Professional Documents
Culture Documents
1/1531-ANF
16
06
2014
G3 901 INSTRUCTION
15
INSTALLATION INSTRUCTION
INSTALLING MANAGER AVAILABILITY
Copyright
© Copyright Aastra Technologies Limited, 2014. All rights reserved.
Disclaimer
No part of this document may be reproduced in any form without the
written permission of the copyright owner.
The contents of this document are subject to revision without notice due
to continued progress in methodology, design and manufacturing.
Aastra shall have no liability for any error or damage of any kind resulting
from the use of this document.
1 General
2 Aids
3 Delivery
8. Enter root password and patrol password, click OK and the instal-
lation starts.
10. If the PatrolAgent agent is not running, then run the service manu-
ally. See chapter 4.2.2 Running PatrolAgent service manually on
page 11.
3. ./b1config*.sh
This script is located in the Patrol3 directory (BMC_ROOT/Patrol3)
and configures the Perform bgscollect collector to work with the
kernel.
4. Go to BMC_ROOT/common/security/config_v3.0/ directory and
execute:
./sec_configure.sh <path to the Patrol3 directory> <security
level>
Note: This script is only needed if "NO" was selected for the "Overwrite
current security configuration" question during the install.The
script places the security level, files, and policy in "/etc/patrol.d"
directory. For PATROL for UNIX and Linux versions prior to
9.2.10, the script is located in $BMC_ROOT/common/secu-
rity/config directory.
For Basic Security the value is "0" and for Advance Level2 the
value is "2".
5. Restart PatrolAgent service
– Go to /etc/init.d/
– cd /etc/init.d/
– ./BMCPatrol restart
6. When the installation is finished, log off and log on as root and
unmount the CD-ROM by typing:
umount /dev/cdrom
Note: If you get any Connection host errors. Please contact your admin
to check the host namespaces and try again.
5. Restart PatrolAgent
– $ cd /etc/init.d/
– $ ./BMCPatrol restart
Install IIS from Server Manager ' Add Roles ' Web Server (IIS).
6. Choose "Prepare the request now, but send it later" and "Next"
10. Fill the "Common Name". This is usually the DNS name of the
computer.
12. Save the request file to some directory and choose a name for this
file. This file will be used in next stage to create a certificate.
Choose "Next" and go thru all the way
16. You will be presented with the page shown in the below picture.
17. Open the certificate request that is created in step 12. Open the file
using Notepad, and copy the certificate request part of the file as
text.
18. Return to web pages for request certificate in step 15 and paste the
text there, and push the "Submit".
19. You will be presented with information that your certificate has been
received and is in pending stage.
20. Once you issued the request, the certificate will be moved to
"Issued Certificate".
26. Browse to the certificate file, that you saved in step 23 and "Next"
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
28. Go thru wizard and finish it. Now you should have a valid certificate
for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
4. Enter all of the following information about your company and the
domain you are securing and then click Next.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
6. Click the button with the three dots and enter a location and file-
name where you want to save the CSR file and click Finish button
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
10. After selecting the above option, you will be presented with the
page shown in the below picture.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
11. Open the certificate request file that is created in step 6. Open the
file using Notepad, and copy the certificate request part of the file
as text.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
12. Return to web page for request certificate in step 8 and paste the
text there, and push the "Submit" button
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
You will be presented with information that your certificate has been
received and is in pending stage.
13. Issue the certificate
– Open the "Certificate Authority" in "Administrative Tools".
– Select "Pending Requests" and there should be the request
which is created in the earlier steps.
– Right click on "Request ID" which was created in earlier steps
and click "All Tasks" option and then click "Issue".
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
14. Once you issued the request, the certificate will be moved to
"Issued Certificate"
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
5. Click the browse button (…) and select the server certificate that
was received from the earlier steps.
6. Enter any friendly name in the Friendly Name text box using which,
can keep track of the certificate on this server.
7. Click OK.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
8. If successful, you will see your newly installed certificate in the list.
If you receive an error stating that the request or private key cannot
be found, make sure you are using the correct certificate and that
you are installing it to the same server that you generated the CSR
on. If you are sure of those two things, you may just need to create
a new Certificate Request and reissue/replace the certificate.
Contact your certificate authority if you have problems with this.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
5. Change the Type to https and then select the SSL certificate that
was just installed in the earlier steps.
6. Click OK.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
1. Copy the WebCentral folder from the CD Drive to any of the drives
(C-Drive Or D-Drive) in the local system. Example: C:\WebCentral
6. Enter the RT Server IP address and Password for "patrol" User and
then click on OK.
Wait to proceed to the next step as it will take some time of around 8
minutes as all the WebCentral software will be installed.
There will be message of "Installation completed successfully" be
displayed on the command prompt to proceed with the next step .
9. Run the "RunPostInstall.exe" by double clicking the exe file from
"WebCentral" folder.
10. Run the "RemoveInstalled.exe" by double clicking the exe file from
"WebCentral" folder. This operation will remove the installation
files under the "C:\Program Files\AastraMA\BMC"
11. Instalation is comptleted.
Windows 2003
1. Allow ISAPI and CGI Extensions if disabled.
2. Go to Web Service Extensions and allow All Unknown CGI Exten-
sions and All Unknown ISAPI Extensions.
Windows 2008
Add ISAPI and CGI Restrictions:
1. Open IIS manager.
2. Select server name in LHS tree.
3. In features view click on 'ISAPI and CGI Restrictions'
4. Make sure the 'Users' group is added and having permissions for
'Read & Execute, List folder contents, Read' permissions. If it not
then please add the group and give the permissions.
Checking 'Handler Mapping' Settings.
1. In IIS manager, select 'PATROLCentralWebEdition' in LHS tree
2. In features view double click on 'Handler Mappings'
3. Make sure the ISAPI-dll is listed and enabled for 'ISAPI Module'
4. If it's not there then please click on 'Add Module Mapping' in RHS
pane of IIS manager.
5. Enter the details for 'Module Mappings'
Request Path = *.dll
Module = IsapiModule
Executable(optional)='Point to ISAPI.dll in
'apache-tomacat\bin\isapi_redirect.dll
Name=ISAPI-dll
Once the above configurations are done launch the patrol webcentral by,
opening Internet explorer and, typing: http://localhost/patrol/
If prompted with the below screen and if JDK is not installed already then
by clicking the link "here" as show in the below screen shot it will install
the JDK that is needed to load the login screen.
Once the JDK is installed as suggested in the above screen, it will launch
the browser and prompt for the for user name and password as shown
below. Provide proper credentials of "patrol" user.
10. Select the option "Install products on this computer now" and click
Next
16. Enter the PATROL Default Account Login Name as "patrol" and
password as created for the patrol user and Click Next
17. Select the Security option as "Advanced security options" and click
Next
18. Select Advanced Level of Security as "Level 2" and click Next
19. Enter the PATROL Agent Port Number as "3181" and click Next
20. Select the option as "No" for the Use Fully Qualified Domain Name
(FQDN) for monitored device and click Next
21. Enter the values as mentioned below in the screen shot and click
Next
3. You may have different passwords for the user patrol on the
managed servers and your login user is not the default user patrol.
This means that you have to create Alias and Impersonation Rules.
This is done under Administration/Impersonation. Create an Alias
for each password of user patrol. Create a rule for each server or
use wildcards to reduce the number of impersonation rules. Use *
(i.e. any) for “When the user named”. Use the name of the server
as displayed in the tree view of PATROL_Main_Map. Use the Alias
corresponding to the password.
4. Load KMs for each server. This is done by loading (Note: kml – that
is, KM list):
For Telephony server: ERILinux.kml
For Windows server: ERIWIN.kml SNMP_Brigde.km (only if the SNMP
Bridge is installed on the server)
Create also a management profile to be used by the user mypatwatch
because this user is not allowed to create a profile. Execute steps 1, 2,
and 4 described above (or create a copy of the current profile with a new
name). The user mypatwatch must have the right to use the new profile.
This is done from the tabs Administration and Rights . Select under
Management Profiles the proper profile and Allow or deny rights and
Allow descendants .... Add group patwatch, allow Read and deny
Write .
Log off and log on to PATROL Central as user mypatop . Execute steps
1, 2, and 4 described above.
The next time you log on, you have to load the proper management
profile but for the following logons the management profile is loaded
automatically, holding information on servers and KMs.
• CPU
• HISTORY_Propagator
• MEMORY
• PATROLAGENT
• PROCESS
• USERS
If NETWORK is missing, it can be activated from UNIX OS -> KM
Commands -> KM Admin -> NETWORK Application -> Activate
Monitoring
Specify the password of the user patrol from (right mouse button) EETS
-> KM Commands -> Admin -> Specify Password . If the password is
not specified, alarms from Telephony Server are not sent to PATROL. It
can take some minutes for the alarm handling function to start after the
password is specified.
Verify that the alarms from the Telephony Server are visible in the Event
Manager window (EETS -> Event Manager using right mouse button).
Initiate Traffic Recording for IP traffic (IPXBRD), or voice extensions
(EXTENS), TRUNKS, and ROUTES of interest from EETS -> KM
Commands -> Traffic Recording -> Start Traffic Recording .
The new license will be used at the next restart of the PATROL Agent.
9 Deployment
10.1 Overview
Log and
Manager Availability display in
Trap/Event category Severity Event log message
maSNMPBridgeStart Manager Normal SNMPBridgeStart: $1
Availability
Alarms
maSNMPBridgeStop Manager Warning SNMPBridgeStop: $1
Availability
Alarms
maSNMPBridgeError Manager Major SNMPBridgeError: $1
Availability
Alarms
maSNMPBridgeHeart Manager Normal SNMPBridgeHeartBeat: $1
Beat Availability
Alarms
maPATROLInfo Manager Normal PATROLInfo: $3 $4 $2 $1
Availability
Alarms
maPATROLWarning Manager Warning PATROLWarning: $3 $4 $2 $1
Availability
Alarms
maPATROLAlarm Manager Major PATROLAlarm: $3 $4 $2 $1
Availability
Alarms
WBM1
Server where the event occurred.
26161
PATROL event ID. The server name and event ID can be used to
locate the event in PATROL Event Manager.
CPU.CPU ....
Event origin. PATROL object that created the event.
Alarm #1 ...
Event description.
9. Enter User name and Password for the user defined for SNMP
Bridge.
Activate SNMP Bridge
SNMP Bridge is activated through a KM command SNMP_Bridge -> KM
Commands -> Start . Verify that the SNMP Bridge is started and
running (indicated by the Status parameter of the SNMP Bridge). Check
the System Output window for any error messages.
Verify that the SNMP traps are visible on the alarm console of the
management framework (SNMP Bridge start etc.).
Update the management profile
If the SNMP Bridge is going to pick up the events from an additional
MX-ONE server, the management profile used by the SNMP Bridge
must be updated. Normally the SNMP Bridge and PATROL Central user
share a management profile.
Updating the management profile can be done in the following way (it is
assumed that the user sharing the profile, runs PATROL Central):
1. Update the management profile through Add Managed System .
2. Stop the SNMP Bridge using the Stop KM command.
3. Open the System Output window and wait for the messages Exit
from event listener and Stopping heartbeat SNMP traps (if
heartbeat is used).
4. Log off and log on again to PATROL Central.
5. Start the SNMP Bridge using the Start KM command.
To view important events for all servers (the same events as the SNMP
Bridge will receive), select Event Manager in the menu bar. Select filter
SNMP_Bridge and select Execute Filter . A popup window appears
displaying important events from all servers.
12.1 Introduction
By activating the SNMP interface of the PATROL Agent it is possible to
access PATROL parameters on the Telephony Server via SNMP: For
example parameters for Traffic Recording.
The SNMP interface of PATROL is not by default activated in Manager
Availability. This instruction describes one way to set up this interface.
(There can be a lot of variations.)
HP OpenView NNM is used as an example on how to set up an SNMP
Manager.
When using the SNMP interface it is recommended to install and use the
central part of Manager Availability (PATROL Central, the Web GUI) but
not the SNMP Bridge. In this way there is a complete GUI for trouble
shooting, online help et cetera.
The configured solution is described in on page 91fig 6. With this setup
(it is assumed that the default setup of Net-SNMP is not modified):
• All SNMP traps are sent by the PATROL SNMP subagent as
PATROL traps (described in the PATROL MIB).
• SNMP traps are sent for PATROL events corresponding to TS
alarms (active, op_cleared, sys_cleared) and for all PATROL
parameters with threshold values (threshold exceeded, alarm
condition on threshold is gone).
• The Net-SNMP agent handles the requests for all MIBs except the
PATROL MIB.
• PATROL SNMP subagent handles the requests for the PATROL
MIB.
• PATROL SNMP subagent supports SNMP v1.
SNMP
Manager
PATROL Agent
------------------- Only PATROL
PATROL SNMP MIB
Subagent
M0000248A
• The dynamic way – the OID for a parameter value may vary
between PATROL Agent restarts
• The static way via the name space – here the OID always is the
same.
.1.3.6.1.4.1.1031.1.1.1.5.1.4.25.47.67.80.85.47.67.8
0.85.47.67.80.85.67.112.117.85.116.105.108.47.118.97
.108.117.101
This string may be used by snmpget.
.1.3.6.1.4.1.1031.1.1.1.5.1.4 is the OID (to vari-
ablesTable.variablesEntry.variablesValue) and
.25.47.67.80.85.47.67.
80.85.47.67.80.85.67.112.117.85.116.105.108.47.
118.97.108.117.101 is the instance.
These strings may be used when setting up a SNMP data collection in
the GUI of OV NNM.
Because the OID is the same (only the instance is different) for all
PATROL parameters all data collections are stored under the same label
in OV NNM.