dialogue box.

3 If the topology has changed, please save it to the database, click <OK>.

4

Shutting down the U2000 server by command $cd /opt/U2000/server/bin

$ ./stopnms.sh

Shutting down the U2000 server from System Monitor Client. Select [Administration/ShutDown NMS] from the menu.

1.2.2 On the Windows Platform

Step Action

1

Shutting down the U2000 client: Select [File/Exit] on the main menu.

2 Click <OK> on the Logout Confirmation dialogue box.

3 If the topology has changed, please save it to the database, click <OK>.

(112)

Task 2 Starting and Shutting Down U2000 (Solaris HA

System) （

（

（Optional）

）

1.1 Starting U2000

iManager U2000 (U2000 for short as below) includes three parts:

So to start U2000, there are three main steps: 1) Starting the OS and Veritas software; 2) Starting the U2000 Server;

3) Starting the U2000 Client.

You should start the OS of both the active and standby servers and the software such as VxVM, VVR and VCS. Normally, the U2000 is not started automatically with the VCS. You need to start the U2000 applications manually.

Caution: Start the U2000 server only on the primary node.

Step Action

1

Turn on the power supply of the active server. Login the Solaris as root user and the default password for root user is rootkit.

The OS is automatically started and at the same time, VxVM, VVR and VCS are all started automatically along with the OS.

2

Turn on the power supply of the standby server. Login the Solaris as root user and the default password for root user is rootkit.

The OS is automatically started and at the same time, VxVM, VVR and VCS are all started automatically along with the OS.

3 Run the following command to log in to the VCS interface on primary node.

# hagui &

(113)

Step Action

4

Select [File/New Cluster...], and input [Primary] in the “Host name” column, then click <OK>;

Here Primary is the hostname of the primary workstation. You can also enter the IP address of

the Heartbeat network service of the primary site

5

Input user name [admin] and password [password], then click <OK>;

6

Right-click AppService in the Object Tree and choose Online > Primary to start the U2000 on the primary node.

(114)

Step Action

7 If the status of all resources in the AppService group is Online on Primary, the AppService is

normally started.

8 On the U2000 client computer, double-click the U2000 Client icon on the desktop.

9 Enter the User Name and Password of the U2000 client.

For example, the default super user name: admin; password: admin.

1.2 Shutting Down U2000

To shut down U2000, there are four steps: Shutting down the U2000 Client; Offline the U2000 server;

Disable VCS service;

(115)

Step Action

1

Choose File > Exit from the Main Menu of U2000 client.

In the Confirm dialog box displayed, click OK to log out of the client.

2

Log in to the VCS interface on active server.

Right-click AppService in the Object Tree and choose Offline > Primary to shut down the U2000 on the active node.

3

Log in to the active server as the root user and run the following commands to stop the VCS service:

# cd /opt/VRTSvcs/bin # hastop -all –force

4

To check whether the VCS service is disabled normally, run the following command:

# ps -ef | grep had

If information about "had" and "hadshadow" is not detected, it indicates that the VCS service is disabled normally.

5

Log in to the server of the standby site as the root user and perform the preceding two steps to stop the VCS service on the server of the standby site.

6

Run the following command on both the primary and secondary nodes to keep the data in the disk synchronous with the data stored in the memory:

# sync; sync; sync; sync; sync

7

Run the following command at both the primary and secondary nodes to shut down the workstation:

iManager U2000 Administration Training

Huawei

OptiX iManager U2000

Administration Training

All Rights Reserved

Trademarks

Notice

TABLE OF

TABLE OF

TABLE OF

TABLE OF CONTEN

CONTEN

CONTENT

CONTEN

T

T

T

• OptiX iManager U2000 CORBA Interface

•

OptiX iManager U2000 SNMP Interface

• iManager U2000 V100R002 Security and Data Management

•

iManager U2000 V100R002 Security and Data Management

Practice Guide

iManager U2000 Security and Data

Management Practice Guide

Table of Contents

Task 1 Starting and Shutting Down U2000

Task 2 Starting and Shutting Down U2000 (Solaris HA

System) （

（

（

（Optional）

）

）

）