IManager U2000 V200R017C60 Administrator Guide 02 (PDF) - C

iManager U2000 Unified Network Management
System
V200R017C60
Administrator Guide
Issue 02
Date 2018-03-05
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Issue 02 (2018-03-05) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co., Ltd.
iManager U2000 Unified Network Management System
Administrator Guide About This Document
About This Document
Related Version
The following table lists the product version related to this document.
Product Name Version
iManager U2000 V200R017C60
Intended Audience
This document describes the operations that are performed by the network management
system (NMS) administrators on the U2000. This document describes the processes of and
methods for the operations and maintenance in various aspects, including user management,
log management, database management, process management, and file management.
This document is intended for:
l U2000 system administrators

l Technical support engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation

which, if not avoided, will result in death or
serious injury.
Indicates a potentially hazardous situation

which, if not avoided, could result in death
or serious injury.

which, if not avoided, may result in minor
or moderate injury.
Issue 02 (2018-03-05) Huawei Proprietary and Confidential ii

Symbol Description

which, if not avoided, could result in
equipment damage, data loss, performance
deterioration, or unanticipated results.
NOTICE is used to address practices not
related to personal injury.
Calls attention to important information,

best practices and tips.
NOTE is used to address information not
related to personal injury, equipment
damage, and environment deterioration.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[] Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... } Optional items are grouped in braces and separated by

vertical bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.
{ x | y | ... }* Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]* Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Boldface Buttons, menus, parameters, tabs, window, and dialog titles

are in boldface. For example, click OK.
Issue 02 (2018-03-05) Huawei Proprietary and Confidential iii

> Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder.
Element Conventions
Elements used in this document are described in the following table.
Element Description
Used to fuzzify example IP address and

version information.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue
contains all updates made in previous issues.
Changes in Issue 02 (2018-03-05) Based on Product Version V200R017C60

The second commercial release has the following updates:
Fixed some bugs.
Changes in Issue 01 (2017-10-25) Based on Product Version V200R017C60

Initial release.
Issue 02 (2018-03-05) Huawei Proprietary and Confidential iv

Administrator Guide Contents
Contents
About This Document.....................................................................................................................ii

1 Security Precautions (for Administrators)................................................................................ 1
2 Starting the U2000 System......................................................................................................... 12
2.1 Starting the U2000 Server in a Windows Single-Server System..................................................................................12
2.1.1 Powering On the Server Safely................................................................................................................................. 13
2.1.2 Starting the Database................................................................................................................................................. 15
2.1.3 Starting the U2000 Server Processes.........................................................................................................................16
2.2 Starting the U2000 Server in a Solaris Single-Server System......................................................................................18
2.3 Starting the U2000 Server in a SUSE Linux Single-Server System............................................................................ 24
2.4 Starting the U2000 Server in a Solaris High Availability System................................................................................30
2.5 Starting the U2000 Server in a SUSE Linux High Availability System.......................................................................35
2.6 Logging In to a U2000 Client.......................................................................................................................................40
3 Shutting Down a U2000..............................................................................................................45

3.1 Shutting Down U2000 Clients......................................................................................................................................45
3.2 Shutting Down the U2000 Server (Single Server System, Windows)......................................................................... 46
3.2.1 Stopping the U2000 Server Processes....................................................................................................................... 46
3.2.2 Shutting Down the Database..................................................................................................................................... 47
3.2.3 Powering Off the Server Safely.................................................................................................................................48
3.3 Shutting Down the U2000 Server (Single Server System, Solaris)............................................................................. 49
Issue 02 (2018-03-05) Huawei Proprietary and Confidential v


3.3.3 Power Off the Server Safely...................................................................................................................................... 51
3.4 Shutting Down the U2000 Server (Single Server System, SUSE Linux).................................................................... 51
3.4.3 Powering Off the Server Safely.................................................................................................................................54
3.5 Shutting Down the U2000 Server in a High Availability System (Solaris)................................................................. 54
3.5.3 Stopping the VCS Service......................................................................................................................................... 56
3.6 Shutting Down the U2000 Server in a High Availability System (PC Linux)............................................................. 57
3.6.3 Stopping the VCS Service......................................................................................................................................... 59
4 Applying for and Updating the U2000 License..................................................................... 60

4.1 U2000 License Precautions.......................................................................................................................................... 61
4.2 Applying for a U2000 License..................................................................................................................................... 61
4.3 Updating the U2000 License........................................................................................................................................ 64
4.4 Checking the Status of the U2000 License...................................................................................................................71
4.5 Revoking a License on the U2000................................................................................................................................71
4.6 Querying the License Revocation Code on the U2000................................................................................................ 73
4.7 Exporting License Files................................................................................................................................................ 74
4.8 Setting Periodic Export of the U2000 License............................................................................................................. 74
4.9 Setting Alarms for U2000 License Resource Item Capacity........................................................................................75
4.10 Collecting Port Statistics of Service Licenses............................................................................................................ 76
5 Security Management................................................................................................................. 78
5.1 User Security................................................................................................................................................................ 79
5.2 Managing User Rights.................................................................................................................................................. 85
5.2.1 Getting to Know Operation Rights Management...................................................................................................... 86
5.2.1.1 Rights......................................................................................................................................................................86
5.2.1.2 U2000 Authorization Principles............................................................................................................................. 87
5.2.1.3 Users and User Groups........................................................................................................................................... 93
5.2.1.4 Object and Object Set............................................................................................................................................. 95
5.2.1.5 Domain................................................................................................................................................................... 97
5.2.1.6 Operation and Operation Set.................................................................................................................................. 97
5.2.2 Scenarios for Operation Right Management........................................................................................................... 101
5.2.3 Authorization Plan................................................................................................................................................... 103
5.2.4 Assigning Rights to Users........................................................................................................................................115
5.2.4.1 Authorization Process........................................................................................................................................... 115
5.2.4.2 Creating User-Defined Object Sets.......................................................................................................................116
Issue 02 (2018-03-05) Huawei Proprietary and Confidential vi

5.2.4.3 Creating User-Defined Operation Sets................................................................................................................. 119

5.2.4.4 Creating and Authorizing U2000 User Groups.................................................................................................... 122
5.2.4.5 Creating Users and Adding Them to User Groups...............................................................................................126
5.2.5 Transferring Operation Sets.....................................................................................................................................128
5.2.5.1 Exporting Operation Sets......................................................................................................................................129
5.2.5.2 Adding Operation Sets or Changing Operation Set Members in Batches............................................................130
5.2.5.3 Importing Operation Set Files.............................................................................................................................. 132
5.2.6 Operation Right Adjustment After Device Addition or Deletion............................................................................134
5.2.6.1 Adjusting Operation Rights After an NE Is Added.............................................................................................. 134
5.2.6.2 Adjusting Operation Rights After a Subnet Is Added.......................................................................................... 137
5.2.6.3 Adjusting Operation Rights After the Networking Structure Is Changed............................................................140
5.2.7 Operation Right Adjustment After Personnel's Responsibilities Change............................................................... 140
5.2.7.1 Adjusting Operation Rights After the Scope of Managed Objects Is Changed................................................... 140
5.2.7.2 Adjusting Operation Rights After the Scope of Operation Rights Is Changed.................................................... 143
5.2.7.3 Adjusting Operation Rights After Management Personnel's Posts Change......................................................... 144
5.2.8 Querying Authorization........................................................................................................................................... 145
5.2.8.1 Viewing Domains of a User or User Group..........................................................................................................146
5.2.8.2 Viewing Operation Rights of a User or User Group.............................................................................................147
5.2.8.3 Viewing User Groups To Which a User Belongs................................................................................................. 149
5.2.8.4 Querying User and User Group Authorization Details.........................................................................................149
5.2.8.5 Viewing Operations in an Operation Set.............................................................................................................. 151
5.2.8.6 Viewing Objects Contained in an Object Set....................................................................................................... 152
5.2.8.7 Comparing U2000 User Rights............................................................................................................................ 153
5.2.9 Configuring Secondary Authorization Operations.................................................................................................. 154
5.2.10 Configuration Examples of Security Management............................................................................................... 158
5.2.10.1 Assigning Specific Operation Rights to an NMS User...................................................................................... 158
5.2.10.2 Adjusting User Rights........................................................................................................................................ 162
5.2.10.3 Example for Creating U2000 User Accounts and Allocating Rights in the Rights- and Domain-based
Management Scenario...................................................................................................................................................... 167
5.3 User Security Policy Management............................................................................................................................. 171
5.3.1 Security Policy Management...................................................................................................................................171
5.3.1.1 Setting the System ACL....................................................................................................................................... 171
5.3.1.2 Setting a User ACL...............................................................................................................................................173
5.3.1.3 Setting the Proxy Service ACL............................................................................................................................ 174
5.3.1.4 Setting Account Policies.......................................................................................................................................176
5.3.1.5 Setting Password Policies..................................................................................................................................... 177
5.3.1.6 Setting the Maximum Number of Sessions.......................................................................................................... 179
5.3.1.7 Setting the U2000 Login Mode............................................................................................................................ 180
5.3.1.8 Setting Auto-locking for a Client......................................................................................................................... 181
5.3.2 Setting U2000 Data Transmission Security.............................................................................................................183
5.3.2.1 Setting a Secure Connection Between the U2000 Client and Server................................................................... 183
5.3.2.2 Setting the File Transfer Policy Between the Client and Server.......................................................................... 184
5.3.2.3 Configuring the Communication Between a Client and the U2000 Server in the NAT Scenario........................185
Issue 02 (2018-03-05) Huawei Proprietary and Confidential vii

5.3.2.4 Enableing or Disabling SSLv3 on the U2000...................................................................................................... 187

5.3.2.5 Enabling or Forbidding Using TLSv1.0 on the U2000........................................................................................ 190
5.3.3 Managing Passwords and Locking Clients..............................................................................................................193
5.3.3.1 Changing the Password of the Current User........................................................................................................ 193
5.3.3.2 Resetting the Password of an NMS user.............................................................................................................. 193
5.3.3.3 Modifying NMS user Information in Batches...................................................................................................... 194
5.3.3.4 Locking a Client Immediately.............................................................................................................................. 197
5.3.3.5 Unlocking the Client.............................................................................................................................................197
5.3.3.6 Setting Auto-locking for an NMS user.................................................................................................................198
5.3.4 Monitoring U2000 Users......................................................................................................................................... 199
5.3.4.1 Monitoring NMS User Sessions........................................................................................................................... 199
5.3.4.2 Monitoring NMS User Operations....................................................................................................................... 200
5.3.4.3 Forcing U2000 Users to Log Out......................................................................................................................... 201
5.3.4.4 Unlocking Users................................................................................................................................................... 202
5.3.4.5 Sending Messages to Online Users...................................................................................................................... 204
5.3.5 Exporting User and User Group Rights Data.......................................................................................................... 205
5.3.6 Managing Web Proxy Users.................................................................................................................................... 206
5.3.6.1 Creating Web Proxy Users....................................................................................................................................206
5.3.6.2 Deleting Web Proxy Users....................................................................................................................................207
5.3.6.3 Changing Web Proxy User Passwords................................................................................................................. 208
5.3.7 Managing the Remote Maintenance User................................................................................................................209
5.4 Managing NE Security............................................................................................................................................... 210
5.4.1 NE Security Management........................................................................................................................................210
5.4.2 Setting the NE ACL.................................................................................................................................................213
5.4.2.1 Overview of ACL................................................................................................................................................. 213
5.4.2.2 Setting Basic ACL Rules...................................................................................................................................... 214
5.4.2.3 Setting the Advanced ACL Rules.........................................................................................................................214
5.4.3 Setting the Security Access of an NE...................................................................................................................... 215
5.4.3.1 Setting Ethernet Access for NEs.......................................................................................................................... 215
5.4.3.2 Setting Serial Port Access for NEs....................................................................................................................... 216
5.4.3.3 Setting the OAM Access to NEs.......................................................................................................................... 217
5.4.3.4 Setting the COM Access to NEs...........................................................................................................................218
5.4.3.5 Setting the LCT Access to NEs............................................................................................................................ 218
5.4.4 Managing NE Login................................................................................................................................................ 220
5.4.4.1 Locking Out NE Login......................................................................................................................................... 220
5.4.4.2 Locking Out NE Settings......................................................................................................................................221
5.4.4.3 Querying the Information About an Online NE User...........................................................................................222
5.4.4.4 Switching a Logged-In NE User.......................................................................................................................... 222
5.4.4.5 Forcing an NE User to Log Out of the U2000..................................................................................................... 223
5.4.4.6 Setting NE Login Prompt Message...................................................................................................................... 224
5.4.5 Managing NE Users.................................................................................................................................................225
5.4.5.1 Querying the Additional Information of NE User................................................................................................225
Issue 02 (2018-03-05) Huawei Proprietary and Confidential viii

5.4.5.2 Creating an NE User.............................................................................................................................................225

5.4.5.3 Modifying NE Users.............................................................................................................................................228
5.4.5.4 Changing an NE User Password...........................................................................................................................229
5.4.5.5 Querying NE Security Parameters........................................................................................................................231
5.4.5.6 Querying NE User Groups................................................................................................................................... 231
5.4.5.7 Deleting NE Users................................................................................................................................................ 232
5.4.6 Configuring an NE As an SSH Server.....................................................................................................................232
5.4.7 Checking NE SSH Fingerprint................................................................................................................................ 236
5.5 Configuring NE RADIUS.......................................................................................................................................... 237
5.5.1 Overview................................................................................................................................................................. 237
5.5.2 Setting an NE as an RADIUS Client or Proxy Server.............................................................................................240
5.5.3 Adding an RADIUS Server..................................................................................................................................... 241
5.5.4 Setting NE RADIUS Parameters............................................................................................................................. 242
5.6 Change Audit.............................................................................................................................................................. 242
5.6.1 Viewing Information About Change Audit............................................................................................................. 243
5.6.2 Dumping Information About Change Audit............................................................................................................243
5.6.3 Deleting Information About Change Audit............................................................................................................. 244
5.7 Database Security Policy............................................................................................................................................ 245
6 U2000 Fast Restoration..............................................................................................................246

6.1 Backing Up and Restoring the U2000 Data............................................................................................................... 247
6.1.1 Basic Concepts and Application Scenarios............................................................................................................. 247
6.1.2 Methods of Backing Up and Restoring the U2000 Data......................................................................................... 249
6.1.3 Suggestions on Data Backup and Restoration......................................................................................................... 252
6.1.4 Backing Up and Restoring the U2000 Data............................................................................................................ 253
6.1.4.1 Backing Up U2000 Data to a Local Server.......................................................................................................... 253
6.1.4.1.1 Periodically Backing Up the U2000 Data to a Local Server Through the U2000 Client..................................253
6.1.4.1.2 Immediately Backing Up the U2000 Data to a Local Server Through the U2000 Client.................................256
6.1.4.1.3 Immediately Backing Up the U2000 Data to a Local Server Through the MSuite...........................................259
6.1.4.2 Backing Up U2000 Data to a Remote Server.......................................................................................................262
6.1.4.2.1 Periodically Backing Up the U2000 Database to a Remote Server Through the U2000 Client....................... 263
6.1.4.2.2 Immediately Backing Up the U2000 Database to a Remote Server Through the MSuite................................ 266
6.1.4.3 Restoring Data of a U2000 Single-Server System (Windows).............................................................................270
6.1.4.3.1 Restoring U2000 Single-Server System (Windows) Data from a Local Server................................................270
6.1.4.3.2 Restoring U2000 Single-Server System (Windows) Data from a Remote Server............................................ 272
6.1.4.4 Restoring U2000 Single-Server System (Solaris) Data........................................................................................274
6.1.4.4.1 Restoring U2000 Single-Server System (Solaris) Data from a Local Server....................................................274
6.1.4.4.2 Restoring U2000 Single-Server System (Solaris) Data from a Remote Server................................................ 276
6.1.4.5 Restoring U2000 Single-Server System (SUSE Linux) Data.............................................................................. 280
6.1.4.5.1 Restoring U2000 Single-Server System (SUSE Linux) Data from a Local Server.......................................... 280
6.1.4.5.2 Restoring U2000 Single-Server System (SUSE Linux) Data from a Remote Server....................................... 282
6.1.4.6 Restoring U2000 High Availability System (Solaris) Data..................................................................................285
6.1.4.6.1 Restoring U2000 High Availability System (Solaris) Data from a Local Server..............................................285
Issue 02 (2018-03-05) Huawei Proprietary and Confidential ix

6.1.4.6.2 Restoring U2000 High Availability System (Solaris) Data from a Remote Server.......................................... 288
6.1.4.7 Restoring U2000 High Availability System (SUSE Linux) Data.........................................................................291
6.1.4.7.1 Restoring U2000 High Availability System (SUSE Linux) Data from a Local Server.....................................291
6.1.4.7.2 Restoring U2000 High Availability System (SUSE Linux) Data from a Remote Server................................. 294
6.1.5 U2000 Data is Restored by Mirroring the Database................................................................................................297
6.1.5.1 Restoring the U2000 Single-Server System (Solaris) Data by Switching the Data Source................................. 297
6.1.5.2 Restoring the U2000 Single-Server System (SUSE Linux) Data by Switching the Data Source........................299
6.1.5.3 Restoring the U2000 High Availability System (Solaris) Data by Switching the Data Source........................... 301
6.1.5.4 Restoring the U2000 High Availability System (SUSE Linux) Data by Switching the Data Source.................. 303
6.1.6 Backing Up and Restoring the U2000 Network Configuration Data by Using Script Files................................... 305
6.1.6.1 Script Files............................................................................................................................................................ 307
6.1.6.2 Immediately Backing Up the U2000 Data by Script............................................................................................ 320
6.1.6.3 Backing Up the U2000 Data Through Script Exporting in a Scheduled Manner................................................ 321
6.1.6.4 Restoring the U2000 Data by Using the Script.................................................................................................... 322
6.1.7 Full System Backup and Restoration (Single Server System, SUSE Linux).......................................................... 328
6.1.7.1 Full System Backup Solution Overview.............................................................................................................. 328
6.1.7.2 (Optional) Mounting Configurations for the U2000 Server and File Server........................................................331
6.1.7.2.1 Mounting the Windows 2008 File Server..........................................................................................................331
6.1.7.2.2 Mounting the Solaris File Server.......................................................................................................................332
6.1.7.2.3 Mounting the SUSE Linux File Server..............................................................................................................334
6.1.7.3 (Optional) Configuring a Local Backup Disk for the U2000 Server....................................................................336
6.1.7.4 Creating of the ISO File for Urgent System Recovery.........................................................................................338
6.1.7.5 (Optional) Backing Up System Partitions............................................................................................................ 339
6.1.7.6 Recovering the Full System..................................................................................................................................343
6.1.8 Managing the U2000 Database................................................................................................................................346
6.1.8.1 U2000 Database List............................................................................................................................................ 346
6.1.8.1.1 List of Small-scale U2000 Databases................................................................................................................ 346
6.1.8.1.2 List of Common-scale U2000 Databases.......................................................................................................... 349
6.1.8.1.3 List of Medium-scale U2000 Databases............................................................................................................353
6.1.8.1.4 List of Large-scale/Super-large-scale U2000 Databases................................................................................... 356
6.1.8.2 Initializing the U2000 Database........................................................................................................................... 360
6.1.8.3 Checking the Database Status...............................................................................................................................362
6.1.9 Dumping Performance Data.................................................................................................................................... 362
6.1.9.1 Dumping Performance Data Manually.................................................................................................................362
6.1.9.2 Dumping Performance Data Automatically......................................................................................................... 364
6.2 Fast Restoration Scheme for the U2000 Cold Backup System.................................................................................. 366
6.2.1 Introduction to the Fast Restoration Scheme for the U2000 Cold Backup System................................................ 366
6.2.2 Creating Backup and Restoration Tasks.................................................................................................................. 369
6.2.2.1 Configuring Automatic Backup Tasks on the Primary Site..................................................................................369
6.2.2.2 Configuring Automatic Restoration on the Secondary Site................................................................................. 373
6.2.3 Manually Execute Backup and Restoration Tasks...................................................................................................377
6.2.3.1 Executing Backup Tasks on the Primary Site.......................................................................................................377
Issue 02 (2018-03-05) Huawei Proprietary and Confidential x

6.2.3.2 Manually Execute Restoration Tasks on the Secondary Site................................................................................379

6.2.4 Restoring the U2000 on the Secondary Site............................................................................................................ 382
6.2.5 Switching to the Primary Site.................................................................................................................................. 384
6.3 HA System (Veritas) Solution.................................................................................................................................... 386
6.4 Backing up and restoring all data in the U2000 database by mirroring the database.................................................386
6.5 Full System Backup and Restoration (Single Server System, SUSE Linux)............................................................. 387
6.6 SRM Solution............................................................................................................................................................. 387
7 Managing U2000 Keys.............................................................................................................. 388

7.1 U2000 Key Solution Introduction.............................................................................................................................. 388
7.2 Key Replacement for a U2000 Single-Server System................................................................................................391
7.2.1 Replacing Storage Keys for a Single-Server System (Windows)............................................................................391
7.2.2 Replacing Storage Keys for a Single-Server System (Linux)................................................................................. 394
7.2.3 Replacing Storage Keys for a Single-Server System (Solaris)................................................................................396
7.3 Key Replacement for a U2000 HA System................................................................................................................398
7.3.1 Replacing Storage Keys for a U2000 HA System...................................................................................................398
7.4 Key Replacement for a U2000 Distributed System....................................................................................................401
7.4.1 Replacing the Storage Keys for Each Node In a Distributed U2000 System..........................................................401
7.4.2 Replacing RSA Key Files in a Distributed System................................................................................................. 403
7.5 Replacing an SFTP Authentication Key.....................................................................................................................404
8 Managing U2000 Files and Disks........................................................................................... 406

8.1 U2000 File System Overview.....................................................................................................................................406
8.1.1 System Architecture Overview................................................................................................................................406
8.1.2 File System of the Server.........................................................................................................................................407
8.1.3 File System of the Client......................................................................................................................................... 409
8.2 Single-Server System Running on Windows..............................................................................................................410
8.2.1 Checking the Usage of the Server Disk...................................................................................................................410
8.2.2 Cleaning Up Disk Space for the U2000 Server....................................................................................................... 410
8.2.3 Cleaning Up Disk Space for a U2000 Client...........................................................................................................412
8.3 Single-Server System Running on Solaris..................................................................................................................412
8.3.1 Checking the Usage of the Server Disk...................................................................................................................412
8.4 Single-Server System Running on SUSE Linux........................................................................................................ 415
8.4.1 Checking the Usage of Server Disks....................................................................................................................... 415
8.5 High Availability System Running on Solaris............................................................................................................417
8.5.1 Checking Server Disks............................................................................................................................................ 417
8.5.1.1 Checking the Disk Usage of the U2000 Server.................................................................................................... 418
8.5.1.2 Checking the Disk Status of the U2000 Server.................................................................................................... 419
8.5.1.3 Checking the Disk Group Status of the U2000 Server......................................................................................... 420
8.5.1.4 Checking the Disk Volume Status of the U2000 Server.......................................................................................421
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xi

8.5.1.5 Monitoring the Mounting Status of File Systems.................................................................................................423

8.5.2 Cleaning Up Disk Space..........................................................................................................................................424
8.5.2.1 Cleaning Up Disk Space for the U2000 Server.................................................................................................... 424
8.5.2.2 Cleaning Up Disk Space for a U2000 Client........................................................................................................425
8.6 High Availability System Running on SUSE Linux...................................................................................................426
8.6.1 Checking Server Disks............................................................................................................................................ 426
8.6.1.1 Checking the Usage of U2000 Server Disks........................................................................................................ 426
8.6.1.2 Checking the Status of U2000 Server Disks........................................................................................................ 427
8.6.1.3 Checking Status of U2000 Server Disk Groups................................................................................................... 427
8.6.1.4 Checking Status of U2000 Server Disk Volumes................................................................................................. 428
8.6.1.5 Checking the Mounting Status of File Systems....................................................................................................430
8.6.2 Cleaning Up Disk Space..........................................................................................................................................431
8.6.2.1 Cleaning Up Disk Space for the U2000 Server.................................................................................................... 431
8.6.2.2 Cleaning Up Disk Space for a U2000 Client........................................................................................................432
9 Log Management....................................................................................................................... 433

9.1 Log Management Overview....................................................................................................................................... 434
9.1.1 Log Management Policy..........................................................................................................................................434
9.1.2 Log Types................................................................................................................................................................ 435
9.1.3 Querying OSS Logs.................................................................................................................................................439
9.1.4 Collecting Statistics on OSS Logs...........................................................................................................................443
9.1.5 Setting U2000 Log Templates................................................................................................................................. 446
9.1.6 Dumping or Exporting Logs....................................................................................................................................448
9.1.7 Log Forwarding....................................................................................................................................................... 453
9.1.7.1 Getting to Know Log Forwarding........................................................................................................................ 453
9.1.7.2 Enabling Logging to U2000 Syslog Database......................................................................................................457
9.1.7.3 Setting Filter Criteria for Forwarding Logs..........................................................................................................458
9.1.7.4 Setting the Interconnection Between the U2000 and the Syslog Server.............................................................. 459
9.1.7.5 Monitoring the Connection Between the U2000 and Syslog Server....................................................................462
9.1.7.6 Deploying and Updating Log Forwarding Service Certificates (Solaris, SUSE Linux)...................................... 463
9.1.7.6.1 Deploying Log Forwarding Service Certificates...............................................................................................464
9.1.7.6.2 Updating Log Forwarding Service Certificates.................................................................................................467
9.1.7.6.3 Adding Trust Certificates of the Third-party Syslog Server to the U2000 Server............................................ 469
9.1.7.6.4 Deleting Trust Certificates of the Third-party Syslog Server from the U2000 Server......................................471
9.1.7.7 Enabling the U2000 Server to Authenticate NEs Sending Syslog Logs to It (Solaris, SUSE Linux)................. 473
9.1.7.7.1 Querying NE Syslog Operation Logs................................................................................................................ 475
9.1.7.7.2 Enabling the U2000 Server to Authenticate Its Peer......................................................................................... 476
9.1.7.7.3 Deploying a Certificate for the U2000 Server to Receive NE Syslog Logs......................................................479
9.1.7.7.4 Updating a Certificate for the U2000 Server to Receive NE Syslog Logs........................................................482
9.1.7.7.5 Adding to the U2000 Server the Trust Certificates of the NE Sending Syslog Logs to It................................ 484
9.1.7.7.6 Deleting from an U2000 Server the Trust Certificates of the NE Sending Syslog Logs to It...........................486
9.1.8 Syslog Service......................................................................................................................................................... 488
9.2 Managing Logs of the IP NE Side..............................................................................................................................492
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xii

9.2.1 Configuring the Information Center on the NEs..................................................................................................... 492

9.2.1.1 Enabling the Information Center.......................................................................................................................... 493
9.2.1.2 Configuring the Syslog Source Interface..............................................................................................................494
9.2.1.3 Adding a Syslog Host........................................................................................................................................... 494
9.2.1.4 Configuring the Advanced Attributes of the Syslog Service............................................................................... 495
9.2.2 Browsing the NE Syslog Run Logs......................................................................................................................... 496
9.3 Managing Logs of the Access NE Side...................................................................................................................... 497
9.3.1 Browsing NE Syslog Operation Logs..................................................................................................................... 497
9.3.2 Browsing Login Logs of NE Users......................................................................................................................... 499
9.4 Managing Transport NE Logs.................................................................................................................................... 500
9.4.1 Transferring NE Logs to a Syslog Server................................................................................................................500
9.4.1.1 Setting a Syslog Server.........................................................................................................................................500
9.4.1.2 Setting a Syslog GNE........................................................................................................................................... 501
9.4.1.3 Setting the Syslog Type and Severity................................................................................................................... 501
9.4.1.4 Starting the Syslog Service...................................................................................................................................502
9.4.2 Viewing Security Logs of NEs................................................................................................................................ 502
9.4.3 Viewing Operation Logs of NEs..............................................................................................................................503
10 Monitoring the U2000 Processes...........................................................................................505

10.1 Process Overview..................................................................................................................................................... 505
10.1.1 Processes and Services.......................................................................................................................................... 506
10.1.2 Start Mode............................................................................................................................................................. 506
10.1.3 U2000 Process List................................................................................................................................................ 506
10.2 Logging In to the System Monitor Client.................................................................................................................548
10.3 Setting the Monitoring Parameters........................................................................................................................... 550
10.3.1 Setting the Parameters for Monitoring the U2000 Server..................................................................................... 550
10.3.2 Setting the Parameters for Monitoring the Disk Usage of the U2000 Server....................................................... 554
10.3.3 Setting the Parameters for Monitoring the Database Usage of the U2000 Server................................................ 556
10.3.4 Setting the Parameters for Monitoring the Service Status of the U2000 Server................................................... 558
10.4 Monitoring the Running Status of the U2000.......................................................................................................... 560
10.5 Starting and Stopping a Service................................................................................................................................562
10.6 Setting the Startup Mode of a Service...................................................................................................................... 563
11 Common Veritas Operations.................................................................................................564

11.1 HA System Status Overview.................................................................................................................................... 565
11.2 Principle of HA System Status Conversion..............................................................................................................566
11.3 Causes of Failover on an HA System....................................................................................................................... 568
11.4 Restrictions on Using a High Availability System................................................................................................... 570
11.5 Managing Resource Groups......................................................................................................................................573
11.5.1 Bringing a Resource Group Online....................................................................................................................... 573
11.5.2 Taking a Resource Group Offline.......................................................................................................................... 574
11.5.3 Locking a Resource Group.................................................................................................................................... 574
11.5.4 Unlocking a Resource Group.................................................................................................................................574
11.5.5 Enabling a Resource Group................................................................................................................................... 575
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xiii

11.5.6 Disabling a Resource Group.................................................................................................................................. 575

11.5.7 Clearing the Current Operation..............................................................................................................................575
11.5.8 Clearing a Resource Group Fault Flag.................................................................................................................. 576
11.6 Managing Resources.................................................................................................................................................576
11.6.1 Bringing a Resource Online...................................................................................................................................576
11.6.2 Taking a Resource Offline..................................................................................................................................... 576
11.6.3 Enabling a Resource.............................................................................................................................................. 577
11.6.4 Disabling a Resource............................................................................................................................................. 577
11.6.5 Detecting Resources.............................................................................................................................................. 577
11.6.6 Clearing a Resource Fault Flag..............................................................................................................................578
11.7 Managing Replication Volumes................................................................................................................................578
11.7.1 Importing a Disk Group.........................................................................................................................................578
11.7.2 Recovering a Disk Volume.................................................................................................................................... 579
11.7.3 Recovering the RVG.............................................................................................................................................. 579
11.7.4 Recovering the RLink............................................................................................................................................580
11.8 Manual Switchover Between Active and Standby Sites...........................................................................................580
12 Changing the Host Name and IP Address..........................................................................583

12.1 Centralized and VMware Scheme............................................................................................................................ 585
12.1.1 How to Change the IP Address of the Single-Server System (Windows 2008)....................................................586
12.1.2 How to Change the Host Name of the Single-Server System (Windows 2008)................................................... 588
12.1.3 How to Change the IP Address and Host Name for the Single-Server System (Solaris)......................................590
12.1.4 How to Change the IP Address and Host Name for the Single-Server System (SUSE Linux)............................ 592
12.1.5 How to Change the IP Address and Host Name for the High Availability System (Solaris)................................593
12.1.6 How to Change the IP Address and Host Name for the Local High Availability System (SUSE Linux)............ 597
12.1.7 How to Change the IP Address and Host Name for the Remote High Availability System (SUSE Linux)......... 601
12.2 FusionSphere Scheme...............................................................................................................................................605
12.2.1 How to Change the IP Address of the Single-Server System................................................................................605
12.2.2 How to Change the Hostname of the Single-Server System................................................................................. 608
A FAQs............................................................................................................................................610
A.1 Windows OS.............................................................................................................................................................. 611
A.1.1 How to Add a Static Route..................................................................................................................................... 611
A.1.2 How to Change the Password of the OS Administrator......................................................................................... 611
A.1.3 How to Configure the Remote Login to the Windows OS..................................................................................... 612
A.1.4 How to Set the Virtual Memory to the System Managed Size............................................................................... 613
A.1.5 How to Check Whether an NIC Is Assigned Multiple IP Addresses (Windows).................................................. 614
A.1.6 How to Delete Unnecessary IP Addresses of an NIC (Windows)..........................................................................614
A.1.7 How to Query the Type of a Windows OS............................................................................................................. 615
A.1.8 How to Log In to the CLI on Windows.................................................................................................................. 615
A.1.9 How to Shut Down Automatic Update of the Windows OS.................................................................................. 616
A.1.10 How to Identify the Network Connection Name Associated with the NMS Application IP Address on Windows
.......................................................................................................................................................................................... 616
A.1.11 How Do I Manually Enable and Disable the FTP/SFTP Service on a Server......................................................617
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xiv

A.1.12 How to Configure the minasshd Encryption Algorithm.......................................................................................618

A.1.13 How to Change the Password for the Windows OS User ossuser....................................................................... 619
A.1.14 How to Change the Password for the Windows OS User dbuser?...................................................................... 620
A.1.15 How to Change the Password for the Windows OS User ftpuser....................................................................... 621
A.1.16 How Can I Manually Disable SSL and Start TLS................................................................................................ 622
A.1.17 How Do I Configure an Internet Explorer Browser as the Default Browser on a Windows 10 OS.....................623
A.2 SUSE Linux OS......................................................................................................................................................... 624
A.2.1 How Do I Change the OS User Password?............................................................................................................ 624
A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.............................................................. 626
A.2.3 How to Enable and Disable the FTP Authority of the root User in the SUSE Linux OS...................................... 627
A.2.4 How to Disable the SELinux Components............................................................................................................. 628
A.2.5 How to manually Add the Default Route (SUSE Linux)....................................................................................... 629
A.2.6 How to manually Add a Static Route (SUSE Linux)............................................................................................. 629
A.2.7 How to Add a Static Route If the U2000 Is Installed............................................................................................. 630
A.2.8 How to Check the Remaining Space of a Disk.......................................................................................................632
A.2.9 How to Monitor System Processes and Application Ports..................................................................................... 633
A.2.10 How to Enable Remote GUI Logins.....................................................................................................................633
A.2.11 How to Query the Process Status..........................................................................................................................633
A.2.12 How to Forcibly End a Process............................................................................................................................ 634
A.2.13 How to Use the vi Editor...................................................................................................................................... 634
A.2.14 How to Change the Time and Time Zone of the SUSE Linux OS....................................................................... 635
A.2.15 How to Use the VNC to Remotely Log In to SUSE Linux by Retaining the Session......................................... 638
A.2.16 How to Set IP Addresses for Unused NICs on SUSE Linux................................................................................647
A.2.17 How to Capture Snapshots on SUSE Linux......................................................................................................... 649
A.2.18 How to Check Whether Bond Is Configured........................................................................................................650
A.2.19 How to Configure the Resolution on SUSE Linux...............................................................................................651
A.2.20 How to Install the 7-zip Software on the SUSE Linux OS...................................................................................654
A.2.21 How to Enable the File Change Audit Function on SUSE Linux OS.................................................................. 655
A.2.22 How Do I Set an Encryption Algorithm for OpenSSH (SUSE Linux 12)........................................................... 660
A.2.23 How Do I Set an Encryption Algorithm for OpenSSH (SUSE Linux 11)............................................................662
A.2.24 How to Set the OpenSSH Encryption Algorithm on a Linux Distributed System............................................... 664
A.2.25 How Do I Obtain the Public Key of a Third-party SFTP Server?........................................................................666
A.2.26 How to Check Downloaded Software Packages Using HashMyFiles Software.................................................. 667
A.2.27 How Do I Verify Downloaded Software Packages Using the PGPVerify Software............................................ 669
A.2.28 How to Fix Garbled Characters in the SUSE Linux Command Output............................................................... 673
A.2.29 Checking the NTP Service on Linux.................................................................................................................... 674
A.2.30 How to Use the FileZilla to Transfer Files by SFTP............................................................................................ 676
A.2.31 What Can I Do If Logging In to the GUI Desktop Fails in SUSE Linux.............................................................679
A.2.32 How do I set the network of the system............................................................................................................... 682
A.3 Solaris OS.................................................................................................................................................................. 683
A.3.1 Network Configurations of the Workstation...........................................................................................................683
A.3.1.1 How to Make the Devices Directly Connected to the two NICs of the Server Communicate with Each Other.683
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xv

A.3.1.2 How to Add the Default Route............................................................................................................................ 684

A.3.1.3 How to Add a Static Route.................................................................................................................................. 684
A.3.1.4 How to Query the Gateway of a Sun Workstation...............................................................................................685
A.3.1.5 How to Configure the DNS on Solaris OS.......................................................................................................... 686
A.3.1.6 How to Check the NIC Type of a Server............................................................................................................. 686
A.3.1.7 How to Check Whether an NIC Has Multiple IP Addresses on Solaris..............................................................686
A.3.1.8 How to Delete Excess IP Addresses of an NIC on Solaris..................................................................................687
A.3.1.9 How to Set IP Addresses for Unused NICs on a Workstation.............................................................................687
A.3.1.10 How to Enable IPv4 Forwarding Between NICs...............................................................................................689
A.3.1.11 How to Configure a Workstation NIC to Work in Full-Duplex Mode.............................................................. 689
A.3.2 System Settings of the Workstation........................................................................................................................ 690
A.3.2.1 How to Boot Up the Workstation from the CD-ROM Drive...............................................................................691
A.3.2.2 How to Set the Interface Language of Solaris OS............................................................................................... 691
A.3.2.3 How to Start the Snapshot Tool When It Is Unavailable.....................................................................................691
A.3.2.4 How to Switch to the Multi-user Mode or Single-user Mode............................................................................. 692
A.3.2.5 How to Open the Terminal Window on the Desktop in the Java Desk System...................................................694
A.3.2.6 How to Query the Drive of the Default Startup Disk of the Workstation........................................................... 694
A.3.2.7 How to Operate the CD-ROM............................................................................................................................. 695
A.3.2.8 How to Solve the Problem that the Current File System Is Not in the UFS Format........................................... 697
A.3.2.9 How to Use the VNC to Remotely Access a Workstation...................................................................................698
A.3.3 FTP and Telnet Service Configuration................................................................................................................... 707
A.3.3.1 How Do I Set an Encryption Algorithm for OpenSSH(Solaris)..........................................................................707
A.3.3.2 How to Start/Stop the SSH Service..................................................................................................................... 709
A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services....................................................................................... 710
A.3.3.4 How to Enable and Disable the FTP/Telnet Authority of user root on Solaris OS............................................. 712
A.3.4 Usage and Maintenance of Workstation................................................................................................................. 713
A.3.4.1 How to View the Versions and its patches of the Solaris OS.............................................................................. 713
A.3.4.2 How to Check Whether the Hard Disk of the Sun Workstation Is Damaged...................................................... 714
A.3.4.3 How to Check the Partition of Solaris OS........................................................................................................... 715
A.3.4.4 How to Check the IP Address and Routing Information for a Workstation........................................................ 716
A.3.4.5 How to View the Controller IP Addresses for the Sun Workstation....................................................................718
A.3.4.6 How to Decompress Files.................................................................................................................................... 722
A.3.4.7 How to Remotely Log In to the System as User root.......................................................................................... 722
A.3.4.8 How to Access the OS from the Controller......................................................................................................... 723
A.3.4.9 How to Switch Between the Console, OK Prompt, and # Prompt...................................................................... 723
A.3.4.10 How to Use the Text Editor............................................................................................................................... 727
A.3.4.11 How to Query the Process Status.......................................................................................................................727
A.3.4.12 How to Upgrade the System Controller Firmware of the Netra T4-1/Oracle T4-1/Oracle T4-2 Server...........728
A.3.4.13 How to Solve the Problem Where the OS Fails to Start After the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle
T4-2 Server Is Abnormally Powered Off......................................................................................................................... 730
A.3.4.14 How to Deploy a Solaris Single-Server System If Data Is Stored on Some Hard Disks.................................. 734
A.3.4.15 How to Solve the Problem Where the Monitor or KVM Cannot Access the GUI After the OS Is Installed on
the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 Server........................................................................................... 735
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xvi

A.3.4.16 How to Obtain Packet Headers on Solaris.........................................................................................................737

A.3.4.17 Mappings Between Physical and Logical Network Interfaces on Server Running Solaris...............................737
A.3.4.18 How to Enable Audit on Solaris OS Commands...............................................................................................741
A.3.5 How Do I Obtain the Public Key of a Third-party SFTP Server............................................................................742
A.4 Disk Array................................................................................................................................................................. 743
A.4.1 Description About Interfaces Connecting to Disk Arrays...................................................................................... 743
A.4.2 How Do I Check Whether the Power Failure of the Disk Array Affects System Functions?................................744
A.5 System Settings of the Huawei server....................................................................................................................... 745
A.5.1 How Do I Use iBMC IP to Log In to a Remote 2288H V5 server.........................................................................745
A.5.2 How Do I Use iMana/iBMC IP to Log In to a Remote Huawei server (RH2288H V3 server, RH5885H V3 server
and RH2288H V2 server)................................................................................................................................................. 747
A.5.3 How to View the IP Address of the iBMC on the 2288H V5 server......................................................................750
A.5.4 How to View the IP Address of the iMana/iBMC on the Huawei server (RH2288H V3 server, RH5885H V3
server and RH2288H V2 server)...................................................................................................................................... 753
A.5.5 How Do I Configure the Boot Mode and Boot Medium of 2288H V5 server....................................................... 756
A.5.6 How Do I Mount the ISO File or the U2000 Quick Installation DVD to a Drive (RH2288H V3 server, RH5885H
V3 server and RH2288H V2 server)................................................................................................................................ 758
A.5.7 How Do I Mount the ISO File or the U2000 Quick Installation DVD to a Drive (2288H V5 server).................. 759
A.5.8 How to Change the Password of 2288H V5 server iBMC User Administrator..................................................... 761
A.5.9 How to Change the Password of iMana/iBMC User Root (RH2288H V3 server, RH5885H V3 server and
RH2288H V2 server)........................................................................................................................................................762
A.5.10 Mappings Between Physical and Logical Network Interfaces on an Huawei server Running SUSE Linux....... 766
A.5.11 Confirming Mapping of Physical and Logical Interfaces on Huawei RH Series Servers (SUSE Linux OS) in CLI
Mode................................................................................................................................................................................. 768
A.5.12 Formatting disks (2288H V5 server, UEFI Boot)................................................................................................ 770
A.5.13 Formatting disks (2288H V5 server, Legacy Boot)..............................................................................................776
A.5.14 Formatting disks (Huawei serverRH5885H V3 server or RH2288H V2 server)................................................. 779
A.5.15 Formatting disks (RH2288H V3 server or RH5885H V3 server)........................................................................ 783
A.5.16 Viewing Hard Disk Information (2288H V5 server, UEFI Boot)........................................................................ 785
A.5.17 Viewing Hard Disk Information (2288H V5 server, Legacy Boot)..................................................................... 790
A.5.18 Viewing Hard Disk Information (Huawei serverRH5885H V3 server or RH2288H V2 server).........................792
A.5.19 Viewing Hard Disk Information (RH2288H V3 server or RH5885H V3 server)................................................ 795
A.5.20 How to Upgrade the System Controller Firmware Version for 2288H V5 server................................................797
A.5.21 How to Upgrade the System Controller Firmware Version for Huawei RH5885H V3 and RH2288H V2 Servers
.......................................................................................................................................................................................... 798
A.5.22 How to Upgrade the System Controller Firmware Version for RH2288H V3 server and RH5885H V3 server. 799
A.6 System Settings of the IBM Server........................................................................................................................... 800
A.6.1 How to Solve the Problem Where the Remote Control Desktop Appears and Then Disappears Immediately..... 800
A.6.2 How do I use an IMM IP address to remotely log in to an IBM server (IBM X3650 M4)....................................801
A.6.3 How to Use an IMM IP Address to Remotely Log In to an IBM Server(IBM X3850 X5 and IBM X3650 M3). 803
A.6.4 How to View the IMM IP Address on the IBM Server.......................................................................................... 805
A.6.5 How to Change the Password of the IMM User USERID(IBM X3650 M4).........................................................809
A.6.6 How to Change the Password of the IMM User USERID(IBM X3850 X5 and IBM X3650 M3)........................812
A.6.7 Mappings Between Physical and Logical Network Interfaces on an IBM Server Running SUSE Linux............. 813
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xvii

A.6.8 Viewing Hard Disk Information in Local Mode (IBM Server).............................................................................. 814
A.6.9 Viewing Hard Disk Informationin Remote Mode (IBM X3650 M4).....................................................................816
A.6.10 Viewing Hard Disk Informationin Remote Mode (IBM X3850 X5 and IBM X3650 M3)..................................820
A.6.11 Formatting disks in Local Mode (IBM Server).................................................................................................... 824
A.6.12 Formatting the disks in Remote Mode (IBM X3650 M4).................................................................................... 829
A.6.13 Formatting the disks in Remote Mode (IBM X3850 X5 and IBM X3650 M3)...................................................836
A.6.14 How to Configure the HTTPS on the IMM(IBM X3650 M4)............................................................................. 842
A.6.15 How to Configure the HTTPS on the IMM(IBM X3850 X5 and IBM X3650 M3)............................................ 845
A.7 Veritas HA System.....................................................................................................................................................847
A.7.1 License Management.............................................................................................................................................. 847
A.7.1.1 Applying for the Veritas License......................................................................................................................... 847
A.7.1.2 How to Check the Veritas License.......................................................................................................................848
A.7.2 Disk Maintenance................................................................................................................................................... 849
A.7.2.1 How to Query the Disk Status............................................................................................................................. 849
A.7.2.2 How to Query the Status of the Disk Group........................................................................................................850
A.7.2.3 How to Query the Status of the Disk Volume (Solaris & SUSE Linux)............................................................. 850
A.7.3 Monitoring Active and Standby Sites.....................................................................................................................852
A.7.3.1 Checking the Data Replication Status................................................................................................................. 852
A.7.3.2 Checking the Status of the Primary and Secondary Sites....................................................................................853
A.7.3.3 Manual Switchover Between Active and Standby Sites......................................................................................855
A.7.4 System Settings.......................................................................................................................................................857
A.7.4.1 What Are the Reasons for Automatic Switching.................................................................................................857
A.7.4.2 How to Query the RVG Status (Solaris, PC Linux)............................................................................................ 859
A.7.4.3 How to Query the Rlink Status (Solaris, PC Linux)............................................................................................860
A.7.4.4 How to Query the VVR Status (Solaris, PC Linux)............................................................................................ 863
A.7.4.5 How to check whether the VCS service has been started....................................................................................864
A.7.4.6 How to Manually Start the VCS Service (Solaris, PC Linux).............................................................................865
A.7.4.7 How to Manually Start the VVR (Solaris, PC Linux)......................................................................................... 865
A.7.4.8 How to Manually Stop the VCS Service (Solaris, PC Linux)............................................................................. 865
A.7.4.9 How to Solve the Problem Where the Communications between the Primary Site and the Secondary Site Are
Interrupted After the HA System Is Set Up......................................................................................................................866
A.7.4.10 How to Start/Stop the NMS Before Synchronizing the Primary and Secondary Sites (Solaris, PC Linux)..... 867
A.7.4.11 How Do I Ensure Proper Connections to VVR and MSuite Ports on the Primary and Secondary Sites.......... 867
A.8 SQL Server Database.................................................................................................................................................870
A.8.1 How to Change the user sa Password of the SQL Server.......................................................................................870
A.8.2 How to Expand the master Database...................................................................................................................... 871
A.8.3 How to Shut Down the SQL Server Database........................................................................................................872
A.8.4 How to Start the SQL Server Database.................................................................................................................. 872
A.8.5 How to Change the sa User Password If the U2000 Is Not Installed..................................................................... 873
A.8.6 How to Check Whether the SQL Server Database Can Be Sorted in Binary Mode.............................................. 874
A.8.7 How to Check the Name of the SQL Server Database Server................................................................................875
A.8.8 How to Check the Version of the SQL Server Database Server.............................................................................875
A.8.9 How to Create a Replacement User for the SQL Server 2008 Database Administrator sa User........................... 876
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xviii

A.8.10 How Do I Activate the Microsoft SQL Server Database......................................................................................878

A.8.11 How Do I Change the IP Address Bound to an SQL Server Database Port to 127.0.0.1.....................................878
A.9 Sybase Database........................................................................................................................................................ 880
A.9.1 Startup and Shutdown of the Sybase Database.......................................................................................................880
A.9.1.1 How to Disable the Sybase Database Service..................................................................................................... 880
A.9.1.2 How to Start the Sybase Database Service.......................................................................................................... 881
A.9.1.3 How to Verify That the Sybase Database Is Running..........................................................................................883
A.9.2 Sybase Database Maintenance................................................................................................................................883
A.9.2.1 How to Check the Sybase Database Version....................................................................................................... 883
A.9.2.2 How to View the Server Name of the Sybase Database...................................................................................... 884
A.9.2.3 How to Change the sa User Password for the Sybase Database If the U2000 Is Not Installed...........................885
A.9.2.4 How to Change the Database Administrator Password for the Sybase Database If the U2000 Is Installed....... 886
A.9.2.5 How to View the Bit Number of the Sybase Database........................................................................................ 888
A.9.2.6 How to View the Details of the Sybase Database................................................................................................889
A.9.2.7 How to View Data Tables.................................................................................................................................... 890
A.9.2.8 How to Query a Database Table if Only Part of the Table Name Is Remembered..............................................891
A.9.2.9 How to Identify Database Errors Caused by Unexpected Powering-Off of the Workstation............................. 892
A.9.2.10 How to Expand Space for the master Database.................................................................................................894
A.9.2.11 How to Set Up More User Connections to a Database......................................................................................895
A.9.2.12 How to Check for Database Errors Using the dbcc Tool...................................................................................896
A.9.2.13 How to Set the Network Transport Parameters of Databases............................................................................897
A.9.2.14 How to Delete a Suspect Database.................................................................................................................... 899
A.9.2.15 How to Delete a Damaged User Database.........................................................................................................901
A.9.2.16 How to Delete a Database from the Sybase Database....................................................................................... 902
A.9.2.17 How to View the Deadlock Information in the Database.................................................................................. 903
A.9.2.18 How to Create a Replacement User for the Sybase Database Administrator sa User....................................... 904
A.10 MSuite......................................................................................................................................................................907
A.10.1 How to Verify That The Process of the MSuite Server Is Started........................................................................ 907
A.10.2 How to Start the Process of the MSuite Server.................................................................................................... 907
A.10.3 How to End Processes on the MSuite Server....................................................................................................... 908
A.10.4 How to Start the MSuite Client............................................................................................................................ 908
A.10.5 Starting the Process of the MSuite Server............................................................................................................ 910
A.10.6 How to Resolve the Problem of Failing to Log In to a MSuite Client................................................................. 910
A.11 U2000 System..........................................................................................................................................................912
A.11.1 How to Change the System Time and Time Zone of the Single-Server System on Windows............................. 912
A.11.2 How to Change the System Time and Time Zone of the Single-Server System (Solaris)................................... 913
A.11.3 How to Modify the Time and Time Zone on the SUSE Linux Single-Server System......................................... 914
A.11.4 How to Change the System Time and Time Zone of the High Availability System (Solaris, SUSE Linux)....... 916
A.11.5 How to Determine Whether an Installed SUSE Linux System is a Local or Remote High Availability System 919
A.11.6 How to Verify That the Processes of the U2000 Single-Server System Are Running on Windows.................... 919
A.11.7 How to Start the Processes of the U2000 Single-Server System on Windows.....................................................920
A.11.8 How to End the Processes of the U2000 Single-Server System on Windows......................................................922
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xix

A.11.9 How to Verify That the Processes of the U2000 Single-Server System Are Running on Solaris........................ 923
A.11.10 How to Start the Processes of the U2000 Single-Server System on Solaris.......................................................924
A.11.11 How to End the Processes of the U2000 Single-Server System on (Solaris)..................................................... 924
A.11.12 How to Verify That the Processes of the U2000 Single-Server System Are Running on SUSE Linux.............925
A.11.13 How to Start the Processes of the U2000 Single-Server System on SUSE Linux............................................. 925
A.11.14 How to End the Processes of the U2000 Single-Server System on (SUSE Linux)............................................926
A.11.15 How to Check Whether the U2000 Processes of the High Availability System (Solaris, PC Linux) Are Started
.......................................................................................................................................................................................... 927
A.11.16 How to Start the U2000 Processes of the High Availability System (Solaris, PC Linux)..................................927
A.11.17 How to End the U2000 Processes of the High Availability System (Solaris, PC Linux)...................................928
A.11.18 What Factors Affect the Response Speed of the NMS....................................................................................... 928
A.11.19 How to Resolve the Problem Wherein Illegible Characters Occur in the NMS Window.................................. 928
A.11.20 How Do I Install a Domain Component Incrementally...................................................................................... 929
A.11.21 How to Rectify the U2000 Startup Failure After the IP Address or Host Name of the Single-Server System
(Solaris) Is Changed Manually......................................................................................................................................... 934
A.11.22 How to View the U2000 and Sybase Database Installation Paths...................................................................... 935
A.11.23 How to View Network Configurations for the Primary Site or Secondary Site Installed with a HA System
(Solaris)............................................................................................................................................................................ 936
A.11.24 How to View Network Configurations for the Primary Site or Secondary Site Installed with a HA System
(SUSE Linux)................................................................................................................................................................... 938
A.11.25 How to Reinstalling the U2000 on or Migrating the U2000 to Another Computer........................................... 940
A.11.26 How to Replace Network Interfaces for a U2000 Single-Server System (Windows 2008)............................... 942
A.11.27 How to Replace Network Interfaces for a U2000 Single-Server System (Solaris)............................................ 943
A.11.28 How to Replace Network Interfaces for a U2000 Single-Server System (SUSE Linux)...................................946
A.11.29 How to Replace Network Interfaces for a U2000 High Availability System (Solaris)...................................... 948
A.11.30 How to Replace Network Interfaces for a U2000 High Availability System (SUSE Linux)............................. 950
A.11.31 How to Set the Communication Mode on the U2000 server for the Single-Server System (Windows)............952
A.11.32 How to Set the Communication Mode on the U2000 server for the Single-Server System (Solaris)................953
A.11.33 How to Set the Communication Mode on the U2000 server for the Single-Server System (SUSE Linux).......954
A.11.34 How to Set the Communication Mode of the Server in a High Availability System (Solaris, SUSE Linux).... 955
A.11.35 How to Choose a Key Process Mode in HA System (Solaris, PC Linux)..........................................................957
A.11.36 How to Configure a Client to Log In to Both the Primary and Secondary Servers in a High Availability System
(Solaris, PC Linux)........................................................................................................................................................... 958
A.11.37 How to Configure the U2000 Server in a Solaris and PC Linux High Availability System to Start Automatically
.......................................................................................................................................................................................... 959
A.11.38 How to Confirm the Encoding Format of the U2000 License File.....................................................................960
A.11.39 How to Transfer Files by Means of FTP.............................................................................................................961
A.11.40 How to Check and Change an OS User ID.........................................................................................................962
A.11.41 How to Deal with an Automatically Configured Temporary IP Address........................................................... 963
A.11.42 How to Handle the Network Interruption Problem Occurred When the Primary and Secondary Sites Are
Connected to or Separated from Each Other in an HA System........................................................................................964
A.11.43 How to Burn the ISO File to DVD..................................................................................................................... 966
A.11.44 How to Check the U2000 Version...................................................................................................................... 967
A.11.45 How to Configure the FTP or SFTP Service on Windows OS...........................................................................968
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xx

A.11.46 How Do I Configure SFTP Public Key Authentication?....................................................................................970

A.11.47 How to Resolve the U2000 SyslogCollectorDM Service Startup Failure Due to a Port Conflict......................972
A.11.48 How Do I Restore a Site in the Unilateral Separation State to an Independent Site in a HA System (Solaris). 974
A.11.49 How Do I Obtain Third-Party Software and Hardware Materials......................................................................975
A.11.50 How Can I Configure an IP Address for the Communication Between the U2000 and Southbound NEs........ 978
A.11.51 Checking the NTP Service on Solaris.................................................................................................................980
A.11.52 Starting or Stopping the NTP Service on Solaris................................................................................................982
A.11.53 Starting or Stopping the NTP Service on SUSE Linux...................................................................................... 983
A.11.54 How to Query Information About the Software and Hardware Installation and ESNs of a Huawei Rack Server
.......................................................................................................................................................................................... 984
A.11.55 How Do I Modify the Database Scheduled Backup Time..................................................................................986
A.11.56 How to Rectify the Data Restoration Failure on a Secondary Site Because of Missing Databases................... 987
A.11.57 How Do I Deploy Security Certificates for VRP8-based OSN 9800s................................................................988
A.11.58 How Do I Handle the Failure to Connect Two Servers Due to a Mutual Trust Authentication Error................995
A.11.59 How to Change the Private Key of the SNMPv3 User Between U2000 and the Disk Array............................ 996
A.11.60 How Can I Change the Password of the H2 Database (Linux/Solaris)............................................................ 1000
A.11.61 How Can I Change the Password of the H2 Database File...............................................................................1001
A.11.62 How Do I Change an H2 Database User's Password (Windows)..................................................................... 1003
A.11.63 How Do I Change an H2 Database User's Password for the U2000 Guard..................................................... 1004
A.11.64 How Do I Import a U2000 Key Store...............................................................................................................1006
A.11.65 How Do I Disable the U2000 from Monitoring the All-Zero IP Address........................................................ 1007
A.11.66 How Do I Enable the U2000 from Monitoring the All-Zero IP Address......................................................... 1014
A.11.67 How Do I Perform a Rollback After the H2 Key Replacement Fails...............................................................1015
A.11.68 How Can the U2000 Client and MSuite Use a Non-NMS-Application IP Address for Login........................ 1015
A.11.69 How Do I Enable the U2000 Distributed System to Monitor Default Network Adapters............................... 1017
A.11.70 How to Configure an SSH Listening IP Address(Solaris, PC Linux).............................................................. 1018
A.11.71 How Do I Configure an SSH Listening IP Address(Windows)........................................................................1018
A.11.72 How Do I Configure iptables Listening for a Solaris/Linux HA System......................................................... 1020
A.11.73 How Do I Modify the ossuser or dbuser ID at the Secondary Site to Be the Same as that at the Primary Site
........................................................................................................................................................................................ 1021
A.11.74 How to Change the Password for the User ftpuser..........................................................................................1022
A.11.75 How to Apply for U2000 Digital Certificates...................................................................................................1024
A.11.76 How Do I Uninstall a Mirroring Database........................................................................................................1029
A.11.77 Checking Whether the Restoration Server Meet Restoration Requirements....................................................1030
A.11.78 How Do I Seal or Unseal Fixed Information.................................................................................................... 1031
A.11.79 How Do I Seal or Unseal User Information......................................................................................................1032
A.11.80 How Do I Upgrade the BIOS or Replace the Hardware of the Server Supporting TPM-based Trusted
Computing...................................................................................................................................................................... 1034
A.12 VMware Virtual Machine(VMware vSphere Client)............................................................................................ 1034
A.12.1 How Do I Log In to the VMware ESXi..............................................................................................................1034
A.12.2 How Do I Log In to the VMware vCenter Server?.............................................................................................1035
A.12.3 How to Check and Create a Port Group (Network Label) on the Virtual Machine............................................1039
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xxi

A.12.4 How to Check Whether the Available Space of the Storage on a Virtual Machine Meets the U2000 Requirement
........................................................................................................................................................................................ 1042
A.12.5 How to View the Usage of Network Interfaces on the VMware Server.............................................................1042
A.12.6 How Do I Configure Virtual Machine Memory?................................................................................................1044
A.12.7 How Do I Change the Number of CPUs in a Virtual Machine?.........................................................................1046
A.12.8 How Do I Configure the Disk of a Virtual Machine?.........................................................................................1048
A.12.9 Establishing Connections Between the E9000 Server and the OceanStor 5500 V3 Disk Array on the GUI.....1051
A.12.10 Establishing Connections Between the E9000 Server and the OceanStor S3900 Disk Array on the GUI...... 1066
A.12.11 Expanding LUNs of a 5500 V3 Disk Array......................................................................................................1085
A.12.12 Creating a Service Network on the GUI...........................................................................................................1088
A.12.13 How Do I Test the Real-Time Network Speed of an ESXI Host?....................................................................1093
A.12.14 How Do I Replace a Physically Damaged Blade and Configure the New Blade?...........................................1094
A.12.15 How Do I Change the User Passwords for the vCenter and the OS That Houses the vCenter?...................... 1095
A.12.16 How to shut down the OfficeScan software..................................................................................................... 1095
A.12.17 How Do I Change the Idle Time After Logging In to the vCenter Through the VMware vSphere Web Client?
........................................................................................................................................................................................ 1096
A.12.18 How to Enable or Disable Access to the ESXi Host Through Internet Explorer............................................. 1097
A.12.19 How Do I Change the Password of the administrator@vsphere.local User?................................................1097
A.12.20 How Do I Enable or Disable the vSphere Web Client Function?.....................................................................1098
A.12.21 How to Change the Windows OS Computer Name?........................................................................................1098
A.12.22 How Do I Rectify an NIC Type Error for a VM...............................................................................................1099
A.12.23 How to Manage VM Snapshot..........................................................................................................................1100
A.12.24 How to Check and Add a Storage.....................................................................................................................1102
A.12.25 How Do I Modify Timeout for VM Startup and Shutdown?...........................................................................1103
A.12.26 Configuring the Replication (Heartbeat) Network (VMware vSphere Client).................................................1104
A.12.27 Configuring the Replication (Heartbeat) and Application Networks (VMware vSphere Client).................... 1106
A.13 VMware Virtual Machine(vSphere Web Client)................................................................................................... 1107
A.13.1 How Do I Log In to VCSA?............................................................................................................................... 1107
A.13.2 How Do I Log In to the VMware ESXi..............................................................................................................1108
A.13.3 How Do I Log In to the VCSA Management Page?...........................................................................................1108
A.13.4 How Do I Log In to the VR Management Page..................................................................................................1109
A.13.5 How to Power on or Power off the VM.............................................................................................................. 1109
A.13.6 How Do I Restart the ESXi Host........................................................................................................................ 1109
A.13.7 How Do I Change a VCSA User Password?...................................................................................................... 1111
A.13.8 How to change the Password of the vSphere Replication Appliance................................................................. 1111
A.13.9 How to Check and Create a Port Group (Network Label) on the Virtual Machine............................................ 1112
A.13.10 How to Check Whether the Available Space of the Storage on a Virtual Machine Meets the U2000
Requirement....................................................................................................................................................................1113
A.13.11 How to View the Usage of Network Interfaces on the VMware Server........................................................... 1113
A.13.12 How Do I Configure Virtual Machine Memory?..............................................................................................1115
A.13.13 How Do I Change the Number of CPUs in a Virtual Machine?....................................................................... 1116
A.13.14 How Do I Configure the Disk of a Virtual Machine?....................................................................................... 1116
A.13.15 Establishing Connections Between the E9000 Server and the OceanStor 5500 V3 Disk Array on the GUI...1118
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xxii

A.13.16 Establishing Connections Between the E9000 Server and the OceanStor S3900 Disk Array on the GUI...... 1124
A.13.17 How Do I Create a Network on the GUI.......................................................................................................... 1134
A.13.18 How Do I Test the Real-Time Network Speed of an ESXI Host?.................................................................... 1136
A.13.19 How Do I Replace a Physically Damaged Blade and Configure the New Blade (vSphere HA)..................... 1137
A.13.20 How Do I Replace a Physically Damaged Blade and Configure the New Blade (vSphere DRS)................... 1138
A.13.21 How Do I Change the Idle Time After Logging In to the VCSA Through the VMware vSphere Web Client1139
A.13.22 How Do I Enable SSH for the VMware ESXI Hosts?......................................................................................1140
A.13.23 How Do I Rectify an NIC Type Error for a VM?............................................................................................. 1141
A.13.24 How to Manage VM Snapshot..........................................................................................................................1142
A.13.25 How Do I Upgrade a VM Hardware Version?..................................................................................................1143
A.13.26 How Do I Configure the Default Method for Enabling the VM Remote Console?......................................... 1144
A.13.27 How to Check and Add a Storage Device........................................................................................................ 1145
A.13.28 Installing VMware Tools.................................................................................................................................. 1146
A.13.29 How Do I Modify Timeout for VM Startup and Shutdown?...........................................................................1148
A.13.30 How Do I Troubleshoot Error#1009?..............................................................................................................1149
B U2000 Utilities......................................................................................................................... 1150

C MSuite.......................................................................................................................................1152
C.1 Overview.................................................................................................................................................................. 1153
C.1.1 Basic Concepts...................................................................................................................................................... 1153
C.1.2 System Architecture.............................................................................................................................................. 1153
C.1.3 Function Overview................................................................................................................................................1154
C.1.4 Graphical User Interface....................................................................................................................................... 1157
C.1.5 Command Line Interface.......................................................................................................................................1158
C.2 Starting and Stopping the MSuite............................................................................................................................ 1161
C.2.1 Starting the Process of the MSuite Server.............................................................................................................1161
C.2.2 Logging In to the MSuite Client........................................................................................................................... 1162
C.2.3 Exiting from the MSuite client..............................................................................................................................1163
C.2.4 Ending the Process of the MSuite Server..............................................................................................................1164
C.3 System Management................................................................................................................................................ 1164
C.3.1 Changing the Password of the MSuite.................................................................................................................. 1164
C.3.2 Logging Out of the MSuite Client........................................................................................................................ 1165
C.4 U2000 Deployment.................................................................................................................................................. 1166
C.4.1 Setting the System Time and Time Zone.............................................................................................................. 1166
C.4.2 Changing the Password of the Database Administrator........................................................................................1168
C.4.3 Changing the Password of the User of the Database............................................................................................ 1170
C.4.4 Configuring the NTP Service................................................................................................................................1172
C.4.5 Deploying Domains.............................................................................................................................................. 1173
C.4.6 Undeploying Domains.......................................................................................................................................... 1175
C.5 Adjusting the NMS.................................................................................................................................................. 1177
C.5.1 Changing the Host Name and IP Address.............................................................................................................1177
C.5.1.1 How to Change the IP Address of the Single-Server System (Windows 2008)................................................ 1180
C.5.1.2 How to Change the Host Name of the Single-Server System (Windows 2008)................................................1183
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xxiii

C.5.1.3 How to Change the IP Address and Host Name for the Single-Server System (Solaris).................................. 1185
C.5.1.4 How to Change the IP Address and Host Name for the Single-Server System (SUSE Linux).........................1186
C.5.1.5 How to Change the IP Address and Host Name for the High Availability System (Solaris)............................ 1188
C.5.1.6 How to Change the IP Address and Host Name for the Local High Availability System (SUSE Linux)......... 1191
C.5.1.7 How to Change the IP Address and Host Name for the Remote High Availability System (SUSE Linux)......1195
C.5.2 Configuring Routes............................................................................................................................................... 1199
C.5.3 Synchronizing Network Configurations............................................................................................................... 1202
C.5.4 Example for Adjusting the Network configurations of the Solaris Single-Server System...................................1203
C.5.5 Example for Adjusting the Network configurations of the SUSE Linux Single-Server System..........................1206
C.5.6 Example for Adjusting Network Configurations of the High Availability System (Solaris)............................... 1208
C.5.7 Example for Adjusting Network Configurations of the High Availability System (SUSE Linux)...................... 1211
C.6 Management of the High Availability System (Veritas hot standby).......................................................................1214
C.6.1 Establishing the HA Relationship Between the Primary and Secondary Sites.....................................................1214
C.6.2 Separating the Primary Site from the Secondary Site...........................................................................................1217
C.6.3 Configuring the Current Server as the Active Server Forcibly.............................................................................1218
C.6.4 Monitoring the Status of the HA System.............................................................................................................. 1219
C.6.5 Veritas Cluster Management................................................................................................................................. 1220
C.6.6 Updating the Veritas Licenses (Solaris)................................................................................................................ 1221
C.6.7 Updating the Veritas Licenses (SUSE Linux).......................................................................................................1223
C.6.8 Monitor Replication Status................................................................................................................................... 1225
C.7 Configuring the Northbound Interface Instance...................................................................................................... 1226
C.8 Managing Certificate File........................................................................................................................................ 1226
C.8.1 Digital Certificate Scheme for the U2000............................................................................................................ 1226
C.8.2 Replacing SSL Certificates Used for the U2000 Server....................................................................................... 1229
C.8.3 Replacing SSL Certificates for the U2000 Client.................................................................................................1233
C.8.4 Importing SSL Certificates Used for Communication Between the U2000 and NEs.......................................... 1234
C.8.5 Replacing SSL Certificates Used for the Communication Between the U2000 and NE......................................1242
C.8.6 Replacing SSL Certificates Used for the Communication Between the U2000 and uTraffic.............................. 1250
C.8.7 Replacing Internal Port Authentication Certificates on the U2000 Server...........................................................1254
C.8.8 Replacing SSL Certificates Used for the Communication Between the U2000 and U2100................................ 1258
C.8.9 Replacing SSL Certificates Used for the Communication Between the server and OSS(CORBA NBI, XML NBI
and RESTCONF NBI)....................................................................................................................................................1260
C.8.10 Deploying the SSL Trust Certificate on the Internet Explorer........................................................................... 1260
C.8.11 Modifying the Password of the .p12 Certificate File.......................................................................................... 1262
C.8.12 Verifying Certificate Validity.............................................................................................................................. 1265
C.8.13 Modifying the DH Value Length in an SSL Certificate......................................................................................1265
C.9 Commissioning Tool................................................................................................................................................ 1269
C.10 Modify U2000 Configuration Items...................................................................................................................... 1269
C.11 Visualization Configuration Item List....................................................................................................................1271
C.12 Managing Databases.............................................................................................................................................. 1411
C.12.1 Backing Up the System Database....................................................................................................................... 1411
C.12.1.1 Immediately Backing Up the U2000 Data to a Local Server Through the MSuite......................................... 1411
C.12.1.2 Immediately Backing Up the U2000 Database to a Remote Server Through the MSuite...............................1414
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xxiv

C.12.2 Restoring Data of a U2000 Single-Server System (Windows)...........................................................................1419

C.12.2.1 Restoring U2000 Single-Server System (Windows) Data from a Local Server..............................................1419
C.12.2.2 Restoring U2000 Single-Server System (Windows) Data from a Remote Server...........................................1421
C.12.3 Restoring U2000 Single-Server System (Solaris) Data...................................................................................... 1423
C.12.3.1 Restoring U2000 Single-Server System (Solaris) Data from a Local Server.................................................. 1423
C.12.3.2 Restoring U2000 Single-Server System (Solaris) Data from a Remote Server...............................................1425
C.12.4 Restoring U2000 Single-Server System (SUSE Linux) Data.............................................................................1428
C.12.4.1 Restoring U2000 Single-Server System (SUSE Linux) Data from a Local Server.........................................1428
C.12.4.2 Restoring U2000 Single-Server System (SUSE Linux) Data from a Remote Server..................................... 1431
C.12.5 Restoring U2000 High Availability System (Solaris) Data................................................................................ 1434
C.12.5.1 Restoring U2000 High Availability System (Solaris) Data from a Local Server............................................ 1434
C.12.5.2 Restoring U2000 High Availability System (Solaris) Data from a Remote Server.........................................1437
C.12.6 Restoring U2000 High Availability System (SUSE Linux) Data....................................................................... 1440
C.12.6.1 Restoring U2000 High Availability System (SUSE Linux) Data from a Local Server................................... 1440
C.12.6.2 Restoring U2000 High Availability System (SUSE Linux) Data from a Remote Server................................1443
C.12.7 Initializing the U2000 Database..........................................................................................................................1446
D Solaris or SUSE Linux Command Reference.................................................................... 1449

D.1 Commands for Solaris or SUSE Linux Folders.......................................................................................................1449
D.1.1 pwd....................................................................................................................................................................... 1450
D.1.2 cd...........................................................................................................................................................................1450
D.1.3 mkdir.....................................................................................................................................................................1450
D.1.4 rmdir..................................................................................................................................................................... 1451
D.1.5 ls............................................................................................................................................................................1452
D.2 Commands for Solaris or SUSE Linux Files........................................................................................................... 1454
D.2.1 vi........................................................................................................................................................................... 1454
D.2.2 cp...........................................................................................................................................................................1455
D.2.3 mv......................................................................................................................................................................... 1456
D.2.4 rm.......................................................................................................................................................................... 1456
D.2.5 chmod................................................................................................................................................................... 1457
D.2.6 chown....................................................................................................................................................................1459
D.2.7 chgrp..................................................................................................................................................................... 1460
D.2.8 find........................................................................................................................................................................ 1461
D.2.9 tar.......................................................................................................................................................................... 1463
D.2.10 gtar...................................................................................................................................................................... 1465
D.2.11 compress............................................................................................................................................................. 1467
D.2.12 uncompress......................................................................................................................................................... 1467
D.2.13 pack.....................................................................................................................................................................1468
D.2.14 unpack.................................................................................................................................................................1468
D.2.15 pkgadd.................................................................................................................................................................1469
D.2.16 pkgrm.................................................................................................................................................................. 1469
D.3 Commands for Viewing Solaris or SUSE Linux Files............................................................................................ 1470
D.3.1 echo.......................................................................................................................................................................1470
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xxv

D.3.2 cat..........................................................................................................................................................................1471
D.3.3 more...................................................................................................................................................................... 1471
D.3.4 head.......................................................................................................................................................................1473
D.3.5 tail......................................................................................................................................................................... 1473
D.3.6 clear.......................................................................................................................................................................1474
D.3.7 grep....................................................................................................................................................................... 1474
D.4 Commands for Managing Solaris or SUSE Linux Users........................................................................................ 1475
D.4.1 useradd.................................................................................................................................................................. 1475
D.4.2 userdel...................................................................................................................................................................1476
D.4.3 usermod.................................................................................................................................................................1477
D.4.4 passwd...................................................................................................................................................................1478
D.4.5 groupadd............................................................................................................................................................... 1478
D.4.6 groupdel................................................................................................................................................................ 1479
D.4.7 groupmod.............................................................................................................................................................. 1479
D.5 Commands for Managing Solaris or SUSE Linux System Resources.................................................................... 1480
D.5.1 man....................................................................................................................................................................... 1480
D.5.2 df........................................................................................................................................................................... 1480
D.5.3 du.......................................................................................................................................................................... 1481
D.5.4 ps...........................................................................................................................................................................1483
D.5.5 kill......................................................................................................................................................................... 1484
D.5.6 who....................................................................................................................................................................... 1485
D.5.7 which.....................................................................................................................................................................1486
D.5.8 hostname............................................................................................................................................................... 1486
D.5.9 uname....................................................................................................................................................................1487
D.5.10 ifconfig................................................................................................................................................................1488
D.5.11 script....................................................................................................................................................................1488
D.5.12 date......................................................................................................................................................................1490
D.5.13 bc.........................................................................................................................................................................1491
D.5.14 prtconf.................................................................................................................................................................1491
D.5.15 prstat................................................................................................................................................................... 1493
D.5.16 shutdown.............................................................................................................................................................1494
D.6 Commands for Network Communication in the Solaris or SUSE Linux................................................................ 1495
D.6.1 ping....................................................................................................................................................................... 1496
D.6.2 telnet..................................................................................................................................................................... 1497
D.6.3 ftp.......................................................................................................................................................................... 1498
D.6.4 finger.....................................................................................................................................................................1500
D.6.5 netstat.................................................................................................................................................................... 1501
D.6.6 route...................................................................................................................................................................... 1503
E Sybase Database Command Reference...............................................................................1507

E.1 startserver................................................................................................................................................................. 1507
E.2 showserver................................................................................................................................................................1508
E.3 isql............................................................................................................................................................................ 1509
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xxvi

E.4 shutdown.................................................................................................................................................................. 1510

E.5 sp_configure............................................................................................................................................................. 1512
F Common Commands for HA System (Veritas Hot Standby)......................................... 1514

F.1 Overview of Commands........................................................................................................................................... 1514
F.2 Status Query Commands.......................................................................................................................................... 1515
F.2.1 vxprint....................................................................................................................................................................1516
F.2.2 vxdisk.....................................................................................................................................................................1518
F.2.3 vxdg....................................................................................................................................................................... 1518
F.2.4 vradmin.................................................................................................................................................................. 1519
F.2.5 hastatus.................................................................................................................................................................. 1522
F.3 Maintenance Command............................................................................................................................................ 1523
F.3.1 hagrp...................................................................................................................................................................... 1523
F.3.2 hastop..................................................................................................................................................................... 1525
G Common Maintenance Tools............................................................................................... 1526

H Glossary and Abbreviations................................................................................................ 1527
Issue 02 (2018-03-05) Huawei Proprietary and Confidential xxvii

Administrator Guide 1 Security Precautions (for Administrators)
1 Security Precautions (for Administrators)
This topic describes the suggestions on running security. To ensure normal running of the
U2000, you must comply with the precautions for hardware and software operations.
Precautions for Hardware Operations

Pay attention to the following items during hardware operations:
l Configuring an independent uninterrupted power supply (UPS) for the U2000 server is
recommended. This can avoid some serious problems such as hardware damage, system
restoration failure, and data loss caused by abnormal power failure. If the independent
UPS cannot be configured for the U2000 server, properly shut down the U2000
application and then the database, and then the OS, before the administrator cuts the
power upon a power cut notification.
l You must properly shut down the U2000 server in any case. Do not run the halt
command to power off the U2000 server or hardware on Solaris and SUSE Linux.
Otherwise, the system will fail to be restored.
l Checking the network communication status on a daily basis according to routine
maintenance items is recommended to avoid network communication interruption result
in lost data or effect on system.
l Removing network cables from the server is prohibited if the U2000 is running. If
unwanted network cables need to be removed, remove them after stopping U2000
services. Otherwise, the U2000 service will be affected.
NOTE
On Solaris and SUSE Linux, removing unwanted network cables may lead to intermittent network
interruption.
l You must keep the equipment room clean, dustproof and moistureproof.
Precautions for Software Operations

Read carefully the following precautions for software operations for better U2000 O&M.
Issue 02 (2018-03-05) Huawei Proprietary and Confidential 1

NOTICE
During U2000 O&M, any violation against the following precautions leads to service risks or
system collapse. Read the precautions carefully and perform operation in strict compliance
with them.
Table 1-1 Precautions on software operation

Item Precautions Risks Remarks
OS Do not install the OS that is This operation may For the mapping OS,
incompatible with the U2000 result in see Chapter Software
version. incompatibility Configuration
For example, the OS is between the OS and Planning for the
unauthorized, pirated, or U2000 and NMS Server in
incompatible with the U2000 consequently a failure U2000 Planning
version. to start the U2000 Guide.
process.
Do not install the system patch l This operation l In normal cases, to

after OS installation is may affect U2000 install the system
configured without operation. patch, you need to
confirmation by Huawei l This operation obtain the OS
engineers. may result in patch package
For example, do not install the system collapse. from Huawei
third-party vulnerability patch official website.
and upgrade package. l If the patch
package obtained
from Huawei
official website
does not meet the
requirement,
contact Huawei
engineers.
Do not add, delete, or modify This operation may -

the U2000 configuration file or result in system
permissions as the root or non- failure.
NMS user.
Do not enable insecure This operation may Using the SSH and
services that are irrelevant to bring risks of attacks. SFTP services is
the OS. recommended
For example, the Telnet and because the SSH and
FTP services of the OS and the SFTP services are
mail service. more secure.

Do not install the unwanted l A lot of system -

unauthenticated third-party resources are
application on the consumed, which
runningU2000 server. may lead to slow
For example, game software. operation on the
U2000.
l This operation
may lead to
security threats
from virus attacks.
Do not install unauthenticated This operation may Installing the

antivirus software such as 360 cause exceptions such OfficeScan is
antivirus software on the as U2000 file recommended.
U2000 server. isolation or
insufficient memory
on the U2000.
Do not use the OS hardening This operation may Use the OS hardening
tools that are not provided the result in system tools provided by the
U2000. failure. U2000.
Do not configure the U2000 If the connection -

server as the DNS server. between the OS and
DNS fails or is at a
slow speed, the
U2000 restart fails.
Do not manually change the IP This operation may If the IP address and
address and host name of OS. lead to a failure to host name of OS need
start U2000 to be changed, use the
processes. U2000 MSuite tool to
change it. Ensure that
the U2000processes
have been stopped
before making such a
change.
Do not use the reboot or init 6 This operation may -

command to restart the Solaris result in system
OS, and do not use Stop+A to failure.
switch to the ok prompt on the
running U2000 server.
Do not use the switching This operation -

partition swap as a normal increases the usage of
partition. the switching
partition swap and
affects the U2000
operation speed.

Do not leak the password. The This operation may -

permissions on passwords are lead to beyond
classified based on the user authority operations.
level and can be assigned only
to the maintenance owner.
Periodically change the OS l After security -

password. hardening, you
need to specify a
validity period for
the password. If
you do not change
the password in
time, it will
expire, causing a
failure to log in to
the OS.
l The OS password
that has not been
changed for a long
time is less secure.
Regularly check the size of This operation may -

the /var/adm/pacct file, the slow down the system
accounting file of the Solaris operation or event
OS. If the size of results in a primary/
the /var/adm/pacct file secondary switchover.
exceeds 2 GB, dump the data
and then clean up the file.
SUSE Linux 12 OS contains May cause security -

install files of the gdb, strace risks.
and tcpdump. Install and use
them by root user only when
maintenance the U2000.
Uninstall and delete them after
used.
License Do not disable the NIC where This operation may -

the ESN to which the U2000 cause a U2000
license file is bound resides. exception.
Do not modify a license file. This operation may -

cause a license file
failure.

Databa Do not install the database that This operation may For the mapping OS,
se is incompatible with the cause incompatibility see Chapter Software
U2000 version. between the database Configuration
For example, the database is and the U2000 Planning for the
unauthorized, pirated, or version and NMS Server in
incompatible with the U2000 consequently a failure U2000 Planning
version. to start the U2000. Guide.
Do not manually log in to the This operation results -

database and perform in a data
operations on the database, inconsistency
such as adding, deleting, between the
modifying, and viewing the U2000and NEs.
database. Accessing the
For example, do not use T- database among
SQL to change the U2000 different sets of
database data or manually U2000 results in a
modify the interfaces file of database disorder.
the Sybase database.
Do not use the commands This operation results If the passwords of

carried by the database to in a failure to start the sa and dbuser
change the passwords of the sa U2000 processes. users need to be
and dbuser users. changed, use the
U2000 MSuite to
change them.

to the maintenance owner. The
administrator password can be
managed only by the
maintenance owner.

Disable users from accessing l The U2000 is -

the U2000 database either running slowly or
directly (such as using the its function are
SQL command) or using a abnormal.
third-party application (such as l Database
the upper-layer OSS). connections fail to
be applied for
U2000 processes,
causing a failure
of U2000
functions.
l The database
content may be
tampered, and the
U2000 may
encounter
unpredictable
exceptions.
Periodically change the l After security If the passwords of

database password. hardening, you the sa and dbuser
need to specify a users need to be
validity period for changed, use the
the password. If U2000 MSuite to
you do not change change them.
the password in
time, it will
expire, causing a
the database.
l The database
password that has
not been changed
for a long time is
less secure.
Regularly back up the U2000 If you do not back up -

database. This minimizes the U2000database,
damages if an exception U2000 data may be
occurs on the system. lost upon system
exceptions.
Do not modify data on the This operation may -

U2000 during database cause a backup
backup. exception.
Stop the U2000 server and This operation may -

ensure that the U2000 database cause a restoration
is not used by other users failure.
before restoring data in the
U2000 database.

HA Do not perform large-data- This operation may -

system volume operations during full affect the
(Veritas synchronization between the performance of the
) primary and secondary sites, entire U2000 high
such as searching for circuits availability system.
and protection subnets and
querying alarms on the entire
network.
In normal cases, the U2000 is If the U2000 is -

running only on the primary running on both the
site, and the secondary site primary and
works as a backup. secondary sites, a
major abnormality
may occur.
For example, this
operation may lead to
that the system enters
the dual host status.
Note usage restrictions of the Inappropriate See Common Veritas

HA system. operations will cause Operations >
a failure to use the Restrictions on
HA system. Using a High
Availability System
in Administrator
Guide.
NMS Do not browse web pages on l A lot of system -

the U2000 server. resources are
Do not configure unnecessary consumed, which
share directories. Pay attention may lead to slow
to the permissions of a share operation on the
directory. U2000.
l This operation
may bring risks of
attacks.
Do not delete ossuser and User IDs may -

dbuser user accounts or delete inconsistent, and
these accounts and create them U2000 functions
again. cannot be used
normally.
Do not connect another PC or Various issues may -

laptop to the network where occur, such as IP
the U2000 server resides address conflict and
unless allowed. virus infection.

Do not use multiple sets of l This operation In scenarios where

U2000 to manage an NE or results in discrete multiple sets of the
use the U2000 and a third- services, data U2000 are used in
party OSS together to manage inconsistency, and upgrading, contact the
an NE. device CPU load local representative
For example, do not use MIBs growth. office or customer
to interconnect NEs when l After one set of service center.
MIBs are being used by the the U2000 is used Alternatively, send
U2000 to manage NEs. In to apply emails to
addition, do not use the configurations to a support@huawei.com
TR-069 server and U2000 router, other sets or obtain the latest
together to manage ONT NEs. of the U2000 may technology documents
fail to from http://
incrementally support.huawei.com/
synchronize the carrier.
configurations. In
this situation, the
data on the
U2000s is
inconsistent with
the NE data. If
operations are
performed using
these U2000s,
configuration
conflicts may
occur, which
interrupts services.
Do not use both the U2000 and This operation results -

commands to manage the live in a data
network. inconsistency
between the U2000
and NEs, and there is
risk of deleting NE
data.
Do not modify the XML file of This operation results -

the ONT on the U2000 server. in an inconsistency of
the ONT XML file
between the U2000
and NEs.

Do not modify the system time This operation may l To modify the
during U2000 running. cause time system time of the
inconsistency server, exit the
between the U2000 U2000server and
and NEs and failures restart it after the
of some functions. modification.
l To modify the
system time of the
client, exit the
U2000 client and
restart it after the
modification.

to the maintenance owner.The
administrator password can be
managed only by the
maintenance owner.
Periodically change the NMS l After security -

user password. hardening, you
need to specify a
validity period for
the password. If
you do not change
the password in
time, it will
expire, causing a
the U2000.
l The NMS user
password that has
not been changed
for a long time is
less secure.

See Maintenance Item List in - You can contact the

Routine Maintenance to check local representative
the NMS and record results. office or customer
service center for
troubleshooting.
Alternatively, send
emails to
support@huawei.com
or obtain the latest
technology documents
from http://
support.huawei.com/
carrier.
Use the UEasy tool to UEasy is an OM On Solaris or SUSE

regularly perform health check assistance tool for Linux, the UEasy tool
on the U2000. Huawei service is stored in the
engineers. Some $IMAP_ROOT/
functions are tools/UEasy
available only to directory. On
them. Windows, the UEasy
tool is stored in the
%IMAP_ROOT%
\tools\UEasy
directory. For details
about how to use the
UEasy tool, see the
readme_en.txt file
contained in the save
path.
After the DC is used to This operation results -

upgrade or degrade transport in a failure to
NEs, you must use the U2000 distribute services to
to upload the data about the transport NEs during
involved transport NEs to the transport NE
U2000 database. configuration.
Ensure data consistency If data is inconsistent -

between the U2000 and NEs. between the U2000
and NEs, it may lead
to misjudgment or
misoperation.

The U2000 displays a warning - -

message when a risky
operation is to be performed.
For example, a message is
displayed indicating that
services will be interrupted
when data is to be downloaded
from the U2000 to an NE.
Do not stop services randomly. This operation -

adversely affects
U2000 functions.
Do not change the configured This operation -

server's IP address by adversely affects
modifying the configuration U2000 functions. For
file. example, failure to
log in to the U2000
server from a U2000
client.

Administrator Guide 2 Starting the U2000 System
2 Starting the U2000 System
About This Chapter
This topic describes how to start the U2000 system. The procedure for starting the U2000
system varies according to deployment solutions.
2.1 Starting the U2000 Server in a Windows Single-Server System
The U2000 server can be started in three steps: power on the server safely, start the database,
and start the U2000 server processes.
2.2 Starting the U2000 Server in a Solaris Single-Server System
2.3 Starting the U2000 Server in a SUSE Linux Single-Server System
2.4 Starting the U2000 Server in a Solaris High Availability System
2.5 Starting the U2000 Server in a SUSE Linux High Availability System
2.6 Logging In to a U2000 Client
Log in to a U2000 using the client, and then perform management operations in the GUI of
the U2000 client.
2.1 Starting the U2000 Server in a Windows Single-Server

System

2.1.1 Powering On the Server Safely

This topic describes how to power on the server in a Windows single-server system safely.
Power on the Huawei RH2288H V2, Huawei RH2288H V3, Huawei RH5885H V3, IBM
X3650 M4, IBM X3650 M3 or IBM X3850 X5 on condition that the power supply is normal.
1. Power on a Huawei 2288H V5/Huawei RH2288H V3/Huawei RH5885H V3/Huawei
RH2288H V2/IBM X3650 M4/IBM X3650 M3/IBM X3850 X5 server.
NOTICE
l Huawei 2288H V5/Huawei RH2288H V3/Huawei RH5885H V3/Huawei RH2288H
V2 server supports 100 to 240 VAC input voltage.
l IBM X3650 M4/IBM X3650 M3/IBM X3850 X5 server supports 100 to 132 VAC
and 200 to 240 VAC input voltage.
l Configure power supply based on the rated system power requirement, see U2000
Hardware Installation Guide (Huawei N610E cabinet). If the power supply is
insufficient, the server automatically stops.
2. Press the power buttons on the peripherals and monitor connected to a server.
3. Wait 2 to 3 minutes. When the green indicator on the front panel of the server blinks
every 1s, press the power button on the shelf of the server.
NOTE
l If the power button is steady on, the server has been successfully powered on.
l For details about IBM server indicators, see the manual for IBM servers or log in to the
official IBM web site.
l For details about Huawei server indicators, see the manual for Huawei servers or log in to the
official Huawei web site.
l For official web sites of software and hardware documents, see A.11.49 How Do I Obtain
Third-Party Software and Hardware Materials.
The red boxes in the following figures show the positions of power buttons on Huawei
2288H V5, Huawei RH2288H V3, Huawei RH5885H V3, Huawei RH2288H V2, , IBM
X3650 M4, IBM X3650 M3 and, IBM X3850 X5.
Figure 2-1 Position of the power button on Huawei 2288H V5 server
Figure 2-2 Position of the power button on Huawei RH2288H V3 server

Figure 2-5 Position of the power button on IBM X3650 M4

Figure 2-7 Position of the power button on IBM X3850 X5
2.1.2 Starting the Database

This topic describes how to start the database in a Windows single-server system. The U2000
can start properly only after the database is started.
Prerequisites
The OS has been started.
Context
Generally, the database starts along with the OS.
Procedure
Step 1 Log in to the OS as administrator.
NOTE
The database can be started or stopped only by administrator.
Step 2 Choose Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL
Server Configuration Manager > SQL Server Services.
Step 3 Right-click SQL Server (MSSQLSERVER) and choose Start from the shortcut menu.
----End
Result
In the SQL Server (MSSQLSERVER), if Start is dimmed, Microsoft SQL Server 2008 is
running.
Follow-up Procedure
Open the task manager of the server and click the Processes tab to check whether the
sqlserver.exe process is started by the dbuser user.

2.1.3 Starting the U2000 Server Processes

This topic describes how to start the U2000 server processes in a Windows single-server
system. You can log in to the U2000 to manage a network only after starting the U2000 server
processes on the computer on which the U2000 is installed.
Prerequisites
The OS on the computer on which the U2000 server processes are installed is running
properly, and the database has been started.
Context
l Generally, the U2000 server processes start along with the OS.
l Only one default NMS user, admin, is provided during U2000 software installation. The
admin user is a U2000 administrator with the highest rights on the U2000 system.
Procedure
Step 1 Log in to the OS as a user with ossuser rights.
Step 2 View the startup information about the U2000 server processes.
1. Choose Start > Run. The Run window will be displayed.
2. Enter cmd and click OK.
3. In the CLI, run the daem_ps command to check whether the U2000 process is started.
– If information similar to the following is displayed, the U2000 process has started.
imapmrb.exe 30616 RDP-Tcp#1 3
19,252 K
imapeventmgr.exe 4392 RDP-Tcp#1 3
19,812 K
imapsysd.exe 27224 RDP-Tcp#1 3
39,720 K
imapwatchdog.exe 36812 RDP-Tcp#1 3
14,216 K
ResourceMonitor.exe 29472 RDP-Tcp#1 3
25,024 K
imap_sysmonitor.exe 8368 RDP-Tcp#1 3
36,628 K
python.exe 33732 RDP-Tcp#1 3
21,216 K
httpd.exe 14920 RDP-Tcp#1 3
11,140 K
java.exe 21572 RDP-Tcp#1 3
92,424 K
16,476 K

NOTE
If information similar to the following is displayed, the U2000 process also has started.
imapmrb.exe 11116 Services 0
30,392 K
imapeventmgr.exe 11164 Services 0
21,404 K
imapsysd.exe 10236 Services 0
42,116 K
imapwatchdog.exe 8584 Services 0
11,676 K
ResourceMonitor.exe 26056 Services 0
28,184 K
imap_sysmonitor.exe 13168 Services 0
39,632 K
– If no command output is displayed, the U2000 process is not started. You can run
the D:\oss\server\platform\bin\startnms.bat command in the CLI to start the
U2000 process. If information similar to the following is displayed, the database
has to be started. For details, see 2.1.2 Starting the Database. Then, execute the
startnms.bat file to start the U2000 process.
Service MSSQLSERVER does not running,please start it first.
NOTE
n D:\oss specifies the installation path of the U2000.

n Starting the U2000 process takes about 3 minutes.
Step 3 Check the running status of every process on the System Monitor client.
1. Choose Start > All Programs > Network Management System > U2000 System
Monitor or click the shortcut icon on the desktop to start the U2000 System Monitor
client.
2. In the Login dialog box, enter a user name and a password.
NOTE
Two data transmission modes are available: Common and Security(SSL) (more secure,
recommended). The default data transmission mode is Security(SSL). For details, see section A.
11.31 How to Set the Communication Mode on the U2000 server for the Single-Server
System (Windows) to query or change the communication mode of the server.
The initial password of the admin user is Changeme_123. The password must be changed during
the first login to ensure system security. Keep the password confidential and change it regularly.
----End
Result
l If the U2000 services with the startup type of Automatic have started properly, the
U2000 runs properly.
l If some services have not started, select them, right-click, and choose Start the Service
from the shortcut menu.
l If the U2000 does not run properly, contact Huawei engineers.
Follow-up Procedure
The network management system maintenance suite is used for U2000 commissioning,
maintenance, and redeployment.
Log in to the OS as a user with administrator rights, in the Windows Task Manager dialog
box, check whether msdaemon.exe and msserver.exe are listed.

l If the two processes are listed, the MSuite server has started.
l If the two processes are not listed, the MSuite server has not started. Navigate to the D:
\oss\engr\engineering directory of U2000 server and double-click startserver.bat to
start the MSuite server.
2.2 Starting the U2000 Server in a Solaris Single-Server

System

This topic describes how to power on the server in a Solaris single-server system safely. The
procedure for powering on a server varies according to the server type and disk array type.
Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 Server

1. Power on a Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server.
NOTICE
l Oracle SPARC T4-2 workstations support only 200 ~ 240 VAC input voltage and do
not support 100 ~ 120 VAC input voltage.
l Netra T4-1/Oracle T4-1 server supports 200 to 240 VAC and 100 to 120 VAC input
voltage.
l Netra T4-2 server supports100 to 220 VAC input voltage.
insufficient, the server automatically stops and the high availability system fails to
trigger an active/standby switchover.
2. Wait about 2 or 3 minutes. Then switch on the power of the Netra T4-1/Netra T4-2/
Oracle T4-1/Oracle T4-2 workstation to start the server.
3. After the server is started, check indicators on the front panel. If the power indicator is
steady green, the server is powered on. If another indicator is on or blinks, the server
does not function properly. Contact the server maintenance engineers to solve the
problem. The following figure shows the positions of the power switch and power
indicator.

Figure 2-8 Power switch and power indicator on the Netra T4 server
Figure 2-9 Power switch and power indicator on the Netra T4-2 server

Figure 2-10 Power switch and power indicator on the Oracle T4-1 server
NOTE
l If the Solaris OS starts automatically on the server, the Solaris OS has been correctly installed.
l If the server displays the OK prompt, enter boot. If the server does not respond, no Solaris OS has
been installed on the server.
Disk Array
NOTICE
l To prevent data loss, do not remove or insert disk modules, controllers, fibers, network
cables, or serial cables when powering on a disk array.
l To prevent disk damage and data loss, do not turn on or cut off the power supply when the
disk is accessing data. If the power supply is cut off, wait at least 1 minute before turning
it on.
Power on a disk array.

l For OceanStor 5500 V3:

– Normal power-on sequence: 1. Turn on the power switches of the external power
supplies connected to all the devices. 2. Press the power button on either controller.
3. Turn on the LAN switch or FC switch (if any LAN switch or FC switch is
deployed but is not powered on). 4. Turn on the application server (if the
application server is not powered on).
– Normal power-down sequence: 1. Stop the services of the application server. 2.
Hold the power button for 5 seconds on the controller enclosure. 3. Disconnect the
controller enclosure and disk enclosures from the external power supplies.
l For OceanStor S3900:
Hold the power button for 5 seconds on either controller. 3. Disconnect the
– Power-on sequence: cabinet → disk enclosures → controller enclosure → switch (if
has) → application server.
– Power-off sequence: application server → switch (if has) → controller enclosure →
disk enclosures → cabinet.
NOTE
l Power supply must be provided for the two power modules of the OceanStor S2600 and
OceanStor S3900; otherwise, the OceanStor S2600 and OceanStor S3900 fail to be used. Then
press the power switch on the controller A / B. Wait 5 to 10 minutes until the power indicator is
steady green, no longer flashing, indicating the success of the power-on.
l Power supply must be provided for the two power modules of the OceanStor 5500 V3; otherwise,
the OceanStor 5500 V3 fails to be used. Press the power button on controller A/B. Wait 5 to 10
minutes until the power indicator is steady green and no longer flashing, indicating the power-on
success.
Physical indications that the storage system is up and running without error:
l The power indicators of the controllers, controller enclosure, and disk enclosures are
steady green.
l The alarm indicators of the controllers, controller enclosure, and disk enclosures are off.
l The running indicators of the coffer disks are steady green, and their alarm/location
indicators are off.

This topic describes how to start the database. The U2000 can start properly only after the
database is started.
Prerequisites
Context

Procedure
Step 1 Log in to the OS as the dbuser user.
NOTE
To switch to the dbuser user, run the su - dbuser command. After the U2000 is installed, the password
for the dbuser user is Changeme_123. For system security, modify the default password and remember
the new password. For details, see A.2.1 How Do I Change the OS User Password?.
Step 2 Ensure that the database is running.

Run the following command to check whether the Sybase database is running:
$ ps -ef | grep sybase
Information similar to the following is displayed:

dbuser 793 1 0 Sep 16 ? 0:00 /usr/bin/sh /opt/sybase/ASE-15_0/
install/RUN_DBSVR
dbuser 802 801 0 Sep 16 ? 0:00 /opt/sybase/ASE-15_0/bin/
backupserver -SDBSVR_back -e/opt/sybase/ASE-15_0/insta
dataserver -sDBSVR -d/opt/sybase/data/lv_master -e/opt
dataserver -ONLINE:1,0,0x2005f917, 10000000000, 0xd4be
dbuser 801 1 0 Sep 16 ? 0:00 /usr/bin/sh /opt/sybase/
ASE-15_0/install/RUN_DBSVR_back
dbuser 28591 28193 0 15:22:07 pts/1 0:00 grep sybase
NOTE
The database is running if the displayed information contains /opt/sybase/ASE-15_0/bin/dataserver -

sDBSVR and /opt/sybase/ASE-15_0/bin/backupserver -SDBSVR_back.
Run the following commands to start the Sybase database if it is not running:
$ su - dbuser
NOTE
Enter the dbuser user password as prompted. The default password is Changeme_123. For system
security, modify the default password and remember the new password. For details, see A.2.1 How Do I
Change the OS User Password?.
$ . /opt/sybase/SYBASE.sh
$ cd /opt/sybase/ASE*/install
$ ./startserver -f ./RUN_DBSVR &
$ ./startserver -f ./RUN_DBSVR_back &
$ exit

NOTE
l Leave a space between the dot (.) and the command /opt/sybase/SYBASE.sh.
l DBSVR is the name of the database server and DBSVR_back is the name of the database backup
server. These names must be consistent with the actual database names.
l View the database name and database backup server name by running the more /opt/sybase/
interfaces command.
----End
Result
Run the following command to check whether the Sybase process is running:
dbuser 4664 1 0 Apr15 ? 00:00:00 /bin/sh /opt/sybase/ASE-15_0/

install/RUN_DBSVR
dbuser 4675 4664 32 Apr15 ? 2-22:42:47 /opt/sybase/ASE-15_0/bin/
dataserver -sDBSVR -d/opt/sybase/data/lv_master -e/opt/sybase/ASE-15_0/install/
DBSVR.log -c/opt/sybase/ASE-15_0/DBSVR.cfg -M/opt/sybase/ASE-15_0
install/RUN_DBSVR_back
dbuser 4692 4688 0 Apr15 ? 00:00:00 /opt/sybase/ASE-15_0/bin/
backupserver -SDBSVR_back -e/opt/sybase/ASE-15_0/install/DBSVR_back.log -N25 -C20
-M/opt/sybase/ASE-15_0/bin/sybmultbuf
...
NOTE
If the displayed information contains /opt/sybase/ASE-15_0/bin/dataserver -sDBSVR and /opt/

sybase/ASE-15_0/bin/backupserver -SDBSVR_back, the Sybase process is running.

This topic describes how to start the U2000 server processes in a Solaris single-server system.
You can log in to the U2000 to manage a network only after starting the U2000 server
Prerequisites
Context
l Generally, the U2000 server processes start along with the OS.
l Only one default NMS user, admin, is provided during U2000 software installation. The
admin user is a U2000 administrator with the highest rights on the U2000 system.
Procedure
Step 1 Log in to the OS of the server as the ossuser user.
Step 2 Run the following command to check whether the U2000 processes have started:
$ daem_ps


ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
ossuser 27079 1 0 10:31:39 ? 0:00 imapwatchdog -cmd start
ossuser 27075 1 0 10:31:39 ? 0:50 imapsysd -cmd start
ossuser 27086 1 0 10:31:39 ? 0:09 imapeventmgr
ossuser 23679 1 1 17:57:06 pts/8 0:02 imap_sysmonitor -cmd start
ossuser 27116 1 0 10:31:40 ? 0:52 ResourceMonitor -cmd start
NOTE
If the displayed information contains imapmrb, imapwatchdog -cmd start, imapsysd -cmd start,
imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start, the U2000 processes
have started.
Step 3 Run the following command to start the U2000 processes if they have not started:
$ cd /opt/oss/server/platform/bin
$ ./startnms.sh
----End
Result
Follow-up Procedure
The network management system maintenance suite is used for U2000 commissioning,
maintenance, and redeployment. Generally, the MSuite server starts along with the OS. If the
MSuite server does not start, run the following commands:
$ cd /opt/oss/engr/engineering
$ ./startserver.sh
Run the following command to check whether the network management system maintenance
suite process has started:
$ ps -ef | grep java
ossuser 27458 23064 0 Sep 29 ? 28:30 /opt/oss/OSSJRE/jre_sol/bin/

java -Djava.security.egd=file:/dev/./urandom -Dproc
...
ossuser 21288 1 0 May 17 ? 45:21 /opt/oss/OSSJRE/jre_sol/bin/
java -server -Dlanguage=zh -DoperationIp=10.61.33.2
NOTE
If the displayed information contains /opt/oss/OSSJRE/jre_sol/bin/java -server, the network

management system maintenance suite process has started.
2.3 Starting the U2000 Server in a SUSE Linux Single-

Server System


You need to power on the server and disk array which then provide power supply for the
external device and monitor.
Server
NOTICE
Hardware Installation Guide (Huawei N610E cabinet).
For the Single-Server System (SUSE Linux), if the power supply is insufficient, the
server automatically stops.
For the High Availability System (SUSE Linux), if the power supply is insufficient,
the server automatically stops and the high availability system fails to trigger an
active/standby switchover.
NOTE


Disk Array
NOTICE
it on.
NOTE
Power supply must be provided for the two power modules of the OceanStor S3900; otherwise, the
OceanStor S3900 fail to be used. Then press the power switch on the controller A / B. Wait 5 to 10
minutes until the power indicator is steady green, no longer flashing, indicating the success of the
power-on.

Before starting the U2000, ensure that the database has been started and is running properly.
Prerequisites
Context
Procedure

NOTE
Step 2 Run the following command to check whether the Sybase database is running.

dbuser 4989 1 0 Sep20 ? 00:00:00 /bin/sh /opt/sybase/ASE-15_0/
install/RUN_DBSVR
dbuser 5003 4989 0 Sep20 ? 00:00:14 /opt/sybase/ASE-15_0/bin/
...
NOTE

Step 3 Run the following commands to start the Sybase database if it is not running.
NOTE
interfaces command.
----End
Result

install/RUN_DBSVR
...
NOTE



After the database is started, you need to start U2000 processes so that you can log in to the
U2000 to manage the network.
Prerequisites
The OS on the PC server on which the U2000 server processes are installed is running
Context
Generally, the U2000 server processes start along with the OS.
Procedure
Step 2 Ensure that the U2000 is running.
Run the following command to check whether the U2000 is running:

$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd start,
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start. If
no introduction is displayed, the U2000 processes have been stopped.
Run the following command to start the U2000 if it is not running:

$ ./startnms.sh
----End
Result

2.4 Starting the U2000 Server in a Solaris High

Availability System

This topic describes how to power on the server in a HA system (Solaris) safely. The
procedure for powering on a server varies according to the server type and disk array type.
Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 Server

1. Power on a Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server.
NOTICE
l Oracle SPARC T4-2 workstations support only 200 ~ 240 VAC input voltage and do
not support 100 ~ 120 VAC input voltage.
l Netra T4-1/Oracle T4-1 server supports 200 to 240 VAC and 100 to 120 VAC input
voltage.
l Netra T4-2 server supports100 to 220 VAC input voltage.
insufficient, the server automatically stops and the high availability system fails to
trigger an active/standby switchover.
2. Wait about 2 or 3 minutes. Then switch on the power of the Netra T4-1/Netra T4-2/
Oracle T4-1/Oracle T4-2 workstation to start the server.
3. After the server is started, check indicators on the front panel. If the power indicator is
steady green, the server is powered on. If another indicator is on or blinks, the server
does not function properly. Contact the server maintenance engineers to solve the
problem. The following figure shows the positions of the power switch and power
indicator.
Figure 2-19 Power switch and power indicator on the Netra T4 server

Figure 2-20 Power switch and power indicator on the Netra T4-2 server

NOTE
l If the Solaris OS starts automatically on the server, the Solaris OS has been correctly installed.
l If the server displays the OK prompt, enter boot. If the server does not respond, no Solaris OS has
been installed on the server.
Disk Array
NOTICE
it on.
l For OceanStor 5500 V3:

Hold the power button for 5 seconds on the controller enclosure. 3. Disconnect the


Hold the power button for 5 seconds on either controller. 3. Disconnect the
– Power-on sequence: cabinet → disk enclosures → controller enclosure → switch (if
has) → application server.
– Power-off sequence: application server → switch (if has) → controller enclosure →
disk enclosures → cabinet.
NOTE
l Power supply must be provided for the two power modules of the OceanStor S2600 and
OceanStor S3900; otherwise, the OceanStor S2600 and OceanStor S3900 fail to be used. Then
press the power switch on the controller A / B. Wait 5 to 10 minutes until the power indicator is
steady green, no longer flashing, indicating the success of the power-on.
l Power supply must be provided for the two power modules of the OceanStor 5500 V3; otherwise,
the OceanStor 5500 V3 fails to be used. Press the power button on controller A/B. Wait 5 to 10
minutes until the power indicator is steady green and no longer flashing, indicating the power-on
success.
Physical indications that the storage system is up and running without error:
l The power indicators of the controllers, controller enclosure, and disk enclosures are
steady green.
l The alarm indicators of the controllers, controller enclosure, and disk enclosures are off.
l The running indicators of the coffer disks are steady green, and their alarm/location
indicators are off.

This topic describes how to start the database in a Solaris high availability system. The U2000
can start properly only after the database is started.
Prerequisites
l The OS has been started.
l The server is properly connected to the network.
l The VCS service must be properly started. The VCS service has started along with the
OS and the disk is functioning properly. For details about how to check the server disk
status, see 8.5.1 Checking Server Disks.
Procedure
Step 1 Perform the following operations to start the Sybase database:
1. Log in to the active site as the ossuser user. Run the following command to switch to the
root user.
$ su - root
Password: password for the root user
2. Run the following commands to query Veritas resource names:

# haconf -makerw
# hares -list

BackupServer Primary
DataFilesystem Primary

DatabaseServer Primary
NMSServer Primary
RVGPrimary Primary
datarvg Primary
wac Primary
3. Run the hagrp -autoenable AppService -sys hostname command to set the AppService
group to autoenable. Run the hares -modify resource name Enabled 1 command to
change the status of all Veritas resources to Enabled. Use the resource names displayed
in the previous command output as an example. Run the following commands to change
the status of all the Veritas resources to Enabled:
For example, execute the following commands in a Solaris high availability system:
# hares -modify BackupServer Enabled 1
# hares -modify DataFilesystem Enabled 1
# hares -modify DatabaseServer Enabled 1
# hares -modify NMSServer Enabled 1
# hares -modify RVGPrimary Enabled 1
# hares -modify datarvg Enabled 1
# hares -modify wac Enabled 1
NOTE
hostname specifies the server name. You can run the hostname command to view the server name.
4. Run the following command to start the Sybase database service:
# hares -online BackupServer -sys hostname
NOTE
----End
Result

install/RUN_DBSVR
dbuser 4675 4664 32 Apr15 ? 2-22:42:47 /opt/sybase/ASE-15_0/bin/
dbuser 4692 4688 0 Apr15 ? 00:00:00 /opt/sybase/ASE-15_0/bin/
...
NOTE
If the displayed information contains /opt/sybase/ASE-15_0/bin/dataserver -sDBSVR and /opt/

sybase/ASE-15_0/bin/backupserver -SDBSVR_back, the Sybase process is running.

This topic describes how to start the U2000 server processes in a Solaris high availability

Prerequisites
Procedure
Step 1 Log in to the OS on the active site as the root user.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root command
and enter the root user password to switch to the root user.
Step 2 Start the U2000 server processes.
# hagrp -online AppService -sys hostname
NOTE
l Use the actual host name for real-world configuration.

l If a fault has occurred during the start of the AppService process, run the
# hagrp -clear AppService -sys hostname
command to rectify the fault. Then run the
command to start the AppService process.
----End
Result
1. Log in to the OS of the active site as the ossuser user.
2. Run the following command to check whether the U2000 is running:
$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
ossuser 23679 1 1 17:57:06 pts/8 0:02 imap_sysmonitor -cmd
start
ossuser 27116 1 0 10:31:40 ? 0:52 ResourceMonitor -cmd
start
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd
start, imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -
cmd start, the U2000 processes have started.
2.5 Starting the U2000 Server in a SUSE Linux High

Availability System


You need to power on the server and disk array which then provide power supply for the
external device and monitor.
Server
NOTICE
Hardware Installation Guide (Huawei N610E cabinet).
For the Single-Server System (SUSE Linux), if the power supply is insufficient, the
server automatically stops.
For the High Availability System (SUSE Linux), if the power supply is insufficient,
the server automatically stops and the high availability system fails to trigger an
active/standby switchover.
NOTE


Disk Array
NOTICE
it on.
NOTE
Power supply must be provided for the two power modules of the OceanStor S3900; otherwise, the
OceanStor S3900 fail to be used. Then press the power switch on the controller A / B. Wait 5 to 10
minutes until the power indicator is steady green, no longer flashing, indicating the success of the
power-on.

This topic describes how to start the database in a high availability system. The U2000 can
start properly only after the database is started.
Prerequisites
l The OS has been started.
l The server is properly connected to the network.
l The VCS service has started along with the OS and the disk is functioning properly. For
details about how to check the server disk status, see 8.6.1 Checking Server Disks.
Procedure
Step 1 Perform the following operations to start the Sybase database:
1. Log in to the active site as the ossuser user. Run the following command to switch to the
root user.

$ su - root
2. Run the following commands to query Veritas resource names:

# haconf -makerw
# hares -list

APPBOND Primaster
NMSServer Primary
RVGPrimary Primary
datarvg Primary
mountRes Primary
wac Primary
3. Run the hagrp -autoenable AppService -sys hostname command to set the AppService
group to autoenable. Run the hares -modify resource name Enabled 1 command to
change the status of all Veritas resources to Enabled. Use the resource names displayed
in the previous command output as an example. Run the following commands to change
the status of all the Veritas resources to Enabled:
For example, execute the following commands in a PC Linux high availability system:
# hagrp -autoenable AppService -sys hostname
# hares -modify APPBOND Enabled 1
# hares -modify mountRes Enabled 1
NOTE
4. Run the following command to start the Sybase database service:
NOTE
----End
Result

install/RUN_DBSVR
...

NOTE


This topic describes how to start the U2000 server processes in a PC Linux high availability
Prerequisites
Procedure
Step 1 Log in to the OS on the active site as the root user.
Step 2 Run the following command to start the U2000 server processes.
NOTE
l hostname specifies the server name. You can run the hostname command to view the server name.
l If a fault has occurred during the start of the AppService process, run the # hagrp -clear AppService -
sys hostname command to rectify the fault. Then run the # hagrp -online AppService -sys hostname
----End
Result
2. Run the following command to check whether the U2000 is running:
$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
start
start
NOTE
The U2000 is running if the displayed information contains imapmrb, imapwatchdog -cmd
start, imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -
cmd start, the U2000 processes have started.
2.6 Logging In to a U2000 Client

Log in to a U2000 using the client, and then perform management operations in the GUI of
the U2000 client.

Prerequisites
Before logging in to a U2000 client, ensure that the following conditions are met:
l The U2000 server has been started.
l The U2000 client communicates with the U2000 server properly.
NOTE
Run the ping peer IP address command to check the network communication.
– In a single-server system, the IP address is the system IP address for the server.
– In an availability system, the IP address is the NMS application network IP address
for the active site.
l The ports used between the U2000 client and the U2000 server have been enabled. For
details, see U2000 Communication Port Matrix.
l The IP address of the U2000 client is included in the ACL configured on the U2000
server.
NOTE
By default, an ACL contains all IP addresses. Setting an ACL based on security requirements is
recommended. For details, see 5.3.1.2 Setting a User ACL.
l Valid U2000 user account and password are available.
l U2000 licenses have been correctly loaded to the U2000 server.
l The resolution must be set to 1024 x 768 or higher.
Context
l By default, if three incorrect passwords are entered consecutively, the associated user
account will be locked by the U2000. The user admin can unlock common user
accounts. The U2000 will also unlock the user account in 30 minutes.
l The password for the U2000 System Monitor must be the same as that for the U2000
client.
l Each U2000 client can concurrently connect to multiple U2000 servers of the same
version.
Procedure
Step 1 Log in to the independent client OS as the administrator right user on which the U2000
client is installed.
NOTE
Log in to the Windows server OS as the ossuser right user on which the U2000 client is installed.
Step 2 Double-click the U2000 Client shortcut icon on the desktop. The Login dialog box is
displayed.
NOTE
l On Windows, double-click the startup_all_global.bat file in the client installation path, for example
D:\oss\client directory to start the U2000 client.
Step 3 In the Login dialog box, select a desired server from the Server drop-down list.
If no server has been configured, perform the following operations to add a server:
1. Click the ... button. In the Server List dialog box, click Add.

2. In the Add Server Information dialog box, set parameters for the U2000 server to be
added and click OK.
Table 2-1 Server parameter settings

Parameter Settings
Name Setting this parameter to the login IP address or the related host
name is recommended.
Server name (or Setting this parameter to an IP address is recommended.

IP address) – In a single-server system, the IP address is the system IP
address for the server.
– In an availability system, the IP address is the NMS
application network IP address for the active site.
Secondary server Generally, this parameter is not set. If the U2000 server is running
name (or IP in a high availability system, set this parameter to the IP address
address) of the standby site.
Port Two data transmission modes are available: Common and

Security(SSL) (more secure, recommended). By default, port
31037 is used in Common mode and port 31039 is used in
Security(SSL) (more secure, recommended) mode.

Parameter Settings
Mode Two data transmission modes are available: Common and

Security(SSL) (more secure, recommended). The default data
transmission mode is Security(SSL). Security(SSL) is
recommended for the high security requirements. You can run a
command on the server to query the data transmission mode.
– about how to set the communication mode for the U2000
server and client in a Windows single-server system, see A.
11.31 How to Set the Communication Mode on the U2000
server for the Single-Server System (Windows).
server and client in a Solaris single-server system, see A.11.32
How to Set the Communication Mode on the U2000 server
for the Single-Server System (Solaris).
server and client in a SUSE Linux single-server system, see A.
11.33 How to Set the Communication Mode on the U2000
server for the Single-Server System (SUSE Linux).
server and client in a Solaris high availability system, see A.
11.34 How to Set the Communication Mode of the Server
in a High Availability System (Solaris, SUSE Linux).
server and client in a SUSE Linux high availability system, see
A.11.34 How to Set the Communication Mode of the Server
in a High Availability System (Solaris, SUSE Linux).
NOTE
A client can log in to the U2000 server only when they work in the same
mode. If the client and server work in different modes, even if they are
installed on the same host, the client cannot log in to the server.
3. In the Server List dialog box, select a server from the list and click OK.
Step 4 Enter valid user name and password, and click Login.
l The default user name is admin. The initial password of the admin user is
Changeme_123. The password must be changed during the first login to ensure system
security. Keep the password confidential and change it regularly.
l If you attempt to connect to the server in a non-SSL mode, the client displays a dialog
box indicating security risks.
– If you want to continue the connection, click Yes. If you do not want the client to
display the dialog box again upon subsequent logins, select Do not remind me
next time.
NOTE
The IP address of the server being connected is saved to the allComServer.dat file in Client
installation directory\client\client\plugins\loginui\style\conf\loginui. Therefore, the Do not
remind me next time settings apply only to the connected server. If you want the client to
display the dialog box that indicates the security risks upon subsequent logins, delete the
allComServer.dat file.

– If you want to terminate the connection, click No. The Login dialog box is
displayed. You can select the matched communication mode.
l If the client does not trust the server, you need to determine whether the server is
trustworthy using the server certificate.
– If you confirm that the server is trustworthy, click Yes and log in to the client. If you
do not want the system to display the dialog box again, contact the system
administrator to configure a trust certificate.
– If you confirm that the server is untrustworthy, click No to return to the Login
dialog box and contact the system administrator to process the issue.
l When you log in to the U2000 client, a message will be displayed asking you whether to
upgrade the client if the U2000 detects that the local computer version is earlier than the
server version.
NOTE
Clients installed in package installation mode do not support client automatic upgrades (CAUs).
– If the client is installed in CAU mode, click OK to upgrade the client.
– If the client is installed in package installation mode, click Cancel and then use the
CAU mode to re-install the client.
----End
Result
After the U2000 client is successfully logged in to, it automatically obtains associated data
from the U2000 server.
NOTE
After the U2000 client is successfully logged in to, if a certificate problem is prompted, accept this
certificate permanently. Click OK.

Administrator Guide 3 Shutting Down a U2000
3 Shutting Down a U2000
About This Chapter
This topic describes how to shut down the U2000 server and U2000 clients. The shutdown
procedure varies according to the deployment scheme.
3.1 Shutting Down U2000 Clients
You must ensure that all U2000 clients are shut down before you shut down the U2000 server.
This topic describes how to shut down the U2000 clients.
3.2 Shutting Down the U2000 Server (Single Server System, Windows)
Three steps are required to shut down the U2000 server: stop the U2000 server processes, shut
down the database, and power off the server safely.
3.3 Shutting Down the U2000 Server (Single Server System, Solaris)
3.4 Shutting Down the U2000 Server (Single Server System, SUSE Linux)
3.5 Shutting Down the U2000 Server in a High Availability System (Solaris)
Four steps are required to shut down the U2000 server in a high availability system (Solaris):
stop the U2000 server processes, shut down the database, stop the VCS service, and power off
the server safely.
3.6 Shutting Down the U2000 Server in a High Availability System (PC Linux)
Four steps are required to shut down the U2000 server: stop the U2000 server processes, shut
down the database, stop the VCS service, and power off the server safely.
3.1 Shutting Down U2000 Clients

You must ensure that all U2000 clients are shut down before you shut down the U2000 server.
This topic describes how to shut down the U2000 clients.
Prerequisites
The U2000 clients must be started properly.

Procedure
Step 1 Choose File > Exit from the main menu.
Step 2 In the Confirm dialog box, click OK.

If certain operations are performed on the Main Topology but not saved, a prompt is
displayed, asking you whether to save them.
----End
3.2 Shutting Down the U2000 Server (Single Server

System, Windows)
3.2.1 Stopping the U2000 Server Processes

Do not stop the U2000 server processes when the U2000 server is managing NEs. Stop the
U2000 server processes only for some special purposes, for example, changing the system
time of the computer where the server is installed or upgrading the version. This topic
describes how to stop the U2000 server processes on the Windows single-server system.
Prerequisites
Exit all running U2000 clients.
Procedure
NOTE
If the server is started by the administrator, switch to the administrator and log in to the OS to disable the
server.
Step 2 Ensure that the U2000 is not running.

1. Right click Start > Run. The Run window will be displayed.
3. In the CLI, run the daem_ps command to check whether the U2000 process is stopped.
– If no command output is displayed, the U2000 process has stopped.
– If information similar to the following is displayed, the U2000 process is not
stopped. In the CLI, run the D:\oss\server\platform\bin\stopnms.bat command to
stop the U2000 process.
19,252 K
19,812 K
39,720 K
14,216 K
25,024 K

36,628 K
21,216 K
11,140 K
92,424 K
16,476 K
NOTE
n If information similar to the following is displayed, the U2000 process is not stopped.
Switch to the administrator and run the D:\oss\server\platform\bin\stopnms.bat command
to stop the U2000 process.
imapmrb.exe 11116 Services
0 30,392 K
imapeventmgr.exe 11164 Services
0 21,404 K
imapsysd.exe 10236 Services
0 42,116 K
imapwatchdog.exe 8584 Services
0 11,676 K
ResourceMonitor.exe 26056 Services
0 28,184 K
imap_sysmonitor.exe 13168 Services
0 39,632 K
n Stopping the U2000 process takes about 3 minutes.
----End
Result
If no command output is displayed after the daem_ps command is executed, the U2000
process has stopped.
3.2.2 Shutting Down the Database

The U2000 can start properly only after the database is started. Before shutting down the
database, stop the U2000 server processes. This topic describes how to shut down the
database on the Windows single-server system.
Prerequisites
The U2000 server processes must have been stopped.
Procedure
NOTE
The database can be started or stopped only by administrator.
Step 3 Right-click SQL Server (MSSQLSERVER) and choose Stop to stop the database.
----End

Result
Two methods are available for checking whether the SQL Server database can connect
normally.
l Through the CLI:
a. Choose Start > Run.
b. In the Run dialog box, enter cmd. A command line interface (CLI) is displayed.
c. Run the following commands:
> isql -Usa -SDBSVR
In order to enhance the security of the database after the U2000 is installed, the sa
user may be manually disabled and replaced with a customized administrator name,
such as dbadmin.
NOTE
l DBSVR specifies the database name.

l Enter the database sa user password as prompted.
l The prompt C:\> varies according to on-site conditions. If the system is logged in to as
the dbuser user, the default prompt is C:\Users\dbuaer>. You can run the cd
command to switch the directory. A command example is
C:\Users\dbuser> cd c:\
. The command prompt switches to c:\>.
If the displayed information includes 1>, you can connect to the database normally,
that is, the database is shutted down. Otherwise, the database is started.
l Through the GUI:
a. Click Start > All Programs > Microsoft SQL Server 2008 > SQL Server
Management Studio. The Connect to Server window is displayed.
b. Set parameters according to the following information and then click Connect.
n Server type: Database Engine
n Server name: DBSVR
n Authentication: Windows Authentication
If the displayed SQL Server Management Studio window prompted, you can
connect to the database normally, that is, the database is started. Otherwise, the
database is shutted down.
3.2.3 Powering Off the Server Safely

This topic describes how to power off the Windows single-server system safely.
Procedure
Step 1 Log in to the OS as a user with administrator rights.
NOTE
If the server is started by the administrator, switch to the administrator and log in to the OS to disable the
server.
Step 2 Choose Start > Shut down to shut down the Windows OS.
Step 3 If a KVM is equipped, power off the KVM switcher.
----End


System, Solaris)

describes how to stop the U2000 server processes on the Solaris single-server system.
Prerequisites
Procedure
Step 2 To check the running status of the U2000 process, run the following command:

$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE
Step 3 Run the following commands to stop U2000 if it is running:

$ ./stopnms.sh
----End
Result
Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE
The process is stopped if the displayed information is empty.


database on the Solaris single-server system.
Prerequisites
Procedure
NOTE
Step 2 Run the following command to check whether the Sybase database is running:

ASE-15_0/install/RUN_DBSVR
backupserver -SDBSVR_back -e/opt/sybase/ASE-15_0/insta
ASE-15_0/install/RUN_DBSVR_back
dbuser 28591 28193 0 15:22:07 pts/1 0:00 grep sybase
NOTE

Step 3 Run the following commands to stop the Sybase database if it is running:
$ cd /opt/sybase/OCS*/bin
$ ./isql -SDBSVR -Usa
NOTE
Enter the database administrator user password as prompted. The initial password of the database
administrator user is Changeme_123.
In order to enhance the security of the database after the U2000 is installed, the sa user may be manually
disabled and replaced with a customized administrator name, such as dbadmin.

1> shutdown SYB_BACKUP

2> go
1> shutdown
2> go
NOTE
l Information similar to the following is displayed. The error message does not affect the shutdown of
the database.
Server SHUTDOWN by request.
ASE is terminating this process.
CT-LIBRARY error:
ct_results(): network packet layer: internal net library error:
Net-Library operation terminated due to disconnect
----End
Result
NOTE
The database is stopped if the displayed information does not contain /opt/sybase/ASE-15_0/bin/
dataserver -sDBSVR and /opt/sybase/ASE-15_0/bin/backupserver -SDBSVR_back.
3.3.3 Power Off the Server Safely

This topic describes how to power off the Solaris single-server system safely.
Procedure
Step 1 Log in to the Solaris OS as user root.
NOTE
Step 2 Run the following commands to power off the server:

# sync;sync;sync;sync
# shutdown -y -g0 -i5
NOTE
If you do not want to power off the server, you can run the following commands to restart the OS:
----End

System, SUSE Linux)


After the U2000 processes are stopped, the U2000 cannot manage the network. When the
U2000 is managing the system, do not perform this operation.
Prerequisites
All running U2000 clients have been stopped.
Procedure
Step 2 To check the running status of the U2000 process, run the following command:
$ daem_ps
A message similar to the following will be displayed:

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE
Step 3 Run the following commands to stop U2000 if it is running:

$ ./stopnms.sh
----End
Result
Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE

Before shutting down the database, ensure that the U2000 processes have been stopped.
Prerequisites
Procedure

NOTE
Step 2 Run the following command to check whether the Sybase database is running.

install/RUN_DBSVR
...
NOTE

Step 3 Run the following commands to stop the Sybase database if it is running:
NOTE
Enter the database administrator user password as prompted. The initial password of the database
administrator user is Changeme_123.
2> go
1> shutdown
2> go
NOTE
l Information similar to the following is displayed. The error message does not affect the shutdown of
the database.
CT-LIBRARY error:
ct_results(): network packet layer: internal net library error:
Net-Library operation terminated due to disconnect
----End
Result
NOTE
The database is stopped if the displayed information does not contain /opt/sybase/ASE-15_0/bin/
dataserver -sDBSVR and /opt/sybase/ASE-15_0/bin/backupserver -SDBSVR_back.

3.4.3 Powering Off the Server Safely

After the OS is shut down, the U2000 server automatically shuts down.
Prerequisites
The database must have been shut down.
Procedure
Step 1 Log in to the OS as the ossuser user. Run the following command to switch to the root user.
$ su - root
Step 2 Run the following commands to shut down the OS.

# shutdown -h now
NOTE
# shutdown -r now
----End
3.5 Shutting Down the U2000 Server in a High

Availability System (Solaris)
Four steps are required to shut down the U2000 server in a high availability system (Solaris):
stop the U2000 server processes, shut down the database, stop the VCS service, and power off
the server safely.

describes how to stop the U2000 server processes on the Solaris HA system.
Prerequisites
Procedure
Step 1 Log in to the OS of the active site as the root user.
Step 2 Stop the U2000 server processes.
# hares -offline NMSServer -sys hostname

2. Run the following command to check the running status of the U2000 process:
$ daem_ps


ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
start
start
3. Run the following commands to stop the U2000 processes:

$ su - root
Password: root user password
# exit
$ daem_ps
NOTE
– The process is stopped if the displayed information is empty.

– For the high availability system (Solaris), you can still view information about the imapwatchdog
and ResourceMonitor processes after the U2000 is stopped. This is because the two processes are
used to monitor high availability system alarms and will be automatically enabled after the U2000
is stopped.
----End

database on the HA system.
Prerequisites
Procedure
Step 1 Perform the following operations to disable the Sybase database service at the primary site in
the HA system:
NOTE
By default, the Sybase database service at the secondary site is not running.
1. Log in to the primary site as user ossuser through Putty. Run the following command to
switch to the root user.
$ su - root
2. Run the following command to shut down the U2000:

3. Run the following command to disable the Sybase database service:
# hares -offline BackupServer -sys hostname
# hares -offline DatabaseServer -sys hostname

NOTE
4. Run the following command to check whether the Sybase database service is disabled:
# ps -ef | grep sybase
If the following message is displayed, the Sybase database service has been disabled:
root 9629 14603 0 07:46:52 pts/3 0:00 grep sybase
----End
3.5.3 Stopping the VCS Service

This topic describes how to stop the VCS service, including prerequites, context and
procedure.
Prerequisites
The U2000 and database must have been shut down.
Context
Before powering off the server safely, manually stop the VCS service; otherwise, the server
may fail to shut down properly.
Procedure
Step 1 Log in to the OS on the server as the ossuser user. Run the following command to switch to
the root user.
$ su - root
Step 2 Run the following command to stop the VCS service:

# hastop -all -force
----End

This topic describes how to power off the Solaris HA system safely.
Prerequisites
The VCS services must have been shut down.
Procedure
NOTE
Step 2 Run the following commands to power off the server:

NOTE
----End
3.6 Shutting Down the U2000 Server in a High

Availability System (PC Linux)
Four steps are required to shut down the U2000 server: stop the U2000 server processes, shut
down the database, stop the VCS service, and power off the server safely.

describes how to stop the U2000 server processes on the HA system.
Prerequisites
Procedure
Step 1 Log in to the OS of the active site as the ossuser user. Run the following command to switch
to the root user.
$ su - root
Step 2 Run the following command to stop the U2000 server processes.
NOTE

$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
start
start

3. Run the following commands to stop the U2000 processes:

$ su - root
# exit
$ daem_ps
NOTE
– The process is stopped if the displayed information is empty.

– For the high availability system, you can still view information about the imapwatchdog and
ResourceMonitor processes after the U2000 is stopped. This is because the two processes are used
to monitor high availability system alarms and will be automatically enabled after the U2000 is
stopped.
----End

database on the HA system.
Prerequisites
Procedure
the HA system:
NOTE
$ su - root

NOTE

----End
3.6.3 Stopping the VCS Service

This topic describes how to stop the VCS service, including prerequites, context and
procedure.
Prerequisites
The U2000 and database must have been shut down.
Context
Before powering off the server safely, manually stop the VCS service; otherwise, the server
may fail to shut down properly.
Procedure
Step 1 Log in to the OS on the server as the ossuser user. Run the following command to switch to
the root user.
$ su - root
Step 2 Run the following command to stop the VCS service:
----End

Before shutting down the U2000 server, stop the U2000 server processes and the database.
This topic describes how to power off the U2000 HA System (SUSE Linux, PC Server).
Prerequisites
The VCS services must have been shut down.
Procedure
Step 1 Log in to the OS as the ossuser user. Run the following command to switch to the root user.
$ su - root
Step 2 Run the following commands to shut down the OS.

# shutdown -h now
NOTE
# shutdown -r now
----End

Administrator Guide 4 Applying for and Updating the U2000 License
4 Applying for and Updating the U2000

License
About This Chapter
This topic describes the license file of the U2000, and how to apply for, install, and use the
U2000 license.
4.1 U2000 License Precautions
This topic describes the U2000 license file. The license file is used to control the functions
and management capabilities of the U2000. If the U2000 license file is unavailable, you
cannot log in to the U2000 client.
4.2 Applying for a U2000 License
This topic describes how to apply for a U2000 license.
4.3 Updating the U2000 License
This topic describes how to update the U2000 license.
4.4 Checking the Status of the U2000 License
This topic describes how to check the status of the U2000 license. By checking the license
status, you can learn the usage of the license, so as to apply for a new license file from
Huawei in time before the NMS needs to be expanded or the validity of the license is due.
4.5 Revoking a License on the U2000
The U2000 supports the function of revoking a License. You can revoke the License that is
not in use to obtain the revocation code and then use the code to apply for a new License.
4.6 Querying the License Revocation Code on the U2000
This topic describes how to view the License revocation code on the U2000 client. When
applying for a new License, you need to provide the revocation code of the old License.
4.7 Exporting License Files
U2000 can export license files and save them as backup in a specified path. This way, the
backup can be used to restore licenses when an exception occurs during update of license
files.
4.8 Setting Periodic Export of the U2000 License
When the upper-layer OSS needs to collect statistics on Licenses used by U2000 recently (for
example, usage of License items and License update time), you can perform U2000 License

export tasks periodically or instantly to dump the Licenses information used by the U2000,
and save them as an XML file to the specified folder.
4.9 Setting Alarms for U2000 License Resource Item Capacity
When the consumption of each OSS License resource item reaches or exceeds the preset
threshold, the U2000 sends an alarm or periodically displays an Information dialog box,
reminding users to apply for or purchase a new License in a timely manner.
4.10 Collecting Port Statistics of Service Licenses
This topic describes how to use the U2000 to collect port statistics of service licenses
automatically. The number of service license items that are consumed and charged is
measured by the number of ports that network services occupy. The automatic statistics
collection enables you to quickly obtain the service license usage.
4.1 U2000 License Precautions

This topic describes the U2000 license file. The license file is used to control the functions
and management capabilities of the U2000. If the U2000 license file is unavailable, you
cannot log in to the U2000 client.
l The U2000 license file naming format is: xxxxxxx.dat.
l On Solaris/SUSE Linux OS, the encoding format of the U2000 license file must be
UNIX, not DOS. For details about how to confirm the encoding format of the U2000
license file, see A.11.38 How to Confirm the Encoding Format of the U2000 License
File.
l One license file corresponds to the equipment serial number (ESN) in an NMS computer
and can be used only on the corresponding computer.
l Do not disable the NIC whose corresponding ESN is bound to the U2000 license file.
l The formal U2000 licenses are not OS-specific. That is, U2000 licenses do not need to
be applied for according to OS (SUSE Linux, Solaris, or Windows) differences.
l Do not make any change to the license file. Otherwise, the license becomes invalid.
l The U2000 provides a grace period of 60 days for commercial permanent licenses. No
grace period is specified for other types of licenses.
– Within the grace period, overloaded license items are allowed, and the associated
resources can be added and used. The MTOSI XML NBI can be used to
synchronize NE inventory and alarm information on the entire network.
– When the grace period ends, the associated message or alarm information will be
displayed. In this case, new access services, including adding NEs or service
objects, are not allowed. You must apply for a license as soon as possible.
Otherwise, some functions may be unavailable. The MTOSI XML NBI can be used
to synchronize network-wide NE inventories and the alarm information indicating
that the number of equivalent NEs exceeds the license restriction.
4.2 Applying for a U2000 License

This topic describes how to apply for a U2000 license.

Context
l The license file is not delivered to customers along with the U2000 installation DVD.
Contact Huawei engineers to apply for the licenses according to the contract number and
the equipment serial numbers (ESNs) of the oss server.
l To prevent the failure in finding the license file for possible U2000 reinstallation, save
the license application email and the license file properly.
l Before using the U2000, apply for the formal U2000 license in advance because the
U2000 license application goes through a long process.
l An ESN is a string consisting of 40-digit numerals or letters obtained by encrypted
calculation on the MAC addresses of the U2000 server network interface. The number of
ESNs is the same as the number of network interfaces on the U2000 server. To avoid
applying for a new license due to replacing certain network interface cards (NICs), save
all the ESNs to ensure proper use of the U2000 license.
– Generally, the ESN for a server does not change. It can be used for the U2000
license that is normally applied for.
– If the ESN for a U2000 license is changed due to NIC or server replacement or ESN
application error, apply for a U2000 license again and contact Huawei technical
support engineers.
l The requirements for the ESNs of the server to which a license needs to be bound vary
according to the installation scheme. You must obtain ESNs of the server based on the
installation scheme.
– In a centralized single-server system scheme, the license needs to be bound to the
ESNs of the server.
– In a centralized high availability system (Veritas hot standby) scheme, the license
needs to be bound to the ESNs of the servers on both the primary site and the
secondary site.
– In the cold standby solution, ESNs of the U2000 servers at both primary and
secondary sites are used to apply for the same U2000 license, which is loaded at
both sites.
Procedure
Step 1 Obtain the contract number.
Step 2 Use the ESN tool provided by the U2000 to view ESNs of the server.
NOTE
If the U2000 has been installed, using the ESN tool of the U2000 to view the ESN is recommended.
Mode 1: View the ESN using the ESN tool of the NMS after installing the U2000.
On Solaris OS or SUSE Linux, perform the following steps to obtain ESNs:
1. Log in to the OS of the U2000 server as the root user.

NOTE
When a high availability system scheme is used, you must log in to the OSs of the primary and
secondary sites as the root user.
2. Run the following commands to view ESNs:
# cd /opt/oss/server/platform/bin
# ./esn


ESN0:****************************************
ESN1:****************************************
ESN2:****************************************
ESN3:****************************************
...
NOTE
If a high availability system scheme is used, you must respectively save the ESNs for the primary and
secondary sites. During the application for a formal license, you must provide the ESNs of the network
interfaces of the primary and secondary sites for external communication.
On Windows, perform the following steps to obtain ESNs:

1. Choose Start > Run.
2. In the Run dialog box, enter cmd. A command line interface (CLI) is displayed.
3. Run the following commands:
>esn

ESN0:****************************************
ESN1:****************************************
ESN2:****************************************
ESN3:****************************************
...
Mode 2: Use the ESN tool to generate ESNs before installing the U2000.
NOTE
Make the following preparations:

l Contact Huawei engineers to obtain the ESN tool package. Huawei engineers can go to http://
support.huawei.com/carrier to download the ESN tool delivered with the version. The ESN tool is
named as follows:
– Solaris OS: U2000version_ESN_solaris_SPARC.tar
– SUSE Linux OS: U2000version_ESN_sles_x64.tar
– Windows OS: U2000version_ESN_win32_x86.zip
l Copy the ESN tool package to the computer.
Solaris or SUSE Linux is used as an example to describe how to use the downloaded ESN
tool to generate ESNs.
1. Use SFTP to upload the ESN tool to the U2000 server as the root user. For example,
upload the ESN tool to the /opt path. For details, see A.2.30 How to Use the FileZilla to
Transfer Files by SFTP.
2. Run the following commands to decompress the ESN tool package:
# cd /opt
# tar xvf ESN tool package
3. Run the following command to view the ESN:

# ./esn

ESN0:****************************************
ESN1:****************************************
ESN2:****************************************
ESN3:****************************************
...
Mode 3: Query information about the software and hardware installation and ESNs of a
Huawei rack server at http://texpert.huawei.com/TExpert/Pages/PageContainer.htm. For

details, see A.11.54 How to Query Information About the Software and Hardware
Installation and ESNs of a Huawei Rack Server.
Step 3 After the esn command is executed, the Esn.txt file is automatically generated in the current
path. Send the contract number and the server ESNs to Huawei engineers or the local Huawei
office.
NOTE
Huawei engineers access http://w3.huawei.com/sdp/ to obtain the license based on the contract number
and ESNs.
Step 4 Huawei engineers send the license file to you after obtaining it.
NOTE
The license file provided with the U2000 exists as a .dat file.
----End
4.3 Updating the U2000 License

This topic describes how to update the U2000 license.
Prerequisites
l The OS and database must run properly. For details on how to start the OS and database,
see 2 Starting the U2000 System.
l The processes of the U2000 must be properly started. For details on how to start the
U2000 processes, see 2 Starting the U2000 System.
l You must log in to the U2000 client as the admin user.
l The license file of the U2000 must be obtained. The license file name can contain digits,
letters, and special characters excluding the space or \ /:*?"<>|.
– Through the GUI of the client: Save the new U2000 license to the server where
the U2000 client is located.
– Through the CLI: The new license file must be transferred to the U2000 server
through SFTP.
n In the Solaris OS, if no security hardening is performed on the OS, upload the
license file to the /export/home/ossuser path on the server as the ossuser user.
If security hardening is performed on the OS, FTP/SFTP rights of ossuser will
be disabled. In this case, you need to upload files to the backup directory in the
FTP root directory as the ftpuser user (the FTP root directory of ftpuser
is /opt/backup/ftpboot).
n In the SUSE Linux OS, if no security hardening is performed on the OS,
upload the license file to the /export/home/ossuser path on the server as the
ossuser user. If security hardening is performed on the OS, FTP/SFTP rights
of ossuser will be disabled. In this case, you need to upload files to the backup
directory in the FTP root directory as the ftpuser user (the FTP root directory
of ftpuser is /opt/backup/ftpboot).
n In the high availability system, if no security hardening is performed on the
OS, upload the new U2000 license file to the /export/home/ossuser path on
the server on the primary site through SFTP. If security hardening is performed
on the OS, FTP/SFTP rights of ossuser will be disabled. In this case, you need
to upload files to the backup directory in the FTP root directory as the ftpuser

user (the FTP root directory of ftpuser is /opt/backup/ftpboot). The U2000

license only need to be loaded on the primary site. It will be synchronized to
the secondary site automatically after the U2000 license has been loaded on
the primary site.
l After the U2000 is installed, you must load the U2000 license to ensure that the U2000 is
available.
For details, see the updated contents about the U2000 license in this topic.
l Confirm that the license file is transferred in text mode, that is, in ASCII mode.
Context
l If the U2000 license file is unavailable, you cannot log in to the U2000 client. Update the
U2000 license file in time.
l During the update of the U2000 license file, you can replace the formal U2000 license
file with the temporary one; It is recommended to use the formal U2000 license as soon
as possible.
l The licenses of different R versions of the U2000 are incompatible. For example, the
license of V100R001 cannot be used by V100R002.
l Determine whether to update the U2000 license file based on the U2000 license use
conditions.
– In the case that the device types supported by the new license are different from
those supported by the original license, the license is updated as follows:
n If the device types supported by the new license are more than the device types
supported by the original license and the added device types are supported by
the current version, the license can be updated. If the added device types are
not supported by the current version, the license cannot be updated.
n If the device types supported by the new license are less than the device types
supported by the original license and no NEs of the reduced device types are
created in the NMS, the license can be updated. If certain NEs of the reduced
device types are created in the NMS, the license cannot be updated.
– For IP domain, if the function items supported by the new license are less those
supported by the original license, the license cannot be updated.
– In the case that the number of clients supported by the new license is different from
that supported by the original license, the license is updated as follows:
n If the number of clients supported by the new license is less than that
supported by the original license but the number of online clients is less than
the number of clients supported by the new license, the license can be updated.
If the number of online clients is greater that the number of clients supported
in the new license, the license cannot be updated.
n If the number of clients supported by the new license is greater than that
supported by the original license, the license can be updated.
l In scenarios where you can change the license, you can update the U2000 license and
then restart the server.
– You can update the U2000 license through the GUI or CLI.
Restart the client after you replace a license. Then, the client automatically reloads
the menu items according to the control items defined in the new license.
n Through the GUI of the Client:

○ Application scenario: This method is recommended if you can log in to

the U2000 client and access the GUI.
○ Operation method: Log in to the U2000 client, and then click Update
License to update the license.
Restart the client after you update the license. Then, the client
automatically reloads GUI elements according to control items defined in
the new license.
n Through the CLI:
○ Application scenario: This method is applicable to the scenario where you
need to remotely update the license through commands because logging
in to the U2000 client is not allowed and the client does not provide any
GUI.
○ Operation method: Check that the processes of the U2000 are properly
started, and then run the updateLicense -file filename command to
update the license file.
– It is recommended that you update the U2000 license through the GUI of the client.
If the license updated through the GUI of the client requires deploying the NE
Explorer or other processes, a message will be displayed when you start the U2000
processes after updating the license. Viewing the process startup status on the
System Monitor client and performing operations after all the processes have been
started are recommended.
– To ensure the normal running of the U2000, do not manually replace the license
file.
NOTE
To make both the U2000 commercial and temporary licenses take effect, use the GUI mode.
Procedure
l Through the GUI of the Client
For the single-server system:
a. On the U2000 workstation, back up the original license file.
n In the Windows OS: Create the backup folder in the directory D:\oss\server
\etc\conf Copy the original license file to the created folder.
n In the Solaris or SUSE Linux OS:
run the following commands as the ossuser to back up the any other license
file to the /opt/oss/server/etc/conf/license path.
$ mkdir -p /opt/oss/server/etc/conf/license_backup
$ cd /opt/oss/server/etc/conf/license
$ cp license_file_name /opt/oss/server/etc/conf/license_backup
NOTE
After SetSolaris is enabled, only the SSH service for the ossuser user has the login right.
The SSH login mode is recommended for your system security. To use another login mode
such as Telnet, you must enable the access right for the Telnet service and the login user.
For details, see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services and A.
3.3.4 How to Enable and Disable the FTP/Telnet Authority of user root on Solaris OS.
b. Update the U2000 License file through the GUI of the U2000 Client.
i. Choose Help > License Management > License Information from the main
menu (traditional style); alternatively, double-click System Management in

Application Center and choose License Management > Licenes

Information from the main menu (application style).
ii. In the License Information dialog box, click Update License.
iii. Select the new license file and click Open.
iv. Click Next.
v. Select a scenario and perform the associated operations as required:
○ If Incremental is unavailable, click Next.
○ If Incremental is available and only the new U2000 license needs to be
effective, select Full and click Next.
○ If Incremental is available and both the new and in-use U2000 licenses
need to be effective, select Incremental and click Next. If the in-use
U2000 license has a commercial license and a temporary license, the new
license will replace the license of the same type. For example, if the new
license is a commercial license, the commercial license in the in-use
U2000 license will be replaced.
vi. Click Finish.
vii. Click Yes and confirm the updated license.
viii. Click Yes to close all windows.
ix. Click Yes to log out of the system.
c. Restart the client after you replace a license. Then, the client automatically reloads
For the HA system:
NOTICE
The U2000 license only need to be loaded on the primary site. It will be synchronized to
the secondary site automatically after the U2000 license has been loaded on the primary
site.
a. Log in to the U2000 server on the primary site.

b. See a to back up the original U2000 license file on the primary site.
Create the backup folder in the conf directory. Then, copy the original license file
to this folder.
NOTE
l The default path of U2000 license file in the Solaris or SUSE Linux OS is /opt/oss/
server/etc/conf/license.
l If the primary and secondary sites are associated normally, the /opt/oss/server/etc/conf/
license directory will not be displayed on the U2000 at the secondary site.
l The default path of U2000 license file in the Windows OS is D:\oss\server\etc\conf
\license.
c. Update the license file on the primary site.
i. Log in to the Windows OS as the ossuser user where the U2000 client is
installed.
ii. Save the license to be loaded to the server where the U2000 client is installed.

iii. On the desktop, double-click U2000 Client. The Login dialog box is
displayed.
iv. In the Server drop-down list, select the server (server on the primary site) to
be logged in to. Then, set User Name and Password to the valid values, and
click Login. The initial password of the admin user is Changeme_123. The
password must be changed during the first login to ensure system security.
Keep the password confidential and change it regularly.
○ If a message indicating that no license is available is displayed when you
log in to the U2000 client.
1) In the Confirm dialog box, click Yes. The Open dialog box will be
displayed.
2) In the Open dialog box that is displayed, select the new license file
and click Open. The License Comparison Results dialog box will
be displayed.
3) Click OK.
4) Click Yes and confirm the loaded license.
5) Click OK.
○ If U2000 license is loaded before.
1) Choose Help > License Management > License Information from
the main menu (traditional style); alternatively, double-click System
Management in Application Center and choose License
Management > Licenes Information from the main menu
(application style).
2) In the License Information dialog box, click Update License.
3) Select the new license file and click Open.
4) Click Next.
5) Select a scenario and perform the associated operations as required:
○ If Incremental is unavailable, click Next.
○ If Incremental is available and only the new U2000 license
needs to be effective, select Full and click Next.
○ If Incremental is available and both the new and in-use U2000
licenses need to be effective, select Incremental and click
Next. If the in-use U2000 license has a commercial license and
a temporary license, the new license will replace the license of
the same type. For example, if the new license is a commercial
license, the commercial license in the in-use U2000 license will
be replaced.
6) Click Finish.
7) Click Yes and confirm the updated license.
8) Click Yes to close all windows.
9) Click Yes to log out of the system.
d. Restart the client after you replace a license. Then, the client automatically reloads
l Through the CLI
For the single-server system:

a. On the U2000 workstation, back up the original license file.

n In the Windows OS: Create the backup folder in the directory D:\oss\server
\etc\conf Copy the original license file to the created folder.
n In the Solaris or SUSE Linux OS:
run the following commands as the ossuser to back up the any other license
file to the /opt/oss/server/etc/conf/license path.
$ mkdir -p /opt/oss/server/etc/conf/license_backup
$ cd /opt/oss/server/etc/conf/license
$ cp license_file_name /opt/oss/server/etc/conf/license_backup
NOTE
After SetSolaris is enabled, only the SSH service for the ossuser user has the login right.
The SSH login mode is recommended for your system security. To use another login mode
such as Telnet, you must enable the access right for the Telnet service and the login user.
For details, see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services and A.
3.3.4 How to Enable and Disable the FTP/Telnet Authority of user root on Solaris OS.
b. Update the U2000 license.
n In the Windows OS:
1) Log in to the OS of the server.
2) Run the following command to update the U2000 license file:
> updateLicense -file License_file_name
NOTE
In the command, License_file_name indicates the combination of an absolute

path and a file name. For example, if the license fine is named license123.dat
and stored in d:\, the command to rename the U2000 license file is >
updateLicense -file d:\license123.dat.
If illegible characters are displayed, set the environment variable:
FILEIO_LOCAL_CHARSET=1.
state product feature item
name old value new value
no change: U2000 COMMON LSW1CAPA01
Client 500 500
Client 1 1
no change: U2000 COMMON LSW1FMCLT01
Alarm Export 1 1
no change: U2000 COMMON LSW1RENOTI01
Client 1 1
Are you sure to update the license?(Y/N)
3) Enter Y, and then press Enter.

n In the Solaris OS:
1) log in to the OS of the U2000 server as the ossuser user.
$ cd /export/home/ossuser
$ updateLicense -file License_file_name
NOTE
In the command, License_file_name indicates a file name or the combination of

an absolute path and a file name.

state product feature item

name old value new value
Client 500 500
Client 1 1
no change: U2000 COMMON LSW1FMCLT01
Alarm Export 1 1
no change: U2000 COMMON LSW1RENOTI01
Client 1 1
Are you sure to update the license?(Y/N)

n In the SUSE Linux OS:
1) log in to the OS of the U2000 server as the ossuser user.
$ cd /export/home/ossuser
$ updateLicense -file License_file_name.dat

state product feature item name old
value new
value used value
new: iManager U2000 VALUET LNSDAASC01 Alarm
Application Software license-Transmission
Network 1
new: iManager U2000 VALUET LNSDAEASC01 SDH-ASON
Management Function Component-Transport
Network 1
new: iManager U2000 VALUET LNSDAEASC02 license
Per Equivalent VC4 for SDH ASON Service 10
new: iManager U2000 VALUET LNSDAEASC03 ASON NG
WDM Application Software license-Transmission
Network 1
...
Are you sure to update the license?(Y/N):

c. Restart the client after you replace a license. Then, the client automatically reloads
For the HA system:
NOTICE
The U2000 license only need to be loaded on the primary site. It will be synchronized to
the secondary site automatically after the U2000 license has been loaded on the primary
site.
a. Log in to the U2000 server on the primary site.

b. See a to back up the original U2000 license file on the primary site.
Create the backup folder in the conf directory. Then, copy the original license file
to this folder.

NOTE
l The default path of U2000 license file in the Solaris or SUSE Linux OS is /opt/oss/
server/etc/conf/license.
l If the primary and secondary sites are associated normally, the /opt/oss/server/etc/conf/
license directory will not be displayed on the U2000 at the secondary site.
l The default path of U2000 license file in the Windows OS is D:\oss\server\etc\conf
\license.
c. Run the updateLicense command to update the license file on the primary site. For
details, see b.
d. Restart the client after you replace a license. Then, the client automatically reloads
----End
Result
After the preceding operations are performed, the license file is automatically loaded to
the /opt/oss/server/etc/conf/license path.
4.4 Checking the Status of the U2000 License

This topic describes how to check the status of the U2000 license. By checking the license
status, you can learn the usage of the license, so as to apply for a new license file from
Huawei in time before the NMS needs to be expanded or the validity of the license is due.
Context
By checking the U2000 license status, you can learn whether the U2000 license control items
are correct. If a license control item is incorrect, the related functional module is unavailable.
For example, if the license control item for the U2000 E2E module is absent, tunnels cannot
be created.
Procedure
Step 1 Log in to the U2000 Client.
Step 2 Choose Help > License Management > License Information from the main menu
(traditional style); alternatively, double-click System Management in Application Center
and choose License Management > Licenes Information from the main menu (application
style).
Step 3 In the License Information dialog box that is displayed to view the condition of the license.
----End
4.5 Revoking a License on the U2000

The U2000 supports the function of revoking a License. You can revoke the License that is
not in use to obtain the revocation code and then use the code to apply for a new License.

Prerequisites
You have logged in as a user who belongs to the Administrators or SMManagers user
group.
Context
The Revoke License dialog box displays only available License files and does not display
revoked and invalid Licenses.
Procedure
Step 1 Choose Help > License Management > Revoke License from the main menu (traditional
style); alternatively, double-click System Management in Application Center and choose
License Management > Revoke License from the main menu (application style).
Step 2 In the Revoke License dialog box, select the License that will not be used any more, and then
click Revoke License.
NOTE
l Product: Name of the product.

l License SN: SN of a License file.
l License File: Name of a License file.
Step 3 In the Confirm dialog box, click Yes.

The License file is revoked.
----End
Result
If you revoke a License file but do not apply a new License, the U2000 displays a dialog box
every hour, prompting you to update the License. The U2000 also displays License SN,

Revocation Time, and Valid Date (indicating the date before which the revoked License can
still be used) of the License, and License File.
4.6 Querying the License Revocation Code on the U2000

This topic describes how to view the License revocation code on the U2000 client. When
applying for a new License, you need to provide the revocation code of the old License.
Procedure
Step 1 Choose Help > License Management > Query License Revocation Code from the main
menu (traditional style); alternatively, double-click System Management in Application
Center and choose License Management > Query License Revocation Code from the main
menu (application style).
Step 2 In the Query License Revocation Code dialog box, view the License SN, License revocation
code and revocation setting time.
NOTE
l License SN: SN of a License file.

l License Revocation Code: a string generated after a License file is revoked. According to this unique
string, you can check that its corresponding License file is revoked. When changing the equipment
serial number (ESN) or License capacity, you need to provide the License revocation code.
l Revocation Time (MM/dd/yyyy): time when you set a License file to be revoked. "MM/dd/yyyy"
indicates the format of the date, which can be set in Region Settings. For details, see Setting the
Date Format of the Client.
Step 3 Right-click the information about the revocation code and choose Copy from the shortcut
menu to copy the information.
The copied information about the revocation code can be used to apply for a license.
NOTE
You can also select the information about the queried revocation code, and then press Ctrl+C to copy
the information.
----End

4.7 Exporting License Files

U2000 can export license files and save them as backup in a specified path. This way, the
backup can be used to restore licenses when an exception occurs during update of license
files.
Prerequisites
You have logged in as a user who belongs to the Administrators or SMManagers user
group.
Procedure
Step 1 Help > License Management > Export License File from the main menu (traditional style);
alternatively, double-click System Management in Application Center and choose License
Management > Export License File from the main menu (application style).
Step 2 In the Export License File dialog box, select license files to be exported. Click Export.
Step 3 In the Save dialog box, set the path to save the exported license files. Click Save.
----End
Result
A dialog box is displayed, prompting the exporting result and the path to save the exported
license files.
4.8 Setting Periodic Export of the U2000 License

When the upper-layer OSS needs to collect statistics on Licenses used by U2000 recently (for
example, usage of License items and License update time), you can perform U2000 License
export tasks periodically or instantly to dump the Licenses information used by the U2000,
and save them as an XML file to the specified folder.
Context
If the current License file used by the U2000 becomes invalid due to a License initialization
failure, the exporting task can not executed, and users need to contact Huawei technical
support to update the License.
Procedure
Step 1 Choose Administration > Task Schedule > Task Management from the main menu
and choose Task Schedule > Task Management from the main menu (application style).
Step 2 In the Take Type navigation tree, choose File Interface > OSS License Export.
Step 3 In the task list on the right, double-click the OSS License Export task.
Step 4 In the Attributes dialog box, set the parameters on the Common Parameters and Extended
Parameters tabs, and then click OK.

Step 5 Perform the OSS License Export task.

l If Status of the task is Suspend, right-click the task and choose Resume from the
shortcut menu. Then right-click the task again and choose Run Now from the shortcut
menu.
l If Status of the task is Idle, right-click the task and choose Run Now from the shortcut
menu.
----End
4.9 Setting Alarms for U2000 License Resource Item

Capacity
When the consumption of each OSS License resource item reaches or exceeds the preset
threshold, the U2000 sends an alarm or periodically displays an Information dialog box,
reminding users to apply for or purchase a new License in a timely manner.
Procedure
Step 1 Choose Help > License Management > Alarm Configuration for License Resource Item
Capacity from the main menu (traditional style); alternatively, double-click System
Management in Application Center and choose License Management > Alarm
Configuration for License Resource Item Capacity from the main menu (application style).

Step 2 In the Alarm Configuration for License Resource Item Capacity dialog box, set the
threshold for each resource item, and set whether to send an alarm, whether to enable timed
prompting, and the prompting interval if the consumption of the resource item reaches or
exceeds the preset threshold.
Step 3 Optional: Select one or more configured resource items and click Modify in Batches. In the
displayed Modify Alarm Configurations in Batches dialog box, set the parameters.
Step 4 Optional: Set Display to Not configured. Select one or more resource items that are not
configured and click Add in Batches. In the displayed Add Alarm Configurations in
Batches dialog box, set the parameters.
Step 5 Click OK.
----End
Result
l When the consumption of the Capacity Management resource item reaches or exceeds
the preset threshold, the U2000 generates The NE Capacity Reached the Threshold
Alarm and periodically displays an Information dialog box. When the consumption of
the Management Capacity resource item is lower than the preset threshold, The NE
Capacity Reached the Threshold Alarm is automatically cleared and the Information
dialog box is not displayed any more.
l When the consumption of other resource items reaches or exceeds the preset thresholds,
the U2000 generates The OSS License Consumption Reached the Threshold alarm
and periodically displays an Information dialog box. When the consumption of other
resource items is lower than the preset thresholds, The OSS License Consumption
Reached the Threshold alarm is automatically cleared and the Information dialog box
is not displayed any longer.
4.10 Collecting Port Statistics of Service Licenses

This topic describes how to use the U2000 to collect port statistics of service licenses
automatically. The number of service license items that are consumed and charged is
measured by the number of ports that network services occupy. The automatic statistics
collection enables you to quickly obtain the service license usage.
Prerequisites
This operation applies only to the service licenses that are consumed and charged based on
ports.

Context
l License items are subtracted when you add a board rather than when you create a
service. The number of service license items is subtracted by the number of ports on the
new board.
l The U2000 checks the number of service license items at scheduled time every day and
enters the grace period when the number of remaining license items reaches the
threshold. During the grace period, there is no restriction on your operations. When the
grace period expires, you cannot create services. However, existing services are still
functioning properly. Because the deleted services cannot be recreated, excise caution
when deleting the services.
l The grace period ends for the U2000 when you update the service license with a new
valid one. If resources are still insufficient, the start and end time of the grace period is
not recalculated.
l Service licenses do not restrict NE functions. That is, NE licenses are not affected by
service licenses.
Procedure
Step 1 Choose Help > License Management > Statistics of Service Ports from the main menu
and choose License Management > Statistics of Service Ports from the main menu
Step 2 In the Statistics of Service Ports dialog box, view the number of ports consumed in each
service license.
NOTE
Choose Help > License Management > License Information from the main menu (traditional style);
alternatively, double-click System Management in Application Center and choose License
Management > Licenes Information from the main menu (application style). In the License
Information dialog box, click the Resource Control Item tab and view Capacity, Consumption, and
Overflow Time of different resource control items in the current licenses.
Step 3 Optional: Click Advanced. In the Advanced Settings dialog box, view the number of free
inventory resources.
Step 4 Optional: Click Export and save the port statistics to a TXT, CSV, HTML, XLSX or XLS
file.
----End

Administrator Guide 5 Security Management
5 Security Management
About This Chapter
Security management is a crucial function to prevent an unauthorized user from logging in to

the network and ensure network data security. Security management includes the NMS user
rights management, user security policy management, NE security management, and other
security policy management.
5.1 User Security
U2000 user security management mainly involves user rights management, password and
account policies, access control management, and user monitoring.
5.2 Managing User Rights
Security administrators assign proper rights to U2000 and NE maintenance personnel and
adjust rights based on service changes, which ensure that maintenance personnel have
sufficient rights to regularly maintain the U2000 and NEs and prevent unauthorized
operations.
5.3 User Security Policy Management
User security policies can efficiently strengthen U2000 system security and prevent
unauthorized user operations. The policies include setting access control rules, managing
passwords and locking clients, and monitoring login users.
5.4 Managing NE Security
With the NE security management function provided on the U2000, logins to NEs and the
running of NEs are monitored effectively. Therefore, the U2000 can protect NEs against
unauthorized logins and operations.
5.5 Configuring NE RADIUS
Remote authentication dial-in user service (RADIUS) is an industrial standard. RADIUS
provides the authentication functions for the remote access to a network or dialup access to a
network.
5.6 Change Audit
If changes occur on a device in the network, information about the changes can be queried
through the U2000.
5.7 Database Security Policy

The U2000 data is saved in the database. Therefore, ensure the database security with priority,
including protecting the security of the database password, backing up the database
periodically, viewing the database status, and dumping the database.
5.1 User Security

U2000 user security management mainly involves user rights management, password and
account policies, access control management, and user monitoring.
Security Management Entities

Concept Description
Object Set A collection of managed objects.

Object sets facilitate user rights management. If a user or
user group is assigned the operation rights of an object set,
the user or users from the user group can perform
authorized operations on all the objects in the object set.
This obviates the need to set operation rights for NEs one
by one.
Object sets can be created by geographical area, network
layer, and device type.
Operation Set A collection of operations.

Operation sets facilitate user rights management. Operations
that have similar impacts on system security are assigned to
an operation set. If a user or user group is assigned the
rights of an operation set, the user or users from the user
group can perform all the operations in the operation set.
The U2000 provides default operation sets. If the default
operation sets do not meet right assignment requirements,
create operation sets as required.
By default, the U2000 operation sets are classified into the
following types by operation object:
l All Object Operations contains operations that can be
performed on all network devices.
l All Application Operations contains operations that
can be performed on all network management
applications except security applications.
Security object U2000 objects on which only users that are authorized by
users from the SMManagers group can perform operations.
Security objects, such as devices, object sets, and subnets,
are managed by the U2000.
NOTE
Not all devices in the Main Topology are managed by the U2000. If
a user from the SMManagers group creates a common user and
does not assign any operation rights to the common user, the
common user can view some objects in the Main Topology after
logging in to the U2000. However, these objects are not security
objects because they are not managed by the U2000.

Concept Description
Domain The scope of security objects (including devices, object sets,

and subnets) that users or user groups can manage. Users
can perform operations only on the security objects in their
own domains.
Operation Rights A collection of rights assigned to users to perform an

operation. Operation rights are associated with domains.
Users can only perform authorized operations on the
security objects in their own domains.
User A U2000 client user. The user name and password of a user
identify the user's U2000 operation and management rights.
After being added to a user group, a user inherits the
operation rights of the user group. A user can be added to
multiple user groups. The operation rights of a user
comprise those of the user and user groups to which the user
belongs.
The U2000 provides the default user admin as the system
administrator. The admin user belongs to the
Administrators and SMManagers groups by default and
has more rights than the SMManagers group. You cannot
change the admin user's rights or add this user to other user
groups.
NOTE
The admin user's initial password is Changeme_123. (The initial
password is Admin_123 for a preinstalled U2000.) You must
change the password upon the first login as the admin user to
ensure system security. Keep the password secure and change it
regularly.
User Group A collection of U2000 users that have the same operation
rights. Adding users to user groups on the U2000 enables
the management of user rights in batches and reduces
management costs.
A user group has the following attributes: details (group
name, description, group type, and maximum number of
sessions), members, domain, operation rights, and current
session.
The U2000 provides the following default user groups:
Administrators, SMManagers, Maintenance Group,
Guests, Operator Group, and NBI User Group.
User Group Administrat Only the Administrators group belongs to this type of
Type or Group group. This administrator group has a domain that contains
all network objects and has all operation rights except
security management rights. The domain and operation
rights cannot be changed, and this type of user group cannot
be created.

Concept Description
Security Only the SMManagers group belongs to this type of group.

Manager The security manager user group has a domain that contains
User Group all network objects and has rights related to security
management. For example, a user that belongs to the
security manager user group can manage users, user groups,
user names and passwords, user logins, operation sets,
device sets, and security logs, and can set user security
policies. This type of user group cannot be created.
To ensure U2000 security, passwords of users from the
SMManagers group must be kept secure and changed
regularly.
NOTE
Security administrators (users from the SMManagers group) are
responsible for creating and authorizing users. The SMManagers
group has the following characteristics:
l Rights of the SMManagers group cannot be modified.
l The SMManagers group has only the rights related to security
management.

Concept Description
Default The U2000 provides three default user groups: Operator

User Group Group, Guests, and Maintenance Group. The domain of a
default user group is All Objects. The operation rights for
the default user groups are described as follows:
l Users from the Guests group have the rights for default
monitor operation sets. They can perform query
operations, such as querying statistics, but cannot create
or configure objects.
l Users from the Operator Group group have the rights
for default operator operation sets. In addition to the
rights of the Guests group, users from the Operator
Group group have the rights to create, modify, and
delete (rights to perform potentially service-affecting
operations are not involved). For example, they can
create NEs, change alarm severities, and configure SDH
trails.
l Users from the Maintenance Group group have the
rights for default maintenance operation sets. In addition
to the rights of the Guests and Operator Group groups,
users from the Maintenance Group group have the
rights to perform configurations that affect the running
of the U2000 and NEs. For example, they can search for
SDH protection subnets and trails, delete composite
services, and reset boards.
The default user groups are listed in descending order of
rights as follows: Maintenance Group, Operator Group,
and Guests. Operation sets of a default user group that has
high-level rights include the operations in operation sets of
a user group that has low-level rights. For example,
maintenance operation sets contain all operations in
operator operation sets.
Common User groups of this type are created by security

User Group administrators (belonging to the SMManagers group) or
subdomain security administrators (belonging to subdomain
security administrator groups). Domains and operation
rights of common user groups are also specified by security
administrators or subdomain security administrators.
NBI User The OSS interconnects with the U2000 through NBIs. The
Group NBI user group is created on the U2000 to manage access
of the OSS.
NOTE
NBI User Group is available only when the NBI instance is
deployed.

NOTICE
To prevent network security issues due to misoperations, U2000 users must be assigned with
the minimum rights that are sufficient to perform certain operations.
l The admin account must be used by an authorized person for management only. Do not
perform any service configuration as the admin user.
l The scope of NEs that can be operated and operation rights must be assigned to new
U2000 users based on their skills and levels.
Rights- and Domain-based Management

Rights- and domain-based management relies on assignment of operation rights and domains.
Rights-based management enables you to divide U2000 rights into function domains.
Domain-based management enables you to create network domains based on NEs. User rights
can be effectively controlled by granting the rights of any function domain and network
domain portfolio to U2000 users.
You can use the following methods to assign rights to a user or a user group:
l Add a user to a default user group so that the user has all the rights of this group. This
method applies to O&M scenarios in which users require only the basic rights of a
U2000 default user group.
l Create a user group and add a user to this user group. This method applies to scenarios in
which default user groups do not meet O&M requirements. For example, if a default user
group has excessive or insufficient rights, you can create a user group that has
appropriate rights and add a user to this user group.
NOTE
It is recommended that you authorize a user by adding the user to a user group that has appropriate
rights. Authorizing a user directly or by adjusting the rights of the default user groups is not
recommended.
Account Policy and Password Policy

Concept Description
Account Policy Specifies the minimum length of a user name, login policy,
and unlocking policy. You can set the account policy to
ensure account security.
Password Policy Specifies the password complexity, update interval, and

character restrictions. The password policy prevents users
from setting simple passwords or using one password for a
long time.

Client Access Control

Concept Description
Remote Maintenance User The U2000 supports remote maintenance. It allows a remote
Management maintenance terminal to log in to the U2000 server to
perform operations on NEs that the U2000 manages.
Remote maintenance is commonly used for remote NE fault
locating and periodical checks.
The remote maintenance user is a U2000 user that logs in to
the U2000 server from the remote maintenance terminal. By
default, the remote maintenance user is disabled. Before
starting remote maintenance, enable the remote maintenance
user and set parameters for the user as required.
SSL Protocol The Secure Sockets Layer (SSL) protocol ensures data
security and integrity for network communication. The SSL
protocol configured for the server that communicates with
clients can efficiently protect customers' network
information.
Single-User Mode The admin user uses the single-user mode to perform
special operations such as rights assignment. In single-user
mode, only one user is allowed to log in to the U2000 as the
admin user, which prevents other users' interference during
operations. When the login mode is switched to the single-
user mode, all the users except the admin user are forcibly
logged out and cannot log in again.
Client Lockout To ensure network security, the U2000 locks out a U2000
client if a user does not perform any operations on the client
for a specified period. Client lockout does not affect the
running of the U2000.
ACL
Access control lists (ACLs) are a secure access control mechanism. It restricts users to log in
to the U2000 server only from clients that have specified IP addresses.
To improve the security of the U2000, ACLs restrict what client IP addresses users can use to
log in to the U2000. If user accounts and passwords are stolen, unauthorized users cannot log
in to the U2000. The U2000 provides two types of ACLs:
l System ACL
ACL for the U2000. All the users can log in to the U2000 only from the IP addresses or
network segments specified in the system ACL.
l User ACL
ACL for a user. The current user can log in to the U2000 only from the IP addresses or
network segments specified in the ACL for the user.
NOTE
The IP addresses or network segments in a user ACL must be within the range of the IP addresses
or network segments in the system ACL.

User Monitoring
The U2000 monitors user access to resources. User monitoring comprises session monitoring
and operation monitoring. For session monitoring, the U2000 monitors users' online status.
For operation monitoring, the U2000 monitors operation objects, time, and specific operation
items.
If a user performs unauthorized operations or operations that potentially affect the system, a
security administrator of the U2000 can forcibly log out the user.
Network Management System Maintenance Suite

The network management system maintenance suite (MSuite for short) is a graphical
maintenance tool developed for the U2000. The MSuite is used to debug, maintain, and
redeploy the U2000. The password used to log in to the MSuite must be changed regularly to
ensure U2000 security.
User Management in a Distributed System

The U2000 distributed system adopts SSO. That is, after a user logs in, the user can access the
NM and all EM clients. To implement SSO, the IS must be configured on the NM and EMs
and an SSO user must be created in the Centralized Account Management Center window
and then added to an SSO user group for inheriting the user group's rights.
The U2000 distributed system provides the following default user groups: Administrators,
SMManagers, Maintenance Group, Guests, Operator Group, and NBI User Group. When
creating an SSO user group in the Centralized Account Management Center window,
synchronize it to the NM and EM clients and authorize it on the clients.
Related Tasks
5.2.4.2 Creating User-Defined Object Sets
5.2.4.3 Creating User-Defined Operation Sets
5.2.4.4 Creating and Authorizing U2000 User Groups
Procedure for Creating U2000 Users
5.2.10.1 Assigning Specific Operation Rights to an NMS User
5.2.10.2 Adjusting User Rights
Related References
New Object Set
New Operation Set
New User Group
5.2 Managing User Rights

Security administrators assign proper rights to U2000 and NE maintenance personnel and
adjust rights based on service changes, which ensure that maintenance personnel have
sufficient rights to regularly maintain the U2000 and NEs and prevent unauthorized
operations.
Animation is used to demonstrate the rights management procedure performed by security
administrators. Obtain the animation file from the following path: http://

support.huawei.com/carrier/docview?path=PBI1-7275726/PBI1-8132359/
PBI1-20977039/PBI1-21427015/PBI1-15315&nid=SE0000685570.
5.2.1 Getting to Know Operation Rights Management

This section describes concepts related to operation right managements, such as operation
rights, object sets, domains, operation sets, and U2000 authorization principles. Knowing
these concepts before authorization helps you understand the purpose of each step in
authorization.
5.2.1.1 Rights
Rights specify operations that can be performed and objects on which the operations are
performed. Operations that can be performed vary according to user.
Rights elements include objects and operations, as shown in Figure 5-1.
Figure 5-1 Rights elements
Operable objects mainly involve the U2000 and NEs, which are managed as devices.
U2000 users can perform operations on the U2000 or NEs only when they are authorized to
access and operate the U2000 or NEs.
Figure 5-2 shows the operations that can be performed on the U2000 and NEs.
Figure 5-2 Operations that can be performed on the U2000 and NEs
Rights Objects Operations
iMAP Login to the iMAP
Access
rights
NEs Login to the NE
iMAP application
operations
Operation
iMAP
rights
Network device
operations

Rights Operation Description
Access Logging in to To log in to the U2000, a user must have a valid account
rights the U2000 and password.
Logging in to To log in to an NE, a user must have a valid account and

an NE password.
Operation Network Network management application operations refer to the

rights management operations unrelated to NEs, such as querying system logs
application and creating topology objects. Before performing such
operations operations, users must log in to the U2000 first.
Network Network device operations refer to the operations related to

device NEs, such as querying NE measurement results, connecting
operations NEs, and synchronizing NE data. Before performing such
operations, users must log in to the U2000 first.
5.2.1.2 U2000 Authorization Principles

This topic describes the U2000 authorization principles, which help security administrators
understand authorization on the U2000.
Authorization Methods
Security administrators can authorize users using the following methods:
l Authorize users directly. Specifically, set domains and operation rights for the users.
NOTE
In view of user rights management and security, you are not advised to use this authorization
method.
If you use this method, user admin must select the check box of Assign rights to users directly in
the Advanced dialog box of the Account Policy tab page.
l Authorize users by binding them to a user group. Specifically, authorize a user group by
setting domains and operation rights of the user group, and then add users to the user
group so that the users inherit the user group's rights.
The second method (binding users to a user group) is recommended. This method
enables the security administrators to simultaneously authorize all the users who hold the
same post. When users' posts change, the security administrators can authorize new users
by removing original users from and adding the new users to the user groups.
Operation Right Configuration Modes

A large number of devices are deployed on a live network. Adding devices to user groups'
domains and setting operations performed on the devices one by one result in repeated
workload and low efficiency. To improve efficiency, the U2000 provides various operation
right configuration modes, as shown in Figure 5-3.
Table 5-1 describes the operation right configuration modes. The subnet device set mode and
user-defined object set mode are commonly used.

Figure 5-3 Operation right configuration modes
Table 5-1 Operation right configuration modes

NOTE
l The subnet device set mode is the best mode regarding device management authorization and is
recommended for the networks of all scales.
l In a domain, subnets may appear:
l Under the Subnet Device Set node: If security administrators grant operation rights to the user, the
user can view and perform operations on all devices in the subnet. If a new device is added to the
subnet, this device is added to the domain automatically.
l Under the Subnet node: If security administrators grant operation rights to the user, the user can
view the subnet, and move, modify, or delete the subnet in the Main Topology.
l Under the Device node: If security administrators grant operation rights to the user, the user can
view and perform operations on all devices in the subnet except the subnet itself. If a new device is
added to the subnet, this device is not added to the domain automatically.
Mode Description Method of Advantage Disadvantage Appl

Assigning icabl
Operation e
Rights Scen
ario
All The default The three The All Objects This mode is This
Objects object set All modes are mode co-works rarely used mode
Objects object set with the default because few appli
provided by modes. In operation set All users except es to
the U2000 is these modes, Object users in the the
assigned as a security Operations Administrators scena
managed administrators provided by the or rio
object to users must assign U2000 to assign SMManagers wher
or user operation all operation rights group need to e
groups. rights by for all devices to manage all users
binding users. devices. must
operation sets mana
to object sets. ge all
If a user group devic
wants to have es.
operation
rights for an
object, the
following
conditions
must be met:
l The user
group's
object set


Assigning icabl
Operation e
Rights Scen
ario
Object Though All contains The combination Authorization This

set Objects and the object. of user-defined for a user- mode
(user- Subnet l The object sets and defined object appli
defined Device Set operation operation sets can set is less es to
object are object set bound improve precise than the
set) sets, the to the authorization and authorization for scena
object set in object set operation right a single rio
this mode contains maintenance managed object wher
indicates only the efficiency in the in terms of e
a user- operations following ways: operation right multi
defined correspond l If user groups control. ple
object set ing to the have the same Authorization users
planned and operation managed preciseness have
created by a rights. objects, a relies on the
security security security same
administrator. administrator administrators' mana
In user- can use an planning. ged
defined object object set to set l If multiple objec
set mode, the user user groups ts but
security groups' use the same the
administrators domains and to object set or mana
add planned adjust the operation ged
devices to domains by set, objec
object sets adjusting adjustments ts are
defined by objects in the to the object deplo
themselves object set, set or yed
and assign the which helps operation set on
object sets to avoid repeated may affect differ
users or user workload. user groups ent
groups. that do not subne
l If an object set ts.
contains n require
devices of the operation
same type, a right
security adjustments.
administrator l An operation
can assign or set bound to
reclaim an object set
operation is apt to lack
rights for these operations
devices by that are
adding performed
operations to on objects in
or deleting the object
operations set, or the
from the object set is


Assigning icabl
Operation e
Rights Scen
ario
operation set apt to lack

bound to the objects on
object set which
respectively. operations
Compared with contained in
single-device the operation
authorization, set are
the performed.
authorization
based on object
sets
significantly
improves
efficiency.


Assigning icabl
Operation e
Rights Scen
ario
Subnet Subnet The combination Authorization This

device device sets of subnet device for a subnet mode
set are assigned sets and operation device set is less appli
as managed sets have the same precise than es to
objects to advantages of authorization for the
users or user improving a single scena
groups. authorization and managed object rio
operation right in terms of wher
maintenance operation right e
efficiency as the control. mana
combination of Authorization ged
user-defined preciseness objec
object sets and relies on ts are
operation sets. It security assig
also has the administrators' ned
following planning. to
advantages: l If multiple users
l No object set user groups by
needs to be use the same subne
created. operation set t.
l Objects in that is bound
subnet device to a subnet
sets are device set,
synchronized adjustments
with objects on to the
subnets in operation set
topology views may affect
in real time, user groups
which that do not
facilitates require
network operation
deployment right
planning and adjustments.
avoids frequent l An operation
operation right set bound to
adjustments a subnet
due to object device set is
addition and apt to lack
deletion. operations
that are
performed
on objects in
the subnet
device set, or
the subnet


Assigning icabl
Operation e
Rights Scen
ario
device set is
apt to lack
objects on
which
operations
contained in
the operation
set are
performed.
Device Devices are Security Operations are Security The

assigned to administrators direct and easy to administrators mode
users or user must assign understand. must set appli
groups one by operation Operation right operation rights es to
one. rights by control is more for each device, small
NOTE binding precise. resulting in -
In this operations to heavy sized
configuration each device. authorization netw
mode, there is workload. orks.
one special
Operation right
device,
Operations maintenance
Support workload
System OSS, increases if
which rights are
indicates the adjusted.
U2000 server.
Users can find
the OSS in
topology
views and
view alarms
reported by
the U2000
server only
after the OSS
is added to the
users'
domains. No
operation
rights can be
set for the
OSS.


Assigning icabl
Operation e
Rights Scen
ario
Subnet A subnet N/A None None This

(excluding mode
devices on the is
subnet) is rarely
assigned as an used.
object to users
or user
groups.
This mode
enables users
only to view
subnets on
U2000 clients.
Therefore,
subnets can be
added to
users'
domains, but
no operation
rights can be
set for the
subnets.
5.2.1.3 Users and User Groups

A user indicates an U2000 user. A user logs in to the U2000 using a user account. A user
group is a collection of user accounts.
Users
By default, U2000 provides the user account admin that can be used to manage all devices
and has all operation rights. By default, the admin user belongs to the Administrators and
SMManagers user groups and has the most operation rights on the U2000.
User Groups
A user group is a collection of user accounts. After a user account is added to a user group,
the user has domains and operation rights of the user group. A user account can belong to
multiple user groups.
A user account can belong to multiple user groups. When a user account belongs to multiple
user groups, the user has all managed domains and operation rights of these user groups.
NOTE
To delete right A of a user, you also need to delete right A of the user groups that the user account
belongs to, or delete the user account from the user groups that have right A.

Managing users' operation rights based on user groups makes right management convenient
and clear.
The U2000 provides seven user groups. For details, see Table 5-2.
uTraffic User Group is common user group and can be deleted. The other user groups cannot
be deleted. The management domain of the default user groups is All Objects. The rights of
the default user groups are provided by the U2000 by default, and these rights cannot be
modified.
The U2000 supports user-defined user groups created based on application requirements. The
management domain and operation rights for user-defined user groups must be appropriate.
NOTICE
Users in the Administrators or SMManagers user group must perform operations as
required. Any operations that may cause damages or pose risks to the U2000 are forbidden.
Table 5-2 User groups on the U2000

User Group Operation Rights Description
Administrators This user group has all operation rights except those of the
SMManagers user group. Users in the Administrators user group
can perform operations such as maintaining U2000 servers and
setting global parameters.
Users in the Administrators and SMManagers user groups can
manage all objects. Other users can manage only authorized objects.
SMManagers This user group has operation rights only for Security
Management, which include permissions to configure a security
policy, query security logs, manage users/user groups/object sets/
operation sets/use permissions/security log templates, monitor user
dialogues/operations, force users to exit, unlock users, and re-set
user passwords. The users added to the user group can manage all
the users on the U2000, except for the admin and other security
administrators.
Users in the SMManagers user group are U2000 security
administrators.
Maintenance Group By default, the domain of this user group is All Objects, and it has
operation rights for default maintenance operation sets. In addition
to the rights of the Guests and Operator Group groups, users in
this group have the rights to perform configurations that affect the
running of the U2000 and NEs. For example, they can search for
SDH protection subnets and trails, delete composite services, and
reset boards.

User Group Operation Rights Description
Operator Group By default, the domain of this user group is All Objects, and it has
operation rights for default operator operation sets. In addition to the
rights of the Guests group, users in this group have the rights to
create, modify, and delete (rights to perform potentially service-
affecting operations are not involved). For example, they can create
NEs, change alarm severities, and configure SDH trails.
Guests By default, the domain of this user group is All Objects, and it has
operation rights for default monitor operation sets. They can
perform query operations, such as querying statistics, but cannot
create or configure objects.
NBI User Group By default, this user group has operation rights related to
northbound Service.
uTraffic User Group When uTraffic interconnects with the U2000, uTraffic accounts will
be created on the U2000 to manage operation rights between
uTraffic and the U2000.
User Management in a Distributed System

The U2000 distributed system adopts SSO. That is, after a user logs in, the user can access the
NM and all EM clients. To implement SSO, the IS must be configured on the NM and EMs
and an SSO user must be created in the Centralized Account Management Center window
and then added to an SSO user group for inheriting the user group's rights.
The U2000 distributed system provides the following default user groups: Administrators,
SMManagers, Maintenance Group, Guests, Operator Group, and NBI User Group. When
creating an SSO user group in the Centralized Account Management Center window,
synchronize it to the NM and EM clients and authorize it on the clients.
5.2.1.4 Object and Object Set

An object on the U2000 is an entity on which only users authorized by security administrators
can perform operations. An object set is a collection of objects.
Object
Objects are classified into security and non-security objects. This topic focuses on security
objects.
On the U2000, a security object is an entity on which only users authorized by security
administrators can perform operations. For example, devices, subnets, and object sets are
security objects.
On the U2000, a non-security object is an entity on which users can perform operations
without the authorization of security administrators. In the Main Topology, not all devices can
be managed by the U2000. If a security administrator creates a common user but does not
grant any rights to the user, the user still can view some objects in the Main Topology after
logging in to the U2000. However, these objects are not security objects because they are not
managed by the U2000.

Object Set
An object set is a collection of objects. The U2000 provides the default object set All Objects
that includes all objects managed by the U2000. The objects in the All Objects set cannot be
modified or deleted.
A maximum number of 99 object sets is recommended in addition to the default object set.
The maximum limit helps prevent performance problems.
Table 5-3 Object sets provided by the U2000

Object Set Description
Subnet The U2000 creates a subnet device set that shares the same name as a subnet
device set for each subnet in the physical topology view.
Subnet device sets have the following features:
l A subnet device set contains a subnet in the physical topology view and
all objects on the subnet.
l If a subnet contains a lower-layer subnet in the physical topology view,
the corresponding subnet device set contains the lower-layer subnet and
objects on the lower-layer subnet.
l If objects on a subnet in the physical topology view are adjusted, the
adjustments are synchronized to the corresponding subnet device set in
the security management module. The U2000 does not allow security
administrators to directly adjust objects in a subnet device set in the
security management module.
l A subnet device set cannot be added to a user-defined object set.
l All subnet device sets are displayed only in the window in which
security administrators set domains. They are not displayed under the
Object Set node of the navigation tree in the Security Management
window.
All objects The U2000 provides one default object set, the All Objects set that includes
all objects managed by the U2000. This object set cannot be modified or
deleted.
User- Object sets manually created by a user are user-defined object sets.
defined User-defined object sets have the following features:
object set
l A user-defined object set can contain NEs, subnets, and other user-
defined object sets.
l When a user-defined object set contains subnets, it contains only the
subnets, excluding objects on the subnets.
l A user-defined object set cannot contain subnet device sets.
l A user-defined object set that contains subobject sets cannot be added to
another user-defined object set.
l Objects in a user-defined object set can only be manually adjusted.

5.2.1.5 Domain
A domain refers to the scope of NE objects managed by a user or user group. After a user logs
in to the U2000 client, only the NE objects in the user's domain are available to this user
(including the U2000 itself).
Objects managed by users or user groups vary according to authorization modes for domains.
For details, see Table 5-4.
Table 5-4 Authorization modes for domains

Authorization Description
Mode
All Objects Users or user groups can manage all objects.
Object Set Users or user groups can manage only NE objects in selected object
sets. They cannot automatically have the operation rights for new
NE objects that are of the same types as those in selected object sets.
Subnet Device Set Users or user groups can manage all NE objects in selected subnet
device sets. If NE objects in the selected subnet device sets are
adjusted, the NE objects managed by the users or user groups are
adjusted simultaneously.
Device Users or user groups can manage only selected NE objects. They
cannot automatically have the operation rights for NE objects that
are of the same types as the selected NE objects and are added to the
U2000 later.
Subnet Users or user groups can perform operations only on selected

subnets on the U2000 client. They cannot view or set operation
rights for the NEs on the selected subnets.
NOTE
If the users or user groups also select a subnet in the subnet device set, the
users or user groups can manage all the NEs objects on the selected subnet,
including NEs that are added to the subnet on the U2000 later.
5.2.1.6 Operation and Operation Set

An operation set is a collection of operations. Security administrators use operation sets to
quickly assign operation rights for objects to users in batches.
Operation Types
On the U2000, users can perform operations on both the U2000 and NEs. Therefore,
operations are classified into two types: NMS application operations and network device
operations.
l NMS application operations are performed on the U2000, such as Acknowledge
Alarms, Add Alarm/Event Mask Rules, Modify Object Position, and Query a
Board.
l Network device operations are performed for managed NEs, such as Configure the NE
Type, Reset Board, Suppress Device Alarm, and Modify Routing Policy.

The object of NMS application operations is the U2000. For example, those operations
involving topology objects constitute the Topo Management rights and those alarm-related
operations constitute the Fault Management rights. The following Figure 5-4 shows the
Select Operation Rights window. The NMS application operations are classified into more
than 20 types and listed under the Operation node in the Operation area.
Figure 5-4 NMS application operations
The objects of network device operations are NEs. All operations for an NE on the U2000
constitute the rights for the NE. A Router NE (CX600-144) is used as an example. All rights
for it are listed under the Operation node in the Operation area as shown in the following
figure.

Figure 5-5 Network device operations
Operation Set Types

Based on the two types of operation objects, operation sets provided by the U2000 are also
classified into two types: NMS application operation set and network device operation set.
l Network management application operation set: contains various network management
application operations. Network management application operations correspond to
U2000 functions unrelated to NEs, for example, system log query and topology object
creation.
l Network device operation set: contains various network device operations. Network
device operations correspond to U2000 functions related to NEs, for example, NE
measurement result query, NE connection, and NE synchronization.
NOTE
Operation sets that contain operation subsets cannot be added to another operation set because an
operation set cannot contain two levels of operation sets.
The U2000 provides more than 20 types of default NMS application rights (corresponding to
more than 60 types of operation sets) and more than 70 types of network device rights in all
domains (corresponding to more than 200 operation sets). If the default operation sets do not
meet requirements, create operation sets manually.
NOTE
It is not recommended to assign the All Application Operations and All Object Operations operation
sets to common users. All Application Operations contains operations for all U2000 applications
except security applications. All Object Operations contains operations for all NEs managed by the
U2000. A user who is assigned both of the two operation sets has all operation rights for the U2000 and
NEs.
Relationships Between Operations and Operation Sets

This section uses topology management as an example to describe relationships between
operations and operation sets.

Topology management belongs to NMS application operations, including about 30 operation

rights that are allocated to operation sets as follows:
l Low-level rights Set Background and Modify Object Position are allocated to the
Topo Monitor Operation Set.
l Medium-level configuration rights Create Link, Export Project Document, Modify
Subnet are allocated to the Topo Operator Operation Set.
l High-level rights Period Discovery and Lock/Unlock View are allocated to the Topo
Maintainer Operation Set.
Users can create an operation set and add the desired topology management operations to it to
facilitate operation rights assignment.
NOTE
l A default operation set of the U2000 contains all operations in the operation sets at lower levels.
l The U2000 may define the high and low levels of operation sets differently from O&M engineers'
expectations. In this situation, O&M engineers can create operation sets based on the actual O&M
scenarios.
Specifically, administrators can assign rights for topology management to a user on the New
User Group > Operation Rights > Select > Select Operation Rights GUI in the following
ways:
l Assign default operation sets to a user. The following operation sets can be assigned:
Topo Monitor Operation Set, Topo Maintainer Operation Set, and Topo Monitor
Operation Set. To view which operations are included in an operation set, right-click it
and choose View Operation Set Member from the shortcut menu. This method is used
when the default operation sets meet the requirement for rights assignment.
l Create operation sets, add desired operations in Topo Management to them, and assign
them to users. This method is used when the default operation sets cannot meet the
requirement for rights assignment.
l Assign operation rights in Topo Management to users directly. This method is
inconvenient for management and maintenance. Therefore, it is not recommended.
Default Operation Sets

The U2000 provides more than 200 default operation sets with different types of operations
and levels of rights. You can query the operations contained in all operation sets by 5.2.5.1

Exporting Operation Sets or query the operations contained in a single operation set by
5.2.8.5 Viewing Operations in an Operation Set. If the default operation sets do not meet
requirements, create operation sets manually.
5.2.2 Scenarios for Operation Right Management

This section describes all scenarios for operation right management. You can click a desired
scenario to access the corresponding section and view operation details.
Figure 5-6 Scenarios for operation right management

Scenario Scenario Description Subscenario or Subtask
Performing the When performing the initial 1. 5.2.3 Authorization Plan

Initial authorization for the installed A proper domain and
Authorization U2000, you need to plan operation set plan before
management personnel for each authorization can reduce
device and assign management authorization and
rights to corresponding users. maintenance workloads.
2. 5.2.4 Assigning Rights to
Users
After operation rights are
planned, security
administrators can authorize
users based on the plan.
3. 5.2.5 Transferring
Operation Sets
If multiple U2000s are
deployed on the global
network (for example, one
U2000 is deployed in each
region to manage devices)
and operation sets required by
the U2000s are similar
according to an authorization
plan, security administrators
can use the operation set
import and export functions
provided by the U2000 to
transfer operation sets from
one U2000 to other U2000s.

Scenario Scenario Description Subscenario or Subtask
Maintaining You need to maintain operation l 5.2.6 Operation Right

Operation Rights rights after the initial Adjustment After Device
authorization is performed. Addition or Deletion
When a device is added or After new devices (NEs or
deleted, or user responsibilities subnets) are deployed for
change, security administrators maintenance, security
need to change operation rights administrators must assign
for users. operation rights for the new
NOTE devices to user groups. After
The operation right maintenance devices are deleted, operation
instructions described in this
rights for the devices are
document are based on the
assumption that users are automatically deleted from
authorized by being bound to user users or user groups'
groups. For some sites that use the operation rights.
direct user authorization, see FAQs
l 5.2.7 Operation Right
About Authorization for
processing. Adjustment After
Personnel's Responsibilities
Change
If topology positions of
managed objects remain
unchanged whereas
personnel's responsibilities
change, for example, changes
to managed NE scopes,
operation rights, and posts,
security administrators must
adjust users' operation rights.
5.2.3 Authorization Plan

A proper domain and operation set plan before authorization can reduce authorization and
maintenance workload.
Authorization Planning Process

Figure 5-7 shows the authorization planning process.

Figure 5-7 Authorization planning process
Table 5-5 describes the activities and rules for each procedure in the process.
Table 5-5 Activities and rules for each procedure in the process
Procedure Description Rule
Sorting Sort data based on a carrier's -

original organization structure and
right networking, and obtain the following
manageme data:
nt data l Personnel who manage the same
devices, that is, personnel who
have the same domain
l Personnel who have the same
responsibilities, that is, personnel
who can perform the same
operations on the same devices

Planning Classify personnel into groups based l Place personnel who have the
user on their responsibilities. same responsibilities in a user
groups group.
l Place a person whose
responsibilities are partially
different from others' in a
separate user group.
Planning Plan modes for adding managed Plan domains collectively for
domains objects to domains to improve personnel who have the same
authorization and maintenance management scope. Plan domains
efficiency. separately for personnel whose
management scopes are partially
different from others'. The subnet
device set mode is preferred for
planning domains. Devices that are
not included in a subnet device set
are added to a user-defined object
set to avoid repeated authorization
for individual devices. To facilitate
future adjustment, it is
recommended that a user-defined
object set not include subobject sets.
Planning Analyze operation rights required for l If user groups support the same
operation personnel to fulfill their network management application
sets responsibilities and classify the operations, plan the same
operation rights into operation sets. network management application
Plan network device operation sets operation set for the user groups.
and network management Otherwise, plan network
application operation sets management application
according to the engineers' operation sets separately for the
management responsibilities. user groups.
NOTE l If user groups support the same
If the device modes are used in a network device operations, plan
domain management plan, you do not the same network device
need to plan operation sets. operation set for the user groups.
Otherwise, plan network device
operation sets separately for the
user groups.

Sorting Sort data and create a user group l The domain column must specify
data and attribute table for reference during the subnet device set, user-
creating a authorization and right management. defined object set, or device
user group The user group attribute table must mode in which managed objects
attribute include the user group member, are added to a domain.
table domain, and operation right l If the subnet device set mode and
columns. user-defined object set mode are
used, the operation right column
must specify an operation set that
includes all required operations.
Sorting Original Right Management Data

A carrier provides a device management responsibility table based on the carrier's
organization structure and networking, which serves as the original right management data.
The following uses the organization and networking structures for region A as an example to
help you better understand original right management data.
Eleven devices, numbered from 01 to 11, of different types are located in region A. Among
them, devices numbered from 01 to 04 are located on Subnet01; devices numbered from 07 to
10 are located on Subnet02; Device05, Device06, and Device11 are not located on any
subnets. See Figure 5-8.
Figure 5-8 Networking structure in region A
Eight persons are assigned to manage the devices in region A. Figure 5-9 shows device
management division. Table 5-6 describes the division, providing the original right
management data generated based on the organization and networking structures for region A.

Figure 5-9 Device management division
Table 5-6 Device management division

Management Mana Role and Responsibilities
Scope geme
nt
Perso
n
Subnet01 A Network monitoring engineer who monitors the device

(Device01, running status during the daytime.
Device02, Device03,
and Device04), B Network monitoring engineer who monitors the device
Device05, Device06, running status at night.
and Device11 C l Full-time data configuration engineer who configures
data for managed devices.
l Part-time system maintenance engineer who performs
routine device maintenance when system maintenance
engineer D (full-time) is absent.
D l Full-time system maintenance engineer who performs

routine device maintenance.
l Part-time data configuration engineer who configures
data for managed devices when data configuration
engineer C (full-time) is absent.
Subnet02 E Network monitoring engineer who monitors the device

(Device07, running status during the daytime.
Device08, Device09,
and Device10), F Network monitoring engineer who monitors the device
Device06, and running status at night.
Device11

Management Mana Role and Responsibilities

Scope geme
nt
Perso
n
G l Full-time data configuration engineer who configures

data for managed devices.
l Part-time system maintenance engineer who performs
routine device maintenance when system maintenance
engineer H (full-time) is absent.
H l Full-time system maintenance engineer who performs

routine device maintenance.
l Part-time data configuration engineer who configures
data for managed devices when data configuration
engineer G (full-time) is absent.
To help the authorization planning later, sort out the following items based on the original
right management data:
l Personnel who manage the same devices, that is, personnel who have the same domain
l Personnel who have the same responsibilities, that is, personnel who can perform the
same operations on the same devices
Sort the data in Table 5-6 based on these two items to generate Table 5-7 and Table 5-8.
Table 5-7 Personnel who manage the same devices

Personnel Managed Devices
A, B, C, and D Subnet01 (Device01, Device02, Device03, and Device04), Device05,

Device06, and Device11
E, F, G, and H Subnet02 (Device07, Device08, Device09, and Device10), Device06,

and Device11
Table 5-8 Personnel who have the same responsibilities

Personn Responsibilities
el
A and B Manage Subnet01 (Device01, Device02, Device03, and Device04), Device05,

Device06, and Device11.

Personn Responsibilities
el
C and D Work full time or part time to configure data and perform routine maintenance
for Subnet01 (Device01, Device02, Device03, and Device04), Device05,
Device06, and Device11.
l Full-time data configuration engineer C and part-time data configuration
engineer D configure data for the same managed devices.
l Part-time system maintenance engineer C and full-time system
maintenance engineer D perform routine maintenance for the same
managed devices.
E and F Monitor Subnet02 (Device07, Device08, Device09, and Device10), Device06,

and Device11.
G and H Work full time or part time to configure data and perform routine maintenance
for Subnet02 (Device07, Device08, Device09, and Device10), Device06, and
Device11.
l Full-time data configuration engineer G and part-time data configuration
engineer H configure data for the same managed devices.
l Part-time system maintenance engineer G and full-time system
maintenance engineer H perform routine maintenance for the same
managed devices.
Return to Authorization Planning Process.
Planning User Groups

User group planning aims to classify personnel into groups based on their responsibilities. To
help initial authorization and subsequent right maintenance, it is recommended that a person
whose responsibilities are partially different from others' be placed in a separate user group.
For example, personnel who have the same responsibilities in region A, who are described in
Table 5-8, are classified into the same user group. Region A does not have persons whose
responsibilities are partially different from others' and therefore you do not need to plan a
separate user group for region A. Table 5-9 describes the user group plan for region A.
Table 5-9 User group plan
User Group User Responsibilities

Group
Membe
rs
Network monitoring A and B Monitor Subnet01 (Device01, Device02, Device03, and

engineer group 1 Device04), Device05, Device06, and Device11.
Data configuration C and D Configure data and perform routine maintenance for
and system Subnet01 (Device01, Device02, Device03, and
maintenance Device04), Device05, Device06, and Device11.
engineer group 1

User Group User Responsibilities

Group
Membe
rs
Network monitoring E and F Monitor Subnet02 (Device07, Device08, Device09, and

engineer group 2 Device10), Device06, and Device11.
Data configuration G and H Configure data and perform routine maintenance for
and system Subnet02 (Device07, Device08, Device09, and
maintenance Device10), Device06, and Device11.
engineer group 2
Planning Domains
Domain planning aims to improve authorization and maintenance efficiency by specifying the
modes for adding managed objects to domains.
Plan domains collectively for personnel who have the same management scope. Plan domains
separately for personnel whose management scopes are partially different from others'. Use
the management personnel in region A as an example. A, B, C, and D have the same
management scope, E, F, G, and H have the same management scope (see Table 5-7), and in
these two groups there is no person whose management scope is partially different from
others'. In this example, only two domains are required: one for A, B, C, and D, and the other
for E, F, G, and H.
Comply with the following rules when planning domains: Prefer the subnet device set mode.
Devices that cannot be included in a subnet device set are included in a user-defined object
set, avoiding authorization on a device basis. To ensure a clear object set structure and
facilitate maintenance, it is recommended that a user-defined object set not include subobject
sets.
Table 5-10 describes domains for region A based on the rules. Figure 5-10 shows
management division based on managed objects in each domain.
Table 5-10 Domains for region A

Personnel Mode for Adding Objects to a Domain
A, B, C, and l Subnet device set Subnet01.

D l User-defined object set Objectset01.
Subnet01 contains Device01, Device02, Device03, and Device04.
Objectset01 contains Device05, Device06, and Device11.
E, F, G, and l Subnet device set Subnet02.

H l User-defined object set Objectset02.
Subnet02 contains Device07, Device08, Device09, and Device10.
Objectset02 contains Device06 and Device11.

Figure 5-10 Device management division
Planning Operation Sets

To improve efficiency and simplify maintenance, the U2000 supports authorization only by
binding operation sets to personnel after domains are configured in subnet device set and
user-defined object set modes. Therefore, security administrators must analyze operation
rights required for personnel to fulfill their responsibilities and classify the operation rights
into operation sets.
If the device modes are used in a domain management plan, you do not need to plan operation
sets.
1. Analyze operation rights required for personnel to fulfill their responsibilities.
Analyze operation rights based only on user groups because personnel have been
classified into user groups based on their responsibilities during user group planning.
Use the user group plan for region A described in Table 5-9 as an example. Table 5-11
describes operation rights required for the user groups in this region.

Table 5-11 Operation rights required for user groups in region A

User Group User Responsibilitie Required Operation Rights
Group s
Memb
ers
Network A and Monitor l Rights to monitor Subnet01

monitoring B Subnet01 (Device01, Device02, Device03,
engineer (Device01, and Device04), Device05,
group 1 Device02, Device06, and Device11.
Device03, and l Rights to perform network
Device04), management application operations
Device05, during device monitoring.
Device06, and
Device11.
Data C and Configure data l Rights to configure data and

configuration D and perform perform routine maintenance for
and system routine Subnet01 (Device01, Device02,
maintenance maintenance for Device03, and Device04),
engineer Subnet01 Device05, Device06, and Device11.
group 1 (Device01, l Rights to perform network
Device02, management application operations
Device03, and during device configuration and
Device04), maintenance.
Device05,
Device06, and
Device11.
Network E and Monitor l Rights to monitor Subnet02

monitoring F Subnet02 (Device07, Device08, Device09,
engineer (Device07, and Device10), Device06, and
group 2 Device08, Device11.
Device09, and l Rights to perform network
Device10), management application operations
Device06, and during device monitoring.
Device11.
Data G and Configure data l Rights to configure data and

configuration H and perform perform routine maintenance for
and system routine Subnet02 (Device07, Device08,
maintenance maintenance for Device09, and Device10),
engineer Subnet02 Device06, and Device11.
group 2 (Device07, l Rights to perform network
Device08, management application operations
Device09, and during device configuration and
Device10), maintenance.
Device06, and
Device11.
2. Plan operation sets.

Plan operation sets based on operations that user groups perform on the same type of
device. If user groups support operations on different types of devices, the user groups
must be assigned different operation rights. For example, if user groups have the right to
view Device01 and Device02, and Device01 and Device02 are of different types, the
user groups must be assigned different operation rights.
– If user groups support the same network management application operations, plan
the same network management application operation set for the user groups.
Otherwise, plan network management application operation sets separately for the
user groups.
– If user groups support the same network device operations, plan the same network
device operation set for the user groups. Otherwise, plan network device operation
sets separately for the user groups.
For example, network monitoring engineer groups 1 and 2 require the same network
management application operation rights; therefore, the same operation set is planned for
the two groups. Table 5-12 describes the operation set plan for region A.
Table 5-12 Operation set plan for region A

Operation Operation Sets
Set Type
Network l Device monitoring operation set 1: rights to monitor Subnet01

device (Device01, Device02, Device03, and Device04), Device05,
operation Device06, and Device11.
set l Device monitoring operation set 2: rights to monitor Subnet02
(Device07, Device08, Device09, and Device10), Device06, and
Device11.
l Device configuration and maintenance operation set 1: rights to
configure and maintain Subnet01 (Device01, Device02, Device03,
and Device04), Device05, Device06, and Device11.
l Device configuration and maintenance operation set 2: rights to
configure and maintain Subnet02 (Device07, Device08, Device09,
and Device10), Device06, and Device11.
Network l Network management application operation set for system

manageme monitoring engineers: rights to perform network management
nt application operations during device monitoring.
application l Network management application operation set for data
operation configuration and system maintenance engineers: rights to perform
set network management application operations during device
configuration and maintenance.
NOTE
The U2000 provides Default Operation Sets. To save operation set creation
time, use these operation sets with preference when planning user authorization.
Sorting Data and Creating a User Group Attribute Table

After planning user groups, domains, and operation sets, create a user group attribute table for
reference during authorization and right maintenance.

The user group attribute table must include the user group member, domain, and operation
right columns. The domain column must specify modes in which managed objects are added
to domains. The operation right column must specify modes in which rights are assigned to
personnel. Table 5-13 is the user group attribute table generated based on Table 5-9, Table
5-10, Table 5-11, and Table 5-12.
Table 5-13 User group attribute table for region A

User User Responsibili Domain Operation Rights
Group Group ties
Membe
rs
Network A and B Monitor l Subnet device Network device operation

monitori Subnet01 set Subnet01. set: device monitoring
ng (Device01, l User-defined operation set 1, specifying
engineer Device02, object set the rights to monitor
group 1 Device03, and Objectset01. Subnet01 (Device01,
Device04), Device02, Device03, and
Device05, Subnet01 contains Device04), Device05,
Device06, and Device01, Device06, and Device11.
Device11. Device02,
Device03, and Network management
Device04. application operation set:
Objectset01 specifying the rights for
contains Device05, network monitoring
Device06, and engineers.
Data C and D Configure Device11. Network device operation

configur data and set: device configuration
ation perform and maintenance operation
and routine set 1, specifying the rights
system maintenance to configure and maintain
maintena for Subnet01 Subnet01 (Device01,
nce (Device01, Device02, Device03, and
engineer Device02, Device04), Device05,
group 1 Device03, and Device06, and Device11.
Device04), Network management
Device05, application operation set:
Device06, and specifying the rights for
Device11. data configuration and
system maintenance
engineers.

User User Responsibili Domain Operation Rights

Group Group ties
Membe
rs
Network E and F Monitor l Subnet device Network device operation

monitori Subnet02 set Subnet02. set: device monitoring
ng (Device07, l User-defined operation set 2, specifying
engineer Device08, object set the rights to monitor
group 2 Device09, and Objectset02. Subnet02 (Device07,
Device10), Device08, Device09, and
Device06, and Subnet02 contains Device10), Device06, and
Device11. Device07, Device11.
Device08,
Device09, and Network management
Device10. application operation set:
Objectset02 specifying the rights for
contains Device06 network monitoring
and Device11. engineers.
Data G and H Configure Network device operation

configur data and set: device configuration
ation perform and maintenance operation
and routine set 2, specifying the rights
system maintenance to configure and maintain
maintena for Subnet02 Subnet02 (Device07,
nce (Device07, Device08, Device09, and
engineer Device08, Device10), Device06, and
group 2 Device09, and Device11.
Device10), Network management
Device06, and application operation set:
Device11. specifying the rights for
data configuration and
system maintenance
engineers.
5.2.4 Assigning Rights to Users

After operation rights are planned, security administrators can authorize users based on the
plan.
5.2.4.1 Authorization Process

This section describes the authorization process for users to have an overall understanding of
authorization.
Figure 5-11 shows the authorization process. You can click a procedure in the flowchart to
access the section for more details.

NOTE
If no user-defined object set or user-defined operation set is involved in the authorization plan, you do
not need to create user-defined object sets or user-defined operation sets. That is, you can skip the first
two procedures in the authorization process.
Figure 5-11 Authorization process
5.2.4.2 Creating User-Defined Object Sets

If user-defined object sets are involved in the authorization plan, create user-defined object
sets before authorizing user groups.
Prerequisites
l You have logged in as a user in the SMManagers group.
l You have planned object sets. For details, see 5.2.3 Authorization Plan.
Context
l After creating object sets during the initial phase of site deployment, you can adjust them
or create object sets during site maintenance.
l If an object set is allocated to a user group, all members of the user group can view
members of the object set in the physical topology view.

l The topic uses the examples in 5.2.3 Authorization Plan to describe how to create an
object set.
Procedure
Step 1 Determine the object sets to be created and their members based on the authorization plan.
Object sets to be created and their members are listed in the Domain column of Table 9 in
5.2.3 Authorization Plan. The following steps use Objectset01 as an example.
Step 2 Choose Administration > NMS Security > NMS User Management from the main menu
(traditional style); alternatively, double-click Security Management in Application Center
and choose OSS Security > OSS User Management from the main menu (application
style)Administration > NMS Security > NMS User Management from the main menu
and choose OSS Security > OSS User Management from the main menu (application style).
Step 3 In the NMS User Management navigation tree, right-click the Object Set node and choose
New Object Set.
Step 4 On the Details tab of the New Object Set dialog box, set Type to Network Device, Name to
Objectset01, and Description to Object set for region A.
NOTE
The object set name cannot contain the following characters:
`~*":;?\,|{}[]<>'+=
Step 5 Set members of the object set.

1. On the Members tab, click Select.
2. In the Select Object Set Member dialog box, expand the Device node in the Available
Devices and Object Sets area and select members for Objectset01. Click
to add the devices to the Selected Devices and Object Sets area, and click OK.
NOTE
l Object sets that do not contain subsets can also be selected as members of an object set. However,
you are not advised to select such object sets as members to simplify right maintenance.
l To select objects in existing object sets as members, click Copy Members from Object Sets in the
New Object Set dialog box and select one or more object sets in the Copy Members from Object
Sets dialog box. The members of the selected object sets are copied to the Members tab for the
current object set.

NOTE
l You can click and choose Sort by topology position or Sort by device type to sort available
or selected devices and object sets.
l You can enter the desired character string in the Find text box and click or to search for
objects and object sets in the up or down direction.
l You can click to specify whether to use the Match whole word only or Match case rules
during an object or object set search.
Step 6 In the New Object Set dialog box, click OK. The object set is created.
----End
Result
The new object set is displayed in the object set list. You can double-click the object set to
view the objects contained in the object set on the Members tab.
Follow-up Procedure
You can click Select in the lower right corner of the Members tab and adjust the members of
the object set in the dialog box that is displayed.
Related Concepts
5.1 User Security
Related References
New Object Set

5.2.4.3 Creating User-Defined Operation Sets

If operation sets are involved in the authorization plan, you need to create operation sets
before authorizing user groups.
Prerequisites
l You have planned operation sets. For details, see 5.2.3 Authorization Plan.
Context
l Operation sets can be allocated to users or user groups.
l If an operation set is allocated to a user group, all members of the user group have the
operation rights in the operation set.
l The U2000 provides default operation sets.
l This topic uses the examples in 5.2.3 Authorization Plan to describe how to create an
operation set.
l During version upgrade, new operation rights or modified operation rights in the latest
version are not automatically added to user-defined operation sets. To add the operation
rights, perform the following instructions in this section.
Procedure
Step 1 Determine the operation sets to be created and their types and members based on the
authorization plan.
Operation sets to be created and their types and members are listed in the Operation Rights
column of Table 9 in 5.2.3 Authorization Plan. The following steps use Device Monitoring
Operation Set 1 (a network device operation set) as an example to describe how to create an
operation set.
Step 3 In the NMS User Management navigation tree, right-click the Operation Set node and
choose New Operation Set.
Step 4 On the Details tab of the New Operation Set dialog box, set Type to Network Device,
Name to Device Monitoring Operation Set 1, and Description to Operation of monitoring
devices in domain A.

NOTE
The operation set name cannot contain the following characters:
`~*":;?\,|{}[]<>'+=
Step 5 Set members of the operation set.

1. On the Members tab, click Select.
2. In the Select Operation Set Member dialog box, expand the Operation node in the
Available Rights area and select members for Device Monitoring Operation Set 1.
Click to add the members to the Selected Rights area, and click OK.
NOTE
– Operation sets that do not contain subsets can also be selected as members of an operation set.
However, you are not advised to select such operation sets as members to simplify right
maintenance.
– To select operations in existing operation sets as members, click Copy Members from
Operation Sets in the New Operation Set dialog box and select one or more operation sets in
the Copy Members from Operation Sets dialog box. The members of the selected operation
sets are copied to the Members tab for the current operation set.

NOTE
l You can enter the desired character string in the Find text box and click or to search for
operations and operation sets in the up or down direction.
l You can click to specify whether to use the Match whole word only or Match case rules
during an operation or operation set search.
Step 6 In the New Operation Set dialog box, click OK. The operation set is created.
----End
Result
The new operation set is displayed in the operation set list. You can double-click the operation
set to view the operations contained in the operation set on the Members tab.
Follow-up Procedure
You can click Select in the lower right corner of the Members tab and adjust the members of
the operation set in the dialog box that is displayed.
Related Concepts
5.1 User Security
Related References
New Operation Set

5.2.4.4 Creating and Authorizing U2000 User Groups

When the default user groups of the U2000 cannot meet the requirements for user rights, you
can customize user groups according to the operation rights of users and assign operation
rights to users in a centralized manner.
Prerequisites
l You have planned user groups. For details, see 5.2.3 Authorization Plan.
l You are familiar with the operation rights of the U2000 default user groups.
Context
For the U2000 distributed system, after creating an SSO user group in the Centralized
Account Management Center window, synchronize the user group to the NM and EM
clients for authorization.
Procedure
Step 1 Determine the user group to be created based on the authorization planning.
User groups to be created and their domains and operation sets are listed in Table 9 in 5.2.3
Authorization Plan. The following steps use Network monitoring engineer group 1 as an
example.
Step 3 In the NMS User Management navigation tree, right-click the User Group node and choose
New User Group.
Step 4 In the New User Group dialog box, set the attributes of the user group.
1. On the Details tab, set the user group name, description, and maximum number of
sessions.
Set Name to Network monitoring engineer group 1, Description to rights to monitor
Subnet01 (Device01, Device02, Device03, and Device04), Device05, Device06, and
Device11, and Maximum sessions to the default value Unlimited.
NOTE
– If the operation rights of the new user group are the same with those of existing user groups,
you can copy operation rights from the existing user group. Click Copy Rights from User
Groups. In the Copy Rights from User Groups dialog box, select one or multiple user
groups and click OK. After the copy is complete, the domains and operation rights of the
selected user groups are respectively displayed on the Domain and Operation Rights tabs.
Security administrator can adjust the domains and rights as required.
– The user group name cannot contain the following characters:
`~*()=+\|[]{};':",<>/?
2. Optional: Select members.
Click Add. In the Add User dialog box, select the desired user and click OK.

NOTE
You can add users to a user group in any of the following ways:
– When creating a user group, select users as its members.
– When creating a user, add the user to a user group.
– After a user or user group is created, add the user to a user group by setting user groups for
the user or add users by setting members for the user group.
3. Click Next.
Step 5 Set the domain for the user group to specify the object scope that the user group manages.
1. On the Domain tab, click Select.
2. In the Select Domain dialog box, set domain parameters and click OK.
– In the Authorization Mode area, click the icon above Object Set. In the Available
Objects area, select Objectset01 and click . The selected object set is
added to the Selected Objects area.
NOTE
Only user-defined object sets created by security administrators are displayed under the
Object Set node. If no user-defined object set has been created, no object set is displayed
under this node.
– In the Authorization Mode area, click the icon above Subnet Device Set. In the
Available Objects area, select Subnet01 and click . The selected
subnet devise set is added to the Selected Objects area.
NOTE
You can select other authorization modes in the Authorization Mode area as required.
You can click More or Hide to expand or hide the authorization modes.

NOTE
– In the Available Objects area, you can click to view members of the selected object set
and subnet device set.
– You can enter the desired character string in the Find text box and click or to search
for objects in the up direction or down direction, and click to specify whether to set
the Match whole word only or Match case rules.
– After clicking to select the Device authorization mode, you can click and choose
Sort by topology position or Sort by device type to sort available or selected objects.
3. Click Next.
Step 6 Set operation rights for the user group to assign U2000 application rights and object operation
rights to users.
1. On the Operation Rights tab, click Select.
2. In the Select Operation Rights dialog box, set parameters and click OK.
– In the Authorization Objects area, select Network Management Application. In
the Operations area, select Network management application operation set for
system monitoring engineers. Click . The selected right is added to
the Selected Rights area.
– In the Authorization Objects area, expand the Subnet Device Set node and select
Subnet01. In the Operations area, select Device monitoring operation set 1.
Click . The selected right is added to the Selected Rights area.
– In the Authorization Objects area, expand the Object Set node and select
Objectset01. In the Operations area, select Device monitoring operation set 1.
Click . The selected right is added to the Selected Rights area.
NOTE
After an authorized object is selected, operations that can be bound to the authorized object are
displayed in the Operations area. For details about the binding relationship between authorized
objects and operations, see Operation Rights.

NOTE
– In the Authorization Objects and Operations area, you can click to view the members
of the selected object set, subnet device set, and operation set.
– You can click to collapse all expanded nodes.
– After binding operations to a selected device, you can click and choose Sort by topology
position or Sort by device type to sort rights for the device.
3. Click Next.
Step 7 Set secondary authorization for the user group, so that secondary authorization is required for
members in the user group when they perform certain operations and meet policy
requirements.
1. On the Secondary Authorization wizard page, enable secondary authorization for
certain operations, and set the alarm threshold value and forbid threshold value for the
operations.
2. Click Finish.
NOTE
To view the latest secondary authorization information, click Refresh.
l Exercise this operation with caution, because refreshing the page will clear all the modifications you
made to the secondary authorization information.
l If the user group you copied contains secondary authorization information, clicking Refresh does
not clear the copied authorization information. does not clear the copied authorization information.
----End
Result
The new user group is displayed in the user group list. You can double-click the user group to
view:
l Objects managed by the user group on the Domain tab.
l Operations that users in the user group can perform on the objects on the Operation
Rights tab.
l Information about the enabled secondary authorization on the Secondary Authorization
tab.
Follow-up Procedure
l You can click Select in the lower right corner of the Domain and Operation Rights tabs
to adjust the managed objects and operations respectively for the user group in the dialog
box that is displayed.
l You can click Configure in the lower right corner of the Secondary Authorization tab
to adjust the secondary authorization configuration for the user group's operations in the
dialog box that is displayed.
Related Concepts
5.1 User Security
Related References
New User Group

5.2.4.5 Creating Users and Adding Them to User Groups

By creating users and adding them to user groups, you can quickly assign operation rights to
them.
Prerequisites
l You are familiar with account and password policies. For details, see Account Policy and
Password Policy.
Context
l When you create an U2000 user, ensure that the attributes of the user must comply with
the account and password policies. For details about how to set account and password
policies, see 5.3.1.4 Setting Account Policies and 5.3.1.5 Setting Password Policies.
l After the U2000 user is created, add it to a user group so that the operation rights of the
user group are granted to the user. Do not set domains or operation rights for the user
individually.
l A user account can belong to multiple user groups. When a user account belongs to
multiple user groups, the user has all managed domains and operation rights of these user
groups.
NOTE
To delete right A of a user, you also need to delete right A of the user groups that the user account
belongs to, or delete the user account from the user groups that have right A.
l You must set the user name and password when creating a user. For the other attributes,
you can use default values or set them after you create the user successfully.
l This topic uses the examples in 5.2.3 Authorization Plan to describe how to create a
user and add it to a user group.
l Certain words cannot serve as user names due to political or religionary factors in the
local regions. The iMAP provides the user name blacklist function. The words stored in
the blacklist file cannot be used to create users. For the detailed setting method, see
Setting the User Name Blacklist in U2000 Administrator Guide.
l For the U2000 distributed system, an SSO user must be created in the Centralized
Account Management Center window and then added to an SSO user group for
inheriting the user group's rights. You cannot authorize SSO users directly.
Procedure
Step 1 Determine the users to be created based on the authorization plan.
Users to be created and their user groups are listed in Table 9 in 5.2.3 Authorization Plan.
The following steps use user A as an example. Because the user name is too short and does
not comply with the U2000 security policy, the user name is changed to Network monitoring
engineer A.

Step 3 In the NMS User Management navigation tree, right-click the User node and choose New
User.
Step 4 In the New User dialog box, set general attributes of the user and add it to a user group. For
details, see New User Account.
1. Set general attributes such as the user name, password, and confirm password.
Set User name to Network monitoring engineer A, Full Name to Network
monitoring engineer Tom, and Description to Network monitoring engineer.
NOTE
– Characters allowed in a user name depend on whether the user name is allowed to contain
wide character. User names and figures allowed to contain wide characters are used as an
example in this section.
n If a user name is allowed to contain wide characters, it cannot contain the following
characters:
`~*()=+\|[]{};':",<>/?&©® or spaces
n If a user name is not allowed to contain any wide characters, it can only contain the
following characters:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.!
@#$%^
– Before setting the password, click Password Policy to view the preset password policy.
– On the Password Policy tab, you can also click Advanced to optimize the user policy.
2. Click Add. In the Add User Group dialog box, select the desired user group and click
OK.
In the Add User Group dialog box, select Network monitoring engineer group 1.

Step 5 In the New User dialog box, click OK. The user account is created.
----End
Result
The new user account is displayed in the user list. You can double-click the user account to
view the user groups to which the user has been added on the User Groups tab.
Follow-up Procedure
To add the user to another user group, click Add in the lower right corner of the User Groups
tab. To delete the user from a user group, select the user group on the User Groups tab and
click Delete in the lower right corner of the tab.
5.2.5 Transferring Operation Sets

If multiple U2000s are deployed on the global network (for example, one U2000 is deployed
in each region to manage devices) and operation sets required by the U2000s are similar
according to an authorization plan, security administrators can use the operation set import
and export functions provided by the U2000 to transfer operation sets from one U2000 to
other U2000, or add or modify operation sets on one U2000 in batches (this function cannot
be used for operation sets in regions).

5.2.5.1 Exporting Operation Sets

By exporting operation sets to a file, you can back up all operation sets to your local computer
and query the operation set to which a right belongs. You can also add operation sets or
change operation set members in the file and import the file to the U2000 using the Import
Operation Sets function.
Prerequisites
You have logged in as the admin user.
Context
l For a newly installed U2000, you can export network management application operation
sets and network device operation sets to files, add new operation sets to the files, and
import the files to the U2000 using the Import Operation Sets function. In this way,
you can create operation sets in batches at one time.
l For an U2000 that has being running for a period of time, you can export existing
operation sets to files on the local computer. This helps you restore operation sets using
the Import Operation Sets function if some operation sets are lost after an upgrade or a
batch deletion of old operation sets.
l The exported operation set file does not contain the default operation sets.
Procedure
Step 2 On the top of the NMS User Management navigation tree, click and choose Export
Operation Sets.
Step 3 In the Save dialog box, name the file, specify a path, and then click Save.
Step 4 In the Information dialog box, click OK.
----End
Result
l The Network Management Application and Network Device operation sets are saved
in separate files.

NOTE
All operation information is listed in columns A to E in the exported operation set files. The cells
after column E provide the names of operation sets that exist on the U2000. Operations marked
with the letter Y are members in the corresponding operation sets.
l The formats of default file names are
Operation_Sets_YYYY_MM_DD_HH_MM_SS_Network_Device.csv and
Operation_Sets_YYYY_MM_DD_HH_MM_SS_Network_Management_Application.
csv.
NOTE
l You can specify Operation_Sets_YYYY_MM_DD_HH_MM_SS when saving operation set

files.
l An operation set file can contain a maximum of 100 operation sets. When the maximum
number is reached, subsequent data is saved in a new operation set file named in the format
Operation_Sets_YYYY_MM_DD_HH_MM_SS_Network_Device@N.csv or
Operation_Sets_YYYY_MM_DD_HH_MM_SS_Network_Management_Application@N.cs
v. N is an integer starting from 1. For example, if exported data includes 300 Network Device
operation sets, the Network Device operation sets are saved in three files named in the
following formats: Operation_Sets_YYYY_MM_DD_HH_MM_SS_Network_Device.csv,
Operation_Sets_YYYY_MM_DD_HH_MM_SS_Network_Device@1.csv, and
Operation_Sets_YYYY_MM_DD_HH_MM_SS_Network_Device@2.csv.
Related References
5.2.5.3 Importing Operation Set Files
5.2.5.2 Adding Operation Sets or Changing Operation Set Members in Batches
5.2.5.2 Adding Operation Sets or Changing Operation Set Members in Batches

If you want to add multiple operation sets or adjust the members of multiple operation sets in
batches, you can export the information about all the operation sets in the U2000 system into
a file, add operation sets and change operation set members in the file, and then import the
edited file for it to take effect.
Prerequisites
l You have logged in as the admin user.
l The file containing the exported operation set information should be edited by user
admin based on the right-related policy and operation set planning.
l The information about all the operation sets in the U2000 is exported and saved in a file.
For details, see 5.2.5.1 Exporting Operation Sets.
l You are familiar with the planning of system operations or operation sets. For details, see
5.2.3 Authorization Plan.
Context
l This operation does not apply to the change of operation set names.
l The information in columns from A to E in the operation set file cannot be modified. If it
is modified, importing the file will fail. If the information is modified, export operation
set file again.
l In the operation set file, the table cells in line 10 and columns except columns from A to
E contain only operation set names.

l If the operation set name in the file exists in the current U2000, the operation set fails to
import.
l The naming convention of a new operation set is the same as that of an operation set
created in the U2000.
Procedure
Step 1 Open and edit the .csv file containing the exported operation set information.
Figure 5-12 Files containing the U2000 application operation sets
To add an U2000 application operation set, perform the following steps:

l Adding an operation set
a. In the .csv file, add a column next to column E, and enter the name of the new
operation set in the first cell of the new column, such as Figure 5-12. Assume that
the U2000 has Operation Set A and Operation Set B, you can add New
Operation Set C next to Operation Set B.
b. Adding members for the new operation set. You can enter Y in the line where an
operation to be performed. See Figure 5-12. The blue area stand for that Create
Subnet and Modify NE are performed for New Operation Set C.
NOTE
Only letter Y is valid.
l Modifying the operations of an operation set. Assume Operation Set A already exists in
the U2000. You can modify the operation set members as follows:
a. Enter Y in the associated table cell of operation set. If you need to delete Query
System Logs of Operation Set A, delete Y of Operation Set A. If you need to add
Create Subnet, type Y in the associated table cell of Operation Set A.
b. To prevent a file import failure due to inconsistency between operation set
information in the file and that on the U2000 client, delete the operation set
modified in the previous step from the client. In this example, delete Operation Set
A.
Step 2 Save the file, and import the file by following the procedure provided in 5.2.5.3 Importing
Operation Set Files for the file to take effect.
----End
Result
After the file is imported successfully, you can view the change of the rights in an operation
set.
Related Tasks

Related References
How Do I Determine an Operation Right Type?
5.2.5.3 Importing Operation Set Files

You can import operation set files to restore the lost operation sets on the U2000. By
importing operation set files. you can also add operation sets or change operation set members
in batches on the U2000.
Prerequisites
l The information about all the operation sets in the U2000 system has been exported and
saved in a file. For details, see 5.2.5.1 Exporting Operation Sets.
l You are familiar with the planning of operation sets. For details, see 5.2.3 Authorization
Plan.
Context
l The operation set files to be imported must be files exported using the Export
Operation Sets function.
l If an operation set name in the file already exists in the current U2000, the operation set
fails to be imported.
Procedure
Step 1 Optional: In the exported operation set files, add operation sets or modify members in the
operation sets in batches.
NOTICE
l This operation does not apply to the change of operation set names.
l The information in columns from A to E in the operation set file cannot be modified. If it
is modified, importing the file will fail. If the information is modified, export operation set
file again.
l In the operation set file, the table cells in line 10 and columns except columns from A to E
contain only operation set names.
1. Open and edit the .csv file containing the exported operation set information.
Figure 5-13 File containing network management application operation sets

To add an U2000 application operation set, perform the following steps:

Operation Name Operation Method
Add an operation 1. In the .csv file, add a column next to column E, and enter
set the name of the new operation set in the cell next to
Operation Type ID in the new column, such as Figure
5-13. If the U2000 has Operation Set A and Operation
Set B and they already exist in columns F and G, you can
add New Operation Set C next to Operation Set B.
NOTE
The operation set name contains a maximum of 100 characters.
2. Add members for the new operation set. You can enter Y in
the row corresponding to an operation, as shown in the blue
rectangle in Figure 5-13. Create Subnet and Modify NE
are added for New Operation Set C.
NOTICE
Only letter Y is valid.
Modify the Assume Operation Set A already exists in the U2000. You can
operation set modify the operation set members as follows:
members 1. In the Operation Set A column, enter or delete Y at rows
of operations. If you need to delete the Query System Logs
operation from Operation Set A, delete Y at row Query
System Logs, column Operation Set A. If you need to add
the Create Subnet operation, enter Y at row Create
Subnet, column Operation Set A.
2. To prevent a file import failure due to inconsistency of
operation set information between the file and the U2000
client, delete the operation set modified in the previous step
from the client. For example, delete Operation Set A.
2. Save the file.
Step 3 On the top of the NMS User Management navigation tree, click and choose Import
Operation Sets.
Step 4 In the Open dialog box, select the .csv file to be imported and click Open.

----End
Result
Operation sets contained in the imported file are listed under the Operation Set node in the
navigation tree on the left. After you choose an operation set, its members are displayed in the
right pane, which are the same as those specified in the imported file.
Related Tasks
5.2.6 Operation Right Adjustment After Device Addition or

Deletion
After new devices (NEs or subnets) are deployed for maintenance, security administrators
must assign operation rights for the new devices to user groups. After devices are deleted,
operation rights for the devices are automatically deleted from users or user groups' operation
rights.
5.2.6.1 Adjusting Operation Rights After an NE Is Added

After an NE is added, a security administrator must assign operation rights for the NE to the
user group that manages the NE.
Prerequisites
l A user group has been planned to manage the new NE.
Context
If initial authorization has met the following conditions, users in the user group automatically
have the operation rights for the new NE, and no adjustment is required.
The subnet device set to which the new NE belongs has been added to the user group's
domain. The operation set bound to the subnet device set contains all required operations on
the new NE.
Figure 5-14 shows the process of adjusting operation rights after an NE is added.

Figure 5-14 Process of adjusting operation rights after an NE is added
Start
Check user groups' domains

and operation rights. Do the user groups Yes
automatically have operation rights
for the new NE?
No
After the subnet device set

to which the new NE belongs is added Yes Add the operations performed on the new NE
to the user groups' domains, do the user
to the user groups' operation sets.
groups lack operations performed
on the new NE?
No
Add the new NE to the user groups' domains.
Assign the operations performed on the

new NE to the user groups.
End
Procedure
Step 1 Viewing the Domain of a User or User Group and Viewing Operation Rights of a User or
User Group. Determine whether the user group automatically has the operation rights for the
new NE based on the context information mentioned above.
l If yes, the procedure ends.
l If the subnet device set to which the new NE belongs has been added to the user group's
domain, but the user group's operation rights do not contain the operation rights for the
NE, perform Step 2.
l If none of the preceding conditions is met, perform Step 4.
Step 2 Add the operation rights for the new NE to the user group's operation set.
1. Choose Administration > NMS Security > NMS User Management from the main
menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User Management from the
main menu (application style)Administration > NMS Security > NMS User

Management from the main menu (traditional style); alternatively, double-click

Security Management in Application Center and choose OSS Security > OSS User
Management from the main menu (application style).
2. In the NMS User Management navigation tree, expand the Operation Set node and
select the user group's operation set.
3. On the Members tab page in the right pane, click Select.
4. In the Available rights area of the Select Operation Set Member dialog box, select
operation rights for the type of the new NE.
5. Click to move the operation rights to the Selected Rights area.

6. Click OK.
The operation rights for the new NE are assigned to the user group.
Step 3 Add the new NE to the user group's domain.
l If the user group is authorized using a user-defined object set, perform the following
steps:
a. Choose Administration > NMS Security > NMS User Management from the
main menu (traditional style); alternatively, double-click Security Management in
Security Management in Application Center and choose OSS Security > OSS
User Management from the main menu (application style).
b. In the NMS User Management navigation tree, expand the Object Set node and
select the user group's object set.
c. On the Members tab page in the right pane, click Select.
d. In the Available Devices and Object Sets area of the Select Object Set Member
dialog box, expand all nodes and select the new NE.
e. Click to move the new NE to the Selected Devices and Object Sets
area.
f. Click OK.
l If the user group is authorized using the device mode, perform the following steps:
b. In the NMS User Management navigation tree, expand the User Group node and
choose the user group that manages the new NE.
c. On the Domain tab page in the right pane, click Select.
d. In the Select Domain dialog box, click More in the Authorization Mode area and
select Device.
e. In the Available Objects area, select the new NE.
f. Click to move the new NE to the Selected Objects area.

g. Click OK.
Step 4 Verify that the user group's operation rights include the operation rights for the new NE.
l If the user group is authorized using a user-defined object set, perform the following
steps:
a. In the NMS User Management navigation tree, expand the Operation Set node
and select the operation set corresponding to the user-defined object set.
b. On the Members tab page in the right pane, check whether the user group's
operation set contains the operation rights for the new NE.
n If yes, the procedure ends.
n If no, go to the next step.
c. On the Members tab page in the right pane, click Select.
d. In the Available Rights area of the Select Operation Set Member dialog box,
select operation rights for the type of the new NE.
e. Click to move the operation rights to the Selected Rights area.

f. Click OK.
l If the user group is authorized using the device mode, perform the following steps:
a. On the Operation Rights tab page in the right pane, click Select.
b. In the Authorization Objects navigation tree of the Select Operation Rights
dialog box, expand the Device node and select the new NE.
c. In the Operation navigation tree, select required operation rights and add them to
Selected Rights in the right pane.
d. Click OK.
The operation rights for the new NE are assigned to the user group.
----End
5.2.6.2 Adjusting Operation Rights After a Subnet Is Added

After a subnet is added, a security administrator must assign operation rights for the subnet to
the user groups that manage the subnet.
Prerequisites
l You have obtained information about user groups that manage the new subnet, types of
all devices on the subnet, and operation rights required for the user groups to manage the
devices.
Context
l Based on the original authorization mode, assign operation rights for the new subnet as
follows:
– If the original authorization mode is the single-device mode, assign operation rights
based on subnet device sets.
– If the original authorization mode is the subnet device set mode or user-defined
object set mode, assign operation rights based on subnet device sets.

l If the new subnet is managed by multiple user groups, adjust each user group's operation
rights in a similar way. This section describes the process of adjusting a user group's
operation rights.
Figure 5-15 shows the process of adjusting operation rights after a subnet is added.
Figure 5-15 Process of adjusting operation rights after a subnet is added
Start
Query user groups' authorization modes.
User groups are authorized in User groups are authorized in subnet

single-device mode. device set or user-defined object set mode.
Add the subnet device set corresponding to Add the subnet device set corresponding to
the new subnet to the user groups' domains. the new subnet to the user groups' domains.
Create an operation set. Add operations

performed on objects on the new subnet to Do the user
the operation set. groups' operation sets contain
operations performed on various
types of devices on the
new subnet?
Assign the operation set to the user groups. Yes No
Add the operations performed on various

Bind the operation sets to the
types of devices on the new subnet to the
subnet device set.
user groups' operation sets.
End
Procedure
Step 1 Add the subnet device set corresponding to the new subnet to the user group's domain.
2. In the NMS User Management navigation tree, expand the User Group node and
choose the user group that manages the new subnet.
3. On the Domain tab page on the right, click Select.
4. In the Authorization Mode area of the Select Domain dialog box, select Subnet Device
Set.
5. In the Available Objects area, select the subnet device set that corresponds to the new
subnet and has the same name as the new subnet, and click to add the
subnet device set to the user group's domain.

6. Click OK to close the Select Domain dialog box.

Step 2 Query the user group's authorization mode. For details, see 5.2.8.2 Viewing Operation
Rights of a User or User Group.
l If the user group is authorized in single-device mode, create an operation set for the new
subnet. For details, see 5.2.4.3 Creating User-Defined Operation Sets. After an
operation set is created, perform Step 5.
l If the user group is authorized in subnet device set mode or user-defined object set mode,
perform Step 3.
Step 3 Check whether the network device operation set contains all operation rights for various types
of devices on the new subnet. For details, see 5.2.8.5 Viewing Operations in an Operation
Set.
l If the network device operation set does not contain all required operation rights,
perform Step 4.
l If the network device operation set contains all required operation rights, perform Step 5.
Step 4 Modify the network device operation set so that it contains all operation rights for various
types of devices on the new subnet.
2. In the NMS User Management navigation tree, expand the Operation Set node and
choose the network device operation set corresponding to the user group.
3. On the Members tab page in the right pane, click Select.
4. In the Available Rights area of the Select Operation Set Member dialog box, select
operation rights for various types of devices on the new subnet.
5. Click to move the operation rights to the Selected Rights area.

6. Click OK.
Step 5 Bind the network device operation set that contains all required operation rights for the new
subnet to the subnet device set.
2. In the NMS User Management navigation tree, expand the User Group node and
choose the user group that manages the new subnet.
3. On the Operation Rights tab page in the right pane, click Select.
4. In the Authorization Objects area of the Select Operation Rights dialog box, expand
the Subnet Device Set node in the navigation tree and choose the subnet device set
corresponding to the new subnet.

5. In the Operation area, select the network device operation set that contains all required
operation rights for the new subnet. Click to add the network device
operation set to the Selected Rights area.
6. Click OK to close the Select Operation Rights dialog box.
The operation rights for the new subnet are assigned to the user group.
----End
5.2.6.3 Adjusting Operation Rights After the Networking Structure Is Changed

After the networking structure is changed (including NE transfer and global networking
structure modification), management responsibilities may be shifted from one group to
another. If this occurs, security administrators must adjust user groups' operation rights.
Procedure
l During NE transfer (for example, when an NE is transferred from one subnet to another),
a security administrator adjusts user groups' operation rights by deleting the NE from the
transferor user group's domain and adding the NE to the transferee user group's domain.
For details, see 5.2.6.1 Adjusting Operation Rights After an NE Is Added.
– If the NEs are assigned to the transferor user group in subnet device set mode, the
security administrator does not need to adjust the transferor user group's operation
rights after NE transfer.
– If the NEs are assigned to the transferor user group in object set mode or device
mode, delete the NEs from the user group's domain. For details, see NE Scope
Change.
l During global networking structure modification, a security administrator plans
authorization and authorizes users again. For details, see Performing the Initial
Authorization.
----End
Related Tasks
Performing the Initial Authorization
5.2.7 Operation Right Adjustment After Personnel's

Responsibilities Change
If the topology of managed objects remains unchanged whereas personnel's responsibilities
change, for example, changes to managed NE scopes, operation rights, and posts, security
administrators must adjust users' operation rights.
5.2.7.1 Adjusting Operation Rights After the Scope of Managed Objects Is

Changed
When the topology of managed objects remains unchanged and the management rights are
transferred from a user group to another one, security administrators must adjust the user
group rights.

Prerequisites
You have logged in as a user in the SMManagers group.
NE Scope Change
In subnet device set mode, user groups are assigned operation rights for devices based on
subnets. Therefore, security administrators do not need to adjust operation rights after the
scope of managed objects is changed if user groups are authorized in subnet device set mode.
Step 1 Delete NEs from the transferor user group's domain.

2. In the NMS User Management navigation tree, expand User Group and select the user
group that no longer manages NEs.
3. On the Domain tab page in the right pane, delete NEs based on authorization modes.

Operation Right NE Deletion Method

Configuration Mode
Add an NE to an object 1. In the NMS User Management navigation tree, expand

set and assign the the Object Set node and choose the object set to which
object set to a user the NE belongs.
group. 2. On the Applicable for tab page in the right pane, check
whether the object set has been assigned to other user
groups.
n If no, perform step 3 to delete the NE from the
object set. The procedure ends.
n If yes, check whether the NE deletion applies to
these user groups.
○ If yes, perform step 3 to delete the NE from the
object set. The procedure is complete.
○ If no, perform steps 4, 5, and 6 to change the
object set for the user group that no longer
manage the NE. The procedure is complete.
3. On the Members tab in the right pane, select the NE
and click Delete. In the Confirm dialog box, click Yes.
4. Re-create an object set. For details, see Creating User-
Defined Object Sets. Copy the members of the original
object set to the new object set and delete the NE that is
no longer managed by the user group.
5. On the Domain tab for the user group, add the new
object set to the user group's domain. On the Operation
Rights tab for the user group, bind the operation set for
the original object set to the new object set.
6. Delete the original object set from the user group's
domain.
Assign an NE to a user 1. Expand the Device node, choose the NE, and click
group in device mode. Delete in the lower right corner.
2. In the Confirm dialog box, click Yes.
Step 2 Adjust the operation rights for the NEs for the transferee user group. For details about how to
adjust operation rights, see 5.2.6.1 Adjusting Operation Rights After an NE Is Added.
----End
Subnet Scope Change

The entire subnet is transferred from a user group to another.

2. In the NMS User Management navigation tree, expand User Group and select a user
group that does not manage the subnet.
3. On the Domain tab page right to the navigation tree, select the subnet device set and
click Delete.
4. In the Confirm dialog box, click OK.
5. For a user group that is going to manage subnet rights, assigning subnet rights to it
means adding a new subnet. For details about how to adjust operation rights, see 5.2.6.2
Adjusting Operation Rights After a Subnet Is Added.
5.2.7.2 Adjusting Operation Rights After the Scope of Operation Rights Is

Changed
If a user group's operation rights for a managed object must be added or deleted due to
changes to personnel's responsibilities, security administrators must adjust operation rights as
required.
Prerequisites
Procedure
Step 1 View the operation rights of a desired user group.
Step 2 Adjust the operation rights of the user group as required.
Task Operations
Adding an operation l For assigning operation rights for a single device or a device
right for a managed type:
object 1. On the Operation Rights tab page, click Select.
2. In the Select Operation Rights dialog box, expand
Device or Device Type in the Authorization Objects
navigation tree and select a device or a device type. In
the Operation navigation tree, select the desired
operations and add them to Selected rights in the right
pane.
3. Click OK.
l For details about how to assign operation rights for subnet
device sets and user-defined object sets on the basis of
existing operation sets, see step 4 in 5.2.8.5 Viewing
Operations in an Operation Set.

Task Operations
Deleting an operation l For assigning operation rights for a single device or a device
right for a managed type: On the Operation Rights tab page, expand Device or
object Device Type, select the desired operations, and click
Delete.
l For assigning operation rights for subnet device sets and
user-defined object sets: Select the bound operation sets,
right-click, and choose View Members from the shortcut
menu. Check whether the operation sets contain operation
rights that need to be deleted. If the operation sets contain
operation rights that need to be deleted, see step 4 in 5.2.8.5
Viewing Operations in an Operation Set to delete the
operation rights.
NOTE
An operation may exist in multiple operation sets. The operation
right is deleted from a user group only when all operation sets
bound to the user group do not contain the operation.
----End
5.2.7.3 Adjusting Operation Rights After Management Personnel's Posts Change

After management personnel's posts change due to role changes, recruitment, resignation, or
other reasons, U2000 security administrators must adjust users' operation rights.
Prerequisites
Role Change
After management personnel's roles change, security administrators must perform the
following steps to adjust user groups to which the personnel belong:
2. In the NMS User Management navigation tree, expand User and select a user whose
user group is to be adjusted.
3. On the User Groups tab page in the right pane, select the user group to which the user
belongs and click Delete. In the Confirm dialog box that is displayed, click Yes.
4. On the User Groups tab page in the right pane, click Add. In the Add User Group
dialog box, select a user group to which the user is to be added and click OK.

Recruitment
If new employees are recruited, security administrators must create user accounts and assign
the user accounts to the new employees. For details about how to create user accounts and
assign operation rights to user accounts, see 5.2.4.5 Creating Users and Adding Them to
User Groups.
Resignation
After an employee resigns, the employee's user account is no longer used or is retained.
l To delete the user account, security administrators perform the following steps:
b. In the NMS User Management navigation tree, expand User. Right-click the user
to be deleted and choose Delete from the shortcut menu. In the Confirm dialog box
that is displayed, click Yes.
l To retain the user account for future use, security administrators perform the following
steps:
b. In the NMS User Management navigation tree, expand User and choose a user.
c. On the Details tab page, set Disable user account to Yes.
NOTICE
l If the policy for deleting a user account when the user account is not used to log
in for a specified period has been set in Setting the Account Policy, the user
account is deleted when it has not been used to log in for the specified period.
l After an employee resigns or a user account is re-enabled, the corresponding
user password must be changed to improve account security.
d. Click Apply to save the settings.
5.2.8 Querying Authorization

During the period of initial authorization and right maintenance, you can query the user rights
and right assignment and compare the right differences between two users.

5.2.8.1 Viewing Domains of a User or User Group

Security administrators can view domains of a user or user group to identify objects that are
managed by the user or user group.
Prerequisites
Procedure
Step 2 In the NMS User Management navigation tree, expand the User or User Group node and
select a user or user group.
Step 3 On the Domain tab, view managed objects in the domains.
The following table lists different methods for viewing domains based on the authorization
mode.
Authorization Method
Mode
All objects No operation is required. The domain contains all network objects.
Subnet device set Expand the Subnet Device Set node. Right-click the desired subnet
device set and choose View Member from the shortcut menu.

Mode
User-defined Expand the Object Set node. Right-click the desired user-defined
object set object set and choose View Member from the shortcut menu.
To change objects in the object set, see step 4 in 5.2.8.6 Viewing
Objects Contained in an Object Set.
Device Expand the Device node and view managed devices.
Subnet Expand the Subnet node to view managed subnets.
NOTE
l If you select the Show the domain of the owner user group check box when viewing a user's
domain, managed objects displayed include managed objects that the user inherits from user
groups. Perform the following operations to view the inherited managed objects:
1. Switch to the User Groups tab. View the user groups to which the user belongs.
2. View the managed objects contained in each user group.
l If you select the Sort by device type check box, objects under the Device node on the Domain tab
are grouped by type.
l By default, the Show the domain of the owner user group check box is selected and the Sort by
device type check box is cleared.
----End
5.2.8.2 Viewing Operation Rights of a User or User Group

Security administrators can view operation rights of a user or user group to identify operations
that the user or user group can perform on managed objects.
Prerequisites
Procedure
Step 2 In the NMS User Management navigation tree, expand the User or User Group node and
select a user or user group.
Step 3 On the Operation Rights tab, expand the object nodes and view the operation rights of the
user or user group on each object.

The following table lists different methods for viewing operation rights based on the
authorization mode.
Mode
Network Expand the Network Management Application node. Right-click the

management desired operation set and choose View Member from the shortcut
application menu.
To change operations in the operation set, see step 4 in 5.2.8.5
Viewing Operations in an Operation Set.
Subnet device set Expand the Subnet Device Set node. Right-click the desired operation
set and choose View Member from the shortcut menu.
User-defined Expand the Object Set node. Right-click the desired operation set and
object set choose View Member from the shortcut menu.
Device Expand the Device node and view operation rights of the user on
different devices.
NOTE
If the Show the operation rights of the owner user group check box is selected when you view user
operation rights, the displayed user operation rights contain the operation rights inherited from the user
groups. The operation rights inherited from the user groups are displayed in gray on the UI and cannot
be deleted. Perform the following operations to view the inherited operation rights:
1. View the user groups to which the user belongs.
2. View the operation rights of each user group.
By default, the Show the domain of the owner user group check box is selected.
----End

5.2.8.3 Viewing User Groups To Which a User Belongs

Security administrators can view user groups to which a user belong to identify the user
groups whose operation rights are inherited by the user.
Prerequisites
Procedure
Step 2 In the NMS User Management navigation tree, expand the User node and select a user.
Step 3 On the User Groups tab, view user groups to which the user belongs.
----End
5.2.8.4 Querying User and User Group Authorization Details

You can query the users and user groups to which a network management application
operation or network device operation is assigned.
Prerequisites
Context
The Administrators group contains all operation rights on the U2000 except Security
Management and System Security Monitor rights. Therefore, in the Authorization Details

dialog box, the Administrators is always displayed in the Authorized User/User Group
area when any operation or operation set is selected.
Procedure
Step 2 On the top of the NMS User Management navigation tree, click .
NOTE
You can enter the desired character string in the Find text box and click or to search for
authorization objects in the up direction or down direction, and click to specify whether to set the
Match whole word only or Match case rules.
Step 3 In the Authorization Details dialog box, expand the root node or parent node and select a
child node in the navigation tree.
After a node is selected, the corresponding operation or operation set is displayed in the
Operation area.
Step 4 In the Operation area, expand the root node or parent node and select an operation or
operation set.
In the Authorized User/User Group area, you can view the user or user group to which the
operation or operation set is assigned.
----End

5.2.8.5 Viewing Operations in an Operation Set

Security administrators can view operations contained in an operation set and check whether
the contained operations meet requirements.
Prerequisites
Procedure
Step 2 In the NMS User Management navigation tree, expand the Operation Set node and select
the desired operation set.
Step 3 On the Members tab, view operations contained in the operation set.
NOTE
To query and manage user rights more easily, export users' managed objects and operation rights by
right-clicking in a blank area and choosing Save All from the shortcut menu.
NOTE
l On the Details tab, you can view the operation set type (network management application operation
set or network device operation set).
l On the Applicable for tab, you can view the users and user groups to which the operation set is
assigned.
Step 4 Optional: Add operations to or delete operations from the operation set.

l Adding operations: On the Members tab, click Select. In the Select Operation Set
Member dialog box, select the desired operation set members and click OK.
l Deleting operations: On the Members tab, select one or multiple operation set members
and click Delete. In the Confirm dialog box, click Yes.
----End
5.2.8.6 Viewing Objects Contained in an Object Set

Security administrators can view objects contained in an object set and check whether the
contained objects meet requirements.
Prerequisites
Procedure
Step 2 In the NMS User Management navigation tree, expand Object Set and select the desired
object set.
Step 3 On the Members tab, view objects contained in the object set.

NOTE
l On the Details tab, you can view the details about the object set.
l On the Applicable for tab, you can view the users and user groups to which the object set is
assigned.
l If the Sort by device type check box is selected, the members of the object set are sorted by device
type. If the object set does not contain any device, the Sort by device type check box is unavailable.
Step 4 Optional: Add members to or delete members from the object set.
l Adding members: On the Members tab, click Select. In the Select Object Set Member
dialog box, select the desired object set members and click OK.
l Deleting members: On the Members tab, select one or multiple object set members,
right-click, and choose Delete from the shortcut menu. In the Confirm dialog box, click
Yes.
----End
5.2.8.7 Comparing U2000 User Rights

This topic describes how to compare the rights of two NMS users to check for the differences.
Prerequisites
Procedure
Step 2 On the top of the NMS User Management navigation tree, click .
Step 3 In the Compare Users dialog box, select a user from the Source User and Target User list
boxes, click Compare.

Step 4 View the result in the Compare User Rights dialog box.
NOTE
l During the comparison of rights between user A and user B, if user A has an operation right but user
B does not have this right, this right node of user B is left blank.
l On the U2000, you cannot compare rights of the same user. If you select the same user from the
Source User and Target User list boxes, the Compare button is unavailable.
l In the Compare User Rights dialog box, the U2000 can display user rights in either of the
following modes:
– Display all rights: All user rights are displayed for each user.
– Display only differences: Only the differences between user rights are displayed.
----End
5.2.9 Configuring Secondary Authorization Operations

To ensure network security, the U2000 supports secondary authorization for critical
operations. When a user performs a critical operation, the operation can be proceeded only
after secondary authorization by another user. This can help prevent service interruption
caused by misoperation.
Configuring Secondary Authorization Operations
Prerequisite
Context
l By default, secondary authorization is not enabled for all operations.

l This policy does not apply to the admin user.

l By default, user in theAdminstrators group have the secondary authorization
permission.
l You are advised to enable secondary authorization for special occasions such as holiday.
This can prevent the potential service interruption caused by misoperation.
l This policy supports wdm, mstp, routers, PTNs and access NEs.
NOTE
Access NEs supported by the policy are as follows: MA5600T, MA5603T, MA5606T, MA5608T,
MA5680T, MA5683T, MA5603U, MA5800 series, EA5800 series, MA5605, MA5600V3,
MA5300, MA5100V1, MA5100V2, UA5000, UA5000(IPMB), MDU, miniDSLAM, ATN930 and
WS6603.
l NM Application(Access NetWork) supports this policy.
Procedure
1. Choose Administration > NMS Security > Configure Secondary Authorization
Operations from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose OSS Security > Settings > Configure
Secondary Authorization Operations from the main menu (application style).
In this example, secondary authorization is configured for BFD global disable of the
CX600–X8.
2. Configure parameters related to secondary authorization. For details, see the description
of the parameters.
3. Clear the Enable checkbox, and click Apply. The configuration of secondary
authorization is complete.
Result
When configuring BFD global disable for the CX600–X8, a warning dialog box id displayed.
After you click Yes, the Secondary Authorization Authentication is displayed, indicating
that the user name and password of the authorization user are required to proceed the
operation.


Infographic
Related References
Configuring Secondary Authorization Operations

5.2.10 Configuration Examples of Security Management

Examples on security management are provided to enhance your understanding on authority
management.

In live network maintenance, an NMS user may need to be assigned only part of operation
rights. This topic provides an example for assigning specific operation rights to an NMS user.
Prerequisites
Context
If the topology view is locked, Modify Object Position is unavailable even if the user has
this operation right. Only a user with the Lock/Unlock View operation right can unlock the
topology view and make Modify Object Position available. To unlock the topology view,
choose View > Lock from the main menu.
Scenario
Security administrator A needs to create a topology maintenance engineer (Topo_mtB) to
manage topological objects and ensure that the assigned rights do not contain the Modify
Object Position right.
Roadmap
Step Roadmap
1 Assigns operation rights by adding the user

to a user group. Before this operation, you
must create topology maintenance user
group Topo_mtgroup.
2 Topology management involves NMS

operations only and does not require NE
authority. Therefore, assign default
Network Management Application
operation sets first to Topo_mtgroup.
After checking the Network Management
Application operation sets exported from
the NMS, you can find that the default NMS
operation sets for topology management
such as Topo Maintainer Operation Set,
Topo Operator Operation Set, and Topo
Monitor Operation Set contain Modify
Object Position. Therefore, the default
NMS operation sets cannot be assigned to
Topo_mtgroup.

Step Roadmap
3 The default NMS operation sets contain

Modify Object Position. Therefore, create
an operation set that does not contain
Modify Object Position and assign it to
Topo_mtgroup. For operation details, see
the following section.
4 Creates topology maintenance user B and

adds it to group Topo_mtgroup.
Procedure
Step 2 Create an object set for Topo_mtgroup.

1. In the NMS User Management navigation tree, right-click Object Set and choose New
Object Set from the shortcut menu.
2. In the New Object Set dialog box, click the Details tab and set common attributes for
the new object set.
3. On the Members tab, configure members for the new object set. These members are the
objects managed by Topo_mtB.
Step 3 Create an operation set for Topo_mtgroup.

1. In the NMS User Management navigation tree, right-click Operation Set and choose
New Operation Set from the shortcut menu.
2. In the New Operation Set dialog box, click the Details tab and set common attributes
for the new operation set.
3. On the Members tab, configure members for the new operation set. Select the
topological management rights other than Modify Object Position in the Topo
Management node.

4. Click OK.
Step 4 Create topology maintenance user group Topo_mtgroup and set its management domain and
operation rights.
1. In the NMS User Management navigation tree, right-click User Group and choose
New User Group from the shortcut menu. Alternatively, click above the navigation
tree and choose New User Group.
2. In the New User Group dialog box, click the Details tab and set common attributes such
as User name and Description, and then click Next.
3. Click Select. In the Select Domain dialog box, select Object Set of Topo_mtGroup,
click OK, and then click Next.

4. Click Select. In the Select Operation Rights dialog box, select Operation Set of
Topo_mtB, click OK, and then click Next.
5. Click OK.
Step 5 Create topology maintenance user Topo_mtB and add it to group Topo_mtgroup.
1. In the NMS User Management navigation tree, right-click User and choose New User
from the shortcut menu. Alternatively, click above the navigation tree and choose
New User.
2. Set common attributes for the user, such as user name and password.
3. Click Add, choose Topo_mtgroup from the Add New Group dialog box, and click OK.
4. Click OK.
----End

Result
Once you have created user Topo_mtB following the preceding procedure, log in to the
U2000 as user Topo_mtB to manage the topology.
Related Concepts
5.2.10.3 Example for Creating U2000 User Accounts and Allocating Rights in the Rights- and
Domain-based Management Scenario
5.1 User Security

Maintenance engineers need to add or delete rights for created users when planning or
maintaining the live network. This topic provides an example for deleting a specific right for
an NMS user.
Prerequisites
l A clear plan is required before adjusting rights for a user. Before the plan is made, the
user's role must be clear.
Scenario
Security administrator A finds out that a monitoring engineer Monitor_B has the Modify
Object Position rights. However, a monitoring engineer should not have the rights according
to the plan made before the adjustment. Therefore, the rights are to be deleted.

Configuration Roadmap
Scenario Configuration Description
Roadmap
1. Monitor_B is a member of the default Modify the rights of Guests has all the
user group Guests. the default operation rights of Monitor
sets in Guests. Operation Set of
NOTE Region XX.
If other members in Checking the
the Guests require Network
the Modify Object Management
Position right, you
Application
must remove
Monitor_B from operation sets
Guests and then exported from the
grant rights to NMS, Topo
Monitor_B Monitor Operation
separately. Set contains Modify
Object Position.
Therefore, remove
Modify Object
Position from Topo
Monitor Operation
Set.


Roadmap
NOTE
l A user has all
rights of its user
groups.
Therefore, to
delete a specific
right of a user,
delete the right
from the groups
to which the user
belongs.
l A user or user
group has all
rights of its
operation sets.
Therefore, to
delete a specific
right of a user or
user group, delete
the right from the
operation sets.
l Generally,
modifying the
rights of default
user groups and
operation sets is
not
recommended. To
adjust user rights,
you can remove
Guests from the
user groups to
which
Monitor_B
belongs and
reassign rights to
Monitor_B.


Roadmap
2. Monitor_B is a 2.1 Topo Guests of Modify the rights of Topo Guests of

member of the non- Region XX contains the Topo Monitor Region XX is a
default user group a Topo Monitor Operation Set service-function-
Topo Guests of Operation Set provided by the based user group in
Region XX provided by the U2000 by default. the service
U2000 by default. NOTE authorization and
If other members in planning phase.
the Topo Guests of Users in Topo
Region XX require Guests of Region
the Modify Object
XX have the rights
Position right, you
must remove of querying
Monitor_B from topology objects. To
Topo Guests of adjust rights for
Region XX and then Monitor_B, remove
grant rights to Modify Object
Monitor_B
Position from Topo
separately.
Monitor Operation
Set.
2.2 Topo Guests Modify the rights of Topo Monitor

Region XX contains the new Topo Operation Set of
the new Topo Monitor Operation Region XX is a new
Monitor Operation Set of Region XX. operation set
Set of Region XX. NOTE assigned to Topo
If other members in Guests of Region
the Topo Guests of XX and has the
Region XX require rights of querying
the Modify Object
topology objects. To
Position right, you
must remove adjust rights for
Monitor_B from Monitor_B, remove
Topo Guests of Modify Object
Region XX and then Position from Topo
grant rights to Monitor Operation
Monitor_B
Set.
separately.
3. Monitor_B does not belong to any user Modify the rights for In the Select
groups. Monitor_B directly. Operation Rights
window, deselect
Modify Object
Position for
Monitor_B.
Procedure
l Operation procedure in scenario 1 (where Monitor_B is a member of Guests):
Application Center (application style).

b. Choose NMS User Management > Operation Set > Topo Monitor Operation
Set from the navigation tree.
c. On the Members tab, click Select.
d. The Select Operation Set Member dialog box is displayed. In the Selected rights
group area, expand the nodes under Network Management Application. Select
Modify Object Position and click .
e. Click OK.
l Operation procedure in scenario 2 (where Monitor_B is a member of the non-default
user group Topo Guests of Region XX):
– The operation procedure is the same as that in scenario 1.
– The operation procedure is similar to that in scenario 1. The only difference is Topo
Monitor Operation Set of Region XX is selected from the navigation tree on step
2.
l Operation procedure in scenario 3 (where Monitor_B does not belong to any user
groups):
Application Center (application style).
b. Choose NMS User Management > User > Monitor_B from the navigation tree.
c. On the Operation Rights tab, click Select.
d. The Select Operation Rights dialog box is displayed. In the Selected rights group
area, expand the nodes under Network Management Application. Select Modify
Object Position and click .

e. Click OK.
Result
If Monitor_B has logged in already, restart the client and relog in to the U2000 for the
settings to take effect. Then, Monitor_B does not have the rights of modifying positions for
topology objects.
Related Concepts
5.2.10.3 Example for Creating U2000 User Accounts and Allocating Rights in the Rights- and
Domain-based Management Scenario
5.1 User Security
5.2.10.3 Example for Creating U2000 User Accounts and Allocating Rights in the
Rights- and Domain-based Management Scenario
This topic provides the example for creating U2000 user accounts and allocating rights in the
rights- and domain-based management scenario.
Application Scenario
In an office, all NEs are monitored and managed through the U2000 in a centralized manner
and they are classed into two categories by domain: transport NEs and IP NEs, which are
monitored and managed separately. To enable different users to monitor and manage NEs
through the U2000, you need to assign them different U2000 user accounts and rights.
Figure 5-16 shows the networking.

Figure 5-16 Networking of rights- and domain-based management
transport and IP
domain maintainer
NMS
transport domain IP domain

maintainer maintainer
PTN PTN
CX600 CX600
SDH
SDH
MA5200
NE80E
ME60
RTN RTN NE80E
transport domain network IP domain network
Data Planning
Plan the following subnets based on the NE domain division:
l Transport domain subnet: All managed transport NEs are included.
l IP domain subnet: All managed IP NEs are included.
Plan the following four user groups based on user groups' responsibilities:
User Descriptio Responsibility Managemen Operation Right
Group n t Domain
Name
T2000group- Transport Responsible for NEs in the Operation set of the

admin domain maintaining NEs transport transport domain NE
maintainer in the transport domain maintainer
group domain. Operation set of the
transport domain
service maintainer

User Descriptio Responsibility Managemen Operation Right

Group n t Domain
Name
T2000group- Transport Responsible for NEs in the Operation set of the

view domain monitoring NEs in transport transport domain NE
monitor the transport domain monitor
group domain. Operation set of the
transport domain
service monitor
DMSgroup- IP domain Responsible for NEs in the IP Operation set of the

admin maintainer maintaining NEs domain IP domain NE
group in the IP domain. maintainer
Operation set of the
IP domain service
maintainer
DMSgroup- IP domain Responsible for NEs in the IP Operation set of the

view monitor monitoring NEs in domain IP domain NE
group the IP domain. monitor
Operation set of the
IP domain service
monitor
NOTE
The operation sets listed in the Operation Right column refer to general operation sets associated with
NEs in the transport or IP domains. Determine the actual operation sets to be added based on the types
of managed NEs and the operation rights of user groups.
Plan the following seven users based on user responsibilities:

User Descripti Responsibility User Group
Name on
T2000- Transport Responsible for maintaining Transport domain maintainer

admin domain NEs in the transport domain. group
maintainer
T2000- Transport Responsible for monitoring Transport domain monitor

view domain NEs in the transport domain. group
monitor
DMS- IP domain Responsible for maintaining IP domain maintainer group

admin maintainer NEs in the IP domain.
DMS-view IP domain Responsible for monitoring IP domain monitor group

monitor NEs in the IP domain.

User Descripti Responsibility User Group

Name on
T2000- Transport Responsible for maintaining Transport domain maintainer

admin- domain NEs in the transport domain group
DMS-view maintainer and monitoring NEs in the IP and
& IP domain. IP domain monitor group
domain
monitor
DMS- IP domain Responsible for maintaining IP domain maintainer group

admin- maintainer NEs in the IP domain and and
T2000- & transport monitoring NEs in the Transport domain monitor
view domain transport domain. group
monitor
T2000- Transport Responsible for maintaining Transport domain monitor

view- domain NEs in the transport and IP group
DMS-view monitor & domains. and
IP domain IP domain monitor group
monitor
Configuration Process
On the U2000, do as follows to create a user account and allocate associated rights:
1. Create subnets.
Create a transport domain subnet and an IP domain subnet, and add NEs in the transport
and IP domains to the associated subnets.
2. Create user groups and allocate management domains and operation sets for the user
groups.
You can easily allocate rights to multiple users by using the user group function.
– Based on responsibilities of user groups, configure management domains for the
user groups so that different user groups can manage different NE domains.
– Based on responsibilities of user groups, configure operation rights for the user
groups so that different user groups have different operation rights.
For details about how to create a user group, see 5.2.4.4 Creating and Authorizing
U2000 User Groups.
3. Create user accounts.
Create user accounts for current users, and configure user groups based on
responsibilities of users. Then, each user account has the management domain and
operation rights of the user group.
For details about how to create a user account, see 5.2.4.5 Creating Users and Adding
Them to User Groups.

NOTE
When creating user accounts, do as follows to ensure the U2000 security:
l Set different time available for login based on the shifts.
l Bind IP addresses of area workstations to users.
l Change the user password when logging in to the U2000 for the first time.
When the configuration is complete, the administrator can provide the accounts to associated
personnel.
Related Tasks
Procedure for Creating U2000 Users
5.3 User Security Policy Management

User security policies can efficiently strengthen U2000 system security and prevent
unauthorized user operations. The policies include setting access control rules, managing
passwords and locking clients, and monitoring login users.
5.3.1 Security Policy Management

Security policies refer to the access control rules that are created for managing users. During
initial installation of the U2000, you must plan and configure security policies. After
configuring security policies, you can adjust them based on site requirements.
5.3.1.1 Setting the System ACL

This topic describes how to set the system access control list (ACL) so that U2000 users can
log in to the U2000 server only through the U2000 clients with specified IP addresses. After
being set by security administrators, the system ACL applies to all U2000 users.
Prerequisites
Context
The system ACL applies to all U2000 users and requires them to log in to the U2000 only on
the clients using the specified IP addresses or IP addresses in the specified network segments.
A user ACL is a subset of the system ACL and applies only to the current user.

NOTICE
l If multiple network adapters are installed on the host where a client is deployed, you need
to add the IP addresses of all the network adapters to the ACL. This ensures that users can
log in to the U2000 successfully.
l When the network where a client is located has both internal and external networks, you
need to add both the internal and external IP addresses to the ACL. This ensures that users
can log in to the U2000 successfully.
l Security administrators (including the admin user) cannot delete their logged-in client IP
addresses from their ACLs.
l If the admin user logs in to the U2000 installed on the local server, the login is not
controlled by the ACL and the admin user can delete the local server IP address from the
ACL of the admin user.
Procedure
Step 1 Choose Administration > NMS Security > System ACL from the main menu (traditional
style); alternatively, double-click Security Management in Application Center and choose
OSS Security > System ACL from the main menu (application style)Administration >
NMS Security > System ACL from the main menu (traditional style); alternatively, double-
click Security Management in Application Center and choose OSS Security > System
ACL from the main menu (application style).
Step 2 In the System ACL dialog box, you can view existing ACLs. You can click Add, Delete, or
Modify to add, delete, or modify a system ACL item, and click OK or Yes for the settings to
take effect.
Set System ACL Procedure
Adding a system ACL item 1. In the System ACL dialog box, click Add.
2. In the Add System Access Control Item dialog
box, select the display mode of IP addresses, set the
related parameters, and click OK.
Deleting a system ACL item 1. In the System ACL dialog box, select the system
ACL item to be deleted, and click Delete.
Modifying a system ACL item 1. In the System ACL dialog box, select the system
ACL item to be changed, and click Modify.
2. In the Modify System Access Control Item dialog
box, modify the related parameters, and click OK.
NOTE
You can change the IP Address Display Mode only after
deleting a system ACL item and adding a new system ACL
item.
----End

Related References
System ACL
New User Account
5.3.1.2 Setting a User ACL

This topic describes how to set the access control list (ACL) for a user so that the user can log
in to the U2000 from an U2000 client using a specified IP address. User ACLs are set by
security administrators.
Prerequisites
You have logged in as the admin user or a user in the SMManagers group.
Context
l The admin user can set access rights for all users. Users in the SMManagers group can
set access rights for any user except the admin user.
l The system ACL applies to all U2000 users and requires them to log in to the U2000
only on the clients using the specified IP addresses or IP addresses in the specified
network segments. A user ACL is a subset of the system ACL and applies only to the
current user.
NOTICE
l If multiple network adapters are installed on the host where a client is deployed, you
need to add the IP addresses of all the network adapters to the ACL. This ensures that
users can log in to the U2000 successfully.
l When the network where a client is located has both internal and external networks,
you need to add both the internal and external IP addresses to the ACL. This ensures
that users can log in to the U2000 successfully.
l Security administrators (including the admin user) cannot delete their logged-in
client IP addresses from their ACLs.
l If the admin user logs in to the U2000 installed on the local server, the login is not
controlled by the ACL and the admin user can delete the local server IP address from
the ACL of the admin user.
Procedure
Step 2 In the NMS User Management navigation tree, expand the User node, and select the user to
be modified.

Step 3 Select the policy for using ACLs on the ACL tab in the right pane and click Apply. For
details about the policies, see Table 5-14.
NOTE
l Access control items on the ACL tab for a user come from the system ACL. That is, a user ACL is
a subset of the system ACL.
l In the lower right corner of the ACL tab for a user, you can click Set System ACL to open the
System ACL dialog box and click Add, Delete, or Modify to add, delete, or modify a system
ACL in the dialog box that is displayed.
Table 5-14 Parameters related to user ACLs

Option Settings
Use all After this option is selected, the user ACL is the same as the user ACL.
ACLs
Use After selecting this option, you can log in to the U2000 server by using the
specified clients with the specified IP address or IP addresses in the specified
ACLs network segment.
----End
Related References
System ACL
New User Account
5.3.1.3 Setting the Proxy Service ACL

Users must use U2000 clients to connect to network elements (NEs) through the proxy
service. The proxy service access control list (ACL) specifies IP addresses that users can use
to connect to NEs, which ensures network security.
Prerequisites
l This function applies to the Router series, Switch series, Access series and Security and
PTN V8 series NEs.
Context
l Newly configured access control items applies only to new proxy connections and do not
apply to existing proxy connections. To apply the newly configured access control items
to existing proxy connections, users must re-establish the proxy connections.
l When a user uses the proxy service to connect to an NE, the U2000 compares the source
IP address with the access control items from the top to the bottom in the Proxy Service
ACL dialog box. If a matched access control item is found, the comparison is complete.
If no matched access control item is found, the proxy connection request is rejected.
Users can click Up or Down to change the access control item sequence in the Proxy
Service ACL dialog box.
l If the networking includes gateway devices such as the Network Address Translation
(NAT) device, and U2000 clients or NEs are located on the internal NAT network, users

must set IP addresses in access control items to IP addresses that are stored on the NAT
device and can be connected to by the U2000 server. Do not set IP addresses in access
control items to internal network IP addresses to which U2000 clients or NEs are bound.
l If the U2000 client and server are installed on the same machine, you must set IP
addresses in access control items to 127.0.0.1.
l If IP Address or Network Segment is set to 0.0.0.0/0 (or a value in IP address/0
format) and Operation is set to Accept in the proxy service ACL, clients in all network
segments can connect to NEs.
Procedure
Step 1 Choose Administration > NMS Security > Proxy Service ACL from the main menu
and choose OSS Security > Proxy Service ACL from the main menu (application style)
from the main menu.
Step 2 In the Proxy Service ACL dialog box, view the existing access control items. Click Add,
Delete, or Modify to add, delete, or modify an access control item, and then click OK for the
settings to take effect.
Setting the Proxy Service Procedure
ACL
Adding an access control item 1. In the Proxy Service ACL dialog box, click Add.
2. In the Add Access Control Item dialog box, enter
an IP address or network segment, set Operation,
and click OK.
NOTE
l You are advised to enter an IP address but not a network
segment when adding an access control item, which
prevents unauthorized operations performed by other users
in the network segment and therefore improves system
security. If the actual IP address is changed, change the IP
address specified in the access control item in a timely
manner.
l If Operation is set to Accept, users can use the entered IP
address or an IP address in the entered network segment to
connect to an NE using the proxy service.
l If Operation is set to Reject, users cannot use the entered
IP address or an IP address in the entered network segment
to connect to an NE using the proxy service.
Deleting an access control item 1. In the Proxy Service ACL dialog box, select an
access control item to be deleted, and click Delete.
NOTE
After connecting to NEs from clients by using the proxy
service and performing required operations, users must
manually delete access control items that they have set to
prevent other users from connecting to the NEs based on the
access control items.

Setting the Proxy Service Procedure

ACL
Modifying an access control 1. In the Proxy Service ACL dialog box, select an
item access control item to be modified, and click
Modify.
2. In the Modify Access Control Item dialog box,
change the IP address or network segment, modify
Operation, and click OK.
NOTE
l If Operation is set to Accept, users can use the entered IP
address or an IP address in the entered network segment to
connect to an NE using the proxy service.
l If Operation is set to Reject, users cannot use the entered
IP address or an IP address in the entered network segment
to connect to an NE using the proxy service.
----End
5.3.1.4 Setting Account Policies

This topic describes how to set the minimum length of user names and how to set the policies
related to user login. Proper settings help improve the U2000 system security. User account
policies apply to all users and are set by security administrators.
Prerequisites
Context
Account policies must be configured after the U2000 is installed for the first time. They can
be adjusted as required during maintenance.
Procedure
Step 1 Choose Administration > NMS Security > Security Policy from the main menu (traditional
OSS Security > Security Policy from the main menu (application style)Administration >
NMS Security > Security Policy from the main menu (traditional style); alternatively,
double-click Security Management in Application Center and choose OSS Security >
Security Policy from the main menu (application style).
Step 2 In the Security Policy dialog box, click the Account Policy tab, and view the current account
policies.

NOTE
l If you log in to the OSS client as a security administrator, the Do not lock system administrator
check box in the Lock User area is not displayed. You can see and set it only when you log in as
user admin.
l Modifications on Min user name length do not take effect on existing accounts.
Step 3 Set account policies according to the policy plan and click OK. For details about the
parameters of account policies, see Account Policy.
----End
Related References
Account Policy
5.3.1.5 Setting Password Policies

Password policies such as the password complexity and update period policies prevent users
from using too simple passwords or using one password for a period of long time, therefore
improving U2000 access security. Password policies and are set by security administrators
and apply to all users.
Prerequisites
Context
l User password policies must be set during the initial phase of site deployment and can be
adjusted as required during maintenance.
l After a password policy is changed, the new password policy takes effect immediately
for all users of the U2000. For example, after the minimum length of user passwords is

changed, the minimum length of the new password must comply with the requirement
when an online user changes a password.
l Password policies specify the requirements on password complexity, update periods, and
characters.
Procedure
Step 2 In the Security Policy dialog box, click the Password Policy tab, and view the current
password policies.
NOTE
l You can set account policies on the Account Policy tab. For details, see 5.3.1.4 Setting Account
Policies.
l Except for Password validity period (days), Min. password validity period (days), and Advance
warning before password expires (days), modifications to parameters in password policies do not
apply to the passwords that have been set.
Step 3 Set basic and advanced parameters for password policies as required.
Step 4 Click OK.
----End
Related References
Password Policy

5.3.1.6 Setting the Maximum Number of Sessions

The maximum numbers of three types of sessions are restricted on the U2000: system
sessions, user group sessions, and user sessions. The maximum number of system sessions is
defined in the U2000 License file that customers purchase and cannot be set on U2000 clients.
The maximum number of user group sessions and user sessions are set by security
administrators on U2000 clients to control the number of U2000 client logins for a user group
or a user.
Prerequisites
l A user or user group has been created or is being created.
Context
l A user can log in to the U2000 server on multiple terminals. The user can also start
multiple U2000 clients on the same terminal to log in to the U2000 server. Setting the
maximum number of user sessions limits the total number of sessions that a user can
create on multiple login terminals.
l User groups are categorized based on user roles. To balance the access attempts of
different user roles, you can set the maximum number of user group sessions to limit the
total number of sessions that the users in a user group can create on all the login
terminals.
l The settings of the maximum numbers of user sessions and user group sessions are
limited by the system login mode. If the current system login mode is the single-user
login mode, only the admin user is allowed to log in to the U2000 from one U2000
client to set the maximum numbers of user group sessions and user sessions.
l In the LDAP or RADIUS authentication mode, the value of the Maximum number of
online users for remote users is 1 by default, and can be modified.
Procedure
Step 1 Select an operation mode based on your requirements.
If... Then...
You are Set the maximum numbers of user group sessions and user sessions by
creating a user following the procedures provided in 5.2.4.4 Creating and Authorizing
group or user U2000 User Groups and 5.2.4.5 Creating Users and Adding Them to
User Groups.

If... Then...
You have 1. Choose Administration > NMS Security > NMS User Management
created a user from the main menu (traditional style); alternatively, double-click
group or user Security Management in Application Center and choose OSS
Security > OSS User Management from the main menu (application
style).
2. In the NMS User Management navigation tree, expand the User
Group or User node.
3. Select a user group or a user, on the Details tab page in the right pane,
set Maximum sessions for the user group or Maximum number of
online users for the user.
----End
5.3.1.7 Setting the U2000 Login Mode

The U2000 provides two login modes: multi-user mode and single-user mode. Normally, the
U2000 runs in multi-user mode. When you need to maintain the U2000 server (for example,
change the user group, domain, or operation rights of a user), you can change the login mode
of the U2000 to the single-user mode, which prevents other users from logging in to the
system.
Prerequisites
l The time when the login mode will be switched has been planned, and other users have
been notified of the switching and saved data.
Context
l The settings take effect for all the users who log in to the server.
l In single-user mode, only the admin user is allowed to log in to the system. Therefore, in
single-user mode, only the admin user can switch the login mode.
NOTICE
Only the admin user can log in to the U2000 on a client and all the other users are forced
to exit after the U2000 login mode is switched from the multi-user mode to the single-
user mode. You need to switch back to the multi-user mode after you complete
operations in single-user mode. Therefore, other users can log in to the U2000.
Procedure
Step 1 Choose File > Preferences from the main menu.
Step 2 In the Preferences dialog box, choose System Login Mode from the navigation tree on the
left.

Step 3 Set the U2000 login mode in the right pane.
Login Mode Operation
Single-user mode Select Single-user mode and click OK. In the Set Switch
Delay dialog box, set the delay time for switching the
login mode, and click OK.
l If the delay time is not 0, a warning dialog box is
displayed, and the U2000 is switched to the single-user
mode after the specified delay.
l If the delay time is 0, no warning dialog box is
displayed, and the U2000 is directly switched to the
single-user mode immediately.
Single-user mode is displayed in the lower right corner on
the U2000 remote notification client.
Multi-user mode Click Multi-user mode and click OK.

The U2000 is switched to the multi-user mode
immediately. Multi-user mode is displayed in the lower
right corner on the U2000 remote notification client.
----End
5.3.1.8 Setting Auto-locking for a Client

You can set auto-locking for your U2000 client so that your client automatically locks after a
specified period of idle time. This prevents unauthorized users from performing operations on
your client when you are away.
By Security Policy
Prerequisites
You have logged in as an U2000 user.

Context
l After a U2000 client is locked, only the current user or a user in the Administrators
group can unlock it. The current user can unlock the client as prompted. To unlock the
client as a user in the Administrators group, see Unlocking the Client.
l Auto-locking is valid for all online users.
l Auto-locking setting has preference over Automatically lock terminal in the
Preferences dialog box.
NOTICE
After a user in the Administrators group unlocks an U2000 client, the original logged in user
is logged out.
Procedure
Step 2 In the Security Policy dialog box, click the Account Policy tab.
Step 3 Select the Automatically lock the terminal if no activity for XX minute(s) check box, set
the time, and then click OK to apply the settings.
----End
By Preference
Prerequisites
Context
l After a U2000 client is locked, only the current user or a user in the Administrators
group or a user in the Administrators group can unlock it. The current user can unlock
the client as prompted. To unlock the client as a user in the Administrators group, see
Unlocking the Client.
l The settings take effect immediately. They are valid on your other logged-in clients after
you log in again. The settings are invalid for other users.
l If you select the Automatically lock the terminal if no activity for XX minute(s)
check box on the Account Policy tab of the Security Policy dialog box, Automatically
lock terminal in the Preferences dialog box is unavailable.
NOTICE
is logged out.

Procedure
Step 2 Choose Lock Settings from the navigation tree.
Step 3 Select the Automatically lock terminal check box, set the time, and then click OK to apply
the settings.
NOTE
If you select the Show main window when terminal locked check box in the Lock Settings area, the
main window of the client is still visible after the client is locked.
----End
Related Tasks
5.3.3.4 Locking a Client Immediately
Unlocking the Client
Locking the Client
Related References
Account Policy
Lock Settings
5.3.2 Setting U2000 Data Transmission Security

The U2000 uses the Security Socket Layer (SSL) protocol to improve security of data
transmission between NEs, the U2000 clients, and the U2000 server. This protocol also
improves integrity of data transmission. You can set the SSL communication mode for the
NEs, U2000 clients, and U2000 server to enable the SSL protocol.
5.3.2.1 Setting a Secure Connection Between the U2000 Client and Server
This topic describes how to set a secure connection between the U2000 client and server.
Prerequisites
The SSL communication mode is enabled on the U2000 server. For details about how to set
the SSL communication mode, see the U2000 administrator guide.
Context
Data can be transmitted securely when the SSL communication mode is enabled on both the
U2000 client and server.
Procedure
Step 1 Start an U2000 client. In the Login dialog box, click .
Step 2 In the Server List dialog box, select a server record, and click Modify.
If no server record exists in the Server List dialog box, add a record as follows:

1. In the Server List dialog box, click Add.

2. In the Add Server Information dialog box, enter the name, host IP address, port ID, and
communication mode of the U2000 server.
Step 3 In the Modify Server Information dialog box, select Security(SSL) from the Mode drop-
down list.
fter the communication mode in the Mode drop-down list is changed, the value of Port
changes automatically. The default settings for the port and communication mode are as
follows:
l If the communication mode is set to Common, the port ID is 31037.
l If the communication mode is set to Security(SSL), the port ID is 31039.
Step 4 Click OK in the Modify Server Information and Server List dialog boxes. The Login
dialog box is returned.
Step 5 Enter the user name and password, and click Login.
If the client does not trust the server, you need to determine whether the server is reliable
using the server certificate.
l If you confirm that the server is reliable, click Yes and log in to the client. If you do not
want the system to display the dialog box again, click Import Certificate to add the
server certificate to the trust certificate list.
After adding the server certificate, run Client installation directory\client\client\bin
\CertConfigurator.batClient installation directory\client\notify\bin
\CertConfigurator.batClient installation directory\client\client\bin
\CertConfigurator.bat to start the Certificate Configuration tool and click the
TrustCertificate tab page to manage the deployed certificate.
l If you confirm that the server is not reliable, click No to return to the Login dialog box
and contact the system administrator to process the issue.
For details, see How Do I Handle the Server Authentication Dialog Box Displayed When
Logging In to a Client?How Do I Handle the Server Authentication Dialog Box Displayed
When Logging In to a Client? in the online help.
----End
5.3.2.2 Setting the File Transfer Policy Between the Client and Server
Files can be transferred between the U2000 client and server. You can set the file transfer
mode and transfer parameters as required.
Prerequisites
You have logged in as a user who belongs to the Administrators or SMManagers group.
Context
The settings of FTP transfer policies are saved on the U2000 server so that multiple clients
can share them. The settings of FTP transfer policies take effect only on the users that are
logging in.

Procedure
Step 2 In the Preferences dialog box, choose OSS Client/Server File Transfer Settings from the
navigation tree.
Step 3 In the OSS Client/Server File Transfer Settings area, set FTP Mode, FTP Option, and
Network timeout (5-3600s).
l FTP Mode includes FTP and SFTP.
NOTE
Because SFTP is more secure than FTP, the SFTP transfer mode is supported by default when the
server is deployed on the Solaris or SUSE Linux OS, and if you need to enable the FTP transfer
mode, contact the system administrator; it is also recommended to use SFTP when the server is
deployed on the Windows OS. When SFTP is used, the system uses password authentication by
default. To use public key authentication, configure both the server and the client. For details about
how to configure SFTP public key authentication, see How Do I Configure SFTP Public Key
Authentication? in U2000 Administrator Guide.
l FTP Option includes Resumable Transfer, Compression, and Passive Mode. If the
Passive Mode check box is not selected, the active mode is used.
l The value of Network timeout (5-3600s) ranges from 5 to 3600 seconds. Its default
value is 120 seconds.
Step 4 Click OK.
----End
5.3.2.3 Configuring the Communication Between a Client and the U2000 Server
in the NAT Scenario
Generally, a client uses the application IP address of the server to communicate with the
server. However, if a NAT device exists between the U2000 client and server, the associated
configuration file must be modified so that the U2000 client can use the IP address or host
name of the server to access the U2000.
Prerequisites
The application IP address of the server and the IP address on which NAT is performed are
obtained.
Context
This topic uses a Solaris remote high availability system as an example to describe how to
configure the communication between a client and the U2000 server in the NAT scenario. The
configuration method for the single server scenario and that for the active site in a remote
high availability system are the same. The configuration method for a Solaris remote high
availability system is the same as that for other high availability systems.
As shown in Figure 5-17, the Solaris remote high availability system has three clients. The
network segments where clients 1 and 2 reside are on the external network and NAT is
performed on clients 1 and 2 during communication. The network segment of client 3 is on
the internal network, and NAT is not performed on client 3 during communication.

Figure 5-17 NAT networking diagram
Before: 192.168.1.20
After: 10.250.1.20
192.168.1.20
10.250.100.100 Active site
Client 1
NAT 192.168.2.50 192.168.1.100

Before: 192.168.2.50 Standby site
Client 3
After: 10.250.2.50
10.250.200.100 Solaris remote high availability server
Client 2
For details about IP addresses in the networking diagram, see Table 5-15.
Table 5-15 IP addresses in the networking diagram

IP Description
10.250.100.100 Specifies the IP address of client 1. In

comparison with the server, client 1 belongs
to the external network.

to the external network.

to the internal network.
192.168.1.20 Application IP address of the active site. It

is used by services on the server. The IP
address can be mapped to 10.250.1.20
during mapping. It is used for a remote
client to access the server.
192.168.2.50 Application IP address of the standby site. It

is mapped to 10.250.2.50 during mapping
and used for a remote client to access the
server.
Procedure
Step 1 Stop all services on the U2000.
For details, see Shutting Down the U2000 Server in the deployment solution in 3 Shutting
Down a U2000.

Step 2 On the active site, modify the ipmap.cfg configuration file.

l On Solaris/SUSE Linux, run the following commands as the ossuser user:
$ cd $IMAP_ROOT/etc/conf
$ vi ipmap.cfg
l On Windows, run the following commands as the administrator user:
Use a text editor to open the ipmap.cfg file in the %IMAP_ROOT%\etc\conf
directory.
The networking in Figure 5-17 is used as an example. If the external network IP addresses of
the U2000 active and standby sites after NAT is implemented are 10.250.1.20 and
10.250.2.50, the following contents need to be added to the configuration file:
10.250.1.20,192.168.1.20
10.250.2.50,192.168.2.50
Save and close the ipmap.cfg configuration file.
NOTE
l A.2.13 How to Use the vi Editor.

l The IP address 10.250.1.20 in the first row specifies the external network IP address translated from
the application IP address on the active site. The IP address 192.168.1.20 specifies the application IP
address of the active site on which NAT is not implemented. The two IP addresses can be replaced
as required.
l The IP address 10.250.2.50 in the second row specifies the external network IP address translated
from the application IP address on the standby site. The IP address 192.168.2.50 specifies the
application IP address of the standby site on which NAT is not performed. This configuration is not
involved in a single server system.
l Two IP addresses are separated by comma. The order of displaying IP addresses can be adjusted.
l If multiple NAT devices exist on the network (the same client accesses the server through multiple
NAT devices), contact Huawei engineers to configure the ipmap.cfg file.
Step 3 Restart all services on the U2000.
For details, see Starting the U2000 Server in the deployment solution in 2 Starting the
U2000 System.
----End
5.3.2.4 Enableing or Disabling SSLv3 on the U2000

By default,the U2000 is compatible with SSL and TLS when communicating with some
external systems. Considering that TLS is more secure, using TLS and disabling SSL is
recommended. This topic describes how to disable SSLv3 to improve U2000 security.
Context
l After SSLv3 is disabled, you cannot connect to the U2000 server by means of SSLv3. If
SSLv3 needs to be used later, change disable to enable. For details, see u2kSSLv3 and
ssl_adm -cmd enableSSLv3.
l In a high availability system, this command needs to be executed on both the primary
and secondary sites.
l After SSLv3 is disabled, you need to disable the TLSv1.0, referring to 5.3.2.5 Enabling
or Forbidding Using TLSv1.0 on the U2000.

l When U2000 V200R016C50 or later interconnects with transport NEs using SSL,
SSLv3 is disabled by default, while versions earlier than V200R016C50 SSLv3 is
enabled.
Procedure
Step 1 Stop the U2000 service. For details, see Stopping the U2000 Server Processes in section 3
Shutting Down a U2000. Stop the MSuite service. For details, see C.2.4 Ending the Process
of the MSuite Server.
Step 2 Log in to the OS.
l In Windows, log in to the OS as the ossuser user.
l In Solaris or SUSE Linux, log in to the server as the ossuser user.
Step 3 Run the following command to disable SSLv3.
l Disable SSLv3 for the communication between the U2000 server and client and between
the U2000 server and NE Syslogs.
NOTICE
– By default, the SSLv3 for the communication between the U2000 server and NE
Syslogs is disabled. If SSLv3 has to be used, query the status of SSLv3 and enable
SSLv3 by referring to u2kSSLv3.
– Before SSLv3 is disabled between the U2000 server and client, ensure that all clients
have been upgraded to the version that is compatible with the server. This prevents
the U2000 client from being automatically upgraded due to the security protocol
inconsistency between the foreground and background of the U2000 server.
– In Windows (assuming that the U2000 is installed in the D:\oss\ path):

> ssl_adm -cmd disableSSLv3 -app mrb -file D:\oss\server\etc\ssl
\option.xml
– In Solaris/SUSE Linux:
$ ssl_adm -cmd disableSSLv3 -app mrb -file /opt/oss/server/etc/ssl/
option.xml
l Disable SSLv3 for the communication between the U2000 server and transport NEs.
NOTICE
Before SSLv3 is disabled between the U2000 server and transport NEs, ensure that all
transport NEs support TLS or that NEs communicate using another security protocol
instead of SSL. This prevents NEs from being out of management after SSLv3 is
disabled.
– In Windows (assuming that the U2000 is installed in the D:\oss\ path) :

C:\> cd /d D:\oss\server\tools\sslv3cfg\
D:\oss\server\tools\sslv3cfg\> u2kSSLv3.bat -disable trans_switch
$ cd /opt/oss/server/tools/sslv3cfg/
$ ./u2kSSLv3.sh -disable trans_switch

l Disable SSLv3 for the communication between the U2000 server and the MML process
on the U2100 server.
NOTICE
Before SSLv3 is disabled between the MML process on the U2000 server and U2100
server, ensure that the U2100 server supports TLS. This prevents the failure to connect
the U2100 server to the MML process on the U2000 server.

D:\oss\server\tools\sslv3cfg\> u2kSSLv3.bat -disable trans_switch mml
$ ./u2kSSLv3.sh -disable trans_switch mml
l Disable SSLv3 for the communication between the U2000 server and the XML NBIs on
access devices.
NOTICE
Before SSLv3 is disabled between the U2000 server and XML NBIs, ensure that the
upper-layer OSS supports TLS. This prevents the failure to connect the OSS to the NBIs.

D:\oss\server\tools\sslv3cfg\> u2kSSLv3.bat -disable xml2tl1
$ ./u2kSSLv3.sh -disable xml2tl1
l Disable SSLv3 between the U2000 server and NBIs. For details, see Configuring the
CORBA NBI in the U2000 CORBA NBI User Guide and Configuring the XML NBI in
the U2000 XML NBI User Guide.
Step 4 Restart the U2000 to make the configuration take effect. For details, see Starting the U2000
Server Processes in section 2 Starting the U2000 System. Restart the MSuite to make the
configuration take effect. For details, see C.2.1 Starting the Process of the MSuite Server.
----End
Follow-up Procedure
l After SSLv3 is disabled using the ssl_adm -cmd disableSSLv3 -app mrb -file D:\oss
\server\etc\ssl\option.xml command in the Windows OS or the ssl_adm -cmd
disableSSLv3 -app mrb -file /opt/oss/server/etc/ssl/option.xml command in the
Solaris or SUSE Linux OS, use the type D:\oss\server\etc\ssl\option.xml command in
the Windows OS or the cat /opt/oss/server/etc/ssl/option.xml command in the Solaris
or SUSE Linux OS to check whether SSLv3 is successfully disabled.
– If the version value in the command output is TLSvx, TLSv1, TLSv1.1, or
TLSv1.2, SSLv3 has been disabled for the communication between the U2000
server and client and between the U2000 server and NE Syslog.

– If the version value in the command output is SSLv3 or SSLv23, SSLv3 has been
enabled for the communication between the U2000 server and client and between
the U2000 server and NE Syslog.
l After SSLv3 is disabled using the u2kSSLv3.bat command in the Windows OS or the ./
u2kSSLv3.sh command in the Solaris or SUSE Linux OS, use the u2kSSLv3.bat -
query Service-type command in the Windows OS or the ./u2kSSLv3.sh -query Service-
type command in the Solaris or SUSE Linux OS to check whether SSLv3 is successfully
disabled. Please refer to u2kSSLv3.
5.3.2.5 Enabling or Forbidding Using TLSv1.0 on the U2000

By default, the U2000 communicates with peripheral systems over TLS. TLSv1.0 are
insecure. Therefore, it is recommended that TLSv1.1 or later be used. This section describes
how to disable TLSv1.0 so as to improve U2000 security.
Context
l After TLSv1.0 is disabled, TLSv1.0 cannot be used to connect to the U2000 server. If
TLSv1.0 has to be used, change disable in this topic to enable. For details, see
cerSslVersionCfg, u2kTLS_trans and httpdSslTLSCfg.
l This operation needs to be performed at both the primary and secondary sites in HA
system.
l When U2000 V200R016C50 or later interconnects with transport NEs using TL, TLS1.0
is disabled by default, while versions earlier than V200R016C50 TLS1.0 is enabled.
l For the Internet Explorer 8 browser, TLSv1.1 and TLSv1.2 have to be manually enabled
after TLSv1.0 is disabled. For details, see A.1.16 How Can I Manually Disable SSL
and Start TLS.
Procedure
Step 1 Stop the U2000 service. For details, see Stopping the U2000 Server Processes in section 3
Shutting Down a U2000. Stop the MSuite service. For details, see C.2.4 Ending the Process
of the MSuite Server.
l In Windows, log in to the OS as the administrator user.
l In Solaris or SUSE Linux, log in to the server as the ossuser user.
Step 3 Run the following command to disable TLSv1.0.
l Disable TLSv1.0 for the communication between the U2000 server and client and
between the U2000 server and NE Syslogs.

NOTICE
– By default, the TLSv1.0 for the communication between the U2000 server and
NE Syslogs is disabled. If TLSv1.0 has to be used, query the status of TLSv1.0 and
enable TLSv1.0 by referring to cerSslVersionCfg.
– By default, the TLSv1.0 for the Apache's default HTTPS port is enabled. U2000
functions will be adversely affected if the Apache's default HTTPS port is
disabled from using the TLSv1.0 protocol and the browser does not support
TLSV1.1/TLSV1.2. The functions include downloading a client through the
CAU, pressing F1 to view online helps, viewing web pages embedded in the
U2000 client, MSO operations such as monitor, management and maintains
system, and using the Distributed Systems Integration tool.
– For the Internet Explorer 8, 9, and 10 browsers, TLSv1.0 is disabled by default.
TLSv1.1 and TLSv1.2 have to be manually enabled after TLSv1.0 is disabled. For
details, see A.1.16 How Can I Manually Disable SSL and Start TLS.
– If TLSv1.0 has to be used, query the status of TLSv1.0 and enable TLSv1.0 by
referring to httpdSslTLSCfg. Using TLSv1.0 may cause leakage of sensitive
information such as configure the SNMP by MSO.

C:\> cd /d D:\oss\server\tools\cerSslVersionCfg\
D:\oss\server\tools\cerSslVersionCfg\> cerSslVersionCfg.bat -disable
frame
– Solaris/SUSE Linux:
$ cd /opt/oss/server/tools/cerSslVersionCfg/
$ ./cerSslVersionCfg.sh -disable frame
l Disable TLSv1.0 for the communication between the U2000 server and transport NEs.
NOTICE
Before TLSv1.0 is disabled between the U2000 server and transport NEs, ensure that all
transport NEs support TLS or that NEs communicate using another security protocol
instead of SSL. This prevents NEs from being out of management after TLSv1.0 is
disabled.

D:\oss\server\tools\sslv3cfg\> python u2kTLS_trans.py -disable
trans_switch
$ python u2kTLS_trans.py -disable trans_switch
l Disable TLSv1.0 for the communication between the U2000 server and the XML NBIs
on access devices.

NOTICE
– By default, the TLSv1.0 for the communication between the U2000 server and
the XML NBIs on access devices is disabled. If TLSv1.0 has to be used, query the
status of TLSv1.0 and enable TLSv1.0 referring to cerSslVersionCfg.
– Before TLSv1.0 is disabled between the U2000 server and XML NBIs, ensure that
the upper-layer OSS supports TLS. This prevents the failure to connect the OSS to
the NBIs.

D:\oss\server\tools\cerSslVersionCfg\> cerSslVersionCfg.bat -disable
xml2tl1
$ cd /opt/oss/server/tools/cerSslVersionCfg/
$ ./cerSslVersionCfg.sh -disable xml2tl1
l Disable the Apache's default HTTPS port (443) from using the TLSv1.0 protocol.
NOTICE
– By default, the TLSv1.0 for the Apache's default HTTPS port is enabled. Disabling
the Apache's default HTTPS port from using the TLSv1.0 protocol will
adversely affect U2000 functions such as client downloading through the CAU or
pressing F1 to view online helps and web pages embedded in U2000 clients.
– If TLSv1.0 has to be used, query the status of TLSv1.0 and enable TLSv1.0 referring
to httpdSslTLSCfg.

D:\oss\server\tools\cerSslVersionCfg\> python httpdSslTLSCfg.pyc -disable
$ . /opt/oss/server/svc_profile.sh
$ python /opt/oss/server/tools/cerSslVersionCfg/httpdSslTLSCfg.pyc -
disable
Step 4 Restart the U2000 to make the configuration take effect. For details, see Starting the U2000
Server Processes in section 2 Starting the U2000 System. Restart the MSuite to make the
configuration take effect. For details, see C.2.1 Starting the Process of the MSuite Server.
----End
Follow-up Procedure
l After the python u2kTLS_trans.py -disable trans_switch command is run to disable
TLSv1.0, run the python u2kTLS_trans.py -query trans_switch command to check
whether TLSv1.0 is disabled. For details, see u2kTLS_trans.
l After the cerSslVersionCfg.bat (Windows)/./cerSslVersionCfg.sh (Solaris/SUSE
Linux) command is run to disable TLSv1.0, run the cerSslVersionCfg.bat -query
Service-type (Windows)/./cerSslVersionCfg.sh Service-type (Solaris/SUSE Linux)
command to check whether TLSv1.0 is disabled. For details, see cerSslVersionCfg.

5.3.3 Managing Passwords and Locking Clients

This topic describes how to manage passwords and lock clients to ensure security for
accessing the U2000 system.
5.3.3.1 Changing the Password of the Current User

When changing the password of the current user, ensure that the new password meets the
requirements of password policies.
Prerequisites
l You have logged in as an U2000 user.
l You are familiar with password policies. For details, see 5.3.1.5 Setting Password
Policies.
l You are familiar with password policies. For details about the policies, contact the
system administrator.
Context
l The password of the admin user cannot be restored after being changed. Therefore, keep
the new password secure.
l It is recommended that passwords must be changed regularly to ensure system security.
Procedure
Step 1 Choose File > Change Password from the main menu (traditional style); alternatively,
Change Password from the main menu (application style).
Step 2 In the Change Password dialog box, set the new password for the current user and click OK.
Step 3 In the Confirm dialog box, click Yes to confirm the settings.
----End
5.3.3.2 Resetting the Password of an NMS user

A member of the SMManagers group can reset the password of an U2000 user when the user
forgets the password or the password expires or when the user needs to be prohibited from
logging in to the U2000 due to other reasons.
Context
l The configured password must comply with all password policies except the policies
related to differences between old and new passwords. The password policies related to
differences between old and new passwords are specified by the Previously used
passwords that cannot be the same as new password, Min. different characters
between new and old password, and Password repetition not allowed within
(months) parameters. For details about how to set password policies, see 5.3.1.5 Setting
Password Policies.

l The SMManagers user can re-set the passwords of all users, except for the admin user,
other security administrators, and itself. The password of a security administrator needs
to be re-set by the admin user.
l A user in the SMManagers group cannot reset passwords of himself (or herself). The
password of a user in the SMManagers group can be reset only by the admin user.
l The password of the admin user must be kept secure because the admin user cannot
reset it.
Procedure
Step 2 In the NMS User Management navigation tree, expand the User node. Right-click the user
whose password is to be reset and choose Reset Password.
Step 3 In the Reset Password dialog box, set New password and Confirm password and click OK.
NOTE
If the Require user to change password on next login check box is selected, users need to change the
passwords next time they log in to the U2000 client. You are advised to select the Require user to
change password on next login check box to improve the security of the U2000 system.
----End
Related References
New User Account
5.3.3.3 Modifying NMS user Information in Batches

By modifying information about U2000 users in batches, you can prohibit specified users
from logging in to the U2000 in holidays or other special periods. This improves U2000
system security and increases the efficiency of user information modification.

Prerequisites
Context
l You can modify only Disable user account, Password validity period (days), New
password, Require user to change password on next login, Login period, Maximum
number of online users, and Auto-logout, and cannot modify other attributes such as
the user group, domain, operation rights, and ACL.
l You cannot modify the information about the current user and the admin user. If the list
of selected users contains the current user or a admin user, the shortcut menu item
Modify Multiple Users is unavailable.
l If a security administrator modifies multiple users, and the selected user list contains
other security administrators, Modify Multiple Users is unavailable.
l If the list of selected users contains only local user:
– In the local, SSO or IES authentication mode, all attributes can be modified.
– In LDAP or RADIUS authentication mode,
n If User management is disabled, no attribute can be modified.
n If User management is enabled, all attributes can be modified.
l If the list of selected users contains only remote user:
– In local authentication mode, only Maximum number of online users can be
modified.
– In SSO authentication mode, no attribute can be modified.
– In IES authentication mode, only Maximum number of online users and Disable
user account can be modified.
n If User management is disabled, only Maximum number of online users
can be modified.
n If User management is enabled, only Maximum number of online users,
Disable user account, and Auto-logout can be modified.
l If the list of selected users contains remote user and local user:
– In local authentication mode, only Maximum number of online users can be
modified.
– In SSO authentication mode, no attribute can be modified.
– In IES authentication mode, Maximum number of online users and Disable user
account can be modified.
n If User management is disabled, only Maximum number of online users
can be modified.
n If User management is enabled, only Maximum number of online users,
Disable user account, and Auto-logout can be modified.
l You can choose Modify Multiple Users from the shortcut menu to modify information
about a maximum of 100 users at a tune.

Procedure
Step 2 In the NMS User Management navigation tree, choose User node, and select one or more
users in the user list in the right pane.
Step 3 Right-click one of the selected users and choose Modify Multiple Users from the shortcut
menu. In the Confirm dialog box, click Yes.
Step 4 In the Modify Multiple Users dialog box, specify the parameter values.
NOTE
The configured password must meet all password policies except the policies related to user accounts
and differences between old and new passwords. The password policies related to user accounts are
specified by the Password cannot be any user name in reverse order and Max. Same Consecutive
Characters Between User Name and Password parameters. The password policies related to
differences between old and new passwords are specified by the Previously used passwords that
cannot be the same as new password, Min. different characters between new and old password,
and Password repetition not allowed within (months) parameters. For details about how to set
password policies, see 5.3.1.5 Setting Password Policies.
Step 5 Click OK.
----End
Result
The parameters are modified successfully for selected users according to the settings in the
Modify Multiple Users dialog box.
Related References
Parameters for Modifying NMS user Information in Batches

5.3.3.4 Locking a Client Immediately

To prevent unauthorized users from performing operations on your U2000 client, lock your
U2000 client manually when you are away. This operation should be performed by the current
U2000 user and is valid only for this user.
Prerequisites
Context
After an U2000 client is locked, only the current user or a user in the Administrators group
can unlock it. The current user can unlock the client as prompted. To unlock the client as a
user in the Administrators group, see Unlocking the Client.
NOTICE
is logged out.
Procedure
Step 1 Lock your U2000 client in either of the following ways:
l Choose File > Lock Terminal from the main menu.
l On the toolbar, click .
----End
Related Tasks
5.3.1.8 Setting Auto-locking for a Client
5.3.3.5 Unlocking the Client

After a client is locked by the current login user or by the system automatically, the current
user can unlock it, or ask the security administrator to reset the password and then log in
again, or ask a user in the Administrators group to unlock the client.
Prerequisites
The U2000 remote notification client is locked.
Procedure
The following table describes how to unlock the client in different scenarios.

Operation Operation Method

Scenarios
If the current user 1. Press Ctrl+Alt+U or click .

konws the password
2. Enter the current user name and password, and click OK.
If the current user A user in the SMManagers group need to reset the current user
forgets the password password. Then log in to the client again using the user name and
the new password.
l A user in the SMManagers group need to reset the current user
password. For details, see 5.3.3.2 Resetting the Password of an
NMS user. Then log in to the client again using the user name
and the new password.
NOTE
A user in the SMManagers group cannot reset the password of the
admin user. If the current user is admin, only a user in the
Administrators group can unlock the client.
l The current user must ask a user in the Administrators group to
unlock the client. After the client is unlocked, the current user is
logged out.
1. Press Ctrl+Alt+U or click .
2. Enter the user name and password of the user in the
Administrators group, and click OK.
NOTE
If the number of password retries reaches the upper limit (3 by default), the user account is locked for a
specified period (30 minutes by default). The U2000 user is automatically unlocked after the auto-
unlocking duration. The U2000 user can also be unlocked by security administrators manually. For
details, see 5.3.4.4 Unlocking Users.
5.3.3.6 Setting Auto-locking for an NMS user

When setting auto-locking for U2000 users, a security administrator needs to set the
maximum number of login attempts and the auto-unlocking duration. After these settings are
complete, U2000 users will be locked if the number of failed login attempts exceeds the
preset threshold. The users can be unlocked automatically by the system after the auto-
unlocking duration elapses or unlocked manually by a security administrator.
Prerequisites
Context
l The system considers the login unauthorized if a user uses an incorrect password to log
in to the system. You can also set the maximum number of login attempts and the auto-
unlocking duration when setting account policies. For details about the parameters, see
Account Policy.
l To manually unlock a user as the admin user or security administrators, see 5.3.4.4
Unlocking Users.

Procedure
Step 2 On the Account Policy tab, set the maximum number of login attempts and the auto-
unlocking duration, and then click OK to apply the settings.
----End
5.3.4 Monitoring U2000 Users

A user in the SMManagers group or a user who has the Monitor All User Sessions right can
monitor U2000 user sessions and force an U2000 user to log out.
5.3.4.1 Monitoring NMS User Sessions

A user in the SMManagers group or a user who has the Monitor All User Sessions right can
monitor U2000 user sessions. By monitoring U2000 user sessions, you can obtain information
about the users who have logged in.
Prerequisites
You have logged in as a user in the SMManagers group or a user who has the Monitor All
User Sessions right.
Context
l A session refers to the connection established between a client and the server. A session
starts when a user logs in to the client and ends when the user logs out or exits the client.
l Multiple sessions can be created by using one U2000 user account.
On the U2000, a user account can be used to log in to multiple clients concurrently. If a
user account is used to log in to a certain number of clients, the same number of sessions
are established. You can set the maximum number of clients to which a user account can
be used to log in concurrently in the Maximum of online users text box on the Details
tab.
l When a client uses multiple network adapters, the value of Operation Terminal is
randomly selected from available IP addresses.
l Users in the SMManagers group or users who have the Monitor All User Sessions
right can monitor sessions of all online users.
l The Session Monitor and Operation Monitor functions of the OSS do not involve
users' private information.
Procedure
Step 1 Choose Administration > NMS Security > User Session Monitor from the main menu

and choose OSS Security > User Session Monitor from the main menu (application
style)Administration > NMS Security > User Session Monitor from the main menu
and choose OSS Security > User Session Monitor from the main menu (application style).
Step 2 In the User Session Monitor window, view the information about online users and the
operations performed by these users.
Monitoring Mode Operation
Session Monitor In the Session Monitor area, view the information about online
users and sessions.
NOTE
After the U2000 server is restarted or the network is recovered from a
disconnection, you need to click Refresh to update the session monitoring
table.
----End
Related References
Monitor User Sessions
5.3.4.2 Monitoring NMS User Operations

Users in the SMManagers group or users who have the Monitor All User Sessions
permission can monitor the operations performed by the NMS users in real time, avoiding
unauthorized user operations. For example, logging in to or logging out of the U2000,
resetting password, authorizing, creating or deleting other users.
Procedure
Step 1 Choose Administration > NMS Security > User Operator Monitor from the main menu
and choose OSS Security > User Operator Monitor from the main menu (application style).
Step 2 Click Filter. In the displayed Filter dialog box, set the operation information to be displayed.
Click OK.
Step 3 In the Monitor User Operation window, view information about operations performed by
U2000 users.

NOTE
l When an operation affects the U2000, you can limit the user who performs this operation according
to the actual U2000 applications. For example, you can force the user to log out in the User Session
Monitoring window.
l You can monitor the operations performed by the following users in the Monitor User Operation
window:
– Users in the Administrators group or users who have the Query All Operation Logs
permission: In the Query Operation Logs window, click Choose at the lower left corner in
the Filter dialog box. In the Select Operation Name dialog box, you can view the operations
that can be monitored. For details, see 9.1.3 Querying OSS Logs.
– SMManger: In the Query Security Logs window, click Choose at the lower left corner in the
Filter dialog box. In the Select Security Event dialog box, you can view the operations that
can be monitored. For details, see 9.1.3 Querying OSS Logs.
– The Session Monitor and Operation Monitor functions of the OSS do not involve users'
private information.
----End
Related References
Monitor User Operations
5.3.4.3 Forcing U2000 Users to Log Out

A member of the SMManagers group can force an U2000 user to log out if the user performs
risky operations or initiates unauthorized sessions.
Context
l Only members of the SMManagers group can force a user to log out.
l The forcible logout takes effect only on the specified session. For example, a user logs in
to the U2000 server as the user_z user on clients A and B, and sessions a and b are
generated respectively. When the user_z user on client A is forcibly logged out, session
b is not affected.
l Users who have logged in cannot force themselves to log out.

Procedure
Step 2 In the Session Monitor table, select desired sessions and click Force User to Log Out.
----End
Related References
5.3.4.4 Unlocking Users

If the number of times that an OM user types an incorrect password reaches the preset
maximum number of login attempts, the system automatically locks the user. After a user is
locked for the preset period, the system automatically unlocks the user. Alternatively, a
security administrator can manually unlock the user, allowing the user to log in to the U2000
system again.
Prerequisites
Procedure
Unlock a user based on the unlocking mode. For details, see the following table.

Unlocking Mode Operation Method
Manual unlocking Only a member of the SMManagers group can perform the
following operations:
1. Choose Administration > NMS Security > NMS User
Management from the main menu (traditional style);
alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User
Management from the main menu (application
style)Administration > NMS Security > NMS User
Management from the main menu (traditional style);
alternatively, double-click Security Management in
Application Center and choose OSS Security > OSS User
2. In the NMS User Management navigation tree, expand the
User node.
3. Right-click the locked user account, and choose Unlock User.
The unlocked user can log in to the U2000 successfully.

NOTE
l User admin can unlock all users.
l A security administrator can unlock itself and all users under its
management.
l By default, security administrators cannot unlock each other. To modify
this policy, contact Huawei technical engineers.
l A subdomain security administrator can unlock all users under its
management, but cannot unlock itself.
l A proxy security administrator can unlock itself and all users under its
management .

Unlocking Mode Operation Method
Automatic A locked user can log in to the U2000 only after a preset period of
unlocking time.
NOTE
You can set the automatic unlocking duration on the Account Policy tab as
follows:
Choose Administration > NMS Security > Security Policy from the main
menu (traditional style); alternatively, double-click Security Management
in Application Center and choose OSS Security > Security Policy from
the main menu (application style)Administration > NMS Security >
Security Policy from the main menu (traditional style); alternatively,
double-click Security Management in Application Center and choose
OSS Security > Security Policy from the main menu (application style). In
the displayed Security Policy dialog box, click the Account Policy tab, and
set Auto-unlock (minutes).
5.3.4.5 Sending Messages to Online Users

A member of the SMManagers group can send messages related to U2000 maintenance to
the users of specific sessions or all sessions to communicate with these users in real time.
Context
On the U2000, users of current sessions cannot send messages to themselves.
Procedure
Step 2 In the Session Monitor area, send messages to the users of the specified sessions or all
sessions.
Sessions to Be Sent Operation
A specific session Right-click a session and choose Send Message. Enter the message
contents, and then click Send.

Sessions to Be Sent Operation
Multiple sessions Hold the Ctrl or Shift key to select multiple sessions. Right-click
the selected sessions and choose Send Message. Enter the message
All sessions Press the combination key Ctrl+A to select all sessions. Right-click
the selected sessions and choose Send Message. Enter the message
NOTE
You can choose Administration > Broadcast Message from the main menu (traditional style);
alternatively, double-click System Management in Application Center and choose System >
Broadcast Message from the main menu (application style) to send broadcast messages to the users of
all sessions. For details, see Sending Broadcast Messages.
----End
Related References
5.3.5 Exporting User and User Group Rights Data

To check whether the rights to the current OSS are proper, you can export all user and user
group rights data and contact the Huawei technical support engineers for analysis.
Prerequisites
NOTICE
l If the data is to be exported by the Huawei technical support engineers, the Huawei
technical support engineers must obtain the written authority from the customer before
exporting the data.
l Before customer's network data is exported from the customer network, the customer is
advised to encrypt the data. When the data is provided for the Huawei technical support
engineers for analysis, the customer needs to provide the decryption method.
l Before customer's network data is exported from the customer network, the Huawei
technical support engineers needs to apply for and obtain written authority from the
customer and comply with local laws and regulations.
l Customer's network data must be transferred in strict compliance with customer's authority
purpose. The data is transferred by the Huawei technical support engineers only for
providing the customer with services.

Procedure
Step 1 Select OSS Security > Export User and User Group Rights Data (application
style)Administration > NMS Security > Export User and User Group Rights Data
(traditional style)OSS Security > Export User and User Group Rights Data (application
style)Administration > NMS Security > Export User and User Group Rights Data
(traditional style) from the main menu.
Step 2 In the Please enter the password dialog box, enter the password of the current security
administrator for login and click OK.
Step 3 In the Save dialog box, name the file, specify a path, and then click Save.
----End
Result
A prompt dialog box is displayed on the client, indicating the file path.
5.3.6 Managing Web Proxy Users

This topic describes how to create and delete web proxy users and change web proxy user
passwords. Web proxy users are required for authentication on NE access through proxies.
5.3.6.1 Creating Web Proxy Users

This topic describes how to create web proxy users. The U2000 supports NE access through
proxies. When using proxies, you must enter the user name and password of a web proxy user
for authentication, which improves system security.
Context
l In the remote HA system, you must create web proxy users on the primary and
secondary servers.
l In the distribution environment, you need to create web proxy users only on the master
server. The created web proxy users will automatically synchronized to the slave servers.
l To improve password security, it is recommended that the following conditions for
passwords should be met:
– A password contains at least eight characters.
– A password contains at least two types of the following characters: lowercase
letters, uppercase letters, digits, and special characters (spaces and ` ~ ! @ # $ % ^
& * ( ) - _ = + \ | [ { } ] ; : ' " , < . > / ?).
– A password cannot be the user name or user name in reverse order.
l The U2000 provides a web proxy user by default. The user name is proxyuser and the
password is Changeme_123.
Procedure
Step 1 Log in to the U2000 server:
l Windows: Log in to the U2000 server as user ossuser.
l Solaris or SUSE Linux: Use the PuTTY to log in to the U2000 server as user ossuser in
SSH mode.

Step 2 Optional: Windows: Open the command line interface (CLI) on Windows.
Step 3 Optional: Solaris or SUSE Linux: Run the following command to set environment variables:
l SUSE Linux 12:
$ LD_LIBRARY_PATH=$IMAP_ROOT/3rdTools/apache/lib:$LD_LIBRARY_PATH
l Solaris or SUSE Linux 11:

Step 4 Run the following commands to create a web proxy user:

l Windows:
> cd /d D:\oss\server\3rdTools\apache\bin
> htdigest.exe D:\oss\server\etc\apache\conf\proxy_users Proxy username
Adding user username in realm Proxy
New password:Password
Re-type new password:Password
If the command output is blank, the web proxy user is created successfully.
NOTE
– The variable username indicates the name of the web proxy user to be created.
– You can repeat the previous commands to create multiple web proxy users.
l Solaris or SUSE Linux:
$ cd /opt/oss/server/3rdTools/apache/bin
$ ./htdigest /opt/oss/server/etc/apache/conf/proxy_users Proxy username
Adding user username in realm Proxy
New password:Password
Re-type new password:Password
If the command output is blank, the web proxy user is created successfully.
NOTE
– The variable username indicates the name of the web proxy user to be created.
– You can repeat the previous commands to create multiple web proxy users.
----End
5.3.6.2 Deleting Web Proxy Users

This topic describes how to delete web proxy users that are no longer used.
Context
l In the remote HA system, you must delete web proxy users on the primary and
secondary servers.
l In the distribution environment, you need to delete web proxy users only on the master
server. The deleted web proxy users will automatically synchronized to the slave servers.
Procedure
SSH mode.
Step 2 Run the following commands to modify the proxy_users file and delete a web proxy user.

l Windows:
a. Use the text editor to open the proxy_users file in D:\oss\server\etc\apache\conf.
b. Delete the line that contains the desired user name.
NOTE
n In the proxy_users file, user information is stored in User name:Proxy:Password in

ciphertext format.
n When you use some text editors to open the proxy_users, a line may contain
information about multiple web proxy users. If this occurs, delete web proxy users based
on web proxy user names.
c. Save the proxy_users file and exit the text editor.
a. Run the vi command to open the proxy_users file in /opt/oss/server/etc/apache/
conf.
$ vi /opt/oss/server/etc/apache/conf/proxy_users
b. Delete the line that contains the desired user name.
In the vi command mode, move the cursor to the desired line and press S to delete
the line.
c. Press Esc. Then, run the :wq! command to save the file and exit the vi editor.
The corresponding web proxy user is deleted.
----End
5.3.6.3 Changing Web Proxy User Passwords

This topic describes how to change web proxy user passwords. Periodic password change is
required to improve security of web proxy user passwords.
Context
l In the remote HA system, you must change web proxy user passwords on the primary
and secondary servers.
l In the distribution environment, you need to change web proxy user passwords only on
the master server. The changed passwords will automatically synchronize to the slave
servers.
l To improve password security, it is recommended that the following conditions for
passwords should be met:
– A password contains at least eight characters.
– A password contains at least two types of the following characters: lowercase
letters, uppercase letters, digits, and special characters (spaces and ` ~ ! @ # $ % ^
& * ( ) - _ = + \ | [ { } ] ; : ' " , < . > / ?).
– A password cannot be the user name or user name in reverse order.
l You are advised to change the password every month.
Procedure

SSH mode.
Step 2 Optional: Windows: Open the command line interface (CLI) on Windows.
Step 3 Optional: Solaris or SUSE Linux: Run the following command to set environment variables:
Step 4 Run the following commands to change the password of a web proxy user:
l Windows:
> cd /d D:\oss\server\3rdTools\apache\bin
> htdigest.exe D:\oss\server\etc\apache\conf\proxy_users Proxy username
Changing password for user username in realm Proxy
New password:New password
Re-type new password:New password
If the command output is blank, the web proxy user password is changed successfully.
NOTE
The variable username indicates the name of the web proxy user whose password is to be changed.
If the web proxy user does not exist, a web proxy user is created.
$ cd /opt/oss/server/3rdTools/apache/bin
$ ./htdigest /opt/oss/server/etc/apache/conf/proxy_users Proxy username
Changing password for user username in realm Proxy
New password:New password
Re-type new password:New password
If the command output is blank, the web proxy user password is changed successfully.
NOTE
The variable username indicates the name of the web proxy user whose password is to be changed.
If the web proxy user does not exist, a web proxy user is created.
----End
5.3.7 Managing the Remote Maintenance User

The U2000 remote maintenance function allows you to log in to the U2000 server from the
remote maintenance terminal. Strict management of the remote maintenance user not only
ensures U2000 security, but also facilitates maintenance operations.
Prerequisites
l You are an NMS user with Maintenance Group authority or higher.
l This function applies to the MSTP series, WDM series, WDM (NA) series, RTN series,
PTN series (except PTN 6900 series) and marine series NEs.
Context
l To facilitate maintenance, the U2000 provides the remote maintenance function. A
maintenance engineer can log in to the remote maintenance terminal as the remote

maintenance user and maintain NEs. It is recommended that the remote maintenance
user be enabled only when a fault occurs.
l For security purposes, it is recommended to create the NE user name and password
before, and then you can use them directly in the interface.
Procedure
Step 1 Choose Administration > NMS Security > Remote Maintenance User Management from
the main menu (traditional style); alternatively, double-click Security Management in
Application Center and choose OSS Security > Remote Maintenance User Management
from the main menu (application style).
Step 2 In the Remote Maintenance User Parameters dialog box, enable the remote maintenance
user.
Step 3 Input the NE User Name and NE User Password.
Step 4 Click Select NE. In the dialog box that is displayed, select the NE.
Step 5 Click OK.
----End
Follow-up Procedure
After the remote maintenance user is enabled, an NE user can log in to the NE from the
U2000 remote maintenance terminal.
NOTE
By default, you can log in to the NE from the U2000 remote maintenance terminal only as an NMS user
that has rights of the Maintenance Group group or higher-level rights.
5.4 Managing NE Security

With the NE security management function provided on the U2000, logins to NEs and the
running of NEs are monitored effectively. Therefore, the U2000 can protect NEs against
unauthorized logins and operations.
5.4.1 NE Security Management

The NE security management includes NE access control, NE login management, NE user
management and NE data security management.
NE Access Control
LCT Access Control: If you need to use the U2000 LCT or Web LCT for the NE
management or commissioning, enable the LCT Access Control so that the LCT can access
the NE.
ACL: The access control list (ACL) provides the basic filtering function for the data flow. All
NEs that have the ACL configured can determine whether to filter out an IP packet when the
IP packet passes the NE. The ACL controls the direction of a specific data flow as to whether
the data flow is transmitted in or out of a network.

Communication Port Access Control: An NE can access the U2000 by using the OAM,
COM, Ethernet port or serial port. You can set the port for the NE access by enabling the
access control of the port. By default, an NE is allowed to access the U2000 by Ethernet ports.
NE login management
NE login: To ensure the security of the NE data, an NE user must prevent unauthorized users
from logging in to the NE to obtain information or perform operations.
NE User Management
NE User: To ensure the security of the NE data, you must use the created NE user to log in to
the NE. In addition, you can only perform the operations that are authorized to the NE user.
NE User Level: Based on the operation types authorized to a user, the NE users are regarded
as having different operation levels. This level is known as the NE user level. The NE users of
different levels are allocated to different NE user groups. The operation rights of NE users
have different levels. The user with a higher rights level can perform all operations that are
authorized to a user with a lower right level. For example, the user of the operation level has
all the operation rights authorized to the user of the monitor level. The following describes
what operations are authorized to each level.
l For Non-NA NEs, the NE user has the following five levels in ascending order: monitor
level, operation level, maintenance level, system level, and debug level. The authorities
of the five user levels are as follows:
– Monitor level: all the query commands, login, logout, password modification
– Operation level: all the fault and performance settings, part of security settings, part
of configurations
– Maintenance level: part of security settings, part of configurations, communication
settings, log management
– System level: all the security settings, all the configurations
– Debug level: all the security settings, all the configurations, debug commands
l For the NA NEs, the NE user has the following four levels in ascending order: RTRV,
MAINT, PROV, and SUPER. The authorities of the four user levels are as follows:
– RTRV: This user level has the right to use all query commands, to log in, to log out,
and to change its own password.
– MAINT: This user level has all fault performance authorities, some security
authorities, and some configuration authorities.
– PROV: This user level has some security authorities, some configuration
authorities, the communication setting authority, and the log management authority.
– SUPER: This user level has all security and configuration authorities.
Authority Management: To ensure the security of the NE data, any one who wants to
perform operations on an NE must log in to the NE as an NE user, and can only perform the
operations authorized to this user. It is recommended that the network manager create NE
users before configuring services. Make sure that when you create a common user account
that can be used on all NEs, keep the rights levels on all NEs consistent to avoid the disorder
of user rights.
NE Security Parameters: Based on the security settings of the NE, an NE automatically
determines whether the password of the NE user remains valid, and whether to allow the NE
user to log in to. The network manager should know the security settings of the NE, and

change the password of the NE user before it expires. The NE security parameters include the
following: Max. Number of Times to Reuse Expired Passwords, Max. Password Age
(days), Min. Password Age (days), Password Uniqueness, Lock Testing Time, Allowable
illegal Access Times and Lock Time.
NE Data Backup/Restoration
NE Data Backup: Backing up the NE database is necessary for daily maintenance. With the
backup of the database, the NE can automatically restore the NE data and run normally if the
data on the SCC is lost or the equipment is powered off.
NE Data Restoration: If an NE becomes faulty during daily maintenance, the NE data is
restored based on the data backup on the SCC or CF card.
NE Communication Services Management

Communication Service Management: The NE user can set the NE login mode (to Telnet or
STelnet) and NE upgrade and backup mode (to FTP client or SFTP client).
SSH Server: The NE user can query whether an NE is acting as a Secure Shell (SSH) server
and set the NE login mode (to Telnet or STelnet) to suit your needs.
NE Key Management: The NE user can manage NE keys, including generating public-
private key pairs, setting the passphrase for keys, and exporting the public-key files of NEs.
Client Key Management: To ensure the security of the NE data, you can manage client keys.
A pair of client keys needs to be generated when Key is used as the authentication type and
STelnet is used as the NE login mode.
SSH User Management: To ensure the security of the NE data, you can manage Secure Shell
(SSH) users, mainly associating SSH users with client public keys.
SSL Certificate Management: The NE user can query and set the status of Secure Sockets
Layer (SSL) certificate encryption for NEs.
DCN Encryption Channel Management: If DCN communication is established for an NE
through extended ECC or OSPF, you can set authentication passwords for DCN encryption
channels to safeguard the NE.
SFTP Public Key Fingerprint Management: You can query, set or delete the public key
fingerprints used between the SFTP server and NEs.
SFTP Public Key Fingerprint Authentication Settings: You can query or set SFTP public
key fingerprint authentication for NEs to keep NE data secure.
Extended ECC Authentication Management: You can query or set authentication types and
authentication keys for NEs to keep NE data secure.
SSL Version Management: You can query or set the status of the SSLv3 protocol used
between the U2000 and NEs to keep NE data secure.
NE Database Security Management: You can query or set integrity verification and
integrity protection passwords for NEs to keep uploaded or downloaded NE data integral.
Related Tasks
5.4.2 Setting the NE ACL
5.4.3 Setting the Security Access of an NE

5.4.4 Managing NE Login

5.4.5 Managing NE Users
5.4.2 Setting the NE ACL

You can ensure the security of NEs by setting the NE ACL.
Prerequisites
This function applies to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN
series (except PTN 6900 series) and marine series NEs.
Context
ACL provides the basic filtering function for data flow. All NEs that have the ACL
configured can determine whether to filter out an IP packet when the IP packet passes the NE.
The ACL controls the direction of a specific data flow whether the data flow is transmitted in
or out of a network.
The most important reason to configure ACL is for the network security. ACL can provide the
basic flow control function, so proper ACL rules, the entire network can be prevented from
security threats.
The ACL can control whether certain NEs receive or drop the IP packets. Each IP packet is
examined by the NEs based on predefined ACL rules. After the examination, the NEs
determine whether to receive or drop this packet.
Related Concepts
5.4.2.1 Overview of ACL

Access control list (ACL) provides the basic filtering function for data flow. All NEs that
have the ACL configured can determine whether to filter out an IP packet when the IP packet
passes the NE. The ACL controls the direction of a specific data flow whether the data flow is
transmitted in or out of a network.
Purpose
The most important reason to configure ACL is for the network security. With proper ACL
rules, the entire network can be prevented from security threats. ACL can also provide the
basic flow control function.
Implementation
The ACL can control whether certain NEs receive or drop the IP packets. Each IP packet is
examined by the NEs based on predefined ACL rules. After the examination, the NEs
determine whether to receive or drop this packet.

5.4.2.2 Setting Basic ACL Rules

For NEs that do not have high security requirements, you can set the basic ACL rules. NEs
examine the source IP address of the packets based on the basic ACL rules. The
implementation of basic ACL rules does not use many system resources.
Prerequisites
You are an NMS user with Operator Group authority or higher.
Context
NOTICE
Pay attention to using the command to set the ACL, because wrong setting of the ACL may
cause the U2000 to fail to log in to an NE.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > ACL from the Function Tree.
Step 2 On the Basic ACL tab, the basic ACL rule list is displayed.
NOTE
If the equipment only supports basic ACL settings, the basic ACL rule list is displayed after you choose
Security > ACL from the Function Tree.
Step 3 Click Query to load the basic ACL rules from the NE.
Step 4 Click New.

An undefined basic ACL rule is added to the basic ACL rules list.
Step 5 Set all the parameters based on the network requirements.
Step 6 Click Apply to apply the new configuration data to the NE.
The Result dialog box is displayed, indicating that this operation is successful.
Step 7 Click Close to complete the operation.
Step 8 Optional: Repeat Step 4 to Step 7 to set more basic ACL rules for this NE.
Step 9 Optional: Repeat Step 1 to Step 8 to set the basic ACL rules for other NEs.
----End
5.4.2.3 Setting the Advanced ACL Rules

For NEs that have high security requirements, you can set the advanced ACL rules. NEs
examine the source and the sink IP address, the source and the sink port number, and the
protocol type based on the advanced ACL rules. Compared with basic ACL rules, advanced
ACL rules occupy more resources and have higher priority.

Prerequisites
Context
NOTICE
If the setting is incorrect, the U2000 cannot communicate with the NE.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > ACL from the Function Tree.
Step 2 Click the Advanced ACL tab. The advanced ACL rule list is displayed.
Step 3 Click Query to load the advanced ACL rules from the NE.
Step 4 Click New.

An undefined advanced ACL rule is added to the list.
Step 5 Set all the parameters based on the network requirements.
Step 6 Click Apply to apply the new configuration data to the NE.
The Result dialog box is displayed, indicating that operation is successful.
Step 7 Click Close to complete the operation.
Step 8 Optional: Repeat Step 4 to Step 7 to set more advanced ACL rules for this NE.
Step 9 Optional: Repeat Step 1 to Step 8 to set the advanced ACL rules for other NEs.
----End
5.4.3 Setting the Security Access of an NE

To ensure the NE security, disable the unused interfaces on NEs.
Prerequisites
Applies to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN series (except
PTN 6900 series) and marine series NEs.
Related Concepts
5.4.3.1 Setting Ethernet Access for NEs

By default, an NE connects to the U2000 through an Ethernet port. This topic describes how
to query and set Ethernet access for NEs.

Prerequisites
You are an NMS user with Maintenance Group authority or higher.
Context
NOTICE
This operation may affect the communication between the U2000 and NEs.
Procedure
Step 1 In the NE Explorer, choose Communication > Access Control from the navigation tree.
Step 2 In the Ethernet Access Control area, click Refresh to check whether Ethernet access is
enabled.
Step 3 Configure Ethernet access according to the GUI instructions. The configuration methods vary
with NE types.
l Select the Enable Ethernet Access check box and click Apply. Ethernet access is
enabled for the NE.
NOTE
If you want to disable this function, clear the Enable Ethernet Access check box and click Apply.
l Set The First Network Port to Enabled and click Apply. Ethernet access is enabled for
the NE.
NOTE
– If you want to disable this function, set The First Network Port to Disabled and click Apply.
– If a second network port exists, you can also enable Ethernet access for this port. For OptiX
OSN NEs, the second network port is an EXT port.
----End
5.4.3.2 Setting Serial Port Access for NEs

This topic describes how to set serial port access for NEs on the U2000 and the baud rates
allowed for the access.
Prerequisites
You are an NMS user with Maintenance Group authority or higher.
Context
NOTICE

Procedure
Step 1 In the NE Explorer, choose Communication > Access Control from the navigation tree.
Step 2 Configure serial port access according to the GUI instructions. The configuration methods
vary with NE types.
l Select the Enable Serial Port Access check box. Click Apply to apply the setting to the
NE.
l Select the Enable Serial Port Access check box. Click Refresh to check whether the
current NE allows serial port access. Select Access Command Line or Access NM as
required. Click Apply to apply the setting to the NE.
Step 3 Select a baud rate allowed for serial port access from the Baud Rate drop-down list and click
Apply.
----End
5.4.3.3 Setting the OAM Access to NEs

The U2000 installed in a PC or a workstation can use the OAM (Operations, Administration
and Maintenance) port of an NE to manage and maintain the NE. The OAM port can also be
used in remote maintenance if necessary.
Prerequisites
l This function applies to the MSTP series NEs.
Context
NOTICE
Procedure
Step 1 In the NE Explorer, select an NE and choose Communication > Access Control from the
Function Tree.
Step 2 Select the Enable OAM Access check box and click Apply. The OAM access of the NE is
now enabled.
----End

5.4.3.4 Setting the COM Access to NEs

The COM (Component Object Model) port of an NE is a port used for on-site commissioning.
If you need to use the COM port to configure an NE, enable the COM access function of the
NE.
Prerequisites
l This function applies to the MSTP series, Metro WDM series, LH WDM series, RTN
series, PTN series, and Marine series NE.
Context
NOTICE
l The COM port directly connects to the SCC board, improper usage may affect the
normal service handling on the NE, and the rate of the COM port is slow. Therefore, it is
recommended to use Ethernet access for the U2000 LCT or Web LCT in most cases.
l Use COM port access only when the Ethernet access fails, the NE already connects to
the U2000, or certain lower layer commissioning commands need to be run.
l For security measures, the COM port access is disabled by default after NE initialization
or downloading. If necessary, use the U2000 to temporarily enable COM access.
Procedure
Step 1 In the NE Explorer, select an NE and choose Communication > Access Control from the
Function Tree.
Step 2 Select the Enable COM Access check box and click Apply. The COM access of the NE is
now enabled.
----End
5.4.3.5 Setting the LCT Access to NEs

For NE operation security, NEs are managed by the U2000 under normal circumstances.
However, under special circumstances, you need to use the U2000 LCT system or Web LCT
system to commission an NE. You can enable the LCT (Local Craft Terminal) access function
of the NE on the U2000.

Prerequisites
You are an NMS user with Administrators authority.
Context
NOTICE
l When no U2000 user logs in to an NE and an LCT user requests to log in to the NE, the
NE does not refer to the LCT Access Control parameter and allows the LCT access
directly.
l When a U2000 user has logged in to an NE and then an LCT user requests to log in to
the NE, the NE determines whether to allow the LCT user to log in based on the LCT
Access Control parameter.
l When an LCT user has logged in to an NE and then a U2000 user requests to log in to
the NE, the login of the LCT user does not affect the login of the U2000 user, and the
successful login of the U2000 user does not affect the logged-in LCT user.
l When the LCT user and the U2000 user log in to the NE at the same time, set LCT
Access Control to Prohibit Access. This does not affect the LCT user that has already
logged in.
l After the OptiX OSN 500 is disconnected to the U2000 for over 30 minutes, the OptiX
OSN 500 automatically allows the LCT access.
Procedure
l If you want to manage network-wide LCT access, use the following method to the
navigate to the LCT Access Control window.
a. Choose Administration > NE Security Management > NE Login Management
from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose NE Security > Fix-Network NE
> NE Login Management from the main menu (application style). Click the LCT
Access Control tab.
b. Select the NE to be set from the NE list and click .
c. Click Query to query whether the current NE allows LCT access.
d. Optional: Select an NE and click Access Allowed to enable LCT access.
e. Optional: Select an NE and click Prohibit Access to disable LCT access.
f. Optional: To set LCT access for multiple NEs in batches, select the NEs, right-
click, and then choose a menu item from the shortcut menu.
l If you want to manage LCT access for a certain NE, use the following method.
a. In the NE Explorer, select an NE and choose Security > LCT Access Control from
the Function Tree.
b. Click Query to query whether the current NE allows LCT access.
c. Click Access Allowed to enable LCT access.

NOTE
If you want to disable this function, click Prohibit Access.
----End
5.4.4 Managing NE Login

To ensure NE data security, you can manage the users logging in to NEs.
Prerequisites
This function applies to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN
series (except PTN 6900 series) and marine series NEs.
Context
l After an NE becomes unreachable, the logged-out mark is displayed for it. The mark
disappears after the U2000 logs in to the NE again.
l Before logging in to a gateway NE, ensure that the NE IP address is correct.
NOTICE
Do not use the szhw user to log in to NEs. Otherwise, the U2000 may report an error.
Related Concepts
5.4.4.1 Locking Out NE Login

An NE user can lock login of the current NE, preventing login attempts from other users of
the same level or lower level. If an NE user of the same level or higher level has logged in to
the NE, the NE user cannot lock out the NE. When an NE user at a higher level logs in, NE
login previously locked by a low-level NE user is unlocked automatically.
Prerequisites
l The current NE user has the highest authority among all logged-in NE users.
l The NEs are release 4.0 transport NEs.
Procedure
Step 1 Choose Administration > NE Security Management > Lock Out NE Login from the main
menu (traditional style); alternatively, double-click Security Management in Application
Center and choose NE Security > Fix-Network NE > Lock Out NE Login from the main
menu (application style).
Step 2 In the NE list that contains only the available NEs, select an NE and click .
Step 3 Click Query to query the Login Lock Status.

Step 4 Optional: If the value of Login Lock Status is Not Locked out, select it and click Lock
Login or right-click it and choose Lock Login from the shortcut menu.
----End
Follow-up Procedure
After the exclusive NE operation is complete, unlock the NE user immediately by performing
the following operations: Select the desired NE and click Unlock Login or right-click the NE
and choose Unlock Login from the shortcut menu.
5.4.4.2 Locking Out NE Settings

The NE functional modules include the configuration module, the alarm module, the
performance module, and other modules. These modules can be locked out, so that other NE
users cannot perform any settings on the locked modules until the lockout is manually or
automatically cleared.
Prerequisites
l The current NE user has the highest authority among all logged-in NE users.
Context
The user occupies its setting authority until it unlocks the module. NEs can be divided into
configuration module, alarm module, communication module, performance module, protect
switching module, database module and security module, and these modules can be locked
respectively or simultaneously.
After a user locks an NE, only the user has the configuration authority, so that the NE data can
be kept consistent when multiple users manage NEs at the same time. This function features
the following:
l This function takes effect immediately after the lockout.
l An NE user at any level can perform the lockout.
l A higher-level user can unlock a module locked by a lower-level user.
The locked NE module configuration authority can be unlocked manually or unlocked
automatically under the following preconditions:
l A higher-level NE user logs in.
l The user performing lockout logs out.
l The lockout time comes to an end.
l The NE is powered off.
Procedure
Step 1 Choose Administration > NE Security Management > Lock Out NE Settings from the
Application Center and choose NE Security > Fix-Network NE > Lock Out NE Settings
Step 2 In the NE list that contains only the available NEs, select an NE and click .

Step 3 Click Query to query the Set Lock Status.
Step 4 Select an NE functional module, if the value of Set Lock Status is No, select it and click
Lockout or right-click it and choose Lockout from the shortcut menu.
Step 5 In the Set Lock Window dialog box, select the Lock Permanently check box to permanently
lock the current NE settings or enter the value of Continues Time to temporarily lock the
settings. Click OK.
----End
Follow-up Procedure
After the exclusive NE operation is complete, unlock the NE settings immediately by
performing the following operations: Select the desired NE and click Clear Lockout or right-
click the NE and choose Clear Lockout from the shortcut menu.
5.4.4.3 Querying the Information About an Online NE User

To ensure the security of NE operations, the U2000 users with maintenance rights or
administrators can use the U2000 to view all the online NE users within the management
rights and the way in which the users log in to the NEs. The NE user with higher rights can
force other lower-level NE users to log out.
Prerequisites
Procedure
Step 1 Choose Administration > NE Security Management > NE Login Management from the
Application Center and choose NE Security > Fix-Network NE > NE Login Management
from the main menu (application style). Click the Online User Management tab.
Step 2 Select the NE to be queried from the NE list and click .
Step 3 Click Query to query the user of the online NE and the login mode of this user.
Step 4 Optional: Click Filter. Set Current Connected User and Login Mode as the filter criteria to
view the information about the online NE user.
----End
5.4.4.4 Switching a Logged-In NE User

During a new network deployment, after the NE user root creates the NE, this user can create
another NE user. You can log in to the NE by switching to the new NE user name.
Prerequisites
l You are an NMS user with Administrators authority.
l NE users are created.

Context
l Only one NE user can log in to an NE from the same U2000 server at a time to manage
the NE.
l One NE user cannot log in to or manage an NE at multiple clients at the same time. If
you use an NE user to log in to the same NE through U2000 server A and B in turn, both
NE login attempts fail and indicators are blinking on different clients indicating that the
NE user has already logged in or exited.
l For an NE managed by multiple network management systems (NMSs), create a login
account for each NMS to prevent conflicts and frequent changes of the NE between the
online and offline status. In addition, upload NE data before performing operations on
the NE to ensure data consistency.
Procedure
Step 2 Click NE Login Management or DC Login User Management tab.
Step 3 Select an NE from the NE list to switch the NE user. Click .
Step 4 Click Query to query the current NE user.
Step 5 Select the NE in the NE list and click Switch NE User. In the Switch Current NE User or
Switch DC User dialog box, enter the NE user name and password.
NOTE
On the NE Login Management tab, switching a logged-in NE user in offline mode is supported; this is
not supported on the DC Login User Management tab.
Step 6 Click OK.
----End
5.4.4.5 Forcing an NE User to Log Out of the U2000

For network security management, you can force a specified NE user to log out of the U2000
as required. In single user mode, this function also forces all other users to log out of the
U2000. In addition, an NE user will be forced to log out by the U2000 after a long time
without any activities. To prevent multiple NE users from configuring an NE at the same time
or to prevent unauthorized users from logging in to NEs, an NE user with more rights can
force lower-level NE users to log out.
Prerequisites
l An NE user has been created.
l The NE user has logged in.
l This function does not apply to PTN 7900 series NEs.

Procedure
Step 2 Select the NE to log out of the U2000 from the NE list and click .
Step 3 On the NE Login Management or Online User Management tab, select the NE and click
Logout or Force Logout.
Step 4 In the Result dialog box indicating that the operation succeeded, click Close.
----End
5.4.4.6 Setting NE Login Prompt Message

You can set the custom prompt message for a NE user logs in to an NE. For example, you can
configure the declaration of NE operation rights as the login prompt message, indicating that
an unauthorized user is prohibited from logging in to the NE.
Prerequisites
l Log in to the NE as a user with the system level or higher rights.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Security Parameters from the
Function Tree.
Step 2 Optional: Click Query to query the settings of NE security parameters.
Step 3 Select an NE, double-click Warning Screen Switching and choose whether to enable the
warning screen.
Step 4 Double-click Warning Screen Information and enter the NE login prompt message
information.
NOTE
You can enter information in the Warning Screen Information field only when you set Warning
Screen Switching to Enabled.
Step 5 Click Apply. The Result dialog box is displayed, indicating that this operation was
successful. Click Close.
----End

5.4.5 Managing NE Users

To ensure NE data security, you can manage the authorities and passwords for NE users.
Prerequisites
The following functions apply to the MSTP series, WDM series, WDM (NA) series, RTN
series, PTN series (except PTN 6900 series) and marine series NEs.
Related Concepts
5.4.5.1 Querying the Additional Information of NE User

This topic describes how to query additional information about an NE user, such as its login
policy, password policy, and last login time, to facilitate NE user management and task
assignment.
Prerequisites
l The level of the NE user to be queried is lower than that of the logged-in NE user.
Procedure
Step 1 Choose Administration > NE Security Management > NE User Management from the
Application Center and choose NE Security > Fix-Network NE > NE User Management
Step 2 Select an NE in the NE list and click .
Step 3 Optional: Click Query to query NE user information from the NE.
Step 4 Click View Additional User Info to query additional information about this NE user.
----End
5.4.5.2 Creating an NE User

To ensure NE data security, only the users with NE user authority can log in to the NEs. An
NE user can only perform authorized operations on the NEs. The U2000 administrator is
advised to create NE users before configuring services.
Prerequisites
l The level of the NE user to be created is lower than that of the logged-in NE user.

NOTE
Choose Administration > NE Security Management > NE User Management from the main
menu (traditional style); alternatively, double-click Security Management in Application Center
and choose NE Security > Fix-Network NE > NE User Management from the main menu
(application style). You can view the level information about NE users on the NE User
Management window.
Context
To ensure NE data security, it is recommended that you allocate NE users with different
authorities as required.
Procedure
Step 2 Select an NE from the NE list on the left and click .

Step 3 Click Add. The Add NE User dialog box is displayed.

Step 4 Optional: For the NA NE, click Add NA User. The Add NA NE User dialog box is
displayed.
Step 5 Enter the NE user name in the NE User field.
Step 6 Select the User Level as required.

NOTE
The default NE user has the monitor level authority.
Step 7 In the NE User Flag field, select a user type based on the type of the terminal through which
the user logs in to the NE.
Step 8 Click after the New Password, enter the new password in the output dialog box, click
OK.

NOTE
The password must meet the following requirements to safeguard your user account.
1. The password consists of 8 to 16 characters.
2. The password cannot duplicate or reverse the user name.
3. The password consists at least three of the following characters:
– Lower-case letters
– Upper-case letters
– Digits
– Special characters including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : ' " , < . > / ? and space
For PTN7900 and PTN990, the password must meet the following requirements:
3. The password must consists the following elements:
– At least one lower-case letter
– At least one upper-case letter
– At least one digit
– At least one special character including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : ' " , < . > / ?
and space, one space contained in two quotation masks("), for example, "Changeme 123".
NOTE
You also need to set the Immediate Password Change, Valid Permanently, Valid From, Valid Until,
Password Permanently Valid and Password Valid Days.
For the NA NE, you also need to set the Canceling User Automatically, Log Out User After (min),
User Permanently Valid, User Valid Days, Password Permanently Valid and Password Valid Days.
Step 9 Optional: Select the Hide NEs already using this user name check box, the NEs that
already use the user name are not included in the NE Name field.
NOTE
Selecting the Hide NEs already using this user name check box makes it easier to create NE users in
batches.
Step 10 In the NE Name field, select one or more NEs that this NE user is allowed to manage.
Step 11 Click OK.
----End
5.4.5.3 Modifying NE Users

To ensure the security of the NE data, you need to modify User Level, NE User Flag, Login
Allowed, Valid Permanently, and Password Valid Date of NE users.
Prerequisites
l The NE user is created.
l The level of the NE user to be modified is lower than that of the logged-in NE user.

NOTE
Choose Administration > NE Security Management > NE Login Management from the main
and choose NE Security > Fix-Network NE > NE Login Management from the main menu
(application style). You can view the login information about NE users on the NE Login
Management tab.
Procedure
Step 2 Select the NE list from the left and click .
Step 3 In the NE User Management Table, select the NE user to be modified and click Modify. The
Modify NE User dialog box is displayed.
Step 4 In the Modify NE User dialog box, modify the settings of the attributes of the NE user. Click
Apply.
Step 5 Click OK.
----End
5.4.5.4 Changing an NE User Password

It is recommended that NE user passwords be regularly changed to ensure network security.
Prerequisites
l An NE user has been created.
Context
If the default NE user password is not changed, the NE reports the
PASSWORD_NEED_CHANGE alarm to the U2000, prompting for immediate change to
the default password.
NOTICE
Change NE user passwords regularly and keep them secure for security purposes.
Procedure

Step 2 Select one or multiple NEs from the NE list and click .
Step 3 Perform the following operations to change passwords depending on NE users:

l NE users except the currently logged-in user in the NE list:
NOTE
The level of the currently logged-in NE user must be higher than that of the NE user whose
password is to be changed.
a. Select an NE user from the NE list and click Set Password.

b. In the Set Password of NE User dialog box, set the New Password of the NE
name.
NOTE
○ Lower-case letters
○ Upper-case letters
○ Digits
○ Special characters including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : ' " , < . > / ?
and space
○ At least one lower-case letter
○ At least one upper-case letter
○ At least one digit
○ At least one special character including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : '
" , < . > / ? and space, one space contained in two quotation masks("), for example,
"Changeme 123".
c. Click OK.
l Currently logged-in NE user:
a. Click Set Current User Password.
NOTE
Alternatively, you can Choose Administration > NE Security Management > NE Login
Management from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose NE Security > Fix-Network NE > NE
Login Management from the main menu (application style). click the NE Login
Management tab, select the currently logged-in NE user, and click Set Current User
Password.
b. In the Set Password of NE User dialog box, set the New Password of the NE
name.

NOTE
○ Lower-case letters
○ Upper-case letters
○ Digits
○ Special characters including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : ' " , < . > / ?
and space
○ At least one special character including ~ ! @ # $ % ^ & * ( ) - _ = + \ |[ { } ] ; : '
" , < . > / ? and space, one space contained in two quotation masks("), for example,
"Changeme 123".
c. Click OK.
Step 4 Click OK.
----End
5.4.5.5 Querying NE Security Parameters

Based on the default security settings, the NE can automatically determine whether the NE
user password is valid and decide whether to allow the NE user to login. The U2000
administrator must know the NE security settings and change the NE user password before it
becomes invalid.
Prerequisites
l You are an NMS user with Guests authority or higher.
l This function applies to the release 5.0 transport NEs.
l Log in to the NE as a user with the system level or higher rights.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Security Parameters from the
Function Tree.
Step 2 Click Query to query the settings of NE security parameters.
----End
5.4.5.6 Querying NE User Groups

NE users of different levels are divided into different U2000 user groups. In this user
interface, you can query NE users included in various U2000 user groups of an NE.

Prerequisites
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE User Group Management from
the Function Tree.
Step 2 Click Query to query NE users included in various U2000 user groups of the NE.
----End
5.4.5.7 Deleting NE Users

To ensure NE and network security, you need to delete the NE users that are no longer used.
This prevents misoperations or damage caused by illegal user account.
Prerequisites
l The NE user is created.
l The level of the NE user to be deleted is lower than that of the logged-in NE user.
NOTE
Choose Administration > NE Security Management > NE Login Management from the main
and choose NE Security > Fix-Network NE > NE Login Management from the main menu
(application style). You can view the log in information about NE users on the NE Login
Management tab.
Procedure
Step 2 Select an NE from the NE list and click .
Step 3 In the NE User Management Table, select the NE user to be deleted and click Delete. The
Confirm dialog box is displayed asking you whether to delete the NE user.
Step 4 Click OK.
----End
5.4.6 Configuring an NE As an SSH Server

This topic describes how to configure an NE as an SSH server on the U2000. After this
configuration, users can log in to NEs in STelnet mode using the TL1 command line interface
(CLI) or other tools.

Prerequisites
l It applies to the MSTP series, WDM series, WDM (NA) series, RTN series and marine
series NEs.
Context
The procedure for configuring a specific NE as an SSH server is as follows.
Procedure
Step 1 Set the communication service mode of the NE.
1. Choose Administration > NE Security Management > NE Communication Services
Security Management in Application Center and choose NE Security > Fix-Network
NE > NE Communication Services Management from the main menu (application
style).
2. Click the Communication Service Management tab.
3. In the NE list, select the desired NE and click .
4. Click Query to query the current communication service mode of the NE.
5. Enable all the communication service modes for the NE.
NOTE
– You can set the NE login mode (Telnet or STelnet) and NE upgrade and backup mode (FTP
client or SFTP client).
– STelnet is recommended because of STelnet protocol higher security than Telnet. SFTP
client is recommended because of SFTP protocol higher security than FTP.
6. Click Apply.
Step 2 Query the SSH server of the NE.

NOTE
You can determine whether an NE can be configured as an SSH server by querying the SSH server
information on the NE and choose to use the Telnet or STelnet mode to log in to the NE based on actual
requirements.
style).
2. Click the SSH Server tab.
3. In the NE list, select the desired NE and click . The query dialog box is
displayed, listing querying results in the right pane.
4. Click Query to query the SSH server of the NE.
Step 3 Create an NE key pair.

NOTE
If the NE functions as the SSH server, among the created NE key pair, the private key is saved on the
NE, and the public key is on the U2000 client. You need to export the public key information from the
U2000 and save the information for follow-up deployment on the SFTP server. In addition, during
package loading or package diffusion upgrade using the NE Software Management (DC), the NE can be
authenticated in SFTP key mode.
style).
2. Click the NE Key Management tab.
4. Click Query to query key management information of the NE.
5. Click New Key Pair.
The New Key Pair dialog box is displayed.
6. Set Key Type to S-RSA (NE As the Server) and select Overwrite Mode.
7. Click OK. In the dialog box that is displayed, click Close.
8. In the confirmation dialog box, click Yes to upload the public key immediately.
The public key is added to the window.
9. Click Export Public Keys. In the Export Public Keys dialog box, set Key Type to S-
RSA, set File Name, and click OK.
10. In the dialog box that is displayed, click Close.
Step 4 Generate a pair of SSH client keys and prepare a public key file.
NOTE
l The generated pair of SSH client keys is mainly used for Client Key Management. When
accessing an NE in Stelnet mode, a user requires a pair of SSH client keys to pass the key
authentication.
l A key pair, including a private key and public key, can be generated by using a key generator
PUTTYGEN.EXE. The following steps use PUTTYGEN.EXE as an example.
1. In the Parameters area, set Type of key to generate to SSH-2 RSA and Number of
bits in a generated key to 2048.
NOTE
– To ensure security, you must enter a password phrase for generating the key pair files. In
addition, the password phrase must meet U2000 password complexity requirements. For
details, see Password Policy.
– It is recommended that the key file is updated periodically to ensure data security. The
updating period can be customized. The recommended period for updating the private key file
is one month.
2. Click Generate, and then click Save public key and Save private key to save the public
key and the private key respectively after they are generated.
NOTE
To ensure security, you are advised to save the private key file and keep it secure.
3. Copy the public key content to a file, as shown in the following figure. Ensure that all
content in the file is put in one line. The file will be used to import public key
information.

Step 5 Import SSH client public key information to the NE.

style).
2. Click the Client Key Management tab.
4. Click Query to query public key information of the NE.
5. Click New.
The Add Client Public Key dialog box is displayed.
6. Set Public Key Name, Remarks, and Public Key Info.
NOTE
This setting can be performed in two ways. One is copying public key information in the public
key set exported in step 4. The other is importing the information into the U2000.
7. Optional: Select the Private Key File. Click the Browse to select the desired directory
to store client private key files, and then set the Passphrase for the client private key.
8. Click OK. In the dialog box that is displayed, click Close.
Public key information generated on the NE is saved to the authorized_keys file in
the .ssh directory for specific NE login users.
Step 6 Associate an SSH user with an SSH client public key.
NOTE
The SSH client public keys are usually shared by multiple NEs. SSH client public keys need to be bound
to NE user names that are usually the same. The U2000 provides SSH User Management to bind NE
users with SSH client public keys. By default, SSH users are security NE users.
style).
2. Click the SSH User Management tab.
4. Click Query to query user authentication information of the NE.
5. Set Authentication Mode and Client Public Key Name.

6. Click Apply. In the dialog box that is displayed, click Close.
----End
5.4.7 Checking NE SSH Fingerprint

When the U2000 uses STelnet to log in to an NE, man-in-the-middle (MITM) attacks may be
incurred if the SSH fingerprint is not verified for the NE. The NE that the U2000 logs in to
may be fake. The U2000 can check the SSH public key fingerprint on the NE when
connecting to the NE to prevent MITM attacks. This topic describes how to view NE SSH
fingerprints on the U2000 and determine whether the fingerprints need to be verified.
Prerequisites
l U2000The U2000 has logged in to NEs by using STelnet.
l This operation applies to the Router series, Switch series, PTN6900 series, PTN7900
series, Access series and Security NEs.
l You are an NMS user with Operator Group authority or higher.
Context
When using STelnet to log in to NEs, the U2000 does not verify the SSH fingerprints of NEs
by default but receives and displays fingerprints in the Confirmed Fingerprint area. To
verify the received fingerprints, modify the configuration file on the U2000 server under the
help of Huawei technical support engineers.
Procedure
Step 1 Choose Administration > NE Communicate Parameter > Set NE SSH Fingerprint from
the main menu (traditional style); alternatively, double-click Fix-Network NE Configuration
in Application Center and choose Administration > NE Communicate Parameter > Set
NE SSH Fingerprint from the main menu (application style).
Step 2 In the Confirm Fingerprint window, select an NE in the tree and click .
Step 3 View the received SSH fingerprint in the Confirmed Fingerprint area.
Table 5-16 Fingerprint parameters
Item Description
NE Name Indicates the name of the NE.
NE IP Indicates the IP address of the NE.

Address
Confirmed Indicates the confirmed SSH fingerprint of the NE.

Fingerprint l If fingerprint verification is disabled (default), the U2000 automatically
obtains the SSH fingerprint from the NE and saves it in the Confirmed
Fingerprint area.
l If fingerprint verification is enabled, the U2000 saves the confirmed
SSH fingerprint in the Confirmed Fingerprint area.

Item Description
Unconfirme Indicates the unconfirmed SSH fingerprint of the NE.

d l If fingerprint verification is enabled, the U2000 saves the unconfirmed
Fingerprint SSH fingerprint in the Unconfirmed Fingerprint area.
l If the SSH fingerprint of the NE has changed, the U2000 saves the
unconfirmed SSH fingerprint in the Unconfirmed Fingerprint area.
----End
5.5 Configuring NE RADIUS

Remote authentication dial-in user service (RADIUS) is an industrial standard. RADIUS
provides the authentication functions for the remote access to a network or dialup access to a
network.
NOTE
This function applies to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN series
(except PTN 6900 series) and marine series NEs.
5.5.1 Overview
Using the User Datagram Protocol (UDP) as the transmission protocol, RADIUS features
good and real-time performance. Owing to the retransmission mechanism and standby server
mechanism, RADIUS possesses high reliability. RADIUS is easy to implement and applies to
the multithreading structure of the server when there are a large number of users.
RADIUS Protocol
AA (Authentication, Authorization) is a technology used for user authentication,
authorization, and accounting. RADIUS is one of the commonly used protocols to implement
AA. The RADIUS protocol is an information exchange protocol used to authenticate remote
connections to the system and prevent unauthorized users from accessing the network.
RFC 2865 is the standard and protocol compliance of the RADIUS protocol.
Structures of a RADIUS Packet and the RADIUS Protocol Stack

Figure 5-18 shows the structure of a RADIUS packet. Table 5-17 provides detailed
description on fields in a RADIUS packet.
Figure 5-18 Structure of a RADIUS packet
Code Identifier Length
Authenticator
Attribute

Table 5-17 Field description of a RADIUS packet
Field Length Limit Description
Code 8 bits Indicates the type of a

RADIUS packet, such as
access request, access
permit.
Identifier 8 bits Indicates the identifier for

matching a request packet
with a response packet.
Length 16 bits Indicates the length of a

packet.
Authenticator 32 bits Indicates the authentication

word for ensuring the
security of a packet.
Attribute Not specified Indicates the attributes of a

packet. It is set in the type-
length-value (TLV) format.
An RADIUS client communicates with the server by using the user datagram protocol (UDP).
Figure 5-19 shows the structure of the RADIUS protocol stack.
Figure 5-19 Structure of the RADIUS protocol stack
RADIUS
IP
PPP Ether
NOTE
The reasons for using the UDP protocol instead of the TCP protocol for communication are as follows:
l The data transmitted between the network access server (NAS, namely, the RADIUS client) and
the RADIUS server is of tens of or even a hundred bits. The RADIUS protocol is required to
provide a retransmission mechanism and standby server mechanism. The RADIUS protocol
demands for a good timer management mechanism. A user can accept the authentication that lasts
only tens of seconds.
l In the case of many users, multiple threads are required on a server. The UDP protocol helps the
server to achieve this by simplifying the procedure.
l The TCP protocol, however, cannot be used to transmit data until a connection is created
successfully. Therefore, the TCP protocol is weak in the real-time performance when many users
are involved. In addition, the TCP protocol cannot meet the timing requirements of the RADIUS.

Implementation Principles
RADIUS adopts a distributed client/server model. Generally, the model is used to manage a
huge number of distributed dial-in users.
Figure 5-20 shows the networking structure of the RADIUS. An NE is set as an RADIUS
client or a proxy server. By managing a simple user database, the RADIUS server implements
authentication and accounting and adjusts the user service information based on the service
type and rights of a user. The RADIUS protocol specifies how the NAS and the RADIUS
server exchange the user information and the accounting information.
l The NAS extracts configuration information of a user, encapsulates the information into
a standard RADIUS packet, and send the packet to the RADIUS server for processing.
l The RADIUS server receives the connection request of the user, authenticates the user
request, and returns to the NAS the configuration information required for delivering
services to the user.
l The NAS and RADIUS exchange authentication information by using a key. The
password of a user is encrypted before being transmitted on the network, which prevents
the password from being intercepted on an insecure network.
l An RADIUS server can be used as a proxy client for other RADIUS servers or as an
authentication server of other types.
Figure 5-20 RADIUS networking structure

U2000 Client RADIUS RADIUS
Active Server Client
User A
U2000 Server RADIUS

Standby Server
User B
RADIUS
Client
User C
RADIUS
Client
Authentication Process
The password authentication protocol (PAP) is used for transmitting RADIUS packets
between RADIUS clients and RADIUS servers.
Figure 5-21 shows the main process of transmitting RADIUS messages between the server
and the client.
The authentication process is as follows:

1. When logging in to a NE though the U2000, the user first sends a user name and
password to this NE.

2. The RADIUS client on this NE receives the user name and password and it sends an
authentication request to the RADIUS server.
NOTE
l If no response is returned within the retransmission interval, the RADIUS client transmits the
request packet to the RADIUS server repeatedly. The packet retransmission interval and
retransmission times can be set by the user.
l The RADIUS server can be configured with one active server and zero or multiple standby
servers. The RADIUS client can forward the request to the standby or proxy server if the
active server is down or unreachable.
3. If the request is valid, the server completes the authentication and sends the required
authorization information back to the client.
4. Then the RADIUS client returns the authentication response to the user.
Figure 5-21 Process of transmitting messages between the RADIUS server and the client
(1) User name password (2) Request
(4) Response (3) Response

OSS NAS RADIUS Server
5.5.2 Setting an NE as an RADIUS Client or Proxy Server

An NE can be set as a remote authentication dial-in user service (RADIUS) client or proxy
server after the RADIUS Client and Proxy Server parameters are set on the corresponding
NE. If these parameters are not set on the NE, the RADIUS function of the NE cannot be
used.
Prerequisites
l The NE communicates with the U2000 successfully.
Context
l The RADIUS parameters on an NE can be set only after the NE is set as an RADIUS
client.
l If an NE is set as a RADIUS client without an RADIUS server, the NE cannot
implement RADIUS authentication.
Procedure
Step 1 Choose Administration > NE Security Management > RADIUS Configuration
Management in Application Center and choose NE Security > Fix-Network NE >
RADIUS Configuration Management from the main menu (application style).
Step 2 In the NE RADIUS Configurations window, click the NE RADIUS Function
Configurations tab.

Step 3 Select the NE and subnet to be queried from the navigation tree on the left. Click to
query the current configuration of the NE RADIUS function from the U2000.
Step 4 Click Query to query the current configuration of the NE RADIUS function from the NE.
Step 5 Double-click RADIUS Client and Proxy Server and set them to Open respectively.
Step 6 Click Apply.
----End
Follow-up Procedure
After an NE is set as a RADIUS client or proxy server, you need to add a RADIUS server.
5.5.3 Adding an RADIUS Server

Before using the RADIUS function, you need to add a remote authentication dial-in user
service (RADIUS) server.
Prerequisites
l An NE is set as an RADIUS client.
Procedure
RADIUS Configuration Management from the main menu (application style). In the NE
RADIUS Configurations window, click the NE RADIUS Configurations tab.
Step 2 Click RADIUS Server Configuration. The RADIUS Server Information dialog box is
displayed.
Step 3 Click Query to query the current configuration of the RADIUS server from the NE.
Step 4 Click New. The New RADIUS Server Information dialog box is displayed.
Step 5 Configure the RADIUS server information and click OK.

NOTE
l When adding a RADIUS server, identify the RADIUS server uniquely by entering the IP address of the
NE.
l When adding a proxy server, identify the proxy server by entering the IP address or the NE name.
l Before adding a proxy server, you need to set the NE as an RADIUS proxy server.
Step 6 Optional: Repeat Step 4 to Step 5 to add more RADIUS servers.

Step 7 Optional: In the RADIUS Server Information dialog box, select the RADIUS server to be
deleted. Then, click Delete. In the Hint box, click OK.
----End
Follow-up Procedure
After the RADIUS server is added, you need to configure the RADIUS parameters on the NE.
5.5.4 Setting NE RADIUS Parameters

A remote authentication dial-in user service (RADIUS) server can provide authentication
services after related parameters of the RADIUS are set on the corresponding NE.
Prerequisites
l An RADIUS server has been added.
Procedure
RADIUS Configuration Management from the main menu (application style). In the
RADIUS Configuration Management window, click the NE RADIUS Configurations tab.
Step 2 Select the NE and subnet to be queried from the navigation tree on the left. Click to
query the current configuration of the RADIUS from the U2000.
Step 3 Click Query to query the current configuration of the RADIUS from the NE.
Step 4 Click New. The New NE RADIUS Configuration dialog box is displayed.
NOTE
If the Server Type to be added is Proxy Server, you do not need to set Shared Key. In this situation,
the Shared Key can be blank.
Step 5 Set RADIUS parameters. Then, click OK.
----End
5.6 Change Audit

If changes occur on a device in the network, information about the changes can be queried
through the U2000.
With change audit, you can view the following changes:
l Entity changes
The system generates a change history after the change of the device entity is found by
polling or manually refreshing the device.
l Device configuration changes

After the device configuration file is backed up in DC management, you can find the
change of the device configuration file by comparing it with the previous configuration
file. A device configuration change history is generated.
l Software image changes
The change history is generated when the system polls the device and finds the change of
the software image version.
NOTE
The following functions only apply to the Router series, Switch series and Security NEs.
5.6.1 Viewing Information About Change Audit

This topic describes how to view information about change audit. If changes occur on a
device in the network, you can query information about the changes through change audit.
Prerequisites
You are an NMS user with Guests authority or higher.
Procedure
Step 1 Choose Administration > NE Security Management > Change Audit from the main menu
and choose NE Security > Fix-Network NE > Change Audit from the main menu
Step 2 In the Change Audit window, click Filter.
Step 3 In the Filter Criteria dialog box, set the querying criteria and click OK.
Step 4 Click a record. The details about the record are displayed in the Details area.
NOTE
l For a record with Change Type being Software Image, the Details tab displays two records. The
upper one shows software version information before change and the lower one shows the latest
software version information after change.
l For a record with Change Type being Entity, the Details tab displays the specific change type,
either Add or Delete.
----End
5.6.2 Dumping Information About Change Audit

This topic describes how to dump information about change audit. When the change audit
information stored in the U2000 exceeds the threshold settings (85%), U2000 operations will
be affected or even the system will break down. The dumping function is used to dump
change audit information on the U2000 to a file in a specified folder to improve the U2000
performance.
Prerequisites

Context
The U2000 deletes the records in the database after information about change audit is
dumped. Therefore, you cannot query the dumped records through the U2000 client.
Procedure
Step 2 In the Change Audit window, click Filter, set filter criteria, and click OK.
All records meeting the filter criteria are displayed in the query result area.
Step 3 In the querying result area, select one or more records to be dumped, right-click them and
choose Dump from the shortcut menu.
The system automatically generates a .dat file and dumps it to a specified folder.
NOTE
The files are dumped to the path %IMAP_ROOT%\var\ip\casdump and $IMAP_ROOT/var/ip/

casdump with the file name of current time.dat. For example, if the file is dumped at 16:30:40 on July
15, 2007, then the file name is 20070715163040.dat.
Step 5 Click OK.
----End
5.6.3 Deleting Information About Change Audit

This topic describes how to delete information about change audit. If a certain amount of
change audit information has been stored and dumped by the U2000, U2000 operations will
be affected and the system will even break down. Change audit information that does not need
to be concerned can be deleted to improve the U2000 performance.
Prerequisites
Context
The U2000 deletes the records in the database after information about change audit is deleted.
Therefore, you cannot query the deleted records through the U2000 client.
Procedure
Step 2 In the Change Audit window, click Filter, set filter criteria, and click OK.
All records meeting the conditions are displayed in the query result area.

Step 3 In the query result area, select one or more records to be deleted, right-click them and choose
Delete from the shortcut menu.
----End

The U2000 data is saved in the database. Therefore, ensure the database security with priority,
including protecting the security of the database password, backing up the database
periodically, viewing the database status, and dumping the database.
Take the following measures to ensure database security:
l After the U2000 is installed, database users sa and dbuser are automatically created. To
ensure security of the database password, change the password regularly.
NOTE
In order to enhance the security of the database after the U2000 is installed, the sa user may be
manually disabled and replaced with a customized administrator name, such as dbadmin.
l Back up the database periodically. Copy each backup file to other storage devices. In the
case of a U2000 or database fault, you can use the backup database for restoration. In
general situations, do as follows:
– Back up all databases of the U2000 once a week at scheduled time. For details of
the operation method, see 6.1.4.1.1 Periodically Backing Up the U2000 Data to a
Local Server Through the U2000 Client and 6.1.4.2.1 Periodically Backing Up
the U2000 Database to a Remote Server Through the U2000 Client.
l View the database status and dump the database periodically.
Related Tasks
6.1 Backing Up and Restoring the U2000 Data

Administrator Guide 6 U2000 Fast Restoration
6 U2000 Fast Restoration
About This Chapter
U2000 Fast Restoration include Backing Up and Restoring the U2000 Data, Fast Restoration
Scheme for the U2000 Cold Backup System, HA System (Veritas) Solution, OS Boot Disk
Backup and Restoration for Linux-based Single-Server Systems, SRM Solution.

To ensure the security of network data, the U2000 provides the function of backing up and
restoring network data.
6.2 Fast Restoration Scheme for the U2000 Cold Backup System
The fast restoration scheme for the U2000 cold backup system automatically backs up data
and files on the primary site and restores the data and files on the secondary site. When the
primary site malfunctions, the secondary site fast takes over network monitoring. The
following introduces the realization process of this scheme.
6.3 HA System (Veritas) Solution
High Availability System (Veritas) include High Availability System (Solaris), Local SUSE
Linux High Availability System (PC server), Remote SUSE Linux High Availability System
(PC server) and Distributed Remote Cold Standby HA System.
6.4 Backing up and restoring all data in the U2000 database by mirroring the database
The U2000 automatically creates a scheduled task of backing up the U2000 database during
its initial installation to implement database backup. The backup database equals a clone of
the original U2000 database. When the original U2000 database is damaged, or exceptions
occur on the data in the database, you can quickly switch the data source to the database that
is backed up previously, ensuring that the U2000 can be started properly.
6.5 Full System Backup and Restoration (Single Server System, SUSE Linux)
The solution applies only to a SUSE Linux U2000 single-server system with the standard
configuration (eight disks). This solution produces ISO files for OS recovery when the OS is
running properly and backs up the system partitions. When the OS fails to be started, the OS
is started and disk partition information is recovered using ISO files, helping quickly recover
the U2000 for monitoring.
6.6 SRM Solution
Site Recovery Manager (SRM) is a disaster recovery solution developed by VMware. This
solution uses VMs to achieve policy-based storage and replication. The SRM solution can

implement U2000 Distributed System remote disaster recovery. Either the SRM solution or
remote cold standby HA system is used at a time.

To ensure the security of network data, the U2000 provides the function of backing up and
restoring network data.
Related Concepts
6.1.1 Basic Concepts and Application Scenarios

This topic describes basic concepts and application scenarios of backup, restoration and dump
of U2000 data.
Basic Concepts
Backup
Backup is a method used to store important data for restoring the original data.
The U2000 provides the following schemes to backup U2000 data:

l Backup of the U2000 data
The backup object is the entire U2000 database, including the custom data at the U2000
side (excluding the custom options of the system), network layer trail data, NE-side
configuration data, alarm data and performance data. In addition, a backup is created for
the structure of the entire database, all database tables (including the system tables and
the user tables), table structure, and stored procedures.
l Backup of the data by using scripts
The U2000 provides the function of exporting and importing script files, to back up and
restore the network configuration data of the U2000, including the user name, password
of the NEs, path information, and topology coordinates. This realizes the upgrade of the
configuration data with zero loss during the U2000 upgrade.
l Backup by mirroring the U2000 database
NOTE
l The U2000 automatically mirrors the database environment to back up data.

l This scheme applies only to Solaris and SUSE Linux OSs.
For details on the differences between the schemes, refer to 6.1.2 Methods of Backing Up
and Restoring the U2000 Data.
NOTE
The personal information (including personal name, phone numbers and addresses) on the U2000 and all
user names and passwords are also backed up. Therefore, you are obligated to take considerable
measures, in compliance with the laws of the countries concerned and the user privacy policies of your
company, to ensure that the personal data of users is fully protected.

Restoration
Restoration coexists with backup. When certain data is damaged or destroyed, you can restore
the data.
Restoration is to restore database data from the backup file, and then overwrite the existing
data file.
Dump
Dump is a process that saves logs (such as alarm logs, event logs, U2000 security logs,
operation logs, and system logs) and performance data on the database as OS files in text
format and deletes the logs and performance data from the database to clear database space.
The following types of dump are available:

l Overflow dump
The overflow dump is performed when the logs in the databases reach the maximum
storage capacity. You can specify the number of logs to dump.
l Scheduled dump
The scheduled dump, which is the alternative method of overflow dump, is optional. You
can set whether to create a scheduled task, and if you create a scheduled task you can
specify the schedule time and duration.
l Immediate dump
The immediate dump is also referred to as manual dump. This method is used to dump
data that was created on a specific date.
Application Scenarios
Based on the operating system type:

Backup and restoration of U2000 data can be implemented in the following scenarios by the
operating system type. The available operating system types are Solaris single-server system,
SUSE Linux single-server system, Windows single-server system, Solaris high availability
system, and SUSE Linux high availability system.
Based on the location of backup data:

l Local data backup and restoration
Data of a specific server is backed up to a local disk and the backup data is then used to
restore U2000 data. For example, back up data of server A to disk D on server A, and
then use the backup data on disk D to restore data of server A.
It is advisable to perform remote backup when the local disk space is insufficient.
l Remote data backup and restoration
Data of the U2000 server is backed up to a remote server and the backup data on the
remote server is then used to restore U2000 data. For example, back up data of server A
to remote server B, and then use the backup data on remote server B to restore data of
server A.

Based on the source of data for restoration:

l Local data restoration (recommended)
Backup data of the local server is used to restore server data. For example, use backup
data of server A to restore data of server A.
l Remote data restoration
Backup data of another server is used to restore data of the specific server. For example,
use backup data of server B to restore data of server A.
Based on the data restoration mechanism:

l Restoring from the backup data
The data backed up by users is used to restore the database.
l Switching the data source
The database is restored by switching the data source to the database that is
automatically backed up at a scheduled time by the server. In this manner, the backup
database works as the data source, ensuring that the U2000 can be started properly.
6.1.2 Methods of Backing Up and Restoring the U2000 Data

This topic describes how to configure the policies for backing up and restoring data. You can
back up and restore the U2000 data in three ways: Back up and restore all data in U2000
databases, and back up and restore the U2000 network configuration data by using script files,
and back up and restore all data in the U2000 database by mirroring the database.
Backing up and restoring all data in the U2000 databases

The U2000 databases are automatically created during the initial installation of the U2000.
When you back up the U2000 databases, the databases are saved as operating system files.
The backup object is the entire U2000 database, including the custom data at the U2000 side
(excluding the custom options of the system), network layer trail data, NE-side configuration
data, alarm data and performance data. In addition, a backup is created for the structure of the
entire database, all database tables (including the system tables and the user tables), table
structure, and stored procedures.
NOTE
Backup data of an OS cannot be used for data restoration of another version or type of OS.
Backup data of a database cannot be used for data restoration of another version or type of database.
The following data is not backed up when you back up the U2000 database:
l The data that is not saved at the NE side, that is, the data that cannot be uploaded.
l The custom options of the system, for example, font, color setting, and audio setting.
Backing up and restoring the U2000 network configuration data by using the
script files
The U2000 provides the function of exporting and importing script files, to back up and
restore the network configuration data of the U2000, including the user name, password of the

NEs, path information, and topology coordinates. This realizes the upgrade of the
configuration data with zero loss during the U2000 upgrade. For details, see 6.1.6 Backing
Up and Restoring the U2000 Network Configuration Data by Using Script Files.
NOTE
l The default coding format in a script file is UTF-8. If illegible characters are displayed, to change
the coding format of the script file, in the Windows OS, you can modify the encoding configuration
item in the %IMAP_ROOT%\cbb\trans\core\conf\xml\script\script_enum.xml configuration
file; In the Solaris or SUSE Linux OS, you can modify the encoding configuration item in the
$IMAP_ROOT/cbb/trans/core/conf/xml/script/script_enum.xml configuration file.
l By default, the name of a script file contains the NE name. To exclude the NE name from a script
file name, in the Windows OS, you can modify the scriptname configuration item in the
%IMAP_ROOT%\cbb\trans\core\conf\xml\script\script_enum.xml configuration file. In the
Solaris or SUSE Linux OS, you can modify the scriptname configuration item in the
l The data are exported from the U2000 database.
l The imported script files update the data on the U2000 only, with no impact on the data on the NEs.
l The personal information (including personal name, phone numbers and addresses) on the U2000
and all user names and passwords are also backed up. Therefore, you are obligated to take
considerable measures, in compliance with the laws of the countries concerned and the user privacy
policies of your company, to ensure that the personal data of users is fully protected.
Backing up and restoring all data in the U2000 database by mirroring the
database
is backed up previously, ensuring that the U2000 can be started properly. Database mirroring
for backup uses disk space. If the server has insufficient space and has another solution
configured to back up the database, uninstall the mirroring database. For details, see A.11.76
How Do I Uninstall a Mirroring Database.

NOTE

l The scheme that U2000 installed on the VM(s) does not support backing up and restoring all data in the
U2000 database by mirroring the database.
l Remaining space in the /opt/backup directory must be at least twice the database size plus 10 GB. You
can run the df -hk /opt/backup command to check the remaining space of the /opt/backup partition.
l The U2000 will automatically create the /opt/backup/forDBSVRBCK/sybasebackup directory during
its installation. Do not delete or modify the directory and files in it.
l After the U2000 is installed, it automatically mirrors the database at 01:00 every Wednesday by default to
back up data. You can see A.11.55 How Do I Modify the Database Scheduled Backup Time to
customize the scheduled backup time. Ensure that U2000 data is not backed up using the U2000 client
or MSuite during the period when U2000 data is backed up by mirroring the database.
l The entire mirroring process lasts for 30 to 60 minutes. In this period, do not perform operations that
involve a large amount of data if possible, for example, U2000 cutover, data dump, and performance
collection.
l Run the following command to query on which database the U2000 is running:
# cd /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/ChangeStartMode
# ./QueryCurrentMode.sh
The following information is displayed:
last backup dbsvr status is ok now start is normal mode>>>>>
NOTE
l normal mode: indicates that the data source is the primary U2000 database.
l monitor mode: indicates that the data source is the U2000 backup database.
l If the message notify:last backup dbsvr status is error is displayed, the latest database
mirroring fails.
Comparison of Three Data Maintenance Methods

The characteristics of the three data maintenance methods determine their application
scenarios. Table 6-1 lists the characteristics and application scenarios of the three methods.
Table 6-1 Characteristics and application scenarios of three data maintenance methods
Method Characteristics Application Scenario
Backing up and restoring all l Backs up the structure This requires a large storage
data in the U2000 databases and contents of the medium space. If you want
U2000 database. to back up the U2000
l The data is in the binary database in a scheduled
mode. manner, large-size disk is
recommended.
l Backs up all data of the
U2000 database.
l The processing speed is
fast.
l The backup file is big.

Method Characteristics Application Scenario
Backing up and restoring the l Exports the configuration l This method is usually
U2000 network data in the U2000 to used to upgrade the
configuration data by using a .txt file that is similar U2000. The new U2000
the script files to the MML format. This version is compatible
is done to save data. with the scripts of the old
l Backs up only some of version.
the data, including the l This method is usually
basic configuration data, used to back up and
port naming data and restore the basic
custom data. configuration data for a
l The processing speed is single NE. This method
slow. also restores the custom
data.
l The backup file is small.
Backing up and restoring all l This scheme applies only l When the original U2000
data in the U2000 database to Solaris and SUSE database is damaged, or
by mirroring the database Linux OSs. exceptions occur on the
l After the U2000 is data in the database, you
installed, it automatically can quickly switch the
backs up the database at data source to the
a scheduled time. database that is backed
up previously, ensuring
l Backs up all data in the that the U2000 can be
U2000 database. started properly.
l The backup file is large.
6.1.3 Suggestions on Data Backup and Restoration

This topic describes suggestions on backup and restoration of U2000 data.
l If the hard disk is large (if the available space exceeds 10 GB), you can back up the
U2000 databases on a quarterly basis.
l Regularly move the to-be-backed up database data to a third-party storage medium so
that the database data can still be accessed even when the hard disk is damaged.
l When backing up U2000 data to a local server, also back up the data to a remote server
to improve data security.
l Back up databases before or after performing an installation, deployment, or
maintenance operation on the U2000, for example, U2000 upgrade or patch installation.
l Before backing up the data, upload the NE data, and perform the search of the protection
subnets and trails.
l To ensure successful data backup, do not change any data on the U2000 when backing
up the database.
l To avoid a situation in which data occupies too much disk space, clear the data that is
previously backed up, on a regular basis.
l Before restoring U2000 databases, you must shut down the U2000 server and ensure that
the databases are not used by other users.

l If security hardening is enabled, log in to the OS as the ossuser user. Then run the su -
root command and enter the root user password to switch to the root user.
6.1.4 Backing Up and Restoring the U2000 Data
6.1.4.1 Backing Up U2000 Data to a Local Server

This topic describes how to back up the U2000 data to a local server. The U2000 data backup
is essential to restore the U2000 database safely and quickly.
Either an MSuite or U2000 client can be used to back up the U2000 data. The data backup
method using an MSuite or U2000 client is the same.
6.1.4.1.1 Periodically Backing Up the U2000 Data to a Local Server Through the U2000
Client
If a hard disk has available space over 10 GB, you can back up the U2000 databases on a
quarterly basis. The backup object is the entire U2000 database, including the custom data at
the U2000 side (excluding the custom options of the system), network layer trail data, NE-
side configuration data, alarm data and performance data. In addition, a backup is created for
the structure of the entire database, all database tables (including the system tables and the
user tables), table structure, and stored procedures.
Prerequisites
l All users must have been logged out of the MSuite client to prevent incomplete database
backup.
l Sufficient disk space is available.
– On Windows, generally, the available disk space of the local temporary directory
and the local backup path is over 1/3 of that for the local database. The default local
temporary directory is D:\tmp. The default local database path is D:\data in a
single-server system.
– On Solaris, the available disk space of the local backup path is over 3/4 (This is an
empirical value. You can evaluate the space required by each database based on the
value queried in the sp_helpdb command output. The required space is calculated
as follows: Total size = (Remaining date space + Remaining log space). Then,
evaluate the available space of the local backup path.) of that for the local database,
the disk space of the local temporary directory (/tmp) is 500 MB or above. The
default local database path is /opt/sybase/data. To view the disk space, run the
following command:
# du -sh Data file path
– On SUSE Linux, the available disk space of the local backup path is over 3/4 (This
is an empirical value. You can evaluate the space required by each database based
on the value queried in the sp_helpdb command output. The required space is
calculated as follows: Total size = (Remaining date space + Remaining log
space). Then, evaluate the available space of the local backup path.) of that for the
local database, not considering the disk space of the local temporary directory. The
following command:

Context
l The U2000 does not support multiple periodic backup tasks at the same time. The
difference between the time points to start scheduled tasks must be greater than the
maximum running period of the tasks.
l Backing up the database data during off-peak hours is recommended because it takes a
long time, and affects other functions, such as adding, deleting, and modifying data. It is
recommended that you set the scheduled backup time to the time when network service
traffic is light, such as at midnight (00:00~06:00).
l You are recommended to back up the database at a different time from planning and
maintaining the live network so that live network planning and maintenance will not be
affected by database backup.
NOTICE
l Do not perform other operations when backing up the database. Otherwise, data
inconsistency may occur and pose potential risks to the system.
l The personal information (including personal name, phone numbers and addresses)
on the U2000 and all user names and passwords are also backed up. Therefore, you
are obligated to take considerable measures, in compliance with the laws of the
countries concerned and the user privacy policies of your company, to ensure that the
personal data of users is fully protected.
l Directory of the database backup file

A complete directory of the database backup file contains Root directory of the
database backup file, Backup Path, and A folder named by time, for example, /opt/
backup/dbbackup/backup/201306271646/.
– Root directory of the database backup file:
n If the local server is on Windows OS, the Root directory of the database
backup file is D:\backup (assuming that the U2000 is installed in the D:\oss\
path).
n If the local server is on Solaris/SUSE Linux OS, the Root directory of the
database backup file is /opt/backup/dbbackup.
You can query or modify the default root directory of the database backup file
referring to modifyDefaultBackupPath. The modified default root directory of
the database backup file takes effect only after the process UniteUitlDM is
restarted in Service Monitor tab page in the system monitor client.
– Backup Path: A backup path is configured on the MSuite. If Backup Path is not
specified, the default backup path is used.
n If the local server is on Windows OS, the default Backup Path of the local
server is in the dbbackup directory.
n If the local server is on Solaris/SUSE Linux OS, the default Backup Path of
the local server is in the dbbackup directory.
l In a high availability system, the AppService resource group automatically freezes
during backup. After backup is complete, the resource group automatically unfreezes.

Procedure
l Scenario 1: Default scheduled task for database backup
The U2000 provides Default scheduled task for database backup. Database backup is
a method used to store important data to restore the damage of the original data.
NOTE
l Choose Administration > Task Schedule > Task Management from the main menu (traditional
style); alternatively, double-click System Management in Application Center and choose Task
Schedule > Task Management from the main menu (application style).Choose Task Type >
Backup > DB Backup, right-click Default scheduled task for database backup and choose Run
Now from the shortcut menu. You can view the default tasks in the task list on the right.
l Default scheduled task for database backup is a periodical task. The default Start time is set to
02/20/2016 21:00:00, and the default interval is set to 7 Days. That is, the task starts at 21:00 every
Saturday and repeats unlimited times. The default Delete settings is set to not delete tasks
automatically.
l Right-click Default scheduled task for database backup and choose Attributes from the shortcut
menu. In the Attributes dialog box, set parameters such as Start time and interval.
l By default, data is backed up to the local server. You can set Back up the data to the local server
to Back up the data to the remote server on the Extended Parameters tab in the Attributes
dialog box.
l Before the database is backed up, the U2000 will check the available disk space. If the space is
insufficient, the Risk Summary dialog box will be displayed indicating that risks may arise when
the U2000 is running.
l Scenario 2: Manually created task for database backup
a. Log in to the U2000 client. For details, see 2.6 Logging In to a U2000 Client.
b. Choose Administration > Task Schedule > Task Management from the main
menu (traditional style); alternatively, double-click System Management in
Application Center and choose Task Schedule > Task Management from the
main menu (application style).
c. Choose Task Type > Backup > DB Backup in the left pane, and click New. The
New Task dialog box is displayed.
d. Enter a name for the scheduled task. Select One-time or Periodic as the run type.
Then, click Next.
e. In Time Setting, set the planned start time of the task. If One-time is selected,
choose to start the task immediately or not. If Periodic is selected, in the Period
Setting area, specify the task period and set Execution Times or End time. Then,
click Next.
NOTICE
If multiple scheduled backup tasks are configured, their backup time ranges cannot
overlap; otherwise, backup fails.
f. Set the related parameters.

i. Set the number of backup files in the backup path. During backup, the backup
data is generated in a folder named by time in the backup path. For example,
the path is \201203271646. If the number of files in the backup path exceeds
the preset value, earlier backup files will be deleted automatically. It is
recommended that you use the default value.

ii. Select Back up the data to the local server and enter a backup path on the
local server.
NOTICE
l The Backup Path must be a relative path that contains letters, digits,
underscores (_), or hyphens (-) and excludes the space, bracket, Chinese
characters and so on. The complete path name cannot exceed 60 characters.
For Windows, the Backup Path must be located on the disk drive of the
server. You can query or modify the default database backup root path
referring to modifyDefaultBackupPath.
l If Backup Path is not specified, the default backup path is used. For
details, see Backup Path.
l If the entered Backup Path value does not exist, the system displays a
message asking you whether to create the directory. Click Yes.
l On Solaris OS or SUSE Linux OS, if the entered Backup Path value
exists, assign permissions to the Backup Path based on the level as root
user.
Run the following command as the root user for the last directory of the
path:
# chown -R ossuser:ossgroup path # chmod -R 750 path
For example, if Root directory of the database backup file is set to the
default value /opt/backup/dbbackup, Backup Path is set to backup, and
backup exists, run the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -
R 750 /opt/backup/dbbackup/backup
g. Then click Finish. A message asking you whether to continue is displayed, click
Yes.
h. In the warning dialog box that is displayed, click OK.
----End
Result
Manually created tasks for database backup are displayed in the right-hand pane of the
window.
6.1.4.1.2 Immediately Backing Up the U2000 Data to a Local Server Through the U2000
Client
This topic describes how to enable the periodically backup of the U2000 database to the local
server. After this configuration, the database can be safely and quickly restored after a fault
occurs. The backup object is the entire U2000 database, including the custom data at the
U2000 side (excluding the custom options of the system), network layer trail data, NE-side
configuration data, alarm data and performance data. In addition, a backup is created for the
structure of the entire database, all database tables (including the system tables and the user
tables), table structure, and stored procedures.

Prerequisites
l All users must have been logged out of the MSuite client.
following command:
following command:
l The database is running. Perform the following operations to start the database if it is not
running:
– For the Single-Server System (Windows), see A.8.4 How to Start the SQL Server
Database.
– For the Single-Server System (Solaris), see A.9.1.2 How to Start the Sybase
Database Service.
– For the Single-Server System (SUSE Linux), see A.9.1.2 How to Start the Sybase
Database Service.
– For the High Availability System (Solaris/SUSE Linux), see A.9.1.2 How to Start
the Sybase Database Service.
Context
l The backup process cannot be canceled once it is started.
long time, and affects other functions, such as adding, deleting, and modifying data.It is
recommended that you set the backup time to the time when network service traffic is
light, such as at midnight (00:00~06:00).

NOTICE
l Directory of the database backup file

A complete directory of the database backup file contains Root directory of the
database backup file, Backup Path, and A folder named by time, for example, /opt/
backup/dbbackup/backup/201306271646/.
– Root directory of the database backup file:
n If the local server is on Windows OS, the Root directory of the database
backup file is D:\backup (assuming that the U2000 is installed in the D:\oss\
path).
n If the local server is on Solaris/SUSE Linux OS, the Root directory of the
database backup file is /opt/backup/dbbackup.
You can query or modify the default root directory of the database backup file
referring to modifyDefaultBackupPath. The modified default root directory of
the database backup file takes effect only after the process UniteUitlDM is
restarted in Service Monitor tab page in the system monitor client.
– Backup Path: A backup path is configured on the MSuite. If Backup Path is not
specified, the default backup path is used.
n If the local server is on Windows OS, the default Backup Path of the local
server is in the dbbackup directory.
n If the local server is on Solaris/SUSE Linux OS, the default Backup Path of
the local server is in the dbbackup directory.
l In a high availability system, the AppService resource group automatically freezes
during backup. After backup is complete, the resource group automatically unfreezes.
Procedure
Step 1 Log in to the U2000 client. For details, see 2.6 Logging In to a U2000 Client.
Step 2 Choose Administration > Back Up/Restore NMS Data > Database Backup from the main
menu (traditional style); alternatively, double-click System Management in Application
Center and choose System > Back Up/Restore NMS Data > Database Backup from the
Step 3 Set the related parameters.

1. Set the number of backup files in the backup path. During backup, the backup data is
generated in a folder named by time in the backup path. For example, the path is
\201203271646. If the number of files in the backup path exceeds the preset value,
earlier backup files will be deleted automatically. It is recommended that you use the
default value.

2. Set the backup path on the server, and then click Backup.
NOTE
Customizing a backup path helps to avoid the effect of system reinstallation and disk formatting
on backup data. This improves the maintainability of the system.
NOTICE
– The Backup Path must be a relative path that contains letters, digits, underscores (_),
or hyphens (-) and excludes the space, bracket, Chinese characters and so on. The
complete path name cannot exceed 60 characters. For Windows, the Backup Path
must be located on the disk drive of the server. You can query or modify the default
database backup root path referring to modifyDefaultBackupPath.
– If Backup Path is not specified, the default backup path is used. For details, see
Backup Path.
– If the entered Backup Path value does not exist, the system displays a message
asking you whether to create the directory. Click Yes.
– On Solaris OS or SUSE Linux OS, if the entered Backup Path value exists, assign
permissions to the Backup Path based on the level as root user.
Run the following command as the root user for the last directory of the path:
For example, if Root directory of the database backup file is set to the default
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists,
run the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R
750 /opt/backup/dbbackup/backup
Step 4 A message asking you whether to continue is displayed, click Yes.

Step 5 In the warning dialog box that is displayed, click OK. The U2000 database backup starts and
a dialog box is displayed showing the backup progress.
----End
6.1.4.1.3 Immediately Backing Up the U2000 Data to a Local Server Through the MSuite
This topic describes how to immediately back up the U2000 database to a local server through
the NMS maintenance suite (MSuite). After this configuration, the database can be safely and
quickly restored after a fault occurs.
Prerequisites
l The database is running.

following command:
following command:
Context
The backup process cannot be canceled once it is started.
NOTICE
The personal information (including personal name, phone numbers and addresses) on the
U2000 and all user names and passwords are also backed up. Therefore, you are obligated to
take considerable measures, in compliance with the laws of the countries concerned and the
user privacy policies of your company, to ensure that the personal data of users is fully
protected.
Procedure
Step 1 Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
NOTE
On a high availability system, log in to the MSuite client on the active site.
Step 2 On the MSuite client, choose Backup and Restore > Backup System Data from the main
menu.
Step 3 Select Data Backup-Binary Mode(Recommended), and then click Next.
NOTE
Data Backup-Text Mode is only used to collect fault information when the U2000 fails to locate and
rectify the fault. This mode is not recommended during routine database backup.

default value.
2. Set the backup path for storing the backup file. Select Local server and then set the
Backup Path.

– It is recommended that you use the default backup path. If the system asks whether
to create a default backup path, click Yes to create the path.
– If you want to use another backup path, click Browse to select it.
NOTICE
Backup Path.
Step 5 After the setting is completed, click Next.

NOTE
If the U2000 is running, the follow box is displayed, please click the Yes and ensure that the NMS is not
performing configuration operations.
Step 6 The system starts the backup preprocessing and backup process. A progress bar is displayed
showing the backup progress. Wait patiently.
Step 7 After the backup is completed, click Finish.
----End
Operations Through the CLI

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, back up the
U2000 database of binary mode through the CLI.
NOTICE
l The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
performing the backup through the CLI.
l If the U2000 is running, please stop NMS first, and then backup the U2000 data, or
backup operation fails.
The operations in CLI mode are as follows:

On Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ cd /opt/oss/client/engineering
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -DumpDB -
StoreMode local -FilePath Backup path
Enter the MSuite login password[]:
NOTE
l The backup directory must be a relative path (the root path is /opt/backup/dbbackup) that contains
letters, digits, underscores (_), or hyphens (-) and excludes the space, bracket, Chinese characters
and so on. The complete path name cannot exceed 60 characters. For Windows, the backup directory
must be located on the disk drive of the server.
MSuite password: The default user name of the MSuite is admin and the default password is
Changeme_123. If the password has been changed, enter the new password. If the password has not
been changed, for system security, modify the default password and remember the new password. For
details, see C.3.1 Changing the Password of the MSuite.
6.1.4.2 Backing Up U2000 Data to a Remote Server

This topic describes how to back up the U2000 data to a remote server, which is mandatory
for restoring the U2000 database securely and rapidly.
Either an MSuite or U2000 client can be used to back up the U2000 data. The data backup
method using an MSuite or U2000 client is the same.

6.1.4.2.1 Periodically Backing Up the U2000 Database to a Remote Server Through the
U2000 Client
This topic describes how to enable periodical backup of the U2000 database to a remote
server. After this configuration, the database can be safely and quickly restored after a fault
occurs.
Prerequisites
l All users have been logged out of the NMS maintenance suite (MSuite) client.
l The FTP or SFTP services are running on the remote server, and the relevant ports are
enabled. The port of FTP server is 21, and the port of SFTP server is 22.
NOTE
l For details on how to start the FTP or SFTP (more secure, recommended) services on Solaris,
see A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services.
l For details on how to start the FTP or SFTP (more secure, recommended) services on SUSE
Linux, see A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
l For details on how to configure FTP, SFTP (more secure, recommended) or TFTP services on
Windows, see A.11.45 How to Configure the FTP or SFTP Service on Windows OS.
l The FTP or SFTP user must have the write permission for the remote FTP/SFTP server,
and the U2000 server and remote FTP server can communicate with each other properly.
l If the network segments for the U2000 and the FTP/SFTP server are on different
firewalls, the FTP/SFTP (more secure, recommended) service from the U2000 to the
FTP/SFTP server must be enabled on the firewalls. For details about how to enable the
FTP/SFTP (more secure, recommended) service, see the firewall guide.
l Sufficient disk space is available. Generally, the disk space of the local temporary
directory is over 2/3 of that for the local database, and the disk space of the remote
backup path is over 1/3 of that for the local database.
– On Windows, the default local temporary directory is D:\tmp, the default local
database path is D:\data in a single-server system. To view the disk space, right-
click Data file path and choose Properties from the shortcut menu.
– On Solaris, the default local temporary directory is /opt/backup/dbbackup/tmp,
following command:
– On SUSE Linux, the default local temporary directory is /opt/backup/dbbackup/

tmp, the default local database path is /opt/sybase/data. To view the disk space,
run the following command:
Context
l The U2000 client does not support multiple periodic backup tasks at the same time. The
long time, and affects other functions, such as adding, deleting, and modifying data. It is
recommended that you set the scheduled backup time to the time when network service
traffic is light, such as at midnight (00:00~06:00).

NOTICE
l On the Solaris OS, if the tmp directory exists in the /opt/backup/dbbackup path, you
need to ensure that the owner and group of the directory are both sybase. Run the
following commands to change the owner and group of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/backup/dbbackup/tmp
# chmod -R 775 /opt/tmp
If the tmp directory doesn't exist in the /opt/backup/dbbackup path, the temporary
directory tmp is created in the /opt/backup/dbbackup path during the backup of the
database.
NOTICE
The personal information (including personal name, phone numbers and addresses) on
the U2000 and all user names and passwords are also backed up. Therefore, you are
obligated to take considerable measures, in compliance with the laws of the countries
concerned and the user privacy policies of your company, to ensure that the personal data
of users is fully protected.
Procedure
Step 3 Choose Task Type > Backup > DB Backup in the left pane, and click New. The New Task
dialog box is displayed.
Step 4 Enter a name for the scheduled task. Select One-time or Periodic as the run type. Then, click
Next.
Step 5 In Time Setting, set the planned start time of the task. If One-time is selected, choose to start
the task immediately or not. If Periodic is selected, in the Period Setting area, specify the
task period and set Execution Times or End time. Then, click Next.

default value.
2. Select Back up the data to the remote server and then set the parameters associated
with the remote server. Then click Finish. In the warning dialog box that is displayed,
click OK.
– Server IP Address: IP address of the server where the backup file is stored.
– Transmission Mode: FTP or SFTP mode. SFTP is recommended because it is
more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating
that using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
– User Name: Name of the FTP user or SFTP user.
– Password: Password of the FTP user or SFTP user.
– Backup Path on the Remote Server: Path for storing the backup file of the remote
server.

NOTE
– Backup Path on the Remote Server can not be null, and in Solaris or SUSE Linux, the backup
directory cannot be /. In Windows, the backup directory cannot be the root directory for the SFTP or
FTP service. The backup directory contains letters, digits, underscores (_), or hyphens (-) and
excludes space brackets, Chinese characters and so on. The path name cannot exceed 60 characters.
– The backup path on the remote Windows server must be the same as that FTP/SFTP service on the
server provide, otherwise, backup fails.
– In case the ftpuser user is used for remote Solaris and SUSE Linux server backup, log in to the
remote server as the root user using the PuTTY to create the backup directory in the ftpuser user's
root directory (/opt/backup/ftpboot) on the remote server, and modify the created directory rights
(the created backup directory tmp is used as an example in the following command):
# mkdir /opt/backup/ftpboot/tmp
# chown -R ftpuser:ossgroup /opt/backup/ftpboot/tmp
# chmod -R 700 /opt/backup/ftpboot/tmp
– In case the ossuser user is used for remote Solaris and SUSE Linux server backup, enter the
Backup Path on the Remote Server.
n If the entered Backup Path on the Remote Server is exist, make sure the permission is
ossuser:ossgroup and more than 700 or the task periodically backing up the U2000 database
to a remote server would failed.
n If the entered Backup Path on the Remote Server is a relative path but not exist in the
ossuser user's root directory, the system displays a message asking you whether to create the
directory. Click Yes, the system will create the directory.
n If the entered Backup Path on the Remote Server is an absolute path but failed created. Log
in to the remote server as root user using the PuTTY to create the backup directory, and
modify the created directory rights.
# mkdir Folder that stores backup files
# chown -R ossuser:ossgroup Folder that stores backup files
# chmod -R 700 Folder that stores backup files
----End
Result
On the Task Management tab page, choose Task Type > Backup > DB Backup from the
service tree. The created task is displayed in the right-hand pane of the window.
6.1.4.2.2 Immediately Backing Up the U2000 Database to a Remote Server Through the
MSuite
This topic describes how to immediately back up the U2000 database to a remote server by
using the NMS maintenance suite (MSuite). After this configuration, the database can be
safely and quickly restored after a fault occurs.
Prerequisites
NOTE

following command:

Context
database.
NOTICE
Procedure
NOTE
menu.


NOTE

default value.
2. Select Remote server and then set the parameters associated with the remote server. The
parameter description is as follows:
– Transfer Mode: FTP or SFTP mode. SFTP is recommended because it is more
secure than FTP.
NOTE
– Backup Path: Path for storing the backup file of the remote server.
NOTE
n Backup Path on the Remote Server can not be null, and in Solaris or SUSE Linux, the
backup directory cannot be /. In Windows, the backup directory cannot be the root
directory for the SFTP or FTP service. The backup directory contains letters, digits,
underscores (_), or hyphens (-) and excludes space brackets, Chinese characters and so
on. The path name cannot exceed 60 characters.
n The backup path on the remote Windows server must be the same as that FTP/SFTP
service on the server provide, otherwise, backup fails.
n In case the ftpuser user is used for remote Solaris and SUSE Linux server backup, log in
to the remote server as the root user using the PuTTY to create the backup directory in
the ftpuser user's root directory (/opt/backup/ftpboot) on the remote server, and modify
the created directory rights (the created backup directory tmp is used as an example in
the following command):
n In case the ossuser user is used for remote Solaris and SUSE Linux server backup, enter
the Backup Path on the Remote Server.
○ If the entered Backup Path on the Remote Server is exist, make sure the
permission is ossuser:ossgroup and more than 700 or the task periodically
backing up the U2000 database to a remote server would failed.
○ If the entered Backup Path on the Remote Server is a relative path but not exist
in the ossuser user's root directory, the system displays a message asking you
whether to create the directory. Click Yes, the system will create the directory.
○ If the entered Backup Path on the Remote Server is an absolute path but failed
created. Log in to the remote server as root user using the PuTTY to create the
backup directory, and modify the created directory rights.


NOTE
l If the U2000 is running, the follow box is displayed, please click the Yes and ensure that the NMS is
not performing configuration operations.
l On Windows, if the default temporary directory does not exist or the disk space is insufficient, a
message is displayed asking you to select a temporary directory. Click Browse to select a disk with
enough space. Select only the drive letter, for example, F:\.
l If the entered Backup Path value does not exist, the system displays a message asking you whether
to create the directory. Click Yes.
Step 7 After the backup is complete, click Finish.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system,, back up the

NOTICE
On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su - ossuser
command to switch to the ossuser user to run the following command.):
StoreMode remote -TransMode ftp or sftp -Server IP address of the remote server -
FTPUserName FTP or SFTP user name -FilePath Backup path
Enter the FTP or SFTP user password[]:
NOTE
l If the transfer mode is ftp, the CLI displays a message indicating that using FTP has potential
security risks. To use FTP, enter y; otherwise, enter n.
l MSuite password: The default user name of the MSuite is admin and the default password is
been changed, for system security, modify the default password and remember the new password.
For details, see C.3.1 Changing the Password of the MSuite.
l IP address of the remote server: IP address of the remote server whether the backup file is stored.
l FTP or SFTP user name: Name of the FTP user or SFTP user.
l Password: Password of the FTP user or SFTP user.
l Backup path: Path for storing the backup file. Ensure that the FTP user or SFTP user have write
permissions for this path.
6.1.4.3 Restoring Data of a U2000 Single-Server System (Windows)

If the U2000 database is faulty, you can restore data on the current U2000 by using the
backup U2000 data.
6.1.4.3.1 Restoring U2000 Single-Server System (Windows) Data from a Local Server
If the backup U2000 data is stored on a local server, you can restore U2000 data from the
local server.
Prerequisites
l U2000 processes must have been stopped. If U2000 processes are not stopped, see A.
11.8 How to End the Processes of the U2000 Single-Server System on Windows.
l The database must be running. If the database is not running, see A.8.4 How to Start the
SQL Server Database.
l If the database of U2000 A needs to restored on U2000 B, ensure that:
– The database file installation paths on U2000 A and U2000 B are the same.

NOTE
For example, if the database file path on U2000 A is D:\data when U2000 A is installed and the
database file path on U2000 B is C:\data when U2000 B is installed, the database file installation
paths on U2000 A and U2000 B are different and the database on U2000 A cannot be restored on
U2000 B. If you create C:\data on U2000 A, copy files in D:\data to C:\data, and use C:\data
on U2000 A to restore the database on U2000 B, the restoration will also fail.
– The OS type and version of U2000 B must be the same as those on U2000 A.
l The initial installed domains on the server to be restored must be the same as those on
the backup server.
If the number of initial installed domains on the backup server is larger than that on the
server to be restored:
– A component inconsistency message will be displayed when you attempt to restore
backup data on the server to be restored. If you ignore this message and continue
restoration, some processes may fail to be started.
– If the number of domains deployed on the backup server is reduced to be that on the
server to be restored and the type of the remain domains are the same, a component
inconsistency message will be displayed when you attempt to restore backup data
on the server to be restored. In this case, ignore this message and continue
restoration. The restoration will succeed.
Context
During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program, the
connection is automatically torn down to ensure successful restoration of the U2000 data.
NOTICE
Restoring U2000 data may override the current U2000 data and cause data inconsistency,
affecting the U2000 running.
Procedure
Step 2 On the MSuite client, choose Backup and Restore > Restore System Data from the main
menu.
Step 3 Select Local server, and then select the data to be used for restoration in the drop-down list.
Step 4 Click Next. A warning message similar to the following will be displayed
The U2000 data you want to restore was backed up at 2017/10/14 19:47. If you continue with
the restoration, U2000 data generated from 2017/10/14 19:47 till now will be lost, which may
cause inconsistent data between NEs and the U2000. Are you sure you want to continue?
Step 5 Click Yes. The system starts the restoration pre-checking.
Step 6 Click Next. The system starts the restoration preprocessing and data restoration, and displays
the restoration progress in a progress bar. Wait patiently.
Step 7 After U2000 data is restored, click Finish.

Step 8 Optional: If the IP address of the server where source data resides is different from that of the
server where data is to be restored, network configurations must be synchronized after data
synchronization is completed. For details, see C.5.3 Synchronizing Network
Configurations.
----End
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.11.7 How to Start the
Processes of the U2000 Single-Server System on Windows.
NOTE
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000, you must
reconfigure the IP address used by the NBI to interconnect with the upper-layer OSS after successfully
restoring the database. For details, see the related NBI user manual.
l After the preceding operations are complete, login passwords for the U2000 client and NE Software
Management are restored to be consistent with the U2000 data.
6.1.4.3.2 Restoring U2000 Single-Server System (Windows) Data from a Remote Server
If the backup U2000 data is stored on a remote server, you can restore U2000 data from the
remote server.
Prerequisites
NOTE
NOTE
the backup server.


Context
NOTICE
Procedure
menu.
Step 3 Select Remote server and set the associated parameters. Then, click Next.
l Server IP Address: indicates the IP address of the server where the restoration data is
stored.
l Transfer Mode: The available options are FTP and SFTP. SFTP is recommended
because it is more secure than FTP.
NOTE
When you select FTP from the drop-down list, the Warning dialog box is displayed indicating that
using FTP has hidden security risks. To use FTP, click Yes; otherwise, click No.
l User Name: indicates the name of the FTP user or SFTP user.
l Password: indicates the password of the FTP user or SFTP user. The password length
cannot exceed 60 characters, and the password contains a combination of letters, digits,
or the following special characters: ~!@#$^&()-_=+[]{};:,.<>?
l Restore Path: indicates the path for storing the data used for restoration. During backup,
the backed up data is generated in a folder named by time. You can enter the path of this
folder to restore the backed up data.

Configurations.
----End
Follow-up Procedure
After restoring U2000 data, start the NMS processes, for details, see A.11.7 How to Start the
NOTE
6.1.4.4 Restoring U2000 Single-Server System (Solaris) Data

backup U2000 data.
6.1.4.4.1 Restoring U2000 Single-Server System (Solaris) Data from a Local Server
local server.
Prerequisites
l The name, version, type, OS name, and OS type of the database to be restored must be
the same as those of the backup database.
the backup server.
l U2000 processes must have been stopped, see A.11.9 How to Verify That the Processes
of the U2000 Single-Server System Are Running on Solaris. If U2000 processes are

not stopped, see A.11.11 How to End the Processes of the U2000 Single-Server
System on (Solaris).
l The database must be running, see A.9.1.3 How to Verify That the Sybase Database Is
Running. If the database is not running, see A.9.1.2 How to Start the Sybase Database
Service.
l Ensure that the owner for the path in which restoration data is stored is ossuser and the
user group for the path is ossgroup and the path has the read, write, and execution
permissions. You do not need to change the permission for the /opt directory.
value /opt/backup/dbbackup, Backup Path is set to backup, and backup exists, run
the following commands as user root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup/backup # chmod -R 750 /opt/
backup/dbbackup/backup
Context
NOTICE
Procedure
menu.
Step 8 Optional: If sybase 12.5 is used, please do as follows to restart it.

1. Shut down the database service.
2. Start the database service.

Configurations.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, restore the
NOTICE
The MSuite adopts single-user mode, so you must exit all MSuite client GUIs before
On a Solaris or SUSE Linux OS, run the following commands as user ossuser:
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -RestoreDB -
StoreMode local
NOTE
l The default path of the storage is /opt/backup/dbbackup.

l The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for
system security, modify the default password and remember the new password. For details, see C.
3.1 Changing the Password of the MSuite.
Please select backup file to be restored[0:201511131129, 1:201511131552,
3:Cancel, 0]:
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.11.10 How to Start
the Processes of the U2000 Single-Server System on Solaris.
NOTE
6.1.4.4.2 Restoring U2000 Single-Server System (Solaris) Data from a Remote Server
remote server.

Prerequisites
the backup server.
Service.
NOTE
Context
l The temporary directory tmp is created in the /opt path during the database restoration. If
the tmp directory exists in the /opt path, you need to ensure that the owner of the
directory is ossuser, and the user group of the directory is ossgroup. The directory must
have read, write, and execute permissions. Run the following commands to change the
owner, group, and permissions of the /opt/tmp.
# chown -R ossuser:ossgroup /opt/tmp
l Ensure that the owner for the path in which restoration data is stored has the read, write,
and execution permissions. Run the following commands to change the permissions:
# chmod -R 775 path
l During restoration of the U2000 data, whether the database is connected to a third-party
program is automatically checked. If the database is connected to a third-party program,
the connection is automatically torn down to ensure successful restoration of the U2000
data.

NOTICE
l During restoration, the ftpuser user can obtain backup files only from the /opt/backup/
ftpboot path on the remote server, and the ossuser user can obtain backup files only
from the /export/home/ossuser path on the remote server. Therefore, ensure that each
path has backup files before restoration.
Procedure
Step 1 Optional: Perform the following operations to check that the mapping path has backup files:
l Access the /opt/backup/ftpboot path to check that the backup files exist for the ftpuser
user.
l Access the /export/home/ossuser path to check that the backup files exist for the
ossuser user.
menu.
stored.
NOTE


Configurations.
----End

NOTICE

FTPUserName FTP or SFTP user name -FilePath Path where the file to be restored
resides/201201211230
NOTE
l IP address of the remote server: The IP address of the server where the restoration data is stored.
Follow-up Procedure
After restoring U2000 data, start the NMS processes, for details, see A.11.10 How to Start
NOTE

6.1.4.5 Restoring U2000 Single-Server System (SUSE Linux) Data

backup U2000 data.
6.1.4.5.1 Restoring U2000 Single-Server System (SUSE Linux) Data from a Local Server
local server.
Prerequisites
the backup server.
l U2000 processes must have been stopped, see A.11.12 How to Verify That the
Processes of the U2000 Single-Server System Are Running on SUSE Linux. If
U2000 processes are not stopped, see A.11.14 How to End the Processes of the U2000
Single-Server System on (SUSE Linux).
Service.
Context

NOTICE
Procedure
menu.
Configurations.
----End

NOTICE
StoreMode local

NOTE

3:Cancel, 0]:
Follow-up Procedure
the Processes of the U2000 Single-Server System on SUSE Linux.
NOTE
6.1.4.5.2 Restoring U2000 Single-Server System (SUSE Linux) Data from a Remote
Server
remote server.
Prerequisites
the backup server.
Service.

NOTE
Context
owner, group and permissions of the /opt/tmp.
# chmod -R 775 path
data.
NOTICE
Procedure
user.
ossuser user.
menu.
stored.

NOTE
Configurations.
----End

NOTICE
resides/201201211230

NOTE
Follow-up Procedure
NOTE
6.1.4.6 Restoring U2000 High Availability System (Solaris) Data

backup U2000 data.
6.1.4.6.1 Restoring U2000 High Availability System (Solaris) Data from a Local Server
local server.
Prerequisites
the backup server.
11.17 How to End the U2000 Processes of the High Availability System (Solaris, PC
Linux).

Context
NOTICE
Procedure
Step 1 Separate the primary site and secondary site. For details, see C.6.2 Separating the Primary
Site from the Secondary Site.
Step 2 Start the database on the primary site, see A.9.1.2 How to Start the Sybase Database
Service.
Step 3 Log in to the MSuite client of the primary site. For details, see C.2.2 Logging In to the
MSuite Client.
menu.


Step 11 After U2000 data is restored on the primary site, start the database on the secondary site, see
A.9.1.2 How to Start the Sybase Database Service.
Step 12 Log in to the MSuite client of the secondary site to restore U2000 data on the secondary site.
For details, see step 4 to 9.
NOTE
If the data for restoration is on the primary site, select Remote server for data on the secondary site. If
the data for restoration is on the secondary site, select Local server to restore the data on the secondary
site.
Step 13 On the primary and secondary site, synchronize network configurations. For details, see C.5.3
Synchronizing Network Configurations.
Step 14 Connect the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites.
Step 15 To view data synchronization status, run the following command on the active site:
# vradmin -g datadg repstatus datarvg
If the displayed information contains "needs dcm resynchronization", it indicates that the
status is abnormal. Then, run the following command to synchronize data:
# vradmin -g datadg resync datarvg
----End

NOTICE
StoreMode local
NOTE

3:Cancel, 0]:

Follow-up Procedure
the U2000 Processes of the High Availability System (Solaris, PC Linux).
NOTE
6.1.4.6.2 Restoring U2000 High Availability System (Solaris) Data from a Remote Server
remote server.
Prerequisites
the backup server.
Linux).
NOTE
Context

# chmod -R 775 path
data.
NOTICE
Procedure
Service.
user.
ossuser user.
MSuite Client.
stored.
NOTE

NOTE
site.
----End

NOTICE


resides/201201211230
NOTE
Follow-up Procedure
NOTE
6.1.4.7 Restoring U2000 High Availability System (SUSE Linux) Data

backup U2000 data.
6.1.4.7.1 Restoring U2000 High Availability System (SUSE Linux) Data from a Local
Server
local server.
Prerequisites
the backup server.

Linux).
Context
NOTICE
Procedure
Service.
MSuite Client.
menu.


NOTE
site.
----End

NOTICE
StoreMode local

NOTE

3:Cancel, 0]:
Follow-up Procedure
NOTE
6.1.4.7.2 Restoring U2000 High Availability System (SUSE Linux) Data from a Remote
Server
remote server.
Prerequisites
the backup server.
Linux).

NOTE
Context
# chmod -R 775 path
data.
NOTICE
Procedure
Service.
user.
ossuser user.
MSuite Client.

stored.
NOTE
NOTE
site.
----End


NOTICE

resides/201201211230
NOTE
Follow-up Procedure
NOTE
6.1.5 U2000 Data is Restored by Mirroring the Database
6.1.5.1 Restoring the U2000 Single-Server System (Solaris) Data by Switching the
Data Source
After the U2000 is installed, it automatically backs up the database at a scheduled time. When
the original U2000 database is damaged, or exceptions occur on the data in the database, you
can quickly switch the data source to the database that is backed up previously, ensuring that
the U2000 can be started properly.

Prerequisites
When the U2000 malfunctions, you can switch the data source if the following conditions are
met:
l The server can be started properly.
l You can log in to the server as the root and ossuser users.
Context
l The scheme that U2000 installed on the VM(s) does not support backing up and
restoring all data in the U2000 database by mirroring the database.
l Remaining space in the /opt/backup directory must be at least twice the database size
plus 10 GB. You can run the df -hk /opt/backup command to check the remaining space
of the /opt/backup partition.
l The U2000 will automatically create the /opt/backup/forDBSVRBCK/sybasebackup
directory during its installation. Do not delete or modify the directory and files in it.
l After the U2000 is installed, it automatically mirrors the database at 01:00 every
Wednesday by default to back up data. You can see A.11.55 How Do I Modify the
Database Scheduled Backup Time to customize the scheduled backup time. Ensure
that U2000 data is not backed up using the U2000 client or MSuite during the
period when U2000 data is backed up by mirroring the database.
l The entire mirroring process lasts for 30 to 60 minutes. In this period, do not perform
operations that involve a large amount of data if possible, for example, U2000 cutover,
data dump, and performance collection.

NOTE
mirroring fails.
Procedure
Step 1 Log in to the OS of the server as the root user.
Step 2 Ensure that the U2000 and database have been shut down. For details, see 3.3.1 Stopping the
U2000 Server Processes and 3.3.2 Shutting Down the Database.
Step 3 Run the following commands as the root user to switch the data source:
# ./ChangeMode.sh

last backup dbsvr status is ok
make sure keep database status shutdown
now start is normal mode>>>>>
please choose start mode(1:normal mode,2:monitor mode,3:exit):

NOTE
l 1:normal mode: indicates that the data source is the primary U2000 database.
l 2:monitor mode: indicates that the data source is the U2000 backup database.
l When there is no U2000 backup database, the information last backup dbsvr status is
error, can not change to monitor mode is displayed. Make sure the database has
been backed up before execute this step.
Step 4 Enter 2 and press Enter to switch the data source to the backup database.
change to monitor success>>>>>>>>
finish change mode
NOTE
When "finish change mode" is displayed, the data source is successfully switched.
Step 5 Start the database and U2000 by following 2.2.2 Starting the Database and 2.2.3 Starting
the U2000 Server Processes.
----End
Follow-up Procedure
If you need to switch back to the primary database after the system recovers, repeat the steps
in this topic and enter 1 (normal mode) in step 4.
6.1.5.2 Restoring the U2000 Single-Server System (SUSE Linux) Data by

Switching the Data Source
Prerequisites
met:
Context


NOTE
mirroring fails.
Procedure
Step 1 Log in to the OS of the server as the root user.
# ./ChangeMode.sh

NOTE

finish change mode
NOTE
Step 5 Start the database and U2000 by following 2.3.2 Starting the Database and 2.3.3 Starting
the U2000 Server Processes.
----End

Follow-up Procedure
If you need to switch back to the primary database after the system recovers, repeat the steps
in this topic and enter 1 (normal mode) in step 4.
6.1.5.3 Restoring the U2000 High Availability System (Solaris) Data by Switching
the Data Source
Prerequisites
met:

Context

NOTE
mirroring fails.

Procedure
Step 2 Freeze the HA resource group by following 11.5.3 Locking a Resource Group.
# ./ChangeMode.sh

NOTE
finish change mode
NOTE
NOTE
After the data source is switched, the HA resource group cannot monitor the backup database and the HA
system still regards the primary database as stopped. Therefore, when you query the status of the database and
NMSServer from the CLI, they are still faulty. In addition, related Veritas commands are unavailable.
Step 5 Start the database and U2000 processes in single-server mode. Start the database and U2000
by following 2.2.2 Starting the Database and 2.2.3 Starting the U2000 Server Processes.
----End
Follow-up Procedure
If you need to switch back to the primary database after the system recovers, follow the steps
bellow to operati
1. Ensure that the U2000 and database have been shut down. For details, see 3.5.1
Stopping the U2000 Server Processes and 3.5.2 Shutting Down the Database.
2. Run the following commands as the root user to switch the data source:
# ./ChangeMode.sh

now start is monitor mode>>>>>

3. Enter 1 and press Enter to switch the data source to the primary U2000 database.
change to normal success>>>>>>>>
finish change mode
4. Unfreeze the resource group. For details, see 11.5.4 Unlocking a Resource Group.
5. Start the database and U2000 by following 2.2.2 Starting the Database and 2.2.3
Starting the U2000 Server Processes.
6.1.5.4 Restoring the U2000 High Availability System (SUSE Linux) Data by
Switching the Data Source
Prerequisites
met:

Context


NOTE
mirroring fails.
Procedure
Step 1 Ensure that the U2000 and database at the primary site have been shut down. For details, see
3.6.1 Stopping the U2000 Server Processes and 3.5.2 Shutting Down the Database.
Step 2 Freeze the HA resource group by following 11.5.3 Locking a Resource Group.
# ./ChangeMode.sh

NOTE

finish change mode
NOTE
NOTE
After the data source is switched, the HA resource group cannot monitor the backup database and the HA
system still regards the primary database as stopped. Therefore, when you query the status of the database and
NMSServer from the CLI, they are still faulty. In addition, related Veritas commands are unavailable.
Step 5 Start the database and U2000 processes in single-server mode. Start the database and U2000
by following 2.3.2 Starting the Database and 2.3.3 Starting the U2000 Server Processes.
----End
Follow-up Procedure
If you need to switch back to the primary database after the system recovers, follow the steps
bellow to operati
1. Ensure that the U2000 and database have been shut down. For details, see 3.6.1
Stopping the U2000 Server Processes and 3.5.2 Shutting Down the Database.

2. Run the following commands as the root user to switch the data source:
# ./ChangeMode.sh

now start is monitor mode>>>>>
3. Enter 1 and press Enter to switch the data source to the primary U2000 database.
change to normal success>>>>>>>>
finish change mode
4. Unfreeze the resource group. For details, see 11.5.4 Unlocking a Resource Group.
5. Start the database and U2000 by following 2.3.2 Starting the Database and 2.3.3
Starting the U2000 Server Processes.
6.1.6 Backing Up and Restoring the U2000 Network Configuration

Data by Using Script Files
This topic describes how to back up and restore the U2000 network configuration data by
using script files.
Application Scenario
l The script files are used to back up U2000 network configuration data during the NMS
upgrade. If the data migration scenario is complicated, contact Huawei technical support
personnel.
NOTE
Data migration refers to the migration of data from one server to another, for example from a
Windows server to a Solaris server.
l The core configuration data of the NMS supports the following upgrade mode: export
user data from the original NMS into script files unrelated to the OS and database;
uninstall the original NMS and install the new NMS; import the script files into the new
NMS; user data that is not exported can be restored by synchronizing NEs or searching
for trails.
NOTE
You are obligated to take considerable measures, in compliance with the laws of the countries
concerned and the user privacy policies of your company, to ensure that the personal data of users
is fully protected.
l Of course, not all U2000 data can be backed up or restored by using scripts. Instead,
backing up and restoring all data in the U2000 database is recommended.
NOTE
Users can modify the exported script files as needed and then import it into the U2000.

Types of Backing Up and Restoring the Configuration Data by Using Script Files
Type Description Application Scope
Backup and restoration A type of network Transport domain only

using single-type scripts configuration data can be (excluding the PTN 6900
backed up or restored by series NEs)
importing or exporting
single-type script files.
For details about script
types, see Table 6-2.
Backup and restoration Network-wide configuration Transport and IP domains

using script sets data can be backed up or
restored by importing or
exporting a set of script of
one or multiple types.
Script scenarios include
Upgrade All and Upgrade
NE.
l Upgrade All script
scenario consists of NE
Configuration File, NE
Port Naming File, NM
Computer Information
File, Network Layer
Information File, and
NE List File.
l Upgrade NE script
scenario consists of NE
Configuration File, NE
Port Naming File, NE
List File.
Upgrade Procedure with Backup and Restoration Using Script Sets

l Export
Select Upgrade All to export network-wide data.
NOTE
You can choose a domain in the object tree.

l Import
a. Select Upgrade NE to import NE data. NEs are created on the U2000.
b. Manually synchronize or upload NE data to the U2000 based on the NE type.
c. Select Upgrade All to import network scripts.
Precautions
You cannot back up the U2000 topology structure by backing up scripts. You need to adjust
the topology structure manually after scripts are imported during data restoration.

Using scripts to back up and restore data makes the following impacts:
l NBIs are affected:
The upper-layer OSS must use physical IDs or logical IDs of NEs as indexes to
interconnect with the U2000. During U2000 upgrade, physical IDs of NEs are constant
and logical IDs are assigned by the U2000 again. Physical IDs are recommended if the
U2000 is interconnected to an upper-layer OSS. If the upper-layer OSS uses logical IDs
as indexes, NEs must be uploaded after data restoration. Fibers/cables, subnets, and
optical NEs have only logical IDs. If the upper-layer OSS uses data about the fibers/
cables, subnets, or optical NEs, the fibers/cables, subnets, or optical NEs must be
uploaded again.
l Only basic information is stored in scripts, whereas other information must be obtained
by uploading NEs. Therefore, you must manually restore customized information that is
stored on neither NEs nor scripts; otherwise, the information will be lost. Information
that requires manual restoration includes but is not limited to:
– Customized information (background and sound configurations) on clients
– Alarm performance template configurations
– Security information, such as NMS user name and password
– Path naming rule
– Access control list (ACL)
l The following information cannot be restored manually or using scripts. It is
recommended that you dump the information before restoration by using the dumping
function of the U2000.
– Historical alarm
– Historical performance
– U2000 security log
– U2000 operation log
– U2000 system log
– Abnormal event
6.1.6.1 Script Files

Script files that contain the basic data are required for importing and exporting scripts. When
you upgrade the U2000, you can upgrade the configuration data with zero data loss by
importing and exporting the scripts.
Main Usage
The main usage of the script files is as follows:
l Realizing the upgrade of the configuration data with zero loss during the U2000 upgrade.
This is an important method for the U2000 upgrade. This is the main usage of the script
files.
l After the network data is modified, restoring the customized information of the U2000,
such as the trail name, fiber name, port name, and the customer information. Therefore,
you are obligated to take considerable measures, in compliance with the laws of the

l By modifying the script files, realizing the division and combination of the U2000 data
and realizing the import of the desired data only, such as the NE list (with no
configuration data), fiber connection, protection subnet, or trail.
l Supporting the simplified implementation of the project design.
Script File Type

The U2000 provides script files in .txt and .xml formats.
U2000 also provides two script scenarios: Upgrade All and Upgrade NE. The network-wide
configuration data can be efficiently restored or backed up in the script scenarios by importing
or exporting a set of script of one or multiple types.
l Upgrade All script scenario consists of NE Configuration File, NE Port Naming File,
NM Computer Information File, Network Layer Information File, and NE List File.
l Upgrade NE script scenario consists of NE Configuration File, NE Port Naming File,
NE List File.
Table 6-2 lists the types of the script files in the .txt format that the U2000 provides and the
contents of the data.

Table 6-2 Script files provided by the U2000

Script File Na Contained Data Whether the Import or
Type min Export Feature Is
g Supported
Rul
e
Network- Non This file is a script set, including all This file can be imported and
wide e the information in NE exported.
Configurati Configuration File, NE Port
on File Naming File, NE List File and
Network Layer Information File
in case of importing/exporting.
Before exporting, the network-wide
data should be configured,
including:
l Fiber connection: Includes the
source/sink port, name and
additional information of the
fiber.
l Protection subnet: Includes
basic attributes of the protection
subnet, the NE and link
information.
l Trail: Includes the basic
attributes of the trail, additional
information, the source/sink
port and the physical route, and
supports exporting of VC12,
VC3, VC4 and VC4 service
circuit.
l Wavelength: Includes the basic
attributes of the wavelength,
additional information, the
source/sink port, and the
physical route.


g Supported
Rul
e
NE Port NEP This file contains the naming This file can be imported and
Naming ort_ information about every port on the exported.
File exte NE.
nsio
n
ID-
basi
c
ID_
NE
nam
e_(c
odin
g
for
mat)
.txt,
such
as
NEP
ort_
9-1_
NE1
_(U
TF-
8).tx
t


g Supported
Rul
e
NE NE This file contains the configuration This file can be imported and
Configurati Data information that is similar to the exported.
on File _ext command lines. This configuration
ensi script is as follows:
on l NE attributes: including
ID- attributes, NE user and
basi password, NE communication
c settings, its subnet, coordinate
ID_ in view and DCN attributes.
NE
nam l Installation slots: including slot
e_(c position and board type.
odin l Protection relationship:
g including protection groups and
for their protection relationship.
mat)
l Service configuration: including
.txt,
SDH traffic (including binding
for
traffic), SNC traffic and WDM
exa
traffic.
mpl
e, l Clock configuration: including
neda clock priority table, invalid
ta_9 condition of clock source, 2M
-1_ phase-locked clock source,
NE1 clock subnet, restoration
_(U conditions of clock source, SSM
TF- output conditions, clock source
8).tx level and VLAN configuration
t of 1588 clock.
l Overhead configuration:
including public overhead,
advanced overhead, auxiliary
overhead, conference call, F1
data port pass-through,
broadcast data port,
communication port, data port,
ring-out route and number of
subnet connected to optical port.
l Environment controlling:
including PMU settings, EMU
settings, and CAU settings.
l Board configuration: including
SDH interface, PDH interface,
WDM interface, ATM interface,
optical amplification board
interface, 64K interface


g Supported
Rul
e
management, and PCM board

management.
l Traffic configuration: including
TDA traffic, TDA feed
selection and TDA clock source
settings.
l Equipment protection: including
1+1 protection, 1:N equipment
protection, OLP channel
protection, WDM channel
protection, wavelength
protection group and 1:N
channel protection.
l Equipment maintenance:
including fan settings and board
temperature threshold.
l Board information: including
slot number, type, BIOS
version, board software version,
FPGA version, Flash version.
Board information only
supports exporting.
The U2000 supports importing of
data about one or more configured
NEs. All exported data is from the
U2000 database.
NOTE
l The script file does not contain the
ethernet services and LAG services
configuration information.
l 64K interface management and
PCM board management only
support script export.


g Supported
Rul
e
NE List NW This file contains information This file can be imported and
File NeL about NEs, U2000, and their exported.
ist_ physical location. When the NE list
U20 file is imported or exported, the NE
00 port naming file and the NE
nam configuration file are imported or
e_(c exported in sequence according to
odin the NE list file.
g
for
mat)
.txt
NM NM This file contains the configuration This file can be imported and
Computer Info information about the U2000 exported.
Information _U2 server. The configuration
File 000 information is as follows:
nam l Hardware information such as
e_(c the operating system name and
odin its version, operating system
g patch version, physical memory,
for CPU count and frequency
mat)
.txt l Network information such as
the host name and IP address
l Database information such as
the database name and its
version
Service NW This file provides service This file can be imported and
Actualizati Svc actualization data scripts for the exported.
on Script Data transport service actualization
_U2 system. The service actualization
000 data scripts are as follows:
nam l NE attributes
e_(c
odin l Board installation
g l Board protection
for l Protection relationship
mat)
.txt l Service configuration
l Protection subnets
l Trail configuration


g Supported
Rul
e
Network NW This file contains information on This file can be imported and
Layer Cfg the network layer configuration, exported.
Information _U2 including the following:
File 000 l Fiber cable connections
nam
e_(c l Protection subnets
odin l Trail configuration
g l Service template
for
mat) l Link information
.txt NOTE
Link information can be imported or
exported only in the Upgrade All
script scenario.


g Supported
Rul
e
MDS6600 Non It is an interactive file for MDS, This file can be imported and
Script e where the ASON information is exported.
(Network added on the basis of the exporting NOTE
Modeling Networkwide Configuration File l Inventory information of
and Design of the subnet or NE, including the WDM optical modules cannot
Information following: be obtained during NE
File) l Networkwide Configuration uploads. Therefore, users
need to query the inventory
Information information of network-wide
l ASON Node Route Calculation WDM optical modules on the
Policy SFP Information Report tab
of the Physical Inventory
l ASON Node Resource window (Choose Inventory >
Reservation Physical Inventory from the
main menu (traditional style);
l ASON Service Group alternatively, double-click
Information Fix-Network NE
l ASON Route Calculation Policy Configuration in
Application Center
l WDM ASON Optical and (application style). Choose
Electrical Layers Resource Optical/Electrical Module
Reservation Information from the Physical Inventory
Type navigation tree.) before
l WDM ASON Trail Association exporting a script. Otherwise,
Shared Policy and Permanent the exported script will not
Exclusion Information contain inventory information
of WDM optical modules.
l Inventory information,
including slots, ports, and BOM l Inventory information of
WDM optical modules cannot
codes, of WDM optical modules
be imported.
l Before exporting MDS6600
Script (Network Modeling
and Design Information
File), you must synchronize
data about TE Link
Management, ASON Trail
Management, and Search
for WDM Trail to the
U2000.


g Supported
Rul
e
CEAS NE This file provides scripts for the This file can be exported but
Data operation that is performed on cannot be imported.
_ext multiple NEs in batches.
ensi
on
ID-
basi
c
ID_
NE
nam
e_(c
odin
g
for
mat)
.txt,
for
exa
mpl
e,
neda
ta_9
-1_
NE1
_(U
TF-
8).tx
t


g Supported
Rul
e
Network Non The network basic configuration This file can be imported and
Basic e information file is the whole set of exported.
Configurati the following script files. When the
on network basic configuration
Information information file is exported, the
File network layer information file does
not contain network-layer path
information, NE port naming file,
NE configuration file, NE list file,
and NM computer information file
are exported. When the network
basic configuration information file
is imported, the NE configuration
file and the NE port naming file are
imported in sequence according to
the NEs contained in the NE list
file. The network layer information
file is also imported.
NM CEAS Non When the NM CEAS information This file can be exported but
Information e file is exported, the NE cannot be imported.
File configuration file, and NM
computer information file are
exported.


g Supported
Rul
e
User- NW This script mainly provides This file can be imported and
defined Tem information about the user-defined exported.
template plat template on the NMS, including the
e_te following:
mpl l Performance event monitoring
ate status template
type
_te l NE performance threshold
mpl template
ate l NE alarm/event configuration
nam template
e_U l MSTP QoS template
200
0
nam
e_(c
odin
g
for
mat)
.txt,
for
exa
mpl
e,
NW
Tem
plat
e_sd
hmo
n_te
st_L
ocal
NM
_(U
TF-
8).tx
t
In addition, the U2000 provides the script files in the .xml format for the network planning
and design, containing the Network-wide Configuration File, NE Configuration File,
Network Layer Information File, and ASON Information File. The ASON Information
File can be imported and exported, but other types of script files in the .xml format can be
exported only.

NOTE
l The default coding format in a script file is UTF-8. If illegible characters are displayed, to change
the coding format of the script file, in the Windows OS, you can modify the encoding
configuration item in the %IMAP_ROOT%\cbb\trans\core\conf\xml\script\script_enum.xml
configuration file; In the Solaris or SUSE Linux OS, you can modify the encoding configuration
item in the $IMAP_ROOT/cbb/trans/core/conf/xml/script/script_enum.xml configuration file.
l By default, the name of a script file contains the NE name. To exclude the NE name from a script
file name, in the Windows OS, you can modify the scriptname configuration item in the
%IMAP_ROOT%\cbb\trans\core\conf\xml\script\script_enum.xml configuration file. In the
Solaris or SUSE Linux OS, you can modify the scriptname configuration item in the
Compatibility
l The scripts exported from the U2000 of an earlier version can be imported to the U2000
of a later version. But an error may occur if the scripts exported from the U2000 of a
later version are imported to the U2000 of an earlier version. The U2000 of an earlier
version do not support the features and functions that are added and the parameters that
are modified in the U2000 of a later version. After the scripts are imported, an error
message is displayed. But this does not affect the import of other information.
l The scripts generated on Windows and on UNIX are compatible.
l T2000 scripts can be imported to the U2000. U2000 scripts cannot be imported to the
T2000.
NOTE
After importing T2000 scripts to the U2000, network-layer trails on the U2000 are different from
those on the T2000 due to software differences. In this case, delete all network-layer trails from
the U2000 and search for trails.
Application
During the network adjustment, such as adding or deleting a node in the network, if the fiber
connection is deleted, the protection subnet and trail carried on the fiber are deleted from the
network layer of the U2000. After the network adjustment, if the source and sink ports of the
trail are not changed, you can find the trail again by performing the trail search. But the
original customized information of the trail, such as the trail name, customized information of
the trail, and remarks, cannot be restored through the search.
To restore the customized information of the trail, you need:

1. Before the network adjustment, export the Network Layer Information File to back up
the customized information.
2. After the network adjustment, import the Network Layer Information File to restore
the customized information.
NOTE
l The Network Layer Information File script can be used to restore the customized information only
when the source and sink ports of the trail are not changed after the network adjustment. Otherwise,
you need restore the customized information manually.
l When the network layer information file is imported after the network adjustment, errors may be
displayed for part of the data, because certain objects, such as NEs, boards, and ports, are changed.
This does not affect the restoration of the customized information.

6.1.6.2 Immediately Backing Up the U2000 Data by Script

Before upgrading the U2000, you must export the data from the database to script files and
save these files to import the data back to the U2000 after the upgrade.
Prerequisites
l Before you export the script files, you must check the consistency of the configuration
data to ensure that the configuration data in the U2000 is consistent with that in the NE.
Context
NOTICE
If the keys have been replaced on the U2000 before data is backed up, the exported script files
may contain key information.
protected.
Procedure
Step 2 Choose Administration > Back Up/Restore NMS Data > Import/Export Script File from
the main menu (traditional style); alternatively, double-click System Management in
Application Center and choose System > Back Up/Restore NMS Data > Import/Export
Script File from the main menu (application style).
Step 3 Click the Export option button.
Step 4 Click the TXT or XML option button.
Step 5 Select a script file type from the Script File Type field. For details, see 6.1.6.1 Script Files.
NOTE
l To export the network-wide script file, select Networkwide Configuration File. Export the
following files to a specified directory: NWCfg_NMS Name.txt, NWNeList_NMS Name.txt,
NEPort_Port ID-Basic ID_NE Name.txt, and NEData_Extended ID-Basic ID_NE Name.txt.
l The following script types are available for the export: Networkwide Configuration File, NE Port
Naming File, NE Configuration File, NE List File, NM Computer Information File, Service
Actualization Script, Network Layer Information File, Network Modeling and Design
Information File, CEAS, Network Basic Configuration Information File, NM CEAS
Information File, User-defined template and Upgrade All.
l If you want to export script files of access domain or IP domain NEs, only Upgrade All can be
selected.
Step 6 Select the NE for which you want to export script files from the Export NE List.

NOTE
Specify the NE only when you export the Networkwide Configuration File, NE Port Naming File,
NE Configuration File, NE List File, Network Modeling and Design Information File, CEAS,
Network Basic Configuration Information File, NM CEAS Information File and Upgrade All.
Step 7 Click Create File Directory to create a directory where the exported script files are to be
saved.
NOTE
The script file is saved on the U2000 server. On Windows, the backup directory is %IMAP_ROOT%
\script. On Solaris and SUSE Linux, the backup directory is $IMAP_ROOT/script. You can create a
new directory under it.
Step 8 Enter the directory name and click OK.
Step 9 Select the created directory and click Apply.
Step 10 Click OK when the Confirm dialog box is displayed indicating that data has been
synchronized from NEs to the U2000.

A progress bar appears showing the status of the export.
Step 12 In the Result dialog box, click Close.
----End
Follow-up Procedure
l If you cannot export the script file by referring to U2000 and the Unknown Device-
ASON Configuration message is displayed, check whether the ASON instance is
deployed by using the U2000 NMSuite. If the ASON instance is deployed but is not
supported by the license, delete the instance. Then, you can successfully export the script
file by referring to U2000.
l If you need to transfer a script to another server, compress the script file into a .zip
package first to prevent the file transfer tool (such as FileZilla) from changing the file
format.
6.1.6.3 Backing Up the U2000 Data Through Script Exporting in a Scheduled

Manner
In routine maintenance, you can use the scheduled task function to export network
configuration data as script files in a scheduled manner to ensure timely backup of customized
information. In addition, this function can be performed without any manual intervention and
thus reduces maintenance costs.
Prerequisites
Context
l The U2000 does not support multiple periodic backup tasks at the same time. The

l It is recommended that you set the scheduled backup time to the time when network
service traffic is light, such as at midnight (00:00~06:00).
l Performance data collection involves abundant data. It is recommended that you perform
the 15-minute performance collection every three days, 24-hour performance collection
every six days, at the time when network traffic is light.
NOTICE
If the keys have been replaced on the U2000 before data is backed up, the exported script
files may contain key information.
Procedure
Step 3 Click New. The New Task dialog box is displayed.
Step 4 Select Script Export as the task type and enter a name for the scheduled task. Select Periodic
as the run type. Then click Next.
Step 5 In Time Setting, set the planned start time of the task.
Step 6 In Period Setting, set the execution interval and execution times of the task. Then, click
Next.
Step 7 Select the NEs and the type of the script file to be exported. For details, see 6.1.6.1 Script
Files. Then click Finish. Then the created scheduled task is displayed in the Task
Management window.
----End
Follow-up Procedure
If you need to transfer a script to another server, compress the script file into a .zip package
first to prevent the file transfer tool (such as FileZilla) from changing the file format.
6.1.6.4 Restoring the U2000 Data by Using the Script

After upgrading the U2000, you can restore the U2000 network layer configuration data from
the backup script files.

Prerequisites
l During data restoration, the instances deployed for NMS must include the instances
deployed for NMS components during backup.
l The imported configuration scripts are within the management capabilities of the current
NE Explorer instance and U2000 license as follows:
– The management capabilities of NE Explorer as follows:
n The number of equivalent NEs managed by each NE Explorer instance is no
more than 2,000.
n The number of gateway NEs managed by each NE Explorer instance is no
more than 500.
– The number of network-wide equivalent NEs does not exceed the management
capability of the license.
l The script from which data will be restored has been uploaded to the server. After
obtaining the script package exported from the U2000 V100R006C02 or earlier versions
in .zip format (as described in 6.1.6.2 Immediately Backing Up the U2000 Data by
Script and 6.1.6.3 Backing Up the U2000 Data Through Script Exporting in a
Scheduled Manner), decompress the package and select Force UTF-8 when uploading
the script through a file transfer tool (such as FileZilla). If another character set is used,
the script data will be displayed as garbled characters. For details about how to upload
scripts to the server, see A.2.30 How to Use the FileZilla to Transfer Files by SFTP.
l If the script from which data will be restored has been replaced storage key, the server
needs to import the storage key that the script uses. For details about how to import a
U2000 key store, see A.11.64 How Do I Import a U2000 Key Store.
Context
NOTICE
l For single-type script mode in the transport domain, you need to back up the U2000
database before importing the script file, and then initialize the U2000 database. Then,
import the configuration file. It is recommended that you import the network-wide
configuration file. You can restore the data from a backup file if you failed to import the
script file.
l After restoring the network-wide configuration file on the U2000, upload the configuration
data of NEs with 52TOM boards if any and search for WDM trails. Otherwise, the data of
52TOM board-related fibers and trails is lost on the U2000.
l Before importing the script file, delete data of the transport NE that shares the same ID
with a transport NE in the script file; otherwise, the script file cannot be imported.
Procedure
Step 1 Choose Administration > Back Up/Restore NMS Data > Import/Export Script File from
the main menu (traditional style); alternatively, double-click System Management in
Application Center and choose System > Back Up/Restore NMS Data > Import/Export
Script File from the main menu (application style).

see Figure 6-1.
Figure 6-1 Import Script File
Step 2 Click the Import option button.
Step 3 Click the TXT or XML option button.
Step 4 Select the script file type from the Script File Type field.
NOTE
When you select the script file type Network Modeling and Design Information File to import MDS
data:
l If data is imported in the board expansion scenario, you need to manually add boards on the
U2000 first. For demo NEs, dynamic ports also need to be manually added after the boards are
added. For real NEs, dynamic ports are added by default as the boards are added.
l If data is imported in the scenario wherein the U2000 has existing boards and port expansion is
required, you need to manually add ports on the U2000 first.
l Before importing the MDS expansion data script, ensure that the port data of the involved board
on the U2000 is consistent with that in the MDS script.
l After the MDS expansion data script is imported, you need to view Planning Status of the NE
data in the NE Configuration Data management (Choose Configuration > NE Configuration
Data Management from the main menu (traditional style); alternatively, double-click Fix-
Network NE Configuration in Application Center and choose Configuration > NE
Configuration Data Management from the main menu (application style).) window and apply
data to the NE if needed.
l If an exception occurs during an MDS data script import, the script needs to be re-imported and
applied.
Step 5 In the Operation Directory List, select the directory where the script file is to be imported is
located.

NOTICE
Upload the configuration script to the imported to the server as the ossuser user. The directory
must be under the $IMAP_ROOT/script directory and can be under the first-level directory
under the $IMAP_ROOT/script directory at most. Otherwise, the directory cannot be
selected. If the $IMAP_ROOT/script directory does not exist, create it manually and assign
related permission. Run the following commands on the server as the root user:
1. # mkdir $IMAP_ROOT/script
2. # chown -R ossuser:ossgroup $IMAP_ROOT/script
3. # chmod -R 750 $IMAP_ROOT/script
If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this case,
you need to upload files to the backup directory in the FTP root directory as the ftpuser user
(the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy files to the target
directory as the ossuser user.
Step 6 Perform operations based on the script file solution.
l For the single-type script solution:
a. Select the script file to import from the Import File List.
b. In the Import Subnet List, select the subnets to be imported. All subnets are
required to be selected.
c. Click Apply. Click Yes when the Risk dialog box is displayed indicating that
importing the script may cause data inconsistency between the U2000 and NEs and
that you need to upload or synchronize NE data after the import is completed.
NOTICE
n To ensure data consistency on the U2000 and NE, upload or synchronize NE
configuration data to the U2000 in NE configuration data management;
otherwise, data on the U2000 and NE is inconsistent. causing service
interruptions. For details, see Table 6-3.
n If U2000 data is required for disaster recovery of NE data. do not upload or
synchronize NE configuration data to the U2000 or perform Step 6.e, and
contact Huawei technical support personnel.

NOTE
During script import, the U2000 calculates the number of existing equivalent NEs and
imported NE scripts.
n After NE scripts are imported, the number of equivalent NEs managed by each NE
Explorer instance cannot exceed 2,000. Otherwise, the U2000 displays the message
Exceeds the maximum management capability range.
n After NE scripts are imported, the number of gateway NEs managed by each NE
Explorer instance cannot exceed 500. Otherwise, the U2000 reports the alarm
GNE_NUM_LIMIT_OVER and displays the message The number of
Gateways of NE Manager nemgr_otn exceeds..
n If the number of network-wide equivalent NEs exceeds the management capability of
the NE Explorer instance, the U2000 displays a failure message and suggests you to
add an NE Explorer instance.
d. The import progress is displayed. After the import is completed, click Close in the
Operation Result dialog box.
NOTE
After the script is imported, the sign will be displayed on NEs that support data
synchronization and are not unconfigured or preconfigured, which indicates that the NE
configuration data is inconsistent between the U2000 and the NE.
e. In the Information dialog box, click OK. After importing the script, verify that the
following operations have been performed on the U2000 to ensure the integrity of
NE and network data. If these operations are not performed, U2000 data will be
inconsistent with NE data, causing service interruptions.
NOTICE
If U2000 data is required for disaster recovery of NE data. skip this step and contact
Huawei technical support personnel.
NOTE
For details about how to upload the NE Data and synchronize NE configuration data, see
Working with the NMS > Topology Management > Configuring the NE Data.
Table 6-3 NE and Operations

NE Operations
SDH NEs/WDM NEs/RTN NEs/ 1. Upload the NE configuration data

Marine NEs to the U2000.
2. Search for protection subnets.
3. Search for trails.
PTN NEs (excluding PTN 6900 NEs) 1. Upload the NE configuration data
to the U2000.
2. Enable auto IP service discovery.
3. Enable auto protection group
discovery.

l For the network-wide script solution:

a. Select Upgrade NE to import NE data. NEs are created on the U2000.
NOTICE
n To ensure data consistency on the U2000 and NE, upload or synchronize NE
configuration data to the U2000 in NE configuration data management;
otherwise, data on the U2000 and NE is inconsistent. causing service
interruptions.
n If U2000 data is required for disaster recovery of NE data. do not upload or
synchronize NE configuration data to the U2000 or perform Step 6.b, and
contact Huawei technical support personnel.
b. Manually synchronize or upload NE data to the U2000 based on the NE type. For
details, see Table 6-4.
NOTE
For details about how to upload the NE Data and synchronize NE configuration data, see
Working with the NMS > Topology Management > Configuring the NE Data.
Table 6-4 NE and Operations
NE Operations
SDH NEs/WDM NEs/RTN NEs/ 1. Upload the NE configuration data

Marine NEs to the U2000.
2. Search for protection subnets.
3. Search for trails.
PTN NEs (excluding PTN 6900 NEs) 1. Upload the NE configuration data
to the U2000.
discovery.
IP NE (including PTN 6900) 1. Synchronizing NE configuration

data to the U2000.
discovery.
c. Select Upgrade All to import network scripts.

NOTE
A network script to be imported includes self-defined E2E service data, fiber data, and link
data.
----End

Follow-up Procedure
NOTE
6.1.7 Full System Backup and Restoration (Single Server System,

SUSE Linux)
The solution applies only to a SUSE Linux U2000 single-server system. This solution
produces ISO files for OS recovery when the OS is running properly and backs up the system
partitions. When the OS fails to be started, the OS is started and disk partition information is
recovered using ISO files, helping quickly recover the U2000 for monitoring.
6.1.7.1 Full System Backup Solution Overview

This topic describes the principles, implementation process, and restrictions of the full system
backup solution.
Principle Introduction
l The solution produces ISO files of system recovery and backs up system partitions when
the U2000 server OS is running properly.
l When the U2000 server OS fails to be started, the OS is started and disk partition
information is recovered using ISO files, helping quickly recover the U2000 for
monitoring.
l The data backed up by the solution covers OS data, U2000 software, and database
software, you are advised to back up system data once a week after finishing the
– Install or upgrade the U2000 or install a patch.
– Modify the OS, such as, upgrading a patch, or changing an IP address, a host name,
a time zone, time, or OS user name or password.
– Modify the Sybase, such as upgrading the Sybase database patch or changing the
database password.
l This solution is used to recover data only when the U2000 server OS fails.
NOTE
Procedure
The following figure shows the process of full system backup for servers with standard
configuration but without a disk array.

l After the U2000 is installed, a scheduled task for backing up system partitions to the
local computer is preconfigured by default. Produce ISO files for urgent system
recovery. For details, see 6.1.7.4 Creating of the ISO File for Urgent System
Recovery.
l If the U2000 server's system partition backup files are saved to the file server, the backup
task should be re-configured. For details, see:
a. 6.1.7.4 Creating of the ISO File for Urgent System Recovery
b. 6.1.7.2.1 Mounting the Windows 2008 File Server
c. 6.1.7.5 (Optional) Backing Up System Partitions
l If the U2000 server's system partition backup files are saved to the file server, the backup
task needs to be re-configured. For details, see:
b. 6.1.7.2.1 Mounting the Windows 2008 File Server
c. 6.1.7.5 (Optional) Backing Up System Partitions
b. 6.1.7.5 (Optional) Backing Up System Partitions
The following figure shows the process of full system recovery for servers with standard
configuration but without a disk array.

For details, see 6.1.7.6 Recovering the Full System.
Application Restrictions
l The SSR software has been installed.
l Obtained and set the SSR license.
– How to apply SSR License, see Applying for the SSR License in Single-Server
System Software Installation and Commissioning Guide (SUSE Linux).
– How to configure SSR License, see Commissioning the U2000 in Single-Server
System Software Installation and Commissioning Guide (SUSE Linux).
l The solution applies only to a SUSE Linux U2000 single-server system with the standard
configuration (eight disks). It does not support the Linux local HA system, Linux remote
HA system, and Linux VMs.
l Backup and restoration of the local server is supported. For parts with consistent system
partitions (the number of partitions and partition sizes must be consistent), backup and
restoration of remote servers is also supported.
l The SUSE Linux U2000 single-server system server mounts to the ISO file through a
virtual drive.

l System partition backup files are saved to the file server.

– The disk space of the file server that stores backup files must be sufficient.
– The OS of the file server must be Windows Server 2008, Solaris, SUSE Linux 10,
SUSE Linux 11 and SUSE Linux 12.
– The bandwidth between the U2000 server and file server must be higher than 10
Mbit/s. Otherwise, do not deploy the backup and restoration solution.
6.1.7.2 (Optional) Mounting Configurations for the U2000 Server and File Server
The full system backup and restoration solution allows a Windows Server 2008, Solaris 10,
SUSE Linux 10, SUSE Linux 11, or SUSE Linux 12 server to function as the remote shared
directory that can be mounted to U2000 server. The server is used to store the full system
backup data or read the backup data for restoration. You can select the file server according to
one of the following solutions. You are advised to use a Windows Server 2008 to function as
the server for file sharing.
6.1.7.2.1 Mounting the Windows 2008 File Server

While the U2000 server's system partition backup files are saved to the file server, the U2000
server should mount to the file server.
Prerequisites
l The disk space of the file server that stores backup files must be sufficient. The
following describes the required space of the file server. The standard compression level
is used. The available space of the file server must be larger than 50% of the occupied
space of the U2000 server before each backup.
NOTE
To check the U2000 server space usage, run the following commands on the U2000 server as root
user:
# df -Th|grep ext3 | awk '{print $4}'
815M
685M
2.9G
711M
701M
4.5G
897M
The sum of the seven values is the occupied space size of the U2000 server.
l The bandwidth between the U2000 server and file server must be higher than 10 Mbit/s.
Otherwise, do not deploy the backup and restoration solution.
Context
You need to perform the following operations to configure the mounting for the U2000 server
and file server only when the system partition backup files are stored on the file server.
Procedure
Step 1 Log in to the file server Windows 2008 OS as the administrator user.
Step 2 Create the ssrbackup_local folder.

Step 3 Right-click the ssrbackup_local folder and choose Share with > Specific people from the
shortcut menu.
Step 4 In the File Sharing dialog box, select a desired user (such as administrator) and set
Permission Level to Read/Write.
Step 5 Log in to the U2000 server Linux OS as the root user.
Step 6 Run the following command to mount the shared directory on the file server to the U2000
server:
# mkdir /opt/ssrbackup_local/file_server
# mount -t cifs -o username="User Name",password="Password" //192.168.1.100/
ssrbackup_local /opt/ssrbackup_local/file_server
NOTE
l username: Indicates the shared account specified for the file server Windows 2008 OS, for example
administrator.
l password: Indicates the password for the shared account, for example Changeme_123.
l //192.168.1.100/ssrbackup_local: Indicates the shared directory specified for the file server
Windows 2008 OS.
l /opt/ssrbackup_local/file_server: Indicates the path mounted to Linux OS on the U2000 server.
l Run the following command to unmount:
# umount -f /opt/ssrbackup_local/file_server
Step 7 Run the following command to check whether the shared directory is successfully mounted to
the U2000 server:
# df -h
If information similar to the following words in bold is displayed, the mounting is successful.
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 20G 609M 19G 4% /
udev 16G 252K 16G 1% /dev
tmpfs 16G 76K 16G 1% /dev/shm
/dev/sda8 20G 174M 19G 1% /export/home
/dev/sda7 115G 35G 74G 32% /opt
/dev/sdb2 394G 27G 347G 8% /opt/backup
/dev/sdd1 275G 43G 218G 17% /opt/backup/forDBSVRBCK
//192.168.1.100/ssrbackup_local 275G 100G 161G 39% /opt/ssrbackup_local/
file_server
/dev/sdb1 99G 39G 55G 42% /opt/sybase/data
/dev/sda9 20G 189M 19G 1% /tmp
/dev/sda5 20G 3.6G 16G 19% /usr
/dev/sda6 16G 341M 15G 3% /var
/dev/sda10 9.9G 181M 9.2G 2% /var/log
/dev/sda11 4.0G 137M 3.7G 4% /var/log/audit
----End
6.1.7.2.2 Mounting the Solaris File Server

Configure the Solaris file server as the server end of the Network File Server (NFS). Mount a
directory with large free space (/opt/nfs is used as an example) to the backup/restoration
server through NFS.
Prerequisites
l The Solaris file server must have NFS components. Otherwise, the NFS service cannot
be configured.

NOTE
Log in to the Solaris file server as root user, run the following command.
# svcs -a|grep svc:/network/nfs/server:default
If the output contains "svc:/network/nfs/server:default", the Solaris file server has NFS components.
NOTE
user:
815M
685M
2.9G
711M
701M
4.5G
897M
Context
Procedure
Step 1 Log in to the Solaris server as root user and create a shared directory /opt/nfs. If the /opt/nfs
folder does not exist, run the following commands.
# mkdir -p /opt/nfs
# chmod 755 /opt/nfs
Step 2 Run the following command to configure automatic sharing for the /opt/nfs directory.
# echo "share -F nfs -o rw,anon=0 -d \"\" /opt/nfs" >> /etc/dfs/dfstab
NOTE
Run the following command to check whether automatic sharing has been configured for /opt/nfs.
# cat /etc/dfs/dfstab | grep /opt/nfs
If the following information is displayed, the directory /opt/nfs has been configured for automatic sharing.
share -F nfs -o rw,anon=0 -d "" /opt/nfs
Step 3 Run the following command to check whether Solaris NFS server service is enabled.
# svcs -a|grep svc:/network/nfs/server:defaul
If the following information is displayed, the NFS server service is enabled.

online 3:15:13 svc:/network/nfs/server:default
NOTE
Run the following command to start the NFS server service.
# svcadm enable svc:/network/nfs/server:default
Step 4 Run the following command to enable sharing for the /opt/nfs directory.
# share -F nfs -o rw,anon=0 -d "" /opt/nfs

server:
l If the U2000 server is SUSE Linux 12 or SUSE Linux 11 OS, run the following
command.
# mount -t nfs -o nolock 192.168.1.100:/opt/nfs /opt/ssrbackup_local/
file_server
l If the U2000 server is SUSE Linux 10 OS, run the following command.
# mount -t nfs -o rw 192.168.1.100:/opt/nfs /opt/ssrbackup_local/file_server
NOTE
l //192.168.1.100: Indicates the shared directory specified for the file server Solaris OS.
l /opt/nfs: Indicates the shared directory specified for the file server Solaris OS.
----End
6.1.7.2.3 Mounting the SUSE Linux File Server

Configure the SUSE Linux file server as the server end of the NFS. Mount a directory with
large free space (/opt/nfs is used as an example) to the backup/restoration server through
NFS.
Prerequisites
l The SUSE Linux 12 or SUSE Linux 11 file server must have portmap and nfsserver
services. Otherwise, the NFS service cannot be configured.
NOTE
Log in to the Linux file server as root user, run the following command.
# service rpcbind status
# service nfsserver status
If the message "no such service" is displayed, the services do not exist.
l The SUSE Linux 10 file server must have portmap and nfsserver services. Otherwise, the
NFS service cannot be configured.
NOTE
Log in to the Linux file server as root user, run the following command.
# service portmap status
If the message "no such service" is displayed, the services do not exist.

NOTE
user:
815M
685M
2.9G
711M
701M
4.5G
897M
Context
Procedure
Step 1 Log in to the Linux server as root user and create a shared directory /opt/nfs. If the /opt/nfs
folder does not exist, run the following commands.
# mkdir -p /opt/nfs
# chmod 755 /opt/nfs
Step 2 Run the following command to configure automatic sharing for the /opt/nfs directory.
# echo "/opt/nfs *(rw,async,no_root_squash)" >> /etc/exports
NOTE
Run the following command to check whether automatic sharing has been configured for /opt/nfs.
# cat /etc/exports | grep /opt/nfs
l If the following information is displayed on SUSE Linux 12 or SUSE Linux 11, the directory has been
configured for automatic sharing.
/opt/nfs *(rw,async)
l If the following information is displayed on SUSE Linux 10, the directory has been configured for
automatic sharing.
/opt/nfs *(rw,async,no_root_squash)
Step 3 Set the services to be automatically started at boot time.

l For SUSE Linux 12 or SUSE Linux 11 OS, run the following commands:
# chkconfig rpcbind on
# chkconfig nfsserver on
l For SUSE Linux 10 OS, run the following commands:

# chkconfig portmap on
# chkconfig nfsserver on
Step 4 Run the following commands to restart the NFS server and portmap services.
l For SUSE Linux 12 or SUSE Linux 11 OS, run the following commands:
# service rpcbind restart
# service nfsserver restart

# service portmap restart
# service nfsserver restart

Step 5 Run the following commands to check whether the services are started.
If the message similar to the following is displayed, the services have been started.
rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor
preset: disabled)
Active: active (running) since -- 2017-12-04 10:09:48 CST; 29s ago
......
nfsserver.service - Alias for NFS server
Loaded: loaded (/usr/lib/systemd/system/nfsserver.service; enabled; vendor
preset: disabled)
Active: active (running) since -- 2017-12-04 10:09:48 CST; 1min 13s ago
......

If the message "running" is displayed, the services have been started.

Checking for kernel based NFS server: running
Checking for service rpcbind: running

# service portmap status
If the message "running" is displayed, the services have been started.

Checking for kernel based NFS server: running
Checking for RPC portmap daemon: running
server:
l If the OS of the U2000 server is SUSE Linux 12 or SUSE Linux 11 OS, run the
following command:
# mount -t nfs -o nolock 192.168.1.100:/opt/nfs /opt/ssrbackup_local/
file_server
l If the OS of the U2000 server is SUSE Linux 10 OS, run the following command:
# mount -t nfs -o rw 192.168.1.100:/opt/nfs /opt/ssrbackup_local/file_server
NOTE
l //192.168.1.100: Indicates the shared directory specified for the file server Linux OS.
l /opt/nfs: Indicates the shared directory specified for the file server Linux OS.
----End
6.1.7.3 (Optional) Configuring a Local Backup Disk for the U2000 Server
This topic describes how to configure a local backup disk for the U2000 server.

Context
l An Huawei RH series rack server (RH2288H V3 and RH5885H V3) for standard
delivery is equipped with eight hard disks (600G), In the scenario of new installation, the
backup files of default preconfigured system partitions are stored in /dev/sdc. Run the
following command to view the default backup file storage path:
# df -h
If information similar to the following characters in bold is displayed, the backup files
are stored in /dev/sdc:
......
/dev/sdc1 275G 100G 161G 39% /opt/ssrbackup_local
......
l An Huawei RH series rack server (RH5885H V3 and RH2288H V2) for standard
delivery is equipped with eight hard disks (300G), a local backup disk should be
configured, select an idle disk to perform partitioning. The backup operation involves a
lot of file writing. Therefore, you need to prevent issues, such as application
unavailability, due to the disk IO conflict during data backup.
NOTE
The following operations use configuring /dev/sdc to store backup files of system partitions as an
example.
Procedure
Step 1 Prepare an idle disk and partition it.
1. In the Linux-based single-server system, disk /dev/sdc generally contains no partition.
Run the following command to query whether disk /dev/sdc contains partitions.
# fdisk -l
NOTE
If the queried information does not include /dev/sdc, the /dev/sdc partition does not exist. In this case,
manually partition the disk.
2. Run the following command to partition the disk:
# fdisk /dev/sdc

Command (m for help):
3. Type n to add a partition.

Command action
e extended
p primary partition (1-4)
4. Type p to select a main partition.

Partition number (1-4, default 2):
5. Type the partition number. Such as 1.

6. Select the start position (2048 by default) and press Enter.
7. Type the end position manually, which cannot exceed the instructed maximum value.
8. Type w to save the settings and exit.

Step 2 Modify the /etc/fstab file by adding the following lines. This operation adds created partitions
to the partition list.
/dev/sdc1 /opt/ssrbackup_local ext3 acl,user_xattr 1 0
Step 3 Mounting the Local Backup Disk to a Folder.

1. Run the following command to create a file system.
# mkfs.ext3 "/dev/sdc1"
2. Mount to disk /dev/sdc1.

# mkdir /opt/ssrbackup_local # mount /dev/sdc1 /opt/ssrbackup_local
3. Run the following command to check whether the local backup disk is successfully
mounted to the folder:
# df -h
If information similar to the following words in bold is displayed, the mounting is

successful.
/dev/sda1 20G 609M 19G 4% /
/dev/sda7 115G 35G 74G 32% /opt
/dev/sda5 20G 3.6G 16G 19% /usr
----End
6.1.7.4 Creating of the ISO File for Urgent System Recovery

This topic describes how to create ISO files for system recovery and how to achieve quick
recovery after the OS fails.
Prerequisites
l The SSR license has been configured.
l The U2000 quick installation DVD or ISO file has been obtained.
Procedure
Step 1 Mount the ISO file of the SUSE Linux 2000 quick installation disk to the virtual drive.
To mount the ISO file of the U2000 quick installation DVD to a virtual drive for the Huawei
server, see A.5.6 How Do I Mount the ISO File or the U2000 Quick Installation DVD to a
Drive (RH2288H V3 server, RH5885H V3 server and RH2288H V2 server).
Step 2 Run the following command to check whether the ISO file has been mounted or the U2000
quick installation disk has been inserted.
# df -h | grep /media
If information similar to the following is displayed, the operation is successful:

l If the OS of the U2000 server is SUSE Linux 12:

/dev/sr1 4.4G 4.4G 0 100% /run/media/root/SLES-12-
SP2-SERVER-DVD-X86_642192

/dev/sr1 4.0G 4.0G 0 100% /media/SLES-11-SP3-DVD-
X86_6407031

/dev/sr1 4.0G 4.0G 0 100% /media/SUSE-LINUX-
ENTERPRISE-SERVER_001/
Step 3 .Run the following command to create the ISO file for urgent system restoration.
l If the OS of the U2000 server is SUSE Linux 12, run the following command:
# createSRD --iso=/run/media/root/SLES-12-SP2-SERVER-DVD-X86_642192 -d /opt/
ssrbackup_local/U2000RecoveryISO.iso
# createSRD --iso=/media/SLES-11-SP3-DVD-X86_6407031 -d /opt/ssrbackup_local/
U2000RecoveryISO.iso
# createSRD --iso=/media/SUSE-LINUX-ENTERPRISE-SERVER_001/ -d /opt/
ssrbackup_local/U2000RecoveryISO.iso
NOTE
l /run/media/root/SLES-12-SP2-SERVER-DVD-X86_642192, /media/SLES-11-SP3-DVD-X86_6407031
and /media/SUSE-LINUX-ENTERPRISE-SERVER_001/: is the root installation directory for the SUSE
Linux ISO file.
l /opt/ssrbackup_local/U2000RecoveryISO.iso: is the ISO file for urgent system restoration.
If information similar to the following is displayed, the operation is successful:

Creating SRD...Please Wait
[ ################################################################### ] 100%
Done.
Step 4 Store this file to the other server immediately after it is generated.
----End
6.1.7.5 (Optional) Backing Up System Partitions

This topic describes how to back up system partitions to quickly recover system data in case
the system fails.
Prerequisites
The SSR license has been configured.
Context
l For servers with standard configuration but without a disk array, a scheduled task is
preconfigured by default to back up system partitions to the local directory (/opt/
ssrbackup_local).
– The task is an independent full system backup task that will be executed at 01:00
every Sunday.
– Except the /opt/ssrbackup_local partition and the partitions whose file system is
udev or tmpfs, all other partitions are backed up.

NOTE
Run crontab -l| grep Manual_backup.sh as the root user to view information about the
scheduled task.
The scheduled task exists if the following information is displayed:
0 1 * * 0 "cd /opt/ssrbackup_local/tools; ./Manual_backup.sh " > /dev/
null 2>&1
l If the default scheduled backup task does not meet requirements, you can delete the
default scheduled backup task and configure an SSR automatic backup task.
l You can also back up system partitions using a script. Specifically, run the
Manual_backup.sh script as the root user.
l If the backup files are stored on the file server, copying files is time-consuming. The
time taken for copying files depends on the file size and network bandwidth.
Configuring the Automatic Backup Task

Step 1 Log in to the U2000 server as the root user over the PuTTY.
Step 2 Obtain and back up disk partition information.

1. Run the following command to obtain the disk partition information for backup.
# symsr -info disk | grep -E 'Ext3|Ext4'
The following information displays the system partitions using the U2000 quick
installation disk:
0 Ext3 /dev/sda1 / (20 GB total - 991 MB used)
2 Ext3 /dev/sda5 /usr/ (20 GB total - 4.21 GB used)
3 Ext3 /dev/sda6 /var/ (16 GB total - 1.08 GB used)
4 Ext3 /dev/sda7 /opt/ (116 GB total - 39.7 GB used)
5 Ext3 /dev/sda8 /export/home/ (20 GB total - 1007 MB used)
6 Ext3 /dev/sda9 /tmp/ (20 GB total - 509 MB used)
7 Ext3 /dev/sda10 /var/log/ (10 GB total - 338 MB used)
8 Ext3 /dev/sda11 /var/log/audit/ (4.01 GB total - 201 MB used)
0 Ext3 /dev/sdb1 /opt/sybase/data/ (100 GB total - 44.3 GB used)
1 Ext3 /dev/sdb2 /opt/backup/ (400 GB total - 35.9 GB used)
0 Ext3 /dev/sdc1 /opt/ssrbackup_local/ (278 GB total - 62.7 GB used)
0 Ext3 /dev/sdd1 /opt/backup/forDBSVRBCK/ (278 GB total - 47.3 GB used)
NOTE
The /opt/ssrbackup_local/ partition does not need to be backed up.
2. Run the following command to back up the disk partition information. During system
restoration, you can query the mounting relationship between devices and files based on
the disk partition information.
# symsr -info disk | grep -E 'Ext3|Ext4' >/opt/ssrbackup_local/diskinfo.log
Step 3 Create a scheduled backup task.

1. Run the following commands to configure the backup environment:
# cd /opt/ssrbackup_local/tools
# ./setting.sh

Set the interval of the scheduled task (1: daily, 2: weekly, 3: monthly)|2:2
2. Set the backup interval and press Enter. By default, data is backed up every week. Using
backup every week as an example, enter 2 and press Enter or directly press Enter.
Set execution weekday (0-6,0=Sunday)|0:0

3. Set the weekday on which the weekly backup starts and press Enter. By default, the
backup starts on Sunday every week. Using backup on Sunday every week as an
example, enter 0 and press Enter or directly press Enter.
Set execution time(0-23)|1:1
4. Set the execution time and press Enter. By default, the backup starts at 01:00 every day.
Using backup at 01:00 every day as an example, enter 1 and press Enter or directly press
Enter.
The backup file is stored to (1:local,2:server):1
5. Select local backup or remote backup and press Enter. Using local backup as an
example, enter 1 and press Enter.
Please enter the local backup path:
6. Enter the position of the backup file. Using backup to /opt/ssrbackup_local as an

example, enter /opt/ssrbackup_local and press Enter.
Set the maximum number of backup files(1-30)|2:
7. Set the maximum number of stored copies and press Enter. By default, two copies are
stored. Using two copies as an example, enter 2 and press Enter.
Automatic backup configuration successfully.
The scheduled task is configured successfully.
NOTE
l The configuration information of the scheduled task is recorded in the backup.cfg file in the /opt/
ssrbackup_local/tools directory.
l A linux directory will be automatically created in the /opt/ssrbackup_local directory to store backup
files the first time a scheduled backup task is executed. A new backup file is generated each time the
scheduled task is executed. The maximum number of backup files of the same type equals maxnum.
l The names of the scheduled backup files generated in the /opt/ssrbackup_local/linux directory are in the
following format: linux_Partition name_Generation order in sequence.v2i. For example, the first backup
file name of the /export/home/ partition is linux_export_home_000.v2i and the second backup file name
is linux_export_home_001.v2i.
----End
Configuring an Automatic Backup Task

If system startup related files in the scheduled backup tasks are abnormal or lost, the system
startup may be affected after data is restored. Therefore, you are advised to add the automatic
backup task. This backup task ensures that the system can be started normally after the
backup data is restored.
Step 1 Use PuTTY to log in to the U2000 server as the root user.
Step 2 Run the following commands to start the automatic backup task.
# ./Manual_backup.sh -selfstarting

The automatic backup task will be automatically configured. The configuration is successful
if the following information is displayed.
Boot configuration is complete
NOTE
The permanently reserved backup data is automatically backed up to the \opt\ssrbackup_local
\milestonebackup directory after the OS is started. The backup file is updated only when the system
starts automatically. The permanently reserved backup data ensures that the system can be started
normally after restoration. Other backup, however, cannot ensure that the system can be started normally
after restoration.
----End
Backing Up System Partitions Using a Script

Step 1 Use PuTTY to log in to the U2000 server as the root user.
Step 2 Run the following commands to back up the system partitions:

# ./Manual_backup.sh
NOTE
l The backup task automatically starts backup based on the backup path recorded in the backup.cfg file in
the /opt/ssrbackup_local/tools directory.
l The backup task retains the first backup data permanently and wraps data based on the configured
maxnum.
l The backup task retains the first backup data permanently and wraps data based on the maximum number
of copies that can be retained.
l The following describes the naming rules for backup files:
– After the script is executed, a directory named in the format of backup_year+month+day, for
example, backup_1708060955 is automatically generated to store backup files. If backup is
performed multiple times in a day, the corresponding hour and minute are added behind the
directory names.
– Use .v2i as the file name extension. Use linux_Partition name as the file name, for example, the
backup file name of the /export/home/ partition is linux _export_home.v2i.
Step 3 If data is restored to a remote server, execute scripts on the target servers (backup/restoration
server) to check whether the target server meets restoration requirements. For details, see A.
11.77 Checking Whether the Restoration Server Meet Restoration Requirements.
NOTE
l Local restoration: Perform the restoration operations on the backup server.

l Remote restoration: Perform full system backup on the backup server and then perform the
restoration operations on another server (backup/restoration server).
----End
Querying Historical Backup Results

Step 1 Use PuTTY to log in to the Linux OS of the U2000 server as the root user.
Step 2 Run the following commands to query the historical backup results:
# ./backup_result.sh

Tue Sep 12 18:56:54 CST 2017 |||170912||| This backup has been successful
Tue Sep 12 22:51:57 CST 2017 |||170912||| This backup has been successful
----End
6.1.7.6 Recovering the Full System

This topic describes how to recover data on the original OS boot disk and configure the OS to
start from this disk after the OS fault is rectified.
Prerequisites
l The SSR license has been configured.
l ISO file for urgent system recovery has been created. For details, see 6.1.7.4 Creating of
the ISO File for Urgent System Recovery.
l System partitions have been backed up. For details, see 6.1.7.5 (Optional) Backing Up
System Partitions.
Procedure
Step 1 Copy U2000RecoveryISO.iso to a local PC.
Step 2 Mount the U2000RecoveryISO.iso to the drive.

l To mount the ISO file for urgent system restoration to a virtual drive for the 2288H V5
server, see A.5.7 How Do I Mount the ISO File or the U2000 Quick Installation
DVD to a Drive (2288H V5 server).
l To mount the ISO file for urgent system restoration to a virtual drive for the RH2288H
V3 server, RH5885H V3 server and RH2288H V2 server, see A.5.6 How Do I Mount
the ISO File or the U2000 Quick Installation DVD to a Drive (RH2288H V3 server,
RH5885H V3 server and RH2288H V2 server).
Step 3 Optional: Restart the server and configure the server to start from the drive.
NOTE
Only RH2288H V3 server, RH5885H V3 server and RH2288H V2 server need perform this step.
l If log in to the RH5885H V3 server through iBMC, perform the following operations:
a. After the server is started, press F11 or F3 (on Remote Keyboard). Wait about 3
minutes, the Please select boot device: window is displayed.
NOTE
If a dialog box asking you to enter a password displayed during startup, enter the required
password. The default password is Huawei12#$, if the password has been changed, enter the
new password. If the password has not been changed, for system security, modify the default
password and remember the new password.
b. Select Virtual DVD-ROM VM 1.1.0 225, and press Enter.
a. After the server is started, press F11 to access the Boot Manager window.
NOTE
password. The default password is Huawei12#$, if the password has been changed, enter the
new password. If the password has not been changed, for system security, modify the default
password and remember the new password.

b. Select Virtual DVD-ROM VM 1.1.0, and press Enter.
Step 4 Dialog similar to the following is displayed. Press Enter.
Step 5 Wait for about five minutes. After the system is recovered, enter the user name root.
Step 6 Configure the network adapter IP address and route to restore the network communication.
# ifconfig eth0 IP Address netmask NetMask up
# route add default gw Gateway
NOTE
l After the IP address and other configurations are set, you cannot use PuTTY to log in to the OS in SSH
mode because you have entered the rescue mode.
l The system IP address must be available but does not have to be consistent with that of the server.
l route add default gw Gateway indicates that the default route that is added. Replace them with the actual
values.
Step 7 Copy the backup files to the /tmp directory.

If the system partition backup files are saved to the local disk, run the following
command mount the /dev/sdc1 to /tmp.
# mount /dev/sdc1 /tmp
NOTE
After the mounting is successful, you can run df -h to view mount status, you can view files stored in
the /opt/ssrbackup_local directory in the /tmp directory.
If the system partition backup files are saved to the Windows 2008 file server, follow the
following steps.
1. Mount the Windows Server 2008 file server to the /mnt directory.
# mount -t cifs -o username="User Name",password="Password" //192.168.1.100/
ssrbackup_local /mnt

NOTE
– username: Indicates the shared account specified for the file server Windows Server 2008 OS,
for example administrator.
– password: Indicates the password for the shared account, for example Changeme_123.
– //192.168.1.100/ssrbackup_local: Indicates the shared directory specified for the file server
Windows Server 2008 OS.
Run the following command to check whether the mounting succeeds. The mounting is
successful if information similar to the following is displayed.
# df -h
//192.168.1.100/ssrbackup_local 557G 76G 482G 14% /mnt
2. Copy the backup files to the /tmp directory.

# cd /mnt/backup_1708060955
# cp -rp /mnt/backup_1708060955 /tmp
NOTE
– /backup_1708060955: Indicates the directory generated when the backup is performed.

– Copying files is time-consuming. The time taken for copying files depends on the file size and
network bandwidth.
If the system partition backup files are saved to the Solaris or SUSE Linux file server,
follow the following steps.
1. Mount the file server to the /mnt directory.
– If the OS for the U2000 server is SUSE Linux 11 or SUSE Linux 12, run the
following command.
# mount -t nfs -o nolock 192.168.1.100:/opt/nfs /mnt
– If the OS for the U2000 server is SUSE Linux 10, run the following command.
# mount -t nfs -o rw 192.168.1.100:/opt/nfs /mnt
NOTE
– //192.168.1.100: Indicates the IP address for the file server.

– /opt/nfs: Indicates the shared directory specified for the file server.
Run the following command to check whether the mounting succeeds. The mounting is
successful if information similar to the following is displayed.
# df -h
10.67.186.70:/opt/nfs 115G 46G 63G 43% /mnt
2. Copy the backup files to the /tmp directory.

# cd /mnt/backup_1708060955
# cp -rp /mnt/backup_1708060955 /tmp
NOTE
– /backup_1708060955: Indicates the directory generated when the backup is performed.

– Copying files is time-consuming. The time taken for copying files depends on the file size and
network bandwidth.
Step 8 Restore system partitions.

1. Run the following commands to restore the system partitions:
# cd /tmp/backup_1708060955
# ./Recover_backup.sh
NOTE
/backup_1708060955: Indicates the directory the backup files stored which to be restored.

Full system restoration is going to be performed. The current system will be

restored to the status before backup and data cannot be restored.
Are you sure you want to continue (Y/N)?
2. Input Y to continue restore the system partitions.

The restoration is successful if the following information is displayed:
Execute /tmp/tools/Recover_backup.sh SUCCESS. All disks are restored
successfully.
Step 9 Unmount the U2000RecoveryISO.iso file from the virtual drive.
Step 10 Run the following commands to restart the OS. The restart takes 5 to 10 minutes.
# shutdown -r now
----End
6.1.8 Managing the U2000 Database

This topic describes how to manage the U2000 database. Managing the U2000 database
includes initializing the U2000 database and checking the database status.
6.1.8.1 U2000 Database List

This topic describes the list of databases for the U2000.
6.1.8.1.1 List of Small-scale U2000 Databases

This topic describes the names, functions, minimum sizes, maximum sizes, self-growth
thresholds, growth steps, and log buffer sizes of Small-scale U2000 databases (Less than 500
equivalent NEs). The database files of the U2000 server are used to store data or store the log
information that is generated during the running of the database.
Table 6-5 describes Small-scale U2000 databases.
Table 6-5 List of Small-scale U2000 databases

Database Function Mini Maxi Self- Grow Log
mum mum Grow th Buffe
Size Size th Step r Size
(MB) (MB) Thres (MB) (MB)
hold
(MB)
ason_otn_db ason otn DB 100 200 50 50 100
ason_sdh_db ason sdh DB 100 250 50 50 100
BitsDB BITS Device 100 200 30 30 50

Management Database
BMSDB Access Service 1500 2500 100 100 600

Management Database
BMSREPORTD Access Report Service 200 1000 50 300 200

B Management Database


hold
(MB)
BoxSwitchMgr Switch NE 200 900 50 50 200

DB Manager(Box )
Database
dashboardservic Dashboard Service DB 135 135 0 0 45

edb
dashboardservic Dashboard Redis 20 20 0 0 0

erdb
eamdb Database of 200 6000 100 100 100

EAMService
EnpowerDB Environment Power 50 100 20 50 50

Database
fmdb Database of 300 2000 100 200 200

FaultService
FrameSWMgrD Switch NE 150 300 50 50 100

B Manager(Frame)
Database
InventoryDB Inventory Manage 50 100 30 50 30

system Database
IPBaseDB IP Base Service 100 600 50 50 200

Database
logdb Database of 100 400 50 50 100

LogService
MCDB Distribution Manager 500 600 50 50 300

Database
MSODB MULtiple Service 60 4000 2 1300 20

Operation Database
NBITSDB NBITSDB 300 600 50 100 200
nemgr_marineD marine DB 200 500 75 100 100

B
nemgr_transDB Transmit Network 300 1200 150 300 100

Element Management
Database
nemgr_v8trans Transmit Network 150 300 50 50 50

DB Element(VRP V8)
Management Database


hold
(MB)
nemgr_webtran webtrans database 300 1000 150 300 100

sDB
nesvc_v8ptnDB PTN Network 40 160 20 40 30

Element(VRP V8)
Communication
Database
nesvc_v8transD Transmit Network 300 1200 150 300 100

B Element(VRP V8)
SDH Service
Management Database
NMLIPCOMM NMLIPCOMMONDB 100 1000 20 300 200

ONDB
OAMSDB OAMS Management 50 100 15 30 50

Database
omcdb Common Database 100 500 50 100 100
osstempdb Temporary Database 100 200 50 50 100
PMDataDB Performance and 500 2500 100 100 250

statistic history data
Database
PMSDB Performance and 500 500 50 50 150

statistic configuration
Database
ptn_v8_db PTN(V8) Manage 250 1000 120 250 200

System Database
ReportDB Report Manage system 100 100 5 5 100

Database
RouterMgrDB Router Manage System 150 600 70 150 100

Database
SecServiceDB Security Service 100 300 50 50 50

Database
SecurityMgrDB Security Manage 200 400 50 50 100

System Database
smdb Database of 100 200 50 50 100

SecurityService


hold
(MB)
TNCOMMON Service Management 100 300 50 100 50

DB Base Component
Database
TNCPSDB Composite Service 50 200 30 50 30

Management Database
TNETHDB MSTP Service 50 200 30 50 20

Management Database
TNIPDB IP Service 100 300 50 100 50

Management Database
TNOTNDB WDN Service 100 300 50 100 50

Management Database
TNSDHDB SDH Service 100 300 50 100 150

Management
Database?
TNSDNDB SDN Service 100 400 50 100 100

Management Database
topodb Database of 100 500 50 100 100

TopoService
TransPerfDB trans performance DB 500 2000 300 300 400
ucommonDB U2000 common 200 600 50 50 200

database
VmfDB Router(V8) Manage 150 300 50 50 50

System Database
6.1.8.1.2 List of Common-scale U2000 Databases

thresholds, growth steps, and log buffer sizes of Common-scale U2000 databases (500 to
2000 equivalent NEs). The database files of the U2000 server are used to store data or store
the log information that is generated during the running of the database.
Table 6-6 describes Common-scale U2000 databases.

Table 6-6 List of Common-scale U2000 databases

hold
(MB)

Management Database

Management Database


DB Manager(Box )
Database

edb

erdb

EAMService

Database
fmdb Database of 500 2000 100 200 300

FaultService

B Manager(Frame)
Database

system Database

Database

LogService

Database


hold
(MB)

Operation Database
NBITSDB NBITSDB 300 600 50 100 200

B

Element Management
Database

DB Element(VRP V8)
Management Database

sDB

Element(VRP V8)
Communication
Database

B Element(VRP V8)
SDH Service
Management Database

ONDB

Database

Database

Database

System Database


hold
(MB)

Database

Database

Database

System Database

SecurityService

DB Base Component
Database

Management Database

Management Database

Management Database

Management Database

Management
Database?

Management Database

TopoService

database

System Database

6.1.8.1.3 List of Medium-scale U2000 Databases

thresholds, growth steps, and log buffer sizes of Medium-scale U2000 databases (2000 to
6000 equivalent NEs). The database files of the U2000 server are used to store data or store
the log information that is generated during the running of the database.
Table 6-7 describes Medium-scale U2000 databases.
Table 6-7 List of Medium-scale U2000 databases

hold
(MB)

Management Database

Management Database


DB Manager(Box )
Database

edb

erdb

EAMService

Database
fmdb Database of 800 3000 200 200 400

FaultService

B Manager(Frame)
Database

system Database


hold
(MB)

Database

LogService

Database

Operation Database
NBITSDB NBITSDB 500 2000 100 500 500

B

Element Management
Database

DB Element(VRP V8)
Management Database

sDB

Element(VRP V8)
Communication
Database

B Element(VRP V8)
SDH Service
Management Database

ONDB

Database


hold
(MB)

Database

Database

System Database

Database

Database

Database

System Database

SecurityService

DB Base Component
Database

Management Database

Management Database

Management Database

Management Database

Management
Database?

Management Database


hold
(MB)

TopoService

database

System Database
6.1.8.1.4 List of Large-scale/Super-large-scale U2000 Databases

thresholds, growth steps, and log buffer sizes of Large-scale/Super-large-scale U2000
databases (More than 6000 equivalent NEs). The database files of the U2000 server are used
to store data or store the log information that is generated during the running of the database.
Table 6-8 describes Large-scale/Super-large-scale U2000 databases.
Table 6-8 List of Large-scale/Super-large-scale U2000 databases

hold
(MB)

Management Database

Management Database


DB Manager(Box )
Database


hold
(MB)

edb

erdb

EAMService

Database
farsdb Stores the signaling 3000 12000 2000 2000 4000

data of all the NEs.
fmdb Database of 8000 30000 500 500 1000

FaultService

B Manager(Frame)
Database

system Database

Database

LogService

Database

Operation Database
NBITSDB NBITSDB 600 3000 200 800 500

B

Element Management
Database

DB Element(VRP V8)
Management Database


hold
(MB)

sDB

Element(VRP V8)
Communication
Database

B Element(VRP V8)
SDH Service
Management Database

ONDB

Database
omcdb_cmc Stores the NMS 10000 25360 5000 5000 9096

configuration data,
security data
pmcomdb Stores the static 2000 6000 1000 1000 2000

performance
measurement data of
NEs.

Database
pmdb Stores the performance 75000 75000 50 50 25000

data.

Database

System Database

Database


hold
(MB)

Database

Database

System Database
smdb Database of 300 600 100 100 200

SecurityService
swmdb Stores the file 6000 12000 2000 2000 3000

information about the
software management
module

DB Base Component
Database

Management Database

Management Database

Management Database

Management Database

Management
Database?

Management Database

TopoService

database

System Database

6.1.8.2 Initializing the U2000 Database

This topic describes how to initialize the U2000 database before it is in disorder or restored,
or data is damaged.
Prerequisites
l The NMS processes are ended. Perform the following operations to end the NMS
processes if they are running:
– For the Single-Server System (Windows), see A.11.8 How to End the Processes of
the U2000 Single-Server System on Windows.
– For the Single-Server System (Solaris), see A.11.11 How to End the Processes of
the U2000 Single-Server System on (Solaris).
– For the Single-Server System (SUSE Linux), see A.11.14 How to End the
Processes of the U2000 Single-Server System on (SUSE Linux).
– For the High Availability System (Solaris/SUSE Linux), see A.11.17 How to End
running:
Database.
Database Service.
Database Service.
l In a high availability (HA) system, freeze the AppService resource group. For more
information, see 11.5.3 Locking a Resource Group.
Context
NOTICE
This operation will delete all U2000 data from the database and restore all U2000 information
to default settings. Therefore, back up the U2000 database and NMS deployment information
before performing initialization.
This operation will:
l Restore the login passwords of admin user for the U2000 client , NE Software
Management and the U2000 System Monitor client to the initial passwords (The initial
password of the admin user is Changeme_123. The password must be changed during
the first login to ensure system security. Keep the password confidential and change it
regularly.).
l Delete all service data that users configured on the U2000 client.

Procedure
NOTE
Step 2 On the MSuite client, choose System > Initialize Database from the main menu. The
initialization wizard and a prompt will be displayed.
Step 3 Read the initialization information carefully and click Next.
Step 4 Click Yes. The system starts initializing the database and displays a progress bar. Wait
patiently.
Step 5 After the initialization is complete, click Finish. A message is displayed indicating that the
U2000 server need to be started manually.
Step 6 Optional: In the HA system, unfreeze the AppService resource group. For more information,
see 11.5.4 Unlocking a Resource Group.
Step 7 Click OK, start the U2000 server manually. For more information, see 2 Starting the U2000
System.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, initialize the
database through the CLI.
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -InitDatabase
NOTE
The default user name of the MSuite is admin and the default password is Changeme_123. If the
password has been changed, enter the new password. If the password has not been changed, for system
security, modify the default password and remember the new password. For details, see C.3.1 Changing
the Password of the MSuite.
Follow-up Procedure
l In the HA system, log in to the secondary site as the ossuser user after primary site
initialization is complete and run the following commands to delete flags reported by
hardware alarms or HA system alarms.
$ su - root
Password:root user password
# rm -rf /var/ICMR/alarm/*ERROR
# rm -rf /var/ICMR/alarm/err_*

l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000,
you must reconfigure the NBI instance after successfully initializing the database, and
the reconfigured instance must be the same as the instance before the database is
initialized. For details, see the related NBI user manual.
l To ensure system security, log in to the U2000 client and change the password according
to the message displayed upon the first login. For details, see 2.6 Logging In to a U2000
Client.
6.1.8.3 Checking the Database Status

This topic describes how to check the database status. The NMS is unavailable if the database
capacity exceeds the standard value. It is recommended that you check the database status
periodically to ensure the normal running of the NMS.
Prerequisites
l The U2000 server is running properly.
l The system monitoring process is running properly.
l The System Monitor communicates normally with the U2000 server.
Context
If Data Used Rate or Log Used Rate of the database exceeds the preset alarm threshold, the
system monitoring process sends an alarm to the NMS server and the related record on the
System Monitor turns red.
Procedure
Step 1 Optional: In the Windows OS, choose Start > Programs > Network Management System
> U2000 System Monitor or double-click the shortcut icon on the desktop to start the System
Monitor.
Step 2 In the Login dialog box, enter the required user name and password to access the System
Monitor window.
Step 3 Click Login to log in to the System Monitor of the U2000.
Step 4 Click the Database tab and view the data space, remaining data space, data space usage, log
space, remaining log space, and log space usage of the database.
----End
6.1.9 Dumping Performance Data

This topic describes how to dump performance data. The performance data can be dumped in
two modes, namely, automatic dumping and manual dumping.
6.1.9.1 Dumping Performance Data Manually

This topic describes how to configure the custom conditions and dump performance data
manually.

Prerequisites
l Performance data for at least one day exists.
l There is sufficient memory to save the dumped performance data.
Procedure
Step 1 Choose Performance > Performance Dump Management > Manual Dump Performance
Data from the main menu (traditional style); alternatively, double-click Fix-Network
Performance in Application Center and choose Performance Dump Management >
Manual Dump Performance Data from the main menu (application style).
Step 2 In the Path on Server text box, enter the path to save the dumped performance data.
Step 3 In the Specify End Date area, enter the data to the text box, or click to select the end date
to dump the performance data.
The following figure uses the Windows as an example.
Step 4 In the Dump drop-down list of the Specify Granularity area, select a dump mode for a
granularity.
A granularity value is 5 minutes, 10 minutes, 15 minutes, 30 minutes, 1 hour, 1 day or all.
Dump can be classified into no dump, dump to file, and delete.
Step 5 Click Dump data to dump the performance data.
The progress bar displays the status, the number of total records, and the number of dumped
records.

Step 6 In the dialog box displayed indicating that the operation succeeds, click OK.
----End
6.1.9.2 Dumping Performance Data Automatically

This topic describes how to dump performance data automatically. This operation allows you
to configure the default condition to automatically dump the performance data.
Prerequisites
l Performance data for at least one day exists.
l There is sufficient memory to save the dumped performance data.
Procedure
Step 1 Choose Performance > Performance Dump Management > Automatic Dump Setting
from the main menu (traditional style); alternatively, double-click Fix-Network Performance
in Application Center and choose Performance Dump Management > Automatic Dump
Setting from the main menu (application style).
Step 2 In the Path on Server text box, enter the path to save the dumped performance data.
1. If you click the Granularity-based Lifecycle tab, set Lifecycle and Dump to File after
lifecycle.
2. If you click the Dynamic Lifecycle comply with Database Size tab, set Maximum disk
space occupied by data, Proportion dumped and Dump to File.
Step 3 Click the Calculate DB Size button. Estimate the total required size based on the actual
collection count and indicator count.

1. Set Aggregation based on the actual situation.

This parameter is set to Yes when the space of aggregation data needs to be calculated.
2. Select Max/Min Aggregation based on the actual situation.
This parameter is set to Yes when the maximum and minimum space of aggregation data
need to be calculated.
3. Select a dump mode.
This parameter is set to Delete when dump files need to be deleted; otherwise, set the
parameter to Remove.
4. (Optional) Select Save Life Cycle Configuration based on the actual situation.
5. Click OK.
Step 4 Set the dump parameters for granularity-based lifecycle. Namely, set a duration for
performance data to be stored in the U2000 database.
1. In the Granularity-based Lifecycle area, enter the number of days according to the
granularity in the Lifecycle text box.
2. Optional: (Optional) Select the Dump to File after Lifecycle check box. If the lifecycle
expires, the performance data in database will be dumped to files in the Path on Server
path. If this check box is not selected, the system will delete the performance data from
the database.
Step 5 Set automatic file dumping based on the used database space. When the used space of the
performances data exceeds the set threshold, the system dumps the performance data to files
according to the set proportion for each granularity.
1. In the Maximum disk space occupied by Data text box, enter the threshold for the used
database space of percentage of performance data.
2. In the Proportion dumped text box, enter the proportion of performance data to be
dumped by granularity.
3. Optional: (Optional) Select the Dump to File check box. When the preceding
conditions are satisfied, the performance data will be dumped to files in the Path on
Server path; otherwise, the system will delete the performance data from the database.

NOTE
If you deselect the Dump to File check box, data is deleted from the database when the life cycle exceeds the
maximum disc space size.
Step 6 Click Apply to complete parameter setting.
Step 7 Click OK.
----End
6.2 Fast Restoration Scheme for the U2000 Cold Backup

System
The fast restoration scheme for the U2000 cold backup system automatically backs up data
and files on the primary site and restores the data and files on the secondary site. When the
primary site malfunctions, the secondary site fast takes over network monitoring. The
following introduces the realization process of this scheme.
6.2.1 Introduction to the Fast Restoration Scheme for the U2000

Cold Backup System
The fast restoration scheme for the U2000 cold backup system fast restores single-server
systems. The following introduces the realization process of this scheme.
Context
If only one single server U2000 is deployed at a site, network management functions will
become unavailable if the U2000 fails. The cold backup feature is therefore introduced by
HUAWEI to implement fast restoration in the case of a system failure.
In the cold backup solution, two single server U2000 systems with the same version,
deployment domain, language, OS type, server time, and time zone are deployed. One system
is run on the primary site and the other is run on the secondary site.
l In normal conditions, the primary site provides the network management functions. The
network management process and maintenance tool on the secondary site are stop while
the database is running. The primary site backs up the network management data
periodically, and the secondary site obtains the backup file from the primary site at
regular intervals.
l If the U2000 on the primary site fails, the U2000 on the secondary site starts
immediately to provide network management functions.

NOTE
l The backup object is the entire database, including the custom data at the U2000 side (excluding the
custom options of the system), network layer trail data, NE-side configuration data, alarm data and
performance data. In addition, a backup is created for the structure of the entire database, all
database tables (including the system tables and the user tables), table structure, and stored
procedures. The personal information (including personal name, phone numbers and addresses) on
the U2000 and all user names and passwords are also backed up. Therefore, you are obligated to
take considerable measures, in compliance with the laws of the countries concerned and the user
privacy policies of your company, to ensure that the personal data of users is fully protected.
l The following data is not backed up when you back up the U2000 database:
l The data that is not saved at the NE side, that is, the data that cannot be uploaded.
l The custom options of the system. For example, font, color setting, and audio setting.
l The function of the fast restoration scheme for the cold backup system and the scheduled tasks on
the U2000 MSuite or U2000 overlaps. You are recommended to execute those tasks at different
time.
Restriction
l Before starting the secondary site, ensure that the license of the U2000 has been loaded
on the secondary site.
NOTE
Please refer Applying for a U2000 License to generate the both primary and secondary sites ESNs
and send the contract number and the server ESNs to Huawei engineers or the local Huawei office
to apply for a U2000 license.
The U2000 license is loaded at both sites.
l If the database at the primary site has been expanded, the database at the secondary site
must be expanded to the same size; otherwise, restoration may fail.
l If cold backup is performed for the first time in an upgrade scenario, back up data at the
primary site and restore data at the secondary site using the MSuite before configuring a
cold backup task. This prevents a restoration failure due to inconsistent database sizes.
l Automatic backup and restoration scenario:
OS for Automatic Backup OS for Automatic Restoration
Windows Server 2008 Windows Server 2008
Solaris Solaris
SUSE Linux SUSE Linux
Process Introduction to Fast Restoration Scheme for the U2000 Cold Backup
System
The fast restoration scheme for the U2000 cold backup system supports manual and automatic
backup and restoration. If you use manual backup and restoration, you need to manually start
the backup or restoration task each time. If you use automatic backup and restoration is used,
you only need to configure a scheduled backup and a scheduled restoration task. The
automatic backup and restoration is recommended.
l Automatic backup and restoration scheme: To automatically back up and restore data,
you need to configure scheduled backup tasks on the primary site and automatic
restoration tasks on the secondary site. The process is as follows:

a. On the secondary site, install a single server U2000 whose version, deployment
domain, language and database username are the same as those on the primary site.
b. Configure scheduled backup tasks on the primary site. The backup files are
generated through backup modules and stored on the primary site.
c. Configure scheduled restoration tasks on the secondary site. Obtain the backup files
through SFTP from the primary site and restore the files on the secondary site.
d. When the primary site malfunctions, start the U2000 on the secondary site to fast
restore the U2000.
Figure 6-2 Automatic backup and restoration scheme
l Manual backup and restoration scheme: The manual backup and restoration scheme
requires a cold backup tool to back up and restore data. The process is as follows:
a. On the secondary site, install a single server U2000 whose version, deployment
domain, language and database username are the same as those on the primary site.
b. Use a cold backup tool to back up the U2000 data on the primary site as backup
files and store the files on the primary site.
c. Copy the backup files from the primary site to the secondary site, and use the cold
backup tool to restore the files on the secondary site.

d. Start the U2000 on the secondary site.
Figure 6-3 Manual backup and restoration scheme
6.2.2 Creating Backup and Restoration Tasks

After installing a U2000 whose version and deployment domain are the same as those on the
primary site on the secondary site, users need to manually create backup and restoration tasks.
6.2.2.1 Configuring Automatic Backup Tasks on the Primary Site

To realize fast system restoration in the cold backup solution, users need to manually create
automatic backup tasks after installing a U2000 single-server system on the secondary site.
Prerequisites
l A single server U2000 system whose version, deployment domain, language, OS type,
server time, and time zone are the same as those on the primary site is installed on the
secondary site. For details about the installation procedure, see the U2000 Single-Server
System Software Installation and Commissioning Guide.
l The U2000 processes and the database are running on the primary site.
l Network communication between the primary site and the secondary site is normal, and
the minimum bandwidth is 10 Mbit/s.

l The SFTP Server service has been activated on the primary site, and related ports
(including the SFTP service port 22) have been enabled.
NOTE
For details on enabling the SFTP Server service on a SUSE Linux operating system, see A.2.2
How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE Linux OS.
For details on enabling the SFTP Server service on a Solaris operating system, see A.3.3.3 How to
Start/Stop the FTP, SFTP, and Telnet Services.
For details on enabling the SFTP Server service on a Windows operating system, see A.1.11 How
Do I Manually Enable and Disable the FTP/SFTP Service on a Server.
l If a firewall is deployed between the primary site and the secondary site, the SFTP
service port (by default, port 22) on the firewall must be enabled. For details on enabling
the SFTP service port on a firewall, see the firewall user guide.
l Only one scheduled backup or restoration task is allowed on a single server. For
example, if you create a new automatic backup task on the primary site, the old backup
task on the primary site will become invalid and only the new one will be retained.
Procedure
Step 1 Run the following steps to execute the configuration script.
NOTE
If execution of the configuration script fails, apply troubleshooting as prompted or contact Huawei
technical support engineers.
l Windows Server 2008 OS:
a. Log in to the OS as the administrator user.
b. Navigate to the D:\oss\engr\tools\coldbackuptool directory and run the
userconfig.bat script.
Select a task type (1: backup, 2: restoration):
NOTE
The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is not
installed in partition D, change the partition in the directory accordingly.
l Solaris or Linux OS:
a. Log in to the OS as the ossuser user through SSH by using PuTTY.
b. Run the userconfig.sh script.
$ cd /opt/oss/engr/tools/coldbackuptool
$ ./userconfig.sh

NOTE
The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
installed in partition /opt, change the partition in the directory accordingly.
Step 2 Enter a node for backup, such as 1 and press Enter.

Set the interval of the scheduled task (1: daily, 2: weekly, 3: monthly)|1:
Step 3 Enter the backup interval, such as 1 and press Enter.


Set execution time (0-23)|1:
NOTE
The time configured for the cold backup task does not overlap with the time when data is being restored
using the MSuite. Cold backup may fail if the MSuite is restoring data.
Step 4 Enter the backup frequency, for example, if the frequency is 2:00 every day, enter 2 and press
Enter.
Set the maximum number of backup files|30:
NOTE
l The maximum number of backup files must match the size of disk that will hold the backup files,
and is recommended to be 30.
l It is recommended that you set the scheduled backup time to the time when network service traffic is
light, such as at midnight (00:00 to 06:00).
Step 5 Enter the maximum number of backup files, such as 30, and press Enter.
The scheduled task is successfully created if the following information is displayed.
Scheduled task created successfully.
NOTE
To query the configured maximum number of backup files, take either of the following approaches:
l For a Windows Server 2008 OS: Navigate to the path D:\oss\engr\tools\coldbackuptool\conf, and
open the mark.inf file using Notepad. Information similar to maxbackupfiles=30 will be displayed.
l For a Linux or Solaris OS: Navigate to the path /opt/oss/engr/tools/coldbackuptool/conf, and run
the cat mark.inf command to view content in the mark.inf file. Information similar to
maxbackupfiles=30 will be displayed.
----End
Follow-up Procedure
After a backup task is created on the primary site, use one of the following methods to verify
whether the configuration of backup task is successful:
l Using query commands
– On the Windows Server 2008 OS:
n Check the backup task.
1) Log in to the OS as the administrator user.
2) Run the following command in the command line window:
> cd /d D:\oss\engr\tools\coldbackuptool
> coldbackupInfo.bat -task
The backup task has been created if information similar to the following
is displayed:
cycle time Command Line
daily 0:00 D:/oss/engr/tools/coldbackuptool/coldbackup.bat -
silent

NOTE
The displayed value of cycle varies depending on the backup interval. For
example:
l If the configured backup interval is daily, the displayed value of Day is
similar to daily.
l If the configured backup interval is weekly, the displayed value of Day is
similar to weekly: Sunday.
l If the configured backup interval is monthly, the displayed value of Day is
similar to monthly: 22.
n Check the backup result.
> coldbackupInfo.bat -result
The backup is successful if information similar to the following is

displayed:
2015-07-28 21:20:29;Successful;backupDB;20150728211943.7z
NOTE
The fields in the command output indicate the backup date and time, operation
result (Successful/Failure), operation type (backupDB/restoreDB), and backup
package (the timestamp in the file name indicates the backup time).
NOTE
The directory D:\oss\engr\tools\coldbackuptool in the preceding command assumes that
the U2000 is installed in the default directory D:\oss. If the U2000 is not installed in the
default directory, replace the directory in the command accordingly.
– On the Linux or Solaris OS:
n Check the backup task.
1) Log in to the OS as the ossuser user through SSH by using PuTTY.
2) Run the following command to switch to the root user and run the
coldbackupInfo.sh script.
$ su - root
Password: Password of the root user
# cd /opt/oss/engr/tools/coldbackuptool
# ./coldbackupInfo.sh -task

daily 0:00 su - ossuser -c "cd /opt/oss/engr/tools/
coldbackuptool; ./coldbackup.sh -silent " > /dev/null 2>&1
NOTE
The displayed value of cycle varies depending on the backup interval. For
example:
l If the configured backup interval is daily, the displayed value of Day is
similar to daily.
l If the configured backup interval is weekly, the displayed value of Day is
l If the configured backup interval is monthly, the displayed value of Day is
similar to monthly: 22.
n Check the backup result.

$ su - root
# ./coldbackupInfo.sh -result

2015-07-28 21:20:29;Successful;backupDB;20150728211943.7z
NOTE
The fields in the command output indicate the backup date and time, operation
result (Successful/Failure), operation type (backupDB/restoreDB), and backup
package (the timestamp in the file name indicates the backup time).
NOTE
The directory /opt/oss/engr/tools/coldbackuptool in the preceding command assumes that
the U2000 is installed in the default directory /opt/oss. If the U2000 is not installed in the
l Check the log.
– On the Windows Server 2008 OS: When the scheduled time of the backup task is
reached, check the d:\oss\engr\tools\coldbackuptool\silent\coldbackupresult.txt file
for the backup log.
– On the Linux or Solaris OS: When the scheduled time of the backup task is reached,
run tail -f /opt/oss/engr/tools/coldbackuptool/silent/coldbackupresult.txt to check
the backup log.
l Check the backup files.
– On the Windows Server 2008 OS, the backup directory is D:\coldbackupdata and
the backup files are in the 7z format.
– On the Linux or Solaris OS, the backup directory is /opt/backup/ftpboot/
coldbackupdata and the backup files are in the 7z format.
6.2.2.2 Configuring Automatic Restoration on the Secondary Site

This topic describes how to configure automatic restoration of the U2000 data on the
secondary site.
Prerequisites
l On the secondary site, network management process and the maintenance tool are
standby and the database is running. If the U2000 has started when the restoration task is
performed, the U2000 process is automatically stopped.
l Network communication between the primary site and the secondary site is normal, and
the minimum bandwidth is 10 Mbit/s.
l The primary site is running correctly. (If the primary site becomes faulty before
automatic restoration starts, data cannot be restored on the secondary site.)
l Only one scheduled backup or restoration task is allowed on a single server. For
example, if you create a new automatic backup task on the primary site, the old backup
task on the primary site will become invalid and only the new one will be retained.

Procedure
Step 1 Run the configuration script on the secondary site.
NOTE
If execution of the configuration script fails, apply troubleshooting as prompted or contact Huawei
b. Navigate to the D:\oss\engr\tools\coldbackuptool directory and run the
userconfig.bat script.
NOTE
b. Run the userconfig.sh script.
$ ./userconfig.sh

NOTE
Step 2 Enter a node for restoration, such as 2 and press Enter.

Set the interval of the scheduled task(1:daily,2:weekly,3:monthly)|1:
Step 3 Enter the automatic restoration interval, for example, if the automatic restoration task is
performed once every day, enter 1 and press Enter.
Set execution time (0-23)|1:
Step 4 Enter the time to start the automatic restoration task, such as 5 and press Enter.
>>>>>Enter the peer SFTP user<<<<<
Enter the peer SFTP IP address:
Enter the password for SFTP user:

NOTE
l The interval between the automatic restoration time and the automatic backup time is fixed at 3
hours. For example, if the automatic backup time is 2 a.m., set the automatic restoration time to 5
a.m.
l If connection to the primary site fails due to Primary Site Authentication Error when you enter
the primary site's SFTP information, see A.11.58 How Do I Handle the Failure to Connect Two
Servers Due to a Mutual Trust Authentication Error for troubleshooting.
l Reconfigure the automatic restoration task if the SFTP user's password is changed.
Step 5 Enter the IP address and SFTP user name of the primary site, and press Enter. In this
example, IP address is 192.168.0.0 and default password of the SFTP user is
Changeme_123. The information is used by the secondary site to obtain the backup file from
the primary site by using the SFTP.
The scheduled task is successfully created if the following information is displayed.
Scheduled restoration will automatically shut down the U2000 and MSuite.
Scheduled task created successfully.
----End
Result
After an automatic restore task is created on the secondary site, use one of the following
methods to verify whether the configuration of restore task is successful:
l Using query commands
– On the Windows Server 2008 OS:
n Check the restoration task.
> coldbackupInfo.bat -task
The restoration task has been created if information similar to the

following is displayed:
daily 0:00 D:\oss\engr\tools\coldbackuptool\coldrestore.bat -
silent
NOTE
The displayed value of cycle varies depending on the restoration interval. For
example:
l If the configured restoration interval is daily, the displayed value of Day is
similar to daily.
l If the configured restoration interval is weekly, the displayed value of Day is
l If the configured restoration interval is monthly, the displayed value of Day
is similar to monthly: 22.
n Check the restoration result.
> coldbackupInfo.bat -result
The restoration is successful if information similar to the following is

displayed:
2015-07-28 21:48:56;Successful;restoreDB;20150728211943.7z

NOTE
The fields in the command output indicate the restoration date and time,
operation result (Successful/Failure), operation type (backupDB/restoreDB), and
backup package (the timestamp in the file name indicates the backup time of the
data to be restored).
NOTE
The directory D:\oss\engr\tools\coldbackuptool in the preceding command assumes that
the U2000 is installed in the default directory D:\oss. If the U2000 is not installed in the
n Check the restoration task.
$ su - root
# ./coldbackupInfo.sh -task

daily 0:00 su - ossuser -c "cd /opt/oss/engr/tools/
coldbackuptool; ./coldrestore.sh -silent " > /dev/null 2>&1
NOTE
The displayed value of cycle varies depending on the restoration interval. For
example:
l If the configured restoration interval is daily, the displayed value of Day is
similar to daily.
l If the configured restoration interval is weekly, the displayed value of Day is
l If the configured restoration interval is monthly, the displayed value of Day
is similar to monthly: 22.
n Check the restoration result.
$ su - root
# ./coldbackupInfo.sh -result

2015-07-28 21:48:56;Successful;restoreDB;20150728211943.7z
NOTE
The fields in the command output indicate the restoration date and time,
operation result (Successful/Failure), operation type (backupDB/restoreDB), and
backup package (the timestamp in the file name indicates the backup time of the
data to be restored).
NOTE
The directory /opt/oss/engr/tools/coldbackuptool in the preceding command assumes that
the U2000 is installed in the default directory /opt/oss. If the U2000 is not installed in the
l Checking the log

– On the Windows Server 2008 OS: When the scheduled time of the backup task is
reached, check the D:\oss\engr\tools\coldbackuptool\silent\coldbackupresult.txt
file for the restore log.
When the scheduled time of the backup task is reached, run tail -f /opt/oss/engr/
tools/coldbackuptool/silent/coldrestoreresult.txt to check the restore log.
Follow-up Procedure
After automatic restoration is implemented for the first time, stop the U2000 process on the
primary site and start the U2000 process on the secondary site to ensure that the process can
function properly.
l If the U2000 process runs properly on the secondary site, stop the U2000 process on the
secondary sites start the U2000 process on the primary site.
l If the U2000 process not runs properly on the secondary site, re-execute the restore task
on the secondary sites or contact Huawei technical support personnel.
NOTE
After data restoration fails, if the missing database files fault is found in the log file, rectify the fault by
following the instructions provided in A.11.56 How to Rectify the Data Restoration Failure on a
Secondary Site Because of Missing Databases.
NOTE
6.2.3 Manually Execute Backup and Restoration Tasks

You can manually execute backup tasks on the primary site and restoration tasks on the
secondary site to implement system restoration in the case of an emergency.
6.2.3.1 Executing Backup Tasks on the Primary Site

You can manually execute backup tasks on the primary site.
Prerequisites
l The U2000 processes and the database are running on the primary site.
l The time configured for the cold backup task does not overlap with the time when data is
being restored using the MSuite. Cold backup may fail if the MSuite is restoring data.
Procedure
Step 1 Log in to the U2000 on the primary site and manually execute the backup script.

NOTE
If execution of the backup script fails, apply troubleshooting as prompted or contact Huawei technical
support engineers.
NOTICE
– Do not close the command window when the backup script is running.
– If you press Ctrl+C while the manual backup task is running, the manual backup
operation will be forcibly terminated. When forcible termination is incurred,
manually delete the file that is not completely backed up from the backup directory.

b. Enter the D:\oss\engr\tools\coldbackuptool directory, and execute the
coldbackup.bat script.
Please enter a back up file path|D:\backup:
c. Enter the directory (recommended: D:\backup) where the backup file resides, and
press Enter.
NOTE
The backup directory must not contain special characters. Only letters, digits, and
underscores <_> are allowed.
The backup task is successfully executed if the following information is displayed.
Running task Initialize the
backup.............................................RunSucceeded
Running task Back up U2000 service

files.......................................RunSucceeded
Running task Backup

Database...................................................RunSucceeded
Running task After backup

operation............................................RunSucceeded
Compression is complete. Result:D:\backup\20150601114517.7z
Execution completed. For detailed execution results, see the file: D:\oss
\engr\tools\coldbackuptool\bcpoutput.zip
NOTE
NOTICE
If you press Ctrl+C while the manual backup task is running, the manual backup
operation will be forcibly terminated. When forcible termination is incurred, manually
delete the file that is not completely backed up from the backup directory.


b. Run the following command to modify the environment variables for the lib library.
$ export LD_LIBRARY_PATH=/usr/lib:/usr/sfw/lib:$LD_LIBRARY_PATH
c. Execute the coldbackup.sh script.

$ ./coldbackup.sh

Please enter a back up file path|/opt/backup/dbbackup:
d. Enter the directory (recommended: /opt/backup/dbbackup) where the backup file

resides, and press Enter.
NOTE
n The backup directory must not contain special characters. Only letters, digits, and
underscores <_> are allowed.
n If a non-recommended backup directory is used, ensure that its owner is ossuser and the
owner group is ossgroup. The owner must have the write permission on the backup
directory.
The backup task is successfully executed if the following information is displayed.
Running task Initialize the
backup.............................................RunSucceeded
Running task Back up U2000 service

Running task Backup


Compression is complete. Result:/opt/backup/dbbackup/20150601114517.7z
Execution completed. For detailed execution results, see the

file: /opt/oss/engr/tools/coldbackuptool/bcpoutput.zip
NOTE
----End
Result
After the backup tasks are started on the primary site, perform the following operations to
check whether the tasks are successfully executed:
l Check the backup file.
Switch to the backup directory specified for the backup task, and check whether the
backup file is generated.
After the backup tasks are executed successfully on the primary site, copy backup files to the
secondary site in a timely manner.
6.2.3.2 Manually Execute Restoration Tasks on the Secondary Site

You can manually execute restoration tasks on the secondary site to restore the system in the
case of an emergency.

Prerequisites
l On the secondary site, network management process and the maintenance tool are
standby and the database is running. If the U2000 has started when the restoration task is
performed, the U2000 process is automatically stopped.
l The latest backup files have been obtained from the primary site, including the backup
files in *.7z and *.asc formats. For example, use FileZilla to download the backup files
from the primary site to the local and then upload them to the secondary site.
l For Linux and Solaris, ensure that the owner for the backup file and the path in which
backup file is stored is ossuser and the user group for the path is ossgroup and the path
has the read and execution permissions. You do not need to change the permission for
the /opt directory.
Run the following commands as the root user for the last directory of the path:
# chown -R ossuser:ossgroup path
# chmod -R 750 path
Run the following command for the backup file:

# chown ossuser:ossgroup backup file name
# chmod 600 backup file name
For example, if the path is /opt/backup/dbbackup, run the following commands as user
root:
# chown -R ossuser:ossgroup /opt/backup/dbbackup
# chmod -R 750 /opt/backup/dbbackup
If the backup file is backupfile.7z, run the following commands as user root:
# cd /opt/backup/dbbackup
# chown ossuser:ossgroup 20150531144932.7z
# chmod 600 20150531144932.7z
Procedure
Step 1 Log in to the U2000 on the secondary site and manually execute the restoration script.
NOTE
If execution of the restoration script fails, apply troubleshooting as prompted or contact Huawei
NOTICE
– Do not close the command window when the restoration script is running.
– If you press Ctrl+C while the manual restoration task is running, the manual
restoration operation will be forcibly terminated. When forcible termination is
incurred, try the restoration task again.

b. Navigate to the D:\oss\engr\tools\coldbackuptool directory, execute the
coldrestore.bat script, and enter the directory to which the .7z file for backing up

source server data is stored or decompressed, for example, the directory of backing
up source server data is D:\backup\20150817120115.7z.
NOTE
If both the U2000 and MSuite are running, executing this file will automatically stop the
U2000 and MSuite. In addition, related descriptions about service stopping will be displayed
before you enter the directory for the .7z file.
c. If warning message similar to the following displayed, input y to continue, or input
n or others to cancel the restoration.
The U2000 data you want to restore was backed up at 2017-10-14 19:47. If
you continue with the restoration, U2000 data generated from 2017-10-14
19:47 till now will be lost, which may cause inconsistent data between
NEs and the U2000. Are you sure you want to continue?(y/n)
The restoration task is successfully executed if the following information is

displayed.
Running task Initialize before
restore.............................................RunSucceeded
Running task Restore
Running task Restore U2000 service
Running task After restore
Successful tasks:5 Risky tasks:0
Execution completed. For detailed execution results, see the file: D:\oss
\engr\tools\coldbackuptool\bcpoutput.zip
NOTE
n If the Risky tasks is not 0, please contact Huawei technical support engineers.
n The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is
not installed in partition D, change the partition in the directory accordingly.
NOTICE
If you press Ctrl+C while the manual restoration task is running, the manual restoration
operation will be forcibly terminated. When forcible termination is incurred, try the
restoration task again.

b. Run the following command to modify the environment variables for the lib library.
$ export LD_LIBRARY_PATH=/usr/lib:/usr/sfw/lib:$LD_LIBRARY_PATH
c. Execute the coldrestore.sh script, and enter the directory to which the .7z file for
backing up source server data is stored or decompressed, for example, the directory
of backing up source server data is /opt/backup/dbbackup/20150531144932.7z.
$ ./coldrestore.sh
Enter the 7z backup file on the source server (example: /opt/backup/
dbbackup/20150531144932.7z):Directory to the .7z file

NOTE
If both the U2000 and MSuite are running, executing this file will automatically stop the
U2000 and MSuite. In addition, related descriptions about service stopping will be displayed
before you enter the directory for the .7z file.
d. If warning message similar to the following displayed, input y to continue, or input
n or others to cancel the restoration.
The U2000 data you want to restore was backed up at 2017-10-14 19:47. If
you continue with the restoration, U2000 data generated from 2017-10-14
19:47 till now will be lost, which may cause inconsistent data between
NEs and the U2000. Are you sure you want to continue?(y/n)
The restoration task is successfully executed if the following information is

displayed.
Running task Initialize before
restore.............................................RunSucceeded
Running task Restore
Running task Restore U2000 service
Running task After restore
Successful tasks:5 Risky tasks:0
Execution completed. For detailed execution results, see the

file: /opt/oss/engr/tools/coldbackuptool/bcpoutput.zip
NOTE
n If the Risky tasks is not 0, please contact Huawei technical support engineers.
n The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is
not installed in partition /opt, change the partition in the directory accordingly.
----End
Result
After the restoration tasks are started on the secondary site, perform the following operations
to check whether the tasks are successfully executed:
l Start the U2000 process and ensure that the U2000 process can start normally.
NOTE
After data restoration fails, if the missing database files fault is found in the log file, rectify the fault by
following the instructions provided in A.11.56 How to Rectify the Data Restoration Failure on a
Secondary Site Because of Missing Databases.
NOTE
6.2.4 Restoring the U2000 on the Secondary Site

This topic describes how to fast restore the U2000 on the secondary site when the primary site
malfunctions.

Prerequisites
l U2000 MSuite is ended on the secondary site.
l The last automatic restoration task on the secondary site is successfully executed.
NOTE
l In this example, the U2000 installation directory is D:\oss\. On the Windows 2008 OS, check
the d:\oss\engr\tools\coldbackuptool\silent\coldrestoreresult.txt file for the status of the
automatic restoration task.
l On the Linux or Solaris OS, run tail -f /opt/oss/engr/tools/coldbackuptool/silent/
coldrestoreresult.txt to check the status of the automatic restoration task.
l The license of the U2000 has been loaded on the secondary site.
l On SNMP-based routers, switches, PTN 6900, PTN 7900, access devices, and security
devices, the server IP address of the primary site and that of the secondary site have been
added to the list of IP addresses of the Trap destination host.
Procedure
Step 1 End the restoration task on the secondary site and start the U2000.
b. Navigate to the D:\oss\engr\tools\coldbackuptool directory and execute the
stopCron.bat script.
c. Navigate to the D:\oss\server\platform\bin directory and execute startnms.bat
command to start the U2000. If information similar to the following is displayed,
the database has to be started. For details, see 2.1.2 Starting the Database. Then,
execute the startnms.bat file to start the U2000 process.

b. Run the following commands to switch to the root user and end the restoration task
on the secondary site:
$ su - root
# ./stopCron.sh
c. Run the following commands to switch to the ossuser user and start the U2000:
# su - ossuser
$ ./startnms.sh
Step 2 End the backup task on the primary server.

stopCron.bat script.
b. Run the following commands to switch to the root user and end the backup task on
the secondary site:

$ su - root
# ./stopCron.sh
Step 3 Log in to the U2000 by using the IP address of the new U2000 server.
----End
Follow-up Procedure
l If the U2000 interworks with the upper-layer OSS or uTraffic, reconfigure their
interworking to ensure that the upper-layer OSS or uTraffic is able to access the U2000
through the IP address and port number of the secondary site.
l Reconnect to the U2000 client. For details, see the Logging In to a U2000 Client
section in the U2000 Administrator Guide.
6.2.5 Switching to the Primary Site

This topic describes how to switch the U2000 from the secondary site to the primary site after
the primary site is recovered.
Context
l After the primary site is recovered, the U2000 needs to be switched back to the primary
site.
l If the secondary site provides the network management service for a long period of time,
the site must be backed up. The backup data is used to restore data at the primary site.
Procedure
Step 1 Optional: Back up the secondary site. For details, see 6.2.3.1 Executing Backup Tasks on
the Primary Site.
NOTE
l If the secondary site provides the network management service for a long period of time, this step
must be performed to back up the secondary site. The backup data is used to restore data at the
primary site.
l The backup task must be manually executed at the secondary site. The operations are similar to
those at the primary site.
Step 2 Stop the U2000 on the secondary site.

b. Navigate to the D:\oss\server\platform\bin directory and execute the stopnms.bat
command to end the U2000.
NOTE
b. Run the following commands to end the U2000:
$ cd /opt/oss/server/platform/bin $ ./stopnms.sh

NOTE
Step 3 Start the U2000 on the primary site.

NOTE
Ensure that you have stopped U2000 process on the secondary site before starting the U2000 process on
the primary site. Otherwise, the U2000 process runs on both the primary and secondary sites.
b. Navigate to the D:\oss\server\platform\bin directory and execute the startnms.bat
command to start the U2000. If information similar to the following is displayed,
the database has to be started. For details, see 2.1.2 Starting the Database. Then,

b. Run the following commands to start the U2000:
$ cd /opt/oss/server/platform/bin $ ./startnms.sh
Step 4 Optional: Restore data at the primary site. For details, see 6.2.3.2 Manually Execute
Restoration Tasks on the Secondary Site.
NOTE
l If the secondary site provides the network management service for a long period of time, this step
must be performed to restore data at the primary site.
l The restoration task must be manually executed at the primary site. The operations are similar to
those at the secondary site.
Step 5 Start the original automatic backup tasks of the primary site.
l On the Windows Server 2008 OS
startCron.bat to start the automatic backup tasks.
l On the Linux or Solaris OS
b. Run the following command to switch to the root user and start the automatic
backup tasks:
$ su - root Password: Password of the root user # cd /opt/oss/engr/tools/
coldbackuptool # ./startCron.sh
NOTE
If the U2000 has been reinstalled or backup tasks need to be reconfigured due to special reasons,
following the operation procedure described in 6.2.2.1 Configuring Automatic Backup Tasks on the
Primary Site.
Step 6 Start the original automatic backup tasks of the secondary site.
l On the Windows Server 2008 OS
a. Log in to the OS as the ossuser user.
startCron.bat to start the automatic backup tasks.

l On the Linux or Solaris OS

b. Run the following command to switch to the root user and start the automatic
backup tasks:
$ su - root Password: Password of the root user # cd /opt/oss/engr/tools/
coldbackuptool # ./startCron.sh
NOTE
To reconfigure the backup tasks of the secondary site, see 6.2.2.2 Configuring Automatic Restoration
on the Secondary Site.
----End
Follow-up Procedure
l If the U2000 interworks with the upper-layer OSS or uTraffic, reconfigure their
interworking to ensure that the upper-layer OSS or uTraffic is able to access the U2000
through the IP address and port number of the secondary site.
l Reconnect to the U2000 client. For details, see the Logging In to a U2000 Client
section in the U2000 Administrator Guide.
6.3 HA System (Veritas) Solution

High Availability System (Veritas) include High Availability System (Solaris), Local SUSE
Linux High Availability System (PC server), Remote SUSE Linux High Availability System
(PC server) and Distributed Remote Cold Standby HA System.
l High Availability System (Solaris), see iManager U2000 V200R017C50 HA System

(Veritas) Software Installation and Commissioning Guide (Solaris).
l Local SUSE Linux High Availability System (PC server), see iManager U2000
V200R017C50 Local HA System (Veritas) Software Installation and Commissioning
Guide (SUSE Linux, PC Server).
l Remote SUSE Linux High Availability System (PC server), see iManager U2000
V200R017C50 Remote HA System (Veritas) Software Installation and Commissioning
Guide (SUSE Linux, PC Server).
l Distributed Remote Cold Standby HA System, see Remote Cold Standby HA System
in iManager U2000 V200R017C50 Distributed System User Guide (VMware, E9000
Server).
6.4 Backing up and restoring all data in the U2000

database by mirroring the database
is backed up previously, ensuring that the U2000 can be started properly.
For details, see 6.1.2 Methods of Backing Up and Restoring the U2000 Data and 6.1.5
U2000 Data is Restored by Mirroring the Database.

6.5 Full System Backup and Restoration (Single Server

System, SUSE Linux)
The solution applies only to a SUSE Linux U2000 single-server system with the standard
configuration (eight disks). This solution produces ISO files for OS recovery when the OS is
running properly and backs up the system partitions. When the OS fails to be started, the OS
is started and disk partition information is recovered using ISO files, helping quickly recover
the U2000 for monitoring.
For details, see 6.1.7 Full System Backup and Restoration (Single Server System, SUSE
Linux).
6.6 SRM Solution

Site Recovery Manager (SRM) is a disaster recovery solution developed by VMware. This
solution uses VMs to achieve policy-based storage and replication. The SRM solution can
implement U2000 Distributed System remote disaster recovery. Either the SRM solution or
remote cold standby HA system is used at a time.
For details, see SRM Solution in iManager U2000 V200R017C60 Distributed System User
Guide (VMware, E9000 Server).

Administrator Guide 7 Managing U2000 Keys
7 Managing U2000 Keys
About This Chapter
The key is an input parameter of the algorithm used to encrypt or decrypt data.
7.1 U2000 Key Solution Introduction

This topic describes the U2000 key solution. All key data stored on the U2000 is encrypted.
7.2 Key Replacement for a U2000 Single-Server System
This topic describes the key replacement solution for a U2000 single-server system running
the Windows, Linux, or Solaris OS.
7.3 Key Replacement for a U2000 HA System
This topic describes the key replacement solution for a U2000 HA system running the Linux
or Solaris OS.
7.4 Key Replacement for a U2000 Distributed System
This topic describes the key replacement solution for a U2000 distributed system.
7.5 Replacing an SFTP Authentication Key
7.1 U2000 Key Solution Introduction

This topic describes the U2000 key solution. All key data stored on the U2000 is encrypted.
Overview
l Root key: used to encrypt a working key.
l Working key: used to encrypt keys of important service data such as NE access
parameters.
l Key store: collection of the root keys and working keys.
U2000 keys are classified into the root keys and working keys. A root key is used only to
encrypt a working key. Currently, only the working keys used for encrypting the data saved to
the files or database are available. A working key is used to encrypt all important information
stored on disks, such as passwords in device access parameters.

Figure 7-1 U2000 key solution
Usage Scenario
U2000 key replacement involves the single-server solution, HA solution, and distributed
system solution.
Table 7-1 Usage scenario of U2000 keys

Scenario Operation Description
1. After Perform After the U2000 is installed, the default key is public. If the
U2000 key system key store is lost or damaged, related data will fail to be
installation replacemen encrypted. Therefore, periodically replacing keys is
t recommended.
immediatel
y.
2. Perform After a domain is added incrementally, some key data in the

Incrementa key domain is not encrypted. In this case, replacing keys is
l replacemen recommended to improve NMS security.
deploymen t
t immediatel
y.
3. Perform If the system key store is vulnerable to leakage, replace the

Exception key keys immediately.
scenario replacemen
t
immediatel
y.

Scenario Operation Description
4. Script Ensure that l Before script data is exported from NMS A with key
import and the save replacement and imported to NMS B, the mapping key
export paths of store must be imported to NMS B first.
keys are l To import script data in a distributed system, the mapping
trustable. key store must be imported to each node first.
l The MSuite provides a function that controls whether the
key store is exported with script data, which is enabled by
default. It is recommended that this function be disabled so
that confirmation is required before the key store is
exported with script data in scenarios such as script export/
import for backup and recovery.
5. Full Ensure that Full system backup indicates backup of the entire NMS system
system the save including both data and the key store. Backup data
backup paths of confidentiality should be ensured. Once a confidentiality
keys are problem is detected, the system keys must be replaced, and
trustable. device access parameters must be modified in a timely manner.
6. Database Ensure that The key store, database, and configuration file should be
backup the save packed and backed up together. Data and the key store are
paths of backed up together. Backup data confidentiality should be
keys are ensured. Once a confidentiality problem is detected, the system
trustable. keys must be replaced, and device access parameters must be
modified in a timely manner.
7. Routine Periodicall Encrypted data may be leaked to external systems through data
maintenanc y perform backup or script import and export, and key confidentiality
e key decreases with time. Therefore, it is recommended that a key
replacemen be replaced at an interval of less than 1 year.
t.
Replacement Process
l For a single-server system:
Figure 7-2 Key replacement process for a U2000 single-server system
l For a HA system:

Figure 7-3 Key replacement process for a U2000 HA system
l For a distributed system:
Figure 7-4 Key replacement process for a U2000 distributed system
7.2 Key Replacement for a U2000 Single-Server System

This topic describes the key replacement solution for a U2000 single-server system running
the Windows, Linux, or Solaris OS.
7.2.1 Replacing Storage Keys for a Single-Server System

(Windows)
This topic describes how to replace the storage keys for a single-server system. Data stored on
the U2000 is all encrypted. If the system key store is lost or damaged, related data will fail to
be encrypted. Therefore, it is recommended that storage keys including the root key and
working key on the U2000 server be periodically replaced. A replacement period must be
shorter than 1 year.

Prerequisites
l Ensure that the NMS process is stopped. To check whether it is stopped, see A.11.6 How
to Verify That the Processes of the U2000 Single-Server System Are Running on
Windows. If the NMS process is not stopped, see A.11.8 How to End the Processes of
l Ensure that the database is running properly. To check the database status, see A.8.4
How to Start the SQL Server Database.
l Ensure that the MSuite server process is stopped. For details, see How to End Processes
on the MSuite Server.
l Ensure that the key store is backed up.
Procedure
Step 1 Log in to the OS as the administrator.
Step 2 Run the following command in the CLI window to back up the key store:
> D:/oss/engr/tools/crypto/export.bat export_path
NOTE
l The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is not installed
in partition D, change the partition in the directory accordingly.
l In the preceding command, export_path indicates the key store's backup directory, for example,
D:/oss/engr/tools/crypto.
If information similar to the following is displayed, the backup succeeds:

Operations are successful,Backup File is:D:/oss/engr/tools/crypto/cryptoInfo.zip
NOTE
In the preceding displayed message, D:/oss/engr/tools/crypto indicates the key store's backup directory.
The backup file cryptoInfo.zip contains both the working key and root key.
Step 3 Run the following command in the CLI window to replace the root key:
> crypto_cfgtool -cmd modifyRootKey
If information similar to the following is displayed, the replacement succeeds:

Root material updated successfully.
Step 4 Replace a working key.

1. Run the following command in the CLI window to replace the working key:
> crypto_cfgtool -cmd modify

Warning: Make sure that OSS data (data in the database and files in OSS
directories) has been fully backed up. You can use the backup to restore the
data if the command fails to be run. To continue, enter "yes". To exit, enter
other characters:
2. Ensure that all keys are backed up and enter yes.

Cipher materials checked successfully. Configuration information modified
successfully.
NOTE
Replacing a working key may take a long period of time, usually less than 4 hours.

3. Run the following command to replace the H2 working key.

Go to the D:\oss\server\tools\h2CryptoCfgTool directory and run the
H2CryptoCfgTool.bat command.
If the following information is displayed, the replacement succeeds.
operation start.
...
operation success.
NOTE
If the preceding command fails to be executed, perform rollback. For details, see A.11.67 How Do
I Perform a Rollback After the H2 Key Replacement Fails.
4. Delete the D:\oss\server\etc\oss_cfg\frame\is_server\data\isdb.h2.db.bak file.
NOTE
Step 5 See A.11.7 How to Start the Processes of the U2000 Single-Server System on Windows to
start the NMS process.
Step 6 See A.10.2 How to Start the Process of the MSuite Server to start the Process of the
MSuite Server.
----End
Follow-up Procedure
1. Delete the exported key store.
a. Log in to the OS as the administrator.
b. Access the key store's backup directory and delete the key store exported before key
replacement, for example, deleting the cryptoInfo.zip file in the D:/oss/engr/tools/
crypto/cryptoInfo.zip directory.
2. Back up the new key store.
a. Log in to the OS as the administrator.
b. Run the following command in the CLI to back up the new key store:
> D:/oss/engr/tools/crypto/export.bat export_path
NOTE
l The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is
l In the preceding command, export_path indicates the key store's backup directory, for
example, D:/oss/engr/tools/crypto.
Operations are successful,Backup File is:D:/oss/engr/tools/crypto/
cryptoInfo.zip
NOTE
l The preceding directory is true only if the U2000 is installed in D:\oss. If the U2000 is
l In the preceding displayed message, D:/oss/engr/tools/crypto indicates the key store's
backup directory. The backup file cryptoInfo.zip contains both the working key and root
key.
c. Save the exported backup key store after encryption to a storage unit with a higher
level of confidentiality, and delete it locally.

7.2.2 Replacing Storage Keys for a Single-Server System (Linux)

After the U2000 single-server system (Linux) is installed, the storage key file is automatically
generated in the default directory. To improve system security, you are advised to replace the
default keys and periodically update the keys.
Prerequisites
l Ensure that the NMS process is stopped. To check whether it is stopped, see A.11.12
How to Verify That the Processes of the U2000 Single-Server System Are Running
on SUSE Linux. If the NMS process is not stopped, see A.11.14 How to End the
l Ensure that the database is running properly. To check the database status, see A.9.1.3
How to Verify That the Sybase Database Is Running. If the database is stopped, see
A.9.1.2 How to Start the Sybase Database Service to start it.
Context
l Data stored on the U2000 is all encrypted. If the system key store is lost or damaged,
related data will fail to be encrypted.
l It is recommended that storage keys including the root key and working key on the
U2000 server be periodically replaced. A replacement period must be shorter than 1 year.
Procedure
Step 1 Log in to the OS as the ossuser user over SSH using the PuTTY.
Step 2 Run the following command to back up the key store:

$ cd /opt/oss/engr/tools/crypto
$ ./export.sh export_path
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not installed
in partition /opt, change the partition in the directory accordingly.
example, /opt/oss/engr/tools/crypto.

Operations are successful,Backup File is:opt/oss/engr/tools/crypto/cryptoInfo.zip
NOTE
In the preceding displayed message, /opt/oss/engr/tools/crypto indicates the key store's backup
directory. The backup file cryptoInfo.zip contains both the working key and root key.
Step 3 Run the following command to replace a root key:

$ crypto_cfgtool -cmd modifyRootKey


1. Run the following command to replace a working key:

$ crypto_cfgtool -cmd modify

directories) has been fully backed up.
You can use the backup to restore the data if the command fails to be run.
To continue, enter "yes". To exit, enter other characters:

Cipher materials checked successfully.
Configuration information modified successfully.
Successfully synchronized data to the configuration files.
Cipher key changed successfully.
NOTE
$ cd /opt/oss/server/tools/h2CryptoCfgTool
$ ./H2CryptoCfgTool.sh
NOTE
Start operation.
operation success.
Please do not delete isdb.h2.db.bak until all IS( centralized or
distributed(master/slave) )exec success.
NOTE
4. Run the following command to delete the isdb.h2.db.bak file.
$ rm -rf /opt/oss/server/etc/oss_cfg/frame/is_server/data/isdb.h2.db.bak
NOTE
Step 5 See A.11.13 How to Start the Processes of the U2000 Single-Server System on SUSE
Linux to start the NMS process.
MSuite Server.
----End
Follow-up Procedure
a. Log in to the OS as the ossuser user using the PuTTY.
b. Run the following command to delete the key store exported before key
replacement:
$ rm -rf opt/oss/engr/tools/crypto/cryptoInfo.zip

NOTE
b. Run the following command to back up the new key store:
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is
Operations are successful,Backup File is:opt/oss/engr/tools/crypto/
cryptoInfo.zip
NOTE
In the preceding displayed message, /opt/oss/engr/tools/crypto indicates the key store's
key.
7.2.3 Replacing Storage Keys for a Single-Server System (Solaris)

This topic describes how to replace the storage keys for a U2000 single-server system running
the Solaris OS. Data stored on the U2000 is all encrypted. If the system key store is lost or
damaged, related data will fail to be encrypted. Therefore, it is recommended that storage
keys including the root key and working key on the U2000 server be periodically replaced. A
replacement period must be shorter than 1 year.
Prerequisites
Solaris. If the NMS process is not stopped, see A.11.11 How to End the Processes of
l Ensure that the database is running properly. To check the database status, see A.9.1.3
How to Verify That the Sybase Database Is Running. If the database is stopped, see
A.9.1.2 How to Start the Sybase Database Service to start it.
Procedure
Step 1 Log in to the OS as the ossuser user over SSH using the PuTTY.
Step 2 Run the following command to back up the key store:


NOTE

NOTE
In the preceding displayed message, /opt/oss/engr/tools/crypto indicates the key store's backup
Step 3 Run the following command to replace a root key:



1. Run the following command to replace a working key:


NOTE
NOTE
Start operation.
operation success.
NOTE
4. Run the following command to delete the isdb.h2.db.bak file.

NOTE
Step 5 See A.11.10 How to Start the Processes of the U2000 Single-Server System on Solaris to
MSuite Server.
----End
Follow-up Procedure
b. Run the following command to delete the key store exported before key
replacement:
$ rm -rf opt/oss/engr/tools/crypto/cryptoInfo.zip
NOTE
NOTE
cryptoInfo.zip
NOTE
key.
7.3 Key Replacement for a U2000 HA System

This topic describes the key replacement solution for a U2000 HA system running the Linux
or Solaris OS.
7.3.1 Replacing Storage Keys for a U2000 HA System

This topic describes how to replace the storage keys for a U2000 HA system. Data stored on
the U2000 is all encrypted. If the system key store is lost or damaged, related data will fail to

be encrypted. Therefore, it is recommended that storage keys including the root key and
working key on the U2000 server be periodically replaced. A replacement period must be
shorter than 1 year.
Prerequisites
l Ensure that the NMS process is stopped at both primary and secondary sites. To check
whether it is stopped, see A.11.15 How to Check Whether the U2000 Processes of the
High Availability System (Solaris, PC Linux) Are Started. If the NMS is not stopped,
see A.11.17 How to End the U2000 Processes of the High Availability System
(Solaris, PC Linux).
Context
Keys need to be replaced only at the primary site in a U2000 HA system because the key store
files will be automatically synchronized to the secondary site.
Procedure
Step 1 Log in to the primary sites as the oss user using the PuTTY.
Step 2 See C.6.2 Separating the Primary Site from the Secondary Site to separate the primary
Step 3 See A.9.1.2 How to Start the Sybase Database Service to start the database at both primary
Step 4 Run the following command at primary sites to back up the key store:
$ cd /opt/oss/engr/tools/crypto $ ./export.sh export_path
NOTE

NOTE
In the preceding displayed message, opt/oss/engr/tools/crypto indicates the key store's backup
Step 5 Run the following command at the primary site to replace the root key.


1. Run the following command at the primary site to replace the working key:


2. Ensure that the keys are backed up and enter yes.

NOTE
3. Run the following command at the primary site to replace the H2 working key.
NOTE
Start operation.
operation success.
NOTE
4. Run the following command at the primary site to delete the isdb.h2.db.bak file.
NOTE
Step 7 See A.11.16 How to Start the U2000 Processes of the High Availability System (Solaris,
PC Linux) to start the NMS process at primary sites.
MSuite Server.
Step 9 See Connecting the Primary and Secondary Sites to connect the primary and secondary
sites.
----End
Follow-up Procedure
1. Delete the exported key store before key replacement.
a. Log in to the primary and secondary sites as the oss user using the PuTTY.
b. Run the following command to delete the exported key store:
$ rm -rf /opt/oss/engr/tools/crypto/cryptoInfo.zip
NOTE


a. Log in to the primary and secondary sites as the oss user using the PuTTY.
$ cd /opt/oss/engr/tools/crypto $ ./export.sh export_path
NOTE
cryptoInfo.zip
NOTE
key.
7.4 Key Replacement for a U2000 Distributed System

This topic describes the key replacement solution for a U2000 distributed system.
7.4.1 Replacing the Storage Keys for Each Node In a Distributed

U2000 System
The U2000 automatically generates an storage key file in the default directory after the U2000
is installed. To enhance the system security, updating the default keys and periodically
updating the key are recommended.
Prerequisites
l The Centralized Maintenance Management Tool server has been started.
l The PC used to log in to the Centralized Maintenance Management Tool in web mode
can properly communicate with the Centralized Maintenance Management Tool server.
Context
l The storage key files include the root key /opt/oss/server/etc/conf/rootkey.cfg and the
working key /opt/oss/server/etc/conf/runinfos/runinfo*.cfg.
l Data stored on the U2000 is all encrypted. If the system key store is missing or damaged,
related data will fail to be encrypted. Therefore, it is recommended that storage keys
including the root key and working key on the U2000 server be periodically replaced.
l The operations in this topic will replace the storage key files on each node of the
distributed system. The whole replacement process may take a long period of time,
usually less than 4 hours. During this period, ensure that U2000 processes on all nodes
are stopped and reserve sufficient time for replacement.

Procedure
Step 1 Run the following commands to ensure the Sybase database service is running on EM and
NM EN, NM and ACN nodes.
NOTE
The ACN node needs to be deployed only in the U2000 MSO O&M scenario.
1. Log in to the OS as user ossuser.
2. Run the following command to check whether the Sybase database service is running:
$ ./showserver

UID PID PPID C STIME TTY TIME CMD
dbuser 4195 4170 0 18:42:26 ? 70:35 /opt/sybase/ASE-15_0/bin/
dataserver -ONLINE:1,0,0x6505fd2a, 10000000000, 0x18fc
backupserver -SDBSVR_back -e/opt/sybase/ASE-15_0/install
NOTE
– If the displayed information contains /opt/sybase/ASE-15_0/bin/dataserver -ONLINE, /opt/

sybase/ASE-15_0/bin/backupserver -SDBSVR_back and /opt/sybase/ASE-15_0/bin/
dataserver -sDBSVR, the Sybase database service is running.
– If not, perform Step 1.3.
3. Optional: Run the following commands to start the Sybase database service:
# su - dbuser
Step 2 Logging In to the U2000 Centralized Maintenance Management Tool.

Step 3 Stop processes on each node.
1. Choose Maintenance > Monitor > Service Monitor from the main menu.
2. On the Service Monitor page, select all the nodes, click Stop.
Step 4 Replace storage key files.
1. Choose Maintenance > Key Management > Storage Key Management from the main
menu.
2. Select all the nodes, click Update to replace the storage keys for each node.
3. On the Prompt window that is displayed, click OK.
Choose System > Task Information List to view the Update storage key process.
– If Execution Succeeded is displayed in the Task Status column, the storage keys
on each node are replaced successfully.
– If Execution Failed is displayed in the Task Status column, take measures based
on the error information in Details.
Step 5 Start processes on each node.
2. On the Service Monitor page, select all the nodes, click Start.
----End

Follow-up Procedure
Back up the new key store.
1. Log in to the nodes one by one as the ossuser user using the PuTTY.
2. Run the following command to back up the new key store:
NOTE
In the preceding command, export_path indicates the key store's backup directory, for example,
opt/oss/engr/tools/crypto.
cryptoInfo.zip
NOTE
l The preceding directory is true only if the U2000 is installed in /opt/oss. If the U2000 is not
l In the preceding displayed message, opt/oss/engr/tools/crypto indicates the key store's
backup directory. The backup file cryptoInfo.zip contains both the working key and root key.
3. Save the exported backup key store after encryption to a storage unit with a higher level
of confidentiality, and delete it locally.
7.4.2 Replacing RSA Key Files in a Distributed System

This topic describes how to replace RSA key files to ensure RSA key consistency on each
node after the U2000 has been installed in a distributed system. To enhance the system
security, periodically updating the key is recommended.
Prerequisites
l The Centralized Maintenance Management Tool server has been started.
l The PC used to log in to the Centralized Maintenance Management Tool in web mode
can properly communicate with the Centralized Maintenance Management Tool server.
Context
l The U2000 automatically generates an RSA key file in the default directory, which is
used to replace the default RSA key file after the U2000 is installed.
l The RSA key files include /opt/oss/server/etc/conf/cipher/rsa/rsapublic.key
and /opt/oss/server/etc/conf/cipher/rsa/rsaprivate.key.
Procedure
Step 1 Logging In to the U2000 Centralized Maintenance Management Tool.
Step 2 Stop NM and EM processes.

2. On the Service Monitor page, select NM node and EM nodes, click Stop.
Step 3 Replace RSA key files.
1. Choose Maintenance > Key Management > RSA Key Management from the main
menu.

2. On the RSA Key Management page, select NM node and EM nodes, click Update.
Step 4 Start NM and EM processes.

2. On the Service Monitor page, select NM node and EM nodes, click Start.
----End
7.5 Replacing an SFTP Authentication Key
Prerequisites
Windows. If the NMS process is not stopped, see A.11.8 How to End the Processes of
l Ensure that the database is running properly. To check the database status, see A.8.4
How to Start the SQL Server Database.
Procedure
Step 1 Log in to the Windows OS as a user with administrator rights.
Step 2 Run the following commands to generate the RSA key parameter:
> cd /d D:
> openssl genrsa -out rsa_pri.pem 2048
If information similar to the following is displayed, the parameter is successfully generated:
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
..+++
................................................................+++
e is 65537 (0x10001)
NOTE
After the preceding commands are executed, the rsa_pri.pem file will be generated in the root directory
of disk D.
Step 3 Run the following command to generate the public.key file based on the key file:
> openssl rsa -in rsa_pri.pem -pubout -outform PEM -out public.key
If information similar to the following is displayed, the file is successfully generated:
writing RSA key
NOTE
After the preceding command is executed, the public.key file will be generated in the root directory of
disk D.
Step 4 Run the following command to generate the private key file pkcs8.pem in PKCS8 format
based on the key file:
> openssl pkcs8 -topk8 -inform PEM -outform PEM -in rsa_pri.pem -out pkcs8.pem -
nocrypt

NOTE
After the preceding command is executed, the pkcs8.pem file will be generated in the root directory of
disk D.
Step 5 Copy all the data in pkcs8.pem and public.key files to one text file and name it as
rsa_host.key. The content format is as follows:
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4dKikX0D0ua5h
...
EzAqAG7MEizGOu8FXN5U84Pj0jYaop2gfQtpissOZl1XYX2/0DXmQE+AvriqbAUB
MEDeV/Qi0yQhapf2aUm9AA==
-----END PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHSopF9A9LmuYaGvjC7q
...
LVUQfdAXVebuZVHENMmdR2Ayd/r70/dd+ukosaE6NHhbXTYxu0ntppRFXtUAYTvo
ZQIDAQAB
-----END PUBLIC KEY-----
Step 6 Copy the rsa_host.key file to the D:\oss\server\3rdTools\ftp\minasshd\config directory to

overwrite the original file.
Step 7 See A.11.7 How to Start the Processes of the U2000 Single-Server System on Windows to
MSuite Server.
----End

Administrator Guide 8 Managing U2000 Files and Disks
8 Managing U2000 Files and Disks
About This Chapter
This topic describes how to manage the system files and disks of the U2000.
8.1 U2000 File System Overview
This topic describes the system architecture of the U2000, which is based on the client/server
model, and the file system of the U2000.
8.2 Single-Server System Running on Windows
This topic describes how to manage system files and disks of the U2000 in a single-server
system running on Windows.
8.3 Single-Server System Running on Solaris
system running on Solaris.
8.4 Single-Server System Running on SUSE Linux
system running on SUSE Linux.
8.5 High Availability System Running on Solaris
This topic describes how to manage system files and disks of the U2000 in a high availability
8.6 High Availability System Running on SUSE Linux
8.1 U2000 File System Overview

This topic describes the system architecture of the U2000, which is based on the client/server
model, and the file system of the U2000.
8.1.1 System Architecture Overview

This topic describes the system architecture of the U2000.

The system architecture of the U2000 is based on the client/server model. The details are as
follows:
l The client provides the graphical user interface (GUI) for you to maintain and perform
operations on network elements (NEs), in addition to monitoring the status of the U2000.
l The server communicates with NEs and stores the data of operations and maintenance on
NEs.
l The client and server of the U2000 communicate with each other through the data
communication network (DCN). The lower-layer NMS and the upper-layer (OSS)
communicate with the U2000 server through a DCN.
l Do not move or delete U2000 and database folders or files randomly during daily
maintenance and management. Otherwise, the U2000 may fail to function properly.
l Do not modify owners, groups, or permissions of U2000 files randomly during daily
maintenance and management.
8.1.2 File System of the Server

This topic describes the file system structure that is displayed after the software of the servers
of the U2000 is installed.
The U2000 server software can run in the Windows, SUSE Linux and Solaris operating
system (OS) and integrates the database software. The file systems of the servers of the
U2000 are the same. The following table shows the directory structure.
NOTE
The situation where the U2000 is installed in D:\oss is used as an example to describe the major
directory architectures for the U2000 server software in the following Windows OSs.
Table 8-1 Major directory architecture for the U2000 server software in the Windows OS
Default Directory Name in Description

Window
D:\oss Saves the files related to the U2000 software.
D:\oss\CAU Serves as the directory used by the CAU.
D:\oss\client Saves the files related to the client software.
D:\oss\common Saves the third-party software that can run

independently.
D:\oss\client\notify Saves the files related to the remote notification

service.
D:\oss\server Saves the files and subdirectories related to the

U2000 server.
D:\oss\server\platform\bin Saves the executable files of the U2000 server

program.
D:\oss\server\etc\conf Saves the U2000 configuration file.
D:\oss\engr Saves files and subdirectories related to

framework, such as MSuite server.

Default Directory Name in Description

Window
D:\oss\OSSJRE Saves JRE directories.
D:\oss\server\var\dump Saves dumped logs.
D:\oss\server\etc\conf\license Saves the U2000 license file.
D:\oss\server\etc Saves the static data.
D:\oss\server\logs Saves log files created from the U2000 server

commissioning information.
D:\oss\server\tools Saves the files related to the tools.
D:\oss\server\var Saves the output data in the running of the U2000.
D:\backup\dbbackup Saves the U2000 database backup file.
D:\oss\server\var\share Saves the sharing data.
D:\oss\uninstall Saves the U2000 uninstallation files.
NOTE
The situation where the U2000 is installed in /opt/oss is used as an example to describe the major
directory architectures for the U2000 server software in the following Solaris or SUSE Linux OSs.
Table 8-2 Directory structure of the U2000 server software in the Solaris or SUSE Linux OS
Default Directory Name Description
/opt/oss Serves as the NMS installation directory.
/opt/oss/CAU Serves as the directory used by the CAU.
/opt/oss/client Saves the files related to the client software.
/opt/oss/common Saves the third-party software that can run

independently.
/opt/oss/notify Saves the files related to the remote notification

service.
/opt/oss/server Saves the files and subdirectories related to the

U2000 server.
/opt/oss/server/bin Saves the executable files of the U2000 server

program.
/opt/oss/server/conf Saves the U2000 configuration file.
/opt/oss/engr Saves files and subdirectories related to

framework, such as MSuite server.

Default Directory Name Description
/opt/install/OSSICMR Saves files and subdirectories related to system

preconfiguration.
/opt/oss/OSSJRE Saves JRE directories.
/opt/oss/server/var/dump Saves dumped logs.
/opt/oss/server/etc Saves the static data.
/opt/oss/server/etc/conf/license Saves the U2000 license file.
/opt/oss/server/logs Saves log files created from the U2000 server

commissioning information.
/opt/oss/server/tools Saves the files related to the tools.
/opt/oss/server/var Saves the output data in the running of the U2000.
/opt/backup/dbbackup Saves the U2000 database backup file.
/opt/oss/server/var/dbdata Saves the temporary database data.
/opt/oss/server/var/share Saves the sharing data.
/opt/oss/uninstall Saves the U2000 uninstallation files.
8.1.3 File System of the Client

This topic describes the file system structure that is displayed after the U2000 client is
installed.
The U2000 client software can run in the Windows OS. The following table shows the
directory structure of the client file system.
NOTE
The situation where the U2000 is installed in D:\oss is used as an example to describe the major
directory architectures for the U2000 client software in the following Windows OSs.
Table 8-3 Directory structure of the U2000 client software in the Windows OS
Default Directory Name in Windows Description
D:\oss\client Saves the files related to the client software.
D:\oss\common Saves the third-party software that can run

independently.
D:\oss\client\notify Saves the files related to the remote

notification service.
D:\oss\client\client\bin Saves the executable files of the U2000

client application.
D:\oss\client\lib Saves the SDK information.

Default Directory Name in Windows Description
D:\oss\client\client\report Serves as the directory for exporting reports.
D:\oss\client\client\thirdparty Saves the third-party software.
8.2 Single-Server System Running on Windows

system running on Windows.
8.2.1 Checking the Usage of the Server Disk

This topic describes how to check the usage of the server disk. Disk anomalies can lead to
data loss, affecting the normal running of the NMS. It is recommended that you check the
disk status regularly. In this manner, you can repair or replace the disk in time when
discovering any disk fault.
Procedure
Step 1 In the Computer window, right-click a disk and choose Properties from the shortcut menu.
Step 2 In the dialog box that is displayed, click the Tools tab.
Step 3 In the Error-checking area, click Check Now.
Step 4 In the Check Disk operation dialog box, select Automatically fix file system errors and
click Start.
----End
Reference Standard
Hardware errors prompts do not exist in the displayed information.
Exception Handling
If a disk is faulty, contact the device supplier to repair or replace the disk.
8.2.2 Cleaning Up Disk Space for the U2000 Server

Disk space must be cleaned up periodically to ensure that the U2000 has sufficient available
disk space and prevent abnormal running of the U2000 server caused by insufficient disk
space.
Context
To ensure the normal running, the U2000 automatically deletes some data and reports one or
more of the disk clean-up event 5012, disk clean-up event 5013, and emergency disk data
migration event 5014 when the disk space on the server is insufficient. This is an emergency
preventive measure that does not resolve problems completely. Clean up disks as soon as
possible.

Procedure
l Method one (recommended): Use the disk cleanup tool.
a. Log in to Windows as a user with administrator rights.
b. Choose Start > Run. In the Run dialog box, enter cmd to open the command line
interface (CLI) window.
c. Run the following commands to start the disk cleanup tool script:
C:\Documents and Settings\Administrator>cd /d C:\oss\engr\engineering
\tool\hdcleaner
C:\oss\engr\engineering\tool\hdcleaner>start.bat
If the following information is displayed, the script has been executed successfully.
HD CLeaner : Operation Started.
HDCleaner - loading XML : C:\oss\engr\engineering\tool\hdcleaner\script

\hdc_access.xml
\hdc_engr.xml
\hdc_ip.xml
\hdc_trans.xml
\hdc_unitedmgr.xml
\hdc_vmf.xml
HD CLeaner : Operation Successful.
l Method two: Manually delete useless files.

a. Log in to Windows as a user with administrator rights.
b. Delete the following useless files:
n Delete useless alarm dump files. By default, these files are stored in the U2000
installation path\server\var\dump path.
n Delete useless log dump files. By default, these files are stored in the U2000
installation path\server\var\dump path.
n Delete useless performance dump files. By default, these files are stored in the
U2000 installation path\server\var\dump path.
n Delete useless database backup files. By default, these files are stored in the D:
\backup\dbbackup path.
n Delete useless U2000 running logs. By default, these files are stored in the
U2000 installation path\serve\log path.
n Delete other useless files, such as installation files and patch files of earlier
versions.
NOTE
l If a core dump fault occurs, some files whose names start with core may be
generated. After rectifying the fault, delete these files to release space.
l 20110221 indicates the scheduled alarm dumping file created on February 21,
2011. Confirm that the file is useless before deleting it.
For example, delete the 20110221 folder from the U2000 installation path
\server\dump\ThresholdExport\FMpath.
Perform the following steps to check the available disk space:
a. Press Win+E to open the resource manager.

b. Right-click Local Disk (D:) and choose Properties from the shortcut menu.
NOTE
Assume that the U2000 is installed in Local Disk (D:).
c. On the General tab page, check the disk usage.
----End
8.2.3 Cleaning Up Disk Space for a U2000 Client

This topic describes how to clean up disk space for a U2000 client. To ensure sufficient disk
space for the U2000, you must delete useless backup files and trash files. Disk space
insufficiency may cause a running error of the U2000 client.
Context
Ensure that the files to be deleted are no longer used. If a useful file is deleted, the U2000
client may not run properly.
Procedure
Step 1 Delete the files in the d:\oss\client\logs path.
Step 2 Empty the Recycle Bin.
----End
8.3 Single-Server System Running on Solaris

8.3.1 Checking the Usage of the Server Disk

This topic describes how to check the usage of the server disk. Disk anomalies can lead to
data loss, affecting the normal running of the NMS. It is recommended that you check the
disk status regularly. In this manner, you can repair or replace the disk in time when
discovering any disk fault.
Procedure
Step 1 Log in to the Solaris OS as the ossuser user.
Step 2 Open a terminal window. Then, run the following commands to switch to the root user:
$ su - root
Password:password of the root user
Step 3 Run the following command to view the physical status of the current server disk:
# df -h
The terminal displays:
Filesystem size used avail capacity Mounted on

/dev/md/dsk/d30 49G 3.1G 46G 7% /
/devices 0K 0K 0K 0% /devices

ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 69G 1.3M 69G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
sharefs 0K 0K 0K 0% /etc/dfs/sharetab
/platform/sun4v/lib/libc_psr/libc_psr_hwcap3.so.1
49G 3.1G 46G 7% /platform/sun4v/lib/
libc_psr.so.1
/platform/sun4v/lib/sparcv9/libc_psr/libc_psr_hwcap3.so.1
49G 3.1G 46G 7% /platform/sun4v/lib/sparcv9/
libc_psr.so.1
fd 0K 0K 0K 0% /dev/fd
/dev/md/dsk/d36 49G 1.1G 48G 3% /var
swap 69G 40K 69G 1% /tmp
swap 69G 32K 69G 1% /var/run
/dev/md/dsk/d35 394G 2.9G 387G 1% /opt
/dev/dsk/c0t65439DF100D38E390001341F00000000d0s0
394G 86G 304G 23% /opt/sybase
197G 11G 184G 6% /opt/oss
/dev/md/dsk/d37 20G 20M 19G 1% /export/home
391G 1.1G 386G 1% /opt/backup
NOTE
The displayed information varies according to the actual condition of the intended workstation, and thus
may be different from the preceding information.
----End
Reference Standard
Hardware errors prompts do not exist in the displayed information.
Exception Handling
If a disk is faulty, contact the device supplier to repair or replace the disk.

space.
Context
possible.
Procedure
a. Log in to the Solaris OS as the ossuser user.
b. Run the following commands to start the disk cleanup tool script:
$ cd /opt/oss/engr/engineering/tool/hdcleaner
$ ./start_solaris.sh

HDCleaner - loading XML : /opt/oss/engr/engineering/tool/hdcleaner/

script/hdc_access.xml
script/hdc_engr.xml
script/hdc_trans.xml
script/hdc_unitedmgr.xml
script/hdc_vmf.xml

n Delete useless alarm dump files. By default, these files are stored in
the /opt/oss/server/var/dump path.
n Delete useless log dump files. By default, these files are stored in the /opt/oss/
server/var/dump path.
n Delete useless performance dump files. By default, these files are stored in
n Delete useless database backup files. By default, these files are stored in
the /opt/backup/dbbackup path.
n Delete useless U2000 running logs. By default, these files are stored in
the /opt/oss/server/logs path.
versions.
NOTE
For example, run the following command to delete useless scheduled alarm
dumping files:
$ cd /opt/oss/server/var/ThresholdExport/FM
$ rm -r 20110221
Run the following command to check the available disk space:

$ df -hk /opt
/dev/dsk/c1t1d0s5 134G 75G 58G 57% /opt
----End

space for the U2000 client, you must delete useless backup files and trash files. Disk space

Context
Procedure
Step 1 Delete the files in the /opt/oss/client/logs path.
Step 2 Empty the Trash.
----End
8.4 Single-Server System Running on SUSE Linux

8.4.1 Checking the Usage of Server Disks

This topic describes how to check the usage of server disks. If a disk does not function
properly, data will be lost and the U2000 fails to run properly. Checking the disk status
regularly is recommended. You must repair or replace a disk that does not function properly in
time.
Procedure
Step 1 Log in to the SUSE Linux OS as the ossuser user.
Step 2 Open a command line interface (CLI). Then, run the following commands to switch to the
root user:
$ su - root
Step 3 To view the physical status of the current server disk, run the following command:
# df -h

/dev/sda1 20G 609M 19G 4% /
/dev/sda7 115G 35G 74G 32% /opt
/dev/sda5 20G 3.6G 16G 19% /usr
NOTE
The command output varies according to the actual condition of the server.
----End

Reference Standard
The command output does not contain information about hardware errors.
Exception Handling
If a disk does not function properly, contact the device supplier to repair or replace the disk.

space.
Context
possible.
Procedure
a. Use the PuTTY to log in to the SUSE Linux OS as user ossuser in SSH mode.
$ ./start_linux.sh

script/hdc_engr.xml
script/hdc_vmf.xml

b. Run the following commands to switch to the root user:
$ su - root
c. Delete the following useless files:


versions.
NOTE
dumping files:
# cd /opt/oss/server/var/ThresholdExport/FM
# rm -r 20110221

# df -hk /opt
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 260566312 51880408 208685904 20% /
----End

Context
Procedure
----End
8.5 High Availability System Running on Solaris

8.5.1 Checking Server Disks

This topic describes how to check the usage and status of the U2000 server disks.

8.5.1.1 Checking the Disk Usage of the U2000 Server

This topic describes how to check the disk usage of the U2000 server by using the System
Monitor or commands. The information to be viewed such as the available disk space and
percentage of the used disk space.
Procedure
l To check the disk usage by using the System Monitor, perform the following steps:
a. Log in to the System Monitor.
b. Click the Disk tab to check information such as the remaining space and percentage
of the used disk space.
l To check the disk usage by using commands, perform the following steps:
a. Log in to the Solaris OS as the ossuser user. Run the following command to switch
to the root user.
$ su - root
b. Run the following command to view the disk usage on the primary and secondary
sites:
# df -h

Filesystem kbytes used avail capacity
Mounted on
/dev/vx/dsk/bootdg/rootvol
12G 3.8G 7.9G 33% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 9.1G 1.8M 9.1G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
sharefs 0K 0K 0K 0% /etc/dfs/sharetab
/platform/sun4u-us3/lib/libc_psr/libc_psr_hwcap1.so.1
12G 3.8G 7.9G 33% /platform/sun4u-
us3/lib/libc
_psr.so.1
/platform/sun4u-us3/lib/sparcv9/libc_psr/libc_psr_hwcap1.so.1
12G 3.8G 7.9G 33% /platform/sun4u-
us3/lib/spar
cv9/libc_psr.so.1
fd 0K 0K 0K 0% /dev/fd
/dev/vx/dsk/bootdg/var
7.9G 1.4G 6.4G 19% /var
swap 9.1G 104K 9.1G 1% /tmp
swap 9.1G 40K 9.1G 1% /var/run
swap 9.1G 0K 9.1G 0% /dev/vx/dmp
swap 9.1G 0K 9.1G 0% /dev/vx/rdmp
/dev/vx/dsk/bootdg/opt
64G 7.4G 56G 12% /opt
/dev/vx/dsk/bootdg/home
1002M 1.0M 941M 1% /export/home
/dev/odm 0K 0K 0K 0% /dev/odm
/dev/vx/dsk/datadg/lv_nms_data
39G 40M 39G 1% /opt/sybase/data
----End

8.5.1.2 Checking the Disk Status of the U2000 Server

If the disk status is abnormal, the data may be lost and the U2000 cannot be normally used.
Therefore, you need to check the disk status periodically. If any fault of the disk is found,
clear it or replace the disk in time.
Procedure
l Check the disk status on Veritas.
a. Log in to the Solaris operating system as user ossuser.
b. Open a terminal window, and run the following commands to switch to user root:
$ su - root
Password:password_of_user_root
c. Run the following commands on the primary and secondary sites:

# vxdisk list
In the case of two hard disks, the terminal displays the following information:
DEVICE TYPE DISK GROUP STATUS
c1t0d0s2 auto:sliced rootdisk datadg online
c1t1d0s2 auto:sliced rootmirror datadg online
In the case of four hard disks, the terminal displays the following information:
c1t0d0s2 auto:slice rootdisk rootdg online
c1t1d0s2 auto:slice rootmirror rootdg online
c1t2d0s2 auto:slice datadisk datadg online
c1t3d0s2 auto:slice datamirror datadg online
NOTE
The equipment names in the DEVICE column may be different from those displayed on the
terminal according to the actual situation of the workstation.
d. Run the following commands to switch to non-root user:
# exit
l Check the disk status on Solaris.

a. Log in to the Solaris operating system as user ossuser.
b. Open a terminal window, and run the following commands to switch to user root:
$ su - root
c. Run the following commands to view the physical status of the disk on the current
server:
# iostat -E

sd1 Soft Errors: 0 Hard Errors: 0 Transport Errors: 0
Vendor: HITACHI Product: H101414SCSUN146G Revision: SA25 Serial No:
0848E3PKSA
Size: 146.80GB <146800115712 bytes>
Media Error: 0 Device Not Ready: 0 No Device: 0 Recoverable: 0
Illegal Request: 0 Predictive Failure Analysis: 0
Vendor: TSSTcorp Product: CD/DVDW TS-T632A Revision: SR03 Serial No:
Size: 0.00GB <0 bytes>
0848E42GTA

Size: 146.80GB <146800115712 bytes>

0848E3PAAA
Size: 146.80GB <146800115712 bytes>
0848E46GKA
Size: 146.80GB <146800115712 bytes>
0848E46GDA
Size: 146.80GB <146800115712 bytes>
0848E46GUA
Size: 146.80GB <146800115712 bytes>
NOTE
The output information may be different from that displayed on the terminal according to the
actual situation of the workstation.
d. Run the following commands to switch to non-root user:
# exit
----End
Reference Standard
If the following standards are met, it indicates that the disk status is normal:
l After you run the vxdisk list command, the disk status is online.
l After you run the iostat -E command, if the Hard Errors information of the disk is 0, it
indicates that the physical status of the disk is normal.
Troubleshooting
If a disk fails, contact the equipment supplier to repair or replace the disk in a timely manner.
8.5.1.3 Checking the Disk Group Status of the U2000 Server

Check whether the disk group status is normal.
Procedure
Step 1 Open a terminal window, and run the following commands to switch to user root:
$ su - root
Step 2 Run the following commands on both the primary and secondary sites:
# vxdg list
The screen output is similar to the following:

NAME STATE ID
datadg enabled 997585324.1237.Primary
----End
Reference Standards
If the following standards are met, the disk group status is normal:
l If over two disks are available on the workstation, two disk groups should be displayed,
including rootdg and datadg. Otherwise, there is a problem with the disk groups.
l If only two disks are available on the workstation, only one disk group, that is, datadg,
should be displayed. Otherwise, there is a problem with the disk group.
l The STATE of each disk group should be enabled. Otherwise, there is a problem with
the disk groups.
Troubleshooting
If a fault of the disk group occurs, contact the local office or Customer Service Center of
Huawei according to the warranty.
8.5.1.4 Checking the Disk Volume Status of the U2000 Server

This section describes how to query the disk volume status.
Procedure
Step 2 Open a terminal window, and run the following commands to switch to the root user:
$ su - root
Step 3 Run the following commands to check whether the disk volume status is normal, according to
the disk volume information:
# vxprint -v

Disk group: rootdg
TY NAME ASSOC KSTATE LENGTH PLOFFS STATE TUTIL0 PUTIL0

v opt fsgen ENABLED 167781888 - ACTIVE - -
v rootvol root ENABLED 20982912 - ACTIVE - -
v swapvol swap ENABLED 33560448 - ACTIVE - -
v usr fsgen ENABLED 20982912 - ACTIVE - -
v var fsgen ENABLED 41945472 - ACTIVE - -
Disk group: datadg

v lv_nms_data datarvg ENABLED 83886080 - ACTIVE - -
v srl_vol datarvg ENABLED 2097152 SRL ACTIVE - -
NOTE
The displayed information varies with the data of the disks that are actually configured.
l If over two disks are configured, the two disk groups including rootdg and datadg are available.
l If only two disks are configured, only one disk group (datadg) is available.
----End

Reference Standards
If the following standards are met, it indicates that the disk volume status is normal:
l Disk volumes used by the U2000 exist. Currently, disk volumes used by the U2000 is
lv_nms_data.
l For all the disk volumes, KSTATE must be ENABLED.
l For all the disk volumes, STATE must be ACTIVE.
Troubleshooting
1. If the problem persists, run the following command to record the details of all the disk
volumes, and contact the local office or Customer Service Center of Huawei according to
the warranty.
# vxprint -l VolumeName
Table 8-4 describes the meanings of the fields that are displayed:
Table 8-4 Field description for disk volume status

Field Name Description
Disk group The disk group to which this disk volume

belongs.
Volume Disk volume name.
info Disk volume length.
type Disk volume type.
state Disk volume state. Normally, it should be

ACTIVE, and kernel be ENABLED
assoc Association of disk volumes, rvg refers to

the RVG to which this disk volume
belongs, which is datarvg normally.
plexes The plex contained in this disk volume.
policies Disk volume management policy.
flags Disk volume flag.
logging Disk volume log. Normally, the type is

DCM.
recovery Disk volume recovery mode.
device Disk volume number and trail.
perms Disk volume owner and authority.
For example, to query the details of the disk volume lv_nms_data, you can run the
following command:
# vxprint -l lv_nms_data


Disk group: datadg
Volume: lv_nms_data
info: len=83886080
type: usetype=fsgen
state: state=ACTIVE kernel=ENABLED cdsrecovery=0/0 (clean)
assoc: rvg=datarvg
plexes=lv_nms_data-01,lv_nms_data-02
exports=(none)
policies: read=SELECT (round-robin) exceptions=GEN_DET_SPARSE
flags: closed writecopy writeback
logging: type=DCM loglen=512 serial=0/0 mapalign=256 (enabled)
apprecov: seqno=0/0
recovery: mode=default
recov_id=0
device: minor=1001 bdev=295/1001 cdev=295/1001 path=/dev/vx/dsk/datadg/
lv_nms_data
perms: user=root group=root mode=0666
......
8.5.1.5 Monitoring the Mounting Status of File Systems

Monitor the mounting status of the U2000 file system and Sybase file system.
Procedure
Step 2 Open a terminal window, and run the following commands to switch to user root:
$ su - root
Step 3 Run the following command to view the mounting status of the U2000 file system and the
Sybase file system.
# df -k
The screen output is similar to the following:

Filesystem kbytes used avail capacity Mounted on
/dev/vx/dsk/bootdg/rootvol
51636771 4091453 47028951 9% /
/devices 0 0 0 0% /devices
ctfs 0 0 0 0% /system/contract
proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
swap 70817088 1496 70815592 1% /etc/svc/volatile
objfs 0 0 0 0% /system/object
sharefs 0 0 0 0% /etc/dfs/sharetab
swap 70815592 0 70815592 0% /dev/vx/dmp
swap 70815592 0 70815592 0% /dev/vx/rdmp
/platform/sun4v/lib/libc_psr/libc_psr_hwcap3.so.1
51636771 4091453 47028951 9% /platform/sun4v/lib/
libc_psr.so.1
/platform/sun4v/lib/sparcv9/libc_psr/libc_psr_hwcap3.so.1
51636771 4091453 47028951 9% /platform/sun4v/lib/
sparcv9/libc_psr.so.1
fd 0 0 0 0% /dev/fd
/dev/vx/dsk/bootdg/var
51636771 1695737 49424667 4% /var
swap 70815664 72 70815592 1% /tmp
swap 70815624 32 70815592 1% /var/run
/dev/vx/dsk/bootdg/opt
413086752 5908189 403047696 2% /opt
/dev/vx/dsk/datadg/lv_nms

206437998 10791780 193581839 6% /opt/oss

/dev/vx/dsk/datadg/lv_database
154828495 9954606 143325605 7% /opt/sybase
/dev/vx/dsk/datadg/lv_backup
412876013 84594334 324152919 21% /opt/backup
/dev/vx/dsk/bootdg/home
20658157 20737 20430839 1% /export/home
/dev/odm 0 0 0 0% /dev/odm
/dev/vx/dsk/datadg/lv_nms_data
92897090 80218299 11749821 88% /opt/sybase/data
/dev/vx/dsk/datadg/lv_filesync
30965686 30729 30625301 1% /export/sync
If the file system information about /dev/vx/dsk/datadg/lv_database,/dev/vx/dsk/datadg/

lv_nms, /dev/vx/dsk/datadg/lv_backup and /dev/vx/dsk/datadg/lv_nms_data is displayed,
it indicates that the mounting status of the U2000 file system and the Sybase file system is
normal.
----End
8.5.2 Cleaning Up Disk Space

This topic describes how to clean up disk space. You must clean up disk space in time to
ensure the normal running of the U2000 server and clients.
8.5.2.1 Cleaning Up Disk Space for the U2000 Server

space.
Context
possible.
Procedure
$ ./start_solaris.sh

script/hdc_engr.xml

script/hdc_vmf.xml

versions.
NOTE
dumping files:
$ cd /opt/oss/server/var/ThresholdExport/FM
$ rm -r 20110221

$ df -hk /opt
/dev/dsk/c1t1d0s5 134G 75G 58G 57% /opt
----End
8.5.2.2 Cleaning Up Disk Space for a U2000 Client

Context
Procedure

----End
8.6 High Availability System Running on SUSE Linux

8.6.1 Checking Server Disks

This topic describes how to check the usage and status of U2000 server disks.
8.6.1.1 Checking the Usage of U2000 Server Disks

This topic describes how to check the usage of U2000 server disks by using the System
Monitor or command lines. The information to be viewed includes the available space and
percentage of used disk space.
Procedure
l Method one (recommended): To check the disk usage by using the System Monitor,
perform the following steps:
a. Log in to the System Monitor.
b. Click the Disk tab to view information such as the available space and percentage
of used disk space.
l Method two: To check the disk usage by using command lines, perform the following
steps:
a. Log in to the SuSE Linux OS as the ossuser user. Run the following command to
$ su - root
b. Run the following command on the primary and secondary sites:
# df -h

/dev/sda1 20G 843M 18G 5% /
/dev/sda7 115G 61G 48G 56% /opt
/dev/sda5 20G 3.7G 16G 20% /usr
tmpfs 4.0K 0 4.0K 0% /dev/vx
/dev/vx/dsk/datadg/lv_backup 394G 47G 327G 13% /opt/backup
/dev/vx/dsk/datadg/lvdata 99G 43G 52G 46% /opt/sybase/data
----End

8.6.1.2 Checking the Status of U2000 Server Disks

This topic describes how to check the status of U2000 server disks. The abnormal disk status
can lead to data loss, affecting the normal running of the NMS. It is recommended that you
regularly check the disk status. If you discover any disk fault, repair or replace the disk in
time.
Procedure
Step 2 Open a terminal window. Then, run the following commands to switch to the root user:
$ su - root
Step 3 Run the following command on the primary and secondary sites:
# vxdisk list

sda auto:none - - online invalid
sdb auto:sliced disk03 datadg online
sdc auto:sliced disk04 datadg online
sdd auto:sliced - (datadg) online
NOTE
The equipment name displayed in the DEVICE column varies according to the actual condition of the
intended workstation, and thus may be different from the preceding information.
Step 4 Run the following command to switch to the non-root user:

# exit
----End
Reference Standard
The disk status can be concluded to be normal in the following situation:
After you run the vxdisk list command, the status of all disks is online.
Exception Handling
If a disk is faulty, contact the equipment supplier to repair or replace the disk in time.
8.6.1.3 Checking Status of U2000 Server Disk Groups

This topic describes how to check status of U2000 server disk groups.
Procedure
root user:
$ su - root

Step 2 Run the following command on both the primary and secondary sites:
# vxdg list

NAME STATE ID
datadg enabled 997585324.1237.Primary
----End
Result
Disk group status is considered normal in the following situations:
l On the workstation, only the datadg disk group is displayed.
l STATE is enabled for disk group.
Follow-up Procedure
If a fault of the disk group occurs, contact the local office or Customer Service Center of
Huawei according to the warranty.
8.6.1.4 Checking Status of U2000 Server Disk Volumes

This topic describes how to check status of U2000 server disk volumes.
Procedure
root user:
$ su - root
Step 3 Run the following command to check whether the disk volume status is normal:
# vxprint -v
Disk group: datadg

v lv_backup fsgen ENABLED 838860800 - ACTIVE - -
v lvdata datarvg ENABLED 209715200 - ACTIVE - -
v srl datarvg ENABLED 209715200 SRL ACTIVE - -
----End
Reference Standards
Disk volume status is considered normal if the following standards are met:
l Disk volumes used by the U2000 exist. Currently, the U2000 uses the lvdata disk
volume.
l KSTATE is ENABLED for all disk volumes.
l STATE is ACTIVE for all disk volumes.

Troubleshooting
1. If the problem persists, run the following command to record details of all disk volumes,
and contact the local office or customer service center of Huawei according to the
warranty:
In the command, VolumeName indicates the name of the disk volume. The name of the
current disk volume can be obtained through the vxprint -v command.
Table 8-5 describes meanings of the fields in the command output.
Table 8-5 Field description for disk volume status

Disk group Disk group to which this disk volume

belongs.
Volume Name of a disk volume.
info Length of a disk volume.
type Type of a disk volume.
state Status of a disk volume. Normally, state

is ACTIVE and kernel is ENABLED.
assoc Association relationship of a disk

volume. rvg specifies the RVG to which a
disk volume belongs. Normally, rvg is
datarvg.
plexes Plexes contained in a disk volume.
policies Management policy of a disk volume.
flags Flag of a disk volume.
logging Logs of a disk volume. Normally, type is

DCM.
recovery Recovery mode of a disk volume.
device Device number and path of a disk

volume.
perms Owner and authority of a disk volume.
For example, to view details of the lvdata disk volume, run the following command:
# vxprint -l lvdata

Disk group: datadg
Volume: lvdata
info: len=209715200
type: usetype=fsgen

assoc: rvg=datarvg
plexes=lvdata-01,lvdata-02
exports=(none)
flags: open writecopy writeback
apprecov: seqno=0/0
recov_id=0
lvdata
guid: {41ad6708-b94f-11e2-875a-1a5d1918d772}
mediatype: hdd
8.6.1.5 Checking the Mounting Status of File Systems

This topic describes how to check the mounting status of the U2000 file system and Sybase
file system.
Procedure
root user:
$ su - root
Step 3 Run the following command to view the mounting status of the U2000 file system and Sybase
file system:
# df -k

/dev/sda1 20634236 862596 18723476 5% /
udev 16427952 240 16427712 1% /dev
tmpfs 16777216 72 16777144 1% /dev/shm
/dev/sda8 20634236 176268 19409804 1% /export/home
/dev/sda7 119719140 63434664 50203096 56% /opt
/dev/sda9 20634236 189816 19396256 1% /tmp
/dev/sda5 20634236 3778884 15807188 20% /usr
/dev/sda6 16507816 448108 15221156 3% /var
/dev/sda10 10325192 309340 9491360 4% /var/log
/dev/sda11 4134384 139416 3784948 4% /var/log/audit
tmpfs 4 0 4 0% /dev/vx
/dev/vx/dsk/datadg/lv_backup 412849328 49158860 342718948 13% /opt/backup
/dev/vx/dsk/datadg/lvdata 103212320 44358408 53611032 46% /opt/sybase/data
If the file system information about /dev/sda7 119719140 63434664 50203096 56% /opt
and /dev/vx/dsk/datadg/lvdata 103212320 44358408 53611032 46% /opt/sybase/data is
displayed, it indicates that the mounting status of the U2000 file system and the Sybase file
system is normal.
----End

8.6.2 Cleaning Up Disk Space

This topic describes how to clean up disk space. You must clean up disk space in time to
ensure the normal running of the U2000 server and clients.
8.6.2.1 Cleaning Up Disk Space for the U2000 Server

space.
Context
possible.
Procedure
$ ./start_linux.sh

script/hdc_engr.xml
script/hdc_vmf.xml

b. Run the following commands to switch to the root user:
$ su - root
c. Delete the following useless files:


versions.
NOTE
dumping files:
# cd /opt/oss/server/var/ThresholdExport/FM
# rm -r 20110221

# df -hk /opt
/dev/sda2 260566312 51880408 208685904 20% /
----End
8.6.2.2 Cleaning Up Disk Space for a U2000 Client

space for the U2000, you must delete useless backup files and trash files. Disk space
Context
Procedure
----End

Administrator Guide 9 Log Management
9 Log Management
About This Chapter
The U2000 automatically records OSS logs, such as system logs, security logs, and user
operation logs when it operates. By querying and collecting statistics on logs, you can
understand the U2000 operating status, system security status, or specific user operation
information. In addition, the U2000 records NE Syslog operation logs and NE Syslog run
logs. By viewing NE logs, you can learn the operating status of the NEs. You can dump logs
to a hard disk or forward logs to a third-party Syslog server, relieving pressure on the
database. You can also export logs to a file or save log results as a file for access.
Context
NOTE
l Personal data may be involved during application and maintenance. To address this issue, multiple
handling methods are provided such as data anonymization.
l You are advised to comply with local laws and regulations and company policies as well as take
sufficient measures to fully protect user data. For example, delete saved log files after usage.
9.1 Log Management Overview

This topic describes log management policies and characteristics of logs on the U2000.
9.2 Managing Logs of the IP NE Side
This topic describes how to manage IP NE logs. The U2000 provides the function of
managing run logs of NEs and you can query NE running information on the U2000.
9.3 Managing Logs of the Access NE Side
This topic describes how to manage access NE logs. The U2000 provides the function of
managing syslog operation logs for NEs. You can use this function to query and synchronize
syslog operation logs on the U2000 after the logs of the managed NEs are synchronized to the
U2000.
9.4 Managing Transport NE Logs
This topic describes how to manage transport NE logs. Transport NE logs record all security-
based operation information, including NE security logs and NE operation logs. On the
U2000, you can forward NE logs to the syslog server and browse NE security logs and NE
operation logs.

9.1 Log Management Overview

This topic describes log management policies and characteristics of logs on the U2000.
9.1.1 Log Management Policy

This topic describes log security management, including the U2000 system log management,
U2000 operation log management, U2000 security log management, NE security log
management, NE syslog run log management, NE syslog operation log management, log
dumping management, and log forwarding management.
NMS Log
The U2000 records operations performed by all the U2000 users and the operation results.
l U2000 system log: System logs record operations or tasks that the U2000 performs
automatically, such as scheduled and system tasks.
l U2000 operation log: Operation logs record the information about the non-security
operations that the user performs on the U2000, for example, muting and displaying the
alarm sound.
l U2000 security log: Security logs record the security operations that the user performs in
the U2000, for example, login, logout, and unlocking.
By querying logs, the administrator can track and check user operations. Pay close attention to
operation logs. This helps you to master the system runtime information. The logs record of
events related to the equipment operations. For example, querying, creating, and deleting an
NE or other objects. The logs also help you to learn user activities. For example, you can view
operations performed by a user in the system.
You can query the preceding three types of logs on a client. In addition, all user activities and
operation instructions on the U2000 management plane are recorded as events to the OS logs
which are stored in the C: \Windows\System32\winevt\Logs\Application.evtx
(Windows), /var/adm/localmessages (Solaris), and /var/log/localmessages (Linux)
directories. If the number of recorded logs reaches the threshold, new logs will overwrite logs
recorded earlier.
NE Log
Operations and operation results of all the NE users are recorded in the NE. The U2000
supports the query of NE logs encapsulated by the syslog protocol of IP and access NEs and
the query of original security logs of transport NEs.
l NE syslog run log: Syslog run logs record running information about managed NEs. You
can view the NE syslog run logs on the U2000, rather than viewing them on each NE.
The U2000 allows users to browse syslog run logs of IP NEs.
l NE syslog operation log: Syslog operation logs record operation information about
managed NEs. You can view the NE syslog operation logs on the U2000, rather than
viewing them on each NE. The U2000 allows users to browse syslog operation logs of
access NEs.
l NE security log: NE security logs record security-based operations that all NE users
perform on an NE. You can view the NE security logs on the U2000, rather than viewing
them on each NE. The U2000 allows users to browse security logs of transport NEs.

Log Dumping
By setting the scheduled task dump, you can enable the U2000 to periodically save the log in
a specified directory. This function facilitates log viewing, reduces records in the database,
and speeds up the running of the system. By default, the dump path of the log is
$IMAP_ROOT/var/ThresholdExport/Log(Solaris/Linux) or %IMAP_ROOT%\var
\ThresholdExport\Log(Windows). The dumped log can be saved as .csv, .xml, .txt or .html
files.
Log Forwarding
U2000 log forwarding: The U2000 forwards logs to the syslog server and save them. This
function provides references for maintenance and relieves the storage burden of the U2000
server.
NE log forwarding: The U2000 forwards various types of NE information to the system log
server in a format that complies with the system log protocol. Network management
personnel and network maintenance personnel can learn the NE status according to
emergency of the information. The U2000 can forward logs of only IP and transport NEs. You
can configure a syslog server on an access NE and run commands to forward access NE logs.
Log Export
Automatic system log export: The U2000 can automatically export system logs to the server
so that users can browse the logs easily. To configure an automatic export task, do as follows:
Choose Administration > Task Schedule > Task Management from the main menu. In the
Task Management window, choose File Interface > Operation Log Export, File Interface
> Security Log Export, File Interface > System Log Export from the navigation tree.
Manual system log export: The U2000 allows users to manually export system logs to the
current client so that users can browse the logs easily. To configure a manual export task, do
as follows: Choose Administration > Log Management > Query System Logs from the
main menu. In the Query System Logs window, export logs by choosing a shortcut menu
item. (The procedures for exporting operation logs and security logs are similar to this.)
9.1.2 Log Types

Logs are classified into OSS logs and NE logs. OSS logs include system logs, security logs,
and operation logs. NE logs include NE Syslog operation logs and NE Syslog run logs.

Log Types
Type Description Example Parameter
OSS Operatio Records all l Creating Operation Name, Risk Level,

logs n Log operations on the NEs Operator, User Type,
client excluding the l Creating Operation Time, Operation
operations that Views Category, Operation
affect OSS security. Terminal, Operation Object,
l Acknowled Operation Result, Details
ging Alarms
l Clearing
Alarms
l Uploading
NE data
l Upgrading
NE or board
software
System Records the tasks l Triggered Risk Level, Source,

Log on the server that on the Operation Time, Basic
affect the OSS client: Information, Operation
operating status. Starting and Result, Details
Executing
Scheduled
Tasks
l Triggered
on the
server:
Starting and
Stopping
Services
Security Records the l Logging In Security Event, Risk Level,

Log operations to a Server Operator, User Type,
performed on the l Setting Operation Time, Operation
client that affect Security Terminal, Operation Object,
OSS security. Policies Operation Result, Details
l Unlocking a
User
Account
NE NE Records the - Device name, Time, User

logs Syslog operation logs of Name, Access Method, IP
Operatio NEs managed by Address, User Command,
n Log the OSS. User Command Details

Type Description Example Parameter
NE Records the - l Parameters for multi-file

Syslog operating query logs: NE Name, NE
Run Log information about Alias, IP Address, User
NEs managed by Name, User IP Address,
the OSS. Details, Time Sent
l Parameters for single-file
query logs: NE Name, IP
Address, Digest, Details,
Module Name, Level,
Time Sent
NE Records the - NE, User Name, Event

Security security-based Name, Resource Name,
Log operating Operation Time, Operation
information about Result
NEs managed by
the OSS.
NOTE
l Generated OSS logs and NE Syslog operation logs are saved in the OSS LogDB.
l Generated NE Syslog run logs are saved on both the hard disk and Syslog database (omcDB).
l The data on the hard disk is displayed on the client. Users can view the data on the client. In
Solaris and SUSE Linux operating systems, NE Syslog run logs are saved in the /opt/oss/
server/var/devlogs directory. In Windows operating system, NE Syslog run logs are saved in
the D:\oss\server\var\devlogs directory.
l The data in the Syslog database is forwarded to the third-party Syslog server, implementing
unified log management.
Log Parameter Description

l OSS Log Parameter Description
Parameter Description
Security Event Event that is related to U2000 security.
Operation Name Name of an operation that a user performs on the U2000.
Risk Level Level of a risk caused by the operation that is performed on the
U2000. The options are Warning, Minor, and Risk.
Operator NMS user.
User Type Type of the user who performs an operation.
Source Module on which the U2000 performs an operation.
Operation Time Time when an operation is performed. The value is expressed

in seconds.
Basic Information Basic operation information.

Operation Category Type of an operation.
Operation Terminal IP address of the server used when an operation is performed.
Operation Object Object on which an operation is performed.
Operation Result An operation may have one of the following three results:
Successful, Failed, and Partially successful (which are
displayed as Successful, Failed, and Unknown in system
logs.)
l Successful: indicates that the operation is successful and a
complete operation result is returned.
l Failed: indicates that the operation fails.
l Partially successful: indicates that the operation is partially
successful and a complete operation result is returned.
l Unknown: indicates an unknown status.
Details Other useful information about an operation.
l NE Log Parameter Description
Table 9-1 Parameter description for NE Syslog operation logs

Device name Name of a device managed by the U2000.
Time Specific time when an operation is performed. It is accurate to

second.
User Name User name of a device managed by the U2000.
Access Method Device access method used by a device user.
IP Address The IP address of the host used to perform operations.
User Command Command that a device user runs to perform an operation on a

device.
User Command Details about a user command.

Details
Table 9-2 Parameter description for NE Syslog run logs

NE Name Name of an NE managed by the U2000.
NE Alias Alias of an NE managed by the U2000.
IP Address IP address of an NE managed by the U2000.

User Name User who runs the command recorded in an NE Syslog run log.
User IP Address IP address of the user who runs the command recorded in an
NE Syslog run log.
Digest Digest of an NE Syslog run log.
Details Details of an NE syslog run log.

NOTE
In multi-file query, the Details parameter includes only the value of
Command= in log information.
Module Name Module corresponding to an NE Syslog run log.
Level NE Syslog run log level. Log levels include the Emergency,
Alert, Critical, Error, Warning, Notice, Informational, and
Debug levels.
Time Sent Time when an NE syslog run log is reported.
Table 9-3 Parameter description for NE Security Log

NE Indicates the name of an NE.
User Name Indicates a user name.
Event Name Indicates the name of an operation.
Resource Name Indicates the resource involved in the

operation.
Operation Time Indicates the time of an operation.
Operation Result Indicates the results of an operation.
9.1.3 Querying OSS Logs

By querying OSS logs, you can understand the U2000 operating status, system security status,
or users' detailed operation information.
Context
l Query results are generated based on the existing data in the database. If the database is
empty, no query result is displayed.
l Different users have different log query rights. For details, see Table 9-4.

Table 9-4 Log query rights
Log Type Operation Rights
Operation logs l Users in the Administrators group or users who have the
Query All Operation Logs permission can query operation
logs of all users.
NOTE
Users who have permission to Query All Operation Logs in a region
can view the operation logs of all users only in the region.
l Users in the SMManagers group who have the Query
Operation Logs permission can query operation logs of all
users.
l Common users who do not belong to the Administrators or
SMManagers group and who have the Query Operation
Logs permission can query only their own operation logs.
System logs l Users who have the Query System Logs permission can query
system logs.
Security logs l Users in the SMManagers group can query security logs of all
users.
l Users who have the Query All Security Logs permission can
query security logs of all users.
NOTE
Users who have permission to Query All Security Logs in a region
can view the security logs of all users only in the region.
l Users in a group of the Subdomain Security Administrator
Group type can view their own and their managed users'
security logs.
l Users who have the Query Security Logs permission can
query their own security logs.
Procedure
Step 1 Choose a menu portal.
l Querying operation logs: Choose Administration > Log Management > Query
Operation Logs from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose Log Management > Query
Operation Logs from the main menu (application style)Administration > Log
Management > Query Operation Logs from the main menu (traditional style);
alternatively, double-click Security Management in Application Center and choose
Log Management > Query Operation Logs from the main menu (application style).
l Querying system logs: Choose Administration > Log Management > Query System
Logs from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose Log Management > Query System
Logs from the main menu (application style)Administration > Log Management >
Query System Logs from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose Log Management > Query
System Logs from the main menu (application style).

l Querying security logs: Choose Administration > Log Management > Query Security
Management in Application Center and choose Log Management > Query Security
Logs from the main menu (application style).
Step 2 In the Filter dialog box, set filter criteria and click OK.
Step 3 Right-click OSS logs in the query result window and choose the following operations from
the shortcut menu:
Operation Method
Details Right-click a log in the window and choose Details from the shortcut
menu, or double-click the log.
NOTE
The Log Details dialog box displays log information, such as the operation
time, risk level, or operation result.
Save All Records 1. Right-click a log in the window and choose Save All Records
2. In the Save dialog box, select the path to save all the records, and
click Save.
NOTE
l Log records can be saved as a file in .txt, .html, .csv, .pdf, .xls or .xlsx
format. When a user saves a log file in .xls or .xlsx format, a cell can
support a maximum of 32,767 characters.
l For .txt files, code formats ISO-8859-1 and UTF-8 are supported. The
default encoding format is ISO-8859-1. You are advised to use the default
encoding format if the saved file does not need to support multiple
languages; otherwise, UTF-8 is recommended.
l The Progress dialog box is displayed if numerous log records exist. You
can click Background in the Progress dialog box or press Enter to perform
other operations on the background.
Save Selected 1. Select one or more logs in the query window, right-click, and
Records choose Save Selected Records from the shortcut menu.
2. In the Save dialog box, select the path to save the records and click
Save.
NOTE
l Log records can be saved as a file in .txt, .html, .csv, .pdf, .xls or .xlsx
format. When a user saves a log file in .xls or .xlsx format, a cell can
support a maximum of 32,767 characters.

Operation Method
Save Specified 1. Right-click a log in the window and choose Save Specified
Records Records from the shortcut menu.
2. In the Save Specified Records dialog box, set the start and end log
records and the name of the file to be saved, and click OK.
NOTE
l In the Save Specified Records dialog box, click on the right of File
name. In the Save dialog box, select the path for saving the records. Log
records can be saved as a file in .txt, .html, .csv, .pdf, .xls or .xlsx format.
When a user saves a log file in .xls or .xlsx format, a cell can support a
maximum of 32,767 characters.
Print All Records 1. Right-click a log in the window and choose Print All Records
2. In the Print dialog box, set the print parameters and click Print.
Print Selected 1. Select one or more logs in the query window, right-click, and
Records choose Print Selected Records from the shortcut menu.
Print Specified 1. Right-click a log in the window and choose Print Specified
Records Records from the shortcut menu.
2. In the Print Specified Records dialog box, set the start and end
log records and click OK.
Find 1. Right-click in a blank area of the window and choose Find from
the shortcut menu.
2. Enter a keyword in Find what in the Find dialog box for search.
NOTE
l Match case: determines whether the case of search contents matches the
case of the keyword. By default, the cases do not match.
l Match entire cell contents: If you want the search contents to partially
match the cell contents, clear Match entire cell contents. If you want the
search contents to exactly match the cell contents, select Match entire cell
contents. By default, Match entire cell contents is cleared.
----End

9.1.4 Collecting Statistics on OSS Logs

By collecting statistics on logs, you can understand the U2000 operating status, system
security status, or specific user operation information. With the log statistics function, you can
collect statistics only on OSS logs, but cannot collect statistics on NE logs.
Context
l Statistical results are generated based on the existing data in the database. If the database
is empty, there is no statistical result.
l Different users have different log statistics rights. For details, see Table 9-5.
Table 9-5 Relationship between OSS log types and operation rights
Type Operation Rights
OSS logs Operatio l Users in the Administrators group or users who have the
n logs Query All Operation Logs permission can collect
statistics on operation logs of all users.
NOTE
Users who have permission to Query All Operation Logs in a
region can collect statistics on the operation logs of all users only
in the region.
l Users in the SMManagers group who have the Query
Operation Logs permission can collect statistics on
operation logs of all users.
l Common users who do not belong to the Administrators
or SMManagers group and who have the Query
Operation Logs permission can collect only their own
statistics on operation logs.
System l Users who have the Query System Logs permission can
logs collect statistics on system logs.
Security l Users in the SMManagers group can collect statistics on

logs security logs of all users.
l Users who have the Query All Security Logs permission
can collect statistics on security logs of all users.
NOTE
Users who have permission to Query All Security Logs in a
region can collect statistics on the security logs of all users only
in the region.
l Users in a group of the Subdomain Security
Administrator Group type can collect statistics on their
own and their managed users' security logs.
l Users who have the Query Security Logs permission can
collect statistics on their own security logs.
Procedure
Step 1 Choose a menu portal.

l Collecting statistics on operation logs: Choose Administration > Log Management >
Operation Log Statistics from the main menu (traditional style); alternatively, double-
click Security Management in Application Center and choose Log Management >
Operation Log Statistics from the main menu (application style)Administration > Log
Management > Operation Log Statistics from the main menu (traditional style);
Log Management > Operation Log Statistics from the main menu (application style).
l Collecting statistics on system logs: Choose Administration > Log Management >
System Log Statistics from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose Log Management > System
Log Statistics from the main menu (application style)Administration > Log
Management > System Log Statistics from the main menu (traditional style);
Log Management > System Log Statistics from the main menu (application style).
l Collecting statistics on security logs: Choose Administration > Log Management >
Security Log Statistics from the main menu (traditional style); alternatively, double-
click Security Management in Application Center and choose Log Management >
Security Log Statistics from the main menu (application style)Administration > Log
Management > Security Log Statistics from the main menu (traditional style);
Log Management > Security Log Statistics from the main menu (application style).
Step 2 In the Filter dialog box, set Statistics Settings and Filter Criteria, and click OK.
NOTE
l You can also click Cancel and use either of the following methods to filter and collect statistics on
logs.
– Click Template and choose Open. Select a template from the template list and click Open to
use an existing template to collect statistics on operation logs. If no template exists on the
U2000, follow the instructions described in 9.1.5 Setting U2000 Log Templates to create a
template.
– Click Filter. In the Filter dialog box, set Statistics Settings and Filter Criteria and click OK
to collect statistics on operation logs.
----End
Result
The display mode of statistics varies according to the settings on the Statistics Settings tab
page in the Filter dialog box. Table 9-6 describes the relationship between Statistics Settings
for operation logs and security logs and the display mode of statistics. Table 9-7 describes the
relationship between Statistics Settings for system logs and the display mode of statistics.

Table 9-6 Relationship between Statistics Settings and the display mode of statistics (1)
Row Column Display Mode
Item 1 Item 2 Item
Do not set it Do not set it Set it to The statistical result is displayed as follows:
to (None). to (None). (Count). l The statistical result is displayed in a
collapsed tree with Item 1 as the level-1
node and Item 2 as the level-2 node.
l The statistical result is achieved based on
the items selected in Row.
Do not set it Set it to Set it to l The statistical result is displayed by Item

to (None). (None). (Count). 1 or Item 2.
Set it to Do not set it Set it to l The statistical result is achieved based on

(None). to (None). (Count). the items selected in Row.
Do not set it Do not set it Do not set it l The statistical result is displayed in a
to (None). to (None). to (Count). collapsed tree with Item 1 as the level-1
node and Item 2 as the level-2 node.
the combination of the items selected in
Row and the item selected in Column.
Do not set it Set it to Do not set it l The statistical result is displayed by Item
to (None). (None). to (Count). 1 or Item 2.
Set it to Do not set it Do not set it l The statistical result is achieved based on
(None). to (None). to (Count). the combination of the items selected in
Row and the item selected in Column.
Table 9-7 Relationship between Statistics Settings and the display mode of statistics (2)
Item 1 Item
Set it to Risk Level. Set it to (Count). The statistical result is displayed as follows:
Set it to Source. Set it to (Count). l The statistical result is displayed by Risk

Level or Source.
the items selected in Row.
Set it to Risk Level. Set it to Source. l The statistical result is displayed by Risk
Level.
Source.

Item 1 Item
Set it to Source. Set it to Risk Level. l The statistical result is displayed by

Source.
Risk Level.
9.1.5 Setting U2000 Log Templates

You can save the specific query and statistics conditions in U2000 log templates. This helps
you to query and collect statistics on logs conveniently.
Context
l Choose Administration > Log Management > Query Operation Logs from the main
Application Center and choose Log Management > Query Operation Logs from the
main menu (application style)Administration > Log Management > Query Operation
Management in Application Center and choose Log Management > Query
Operation Logs from the main menu (application style). Click Template Filter to set
the template.
l Choose Administration > Log Management > Query System Logs from the main
Application Center and choose Log Management > Query System Logs from the
main menu (application style)Administration > Log Management > Query System
Management in Application Center and choose Log Management > Query System
Logs from the main menu (application style). Click Template Filter to set the template.
l Choose Administration > Log Management > Query Security Logs from the main
Application Center and choose Log Management > Query Security Logs from the
main menu (application style). Click Template Filter to set the template.
l Choose Administration > Log Management > Operation Log Statistics from the main
Application Center and choose Log Management > Operation Log Statistics from
the main menu (application style)Administration > Log Management > Operation
Log Statistics from the main menu (traditional style); alternatively, double-click
Security Management in Application Center and choose Log Management >
Operation Log Statistics from the main menu (application style). Click Template to set
the template.
l Choose Administration > Log Management > System Log Statistics from the main
Application Center and choose Log Management > System Log Statistics from the
main menu (application style)Administration > Log Management > System Log
Statistics from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose Log Management > System Log
Statistics from the main menu (application style). Click Template to set the template.

l Choose Administration > Log Management > Security Log Statistics from the main
Application Center and choose Log Management > Security Log Statistics from the
main menu (application style)Administration > Log Management > Security Log
Statistics from the main menu (traditional style); alternatively, double-click Security
Management in Application Center and choose Log Management > Security Log
Statistics from the main menu (application style). Click Template to set the template.
The operations for setting the log query and statistics templates are similar. The following
provides an example of setting the log query template.
Procedure
Step 1 Choose Administration > Log Management > Query Operation Logs from the main menu
and choose Log Management > Query Operation Logs from the main menu (application
style)Administration > Log Management > Query Operation Logs from the main menu
and choose Log Management > Query Operation Logs from the main menu (application
style).
Step 2 In the Filter dialog box, click Cancel.
Step 3 You can perform the following operations in the Query Operation Logs window.
Operation Method
Create a template 1. Click Template Filter and choose New.

2. In the New Template dialog box, enter the template name and
click OK.
NOTE
The template name cannot contain the following characters:
`~!@#$%^&*()":;?,|{}[]<>'\/
3. In the Filter dialog box, set filter criteria and click OK.
Open a template If a log query and statistics template exists in the U2000, you can
perform the following operations to open the template:
1. Click Template Filter and choose Open.
2. In the Open dialog box, select a template and click Open.
Save a template You can perform the following operations to save and modify a log
query or statistics template:
1. Click Template Filter and choose Save As.
2. In the Save Template dialog box, enter a template name and
click OK.
NOTE
The template name cannot contain the following characters:
`~!@#$%^&*()":;?,|{}[]<>'\/

Operation Method
Delete a template If a log query and statistics template exists in the U2000, you can
perform the following operations to delete the template:
1. Click Template Filter and choose Delete.
2. In the Delete dialog box, select a template.
3. Click Delete.
5. In the Delete dialog box, click Close.
Import 1. Click Template Filter and choose Import.
2. In the Import dialog box, click

corresponding to Select Files. In the Select dialog box, select a
file to import, and click Open.
3. In the Import dialog box, enter the password for the integrity
check, and click Integrity Check.
4. Select the file that passed the check, and click OK.
5. In the Import Result dialog box, click OK.
Export If a query operation logs template exists in the U2000, you can
perform the following operations to export the template:
1. Click Template Filter and choose Export.
2. In the Export dialog box, select a template.
3. On the File Integrity Protection group box, enter the same
password in Password and Confirm password text boxes.
4. Click . In the Select Folder dialog box, select a save path for
the template file to export, and click Save.
5. Click OK.
6. In the Information dialog box, click OK.
NOTE
If an existing template failed to be exported due to unsupported characters
contained in its name, save it as a new template to export.
----End
9.1.6 Dumping or Exporting Logs

Generated OSS logs and NE Syslog operation logs are saved in the OSS database. The log
dump function allows you to save logs as a file in the hard disk. The logs dumped to the hard
disk are automatically deleted from the OSS database, preventing space insufficiency. The log
export function allows you to export OSS logs to a file for access. Exported logs are still
saved in the OSS database.

Context
l The log query tool can query .csv and .txt files as well as .zip files containing .csv or .txt
files.
l Figure 9-1 illustrates the log dump process.
Figure 9-1 Log dump process

NOTE
l NE Syslog operation logs apply to access NEs only.

l A task for dumping system logs, operation logs, and security logs has been created on the log
server. When the size of database logdb is greater than or equal to the threshold (the default
threshold is 85% of the maximum size of the database logdb), the OSS dumps the system logs,
operation logs, and security logs until the database size is less than the threshold.
l A task for dumping device logs has been created on the log server. When the size of database
logdb is greater than or equal to the threshold (the default threshold is 85% of the maximum
size of the database logdb), the OSS dumps the device logs until the database size is less than
the threshold.
l A task for dumping logs has been created on the log server. The OSS allows a maximum of
4,000,000 operation logs, 3,000,000 system logs, and 3,000,000 security logs. It starts the task
when the number of a type of logs is equal to or greater than the maximum to dump logs until
the numbers of the logs are less than the allowed maximum.
Procedure
and choose Task Schedule > Task Management from the main menu (application
style)Administration > Task Schedule > Task Management from the main menu
Step 2 In the task list of the Task Management window, select the log dump or export task type and
task.
Log dump or export task types are as follows:
l Database Capacity Management: Security Log Dump, Operation Log Dump, System
Log Dump, Device Log Dump (The device logs here indicate access NE Syslog
operation logs.)
l Overflow Dump: Security Log Overflow Dump, Operation Log Overflow Dump,
System Log Overflow Dump
l Manual Dump: Security Log Manual Dump, Operation Log Manual Dump, System Log
Manual Dump
l File Interface: Security Log Export, Operation Log Export, System Log Export
Step 3 Double-click the log dump or export task.
Step 4 In the Attributes dialog box, set the parameters on the Common Parameters and Extended
Parameters tabs.
Step 5 Click OK.

NOTE
l The time displayed in the U2000 log record is the start time of an operation. If the start time of the
operation is within the time range for exporting logs, but the operation is not complete when the time
for exporting logs is reached, this log record is not exported to the log file.
l The time for triggering the log dump task in database capacity management, log dump task in
overflow dump, and log export task in file interface depends on Start time and Interval among
common parameters for different tasks.
----End

Result
File path on the Extended Parameters tab page displays the path for saving the log file.
Task Task Default Path for Saving Rules for Naming Dumped/
Type Name Dump/Export File Exported Files
Database Security l OSS server running the l YYYYMMDDHHMMSS-

Capacity Log Dump Solaris or SUSE Linux security-log-
Manageme Security operating dateThreshold_info.xml
nt/ Log system: /opt/oss/ l YYYYMMDDHHMMSS-
Overflow Overflow server/var/ security-log-
Dump Dump ThresholdExport/Log/ dateThreshold(UTF–8)-
YYYYMMDD <number>.zip
l OSS server running the
Operation Windows operating l YYYYMMDDHHMMSS-
Log Dump system: D:\oss\server operation-log-
Operation \var\ThresholdExport dateThreshold_info.xml
Log \Log\YYYYMMDD l YYYYMMDDHHMMSS-
Overflow operation-log-
Dump dateThreshold(UTF–8)-
<number>.zip
System l YYYYMMDDHHMMSS-
Log Dump system-log-
System dateThreshold_info.xml
Log l YYYYMMDDHHMMSS-
Overflow system-log-
Dump dateThreshold(UTF–8)-
<number>.zip
Device l OSS server running the l DevLogTimerDumpYYYYM

Log Dump Solaris or SUSE Linux MDDHHMMSS-01-
operating <number>.zip
system: /opt/oss/ l DevLogTimerDumpYYYYM
server/var/ MDDHHMMSS-01_(UTF–
ThresholdExport/Dol/ 8)-<number>.zip
YYYYMMDD
Windows operating
system: D:\oss\server
\var\ThresholdExport
\Dol\YYYYMMDD
Manual Security l OSS server running the l YYYYMMDDHHMMSS-

Dump Log Solaris or SUSE Linux security-log-manual_info.xml
Manual operating l YYYYMMDDHHMMSS-
Dump system: /opt/oss/ security-log-manual(UTF–8)-
server/var/ <number>.zip
ThresholdExport/Log/
YYYYMMDD
Windows operating

Operation system: D:\oss\server l YYYYMMDDHHMMSS-

Log \var\ThresholdExport operation-log-
Manual \Log\YYYYMMDD manual_info.xml
Dump l YYYYMMDDHHMMSS-
operation-log-manual(UTF–
8)-<number>.zip
System l YYYYMMDDHHMMSS-
Log system-log-manual_info.xml
Manual l YYYYMMDDHHMMSS-
Dump system-log-manual(UTF–8)-
<number>.zip
File Security l OSS server running the l YYYYMMDDHHMMSS-

Interface Log Export Solaris or SUSE Linux security-log-
operating conditional_info.xml
system: /opt/oss/ l YYYYMMDDHHMMSS-
server/var/fileint/ security-log-
seculogs/ conditional(UTF–8)-
Windows operating
\var\fileint\seculogs
\YYYYMMDD
Operation l OSS server running the l YYYYMMDDHHMMSS-

Log Export Solaris or SUSE Linux operation-log-
server/var/fileint/ operation-log-
userlogs/ conditional(UTF–8)-
Windows operating
\var\fileint\userlogs
\YYYYMMDD

System l OSS server running the l YYYYMMDDHHMMSS-

Log Export Solaris or SUSE Linux system-log-
server/var/fileint/ system-log-conditional(UTF–
syslogs/YYYYMMDD 8)-<number>.zip
Windows operating
\var\fileint\syslogs
\YYYYMMDD
NOTE
l If each file contains more than 5000 rows, the .zip file is split into two or more files. <number> in
the file name continuously increases. Examples: 20140321144204-operation-log-
dateThreshold(UTF-8)-1.zip and 20140321144204-operation-log-dateThreshold(UTF-8)-2.zip.
l If a file is dumped/exported during daylight saving time (DST), its name contains DST. For
example, 20161122174945DST-system-log-dateThreshold_info.xml indicates this system log is
dumped during DST.
l Logs can be dumped/exported to a CSV, XML, TXT, or HTML file and then are compressed to
a .zip package.
9.1.7 Log Forwarding

In routine operation and maintenance, a large number of logs are generated. To ensure that the
U2000 server has sufficient space for storing new logs, historical logs are deleted as new logs
are increasing. If historical logs are not dumped to other servers in a timely manner, these logs
are discarded and cannot be restored. Operation records and system running records in these
logs cannot be found any more. With the log forwarding service, the U2000 can send OSS
logs and NE logs as Syslog packets to a third-party Syslog server for unified management.
The third-party Syslog server software can be one of the following: Syslog Watcher, Kiwi
Syslog Daemon, 3CDaemon, WinSyslog.
9.1.7.1 Getting to Know Log Forwarding

Before enabling the U2000 to forward logs, learn the working principles, which facilitate
operations and prevent errors.
The U2000 log forwarding service reads logs from the U2000 Syslog database every 5
seconds, converts the logs into Syslog packets, and sends them to the third-party Syslog
server. In this process, the BSD Syslog protocol defined under RFC3164 UDP, RFC3195
TCP, and RFC5424 TLS is used.
Figure 9-2 illustrates the position of the log forwarding service in the entire log forwarding
system.

Figure 9-2 Position of the log forwarding service in the entire log forwarding system
Fault Service Syslog Server
Topo Service
DB Syslog Forwarding agent Syslog Server
Security Service
... ...
Figure 9-3 illustrates the log forwarding process.

Figure 9-3 Log forwarding process


NOTE
l The logs in the U2000 Syslog database (omcDB) are written by each service module (such as the
fault, topology, and security modules). Log data in the OSS database is not deleted after logs are
forwarded.
l Satisfy the following two conditions to implement the log forwarding function:
l Related logs have been written into the Syslog database. For details about the write function
configuration method, see Enabling Logging to U2000 Syslog Database in U2000
Administrator Guide.
l The U2000 and a third-party Syslog server haven been interconnected and can communicate
with each other. For details about the interconnection configuration method, see Setting the
Interconnection Between the U2000 and the Syslog Server.
9.1.7.2 Enabling Logging to U2000 Syslog Database

The function of writing the logs into the Syslog database can be enabled or disabled on the
U2000 server. By default, the function is disabled, that is, the logs are not written into the
Syslog database of the U2000. Before using the log forwarding function, you must enable the
function of writing the logs into the Syslog database.
Context
After this function is enabled, the U2000 logs are written to the Syslog database.
Procedure
Step 1 Log in to the U2000 server.
l Solaris/SUSE Linux: Log in to the server as the ossuser user.
l Windows: Log in to the server as the ossuser user
Step 2 Open the configuration file.
l Solaris/SUSE Linux:
Run the vi command to open the $IMAP_ROOT/etc/conf/IMAP_logsvc.xml file.
vi $IMAP_ROOT/etc/conf/IMAP_logsvc.xml
l Linux:
Open the %IMAP_ROOT%\etc\conf\IMAP_logsvc.xml file using tools such as
UltraEdit or Notepad.
Step 3 Set syslogReportFlag of the log to 1. The function of writing the logs into the Syslog
database is enabled.
The following is an example of writing the system logs, operation logs, and security logs of
the U2000 into the Syslog database.
<syslog name="syslogReport">
<logType name="41">

<param name="syslogReportFlag">1</param>


<param name="syslogReportLevel">2</param>
</logType>
<logType name="42">


</logType>
<logType name="43">



<param name="syslogReportLevel">1</param>
</logType>
</syslog>
NOTE
Log level selection is not provided for operation logs (42) because operation logs at all levels are
reported.
Step 4 After the modification is complete, save the file. In the Solaris/SUSE Linux OS, exit from the
VSI editor after the file is saved.
Step 5 Run the following commands to import IMAP_logsvc.xml to the database:
l Solaris/SUSE Linux: SettingTool -cmd import -file $IMAP_ROOT/etc/conf/

IMAP_logsvc.xml
l Windows: SettingTool -cmd import -file %IMAP_ROOT%\etc\conf\IMAP_logsvc.xml
Step 6 Restart the LogService.
svc_adm -cmd restartsvc LogService
NOTE
l When log service is restarted, all the dependent services will also be restarted.
l View other services that depend on the log service. For details, see 10 Monitoring the U2000
Processes.
----End
9.1.7.3 Setting Filter Criteria for Forwarding Logs

In the Solaris and SUSE Linux operating systems, string-based filtering supports regular
expressions. Administrators can set regular expressions to filter logs. Then, the U2000
forwards matched logs to the specified server so that the administrators can view U2000
information or NE information, for example, running status.
Procedure
Step 1 Use the PuTTY to log in to the server as user in SSH mode.
Step 2 Run the following command to open the configuration file /opt/oss/server/etc/conf/
IMAP_syslogsvc.xml:
$ vi /opt/oss/server/etc/conf/IMAP_syslogsvc.xml
Step 3 Based on the format of logs to be forwarded, add or modify configuration items that specify
regular expressions under filterRegexList. By default, the configuration file provides the
following configuration item that specifies the regular expression for filtering and forwarding
NE security logs:

<filterRegexList name="filterRegexList">
<param name="r01">$s$(\[[0-9]+\])?:</param>
</filterRegexList>
NOTE
When adding a configuration item, specify a number and a regular expression for the configuration item.
The configuration item number must be unique in the file. For example, to filter and forward NE
operation logs, add <param name="r02">$l$(\[[0-9]+\])?:</param> under filterRegexList.
Step 4 Press Esc to switch to the command-line interface (CLI) mode. Run the :wq! command to
save and close the IMAP_syslogsvc.xml file.
Step 5 Run the following command to import the configuration file into the database:
$ SettingTool -cmd import -file /opt/oss/server/etc/conf/IMAP_syslogsvc.xml
$ svc_adm -cmd reload
Step 6 When setting the interconnection between the U2000 and the Syslog server on a client, set
String filter to a regular expression specified in the configuration file so that logs that match
the regular expression can be forwarded to the specified server. For details, see 9.1.7.4 Setting
the Interconnection Between the U2000 and the Syslog Server. If the value of String filter
on the client is different from the regular expression or the configuration file does not contain
the regular expression, logs are filtered based on the value of String filter, which is used as a
common string. That is, if logs contain the value of String filter, the U2000 forwards the
logs. Otherwise, the U2000 does not forward the logs.
For example, if the regular expression $s$(\[[0-9]+\])?: for filtering and forwarding NE
security logs is specified on the server, you can set String filter to $s$(\[[0-9]+\])?: on a
client so that the U2000 forwards NE security logs that contain (s): or (s)[n]: (n indicates a
non-negative integer) to the specified server.
----End
9.1.7.4 Setting the Interconnection Between the U2000 and the Syslog Server
The U2000 can forward logs from the Syslog database to the third-party Syslog server only
when the U2000 communicates with the third-party Syslog server properly; therefore, you
need to set the information about the Syslog server on an U2000 client.
Context
The log forwarding server forwards only security logs, operation logs, and system logs.
Procedure
Step 1 Choose Administration > Settings > Log Forwarding Servers from the main menu
and choose Settings > Log Forwarding Servers from the main menu (application style).

Step 2 You can perform the following operations in the Log Forwarding Servers window.
Set OSS log forwarding rules Click Set OSS Log Forwarding Rule. In the Set OSS
Log Forwarding Rule dialog box, set the types and levels
of logs to be forwarded.

Add Click Add. In the Create Log Forwarding Server dialog

box, set the server that receives logs. See Log Forwarding
Servers.
NOTE
l To enable the log forwarding function, select Yes from the
Enable drop-down list.
l The IP address cannot be set to a loopback address.
l In the Solaris and SUSE Linux operating systems, string-
based filtering supports regular expressions. If the value of
String filter on a client is the same as a regular expression
specified in the configuration file on the server, logs are
filtered based on the regular expression. If the value of String
filter on the client is different from the regular expression or
the configuration file does not contain the regular expression,
logs are filtered based on the value of String filter, which is
used as a common string. That is, if logs contain the value of
String filter, the U2000 forwards the logs. Otherwise, the
U2000 does not forward the logs. For details, see Setting
Filter Criteria for Forwarding Logs in the U2000
administrator guide.In the Windows operating system, if logs
contain the value of String filter configured on the client, the
U2000 forwards the logs. Otherwise, the U2000 does not
forward the logs.
l String filter does not support wildcards.
l If the value of Protocol is TCP or TLS, the log forwarding
service tries to connect to the primary server first. If the log
forwarding service fails to connect to the primary server, it
tries to connect to the secondary server. When the primary
server recovers, it takes over the service back from the
secondary server. If the value of Protocol is UDP, log
forwarding service sends the Syslog records only to the
primary server.
If the value of Protocol is TLS, you need to deploy the SSL
certificate for the log forwarding service. For details about
how to deploy the SSL certificate for the log forwarding
service, see Deploying Log Forwarding Service Certificates
in the U2000 administrator guide.
l If the value of Protocol is UDP, the U2000 cannot determine
whether the IP addresses and ports on the remote Syslog
server are valid, because the UDP cannot ensure transmission
reliability. Therefore, State in the Log Forwarding Servers
dialog box indicates whether the U2000 log forwarding server
can successfully send logs in Syslog packet mode, but does
not indicate that these packets can be successfully received by
the Syslog server.
l The Transport Layer Security (TLS) protocol secures data
transfer through data encryption. If the value of Protocol is
TLS, the U2000 log forwarding server encrypts and sends
logs to the Syslog server.
l TLS is recommended because it is more secure than UDP and
TCP.
l A maximum of five servers can be configured for receiving
logs.

Delete Select a server record and click Delete.
Modify Select a server record and click Modify. In the Modify

Log Forwarding Server dialog box, set the server
information included in logs.
Refresh After another user updates the information about the log
forwarding server, click Refresh to obtain the updated
information.
Cancel Exit the Log Forwarding Servers dialog box.
----End
9.1.7.5 Monitoring the Connection Between the U2000 and Syslog Server
If the U2000 connects to the Syslog server abnormally, alarms are generated and sent to
U2000 clients. You need to clear the alarms in a timely manner to ensure normal
communication between the U2000 and the Syslog server.
Context
When TCP or Transport Layer Security (TLS) mode is configured for Syslog servers, there
are three situations:
1. If the U2000 successfully connects to the primary Syslog server, it forwards logs only to
this Syslog server.
2. If the U2000 fails to connect to the primary Syslog server, it attempts to connect to the
secondary Syslog server. If the connection is successful, the U2000 forwards logs only to
the secondary Syslog server.
3. If U2000 fails to connect to either of the primary and secondary Syslog servers, log
forwarding is unavailable for the Syslog servers.
The log forwarding service reports the following two alarms to the fault module when the
connection is abnormal:
l ALM-119 Alarm of the Switchover to the Standby Syslog Server: This alarm is
reported when the U2000 fails to connect to the primary Syslog server and attempts to
connect to the secondary Syslog server.
l ALM-118 Alarm of the Failure to Connect the Master and Standby Syslog Servers:
This alarm is reported when the U2000 fails to connect to either of the primary and
secondary Syslog servers.
To ensure proper communication between the U2000 and Syslog server, you must clear the
alarm in a timely manner.
Procedure
l Clear the ALM-119 Alarm of the Switchover to the Standby Syslog Server alarm by
following the procedure provided in ALM-119 Alarm of the Switchover to the Standby

Syslog ServerALM-119 Alarm of the Switchover to the Standby Syslog Server in the
online help.
l Clear the ALM-118 Alarm of the Failure to Connect the Master and Standby Syslog
Servers alarm by following the procedure provided in ALM-118 Alarm of the Failure to
Connect the Master and Standby Syslog ServersALM-118 Alarm of the Failure to
Connect the Master and Standby Syslog Servers in the online help.
----End
9.1.7.6 Deploying and Updating Log Forwarding Service Certificates (Solaris,

SUSE Linux)
The U2000 server can transfer logs to a third-party Syslog server using the UDP, TCP, or TLS
protocol. TLS is recommended because it provides the highest security. Trust certificates of
the third-party Syslog server must be deployed on the U2000 server. If the trust certificates of
the third-party Syslog server are changed, you need to update trust certificates of the third-
party Syslog server on the U2000 server.
Scenario Introduction
If the trust certificates of the third-party Syslog server are changed, you need to update the
trust certificates deployed on the U2000 server. For detailed operations in a specific scenario,
see Table 9-8.
Table 9-8 Managing trust certificates of the Syslog server on the U2000 server
Scenario Operation
The third-party Syslog log 9.1.7.6.1 Deploying Log Forwarding Service Certificates
forwarding server is used NOTE
for the first time. When forwarding logs using the TLS protocol, the U2000 uses the
certificate of the U2000 server by default. The certificate is saved in
the /opt/oss/server/etc/ssl directory. To prevent the certificates from
affecting each other in different scenarios, you are advised to deploy
the certificate in the /opt/oss/server/etc/ssl/syslog directory.

Scenario Operation
The CA granting l If the CAs granting certificates to the U2000 server and to
certificates to the third- the third-party Syslog log forwarding server are the same,
party Syslog log or are two sub-CAs in the same CA, perform the following
forwarding server it not operations:
changed, and the trust 9.1.7.6.2 Updating Log Forwarding Service Certificates
certificates are updated. l If the CAs granting certificates to the U2000 server and to
the third-party Syslog log forwarding server are different,
and are not two sub-CAs in the same CA, perform the
1. Delete old trust certificates of the third-party Syslog
log forwarding server by following the instructions
provided in 9.1.7.6.4 Deleting Trust Certificates of
the Third-party Syslog Server from the U2000
Server.
2. Add new trust certificates of the third-party Syslog log
forwarding server by following the instructions
provided in 9.1.7.6.3 Adding Trust Certificates of the
Third-party Syslog Server to the U2000 Server.
The server trusts a new 9.1.7.6.3 Adding Trust Certificates of the Third-party
CA granting certificates to Syslog Server to the U2000 Server
the third-party Syslog log
forwarding server.
The third-party Syslog log Query the file name and issuer of the trust certificate of the
forwarding server is no third-party Syslog log forwarding server by following the
longer used. instructions provided in ssl_adm -cmd queryCA.
l If the file name and issuer of the trust certificate exist,
follow the instructions provided in 9.1.7.6.4 Deleting
Trust Certificates of the Third-party Syslog Server
from the U2000 Server.
l If the file name and issuer of the trust certificate do not
exist, no further action is required.
9.1.7.6.1 Deploying Log Forwarding Service Certificates

The U2000 server can forward logs to a third-party Syslog server in compliance with the
UDP, TCP, and TLS protocols. To ensure security, TLS is recommended. If the U2000 server
and the third-party Syslog server trust respective CAs, deploy related certificates on the
U2000 server to ensure proper operating of log forwarding services.
Prerequisites
The following certificates have been obtained:
l Identity certificate and key of the U2000 server: server.cer and server_key.pem or
server.p12 and its encrypted password
l Trust certificate of the third-party Syslog server

l Optional: Certificate revocation list (CRL) issued by CA trusted by the third-party

Syslog server
NOTE
The identify certificate of the U2000 server and the trust certificate of the third-party Syslog server must
be issued by the same CA or two sub-CAs in the same CA. When they are issued by two sub-CAs in the
same CA, the trust certificates of both the CA and the two sub-CAs must be prepared.
Context
l The authentication mode including unidirectional and bidirectional authentication for the
log forwarding services is configured on the third-party Syslog server. To ensure
security, bidirectional authentication is recommended.
l If the U2000 server and the third-party Syslog server trust the same CA, they can use the
certificate deployed on the U2000 server during the mutual authentication. Certificate
deployment is not required.
l If unidirectional authentication (only the U2000 server authenticates the third-party
Syslog server) is applied and the U2000 server and the third-party Syslog server trust
respective CAs, deploy the trust certificate of the third-party Syslog server and the CRL
issued by an authorized CA on the U2000 server.
l If bidirectional authentication is applied and the U2000 server and the third-party Syslog
server trust respective CAs, deploy the trust certificate of the third-party Syslog server
and the CRL issued by an authorized CA on the U2000 server. In addition, deploy the
trust certificate of the U2000 server and the CRL issued by an authorized CA on the
third-party Syslog server.
l This section describes how to deploy a trust certificate and the CRL for the third-party
Syslog server on the U2000 server.In the local HA environment or the remote HA
environment, run this command only on the primary server.
l Re-log in to the client after deploying the certificates on the server.
l The TLSv1.0 protocol is not secure enough. Disable it. For details, see 5.3.2.5 Enabling
or Forbidding Using TLSv1.0 on the U2000. You are advised to use TLSv1.1 and later.
Procedure
Step 1 Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.
Step 2 Run the following commands to create a path for the certificates. In this example, /opt/oss/
server/syslogcertificates is created.
$ cd /opt/oss/server
$ mkdir syslogcertificates
Step 3 Use FileZilla to upload the trust certificate, identity certificate, and CRL to the U2000 server.
For details about how to use the FileZilla tool, see A.2.30 How to Use the FileZilla to
Transfer Files by SFTP. You must set the following information when uploading the
certificates:
l User name and password: name and password of the ossuser user
l File path on the server: /opt/oss/server/syslogcertificates
NOTE
One trust certificate file can contain only one trust certificate, and one CRL file can contain only one
CRL.

Step 4 Run the following command to end the U2000 processes:

Single-Server System:
$ ./stopnms.sh
High Availability System:

$ su - root
Step 5 Run the following command on the server to back up the certificates. If the certificates have
not been deployed, perform Step 6.
$ mkdir -p var/backup/deployssl/ssl/syslog
$ ssl_adm -cmd backup -app syslog -backpath var/backup/deployssl/ssl/syslog
NOTE
l The certificate backup path can be an absolute or relative path. The relative path is relative
to /opt/oss/server.
l Assume that certificates are backed up to /opt/oss/server/var/backup/deployssl/ssl/syslog.
Step 6 Run the following command to deploy the log forwarding service certificates.
$ ssl_adm -cmd replace_certs -app syslog -dir /opt/oss/server/syslogcertificates
Enter the identity certificate password of the U2000 server as prompted.
NOTE
l In this command, /opt/oss/server/syslogcertificates is the path to the SSL certificates.

l Pay attention to the following points when you enter the identity certificate password:
– If the identity certificate file is the server.p12 file of the PKCS#12 type (single file in PFX
format), enter the correct certificate password (obtained with the certificate) to decrypt the
certificate, and then set a new password to encrypt the certificate. The new password must be
greater than 6 and is recommended to be less than or equal to 64 characters and contain at least
three of the following types of characters: lowercase letters, uppercase letters, digits, and
special characters (excluding spaces and `$^&()\|;'"<>).
– If the identity certificate file is the server.cer, the new password is user-defined and is used to
encrypt the .pem private key file matching the certificate. The new password must be greater
than 6 and is recommended to be less than or equal to 64 characters and contain at least three
of the following types of characters: lowercase letters, uppercase letters, digits, and special
characters (excluding spaces and `$^&()\|;'"<>). After executing the command, server.cer file
is converted to a PKCS#12 certificate.
– After the command is run, the password of the server.p12 file is saved to /opt/oss/
server/etc/ssl/certificateConfig.xml in ciphertext.
l If the command is run successfully, all certificate files in the specified path are converted and
deployed to /opt/oss/server/etc/ssl/syslog.
l After the log forwarding service certificates are deployed, the certificate directory structure is similar
to the directory structure described in Certificate Save Path and Naming Conventions.
l If the message SSL certificates are deployed successfully is
displayed, certificates are deployed successfully, go to Step 7.
l Otherwise, certificates fail to be deployed. When this occurs, locate and handle the
failure according to the prompt message, and then restore the deployed certificate by
running the following command:

$ ssl_adm -cmd restore -app syslog -backpath var/backup/deployssl/ssl/syslog

NOTE
In the command, var/backup/deployssl/ssl/syslog is the path to the certificate backup, which can be
an absolute or relative path. The relative path is relative to /opt/oss/server.
Perform Step 6 to deploy certificates after they are restored.
If the failure persists, contact Huawei technical support engineers.
Step 7 Run the following commands to start U2000 processes for the replacement to take effect:
Single-Server System (as the ossuser user):

$ ./startnms.sh
High Availability System (as the root user):

----End
9.1.7.6.2 Updating Log Forwarding Service Certificates

This section describes how to update the log forwarding service certificates when the
certificates deployed on the U2000 server will expire, and the new certificate and existing
certificate of the third-party Syslog server are granted by the same CA or its two sub-CAs.
The certificate update function enables you to replace the original identity certificate and trust
certificate and incrementally update the certificate revocation list (CRL).
Prerequisites
The following certificates have been obtained:
server.p12 and its encrypted password
l Trust certificate of the third-party Syslog server
l Optional: Certificate revocation list (CRL) issued by CA trusted by the third-party
Syslog server
NOTE
The identify certificate of the U2000 server and the trust certificate of the third-party Syslog server must
be issued by the same CA or two sub-CAs in the same CA. When they are issued by two sub-CAs in the
same CA, the trust certificates of both the CA and the two sub-CAs must be prepared.
Context
l When updating certificates, you must provide identity certificates. If the identity
certificates do not need to be updated, use the original identity certificates.
l In the local HA environment, you need to perform related operations only on the primary
server.
l In the remote HA environment, you need to perform related operations on both the
primary and secondary servers.
l To use a trust certificate granted by a new CA, you can only deploy the certificate. For
details, see 9.1.7.6.1 Deploying Log Forwarding Service Certificates.

Procedure
Step 2 Run the following commands to create a path for the certificates. In this example, /opt/oss/
server/syslogcertificates is created.
$ mkdir syslogcertificates
Step 3 Use FileZilla to upload the trust certificate, identity certificate, and CRL to the U2000 server.
Transfer Files by SFTP. You must set the following information when uploading the
certificates:
l User name and password: name and password of the ossuser user
l File path on the server: /opt/oss/server/syslogcertificates
NOTE
CRL.
$ ./stopnms.sh

$ su - root
Step 5 Run the following command on the server to back up the certificates.
$ mkdir -p var/backup/deployssl/ssl/syslog
$ ssl_adm -cmd backup -app syslog -backpath var/backup/deployssl/ssl/syslog
NOTE
to /opt/oss/server.
l Assume that certificates are backed up to /opt/oss/server/var/backup/deployssl/ssl/syslog.
Step 6 Run the following command to update the log forwarding service certificates.
$ ssl_adm -cmd update_certs -app syslog -dir /opt/oss/server/syslogcertificates

NOTE
l In this command, /opt/oss/server/syslogcertificates is the path to the SSL certificates.

l If the command is run successfully, all certificate files in the specified path are converted and
l After the log forwarding service certificates are deployed, the certificate directory structure is similar
to the directory structure described in Certificate Save Path and Naming Conventions.
l If the message SSL certificates are deployed successfully is
displayed, certificates are deployed successfully, go to Step 7.
l Otherwise, certificates fail to be deployed. When this occurs, locate and handle the
failure according to the prompt message, and then restore the deployed certificate by
$ ssl_adm -cmd restore -app syslog -backpath var/backup/deployssl/ssl/syslog
NOTE
In the command, var/backup/deployssl/ssl/syslog is the path to the certificate backup, which can be
an absolute or relative path. The relative path is relative to /opt/oss/server.
After the certificates are restored, perform Step 6 to deploy the certificates again.
If the failure persists, contact Huawei technical support engineers.
$ ./startnms.sh

----End
9.1.7.6.3 Adding Trust Certificates of the Third-party Syslog Server to the U2000 Server
To allow the U2000 server to properly communicate with the third-party Syslog server using
SSL or TLS, deploy the trust certificates of the third-party Syslog server on the U2000 server.
If the U2000 server trusts a new CA granting certificates to the third-party Syslog server, or if
the trust certificate is updated, the CA granting certificates to the third-party Syslog server is
not changed but different from that granting certificates to the U2000 server, and the two CAs
are not sub-CAs in the same CA, add the new trust certificate of the third-party Syslog server
to the U2000 server.

Prerequisites
l The new trust certificate granted by the certificate authority (CA) of the peer has been
obtained.
l You have deployed certificates on the U2000 server by running the ssl_adm -cmd
replace_certs command.
Context
l When the U2000 server functions as an SSL client, the peer is authenticated by default.
l The new trust certificate must contain its root certificate. If the root certificate has been
deployed on the U2000 server, delete the root certificate by following the instructions
provided in 9.1.7.6.4 Deleting Trust Certificates of the Third-party Syslog Server
from the U2000 Server, and then add it again.
l In the local HA environment or the remote HA environment, run this command only on
the primary server.
l After a certificate is deployed on the server, you must log in to the client again.
l To update trust certificates of the third-party Syslog server, delete the trust certificate that
is no longer trusted by following the instructions provided in 9.1.7.6.4 Deleting Trust
Certificates of the Third-party Syslog Server from the U2000 Server, and add a trust
certificate again.
l The certificate deployed by running the ssl_adm -cmd replace_certs command must be
updated by running the ssl_adm -cmd update_certs command.
Procedure
Step 2 Run the following commands to create a directory for saving certificates. In this example, all
certificates are saved under the /opt/oss/server/certificates directory.
$ mkdir certificates
Step 3 Use the FileZilla to upload certificates to the U2000 server.

For details about how to use the FileZilla, see How Do I Use FileZilla to Transfer Files?. Set
the following information when uploading the files:
l User name and password: name and password of user ossuser
l File path on the server: /opt/oss/server/certificates
NOTE
One trust certificate file can contain only one trust certificate.

$ ./stopnms.sh

$ su - root

Step 5 Run the following commands to add trust certificates of the third-party Syslog server to the
U2000 server.
$ ssl_adm -cmd addCA -dir /opt/oss/server/certificates -app syslog
NOTE
l In the preceding commands, /opt/oss/server/certificates is the directory for saving new trust
certificates.
l After the command is executed, all certificates in the /opt/oss/server/certificates directory are
l For details about the certificate directory after certificates are added, see Certificate Save Path and
Naming Conventions.
Execution result:
l If the system displays the Operation succeeded. message, the certificates have
been added successfully. Go to Step 6.
l Otherwise, the trust certificates fail to be added. If this occurs, locate the failure and then
restore the trust certificates by running the following command:
$ ssl_adm -cmd restore -backpath var/backup/ssl/YYYYMMDDhhmmss
NOTE
var/backup/ssl/YYYYMMDDhhmmss in the preceding command is the path for saving backup

certificates. The certificates that have been deployed before you add a certificate are automatically
backed up and saved to the /opt/oss/server/var/backup/ssl/YYYYMMDDhhmmss directory.
Perform Step 5 to add trust certificates again after they are restored.
If the trust certificates still fail to be added, contact Huawei technical support engineers.

$ ./startnms.sh

----End
9.1.7.6.4 Deleting Trust Certificates of the Third-party Syslog Server from the U2000
Server
When the U2000 server communicates with the third-party Syslog server using SSL or TLS,
deploy the trust certificate of the third-party Syslog server on the U2000 server. If you no
longer use the third-party Syslog log forwarding server, delete the trust certificates of the
third-party Syslog server from the U2000 server.
Prerequisites
You have run the ssl_adm -cmd addCA command to add trust certificates to the U2000
server. For details, see 9.1.7.6.3 Adding Trust Certificates of the Third-party Syslog
Server to the U2000 Server.

Context
the primary server.
Procedure
$ ./stopnms.sh

$ su - root
Step 3 Run the following commands to query file names and issuers of the added trust certificates of
the third-party Syslog server.
$ ssl_adm -cmd queryCA -app syslog
Execution result:
l If the message No trust certificate is incrementally deployed by
running the ssl_adm -cmd addCA command. is displayed, no trust
certificate has been added by running the ssl_adm -cmd addCA command.
l If information similar to the following is displayed, the file name and issuer of the
current trust certificate are 600755ba.0 and C=CN, ST=Guangdong, L=ShenZhen,
O=Huawei, OU=CMC, CN=huawei_root, respectively. Go to Step 4.
Deployed trust certificates are as follows:
name: issuer:
600755ba.0 C=CN, ST=Guangdong, L=ShenZhen, O=Huawei,
OU=CMC, CN=huawei_root
Step 4 Run the following commands to delete trust certificates of the third-party Syslog server from
the U2000 server. The trust certificate 600755ba.0 is used as an example.
$ ssl_adm -cmd deleteCA -name 600755ba.0 -app syslog
Execution result:
l If the system display a message similar to the following, the trust certificates have been
deleted. Go to Step 5.
Operation succeeded.
l Otherwise, the trust certificates fail to be deleted. If this occurs, locate the failure and
then restore the trust certificates by running the following command:

NOTE
In the preceding command, var/backup/ssl/YYYYMMDDhhmmss is the path for saving backup

certificates. The certificates that have been deployed before you delete a certificate are
automatically backed up to the /opt/oss/server/var/backup/ssl/YYYYMMDDhhmmss directory.
Perform Step 4 to delete the trust certificates after they are restored.
If the trust certificates still fail to be deleted, contact Huawei technical support engineers.

$ ./startnms.sh

----End
9.1.7.7 Enabling the U2000 Server to Authenticate NEs Sending Syslog Logs to It
(Solaris, SUSE Linux)
When the U2000 server functions as an SSL server for communication with the U2000 client
and NEs, you are advised to enable authentication of the communication peer on the U2000
server for security concerns. After this function is enabled, you must deploy the required trust
certificates on the U2000 server to ensure normal communication.
Prerequisites
The identity certificates of NEs that need to be authenticated have been deployed.
Context
NOTICE
Before enabling authentication of the communication peer on the U2000 server, stop the
U2000 services. The U2000 services will be interrupted.
Process for Configuring the U2000 Server to Receive Syslog Logs Sent from NEs
1. Check whether the communication mode of the U2000 server is SSL or both.
– If yes, go to 2.
– If no, set the communication mode of the U2000 server.
You can see A.11.32 How to Set the Communication Mode on the U2000 server for
the Single-Server System (Solaris) or A.11.33 How to Set the Communication Mode
on the U2000 server for the Single-Server System (SUSE Linux).
2. Check whether peer authentication has been enabled for the U2000 server by following
the instructions provided in ssl_adm -cmd queryAuthPeer.
– If yes, go to 3.

– If no, go to 9.1.7.7.2 Enabling the U2000 Server to Authenticate Its Peer.

3. On the U2000 server, deploy the trust certificates and CRLs of NEs sending Syslog logs
to this server by following the instructions provided in 9.1.7.7.3 Deploying a Certificate
for the U2000 Server to Receive NE Syslog Logs.
NOTE
By default, the U2000 server uses the TLS protocol and the certificates of the U2000 server to
receive NE Syslog logs. The certificate is saved in the /opt/oss/server/etc/ssl directory. To prevent
the certificates from affecting each other in different scenarios, you are advised to deploy the
certificates for receiving NE Syslog logs under /opt/oss/server/etc/ssl/nelog.
Scenarios for Maintaining the U2000 Server to Receive NE Syslog Logs After
Peer Authentication Is Enabled
If the CA granting certificates to the NE is changed, you need to update the trust certificates
deployed on the U2000 server. Table 9-9 shows required operations in various scenarios.
Table 9-9 Managing trust certificates of NEs on the U2000 server

Change of the CA Operation
Granting Certificates to
NEs
The CA granting l If the CAs granting certificates to the U2000 server and to
certificates to the NE is not the NE are the same, or are two sub-CAs in the same CA,
changed, and trust perform the following operations:
certificates are updated. 9.1.7.7.4 Updating a Certificate for the U2000 Server
to Receive NE Syslog Logs
l If the CAs granting certificates to the U2000 server and to
the NE are different, and are not two sub-CAs in the same
CA, perform the following operations:
1. Delete old trust certificates of the NE by following the
instructions provided in 9.1.7.7.6 Deleting from an
U2000 Server the Trust Certificates of the NE
Sending Syslog Logs to It.
2. Add new trust certificates of the NE by following the
instructions provided in 9.1.7.7.5 Adding to the
U2000 Server the Trust Certificates of the NE
The server trusts a new CA 9.1.7.7.5 Adding to the U2000 Server the Trust
granting certificates to the Certificates of the NE Sending Syslog Logs to It
NE.

Change of the CA Operation

Granting Certificates to
NEs
The server untrusts a CA Query the file name and issuer of the trust certificate of the
granting certificates to the NE by following the instructions provided in ssl_adm -cmd
NE. queryCA.
l If the file name and issuer of the trust certificate exist,
follow the instructions provided in 9.1.7.7.6 Deleting
from an U2000 Server the Trust Certificates of the NE
l If the file name and issuer of the trust certificate do not
exist, no further action is required.
9.1.7.7.1 Querying NE Syslog Operation Logs

You can obtain all the logs from the devices using the U2000 and view the operation logs of
the devices managed by the U2000 instead of accessing the devices to view the logs.
Context
l You can query only the logs of the devices in your own domains.
l The users in the admin and Administrators groups can query device logs of all users.
Procedure
Step 1 Choose Administration > NE Security Management > NE Syslog Operation Logs from
Application Center and choose Log Management > NE Syslog Operation Logs from the
Step 2 In the Filter dialog box, set filter criteria and click OK.

NOTE
You can also query NE Syslog operation logs by performing the following steps:
1. In the Filter dialog box, click Cancel.
2. In the NE Syslog Operation Logs window, click Filter.
3. In the Filter dialog box, set filter criteria and click OK. Click Reset to reset all the parameters.
Step 3 In the NE Syslog Operation Logs window, double-click a record to view the log details.
l Click a field in the column header of the query result table to sort the query results by
field.
l The white upward triangular icon indicates that you can sort the results by field. The
black upward triangular icon indicates that the results are sorted in ascending order of
the field. The black downward triangular icon indicates that the results are sorted in
descending order of the field.
l Click Device name or Access Method. Different from other table header fields, these
fields are displayed in groups. Therefore, they are not sorted in alphabetical order.
----End
9.1.7.7.2 Enabling the U2000 Server to Authenticate Its Peer

When the U2000 server communicates with NEs and the U2000 client as the SSL server, the
U2000 server does not authenticate its peer by default. To ensure security, you are advised to
enable the U2000 server to authenticate its peer.
Prerequisites
The trust certificate of the peer has been deployed on the U2000 server.
Context
l In the local HA environment, you need to perform related operations only on the active
server.
l In the remote HA environment, you need to perform related operations on both the active
and standby servers.
l If peer authentication is enabled for the U2000 server, to allow the U2000 server to
properly communicate with multiple peers, deploy required certificates on the peers, and
deploy the trust certificates and CRLs of all the peers on the U2000 server.
If peer authentication is enabled for the U2000 server, to allow the U2000 server to properly
communicate with multiple peers, deploy required certificates on the peers, and deploy the
trust certificates and CRLs of all the peers on the U2000 server.
Procedure

$ ./stopnms.sh

$ su - root
Step 3 Run the following commands to enable the U2000 server to authenticate its communication
peer.
$ ssl_adm -cmd enableAuthPeer -app common -file /opt/oss/server/etc/ssl/option.xml
$ ssl_adm -cmd enableAuthPeer -app CORBA -file /opt/oss/server/etc/conf/svc_ssl.conf
$ ssl_adm -cmd enableAuthPeer -app CORBA -file /opt/oss/server/etc/conf/notify_ssl.conf
$ ssl_adm -cmd enableAuthPeer -app Apache -file /opt/oss/server/etc/apache/conf/extra/

httpd-ssl.conf
If information similar to the following is displayed, the U2000 server has been enabled to
authenticate its communication peer:
NOTE
l The U2000 server uses the certificate (certificate of the U2000 server) under the /opt/oss/
server/etc/ssl directory to receive NE Syslog logs by default. If you use a new certificate in this
scenario, run the following command to enable peer authentication:
$ ssl_adm -cmd enableAuthPeer -app common -file Path for deploying the certificate used for the
U2000 server to receive NE Syslog logs/option.xml
l The value of SSLCertPath in /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg is the path for
deploying the certificate used for the U2000 server to receive NE Syslog logs.
When the U2000 server is used as an FTP server, perform the following steps to enable the
communication peer authentication function.
1. Run the following command to set environment variables:

2. Run the following command to switch to user root:
$ su - root
Password: password of user root
3. Run the following command to enable the FTP server to authenticate its communication
peer:
# /opt/sudobin/imap/ftp/files/setSSLForFtpSvr.sh enableAuthPeer
4. Exit user root.
# exit
$ ssl_adm -cmd enableAuthPeer -app common -file D:\oss\server\etc\ssl\option.xml
$ ssl_adm -cmd enableAuthPeer -app CORBA -file D:\oss\server\etc\conf\svc_ssl.conf
$ ssl_adm -cmd enableAuthPeer -app CORBA -file D:\oss\server\etc\conf\notify_ssl.conf
$ ssl_adm -cmd enableAuthPeer -app Apache -file D:\oss\server\etc\apache\conf\extra

\httpd-ssl.conf
If information similar to the following is displayed, the U2000 server has been enabled to
authenticate its communication peer:

NOTE
l The U2000 server uses the certificate (certificate of the U2000 server) under the D:\oss\server\etc
\ssl directory to receive NE Syslog logs by default. If you use a new certificate in this scenario, run
the following command to enable peer authentication:
$ ssl_adm -cmd enableAuthPeer -app common -file Path for deploying the certificate used for the
U2000 server to receive NE Syslog logs\option.xml
l The value of SSLCertPath in D:\oss\server\etc\conf\u2ksyslogcollector_init.cfg is the path for
deploying the certificate used for the U2000 server to receive NE Syslog logs.
$ ./startnms.sh

----End
Follow-up Procedure
Check whether the U2000 server has been enabled to authenticate its communication peer.
$ ssl_adm -cmd queryAuthPeer -app common -file /opt/oss/server/etc/ssl/option.xml
$ ssl_adm -cmd queryAuthPeer -app CORBA -file /opt/oss/server/etc/conf/svc_ssl.conf
$ ssl_adm -cmd queryAuthPeer -app CORBA -file /opt/oss/server/etc/conf/notify_ssl.conf
$ ssl_adm -cmd queryAuthPeer -app Apache -file /opt/oss/server/etc/apache/conf/extra/

httpd-ssl.conf
Checking the communication peer set in the /opt/oss/server/etc/ssl/option.xml file is used as
an example.
l If information similar to the following is displayed, the U2000 server has been enabled
to authenticate its peer set in /opt/oss/serveretc/ssl/option.xml.
The common service end authenticates the peer end in the option.xml file
under the /opt/oss/server/etc/ssl directory.
l If information similar to the following is displayed, the U2000 server is not enabled to
authenticate its peer set in /opt/oss/server/etc/ssl/option.xml.
The common service end does not authenticate the peer end in the option.xml
file under the /opt/oss/server/etc/ssl directory.
When the iMAP server is used as an FTP server, run the following command as user root to
check whether the FTP server has been enabled to authenticate its communication peer:
# /opt/sudobin/imap/ftp/files/setSSLForFtpSvr.sh queryAuthPeer
l If information similar to the following is displayed, the FTP server has been enabled to
authenticate its peer:
The FTPS service end authenticates the peer.
l If information similar to the following is displayed, the FTP server is not enabled to
authenticate its peer:
The FTPS service end does not authenticate the peer.

Check whether the U2000 server has been enabled to authenticate its communication peer.
$ ssl_adm -cmd queryAuthPeer -app common -file D:\oss\server\etc\ssl\option.xml
$ ssl_adm -cmd queryAuthPeer -app CORBA -file D:\oss\server\etc\conf\svc_ssl.conf
$ ssl_adm -cmd queryAuthPeer -app CORBA -file D:\oss\server\etc\conf\notify_ssl.conf
$ ssl_adm -cmd queryAuthPeer -app Apache -file D:\oss\server\etc\apache\conf\extra

\httpd-ssl.conf
Checking the communication peer set in D:\oss\server\etc\ssl\option.xml is used as an
example.
l If information similar to the following is displayed, the U2000 server has been enabled
to authenticate its peer set in D:\oss\server\etc\ssl\option.xml.
The common service end authenticates the peer end in the option.xml file
under the D:\oss\server\etc\ssl directory.
l If information similar to the following is displayed, the U2000 server is not enabled to
authenticate its peer set in D:\oss\server\etc\ssl\option.xml.
The common service end does not authenticate the peer end in the option.xml
file under the D:\oss\server\etc\ssl directory.
9.1.7.7.3 Deploying a Certificate for the U2000 Server to Receive NE Syslog Logs
The U2000 server can receive Syslog logs of NEs using the UDP or TLS protocol. TLS is
used by default because it provides higher security. When TLS is used, you must deploy
required NE certificates on the U2000 server.
Prerequisites
l You have obtained the following certificates:
– Identity certificate and key of the U2000 server: server.cer and server_key.pem or
server.p12 and its encrypted password.
– Trust certificates of an NE
– Optional: Certificate revocation list (CRL) granted by the Certificate Authority
(CA) trusted by the NE
l NE authentication has been enabled on the U2000 server. For details about how to check
whether the U2000 server authenticates the communication peer, see ssl_adm -cmd
queryAuthPeer. For details about how to enable peer authentication, see 9.1.7.7.2
Enabling the U2000 Server to Authenticate Its Peer.
Context
l If bidirectional authentication is applied, deploy not only the trust certificates of the NE
and the CRL released by the CA trusted by the NE on the U2000 server but also the trust
certificates of the U2000 and the CRL released by the CA trusted by the U2000 server on
the NE. This section describes how to deploy the trust certificates and CRL of an NE on
the U2000 server.
l In the local HA environment, remote HA environment, and the distribution environment,
you need to perform related operations only on the active server.
l If the U2000 server needs to receive Syslog logs of multiple NEs, you must deploy all
the trust certificates of these NEs on the U2000 server. You can deploy the certificates of

a single NE on the U2000 server by following the instructions provided in this section
and deploy the certificates of other NEs by following the operations provided in 9.1.7.7.5
Adding to the U2000 Server the Trust Certificates of the NE Sending Syslog Logs to
It.
Procedure
certificates are saved in the /opt/oss/server/nelogcertificates directory.
$ mkdir nelogcertificates
Step 3 Use FileZilla to upload the trust certificates, identity certificate, and CRL to the U2000 server.
Transfer Files by SFTP. Set the following information when uploading the files:
l File path on the server: /opt/oss/server/nelogcertificates
NOTE
CRL.

$ ./stopnms.sh

$ su - root
Step 5 Run the following command to back up the deployed certificates. If no certificate has been
deployed, perform Step 6.
$ mkdir -p var/backup/deployssl/ssl/nelog
$ ssl_adm -cmd backup -app nelog -backpath var/backup/deployssl/ssl/nelog
NOTE
to /opt/oss/server.
l In the example provided in this section, certificates are backed up to /opt/oss/server/var/backup/
deployssl/ssl/nelog.
Step 6 Perform the following operations to deploy an NE certificate.

$ ssl_adm -cmd replace_certs -app nelog -dir /opt/oss/server/nelogcertificates

NOTE
l /opt/oss/server/nelogcertificates is the directory for saving certificates.

l If the command is executed successfully, all certificates in the specified path are converted and
deployed in the /opt/oss/server/etc/ssl/nelog directory.
l After the certificates are deployed, the certificate directory structure is similar to the directory
structure described in Certificate Save Path and Naming Conventions.
l If SSL certificates are deployed successfully is displayed, the
certificates are deployed successfully. Perform Step 8.
l Otherwise, certificates fail to be deployed. If such a failure occurs, locate the fault based
on the displayed message and run the following command to restore the deployed
certificates:
$ ssl_adm -cmd restore -app nelog -backpath var/backup/deployssl/ssl/nelog
NOTE
In the command, var/backup/deployssl/ssl/nelog is the path for saving backup certificates. The
path can be an absolute or relative path. The relative path is relative to /opt/oss/server.
If the certificates still fail to be deployed, contact Huawei technical support engineers.
Step 7 Optional: If an NE supports 2048, perform the following operations to set the parameter
length for a secure DH algorithm:
1. Run the vi command to open /opt/oss/server/etc/ssl/option.xml.
$ vi /opt/oss/server/etc/ssl/option.xml
NOTE
By default, the U2000 server uses the certificate (namely, the certificate for the U2000 server) in
the /opt/oss/server/etc/ssl directory to receive NE Syslogs. To use another certificate in such a
scenario, run the following command to open the configuration file:
$ vi Path for deploying the certificate used for the U2000 server to receive NE Syslogs/option.xml
The path for deploying the certificate used for the U2000 server to receive NE Syslogs is the value
of the SSLCertPath configuration item in /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg.
2. Change value in <PARA name="secureDHLen" value="1024"/> to 2048.
NOTE
– 1024: indicates that the DH parameter with 1024 or less bits is used.
– 2048: indicates that the 2048-bit DH parameter is used.
– The DH algorithm with value set to 2048 is more secure than that with value set to 1024.

3. Press Esc to switch to the command mode. Run the :wq! command to save the
option.xml file and exit.
Step 8 Modify the configuration file /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg, and
specify the path for saving the certificates used by the U2000 server to authenticate NEs.
1. Run the following command to open the configuration file:
$ vi /opt/oss/server/etc/conf/u2ksyslogcollector_init.cfg
2. Change the value of SSLCertPath to /opt/oss/server/etc/ssl/nelog.
3. Press Esc to switch to the command mode. Run the :wq! command to save
u2ksyslogcollector_init.cfg and exit the command mode.
NOTE
If you do not modify the configuration file, the U2000 server will use the deployed certificates of the
U2000 server to authenticate NEs by default. The certificate is deployed in the /opt/oss/server/etc/ssl
directory.
$ ./startnms.sh

----End
9.1.7.7.4 Updating a Certificate for the U2000 Server to Receive NE Syslog Logs
This section describes how to update the certificate of the U2000 server to receive NE Syslog
logs when this server has been deployed with certificates of an NE but the certificates are
about to expire, and the new certificate and existing certificate of an NE are granted by the
same CA or its two sub-CAs. The certificate update function enables you to replace the
original identity certificate and trust certificate and incrementally update the certificate
revocation list (CRL).
Prerequisites
You have obtained the following certificates:
server.p12 and its encrypted password.
l Trust certificates of an NE
l Optional: Certificate revocation list (CRL) granted by the Certificate Authority (CA)
trusted by the NE
Context
l When updating certificates, you must provide identity certificates. If the identity
certificates do not need to be updated, use the original identity certificates.
l In the local HA environment, you need to perform related operations only on the primary
server.
l In the remote HA environment, you need to perform related operations on both the
primary and secondary servers.


l To use a trust certificate granted by a new CA, you can only deploy the certificate. For
details, see 9.1.7.7.3 Deploying a Certificate for the U2000 Server to Receive NE
Syslog Logs.
Procedure
certificates are saved in the /opt/oss/server/nelogcertificates directory.
$ mkdir nelogcertificates
Step 3 Use FileZilla to upload the trust certificates, identity certificate, and CRL to the U2000 server.
Transfer Files by SFTP. Set the following information when uploading the files:
l File path on the server: /opt/oss/server/nelogcertificates
NOTE
CRL.

$ ./stopnms.sh

$ su - root
Step 5 Run the following command to back up the deployed certificates.

$ mkdir -p var/backup/deployssl/ssl/nelog
$ ssl_adm -cmd backup -app nelog -backpath var/backup/deployssl/ssl/nelog
NOTE
to /opt/oss/server.
l In the example provided in this section, certificates are backed up to /opt/oss/server/var/backup/
deployssl/ssl/nelog.
Step 6 Perform the following steps to update the certificates of NEs:

$ ssl_adm -cmd update_certs -app nelog -dir /opt/oss/server/nelogcertificates

NOTE
l /opt/oss/server/nelogcertificates is the directory for saving certificates.

l If the command is executed successfully, all certificates in the specified path are converted and
deployed in the /opt/oss/server/etc/ssl/nelog directory.
l After the certificates are deployed, the certificate directory structure is similar to the directory
structure described in Certificate Save Path and Naming Conventions.
l If SSL certificates are deployed successfully is displayed, the
certificates are deployed successfully. Perform Step 7.
l Otherwise, certificates fail to be deployed. If such a failure occurs, locate the fault based
on the displayed message and run the following command to restore the deployed
certificates:
$ ssl_adm -cmd restore -app nelog -backpath var/backup/deployssl/ssl/nelog
NOTE
In the command, var/backup/deployssl/ssl/nelog is the path for saving backup certificates. The
path can be an absolute or relative path. The relative path is relative to /opt/oss/server.
If the certificates still fail to be deployed, contact Huawei technical support engineers.
$ ./startnms.sh

----End
9.1.7.7.5 Adding to the U2000 Server the Trust Certificates of the NE Sending Syslog
Logs to It
If peer authentication is enabled for the U2000 server, to allow the U2000 server to properly
communicate with NEs using SSL or TLS, deploy the trust certificates of NEs on the U2000
server. If the server trusts a new CA granting certificates to an NE, or if the trust certificate is
updated, the CA granting certificates to the NE is not changed but different from that granting
certificates to the server, and the two CAs are not sub-CAs in the same CA, add the new trust
certificates of the NE to the server.

Prerequisites
l The new trust certificate granted by the certificate authority (CA) of the peer has been
obtained.
l You have deployed certificates on the U2000 server by running the ssl_adm -cmd
replace_certs command.
Context
l When the U2000 server functions as an SSL server, enable the U2000 server to
authenticate its peer. For details, see 9.1.7.7.2 Enabling the U2000 Server to
Authenticate Its Peer.
l The new trust certificate must contain its root certificate. If the root certificate has been
deployed on the U2000 server, delete the root certificate by following the instructions
provided in 9.1.7.7.6 Deleting from an U2000 Server the Trust Certificates of the NE
Sending Syslog Logs to It, and then add it again.
the primary server.
l To update trust certificates of the NE, delete the trust certificates that is no longer trusted
by following the instructions provided in 9.1.7.7.6 Deleting from an U2000 Server the
Trust Certificates of the NE Sending Syslog Logs to It, and add trust certificates
again.
Procedure
certificates are saved under the /opt/oss/server/certificates directory.
$ mkdir certificates
Step 3 Use the FileZilla to upload certificates to the U2000 server.

For details about how to use the FileZilla, see How Do I Use FileZilla to Transfer Files?. Set
the following information when uploading the files:
l File path on the server: /opt/oss/server/certificates
NOTE
One trust certificate file can contain only one trust certificate.

$ ./stopnms.sh

$ su - root
Step 5 Run the following commands to add trust certificates of the NE to the U2000 server.
$ ssl_adm -cmd addCA -dir /opt/oss/server/certificates -app nelog
NOTE
l In the preceding commands, /opt/oss/server/certificates is the directory for saving new trust
certificates.
l After the command is executed, all certificates in the /opt/oss/server/certificates directory are
deployed to /opt/oss/server/etc/ssl/nelog.
l For details about the certificate directory after certificates are added, see Certificate Save Path and
Naming Conventions.
Execution result:
l If the system displays the Operation succeeded. message, the certificates have
been added successfully. Go to Step 6.
l Otherwise, the trust certificates fail to be added. If this occurs, locate the failure and then
restore the trust certificates by running the following command:
NOTE
var/backup/ssl/YYYYMMDDhhmmss in the preceding command is the path for saving backup

certificates. The certificates that have been deployed before you add a certificate are automatically
backed up and saved to the /opt/oss/server/var/backup/ssl/YYYYMMDDhhmmss directory.
Perform Step 5 to add trust certificates again after they are restored.
If the trust certificates still fail to be added, contact Huawei technical support engineers.

$ ./startnms.sh

----End
9.1.7.7.6 Deleting from an U2000 Server the Trust Certificates of the NE Sending Syslog
Logs to It
When the U2000 server communicates with the NE using SSL or TLS, deploy the trust
certificate of the NE on the U2000 server. When peer authentication is no longer required,
delete the trust certificate of the NE from the U2000 server.
Prerequisites
You have run the ssl_adm -cmd addCA command to add trust certificates to the U2000
server. For details, see 9.1.7.7.5 Adding to the U2000 Server the Trust Certificates of the
NE Sending Syslog Logs to It.

Context
the primary server.
Procedure
$ ./stopnms.sh

$ su - root
Step 3 Run the following commands to query file names and issuers of the added trust certificates of
the NE.
$ ssl_adm -cmd queryCA -app nelog
Execution result:
l If the message No trust certificate is incrementally deployed by
running the ssl_adm -cmd addCA command. is displayed, no trust
certificate has been added by running the ssl_adm -cmd addCA command.
l If information similar to the following is displayed, the file name and issuer of the
current trust certificate are 600755ba.0 and C=CN, ST=Guangdong, L=ShenZhen,
O=Huawei, OU=CMC, CN=huawei_root, respectively. Go to Step 4.
Deployed trust certificates are as follows:
name: issuer:
600755ba.0 C=CN, ST=Guangdong, L=ShenZhen, O=Huawei,
OU=CMC, CN=huawei_root
Step 4 Run the following commands to delete trust certificates of the NE from the U2000 server. The
trust certificate 600755ba.0 is used as an example.
$ ssl_adm -cmd deleteCA -name 600755ba.0 -app nelog
Execution result:
l If the system display a message similar to the following, the trust certificates have been
deleted. Go to Step 5.
l Otherwise, the trust certificates fail to be deleted. If this occurs, locate the failure and
then restore the trust certificates by running the following command:

NOTE
In the preceding command, var/backup/ssl/YYYYMMDDhhmmss is the path for saving backup

certificates. The certificates that have been deployed before you delete a certificate are
automatically backed up to the /opt/oss/server/var/backup/ssl/YYYYMMDDhhmmss directory.
Perform Step 4 to delete the trust certificates after they are restored.
If the trust certificates still fail to be deleted, contact Huawei technical support engineers.
$ ./startnms.sh

----End
9.1.8 Syslog Service

This topic describes basic information about syslog services. The syslog service management
is part of NE security management. All information is transmitted to the syslog server in the
format defined by the syslog protocol. The network administrators and maintenance personnel
can estimate the status of NEs based on the severities of the information.
Definition
l The syslog server is a workstation or a server that stores syslogs of the NEs on the live
network.
l Syslog GNE is an NE that receives syslogs from other NEs and transmits them to the
syslog server.
Networking Solution
Considering system log security, a transmission network must be connected to at least two
syslog servers. The NEs and syslog servers usually communicate with each other by an IP
protocol. NEs can use various methods to communicate. For example, the NEs can
communicate with each other by ECC channels.
Case 1
Figure 9-4 shows the networking for the scenario where core NEs use IP protocols to
communicate with each other and different syslog servers are connected to different NEs.

Figure 9-4 IP and ECC hybrid networking-1

Syslog Server 1 Syslog Server 2
IP IP IP IP
NE1
NE2 NE3
NE4
IP IP
ECC
ECC ECC
NE5
NE6 NE8
NE7
ECC ECC
NE1, NE2, NE3, and NE4 form an IP network. NE5, NE6, NE7, and NE8 form an ECC
network. NE2 and NE3 use IP protocols to communicate with syslog server 1 and syslog
server 2 respectively. NE4 communicates with NE5 through the ECC channel.
In this situation, NE1, NE2, NE3, and NE4 use IP protocols to communicate with two
different syslog servers. Set the IP address and port ID for the syslog servers for these NEs.
An NE transmits NE syslogs to the syslog servers using IP protocols. You do not need to set
the syslog GNE.
NE5, NE6, NE7, and NE8 cannot communicate with syslog servers directly. Their syslogs are
transmitted to the syslog GNE through the ECC channel and then transmitted to the syslog
servers. Therefore, you need to set the syslog GNE for these NEs. For example, set NE2 as
the syslog GNE for NE5.
Table 9-10 Configuration list
NE Syslog Server IP Address Syslog GNE
NE1, NE2, NE3, and NE4 IP address of Syslog Server None

1
IP address of Syslog Server
2

NE5, NE6, NE7, and NE8 None NE2

NE3
Case 2
Figure 9-5 shows the networking in the scenario where core NEs use IP protocols to
communicate with each other and different syslog servers are connected to the same NE. This
type of networking is similar to that shown in Figure 9-4.
Figure 9-5 IP and ECC hybrid networking-2

IP IP
IP IP
NE1
NE2 NE3
NE4
IP IP
ECC
ECC ECC
NE5
NE6 NE8
NE7
ECC ECC
In this situation, NE1, NE2, NE3, and NE4 can also use IP protocol to communicate with two
different syslog servers. Therefore, all NE settings are the same as that in Table 9-10.
Case 3
Figure 9-6 shows the networking in the scenario where core NEs use ECC protocols to
communicate with each other and different syslog servers are connected to different NEs.

Figure 9-6 ECC independent networking

IP ECC ECC IP
NE1
NE2 NE3
NE4
ECC ECC
ECC
ECC ECC
NE5
NE6 NE8
NE7
ECC ECC
NE1, NE2, NE3, and NE4 form an ECC network. NE5, NE6, NE7, and NE8 form another
ECC network. NE2 and NE3 use IP protocols to communicate with syslog server 1 and syslog
server 2 respectively. NE4 communicates with NE5 through the ECC channel.
In this situation, NE2 can only communicate with syslog server 1 directly. NE2 cannot
communicate with syslog server 2 directly. Therefore, you must set the IP address and port ID
for syslog server 1 for NE2 and the syslog GNE which can transmit syslogs to syslog server 2.
Consequently, NE2 uses IP protocols to transmit the syslogs to syslog server 1 and uses the
syslog GNE to transmit system logs to syslog server 2. The setting of NE3 is similar to that of
NE2. Set the IP address and port ID for syslog server 2 and the syslog GNE which can
transmit syslogs to syslog server 1.
All other NEs cannot communicate with two syslog servers directly. Their syslogs are
transmitted to the syslog GNE through the ECC channel. Then, the syslog GNE transmits the
syslogs to the syslog servers. Therefore, you only need to set the syslog GNE for these GNEs.
For example, NE2 and NE3 may be the syslog GNEs for NE5. For details about the
configurations, see Table 9-11.
Table 9-11 Configuration list

NE1, NE4, NE5, NE6, NE7, None NE2

and NE8 NE3

NE2 IP address of Syslog Server NE3

1
NE3 IP address of Syslog Server NE2

2
Related Tasks
9.4.1 Transferring NE Logs to a Syslog Server
9.2 Managing Logs of the IP NE Side

This topic describes how to manage IP NE logs. The U2000 provides the function of
managing run logs of NEs and you can query NE running information on the U2000.
NOTE
This operation is applies to routers, switches, and service gateways.
9.2.1 Configuring the Information Center on the NEs

This topic describes how to configure the information center on the NEs. You need to
configure the information center on the NEs before using the Syslog management function of
the U2000.

NOTICE
The SyslogCollectorDM service of the U2000 uses UDP port 514 for receiving remote logs.
On Linux and Windows OSs, port 514 is idle because the function of receiving remote logs is
disabled for the syslog service by default. However, on Solaris OS, the function is enabled by
default and occupies port 514, resulting in a port conflict. To eliminate the conflict, disable
the function of receiving remote logs for the syslog service on Solaris OS.
1. Log in to the U2000 server as user root.
# su - ossuser
$ exit
3. Run the following command to enable the SyslogCollectorDM service:

# svc_adm -cmd enable -svcname SyslogCollectorDM
4. Run the following command to stop the SyslogCollectorDM service:

# svc_adm -cmd stopsvc SyslogCollectorDM
5. Disable the function of receiving remote logs for the syslog service.
1. Run the following command to stop the syslog service:
# svcadm disable system-log
2. Run vi command to modify the syslog file in /etc/default.

Change LOG_FROM_REMOTE=YES in the last line of the file to
LOG_FROM_REMOTE=NO and delete # from this line. Run the :wq! command to
save the file and exit.
3. Run the following command to start the syslog service:
# svcadm enable system-log
6. Run the following command to start the SyslogCollectorDM service:

# svc_adm -cmd startsvc SyslogCollectorDM
9.2.1.1 Enabling the Information Center

This topic describes how to enable the information center. You need to enable the information
center before configuring parameters of the information center on NEs.
Context
l After the information center is enabled, the classification and output of information
(especially much information for processing) may affect the system performance to some
extent.
l By default, the information center is enabled. You can run the display info-center
command to view the information center status.
A message similar to the following is displayed, indicating the information center is
enabled.
Information Center:enabled
If this information is not displayed, perform the following steps to enable the information
center.
Procedure
Step 1 Telnet or STelnet to an NE. Run the system-view command to enter the system view.

NOTE
Using STelnet (if supported) to log in to the device is recommended. STelnet is more secure.
Step 2 Run the info-center enable command to enable the information center.
----End
9.2.1.2 Configuring the Syslog Source Interface

This topic describes how to configure the service status of the syslog source interface. After
you configure an NE interface for sending logs, the log server can distinguish NEs based on
the interface IP address. This allows for clear classification of the received logs.
Prerequisites
l The selected NE supports the log service function on the U2000.
l The NE is configured with Telnet/STelnet (more secure, recommended) parameters and
its configurations are synchronized to the U2000.
l The syslog source interface and its IP address are known.
Procedure
Step 1 In the topology navigation tree or the topology view, select the NE to be operated and right-
click it. Then select NE Explorer on the shortcut menu.
Step 2 In the Service Tree, choose System Management > NE Channel Management > Syslog
Service.
Step 3 Click Enable or Disable to change the service status of the syslog source interface.
NOTE
If the syslog source of the host is in use, you cannot select the syslog source interface from the drop-
down list. The status button is Disable. Click Disable to disable the log source. Then you can select the
syslog source interface from the drop-down list. The status button changes to Enable.
Step 4 When the syslog source is disabled, select the source interface for sending syslog files and
click Enable.
----End
9.2.1.3 Adding a Syslog Host

This topic describes how to create a log host to send NE syslog run logs to the specified log
host as planned and facilitate user viewing.
Prerequisites
The IP address of the log host is known.
Context
To view NE logs on the U2000, set Log Host IP Address to U2000 Server IP Address to set
the U2000 server as the NE syslog receiver.

NOTE
The system supports the configuration of a maximum of eight log hosts to realize backup among log
hosts.
Procedure
Step 1 In the Main Topology, right-click an NE and choose NE Explorer from the shortcut menu.
Step 2 In the Service Tree, choose NE Channel Management > Syslog Service from the navigation
tree.
Step 3 On the Syslog Service tab, right-click in a blank area and choose Create from the shortcut
menu.
Step 4 In the Create Log Host dialog box, set the parameters.
NOTE
l If theU2000 manages NEs in inband VPN networking mode, the VRF name must be specified.
l If the U2000 is a high availability system, the IP addresses of both the primary and secondary sites
must be added to the Log Host IP Address list.
Step 5 Click OK or Apply.

NOTE
If more than one log host is added, the Create Log Host progress bar is displayed.
After all log hosts are added, click OK.
----End
9.2.1.4 Configuring the Advanced Attributes of the Syslog Service

This topic describes how to set the parameters about log buffer and the channel number of a
log file.
Procedure
Step 1 In the topology navigation tree or the topology view, select the NE to be operated and right-
click it. Then select NE Explorer on the shortcut menu.
Step 2 In the Service Tree, choose System Management > NE Channel Management > Syslog
Service.

Step 3 On the Syslog Service tab, click Advanced.
Step 4 In the Advanced dialog box, set the parameters.
Step 5 Click OK.
----End
9.2.2 Browsing the NE Syslog Run Logs

This topic describes how to browse NE syslog run logs. By obtaining all NE syslog run logs
through U2000 on the NE side, you can browse the NE syslog run logs of the NEs on the
U2000, rather than query them on each NE.
Prerequisites
l An information center on the NE side is configured so that the NE syslog run logs can be
sent to the U2000. For details about how to configure an information center on the NE
side, see 9.2.1 Configuring the Information Center on the NEs.
l You have configured the U2000 server as the receiver of NE logs and set Log Host IP
Address to that of the U2000 server. For details, see 9.2.1.3 Adding a Syslog Host.
Context
Only user admin can query the NE syslog run logs of all NEs.
Procedure
Step 1 Choose Administration > NE Security Management > NE Syslog Run Log from the main
menu (traditional style); alternatively, double-click Security Management in Application
Center and choose Log Management > NE Syslog Run Log from the main menu
Step 2 In the DRL File List navigation tree, double-click an NE syslog run log file, such as
20120601061544. In the right pane, click a record to view log details.

NOTE
l The files in the device run log (DRL) file list are listed by time.
l You can enter the file name in the text box above the DRL File List navigation tree to filter the DRL
files. Only numbers from 0 to 9 are allowed. Then, the matched files are displayed in the DRL File
List navigation tree.
Step 3 Perform the following steps as required:

Click Condition. In the Filter Criteria dialog box that is displayed, set the filter criteria for
filtering out NE syslog run logs.
----End
9.3 Managing Logs of the Access NE Side

This topic describes how to manage access NE logs. The U2000 provides the function of
managing syslog operation logs for NEs. You can use this function to query and synchronize
syslog operation logs on the U2000 after the logs of the managed NEs are synchronized to the
U2000.
NOTE
This operation is applies to the management of syslog operation log for access NEs.
9.3.1 Browsing NE Syslog Operation Logs

This topic describes how to browse NE syslog operation logs. By obtaining all NE syslog
operation logs on the U2000, you can browse NE syslog operation logs on the U2000 rather
than query them on each NE.
Prerequisites

NOTICE
The SyslogCollectorDM service of the U2000 uses UDP port 514 for receiving remote logs.
On Linux and Windows OSs, port 514 is idle because the function of receiving remote logs is
disabled for the syslog service by default. However, on Solaris OS, the function is enabled by
default and occupies port 514, resulting in a port conflict. To eliminate the conflict, disable
the function of receiving remote logs for the syslog service on Solaris OS.
1. Log in to the U2000 server as user root.
# su - ossuser
$ exit
3. Run the following command to enable the SyslogCollectorDM service:

# svc_adm -cmd enable -svcname SyslogCollectorDM
4. Run the following command to stop the SyslogCollectorDM service:

# svc_adm -cmd stopsvc SyslogCollectorDM
5. Disable the function of receiving remote logs for the syslog service.
1. Run the following command to stop the syslog service:
2. Run vi command to modify the syslog file in /etc/default.

Change LOG_FROM_REMOTE=YES in the last line of the file to
LOG_FROM_REMOTE=NO and delete # from this line. Run the :wq! command to
save the file and exit.
3. Run the following command to start the syslog service:
6. Run the following command to start the SyslogCollectorDM service:

# svc_adm -cmd startsvc SyslogCollectorDM
Context
l This feature allows users to browse syslog operation logs of all access NEs.
l Common users can query only the logs of the NEs of their own management domains.
l User admin can query NE logs of all users.
Procedure
Step 1 Log in to the System Monitor client, and check whether SyslogCollectorDM is started. If not,
select the process, right-click, and choose Start Process from the shortcut menu.
Step 2 STelnet to the device whose log needs to be viewed, and switch to the privilege mode. Run
the loghost add ip-addr hostname command to add a syslog server.
NOTE
The ip-addr indicates the IP address of the U2000 server, and the hostname parameter indicates the
name of the U2000 server.
Step 3 Run the loghost activate name hostname command to activate the Syslog server.
NOTE
The hostname parameter indicates the name of the U2000 server.

Step 4 Run the display loghost list command. If the returned message includes the IP address and
name of the added syslog server, and Terminal state is Normal, the syslog server is
configured successfully.
Step 5 Logging In to a U2000 Client..
Step 6 Synchronize network-wide SNMP NE logs.

1. Choose Administration > NE Security Management > Synchronize SNMP NE Logs
of ALL NEs from the main menu.
2. In the dialog box that is displayed, click OK.
Step 7 Choose Administration > NE Security Management > NE Syslog Operation Logs from
Application Center and choose Log Management > NE Syslog Operation Logs from the
Step 8 In the NE Syslog Operation Logs window, double-click a record to view the log details.
l Click a field in the header of the query result table to sort the query results by field.
l A white upward triangular icon indicates that you can sort the results by field. A black
upward triangular icon indicates that the results are sorted in the ascending order by
field. The black downward triangular icon indicates that the results are sorted in the
descending order by field.
l Click the Device Name, or Access Method field. Different from other table header
fields, these fields are displayed in groups. Therefore, they are not sorted in alphabetic
order.
Step 9 Perform the following operations as required:

l Click Filter. In the Filter dialog box, set the filter criteria to search out the desired NE
logs.
l Click Refresh to refresh the NE logs.
l In the information list, right-click the current query results and save them to a local disk
as a file. The following file formats are supported: XLS, XLSX, TXT, HTML, CSV and
PDF.
----End
Related References
NE Syslog Operation Logs
9.3.2 Browsing Login Logs of NE Users

This topic describes how to use the U2000 LCT user management function to browse login
logs of NE users and ascertain information about user name, severity, login time, logout time
and login type.
Prerequisites

Procedure
Step 1 Choose Administration > NE Security Management > LCT User Management from the
Application Center and choose NE Security > Fix-Network NE > LCT User Management
Step 2 On the User Logs tab select the desired device type from the Device Type drop-down list.
Step 3 Click Filter and set the parameters to display the required NE user logs.
Step 4 Select a log record in the user log list and view the details of the log in the lower pane.
----End
9.4 Managing Transport NE Logs

This topic describes how to manage transport NE logs. Transport NE logs record all security-
based operation information, including NE security logs and NE operation logs. On the
U2000, you can forward NE logs to the syslog server and browse NE security logs and NE
operation logs.
9.4.1 Transferring NE Logs to a Syslog Server

This topic describes how to use the syslog protocol to transfer logs on an NE to a log server in
the format defined by the protocol.
Prerequisites
This operation applies to MSTP, WDM and RTN series NEs.
Related Concepts
9.1.8 Syslog Service
9.4.1.1 Setting a Syslog Server

This topic describes how to properly configure a syslog server for an NE to ensure that the
syslogs of the NE can be sent to the syslog server.
Prerequisites
l The NE must be able to directly communicate with the syslog server.
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Log Forwarding from the
Function Tree.
Step 2 Click the Syslog Server tab. The syslog server list is displayed.
Step 3 Click Query to load configurations of the syslog server from the NE.

Step 4 Click New. The Add Syslog Server dialog box is displayed.
Step 5 Set IP Address, Send Mode, and Port according to actual networking.
Step 6 Click OK. A message will be displayed indicating that the operation is successful.
----End
9.4.1.2 Setting a Syslog GNE

This topic describes how to configure a syslog GNE. You must configure a syslog GNE for
the NEs that cannot communicate with the syslog server directly. The syslog GNE transmits
all syslogs received to the syslog server.
Prerequisites
Procedure
Function Tree.
Step 2 Click the Syslog GNE tab. The syslog GNE list is displayed.
Step 3 Click Query to load the syslog GNE configurations from the NE.
Step 4 Click New. The Select Object dialog box is displayed.
Step 5 Choose proper NEs as the syslog GNEs.

NOTE
You can configure at most 10 syslog GNEs for an NE to transmit its syslogs.
----End
9.4.1.3 Setting the Syslog Type and Severity

This topic describes how to set the syslog type and severity. Different types of syslogs have
different severities. The NE reports the associated information based on the severity of
syslogs.
Prerequisites
Procedure
Step 1 In the NE Explorer, select an NE and choose Security > NE Log Forwarding form the
Function Tree.
Step 2 On the Basic Info tab, click Query to load the configurations from the NE.
Step 3 Click New.

Step 4 In the Add Basic Info dialog box, set Log Type and Log Severity based on network
requirements.
----End
9.4.1.4 Starting the Syslog Service

This topic describes how to start the syslog service. After the syslog service is started on an
NE, the syslogs of the NE can be sent to a syslog server.
Prerequisites
Procedure
Function Tree.
Step 2 On the Basic Info tab, click Query to load configurations from the NE.
Step 3 Select the Start the log forwarding service check box.
Step 4 Click Apply to deploy the latest configurations. A message will be displayed indicating that
the operation is successful.
----End
9.4.2 Viewing Security Logs of NEs

This topic describes how to view NE security logs to learn about NE security information.
Prerequisites
l This function applies to the MSTP series, WDM series, RTN series, PTN series and
marine series NEs.
Context
l NE security logs are saved in the U2000 database by default. You can view information
about NE security on the U2000.
l NE logs are forwarded to the syslog server only and are not saved in the U2000 database.
You can view NE logs on the syslog server only.
Procedure
Step 1 In the NE Explorer, choose Security > NE Security Log from the Function Tree.

Step 2 View NE security logs.

Query Operation
Query on Click Query.

the NMS NOTE
Query the desired information by specifying filter criteria.
Query on Select the Query from the NE check box and click Query.
NEs NOTE
It takes a long time for you to query security logs on NEs.
You can filter the query results to view the desired information.
After the query is complete, information about the NE security-related operations is displayed
in the lower pane of the Browse NE Logs window.
Step 3 Click Save As to save NE security information.
----End
9.4.3 Viewing Operation Logs of NEs

Some NEs are managed by multiple NMSs. Viewing operation logs of NE help query
operations for the NE on other NMSs to facilitate NE maintenance.
Prerequisites
l Apply to the MSTP series, WDM series, WDM (NA) series, RTN series, PTN series and
marine series NEs.
Context
NOTE
Operation logs are recorded for all operations except queries.
l Choose Administration > Log Management > Query Operation Logs from the main
Application Center and choose Log Management > Query Operation Logs from the
main menu (application style). The queried logs display only operations by the current

U2000. Alternatively, in the NE Explorer, you can choose Security > NE Operation
Log from the function tree. Then, logs are displayed indicating operations performed by
all U2000 clients connecting to the NE.
l NE operation logs are forwarded to the syslog server, you can view information about
NE operation security on the syslog server.
Procedure
Step 1 In the NE Explorer, choose Security > NE Operation Log from the Function Tree.
Step 2 In the Log Query Criteria area, specify the time range for the queried NE operation logs.
Step 3 Click Query.

After the query is complete, the NE operation information is displayed in the lower pane of
the Browse NE Logs window.
Step 4 Optional: Click Filter. In the dialog box that is displayed, specify the filter criteria to view
the desired information.
Step 5 Optional: Click Save As to save the NE operation logs information.
----End
Follow-up Procedure
Current users can query the operation information on specific U2000 clients by viewing User
Name and NMS IP Address displayed in the window.

Administrator Guide 10 Monitoring the U2000 Processes
10 Monitoring the U2000 Processes
About This Chapter
This topic describes how to manage the processes on the U2000 server through the system
monitor client. After parameters for server monitoring, hard disk monitoring, database
monitoring, and process monitoring, the U2000 sends a related alarm if the value of a
parameter reaches the associated threshold to prevent sudden unavailability of U2000
functions. In addition, you can learn how to start and stop U2000 services and processes.
10.1 Process Overview
This topic describes the concepts and operations relating to U2000 processes and services,
and the processes list of the U2000.
10.2 Logging In to the System Monitor Client
The U2000 system monitor client adopts the client/server architecture. Before performing
operations on the client, you need to log in to the server on the client.
10.3 Setting the Monitoring Parameters
You can set parameters for server monitoring, hard disk monitoring, database monitoring, and
service monitoring. When a threshold is reached, the U2000 generates an alarm.
10.4 Monitoring the Running Status of the U2000
This topic describes how to monitor the status of the U2000 server. This facilitates you to
view the statuses of the processes, databases, performance, and hard disks of the U2000 server
in the centralized mode.
10.5 Starting and Stopping a Service
If a U2000 service fails to start, you need to manually start it. When rectifying a fault, you
may have to manually start or stop a service. This topic describes how to start and stop a
U2000 service.
10.6 Setting the Startup Mode of a Service
This topic describes how to set the three startup modes of U2000 services, including
Automatic, Manual, and Disabled.
10.1 Process Overview

This topic describes the concepts and operations relating to U2000 processes and services,
and the processes list of the U2000.

10.1.1 Processes and Services

This topic describes the differences and relationships between a process and a service.
l Process
A process refers to the application that runs and provides certain services in the system.
A process can correspond to multiple services. For example, an eam_agent process
corresponds to the EAMService and TopoService services.
l Service
A service usually runs the specified process on the server to provide applications for the
remote computer over the network or local computer, such as applications of the Web
server and client/server mode.
10.1.2 Start Mode

The U2000 processes can be started in Automatic start, Manual start, and Disabled start
modes.
The U2000 processes can be started in the following modes:
l Automatic start:
In this mode, a process is automatically started when the system starts. If a process is
abnormally stopped, the system automatically restarts the process.
l Manual start:
In this mode, a process needs to be manually started rather than being automatically
started when the system starts. If a process is abnormally stopped, the system does not
automatically restart the process.
l Disabled start:
In this mode, a process cannot be automatically started by the system or be manually
started. A process in disabled start mode can be started only after the start mode is
changed to the automatic start mode or manual start mode.
10.1.3 U2000 Process List

This topic describes the information about U2000 processes,such as the functions and
dependent processes of each process and the port occupied by each process.
l The name of a multi-instance process contains numbers to distinguish from a process
with the same function. Table 10-1 shows a process with numbers omitted. For example,
ds_agent refers to the ds*_agent process,with the asterisk character (*) indicating a
number.
l Every instance is responsible for some independent service data. Stopping an instance
will certainly affect related services.
Table 10-1 shows the description of U2000 services and processes. Required Process
specifies the processes that a specified process depends on during startup. The System
Monitor displays the direct and indirect dependencies.

Table 10-1 U2000 process list

Process Service Executa Require Log Files Function
Name Name ble d Description
Files Process/
and Services
Path
ActiveM ActiveM ST_Acti None server/cbb/nbi/ ActiveMQ Service.

Q Q veMQ,se nbicbb_3p/ Provides the
rver/ activemq/data/ northbound
platform/ activemq.log.* interface which
sacscript/ supports JMS
standalo notifications.
ne
AEMgr AEMgr Java,serv None None AEMgr. Support

er/ Management of
$IMAP_ Atom Engine
JAVA_H
OME/bin
/


Files Process/
and Services
Path
Agent_C Agent_C Agent_C None server/var/logs/ CORBA Service.

ORBA ORBA ORBA,s Develop/nbi/ This process
erver/nbi Agent_CORBA/ provides the
/ unbi_corbadebug_ CORBA NBI
corba/bin %y%m%d_%H%M management
%S_*.* service.
server/var/logs/
Develop/nbi/
Agent_CORBA/
unbi_corbanotify_
%y%m%d_%H%M
%S_*.*
server/var/logs/
Develop/nbi/
Agent_CORBA/
unbi_corbasys_%y
%m%d_%H%M
%S_*.*
server/var/logs/
Develop/nbi/
Agent_CORBA/
unbi_debug_%y%m
%d_%H%M
%S_*.*
server/var/logs/
Develop/nbi/
Agent_CORBA/
unbi_sys_%y%m
%d_%H%M
%S_*.*
AgentInt AgentInt java,serv None server/var/logs/ Integrate Interface

egrate egrate er/$ Develop/ Service. Provide
{IMAP_ AgentIntegrate/ integrate interface
JAVA_H *.log service to uTraffic.
OME}/bi
n


Files Process/
and Services
Path
agt_cst_ agt_cst_ java,serv None servervar/logs/ XML northbound

xml xml er/$ Develop/nbi/ interface (non
{IMAP_ xml2tl1/NBILog/ MTOSI). This
JAVA_H xml2tl1.txt process provides
OME}/bi server/var/logs/ XML NBI
n Develop/nbi/ Management
xml2tl1/NBILog/ service for Access
process.log NE(non MTOSI).
server/var/logs/
Develop/nbi/
xml2tl1/NBILog/
custom_xml2tl1.txt
AlarmW AlarmW None,No None None AlarmWatchdog.

atchdog atchdog ne monitor virtual
machine alarm.
BmsAcc BmsAcc BmsAcc mc server/var/logs/ Access Device

ess ess ess,serve Develop/ Manager. This
r/nemgr/ BmsAccess_*/ process provides the
nemgr_a BmsAccess_%y%m equipment
ccess/bin %d_%H%M%S.* management of the
server/var/logs/ access domain.
Develop/
BmsAccess_*/
BootLog_%y%m
%d_%H%M%S.*
server/var/logs/
mrblog/
BmsAccess_*_%y
%m%d_%H%M
%S.*
server/var/logs/
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*


Files Process/
and Services
Path
BmsAtur BmsAtur BmsAtur mc server/var/logs/ Access Device

,server/ Develop/ ATUR Manager.
nemgr/ BmsAtur_*/ This process
nemgr_a BmsAtur_%y%m provides the xDSL
ccess/bin %d_%H%M%S.* terminal
server/var/logs/ management
Develop/ service.
BmsAtur_*/
BootLog_%y%m
%d_%H%M%S.*
server/var/logs/
mrblog/
BmsAtur_*_p86_
%y%m%d_%H%M
%S.*
server/var/logs/
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*
BmsCom BmsCom BmsCom lic_agent server/var/logs/ Access Device

mon mon mon,serv ,mc Develop/ Common Service.
er/ BmsCommon/ This process
nemgr/ BmsCommon_%y provides license,
nemgr_a %m%d_%H%M task scheduling,etc.
ccess/bin %S.* management of the
server/var/logs/ access domain.
Develop/
BmsCommon/
BootLog_%y%m
%d_%H%M%S.*
server/var/logs/
mrblog/
iMAPBase_p242_
%y%m%d_%H%M
%S.*
server/var/logs/
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*


Files Process/
and Services
Path
BmsHG BmsHG BmsHG None server/var/logs/ HGMP Manager

MPDm MPDm MPDm,s Develop/ Process. HGMP
erver/ BmsHGMPDm/ manager service
nemgr/ BmsHGMPDm_%y provides the
nemgr_a %m%d_%H%M function of
ccess/bin %S.* managing HGMP
server/var/logs/
mrblog/
iMAPBase_p234_
%y%m%d_%H%M
%S.*
BmsiSSt BmsiSSt java,serv None None BmsiSStar. Support

ar ar er/$ Access service
{IMAP_ iSStar functions
JAVA_H
OME}/bi
n
BmsNm BmsNm BmsNm None None Access Network

Common Common Common Manager. Supports
,server/ Access network
common/ manage
access/bi functions.Including
n the functions of
Access network
searching.
BmsPon None BmsPon lic_agent server/var/logs/ PON TL1 Alarm

AlarmTL AlarmTL ,mc Develop/ Process. This
1 1,/ BmsPonAlarmTL1 process provides
nemgr/ server/var/logs/ PON TL1 Alarm
nemgr_a mrblog/ NBI Management
ccess/bin iMAPBase_p4008_ service.
%y%m%d_%H%M
%S.*
server/var/logs/
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*


Files Process/
and Services
Path
BmsPon BmsPon BmsPon lic_agent server/var/logs/ Access PON TL1

EmsTL1 EmsTL1 EmsTL1, ,mc Develop/ Processs. Provides
server/ BmsPonEmsTL1 service provisioning
nemgr/ server/var/logs/ and fault diagnosis
nemgr_a mrblog/ for PON TL1
ccess/bin iMAPBase_p4007_ services.
%y%m%d_%H%M
%S.*
server/var/logs/
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*
BmsTest BmsTest BmsTest, mc server/var/logs/ Access Device Line

server/ Develop/BmsTest Test. This process
nemgr/ server/var/logs/ provides line test of
nemgr_a mrblog/ the access domain.
ccess/bin iMAPBase_p79_%y
%m%d_%H%M
%S.*
server/var/logs/
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*


Files Process/
and Services
Path
BmsTimi BmsTimi BmsTimi mc server/var/logs/ TL1 Timing Task

ngTask ngTask ngTask,s Develop/ Manager. This
erver/ BmsTimingTask/ process provides
nemgr/ BmsTimingTask_ TL1 timing task
nemgr_a %y%m%d_%H%M management.
ccess/bin %S.*
server/var/logs/
Develop/
BmsTimingTask/
BootLog_%y%m
%d_%H%M%S.*
server/var/logs/
mrblog/
iMAPBase_p38_%y
%m%d_%H%M
%S.*
server/var/logs/
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*
BmsWeb BmsWeb java,serv None None Access Web

Service Service er/$ Service. This
{IMAP_ process provides
JAVA_H web service for the
OME}/bi access domain.
n
BoxSW BoxSW BoxSW None server/var/logs/ Case-shaped Switch

MgrDm MgrDm MgrDm, Develop/ NE Management.
server/ BoxSWMgrDm/ Manages case-
nemgr/ BoxSWMgrDm_%y shaped Quidway
nemgr_s %m%d_%H%M switches.
witchmg %S.*
r/
switchm
gr_box/b
in
BulkColl BulkColl BulkColl None server/var/logs/ BulkCollector. This

ector ector ectorDm, Develop/ process provides the
server/ BulkCollector_ function of
common/ $procHandle/ collecting
bulkcolle BulkCollector*.log performance data in
ctor/bin batches.


Files Process/
and Services
Path
BulkColl BulkColl BulkColl None server/log/ Bulk Collector. This

ectorDm ectorDm ectorDm, BulkCollector*.log process provides the
server/ function of
common/ collecting
pmscolle performance data in
ctor/bin batches.
cltsi None cltsi,serv mc server/var/logs/ Access 112

er/ Develop/cltsi/cltsi_ Test(CLTSi). This
common/ %y%m%d_%H%M process provides the
access_c %S.* CLTSi 112 test.
ommon/ server/var/logs/
pccw112 Develop/cltsi/
/bin BootLog_%y%m
%d_%H%M%S.*
Common Common npms_te None server/var/logs/ CommonNBI. This

NBI NBI xtagent,s Develop/nbi/ process provides the
erver/ textagent/ NBI function. It is
server/nb npms_text_debug.lo used to transmit
i/ g performance data in
text_npm server/var/logs/ the text format
s/bin Develop/nbi/ through FTP.
textagent/
pfmscript_npms_tex
t.log
cpgraph cpgraph java,serv None var\logs\Devlog Board Graph

er/ \boardgraph Application. Board
combine Graph Application
_service
\boardgr
aph
CSMAda CSMAda java,serv None server/var/logs/ CSM Adapter.

pter pter er/ Develop/ Support data
common u2vcmm_adapter/ adapter interface
\ip u2a_%y%m%d_ Between the U2000
\vcmmad %H%M%S.* and CSM.
apter server/var/logs/
Develop/
u2vcmm_adapter/
alarm/alarm_%y
%m%d_%H%M
%S.*


Files Process/
and Services
Path
dam dam dam,serv None server/var/logs/ Device Access

er/ Develop/dam/dam_ Manager. Creates
common/ %y%m%d_%H%M SNMP NEs.
frame/da %S.*
m/bin
DataAna DataAna DataAna None server/var/logs/ DataAnalysis. This

lysis lysis lysis,serv Develop/ process provides the
er/ DataAnalysis/ interface of query
common/ DataAnalysis*.log performance data.
pms/bin server/var/logs/
Develop/
DataAnalysis/
historydata.delete.lo
g
datacolle datacolle datacolle None server/tools/ NE Data Collector

ctorsvr ctorsvr ctorsvr,s datacollector/log/ Process. The
erver/ Datacollectorlog/*.* Datacollector is
tools/ server/tools/ mainly used for
datacolle datacollector/log/ collecting the
ctor/bin ScriptLog/*.* complete and
correct fault data in
case of NE failure
and helps to locate
faults quickly


Files Process/
and Services
Path
DCServe DCServe DCServe None server/var/logs/ DC. Provides the

r r r,server/ Develop/DCServer/ management
common/ DCServer*.log function of device's
dc/bin server/var/logs/ data in the network
Develop/DCServer/ management
BootLog*.log system.
server/var/logs/
Develop/DCServer/
Bms_ne*_%y%m
%d_%H%M%S.*
server/var/logs/
Develop/DCServer/
Dms_ne*_%y%m
%d_%H%M%S.*
server/var/logs/
Develop/DCServer/
tkdll_log/
server/var/logs/
Develop/DCServer/
backup*/
disaster_ disaster_ datacolle None None NE disaster

recovery recovery ctorsvr,s recovery. The
_svr _svr erver/ disasterrecovery is
tools/ mainly used for
disasterr network disaster
ecovery/ recovery function
bin processing
DmsBas DmsBas DmsBas None server/var/logs/ Basic IP Service.

eDm eDm eDm,ser Develop/ Provides basic IP
ver/ DmsBaseDm/*.log services, such as
common/ link search, system
ip/ log, interface
base/bin inventory, and
change audit.
DmsNet DmsNet DmsNet None server/var/logs/ NetACL.

AclDm AclDm AclDm,s Develop/ Configures ACLs
erver/ DmsNetAclDm/ for multiple NEs in
common/ DmsNetAclDm_%y batches.
ip/ %m%d_%H%M
base/acl/ %S.*
bin


Files Process/
and Services
Path
DrlDm DrlDm DrlDm,s None server/var/logs/ NE Run Log. NE

erver/ iMAP.log_agent.tra Run Log
common/ ce
syslog/bi server/var/logs/
n/ mrblog/
DrlDm_p499_%y
%m%d_%H%M
%S.*
ds_agent Desktop None,No None server/var/ Desktop Service

Service ne logs/ds/ds*/ Process. Supports
desktop_ds*_YYY data presentation
YMMDDhhmmss*. and operations on
log various types of
server/var/ client interfaces,
logs/ds/ds*/ such as Java and
desktop_startup_ds* Web interfaces.
.log Multiple DSs can be
deployed to reduce
pressure on the
server to connect to
a large number of
clients.
eam_age EAMSer imapsvc None server/var/logs/ EAM Process.

nt vice d,server/ iMAP.eam_agent.tra Maintains a global
platform/ ce NE list for NE
bin management.
eam_age TopoSer imapsvc EAMSer None Topo Process.

nt vice d,server/ vice Provides the
platform/ functions of
bin topology
management.
emauclie emauclie java,serv None server\var\logs Device Quick

nt nt er/ \Develop\emau Adapter Client. NM
base_ser \trace--%y%m%d_ node device static
vice/ %H%M%S.log data auto upgrate
emau/
emau_cli
ent


Files Process/
and Services
Path
emauser emauser java,serv None server\var\logs Device Quick

ver ver er/ \Develop\emau Adapter Server. NM
base_ser \trace--%y%m%d_ node device static
vice/ %H%M%S.log data auto upgrate
emau/
emau_se
rver
EmfGnl EmfGnl EmfGnl None var/logs/ General Device

DevDm DevDm DevDm, iMAP.EmfGnlDevD Process. Provides
server/ m.trace the function of
common/ var/logs/mrblog/ managing third-
topo/lbin iMAPGnlDev_p48_ party NEs.
YYYMMDD_hhm
mss.log
Eml_Cac Eml_Cac java,serv None server/var/logs/ Transmit Data

heSvr heSvr er/$ Develop/ Cache. This process
{IMAP_ uflight_trans_dataca provides the data
JAVA_H che/communicate- cache of NEs,
OME}/bi %y.%m.%d-%H. boards, ports and
n %M.%S.* etc. for client.
server/var/logs/
Develop/
uflight_trans_dataca
che/uflight-%y.%m.
%d-%H.%M.%S.*
Eml_DC Eml_DC Eml_DC None server/var/logs/ DCC View Tool.

CView CView CView,se Develop/ Transmit Ne
rver/ Eml_DCCView/ communication
tools/ Eml_DCCView_%y DCC view
dccview/ %m%d_%H%M Management.
bin %S.*
Eml_De Eml_De java,serv None server/var/logs/ Transmit NE

vCmdSv vCmdSv er/ Develop/ Commad service.
r r common/ uflight_trans_mmls Support MML
trans_m erver/communicate- command service
mlserver %y.%m.%d-%H. for transmit NE.
%M.%S.*
server/var/logs/
Develop/
uflight_trans_mmls
erver/uflight-%y.
%m.%d-%H.%M.
%S.*


Files Process/
and Services
Path
Eml_faul Eml_faul Eml_faul None server/var/logs/ Diagnosis of

tdiag tdiag tdiag,ser Develop/ transport packet
ver/ uflight_nemgr_diag services. Provides
common/ nosis/communicate- fault diagnosis for
trans_fau %y.%m.%d-%H. transport packet
ltdiag/ %M.%S.* services, covering
controlle server/var/logs/ the PWE3 E-Line
r/plugins Develop/ services of the
uflight_nemgr_diag OptiX RTN 905,
nosis/uflight-%y. OptiX RTN 910,
%m.%d-%H.%M. OptiX RTN 950,
%S.* OptiX RTN 980,
OptiX OSN 500,
OptiX OSN 550,
OptiX OSN 3500,
OptiX OSN 7500,
OptiX OSN 7500II,
and OptiX OSN
8800, and the
Native Ethernet E-
Line services of the
OptiX RTN 310,
OptiX RTN 905,
OptiX RTN 910,
OptiX RTN 950,
OptiX RTN 980,
OptiX OSN 500,
and OptiX OSN
550.
Eml_faul Eml_faul Eml_faul None server/var/logs/ ---. Provides the

tdiagtsk tdiagtsk tdiagtsk, Develop/ function to diagnose
server/ trans_faultdiag/ transport packet
common/ communicate-%y. services. Only
trans_fau %m.%d-%H.%M. PWE3 E-Line
ltdiag/bi %S.* service of the Optix
n server/var/logs/ RTN910, RTN950
Develop/ and RTN980
trans_faultdiag/ equipments is
uflight-%y.%m.%d- supported.
%H.%M.%S.*


Files Process/
and Services
Path
EML_G EML_G EML_G None server/var/logs/ Transmit GNE

NEProxy NEProxy NEProxy Develop/ Proxy. This process
,server/ EML_GNEProxy/ provides the
common/ EML_GNEProxy_ function of
trans_cor %y%m%d_%H%M Connection service
e/bin %S.* for Transmit GNE.
Eml_mm Eml_mm Eml_mm None server/var/logs/ MML Service. This

l l l,server/n Develop/Eml_mml/ process provides the
bi/mml/b Eml_mml_%y%m MML NBI service.
in %d_%H%M%S.*
Eml_Per Eml_Per Eml_Per None server/var/logs/ Transmit

fSvr fSvr fSvr,serv Develop/ Performance
er/ Eml_PerfSvr/ Service. This
common/ Eml_PerfSvr_%y process provides the
trans_cor %m%d_%H%M transfer-domain
e/bin %S.* performance
management
function.
Eml_Pub Eml_Pub Eml_Pub None server/var/logs/ Transmit Common

Svr Svr Svr,serve Develop/ Service. This
r/ Eml_PubSvr/ process provides the
common/ Eml_PubSvr_%y function of inter-NE
trans_cor %m%d_%H%M management on
e/bin %S.* transferdomain NEs
and reports.
Eml_We Eml_We None,No None server/var/logs/ Transmit Common

bPubSvr bPubSvr ne Develop/ Service. Provides
Eml_WebPubSvr/*- the common service
%y%m%d_%H%M of Transmit NEs.
%S.log
Enpower Enpower Enpower None server/var/logs/ Access environment

Dm Dm Dm,serv Develop/ and power monitor.
er/ EnpowerDm/ This process
common/ backup*/ provides the
env/bin server/var/logs/ function of
Develop/ centralized
EnpowerDm/ monitoring on the
EnpowerDm_%y access NE
%m%d_%H%M environment status
%S.* and the power
supply status.


Files Process/
and Services
Path
FrameS FrameS FrameS None server/var/logs/ Chassis-Shaped

WMgrD WMgrD WMgrD Develop/ Switch NE
m m m,server/ FrameSWMgrDm/ Management.
nemgr/ FrameSWMgrDm_ Manages chassis-
nemgr_s %y%m%d_%H%M shaped Quidway
witchmg %S.* switches.
r/
switchm
gr_frame
/bin
ftpd None ftpd,/usr/ None /var/logs/vsftpd.log FTP Service. This

sbin /var/log/ process provides the
vsftpdlogbak/*.* FTP service.
Gateway Gateway gateway, None server/var/logs/ InstanceGateway.

server/ Develop/gateway/ This process
common/ inventory_*.log provides the
pms/ server/var/logs/ interface of manage
gateway Develop/gateway/ monitor instance.
datalose.log
server/var/logs/
Develop/gateway/
npms_gateway.log
Gcli Gcli Gcli,serv None None IP Graphical CLI.

er/ Provides GUI
common/ command line
ip/ functions for
gcli/bin switches and
routers.
Health_c Health_c com.hua None server/var/logs/ PTN Health Check.

heck heck wei.healt Develop/ PTN Health Check,
hcheck. uflight_health_chec support Optix PTN
webserve k/communicate-%y. 905, Optix PTN
r_1.0.0.j %m.%d-%H.%M. 910, Optix PTN
ar,server/ %S.* 910-F, Optix PTN
common/ server/var/logs/ 950, Optix PTN
health_c Develop/ 960, Optix PTN
heck/ uflight_health_chec 1900, Optix PTN
plugins k/uflight-%y.%m. 3900-8, Optix PTN
%d-%H.%M.%S.* 3900.
hedex_a None None,No None var/logs/hedex/ Help Process.

gent ne hedex*.log Provides help
document.


Files Process/
and Services
Path
httpd apache httpd,ser None server/var/logs/ Apache Http

ver/ apache/apache.log Service. Distribute
3rdTools server/var/logs/ Http Request.
/ apache/
apache/b monitor_apache.log
in
server/var/logs/
apache/
apachectl.log
server/3rdTools/
apache/logs/*.log
ifms_age FaultSer imapsvc None var/logs/ Fault Process.

nt vice d,server/ iMAP.ifms_agent.tr Collects and saves
platform/ ace fault information
bin var/logs/ from managed
iMAP.ifms_agent_p devices using NE
roduct.trace engines, and queries
and analyzes the
var/logs/ fault information.
iMAP.ifms_agent_d
berr.trace
var/logs/mrblog/
ifms_agent_p56_Y
YYYMMDD_hhm
mss.log
imap_sys None imap_sys None server/var/logs/ System Monitor.

monitor monitor,s iMAP.imapsysmonit Provides service to
erver/ or_perf.trace monitor the process
platform/ server/var/logs/ of the system. This
bin iMAP.imap_sysmon process monitors
itor.trace resources, which
include CPUs,
server/var/logs/ memory, hard disks,
iMAP.imapsysmonit services, processes,
or_perf.trace databases, and
server/var/logs/ generates alarms
mrblog/ when faults occur.
imap_sysmonitor_p
66_%y%m%d_%H
%M%S.log


Files Process/
and Services
Path
imapeve None imapeve None server/var/logs/ Daemon

ntmgr ntmgr,ser iMAP.imapeventmg Process(Event
ver/ r.trace Manager Process).
platform/ server/var/logs/ This process
bin iMAP.imapevents.tr forwards events.
ace
imapmrb None imapmrb None server/var/logs/ Daemon

,server/ mrblog/ Process(mrb
platform/ iMAPMrb_p2_%y Process). This
bin %m%d_%H%M process forwards
%S.log messages. This
process is a daemon
process.
imapsysd None imapsysd None var/logs/ Daemon Process.

,server/ iMAP.imapsysd.trac This process is a
platform/ e daemon process.
bin var/logs/mrblog/
iMapSysd_p65_YY
YMMDD_hhmmss.
log
imapwat None imapwat None None Daemon

chdog chdog,se Process(watchdog
rver/ Process). This
platform/ process monitors
bin daemons.
inbxmlso null inbxmlso None server/var/logs/ iNBXMLSoapAgen

ap_agent ap_agent Develop/ t. Provides a
,None iAF_XMLAgent/ technical
iAF_XMLAgent_ framework based on
%y%m%d_%H%M GSOAP for
%S.* business
server/var/logs/ development.
mrblog/
inbxmlsoap_agent_
p9984_%y%m%d_
%H%M%S.*


Files Process/
and Services
Path
inTL1N inTL1N inTL1N mc server/var/logs/ TL1 Proxy Inner

BiDm BiDm BiDm,se Develop/ Interface. This
rver/ inTL1NBiDm/ process provides the
nemgr/ inTL1NBiDm_%y XML NBI
nemgr_a %m%d_%H%M Proxy,Service
ccess/bin %S.* Provisioning Profile
server/var/logs/ management.
Develop/
inTL1NBiDm/
BootLog_%y%m
%d_%H%M%S.*
server/var/logs/
mrblog/
iMAPBase_p237_
%y%m%d_%H%M
%S.*
server/var/logs/
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*
Inventor Inventor Inventor None server/var/logs/ Inventory Manager.

yDM yDM yDM,ser Develop/ Provides the
ver/ InventoryDM/ management of
common/ InventoryDM_%y inventory data, such
inventor %m%d_%H%M as physical
y/bin %S.* resources, fibers/
cables, and
customers.
inventor inventor java,serv None None Inventory Service.

ysvc ysvc er/$ Inventory Servcie
{IMAP_
JAVA_H
OME}/bi
n
ip_isstar ip_isstar ip_isstar, None var/logs/Develop/ ip_isstar. Support IP

server/ ip_isstar service iSStar
common/ functions
ip/
ip_isstar


Files Process/
and Services
Path
ip_pings IPPingSe ip_pings None None IP Ping Service.

vr rvice vr,server/ Provides the ping
server service of NEs.
\common
\ip
\ip_pings
vr\bin
ip_pubsv ip_pubsv java,serv None server/var/logs/ IP Public Service.

r r er/$ Develop/ Provides the
{IMAP_ ip_pubsvr/*-%y%m common service of
JAVA_H %d_%H%M%S.* IP NEs.
OME}/bi
n/
ipcommo ipcommo ipcommo sm_agen server/var/logs/ Common IP

n n n,server/ t Develop/ipcommon/ Application
common/ ipcommon_%y%m Management.
ip/ %d_%H%M%S.* Provides common
common/ IP services, such as
bin the diagnosis
function.
ipvnfsvr ipvnfsvr ipvnfsvr, None var/logs/Develop/ ipvnfsvr. Support IP

server/ ip_vnf VNF management
common/ functions
ip/ip_vnf
is_server is_server java,serv isdb server/var/logs/is Integrate Service.

er/ Provide address
base_ser service and
vice/ configuration
is_server service.
isagent isagent java,serv None server\var\logs Integrate System

er/ \Develop\isagent Agent. provide
base_ser proxy and cache
vice/is service of data from
IS node
isdb isdb java,serv None server/var/logs/isdb Integrate System

er/bin Database. ISDB is
the third party open
source database
named h2 for
Integrate System.


Files Process/
and Services
Path
itm_agen ItmServi imapsvc None server/var/logs/ Integrated Task

t ce d,server/ iMAP.itm_agent.tra Management.
platform/ ce Provides the
bin server/var/logs/ functions of
mrblog/ integrated task
itm_agent_p9992_ management.
%y%m%d_%H%M
%S.*
lic_agent LicenseS imapsvc None server/var/logs/ License Process. A

ervice d,server/ iMAP.lic_agent.trac service interface is
platform/ e provided to check
bin the validity of the
license file of the
current version
License License License None server/var/logs/ LicenseManager.

Manager Manager Manager, Develop/ This process
server/ LicenseManager/ manage the license.
common/ LicenseManager*.lo
pms/bin g
log_agen DolServi imapsvc LogServi server/var/logs/ Log Process.

t ce d,server/ ce iMAP.log_agent.tra Records operation
platform/ ce logs of devices.
bin
log_agen Forwardi imapsvc LogServi servervar/logs/ Syslogagent

t ngServic d,server/ ce iMAP.log_agent.tra Process. Forwards
e platform/ ce OSS logs to third-
bin server/var/logs/ party Syslog servers
mrblog/ over the BSD
log_agent_p46_YY Syslog protocol.
YYMMDD_hhmms
s.log
log_agen LogServi imapsvc None server/var/logs/ Log Process.

t ce d,server/ iMAP.log_agent.tra Records and
platform/ ce manages operation
bin logs, system logs,
and security logs.


Files Process/
and Services
Path
manager SystemS imapsvc None server/var/logs/ System

_agent ervice d,server/ iMAP.manager_age Management
platform/ nt.trace Process. Provides
bin server/var/logs/ OSS management
mrblog/ functions, for
manager_agent_p99 example, version
90_%y%m%d_%H checks for CAU and
%M%S.log management of
preferences and
broadcast messages.
mc mc mc,serve None server/var/logs/ Distribution

r/ Develop/mc/mc_%y Manager. Provides
common/ %m%d_%H%M basic NE
frame/m %S.* distribution
c/bin services.
migrate_ migrate_ java,serv None var/logs/Develop/ NE Migrate Agent.

agent agent er/$ migrate_agent EM nodes deployed
{IMAP_ in the scheduling of
JAVA_H the EM Internet
OME}/bi metadata moved to
n move out.
migrate_ migrate_ java,serv None var/logs/newarch/ NE Migrate

mgr mgr er/$ nemove_server Manager. Deployed
{IMAP_ in NM node
JAVA_H scheduling NE
OME}/bi migration between
n NEs.
minasshd minasshd minasshd None None minasshd. provide

,server/ the function of sftp
3rdTools server
/ftp/
minasshd
mso_task mso_task None,ser None server/var/logs/ mso_taskScheduleS

Schedule Schedule ver/$ Develop/newDS/ ervice. Provides the
Service Service {IMAP_ ScheduleCenter- scheduing and
JAVA_H *.log concurrent control
OME}/bi of MSO tasks.
n
MSOCol MSOCol None,No None server/var/logs/ MSOCollectService

lectServi lectServi ne Develop/ . Provides the
ce ce MsoCollect/*.log function of data
collection MSO


Files Process/
and Services
Path
MSOSer MSOSer None,ser None server/var/logs/ MSOService.

vice vice ver/$ Develop/OLS/*.log Provides the device
{IMAP_ connection and data
JAVA_H collection functions.
OME}/bi
n
msserver msserver msserver None None Engineering

,/opt/ Process. This
HWENG process provides the
R function of
component
installation, package
deployment, system
upgrade, patch
installation, data
backup and
recovery for
iManager System.
Naming_ Naming_ Naming_ None server/tao.trace CORBA Naming

Service Service Service,s Service(TAO).
erver/cbb Provides Naming
/nbi/ Service for CORBA
nbicbb_3 interface(TAO)
p/
share/bin
nbigw_c nbigw_c nbigw_c None None CORBA Service.

orba orba orba,serv Providing OSS and
er/ U2000 NM/EM
server/nb CORBA subsystem
i/ processes interact
corba/bin IIOP packet
forwarding and
session
management in
U2000 distributed
architecture
nbigw_x nbigw_x nbigw_x None None XML Service.

ml ml ml,server Provides MTOSI
/ 2.0 SOAP
server/nb northbound
i/xml/bin interface in U2000
distributed
architecture.


Files Process/
and Services
Path
nelicServ nelicServ neLicSer None server/var/logs/ NE License

er er ver,serve Develop/ Management.
r/ neLicServer/ Provide the function
common/ backup*/ of NE license
nelic/bin server/var/logs/ Management.
Develop/
neLicServer/
neLicServer_%y
%m%d_%H%M
%S.*
nemgr_b nemgr_b nemgr_b None server/var/logs/ BITS NE Manager.

its its its,server mrblog/ This process
/nemgr/ iMAPBase_p236_ provides the
nemgr_b %y%m%d_%H%M equipment
its/bin %S.* management of
server/var/logs/ BITS.
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*
server/var/logs/
Develop/
nemgr_bits_%y%m
%d_%H%M%S.*
nemgr_is nemgr_is java,serv mc None iSite NE Manager .

ite ite er/$ This process
{IMAP_ provides the
JAVA_H equipment
OME}/bi management of
n iSite.
nemgr_ nemgr_ nemgr_ lic_agent server/var/logs/ MARINE NE

marine marine marine,s ,mc Develop/ Manager. This
erver/ nemgr_marine_*/ process provides the
nemgr/ nemgr_marine_%y function of
nemgr_ %m%d_%H%M managing
marine/b %S.* submarine cable
in server/var/logs/ series equipment.
Develop/
nemgr_marine_*/
alarm_%y%m%d_
%H%M%S.*


Files Process/
and Services
Path
nemgr_tr nemgr_tr nemgr_tr lic_agent server/var/logs/ Transmit NE

ans ans ans,serve ,mc Develop/ Manager. This
r/nemgr/ nemgr_trans_*/ process provides the
nemgr_tr nemgr_trans_%y function of
ans/bin %m%d_%H%M managing transmit
%S.* equipment.
server/var/logs/
Develop/
nemgr_trans_*/
alarm_%y%m%d_
%H%M%S.*
nemgr_v nemgr_v java,serv mc server/var/logs/ PTN Management

8ptn 8ptn er/$ Develop/ (VRP V8). Provides
{IMAP_ uflight_nemgr_v8pt the NE management
JAVA_H n_server/*-%y%m function for VRP8-
OME}/bi %d_%H%M%S.* based PTN devices.
n/ server/var/logs/
Develop/
uflight_nemgr_v8pt
n_server/
nemgr_v8ptn/*-%y
%m%d_%H%M
%S.*
nemgr_v nemgr_v java,serv None server/var/logs/ Transmit Network

8trans 8trans er/$ Develop/ Element(VRP V8)
{IMAP_ uflight_nemgr_v8tr Management.
JAVA_H ans_*/*-%y%m%d_ Manages Transmit
OME}/bi %H%M%S.* NEs(VRP V8).
n server/var/logs/
Develop/
uflight_nemgr_v8tr
ans_*/
nemgr_v8trans/*-
%y%m%d_%H%M
%S.*
Nemgr_v Nemgr_v Nemgr_v None server/var/logs/ Router Management

mf mf mf,serve Develop/ (VRP V8). Manages
r/nemgr/ uflight_nemgr_vmf VRP V8 routers.
nemgr_v _server/.*
mf/bin


Files Process/
and Services
Path
nemgr_w nemgr_w java,serv mc server/var/logs/ Transmit NE

ebtrans ebtrans er/$ Develop/ Manager(Web
{IMAP_ uflight_nemgr_webt server). Provides
JAVA_H rans_*/*-%y%m the Web server
OME}/bi %d_%H%M%S.* management of
n Transmit NEs.
neproxy neproxy neproxy, None server/tools/ Data Collector NE

server/ datacollector/log/ Proxy Process. Data
tools/ neproxylog/*.* Collector NE Proxy
datacolle Process
ctor/bin
nesvc_v8 nesvc_v8 nesvc_v8 lic_agent server/var/logs/ PTN Network

ptn ptn ptn,serve ,mc Develop/ Element(VRP V8)
r/nemgr/ nesvc_v8ptn_*/ Communication
nemgr_v nesvc_v8ptn_%y Management .
8ptn/bin %m%d_%H%M Manages PTN
%S.* NEs(VRP V8)
Communication.
nesvc_v8 nesvc_v8 nesvc_v8 lic_agent server/var/logs/ Transmit Network

trans trans trans,ser ,mc Develop/ Element(VRP V8)
ver/ nemgr_v8service_*/ Service
nemgr/ nemgr_v8service_ Management .
nemgr_v %y%m%d_%H%M Manages Transmit
8trans/bi %S.* NEs(VRP V8)
n server/var/logs/ Service.
Develop/
nemgr_v8service_*/
alarm_%y%m%d_
%H%M%S.*
netconfp netconfp netconfp None server/var/logs/ netconfproxy.

roxy roxy roxy,serv Develop/ provides the proxy
er/ NetConfProxy function of using
common/ netconf to
sbi/ communicate with
netconfp NEs.
roxy/bin


Files Process/
and Services
Path
NEUpgr NEUpgr NEUpgr None server/var/logs/ NEUpgrade.

ade ade ade,serve Develop/ Provides the
r/ NEUpgrade management
common/ function of device's
dc/bin software and the NE
upgrade in the
network
management
system.
nm_neso nm_neso java,serv None None NE Software

ftmgr ftmgr er/$ Management .
{IMAP_ Monitors NE
JAVA_H upgrade tasks on
OME}/bi EMs.
n
Nml_aso Nml_aso Nml_aso lic_agent server/var/logs/ OTN ASON

n_otn n_otn n_otn,ser ,Eml_Pu Develop/ Network Manager.
ver/nml/ bSvr Nml_ason_otn/ This process
ason_otn Nml_ason_otn_%y provides the OTN
/bin %m%d_%H%M ASON network
%S.* management
function.
Nml_aso Nml_aso Nml_aso lic_agent server/var/logs/ SDH ASON

n_sdh n_sdh n_sdh,se ,Eml_Pu Develop/ Network Manager.
rver/nml/ bSvr Nml_ason_sdh/ This process
ason_sdh Nml_ason_sdh_%y provides the SDH
/bin %m%d_%H%M ASON network
%S.* management
function.
Nml_co Nml_co Nml_co lic_agent server/var/logs/ Network Common

mmon mmon mmon,se ,sm_age Develop/ Service. This
rver/nml/ nt Nml_common/ process provides the
nmlcom Nml_common_%Y E2E common
mon/bin %m%d_%H%M management
%S.log service. The other
E2E processes all
depend on this
process.


Files Process/
and Services
Path
Nml_cps Nml_cps Nml_cps lic_agent server/var/logs/ Composite Service

,server/n ,sm_age Develop/Nml_cps/ Manager. Supports
ml/ nt Nml_cps_%Y%m management of
nmlcps/b %d_%H%M%S.log composite services
in and Router/
Switch/PTN/MSTP/
MSTP NEs.
Nml_eo Nml_eo Nml_eo Nml_co server/var/logs/ EoW and EoO.

w w w,server/ mmon Develop/Nml_eow/ Provides the end-to-
nml/ Nml_eow_%Y%m end Ethernet service
nmleth/b %d_%H%M%S.* management
in function for the
EoW/EoO
equipment, which
helps to quickly
configure or
maintain EPL,
EVPL, EPLAN,
RPR EVPL, RPR
EVPLAN, and
ATM services.
Nml_eth Nml_eth Nml_eth, None server/var/logs/ MSTP ETH and

server/n Develop/Nml_eth/ ATM. Supports end-
ml/ Nml_eth_%Y%m to-end configuration
nmleth/b %d_%H%M%S.* of EPL, EVPL,
in EPLAN, RPR
EVPL, RPR
EVPLAN, and
ATM services.
Nml_ip Nml_ip Nml_ip,s lic_agent server/var/logs/ IP Service Manager.

erver/nm ,sm_age Develop/Nml_ip/ Supports
l/ nt Nml_ip_%Y%m management of IP
nmlip/bi %d_%H%M%S.log services and Router/
n Switch/PTN/MSTP
+/RTN NEs.
Nml_nati Nml_vla Nml_nati None server/var/logs/ Nativeeth Service

veeth n veeth,ser Develop/Nml_vlan/ Manager. Provides
ver/nml/ Nml_vlan_%Y%m the end-to-end
nmlvlan/ %d_%H%M%S.* nativeeth
bin management.


Files Process/
and Services
Path
Nml_otn Nml_otn Nml_otn lic_agent server/var/logs/ OTN Network

,server/n ,sm_age Develop/Nml_otn/ Manager. Supports
ml/ nt,Nml_c Nml_otn_%Y%m end-to-end
nmlotn/b ommon %d_%H%M%S.* configuration of
in server/var/logs/ WDM services of
Develop/Nml_otn/ OCh, ODUk and
Nml_otn_wdmtrails Client levels.
earchlog*.*
Nml_sdh Nml_sdh Nml_sdh None server/var/logs/ SDH Network

,server/n Develop/Nml_sdh/ Manager. Supports
ml/ Nml_sdh_%Y%m end-to-end
nmlsdh/b %d_%H%M%S.* configuration of
in microwave services
and SDH services
of VC12, VC3,
VC4, and VC4-Xc
levels.
Nml_sdn Nml_sdn Nml_sdn None server/var/logs/ SDN Service

,server/n Develop/Nml_sdn/ Manager. Supports
ml/ Nml_sdn_%Y%m management of
nmlsdn/b %d_%H%M%S.log SDN services and
in Router/PTN NEs.
Nmslogz Nmslogz Nmslogz None server/var/logs/ Zip Server. Provides

ipDm ipDm ipDm,ser Develop/ the function of
ver/ NmslogzipDm/ compressing files.
common/ NmslogzipDm_unn
nmslogzi ormal.log
p/bin server/var/logs/
Develop/
NmslogzipDm/
NmslogzipDm_%y
%m%d%H%M
%S_unnormal.*
Notify_S Notify_S Notify_S None server/tao.trace CORBA

ervice ervice ervice,se Notification
rver/cbb/ Service(TAO).
nbi/ Provides Notify
nbicbb_3 Service for CORBA
p/ interface(TAO)
share/bin


Files Process/
and Services
Path
oams oams oams,ser None server/var/logs/ Optical fiber line

ver/tools/ Develop/oams/ Automatic
oamsserv oams_%y%m%d_ Monitoring System.
er/bin %H%M%S.* Monitor fiber
connect state.
OMCAg OMCAg ST_OM None server/var/logs/ OMC Service. This

ent ent CAgent,s Develop/nbi/omc/*. process provides the
erver/ * OMC NBI
platform/ management
sacscript/ service.
standalo
ne
PathVie PathVie PathVie None server/var/logs/ Visualized IP Trail.

werDm werDm werDm,s Develop/ Provides visualized
erver/ PathViewerDm/ IP service trails.
common/ PathViewerDm_%y
ip/ %m%d_%H%M
path/bin %S.*
phyinvd phyinvd java,serv None None Physical inventory

m m er/$ application.
{IMAP_ Physical inventory
JAVA_H application
OME}/bi
n
phyinvtc phyinvtc java,serv None None physical inventory

ollector ollector er/$ collector. physical
{IMAP_ inventory collector
JAVA_H
OME}/bi
n
PMData PMData ST_PM None None Remote Data

Receiver Receiver DataRec Receiver. This
eiver,ser process provides the
ver/ function of receive
platform/ performance data
sacscript/ that collected by
standalo other server to local
ne folder.


Files Process/
and Services
Path
PMData PMData PMData None /var/logs/Develop/ Performance Data

Refiner Refiner Refiner,s PMDataRefiner/ Refiner. This
erver/ PMDataRefiner_ process provides the
common/ %Y%m%d_%H function to generate
pms/bin %M%S.log big time-granularity
performance data
through aggregating
small time-
granularity
performance data.
PMData PMData PMData None None Remote Data

Synchro Synchro Synchro Synchronizer. This
nizer nizer nizer,ser process provides the
ver/ function of
common/ importing
pms/bin performance data
that collected by
other server.
PMRes PMRes PMRes None server/var/logs/ PM Resource

Mgr Mgr Mgr,serv Develop/ Management. This
er/ PMResMgr/ process provides the
common/ PMResMgr*.log function of resource
pms/bin management.
pms_coll pms_coll java,serv None server/var/logs/ PMS Collection

ector_pr ector_pr er/$ Develop/ Proxy Process.
oxy oxy {IMAP_ PMSCollectorProxy Provides the proxy
JAVA_H /*.log functions for
OME}/bi performance data
n collection.
PMSDm PMSDm PMSDm, None server/log/ Performance

server/ PMS*.log Service. This
common/ process provides the
pms/bin collector
management
function.


Files Process/
and Services
Path
PMSWe PMSWe com.hua None None Performance Web

b b wei.pms Service. Provide
web.fra web access to
mework_ browse performance
1.0.0,ser data
ver/
common/
pms/
pmsweb/
plugins/
com.hua
wei.pms
web.fra
mework_
1.0.0
PonAlar PonAlar java,serv None None PON Alarm TL1

mTL1G mTL1G er/$ NBI Gateway. This
W W {IMAP_ process provides
JAVA_H PON Alarm TL1
OME}/bi NBI Gateway
n service for Access
NE.
PonEms PonEms java,serv None None PON TL1 NBI

TL1GW TL1GW er/$ Gateway. This
JAVA_H PON TL1 NBI
OME}/bi Gateway service for
n Access NE.
porttrunk PortTrun imapPort None server/var/logs/ Port Trunk Service .

_agent kingServ TrunkSv iMAP.PortTrunkSer The port trunking
ice c,server/ vice.trace service is used to
platform/ server/var/logs/ have the ports of
bin mrblog/ independent
imapPortTrunkSvc_ services converge at
p9898_%y%m%d_ one port.
%H%M%S.log
profile profile profile,se mc server/var/logs/ Global Profile

rver/ Develop/profile/*_ Manager. Manages
common/ %y%m%d_%H%M profiles..
frame/ %S.*
profile/bi
n


Files Process/
and Services
Path
Provisio Provisio Provisio None server/var/logs/ Provision. This

n n n,server/ Develop/Provision/ process provides the
common/ Provision*.log function of manage
pms/bin monitor instance.
qbridge qbridge java,serv None var\logs\Devlog Message Bridge

er/ \qbridge Service. Message
base_ser forward and event
vice/ forward between
qbridge nodes
qbridge_ qbridge_ java,serv mc var/logs/Develop/ Event Bridge

event event er/$ qbridgeEvent Service. Distributed
{IMAP_ under, provide
JAVA_H cross-node event
OME}/bi forwarding function
n
QuickDi QuickDi QuickDi None None QuickDisplay.

splay splay splay,ser Provides
ver/ QuickDisplay web
common/ service.
ip/
quickdis
play/bin
QxColle QxColle QxColle None server/var/logs/ QxCollector. This

ctor ctor ctorDm,s Develop/ process provides the
erver/ QxCollector_ function of
common/ $procHandle/ collecting
transqxc QxCollectorDm*.lo performance data
ollector/ g through Qx.
bin
ReportSe ReportSe java,serv None None Access Report

rvice rvice er/$ Service. This
JAVA_H statistics and
OME}/bi reporting
n capabilities for
access business.


Files Process/
and Services
Path
Resource None Resource None var/logs/ Daemon

Monitor Monitor, iMAP.resourcemoni Process(Resource
server/ tor.trace Monitor). This
platform/ process is a
bin resource monitoring
agent used to
monitor resources.
This process must
be deployed on
nodes whose
resources are to be
monitored. This
process is a daemon
process. It is not
monitored by the
System Monitor.
restagent RestAge None,ser sm_agen None REST Service. This

nt ver/nbi/ t process provides the
rest/bin REST NBI
management service
RouterM RouterM RouterM None server/var/logs/ Router NE

grDm grDm grDm,ser Develop/ Management.
ver/ RouterMgrDm/ Manages Quidway
nemgr/ RouterMgrDm_%y routers.
nemgr_r %m%d_%H%M
outer/ %S.*
routermg
r/bin
ScriptMo ScriptMo None,No None None The script module

duleServ duleServ ne agent services.
ice_agen ice Manages reference
t program
secdevre secdevre secdevre None server/var/logs/ Security Device

gdm gdm gdm,serv Develop/ Register Manager.
er/vsm/ secdevregdm/ Security Device
seccomm secdevregdm_%y Register Manager
/ %m%d_%H%M
secdevre %S.*
g/bin


Files Process/
and Services
Path
secpolicy secpolicy secpolicy None server/var/logs/ Policy Manager.

mgr mgr mgr,serv Develop/ This process
er/vsm/ secpolicymgr/ provides the
secpolicy secpolicymgr_%y functions such as
mgr/bin %m%d_%H%M centralized policy
%S.* configuration and
attack defense
configuration.
Security Security Security None server/var/logs/ Security NE

MgrDm MgrDm MgrDm, Develop/ Manager. This
server/ SecurityMgrDm_18 process provides the
nemgr/ 0/SecurityMgrDm_ function of
nemgr_s %y%m%d_%H%M managing FW/USG,
ecuritym %S.* SIG, and SVN
gr/bin series security
equipment.
secvpnm secvpnm secvpnm None server/var/logs/ VPN Manager. This

gr gr gr,server/ Develop/ process provides the
vsm/ secvpnmgr/ IPSec/L2TP VPN
secvpnm secvpnmgr_%y%m management
gr/bin %d_%H%M%S.* function.
sm_agen Security sm_agen None iMAP.sm_agent.trac Security Process.

t Service t,server/ e Provides the
platform/ functions of
bin managing network
management system
(NMS) users, NMS
user rights, and NE
user rights.
smldap_ SMLDA smldap_ sm_agen None SMLDAPService.

agent PService agent,ser t Provides the LDAP
ver/ northbound
platform/ interfaces for
bin managing OSS
accounts.
snmpage SnmpAg ST_SN Security server/var/logs/nbi/ SNMP Northbound

nt ent MPAgen Service snmp/ Interface. Provides
t,server/ SnmpAgent*.log the northbound
platform/ server/var/logs/nbi/ interface which
sacscript/ snmp/ adopts the SNMP
standalo SnmpAgent*.zip protocol.
ne


Files Process/
and Services
Path
SNMPC SNMPC SNMPC None server/var/logs/ SNMPCollector.

ollector ollector ollectorD Develop/ This process
m,server/ SNMPCollector_ provides the
common/ $procHandle/ function of
snmpcoll SNMPCollectorDm collecting
ector/bin *.log performance data
through SNMP.
SNMPC SNMPC SNMPC None server/log/ SNMP Collector.

ollectorD ollectorD ollectorD SNMPCollector*.lo This process
m m m,server/ g provides the
common/ function of
pmscolle collecting
ctor/bin performance data
through SNMP.
SNMPSe SNMPSe SNMPSe None None SNMP Service

rver rver rver,serv (H3C). Forwards
er/ SNMP services for
common/ H3C switches.
ip/
base/bin
StdCltsi StdCltsi StdCltsi BmsTest server/var/logs/ Access 112 Test .

Dm Dm Dm,serv Develop/ This process
er/ StdCltsiDm/ provides the 112
common/ StdCltsiDm_%y%m test.
access_c %d_%H%M%S.*
ommon/ server/var/logs/
std112/bi Develop/
n StdCltsiDm/
BootLog_%y%m
%d_%H%M%S.*
server/var/logs/
mrblog/
iMAPBase_p88_%y
%m%d_%H%M
%S.*


Files Process/
and Services
Path
SysGuar SysGuar java,serv None server/var/logs/ NMS System

d d er/ Develop/sysguard/ Guard. proactively
$IMAP_ sysguard-%y%m monitors the
JAVA_H %d-%H%M%S.* running
OME/bin environment of the
/ U2000 and provides
exception
notifications
through functions,
such as U2000
alarms, maintenance
task notifications,
and security running
suggestions.
SyslogC SyslogC SyslogC None server/var/logs/ System Log

ollectorD ollectorD ollectorD mrblog/ Collector. This
M M M,server SyslogCollectorDm process provides the
/ _p3021_%y%m function of
common/ %d_%H%M%S.log collecting NE
syslog/bi operation and
n running log data,
and managing files.
TCAAlar TCAAlar TCAAlar None server/var/logs/ TCAAlarmProcesso

mProces mProces mProces Develop/ r. This process
sor sor sor,None TCAAlarmProcesso provides the
r/alarmprocessor.log function of
threshold cross
alarm.


Files Process/
and Services
Path
textagent textagent textagent None server/var/logs/ Text Service. This

,server/n Develop/nbi/ process provides the
bi/ textagent/ Text NBI
text/bin text_debug-%y.%m. management
%d-%H.%M.%S.* service.
server/var/logs/
Develop/nbi/
textagent/
communicate_text-
%y.%m.%d-%H.
%M.%S.*
server/var/logs/
Develop/nbi/
textagent/
domain_debug_text
-%y.%m.%d-%H.
%M.%S.*
server/var/logs/
Develop/nbi/
textagent/
uflight_text-%y.
%m.%d-%H.%M.
%S.*
tl1_transl tl1_transl None,ser None None tl1_translator.

ator ator ver/ Provides the TL1
server/ NBI integration and
common/ interface conversion
nbi_trans functions for the
lator/ OSS.
tl1_transl
ator
TL1Age TL1Age java,serv None None TL1 Agent.

nt nt er/$ Supports network
{IMAP_ managent for
JAVA_H Access NBI
OME}/bi Gateway.
n
TL1GW TL1GW java,serv None None TL1 NBI Gateway.

er/$ This process
{IMAP_ provides TL1 NBI
JAVA_H Gateway service for
OME}/bi Access NE.
n


Files Process/
and Services
Path
TL1NBi TL1NBi TL1NBi lic_agent server/var/logs/ TL1NBiDm

Dm Dm Dm,serv ,mc Develop/ Process. This
er/ TL1NBiDm/ process provides
nemgr/ TL1NBiDm_%y TL1 NBI
nemgr_a %m%d_%H%M Management
ccess/bin %S.* service.
server/var/logs/
Develop/
TL1NBiDm/
BootLog_%y%m
%d_%H%M%S.*
server/var/logs/
mrblog/
iMAPBase_p47_%y
%m%d_%H%M
%S.*
server/var/logs/
mrblog/
iMAPMrb_p2_%y
%m%d_%H%M
%S.*
TMF615 TMF615 ST_TMF sm_agen server/var/logs/nbi/ TMF615

Agent Agent 615Agen t tmf615/ NorthBound
t,server/ TMF615Agent*.log interface. Provides
platform/ server/var/logs/nbi/ the TMF615
sacscript/ tmf615/ northbound
standalo TMF615Agent*.zip interface which
ne adopts the SOAP
protocol.
tomcat tomcat tomcat,s None common/Tomcat/ Tomcat Service.

erver/ logs/*.%y-%m- This process
3rdTools %d.log provides Web
/ services.
tomcat/bi
n
toolkit ToolkitS toolkit,se None server/var/logs/ Toolkit. This

ervice rver/ Develop/DCServer/ process provides the
common/ tkserver_log/ service of upgrading
toolkit/ debug*.log boardlevel
server transmission
equipment.


Files Process/
and Services
Path
TransGnl TransGnl TransGnl None server/var/logs/ Transmit General

DevDm DevDm DevDm, Develop/ Device Process.
server/$ uflight_transgnldev Provides the
{IMAP_ dm_*/*-%y%m%d_ function of
JAVA_H %H%M%S.* managing third-
OME}/bi party NEs.
n
Transit Transit Transit,s None server/var/logs/ Transit. This

erver/ Develop/Transit/ process provides the
common/ Transit*.log function of
pms/bin performance data
bus.
TransNm TransNm TransNm None server/var/logs/ Transmit NM

Common Common Common Develop/ Common Service.
,server/ TransNmCommon/ This process
common/ TransNmCommon_ provides the
TransNm %y%m%d_%H%M function of multi-
Common %S.* NE management,
/bin/ such as alarm
TransNm template and script
Common management.
transprox transprox transprox None server/var/logs/ transproxy. Provides

y y y,server/ Develop/transproxy the proxy function
common/ for NE Software
sbi/ Management to
transprox communicate with
y/bin trans NEs.
trapdispa trapdispa trapdispa None server/var/logs/ Trap Dispatcher.

tcher tcher tcher,ser iMAP.TrapDispatch Receives and
ver/ er.trace dispatches traps.
common/ server/var/logs/
trapdispa mrblog/
tcher/bin iMAPBase_p45445
_%y%m%d_%H
%M%S.log


Files Process/
and Services
Path
trapr_age TrapRec EmfTrap FaultSer var/logs/ Trap Receiver

nt eiver Receiver, vice iMAP.EmfTrapRece Process. Receives
server/ iver*.trace traps that are sent to
common/ var/logs/mrblog/ the server over
traprecei iMAPTrapReceiver SNMP.
ver/bin _p10000_r*_YYYY
MMDD_hhmmss.lo
g
TrapTran TrapTran TrapTran None server/var/logs/ Access Trap

sProxy sProxy sProxy,s Develop/ Transfer Proxy
erver/ TrapTransferProxy/ Service. This
nemgr/ TrapTransProxy_ process provides
nemgr_a %y%m%d_%H%M trap transfer proxy
ccess/bin %S.* management
server/var/logs/ service.
Develop/
TrapTransferProxy/
BootLog_%y%m
%d_%H%M%S.*
TXTNBI TXTNBI TXTNBI None server/log/ Text Export. This

Dm Dm Dm,serv TXTNBI*.log process provides the
er/ NBI function. It is
common/ used to transmit
pms/bin performance data in
the text format
through FTP.
uflight_d uflight_d java,serv None server/var/logs/ Java Application

ispatcher ispatcher er/$ Develog/ Server Dispatcher.
{IMAP_ uflight_dispatcher/ Dispatches UFlight
JAVA_H dispatcher-%y%m web requests.
OME}/bi %d_%H%M%S.log
n/java
ulogagen ulogagen java,serv None var\logs\Devlog Debug log collector.

t t er/$ \ulogagent This process collect
{IMAP_ debug log and
JAVA_H upload to backup
OME}/bi node
n


Files Process/
and Services
Path
ulogservi ulogservi java,serv None None Debug log collector

ce ce er/$ service. Only used
{IMAP_ in distributed mode.
JAVA_H Deployed in the
OME}/bi backup node,
n collect debug log
for all nodes.
uniep_al uniep_al None,No None None uniep_alarm.

arm arm ne monitor virtual
machine alarm.
UniteUitl UniteUitl UniteUitl lic_agent server/var/logs/ United Manager.

DM DM DM,serv Develop/ Provides basic
er/ UniteUitlDM/ functions for the
common/ UniteUitlDM_%y inter-domain NMS,
unitedmg %m%d_%H%M such as importing
r/bin %S.* and exporting
scripts, managing
NE time,
synchronizing NEs,
and managing NE
objects.
UTraffic UTraffic java,serv None None UTraffic adapter.

Adapter Adapter er/$ Support data
{IMAP_ adapter interface
JAVA_H Between the U2000
OME}/bi and UTraffic
n/java
VmfDiag VmfDiag VmfDiag None server/var/logs/ Router (V8) NE

,server/ Develop/VmfDiag/ Test and Diagnosis.
nemgr/ VmfDiag_%y%m Provides diagnosis
nemgr_v %d_%H%M%S.* functions for VRP
mf/bin V8 routers.
xmlagent XMLAg ST_XM Security server/var/logs/ XML Northbound

ent LAgent,s Service Develop/nbi/ Interface. Provides
erver/ xmlagent/ the northbound
platform/ frame*.log interface which
sacscript/ server/var/logs/ adopts the SOAP
standalo Develop/nbi/ protocol.
ne xmlagent/
frame*.zip


Files Process/
and Services
Path
XmlSoap XmlSoap java,serv None None XML1.0 Agent.

Agent Agent er/$ Supports network
{IMAP_ managent for
JAVA_H Access XML1.0
OME}/bi NBI Gateway.
n
XmlSoap XmlSoap java,serv None None XML1.0 NBI

GW GW er/$ Gateway. This
JAVA_H XML1.0 NBI
OME}/bi Gateway service for
n Access NE.
10.2 Logging In to the System Monitor Client

The U2000 system monitor client adopts the client/server architecture. Before performing
operations on the client, you need to log in to the server on the client.
Context
l The default port number of the server is 31080. You are advised not to change the port
number. Otherwise, you cannot log in to the U2000 server.
l The login modes include the Secure Sockets Layer (SSL) mode and the common mode.
In SSL mode, data is encrypted when being transmitted between the client and the server.
In common mode, data is not encrypted during transmission. To ensure the security of
data transmission, you are advised to use the SSL mode.
l The port used for login in common mode is different from that in SSL mode. The port
number is 31030 in common mode and 31080 in SSL mode.
l By default, if you are not an admin user and you do not log in to the U2000 system
monitor client for more than 60 days, your account automatically enters the suspend
state.
l If you never use an account for login after creating it, the U2000 does not suspend or
delete the account.
l If a user logs in to the same server through multiple system monitor clients, and the
number of online accounts of the user on the server exceeds the value of Maximum
number of online users for the user, the current login fails. (Existing sessions of the
server that the user has logged in to are not affected.) To continue the login, contact the
system administrator to change the value of Maximum number of online users for the
user. For details on how to change the value of Maximum number of online users, see
Setting the Maximum Number of Sessions in U2000 Help.

Procedure
Step 1 Double-click the shortcut icon on the desktop to start the system monitor client.
Step 2 In the Login dialog box, select an IP address or host name from the Server drop-down list to
specify a server.
If the list does not contain a server, perform the following steps:
1. Click next to the Server drop-down list.

2. In the Server List dialog box, click Add.
3. In the Add Server Information dialog box, set Name and Server name(or IP
address), and then select a login mode. Click OK.
4. In the Server List dialog box, click OK.
Step 3 In the Login dialog box, enter the user name and password.
The user name and password are the same as those used for logging in to the U2000 client.
Step 4 Click Login.

l If you attempt to connect to the server in a non-SSL mode, the client displays a dialog
box indicating security risks.
– If you want to continue the connection, click Yes. If you do not want the client to
display the dialog box again upon subsequent logins, select Do not remind me
next time.
NOTE
The IP address of the server being connected is saved to the SysComServer.dat file in
Client installation directory\client\client\plugins\loginui\style\conf\loginui. Therefore, the
Do not remind me next time settings apply only to the connected server. If you want the
client to display the dialog box that indicates the security risks upon subsequent logins,
delete the SysComServer.dat file.
– If you want to terminate the connection, click No. The Login dialog box is
displayed. You can select the matched communication mode.
l If the client does not trust the server, you need to determine whether the server is reliable
using the server certificate.
– If you confirm that the server is reliable, click Yes and log in to the client. If you do
not want the system to display the dialog box again, click Import Certificate to
add the server certificate to the trust certificate list.
After adding the server certificate, run Client installation directory\client\client
\bin\CertConfigurator.batClient installation directory\client\notify\bin
\CertConfigurator.batClient installation directory\client\client\bin
\CertConfigurator.bat to start the Certificate Configuration tool and click the
TrustCertificate tab page to manage the deployed certificate.
– If you confirm that the server is not reliable, click No to return to the Login dialog
box and contact the system administrator to process the issue.
For details, see How Do I Handle the Server Authentication Dialog Box Displayed When
Logging In to a Client?How Do I Handle the Server Authentication Dialog Box
Displayed When Logging In to a Client? in the online help.
----End

10.3 Setting the Monitoring Parameters

You can set parameters for server monitoring, hard disk monitoring, database monitoring, and
service monitoring. When a threshold is reached, the U2000 generates an alarm.
10.3.1 Setting the Parameters for Monitoring the U2000 Server

You can set the server monitoring parameters to monitor the performance of the U2000 server,
including the CPU usage and memory usage. This helps you to identify and handle
performance exceptions in time, ensuring efficient running of the U2000 server. When the
CPU usage or memory usage reaches the specified threshold, the U2000 client receives an
alarm.
Context
l The parameter Server usage sampling interval indicates the sampling interval. The
CPU and memory usage is sampled at the specified interval.
l CPU overload indicates that the CPU usage is higher than or equal to the alarm
generation threshold.
l If the CPU usage sampled each time is higher than or equal to the alarm generation
threshold, the CPU is continuously overloaded. In this case, the number of continuous
CPU overload times is equal to that of continuous sampling times.
Procedure
Step 1 Log in to the system monitor client.
Step 2 Choose System > System Monitor > Settings from the main menu (application style).
Step 3 Choose Administration > Settings from the main menu.
Step 4 In the System Monitor Settings dialog box, click the Server Monitor tab.
The following figure shows the setting interface of the server running Solaris or SUSE Linux.

The following figure shows the setting interface of the server running Windows.

Step 5 On the Server Monitor tab, set the required parameters.

The default value of Alarm Generation Threshold and Alarm Clearance Threshold, both
parameters for Swap memory usage, are 95 and 85, respectively. You are advised to use the
default values. You can perform the following operations to change their values.
1. Run the following command to view the value of Total Physical Memory.
$ cat /proc/meminfo | grep MemTotal
$ prtdiag -v | grep 'Memory size'
2. Run the following command to view the swap space size.
$ cat /proc/meminfo | grep SwapTotal

$ swap -l | awk '{ print $4 }'

3. Use the following formulas to calculate the values of Alarm Generation Threshold and
Alarm Clearance Threshold. The parameter value is the calculation result rounded up
to an integer. For example, if the calculation result is 66.3, the parameter value is 67.
– Alarm generation threshold = (Total physical memory + 0.7 x Swap space size) /
(Total physical memory + Swap space size)
– Alarm clearance threshold = (Total physical memory + 0.6 x Swap space size) /
NOTE
In the formulas calculating the values of Alarm Generation Threshold and Alarm Clearance
Threshold, the unit of Total Physical Memory and that of the swap space must be the same.
– 1MB = 1024kB
– 1blocks = 0.5kB
On SUSE Linux, the default value of Alarm Generation Threshold and Alarm Clearance
Threshold, both parameters for Swap memory usage, are 95 and 85, respectively. You are
advised to use the default values. You can perform the following operations to change their
values.
$ cat /proc/meminfo | grep MemTotal
$ cat /proc/meminfo | grep SwapTotal
On Solaris, the default value of Alarm Generation Threshold and Alarm Clearance
Threshold, both parameters for Swap memory usage, are 95 and 85, respectively. You are
advised to use the default values. You can perform the following operations to change their
values.
$ prtdiag -v | grep 'Memory size'
$ swap -l | awk '{ print $4 }'

NOTE
In the formulas calculating the values of Alarm Generation Threshold and Alarm Clearance
Threshold, the unit of Total Physical Memory and that of the swap space must be the same.
– 1MB = 1024kB
– 1blocks = 0.5kB
Step 6 Click OK.
----End
Result
l If the number of consecutive times that the CPU is overloaded reaches the value
specified by Max. consecutive CPU overloads for alarm, a high CPU usage alarm is
generated. When the CPU usage sampled is lower than the alarm clearance threshold, the
high CPU usage alarm is cleared.
l On Windows, when the memory usage is higher than or equal to the alarm generation
threshold, a high memory usage alarm is generated. When the memory usage is lower
than the alarm clearance threshold, the high memory usage alarm is cleared.
l On Solaris or SUSE Linux, when the swap memory usage is higher than or equal to the
alarm generation threshold, a high swap usage alarm is generated. When the swap
memory usage is lower than the alarm clearance threshold, the high swap usage alarm is
cleared.
l When a high usage alarm is generated, the icon in the CPU Usage, Memory Usage
(Windows), or Swap Memory Usage (Solaris or SUSE Linux) column changes from
to on the Server Monitor tab of the System Monitor Browser window. If you have
enabled the function of displaying pop-up messages, you will receive messages on the
status bar of the client, prompting you of performance exceptions.
10.3.2 Setting the Parameters for Monitoring the Disk Usage of

the U2000 Server
You can set the disk monitoring parameters to monitor the disk usage of the U2000 server.
This helps you to identify and handle insufficiency issues of the disk space in time, thereby
preventing service exceptions. When the disk usage reaches the specified threshold, the
U2000 client receives a high disk usage alarm. You can also specify whether to display pop-
up messages on the client.
Procedure
Step 4 In the System Monitor Settings dialog box, click the Hard Disk Monitor tab.

Step 5 On the Hard Disk Monitor tab, set Hard disk usage sampling interval, Alarm Generation
Threshold, and Alarm Clearance Threshold.
l Under the Default node, set default values shared by all hard disks. Click + before
Default, and then set the thresholds for generating and clearing alarms of each severity.
The threshold specified for generating alarms of a low severity must be smaller than that
for generating alarms of a high severity.
l Under the Custom node, set values specific to a hard disk. Expand Custom and click +
before the server name. You will find that all disks use the default thresholds. To specify
other values for a disk, click + before the disk name, and then click the cell next to the

disk name. In the drop-down list, select Customize value. Now, the threshold for
generating alarms of each severity can be changed. To change a threshold, in the text box
next to the desired alarm severity, enter a value. If you do not want to receive alarms of a
disk, select Disable alarm generation from the drop-down list next to the disk name.
Step 6 Optional: Expand Custom and click + before the server name. Then the disk names are
displayed. In the Show Pop-Up Message column, select Yes or No from the drop-down list
next to the desired disk name.
Step 7 Click OK.
----End
Result
l When the hard disk space usage reaches the threshold for generating an alarm of a
certain severity, the corresponding alarm is generated. When the usage reaches the
threshold for generating an alarm of a higher severity, the alarm of the higher severity is
generated and the existing alarm of a lower severity is automatically cleared. When the
usage is lower than a threshold for clearing alarms of a severity, the alarm of this severity
is cleared.
l When a high disk usage alarm is generated, the icon in the Status column changes from
to on the Hard Disk Monitor tab of the System Monitor Browser window. If you
enable the function of displaying pop-up messages, the message The hard disk
partition is abnormal is displayed on the status bar of the client.
10.3.3 Setting the Parameters for Monitoring the Database Usage

of the U2000 Server
You can set the database monitoring parameters to monitor the U2000 database usage. This
helps you to identify and handle insufficiency issues of the database space in time, thereby
preventing service exceptions. When the database usage of the U2000 server reaches the
specified threshold, the U2000 client receives a high database usage alarm.
Procedure
Step 4 In the System Monitor Settings dialog box, click the Database Monitor tab.

Step 5 On the Database Monitor tab, set Database usage sampling interval and the alarm
generation thresholds.
l Under the Default node, set default values shared by all databases. Click + before
Default, and then set the thresholds for generating alarms of each severity. The threshold
specified for generating alarms of a low severity must be smaller than that for generating
alarms of a high severity.
l Under the Custom node, set values specific to a database. Expand Custom, and click +
before the server name and database instance name. You will find that all databases use
the default thresholds. To specify other values for a database, click + before the database

name, and then click the cell next to the database name. In the drop-down list, select
Customize value. Now, the threshold for generating alarms of each severity can be
changed. To change a threshold, in the text box next to the desired alarm severity, enter a
value. If you do not want to monitor the usage of a database, select Disabled
Monitoring from the drop-down list next to the database name.
Step 6 After the setting, click OK.
----End
Result
l When the database usage of the U2000 server reaches the threshold for generating an
alarm of a certain severity, the corresponding alarm is generated. When the usage
reaches the threshold for generating an alarm of a higher severity, the alarm of the higher
severity is generated and the existing alarm of a lower severity is automatically cleared.
When the usage is smaller than the threshold, the corresponding clear alarm is generated.
l When the condition for generating a high database usage alarm is met, the icon in the
Status column changes from to on the Database Monitor tab of the System
Monitor Browser window.
10.3.4 Setting the Parameters for Monitoring the Service Status of

the U2000 Server
This topic describes the parameters for monitoring the service status. Users can set the
monitor frequency and specify whether to show the pop-up message as required. This helps
users learn about the service status, and identify and rectify faults in a timely manner,
ensuring proper running of the services on the U2000 server.Users can set the frequencies for
monitoring services as required, which is more flexible for users to monitor the services on
the U2000 server.
Procedure
Step 4 In the System Monitor Settings dialog box, click the Service Monitor tab.

Step 5 On the Service Monitor tab, set Service status sampling interval and specify whether to
display pop-up messages.
Step 6 Click OK.
----End
Result
l The information displayed on the Service Monitor tab of the System Monitor Browser
window is refreshed at the specified interval.

l If you enable the function of display pop-up messages for some services, a status
indicator is displayed on the status bar in the lower-right corner of the client. When all of
these services are running, the status indicator turns green. When one or some of these
services is stopped, the status indicator turns red and a pop-up message is displayed.
The information displayed on the Service Monitor tab of the System Monitor Browser
window is refreshed at the specified interval.
10.4 Monitoring the Running Status of the U2000

This topic describes how to monitor the status of the U2000 server. This facilitates you to
view the statuses of the processes, databases, performance, and hard disks of the U2000 server
in the centralized mode.
Monitoring the Service Status

You can monitor the service status of the U2000 server to easily view information about the
services in the centralized mode. You can start or stop a service and set the startup mode of a
service.
To monitor the service status, proceed as follows:
1. Log in to the System Monitor.

2. Click the Service Monitor tab to list the details of all the services that can be monitored.
3. Select one or more services, right-click, and choose the relevant menus for relevant
operations. The specific menus and their functions are described as follows:
NOTE
Note that you can view the details of only one service each time.
– Refresh: It is used to refresh the information about the selected services.
– Start the Service: It is used to start the selected services that are not started.
– Stop the Service: It is used to stop the selected services.
– Startup Mode: It is used to set the required startup modes for the selected services,
including Automatic, Manual, and Disabled.
– Details: It is used to view the details of the services.
Monitoring the Process Status

You can monitor the process status of the U2000 server to easily view information about the
processes in the centralized mode. You can start or stop a process and set the startup mode of
a process.
To monitor the process status, proceed as follows:

2. Click the Process Monitor tab to list the details of all the processes that can be
monitored.
3. Select one process, right-click, and choose Refresh to refresh the selected process
information.

Monitoring the Disk Status

You can monitor the disk status to easily obtain the usage rate and remaining space of the
disk.
When the hard disk usage of the server exceeds the preset alarm threshold, the system monitor
server sends the relevant alarm to the server. In addition, the record on the System Monitor
turns red.
To monitor the disk status, proceed as follows:
2. Click the Hard Disk Monitor tab to list the hard disk information about the server.
3. Select one record, right-click, and choose Refresh to refresh the selected hard disk
information.
Monitoring the Database Status

You can monitor the database status to obtain the data space, log space, and backup of the
server in the centralized mode.
When the database usage exceeds the preset alarm threshold, the U2000 generates an alarm.
In addition, the record on the System Monitor turns red.
To monitor the database status, proceed as follows:
2. Click the Database Monitor tab to list the details of all the databases that can be
managed.
3. Select one databases, right-click, and choose the relevant menus for relevant operations,
as shown in the following:
Refresh: It is used to refresh the information about the selected databases.
Monitoring the Resource Status

You can monitor the resource status to easily obtain the CPU occupancy, physical memory,
used memory, and free memory of the server.
To monitor the resource status, proceed as follows:
2. Click the Server Monitor tab to list the information about the OS that runs on the server.
3. Select one record, right-click, and choose Refresh to refresh the information about the
selected system resources.
Monitoring the U2000 Component Status

You can monitor the component status to easily obtain the name and version of the
components.
To monitor the components status, proceed as follows:
2. Click the Component Information tab to list the U2000 components information.

3. Select one record, right-click, and choose Refresh to refresh the selected components
information.
Monitoring the Log Status

You can monitor the log status to easily obtain the operation time, client, and result.
To monitor the log status, proceed as follows:

2. Click the Operation Logs tab to list the details of all the logs.
3. Select one log, right-click, and choose the relevant menus for relevant operations, as
shown in the following:
– Refresh: It is used to refresh the information about the selected logs.
– Details: It is used to view the details of the logs.
10.5 Starting and Stopping a Service

If a U2000 service fails to start, you need to manually start it. When rectifying a fault, you
may have to manually start or stop a service. This topic describes how to start and stop a
U2000 service.
Prerequisites
Other services that depend on the service to be stopped must be stopped.
Context
l When Start Mode is set to Disabled, the services cannot be started automatically or
manually.
l When the system starts, the services in automatic start mode start automatically.
l The system does not automatically start the manually stopped service.
NOTICE
Stopping a service affects the functions of the U2000. Therefore, perform this operation with
caution.
Procedure
Step 1 On the System Monitor, click the Service Monitor tab.
Step 2 Select a service, right-click, and choose Start Service or Stop Service.
----End

10.6 Setting the Startup Mode of a Service

This topic describes how to set the three startup modes of U2000 services, including
Automatic, Manual, and Disabled.
Context
l Automatic: When a service stops due to a fault, the U2000 automatically attempts to start
the service.
l Manual: starts the service manually after the U2000 is restarted.
l Disabled: You can manually set the startup mode of a stopped service to Disabled.
Procedure
Step 2 In the main window, select the Service Monitor tab.
Step 3 On the Service Monitor tab page, right-click a service record and choose a submenu of
Startup Mode.
NOTE
You can set Startup Mode to Disabled only for services that have been stopped.
----End

Administrator Guide 11 Common Veritas Operations
11 Common Veritas Operations
About This Chapter
This topic describes how to use the Veritas Cluster Server (VCS) tool, and Veritas commands
to view the server status, perform the switchover, and manage and maintain objects such as
resource groups, resources, and replication volumes.
11.1 HA System Status Overview
Based on the primary and secondary site faults, the U2000 HA system (Veritas hot standby)
has different status. This topic describes the status.
11.2 Principle of HA System Status Conversion
The HA system status changes along with fault occurrence and rectification. This topic
describes the principle of common HA system status conversion.
11.3 Causes of Failover on an HA System
This topic describes the causes of failover on an HA system. If the primary site does not
function properly, services are automatically switched to the secondary site and the secondary
site takes over the monitoring and management of networks. This ensures service protection.
11.4 Restrictions on Using a High Availability System
This topic describes the restrictions on using a high availability system. Some improper
operations lead to high availability system failures.
11.5 Managing Resource Groups
This topic describes how to manage resource groups using commands for routine maintenance
on resource groups.
11.6 Managing Resources
This topic describes how to manage resources in resource groups using commands for routine
maintenance on resources.
11.7 Managing Replication Volumes
This topic describes how to manage replication volumes using commands.
11.8 Manual Switchover Between Active and Standby Sites
This topic describes how to manually switch over the U2000 applications from the active site
to the standby site and then from the standby site to the active site. In this way, you can check
the system reliability and maintain the system.

11.1 HA System Status Overview

Based on the primary and secondary site faults, the U2000 HA system (Veritas hot standby)
has different status. This topic describes the status.
Table 11-1 HA system status

System Status Remarks
Status of
Primar
y and
Second
ary
Sites
Normal The The AppService application runs on the primary site, the heartbeat
state primary connection is normal, the replication is from the primary site to the
site secondary site, and the secondary site works to protect the primary
works site.
properly
.
The
seconda
ry site
works
properly
.
Fault The The AppService application runs on the secondary site. The status
switchin primary details are as follows:
g state site is l Resource fault on the primary site: The heartbeat connection is
faulty. normal and the replication is from the secondary site to the
The primary site.
seconda l Primary site failure: The heartbeat connection is torn down and
ry site the replication is interrupted.
works
properly
.
Primary- The The AppService application runs on both the primary and secondary
primary primary sites. The heartbeat connection is torn down and the replication is
state site interrupted. This status is usually caused by a communication
works failure between the primary and secondary sites. The two sites may
properly force each other to log out of a transport NE.
.
The
seconda
ry site
works
properly
.

System Status Remarks

Status of
Primar
y and
Second
ary
Sites
Recovery One site The status details are as follows:

state works l If the status is caused by a network disconnection, the
properly AppService application runs on the primary site, the heartbeat
. connection between the primary and secondary sites is normal,
The and no data is being replicated after the network fault is
other rectified.
site is to l If the status is caused by a primary site failure, the AppService
be application runs on the secondary site, the heartbeat connection
troubles between the primary and secondary sites is normal, and no data
hot. is being replicated after the primary site fault is rectified.
Protectio The The AppService application runs on the primary site, and the
n failure primary secondary site does not work to protect the primary site. The status
state site details are as follows:
works l If the status occurs because the sources on the secondary site are
properly faulty or the resource groups on the primary and secondary sites
. are frozen, the heartbeat connection is normal and the replication
The is from the primary site to the secondary site.
seconda l If the status is caused by a secondary site failure, the heartbeat
ry site is connection is torn down and the replication is interrupted.
faulty.
l If the status occurs because the SRL data exceeds the threshold,
the heartbeat connection is normal, the replication is from the
primary site to the secondary site, and data is not being
replicated.
System The Both the primary and secondary sites are faulty, no AppService
failure primary application runs, the heartbeat connection is torn down, and the
state site is replication is interrupted.
faulty.
The
seconda
ry site is
faulty.
11.2 Principle of HA System Status Conversion

The HA system status changes along with fault occurrence and rectification. This topic
describes the principle of common HA system status conversion.
NOTE
Read 11.1 HA System Status Overview before this topic.

If the HA system is in Normal state, the primary site acts as the active site, the secondary site
acts as the standby site, and the U2000 runs on the primary site. Figure 11-1 shows the
conversion relationship between HA system status.
Figure 11-1 Conversion relationship between HA system status
Table 11-2 shows the conversion relationship between and trigger factors for HA system
status.
NOTE
l ←→ indicates that two status can be converted to each other.

l → indicates that only unidirectional conversion is available for two status.
Table 11-2 Status conversion relationship

No. Status Conversion Conversion Reason
(1) Normal state←→Fault The resource on the primary site is faulty.

switching state
(2) Normal state→Fault The primary site is powered off abnormally,

switching state has a hardware fault, or is broken down.
(3) Fault switching After the primary site fault is rectified, the HA
state→Recovery state system enters the Recovery state.

No. Status Conversion Conversion Reason
(4) Normal state →Primary- The communication between the primary and
primary state secondary site has stopped for more than about
600 seconds.
NOTE
For Solaris HA system, if a separate heartbeat
network and a separate replication network have
been configured, the heartbeat between the primary
and secondary sites uses the replication network if
the communication on the heartbeat network is
interrupted. In this scenario, the HA system status
changes from Normal state to Primary-primary state
only if the communication on both the heartbeat and
replication networks has been stopped for more than
about 600 seconds.
(5) Primary-primary After the DCN fault between the primary and
state→Recovery state secondary site is rectified, the HA system
enters the Recovery state.
(6) Recovery state→Normal The Force Active of Local Site operation is

state performed manually.
(7) Normal state←→ l The resource on the secondary site is faulty.

Protection failure state l The secondary site fails.
l The resource groups on the primary and
secondary sites are frozen.
l The SRL data exceeds the threshold.
(8) Protection failure l The resource on the primary site is faulty.

state→System failure state l The primary site fails.
(9) Fault switching l The resource on the secondary site is faulty.

state→System failure state l The secondary site fails.
(10) Recovery state→System l The resource on the primary site is faulty.

failure state l The primary site fails.
11.3 Causes of Failover on an HA System

This topic describes the causes of failover on an HA system. If the primary site does not
function properly, services are automatically switched to the secondary site and the secondary
site takes over the monitoring and management of networks. This ensures service protection.
Generally, the causes of a failover on an HA system are as follows:
NOTE
An automatic switching is triggered if the HA system is in the Normal state and one of the following
conditions is met. If the HA system is not in the Normal state, an automatic switching is not triggered
even if the following conditions are met.

NOTICE
l After the switching, the U2000 may not receive alarms. It is recommended that the client
be reconnected and the primary site be configured on the U2000 again based on the the
primary site's IP address after switching.
l After the switching, the FTP account may be unavailable. You are advised to reconnect the
client and server. To reconfigure the FTP account, including the sever IP address, user
name, and password, choose Administrator > Settings > FTP Account Information
Management from the main menu.
l Cause 1: A resource in the AppService resource group does not function properly. After
the failover is complete, the HA system enters the Fault switching state.
NOTE
l If you manually stop the following resources, the HA system switchover is not triggered.
l BackupServer is used to monitor the backup database server process. If the backup database
server is faulty, the HA system switchover is not triggered.
Table 11-3 Resources in the AppService resource group

Resource Description
Name
NMSServer Used to monitor key U2000 processes. If a key U2000 process

does not function properly, the U2000 automatically restart the
process for three times. If three attempts fail, a failover occurs on
the HA system. The HA system supports only the method of
viewing non-key processes.
NOTE
To view non-key processes in standard mode and maximum mode, run the
following command:
$ cd /opt/oss/engr/OSSApp/process
To view non-key processes in standard mode, run the following command:
$ cat process_std
To view non-key processes in maximum mode, run the following command:
$ cat process_max
DatabaseServer Used to monitor database server processes. If the database server

does not function properly, a failover occurs on the HA system.
DataFilesystem Used to monitor the lv_nms_data volume. If the lv_nms_data

volume does not function properly, a failover occurs on the HA
system.
RVGPrimary Used to monitor the RVG on the local site. If the RVG on the local
site does not function properly, a failover occurs on the HA system.

Name
appNIC Used to monitor the NIC associated with the U2000 application IP
(Solaris) address. If the NIC does not function properly, a failover occurs on
APPBOND (PC the HA system.
Linux) NOTE
l For Solaris HA system, if an independent NMS application IP address
without IPMP has been configured, the VCS does not monitor this
resource.
l For Solaris HA system, if the system IP address without IPMP is used
as the NMS application IP address, not the heartbeat or replication IP
address, the VCS does not monitor this resource.
l Cause 2: The U2000 on the primary site abnormally powers off, has a hardware fault, or
is broken down. A hardware fault may occur because of disasters such as earthquake,
tsunami, or flood. The U2000 may be broken down because the operating system is
damaged. After the failover is complete, the HA system enters the Fault switching state.
l Cause 3: The interval for interruption of heartbeat connections between the primary and
secondary sites exceeds 600 seconds, the HA system enters the Primary-primary state.
NOTE
For Solaris HA system, if a separate heartbeat network and a separate replication network have
been configured, the heartbeat between the primary and secondary sites uses the replication
network if the communication on the heartbeat network is interrupted. In this scenario, the HA
system status changes from Normal state to Primary-primary state only if the communication on
both the heartbeat and replication networks has been stopped for more than about 600 seconds.
11.4 Restrictions on Using a High Availability System

This topic describes the restrictions on using a high availability system. Some improper
operations lead to high availability system failures.
Table 11-4 shows the restrictions on using a high availability system.
Table 11-4 Restrictions on using a high availability system
No. Usage Limitations Remarks
1 The direction of data synchronization between Take the server where a client is
the primary and secondary sites must be recently logged in as the source
correct. If data is supposed to be synchronized server for data synchronization.
from the primary site to the secondary site but You can also force the local server
the data synchronization direction is incorrect, as the primary server to perform
data on the primary site will be overwritten and data synchronization.
cannot be restored.
2 Normally, the AppService and VVRService -

resource groups on the primary and secondary
sites are not frozen. If they are frozen, a high
availability system fails to protect services or
perform active/standby switchover.

3 During database expansion, please ensure that -

the data to be expanded on the primary site is
consistent with that on the secondary site;
otherwise, maybe the high availability system
displays a message during data
synchronization, indicating a synchronization
failure.
4 Manually changing the database password of a The database password is stored

high availability system is prohibited. Use the in both the U2000 database and
MSuite to change the database password. configuration file. The manual
mode leads to incomplete
modification; as a result, a
database password inconsistency
occurs.
5 Manually changing the IP address and host The IP address and host name are
name of a high availability system is stored in both the U2000 database
prohibited. Use the MSuite to change the IP and configuration file. The
address and host name of a high availability manual mode leads to incomplete
system. modification; as a result, an IP
address and host name
inconsistency occurs.
6 The DCN between the primary and secondary -

sites must meet the high availability system
requirements. For details, see the U2000
Planning Guide. If the DCN between primary
and secondary sites does not meet the high
availability system requirements, the DCN may
become unstable or the reliability is reduced.
Establishing a high availability system is not
recommended for a DCN that does not meet
specific requirements. Disabling the automatic
service switchover function for the high
availability system is recommended.
7 Deleting folders (including empty folders) in -

the installation directories of the U2000
software, database software, and high
availability system software is prohibited. If
such folders are deleted, the U2000 software,
database software, and high availability system
software fail to function properly.

8 Manually changing the permissions for files or -

folders (including empty folders) in the
installation directories of the U2000 software,
database software, and high availability system
software and file permissions is prohibited. If
such permissions are changed, the U2000
software, database software, and high
availability system software fail to function
properly.
9 Manually executing scripts to start or stop the A high availability system

U2000 is prohibited. Useing the Command requires that the U2000 be started
Line of VCS to start or stop the U2000. or stopped using the Command
Line of VCS.
10 If the Veritas license is a temporary license or l If the license of Veritas 4.1 or

expires, change it within the validity period. 5.0 expires, the high
Otherwise, the system fails to start or the availability system fails to
Veritas software fails to protect services. start.
l If the license of Veritas 5.1 or
later expires, the high
availability system can start,
but the protection function is
disabled.
11 The software and hardware configurations, A high availability system

especially the hard disk quantity and size and requires that the software and
networking mode, on the primary and hardware configurations on the
secondary sites must be consistent. Otherwise, primary and secondary sites must
the high availability system fails to be consistent.
synchronize data.
12 Using the libumem, a memory leakage analysis -

tool of Solaris 10, is prohibited. If this tool is
used, the stability of the high availability
system may be affected and an active/standby
switchover may occur.

13 After an active/standby switchover, you need -

to manually copy the database cache files and
PNP package from the primary site to the
secondary site:
Path for database cache files: oss\server
\vmtDB
Path for PNP package: oss\server\cbb\nemgr
\v8common\pnpp
If the preceding files cannot be copied due to
reasons such as device startup failure, choose
Configuration > Synchronize NE
Configuration Data from the main menu to
perform full synchronization to restore the
database cache.
14 For the OSN 8800, active/standby switchovers -

will not synchronize its historical OD backup
data to the secondary site. Users have to copy
the data as required
Historical OD backup data is saved in /opt/oss/
server/emau/etc/odbackup.
11.5 Managing Resource Groups

This topic describes how to manage resource groups using commands for routine maintenance
on resource groups.
11.5.1 Bringing a Resource Group Online

This topic describes how to bring a resource group on the VCS online to enable the NMS and
database resources start properly.
Prerequisites
The resource group must be enabled and not be frozen.
NOTE
l If the resource group is disabled, you must enable the resource group. For details, see 11.5.5
Enabling a Resource Group.
l If the resource group is frozen, you must unfreeze the resource group. For details, see 11.5.4
Unlocking a Resource Group.
Procedure
l Using the Command Lines
– In the Solaris or SUSE Linux OS:
hagrp -online <service_group_name> -sys <hostname>

Command example:
hagrp -online AppService -sys Primaster
----End
11.5.2 Taking a Resource Group Offline

This operation enables you to take all resources in a resource group offline.
Prerequisites
The resource group is not frozen.
Procedure
l Run the following command:
– hagrp -offline <service_group_name> -sys <hostname>
Command example:
hagrp -offline AppService -sys Primaster
----End
11.5.3 Locking a Resource Group

This operation enables you to lock a resource group of the VCS. That is, lock all resources in
the resource group for routine maintenance on the system.
Context
You need to lock resource groups for system maintenance. If a resource group is locked, you
cannot bring it online, take it offline, or carry out the switchover.
Procedure
l Using the Command Line
a. hagrp -freeze <service_group_name> [-persistent]
Command example:
hagrp -freeze AppService
----End
11.5.4 Unlocking a Resource Group

This operation enables you to unlock a locked resource group of the VCS.
Procedure
a. hagrp -unfreeze <service_group_name> [-persistent]
Command example:

hagrp -unfreeze AppService
----End
11.5.5 Enabling a Resource Group

This operation enables you to enable a resource group of the VCS.
Procedure
a. haconf -makerw
b. hagrp -enable <service_group_name> [-sys hostname]
Command example:
hagrp -enable AppService

c. haconf -dump -makero
----End
11.5.6 Disabling a Resource Group

This operation enables you to disable a resource group of the VCS.
Procedure
l Run the following commands:
a. haconf -makerw
b. hagrp -disable <service_group_name> [-sys hostname]
Command example:
hagrp -disable AppService

c. haconf -dump -makero
----End
11.5.7 Clearing the Current Operation

When you perform the online or offline operation on a resource group, all the resources in the
resource group are taken online or offline. This topic describes how to clear the current
operation if the operation needs to be stopped on a resource.
Procedure
Step 1 Using the Command Line
hagrp -flush AppService -sys <system>
Command example:
hagrp -flush AppService -sys hostname
----End

11.5.8 Clearing a Resource Group Fault Flag

This operation enables you to clear a resource group fault flag of the VCS.
Procedure
a. hagrp -clear <service_group_name> [-sys hostname]
Command example:
hagrp -clear AppService
----End
11.6 Managing Resources

This topic describes how to manage resources in resource groups using commands for routine
maintenance on resources.
11.6.1 Bringing a Resource Online

This operation enables you to bring a resource of the VCS online.
Prerequisites
The resource status is enabled, and all the dependent resources are online.
Procedure
a. hares -online <resource_name> -sys <hostname>
Command example:
hares -online NMSServer -sys Secmaster
----End
11.6.2 Taking a Resource Offline

This operation enables you to take a resource of the VCS offline.
Prerequisites
The dependent resources are offline.
Procedure
a. hares -offline <resource_name> [-ignoreparent] -sys <hostname> or hares -
offprop <resource_name> [-ignoreparent] -sys <hostname>
Command example:

hares -offline NMSServer -sys Primaster

----End
11.6.3 Enabling a Resource

This operation enables you to enable a resource of the VCS.
Procedure
a. hares -modify <resource_name> Enabled 1
Command example:
i. Assign the read/write right to the resource:
# haconf -makerw
ii. Enable the resource:

iii. Assign the read-only right to the resource:

# haconf -dump -makero
----End
11.6.4 Disabling a Resource

This operation enables you to disable a resource of the VCS.
Context
If a resource is disabled, you cannot bring it online.
Procedure
a. hares -modify <resource_name> Enabled 0
Command example:
i. Assign the read/write right to the resource:
# haconf -makerw
ii. Disable the resource:

iii. Assign the read-only right to the resource:

----End
11.6.5 Detecting Resources

This operation enables you to detect the resource status of the VCS.
Context
You can detect resources to check whether the resources are configured and started in the
VCS.

Procedure
l Run the following command :
a. hares -probe <resource_name> -sys <hostname>
Command example:
hares -probe NMSServer -sys Primaster
----End
11.6.6 Clearing a Resource Fault Flag

This operation enables you to clear a resource fault flag of the VCS.
Procedure
a. hares -clear <resource_name> [-sys hostname]
Command example:
hares -clear NMSServer
----End
11.7 Managing Replication Volumes

This topic describes how to manage replication volumes using commands.
11.7.1 Importing a Disk Group

This topic describes how to import a disk group. You can import a disk group by using the
commands.
Prerequisites
The VxVM process must be started.
NOTE
To check whether VxVM process has been started, run the ps -ef | grep vx command.
Context
Generally, the disk group has been imported when the VxVM starts and this operation is not
required in this case. Perform this operation when the disk group fails to be automatically
imported.
Procedure
l In the Solaris or SUSE Linux OS:
vxdg import <diskgroupname>
vxrecover -g <diskgroupname> -sb
Command example:

vxdg import datadg

vxrecover -g datadg -sb
----End
11.7.2 Recovering a Disk Volume

This operation enables you to recover a disk volume using the commands.
Context
Run the vxprint -v command to check the status of a disk volume.
Check if STATE is ACTIVE and KSTATE is ENABLED. If not, it indicates that the disk
volume is abnormal. Perform the following operations to restore the disk volume.
Procedure
Step 1 Run the following commands to recover and start the disk volume.
vxrecover -g <diskgroupname> -sb
vxvol -g <diskgroupname> start <volumename>
----End
Example
vxrecover -g datadg -sb
vxvol -g datadg start lv_nms_data
NOTE
You can run the vxdg list command to query the <diskgroupname>, and run the vxprint -v command to
query the <volumename>.
11.7.3 Recovering the RVG

This operation enables you to recover the RVG using commands.
Context
Run the vxprint -Vl command to check the RVG status.
Check if state is ACTIVE and kernel is ENABLED. If not, it indicates that the RVG is
abnormal. Perform the following operations to restore the RVG.
Procedure
Step 1 Run the following commands to recover and start the RVG.
vxrvg -g <diskgroupname> recover <rvgname>
vxrvg -g <diskgroupname> start <rvgname>
Command example:

vxrvg -g datadg recover datarvg
vxrvg -g datadg start datarvg
NOTE
You can run the vxdg list command to query the <diskgroupname>, and run the vradmin printrvg
command to query the <rvgname>.
----End
11.7.4 Recovering the RLink

This operation enables you to recover the RLink using commands.
Context
Run the vxprint -Pl command to check the RLink Status.
Check if state is ACTIVE. If not, it indicates that the RLink is abnormal. Perform the
following operations to restore the RLink.
Procedure
Step 1 Run the following commands to recover the RLink.
vxrlink -g <diskgroupname>
recover <rlinkname>
Command example:
vxrlink -g datadg recover datarlk
----End
11.8 Manual Switchover Between Active and Standby

Sites
Prerequisites
Ensure that the following prerequisites are met before performing the operation.
l The heartbeat connection between the active site and the standby site is normal.
l The data replication between the active site and the standby site is normal.
l The active site and the standby site are normal and no fault occurs. If there is a fault tag,
clear it by running the following command:
hares -clear <resource_name> [-sys hostname]
Command example:

Context
After the active site is switched over to the standby site, the original standby site in the cluster
changes to the active site. In addition, the replication relation between the active site and the
standby site is repaired and the replication direction is specified again.
NOTICE
Procedure
Step 1 Check the replication status.
1. Log in to the active site as the root user.
NOTE
If security hardening is enabled, log in to the OS as the ossuser user. Then run the su - root
command and enter the root user password to switch to the root user.
2. Run the following command to check the data replication status of the active sites.
In the Solaris or SUSE Linux OS:
# vradmin -g <diskgroupname> repstatus <rvgname>
Command example:
The following information appears.
Replicated Data Set: datarvg
Primary:
Host name: 10.71.210.78
RVG name: datarvg
DG name: datadg
RVG state: enabled for I/O
Data volumes: 4
VSets: 0
SRL name: lv_srl
SRL size: 3.00 G
Total secondaries: 1
Secondary:
Host name: 10.71.210.76
RVG name: datarvg
DG name: datadg
Data status: consistent, up-to-date
Replication status: replicating (connected)
Current mode: asynchronous
Logging to: SRL
Timestamp Information: behind by 0h 0m 0s

NOTE
You can perform the active/standby replication switchover only when Data status is consistent,
up-to-date.
Step 2 To perform manual switchover between the primary and secondary sites.
Use commands:
l To switch over the U2000 and database applications from the primary site to the
secondary site, run the following command on the secondary site as the root user:
# hagrp -switch AppService -any -clus localclus
l To switch over the U2000 and database applications from the secondary site to the
primary site, run the following command on the primary site as the root user:
NOTE
Run the hastatus -sum command as the root user to check the service status and service group status.
Use GUI:
1. Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
2. Choose Deploy > Monitor HA Status from the main menu. The Monitor the Status
3. Optional: Click View to view the historical records of the primary and secondary sites.
NOTE
The status of each HA system indicator is displayed. You can click detail info to view details or
restoration suggestions.
4. Click check now to view the current information about the primary and secondary sites.
NOTE
– It takes three to five minutes to check the HA system status.

– After the check, you can view the check results, details, and suggestions in the HA Status dialog
box.
– The check results are saved as .xml files in /opt/oss/engr/engineering/ha_review/result. The name
of the latest check result file contains the word new. For example,
ha_review_result_20150421165146.xml. In this example, 20150421165146 indicates the time when
the HA system status is checked. You can run the following commands to check the file
information:
# cd /opt/oss/engr/engineering/ha_review/result
# cat ha_review_result_20150421165146.xml
5. Click Switch to Secondary to switch to the secondary site.
----End

Administrator Guide 12 Changing the Host Name and IP Address
12 Changing the Host Name and IP

Address
About This Chapter
If network configurations change, you must use the MSuite to change the IP address, host
name, and route of the server.
The rules of modify the IP address and host name

If network configurations change, you must change the IP address, host name, and route of
the server to ensure normal running the U2000. If the U2000 has been installed on the server,
you must use the MSuite to change the IP address, host name, and route of the server in
compliance with the following rules:
l In the scenario of a high availability system, you must separate the primary site from the
secondary site and then change the host names and IP addresses for the primary site and
secondary site.
l The U2000 processes must be stopped.
l The database must be running.
l The new host name must comply with the host name naming rule.
– The host name of the U2000 server must be unique on the network.
– On Solaris/SUSE Linux OS.
n host name must be a string consisting of no more than 24 characters that can
only be letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
n The first character must be a letter and the last character cannot be a hyphen.
n The host name cannot contain --.
n The host name cannot contain only one character.
– On Windows OS, the host name must be a string consisting of no more than 30
characters that can only be letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
– The host name must be case-sensitive.
– The host name cannot be empty or contain spaces.

– The host name cannot be any of the following keywords in the high availability
system.
action false keylist static after firm local stop requires
remotecluster
system group resource global Start str temp set heartbeat
ArgListValues
System Group boolean hard Name soft before online condition
MonitorOnly
remote start cluster event VCShm type Path offline Signaled
HostMonitor
Probed state Cluster IState int Type State VCShmg NameRule
ConfidenceLevel
l If NBIs instances are deployed before the host name and IP address are changed, you
must re-configure NBIs on the MSuite client after changing the IP address and host
name.
l It is recommended that you back up the database in time after changing the IP address
and host name.
NOTICE
Modifying IP addres information may result in network interruption. Perform this
operation only if you fully understand network conditions.
Modify the IP address and host name through the GUI

The procedure for changing the IP address and host name varies according to U2000
deployment schemes. Details are as follows:
l For information on how to change the IP address and host name on a GUI for a single-
server system (Windows 2008), see 12.1.1 How to Change the IP Address of the
Single-Server System (Windows 2008) and 12.1.2 How to Change the Host Name of
the Single-Server System (Windows 2008).
server system (Solaris), see 12.1.3 How to Change the IP Address and Host Name for
the Single-Server System (Solaris).
server system (SUSE Linux), see 12.1.4 How to Change the IP Address and Host
Name for the Single-Server System (SUSE Linux).
l For information on how to change IP addresses and host names on a GUI for a high
availability system (Solaris), see 12.1.5 How to Change the IP Address and Host
Name for the High Availability System (Solaris).
l For information on how to change IP addresses and host names on a GUI for a local high
availability system (SUSE Linux), see 12.1.6 How to Change the IP Address and Host
Name for the Local High Availability System (SUSE Linux).
l For information on how to change IP addresses and host names on a GUI for a remote
high availability system (SUSE Linux), see 12.1.7 How to Change the IP Address and
Host Name for the Remote High Availability System (SUSE Linux).
Modify the IP address and host name through the CLI

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system,, modify the IP
address and host name of the server through the CLI.

Before using commands to change the IP address and host name, make sure that the preceding
requirements are met. Details are as follows:
NOTICE
if the server configure multiple IP addresses, you can modify the NMS application IP address
through the CLI only.
l Run the following command to change the IP address:
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin modifyip -
oldip ipaddress -newip ipaddress -oldnetmask oldnetmask -newnetmask newnetmask
NOTE

l The default user name of the MSuite is admin and the default password is Changeme_123. If
the password has been changed, enter the new password. If the password has not been
changed, for system security, modify the default password and remember the new password.
After this operation, restart the OS to make the new IP address take effect.
l Run the following commands to change the host name:
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin
modifyhostname -hostname hostname
NOTE
l The application IP address parameter indicates the application IP address of the U2000. The
variable ipaddress indicates the IP address associated with the host name to be changed. The
variable hostname indicates the modified host name. After the preceding commands are
executed, restart the OS to make the host name take effect.
12.1 Centralized and VMware Scheme

12.2 FusionSphere Scheme
12.1 Centralized and VMware Scheme

12.1.1 How to Change the IP Address of the Single-Server System

(Windows 2008)
Question
How do I change the IP address of the single-server system (Windows 2008)?
Answer
NOTE
Changing an IP address includes the following major steps:

1. Shut down the NMS server and all NMS clients, and ensure that the database is running.
2. Shut down the U2000 MSuite server.
3. Change the IP address of the U2000 server.
4. Start the U2000 MSuite server.
5. Log in to the U2000 MSuite client and synchronize the network configuration files. If the network
configuration files are not synchronized, the U2000 fails to start properly.
6. Restart the OS.
Only the IP address instead of the networking solution can be modified.
NOTICE
l Do not change an IP address and a host name at the same time. Otherwise, the U2000 fails
to be started.
l Using virtual network interfaces is prohibited.
l Modifying IP addres information may result in network interruption. Perform this

Step 2 Shut down the NMS server and all NMS clients.
In the directory of the NMS software after the installation, for example, the D:\oss\server
\platform\bin directory, run the stopnms.bat file to end the NMS processes.
NOTE
Ensure that the database is started, do as follows:

1. Choose Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL
2. Right-click SQL Server (MSSQLSERVER) and choose Start to start the database. If the database
has started, skip this step.
Step 3 End the server process of the MSuite.

In the D:\oss\engr\engineering directory, double-click the stopserver.bat file to end the
server process of the MSuite.
Step 4 Disable one or more unwanted NIC.
1. Choose Start > Control Panel > Network and Internet > Network and Sharing
Center > Change adapter settings to access the Network Connections window.

2. Select one ore more unwanted old NICs, right-click, and choose Disable from the
shortcut menu.
Step 5 Perform the following operations to change the IP address of the server:
2. In the Network and Sharing Center dialog box, click Change adapter settings.
3. In the Network Connections dialog box that is displayed, right-click the network
connection to be configured and choose Properties from the shortcut menu.
4. In the Local Area Connection Properties dialog box, click Internet Protocol Version
4 (TCP/IPv4) and then Properties.
5. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box that is displayed,
enter the new IP address, subnet mask, and default gateway address, and perform the
related modification. Click OK.
Step 6 Login the NMS server with the new IP address.
Step 7 Change the IP address information in the nic.cfg configuration file as required.
NOTE
l The prerequisite to perform this step is that the server communication NIC needs to be replaced or
the NIC name needs to be modified. If you do not need to replace the communication NIC or modify
the NIC name, do not perform this step.
l During U2000 installation, the server IP address must be set to the IP address for external
communication. A loopback IP address, such as 127.0.0.1, is not allowed.
1. Navigate to D:\oss\engr\engineering\conf, copy nic.cfg, and save it as nic_bak.cfg.

NOTE
If the U2000 is not installed in disk D, change D to the actual drive letter.
2. Double-click nic.cfg.
3. Change the IP address information in nic.cfg as required, Ensure that all NIC names in
the file are the same as names of actual NICs on the host, Change physical addresses of
all network interface cards (NIC) to thoses of actual hosts in nic.cfg as follows:
NOTICE
In the CLI, run the ipconfig command to view the associated IP addresses.
– Choose Start > Run. The Run window will be displayed.
– Enter cmd and click OK.
– In the CLI, run the ipconfig -all command to view the associated IP addresses.
HOST01_PublicNIC_NAME=localhost
HOST01_PublicNIC_MAC=00-0C-29-8F-DD-3F
HOST01_PrivateNIC_NAME=localhost
HOST01_PrivateNIC_MAC=00-0C-29-8F-DD-3F
4. Save and close nic.cfg.

Step 8 Start the server process of the MSuite.
In the D:\oss\engr\engineering directory, double-click the startserver.bat file to start the

Step 9 Log in to the MSuite client.

1. On the computer where the MSuite client is installed, double-click the U2000 NMS
Maintenance Suite shortcut icon on the desktop. Wait about one minute. The Login
NOTICE
The Login dialog box that is displayed after the Network Management System
Maintenance Suite is logged out of cannot be used for login. Otherwise, network
configuration synchronization fails.
2. Set the related login parameters and click OK. The Management System Maintenance
Suite window is displayed.
– IP Address: Indicates the system IP address of the computer where the MSuite
server is installed.
– Port No.: The default port number is 12212. You do not need to change the default
value during login.
– User Name and Password: The default user name of the MSuite is admin and the
default password is Changeme_123. If the password has been changed, enter the
new password. If the password has not been changed, for system security, modify
the default password and remember the new password. For details, see C.3.1
Changing the Password of the MSuite.
NOTE
A dialog box may be displayed during the process of logging in to the MSuite client. Click OK
according to the prompt.
Step 10 Manually shut down the MSuite server and the database. Then, restart the OS.
1. Shut down the MSuite server. For details, see Step 3.
2. Shut down the database. For details, see A.8.3 How to Shut Down the SQL Server
Database.
3. Restart the OS.
NOTE
– If NBIs instances are deployed before the host name and IP address are changed, you must re-
configure NBIs on the MSuite client after changing the IP address and host name.
– The changed IP address will be used for re-configure an NBI. For details, see the related NBI
user guide.
----End
12.1.2 How to Change the Host Name of the Single-Server System

(Windows 2008)
Question
How to change the host name of the single-server system (Windows 2008)?

Answer
NOTE
Changing the host name includes the following major steps:

1. Shut down the U2000 server and client, and ensure that the database is running.
2. Change the host name of the U2000 server.
3. Restart the OS.
NOTICE
to be started.
Step 2 Shut down the NMS server and client.

NOTE

Step 3 Perform the following operations to change the host name of the server:
1. Click Start. Right-click Computer on the desktop and choose Properties from the
shortcut menu.
2. In the Computer name, domain, and workgroup settings area, click Change settings.
3. In the Computer Name tab, click Change.
4. In the dialog box that is displayed, change the computer name, and then click OK.
NOTE
– Ensure that you change the host name in the work group.
– The host name must be a string consisting of no more than 30 characters that can only be
letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
5. The You must restart your computer to apply these changes dialog box will be
displayed, click OK.
6. Click Close.

displayed, click Restart Now to restart the OS.
Step 4 Refer to Step 2 to shut down the NMS server and client.

NOTICE
value during login.
NOTE
Step 7 On the Server tab page, right-click the server to be configured and choose Synchronize
Network Configuration from the shortcut menu. Click OK.
----End
12.1.3 How to Change the IP Address and Host Name for the
Single-Server System (Solaris)
Question
How to change the IP address and host name for the single-server system (Solaris)?

Answer
NOTE
To change the IP address and host name, do as follows:

1. Stop U2000 server processes.
2. Use the MSuite to change the IP address and host.
3. Restart the OS to make the modifications take effect.
NOTICE
Modifying IP addres information may result in network interruption. Perform this operation
only if you fully understand network conditions.
Step 1 Log in to the OS of the server as user ossuser.
Step 2 Open a terminal window and run the following commands to end U2000 processes.
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, see A.9.1.2 How to Start
Step 3 After the processes are ended, on the NMS server. For details, see A.10.4 How to Start the
MSuite Client.
Step 4 On the MSuite client, click the Server tab.
Step 5 Do as follows to change the IP address and hostname.

1. Right-click the server name and choose Change IP Address And Hostname from the
shortcut menu.
2. In the Change IP Address And Hostname dialog box, enter the new IP address, host
name, and subnet mask. The IP address cannot be set to 127.X.X.X.
3. Click OK. The progress bar is displayed. Wait patiently.

4. After the configuration is complete, the Prompt dialog box is displayed, asking you to
restart the OS in time. click OK.

Step 6 Switch to root user, restart the OS for the settings to take effect. Otherwise, the database and
U2000 will function incorrectly.
$ su - root
NOTE
l If NBIs instances are deployed before the host name and IP address are changed, you must re-
l The changed IP address will be used for re-configure an NBI. For details, see the related NBI user
guide.
l If the server IP address is changed, you must manually configure the hardware alarm monitoring
function. For details about the replacement procedure, see Configuring the Monitoring Function
for an OceanStor 5500 V3 Disk Array, Configuring the Monitoring Function for an S3900
Disk Array and Configuring the Monitoring Function for an S2600 Disk Array in the U2000
Single-Server System Software Installation and Commissioning Guide (Solaris) manual.
----End
Single-Server System (SUSE Linux)
Question
How to change the IP address and host name for the single-server system (SUSE Linux)?
Answer
NOTE

2. Use the MSuite to change the IP address and host name.
NOTICE
$ ./stopnms.sh
NOTE
Step 3 After the processes are ended, log in to the NMS Maintenance Suite client.


Step 5 Do as follows to change the IP address.
shortcut menu.
NOTE
Multiple IP addresses cannot share the same host name. You must set a host name for each IP address.
restart the OS. click OK.
$ su - root
# shutdown -r now
NOTE
guide.
----End
12.1.5 How to Change the IP Address and Host Name for the High
Question
How do I change the IP address and host name for the High Availability System (Solaris)?

Answer
NOTE

1. Use the MSuite to separate the primary site from the secondary site.
2. Ensure that the NMSServer resource is in offline state and other resources are in online state on the
primary site.
3. Use the MSuite to change the IP address and host name for the primary site. Then, restart the OS.
secondary site.
5. Use the MSuite to change the IP address and host name for the secondary site. Then, restart the OS.
6. Use the MSuite to reconnect the primary and secondary sites.
NOTICE
Step 1 Log in to the NMS Maintenance Suite of primary site.
Step 2 Separate the primary site from the secondary site. For details, see C.6.2 Separating the
Primary Site from the Secondary Site.
Step 3 Check the status of all resources on the primary site. Ensure that the NMSServer resource is
in the offline state and other resources are in the online state on the primary site.
1. Check the status of all resources.
# hares -state -localclus
#Resource Attribute System Value

BackupServer State Primaster ONLINE
DataFilesystem State Primaster ONLINE
DatabaseServer State Primaster ONLINE
NMSServer State Primaster ONLINE
RVGPrimary State Primaster ONLINE
datarvg State Primaster ONLINE
wac State Primaster ONLINE
2. Make the NMSServer resource is in the offline state and other resources are in the
online state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer resource
offline only after all resources are online.
The command to offline a resource:
# hares -offline Resource -sys hostname
The command to online a resource:
# hares -online Resource -sys hostname


shortcut menu.

$ su - root
Step 7 Check the status of all resources on the secondary site. Ensure that the NMSServer resource
is in the offline state and other resources are in the online state on the secondary site.

BackupServer State Secmaster ONLINE
DataFilesystem State Secmaster ONLINE
DatabaseServer State Secmaster ONLINE
NMSServer State Secmaster ONLINE
RVGPrimary State Secmaster ONLINE
datarvg State Secmaster ONLINE
wac State Secmaster ONLINE
online state.
NOTE



Step 8 Log in to the NMS Maintenance Suite of secondary site.
Step 10 Do as follows to change the host name and IP address.

shortcut menu.
2. In the Change IP Address And Hostname dialog box, enter the new hostname, IP
address, and subnet mask. The IP address cannot be set to 127.X.X.X.

4. After the configuration is complete, the Message dialog box is displayed, asking you to
$ su - root

NOTE
guide.
HA System Software Installation and Commissioning Guide (Solaris) manual.
----End
Local High Availability System (SUSE Linux)
Question
How do I change the IP address and host name for the Local High Availability System (SUSE
Linux)?
Answer
NOTE

2. Ensure that the NMSServer and the FloatIP resources are in OFFLINE state and other resources
are in ONLINE state on the primary site.
are in ONLINE state on the secondary site.

NOTICE
l The new floating IP address must be on the same network segment as the application IP
address.
l If the original IP address and modified IP address are in the same network segment, you
can choose to change both the application IP address and floating IP address or only one of
them as required. You can change either the application IP address or the floating IP
address first.
l If the original IP address and modified IP address are not in the same network segment,
both the application IP address and floating IP address need to be changed and the
application IP address needs to be changed in prior to the floating IP address.
l If the six-NIC scheme is used, configuring the system IP address and application IP
address to different network segments is recommended in order to ensure network fault
isolation. If the application IP address is modified, the application IP address and system
IP address are still on different network segments after the modification. Changing the
system IP address using commands is prohibited.

Step 3 Log in to the OS of the primary site as the root user.
NOTE
Step 4 Check the status of all resources. Ensure that the NMSServer and the FloatIP resources of
the primary site are in the OFFLINE state and other resources are in the ONLINE state.

APPBOND State Primaster ONLINE
FloatIP State Primaster OFFLINE
NMSServer State Primaster OFFLINE
mountRes State Primaster ONLINE
2. Make the NMSServer and the FloatIP resources are in the OFFLINE state and other
resources are in the ONLINE state.
NOTE
If the state is wrong, make the AppService resource group online, then make the NMSServer and
FloatIP resource offline after all resources are online.


shortcut menu.

restart the OS. Click OK.
Step 7 Optional: If the IP address is changed to one on another network segment, reconfigure the
route according to C.5.2 Configuring Routes.
Step 8 Perform the following operations on the server on which the host name and IP address are
changed to make the change take effect. Otherwise, the database and U2000 will function
incorrectly.
# hastart -onenode
# hagrp -offline AppService -sys hostname
NOTICE
If the host name is changed, the hostname in the above command is the host name modified.
# cd /opt/VRTSvcs/bin
# hastop -local -force
# shutdown -r now

Step 9 Log in to the OS of the secondary site as the root user.

NOTE
the secondary site are in the OFFLINE state and other resources are in the ONLINE state.

NOTE

shortcut menu.


incorrectly.
# hastart -onenode
NOTICE
# shutdown -r now
NOTE
guide.
----End
Remote High Availability System (SUSE Linux)
Question
How do I change the IP address and host name for the Remote High Availability System
(SUSE Linux)?

Answer
NOTE

primary site.
secondary site.
NOTICE
NOTE
Step 4 Check the status of all resources. Ensure that the NMSServer resource of the primary site is
in the offline state and other resources are in the online state.

online state.

NOTE



shortcut menu.

incorrectly.
# hastart -onenode
NOTICE

# shutdown -r now

NOTE
Step 10 Check the status of all resources. Ensure that the NMSServer resource of the secondary site is

online state.
NOTE

shortcut menu.


incorrectly.
# hastart -onenode
NOTICE
# shutdown -r now
NOTE
guide.
----End
12.2 FusionSphere Scheme
12.2.1 How to Change the IP Address of the Single-Server System
Question
How do I change the IP address of a U2000 cloud host created in the SC window?

Answer
Step 1 Configure the OS network.
1. Use a VDC service user account to log in to the ServiceCenter. For detail, see Logging
in to ServiceCenter.
2. Choose Console > Computing > Cloud Host. Then, choose More > VNC Login on the
right of the mapping cloud host to log in to the VNC operation window.
NOTE
The GUIs of the ServiceCenter vary by version, but operations are the same. This section uses
ManageOne ServiceCenter 3.0.9 basic version as an example.
3. Configure the OS network.
NOTE
After the VM is stopped, its status may not be updated immediately in the ServiceCenter window. To
update its status, click .
a. Log in to the OS of the server as user ossuser.

b. Open a terminal window and run the following commands to end U2000 processes.
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, seeA.9.1.2 How
to Start the Sybase Database Service.
c. After the processes are ended, A.10.4 How to Start the MSuite Client.
d. On the MSuite client, click the Server tab.
e. Do as follows to change the IP address.
i. Right-click the server name and chooseChange IP Address And Hostname
ii. In the Change IP Address And Hostname dialog box, enter the new IP
address and subnet mask. The IP address cannot be set to 127.X.X.X.

NOTE
Multiple IP addresses cannot share the same host name. You must set a host name for each
IP address.
iii. Click OK. The progress bar is displayed. Wait patiently.
iv. After the configuration is complete, the Prompt dialog box is displayed, asking
you to restart the OS. click OK.
f. Switch to root user,shutdown the OS for the settings to take effect. Otherwise, the
database and U2000 will function incorrectly.
$ su - root
# shutdown -h now
NOTE
n If NBIs instances are deployed before the host name and IP address are changed, you
name.
n The changed IP address will be used for re-configure an NBI. For details, see the related
NBI user guide.
Step 2 Configure the Virtualization-Layer network.

2. Choose Console > Computing > Cloud Host. Then, choose More > Change on the
right of the mapping cloud host .
3. Change its IP address,click OK. In the Confirm dialog box, click OK.
Change the host IP address to be the same as the OS network IP address.
4. Use a VDC administrator account to log in to the ServiceCenter. For details, see
Logging in to ServiceCenter.

5. Choose Services > Apply > My To-Dos, view the application task submitted by the
VDC service user, and click Approve.
6. Select Agree, and click Submit.
7. Choose VDC > All Orders.
If the Status value of the application is Succeeded, the system has successfully allocated
resources.
Step 3 Start the VM.

2. Choose Console > Computing > Cloud Host. Then, choose More > Start .
----End
12.2.2 How to Change the Hostname of the Single-Server System
Question
How do I change the Hostname of a U2000 cloud host created in the SC window?
Answer
Step 1 Change the host name.
2. Choose Console > Computing > Cloud Host. Then, choose More > VNC Login on the
right of the mapping cloud host to log in to the VNC operation window.
NOTE
The GUIs of the ServiceCenter vary by version, but operations are the same. This section uses
ManageOne ServiceCenter 3.0.9 basic version as an example.
3. Change the host name.
NOTE
After the VM is stopped, its status may not be updated immediately in the ServiceCenter window. To
update its status, click .
a. Log in to the OS of the server as user ossuser.

b. Open a terminal window and run the following commands to end U2000 processes.
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, seeA.9.1.2 How
to Start the Sybase Database Service.
c. After the processes are ended, A.10.4 How to Start the MSuite Client.
d. On the MSuite client, click the Server tab.
e. Do as follows to change the IP address.
i. Right-click the server name and chooseChange IP Address And Hostname

ii. In the Change IP Address And Hostname dialog box, enter the new host
name..
NOTE
Multiple IP addresses cannot share the same host name. You must set a host name for each
IP address.
iii. Click OK. The progress bar is displayed. Wait patiently.
iv. After the configuration is complete, the Prompt dialog box is displayed, asking
you to restart the OS. click OK.
f. Switch to root user,restart the OS for the settings to take effect. Otherwise, the
database and U2000 will function incorrectly.
$ su - root
# shutdown -r now
NOTE
n If NBIs instances are deployed before the host name and IP address are changed, you
name.
n The changed IP address will be used for re-configure an NBI. For details, see the related
NBI user guide.
----End

Administrator Guide A FAQs
A FAQs
This topic provides answers to the most frequent questions concerning the installation.
A.1 Windows OS
This topic provides answers to FAQs about clients installed on Windows OS.
A.2 SUSE Linux OS
This topic provides the FAQs occurred in the SUSE Linux OS.
A.3 Solaris OS
This topic provides answers to FAQs about clients installed on Solaris OS.
A.4 Disk Array
This topic describes FAQs related to the disk array settings.
A.5 System Settings of the Huawei server
This topic covers FAQs about Huawei server system settings.
A.6 System Settings of the IBM Server
This topic covers FAQs about IBM Server system settings.
A.7 Veritas HA System
This topic covers FAQs about the Veritas HA system.
A.8 SQL Server Database
This topic describes the FAQs about the SQL server database.
A.9 Sybase Database
This topic covers FAQs about the Sybase database.
A.10 MSuite
This topic covers FAQs about the NMS maintenance suite.
A.11 U2000 System
This topic covers FAQs about the U2000 system.
A.12 VMware Virtual Machine(VMware vSphere Client)
This topic provides answers to the most frequent questions concerning the VMware virtual
machine.
A.13 VMware Virtual Machine(vSphere Web Client)
This topic describes operations related to VMware 6.5 where the VCSA is logged in through
the vSphere Web Client.

A.1 Windows OS
This topic provides answers to FAQs about clients installed on Windows OS.
A.1.1 How to Add a Static Route
Question
If the network connection is unstable, intermittently disconnected, or unreachable, the static
route may be not added. How do I add a static route?
NOTICE
If there are multiple network interfaces and their IP addresses are within different network
segments, the static route can be configured on only one of these network interfaces. To
prevent the failure of one network interface from causing the disconnection of the entire
network, the static route needs to be added on other network interfaces.
Answer
Step 1 Run the following command on the command prompt window to view the existing routes:
C:\> route print
Step 2 Run the following command to add a route:

C:\> route -p add network_IP_address mask netmask gateway_IP_address
NOTE
l Set the following parameters:

– network_IP_address: An IP address on the network segment of the computer connected to the
U2000 server.
– netmask: subnet mask of the network segment on which the computer connected to the U2000
server is located.
– gateway_IP_address: network management IP address for the network on which the U2000
server is located.
l To delete a route, run the following command:
C:\> route delete network_IP_address mask netmask gateway_IP_address
----End
A.1.2 How to Change the Password of the OS Administrator
Question
How to change the password of the OS administrator?

Answer
Step 1 Log in to the OS as the administrator user.
Step 2 Ensure that the SQL server database is started.

NOTE
l If the database is not started, manually start it. Otherwise, login to the database fails after the
password is changed.
l If the password of the administrator is changed when the SQL server database is not started, login
to the database fails. In this case, you need to change the password to the original one, start the SQL
server database, and then change the password of the administrator. To ensure the security of the
U2000, passwords must be complex enough. For example, a password must contain eight or more
characters of two types. The allowed characters are digits, letters, and special characters. Remember
to change passwords regularly.
Step 3 Press Ctrl+Alt+Delete to lock the current interface.
Step 4 In the dialog box that is displayed, click Change Password.
Step 5 In the dialog box that is displayed, enter the old password and the new password, and confirm
the new password.
Step 6 Click OK.
Step 7 Choose Start > All Programs > Microsoft SQL Server 2008 > SQL Server Management
Studio. The Connect to Server window is displayed. Enter the server name, and then click
Connect.
Step 8 Right-click the database server node for the local server from the navigation tree and choose
Properties from the shortcut menu. In the dialog box that is displayed, click the Security tab,
and then change the administrator password in the Enable server proxy account area.
----End
A.1.3 How to Configure the Remote Login to the Windows OS
Question
How to configure the remote login to the Windows OS?
Answer
Step 2 Right-click Computer and choose Properties from the shortcut menu.
Step 3 In the System dialog box, click the Remote settings tab.
Step 4 In the System Properties dialog box, set the remote login right through the option button as
required.
Step 5 Click OK.
Step 6 To connect a local PC to the Windows server remotely, apply for a digital certificate that uses
SHA256 encryption. The applied certificate has to be stored on the local computer. The
following describes how to load and query a digital certificate:

1. All applied digital certificates must be stored in the certificate management container for
further loading.
a. Choose Start > Run. In the Run window, enter mmc.exe.
b. In the Console1 window, choose File > Add or Remove Snap-ins.
c. In the Add or Remove Snap-ins dialog box, double-click Certificates in Available
snap-ins.
d. In the Certificates snap-in dialog box, select computer account and click Next.
e. In the Select Computer dialog box, select Local computer:(the computer this
console is running on) and click Finish.
f. In the Add or Remove Snap-ins,click OK.
g. In the Console1 window, chooseConsole Root > Certificates(Local computer) >
Personal, right-click and choose All Tasks > Import in the Object Type.
h. In the Certificate Import Wizard, clickNext.
i. In the File to Import dialog box, click Browse, select All Files ,select a digital
certificate, click Open, click Next.
j. In the Password dialog box, Input the private key password when applied digital
certificates Obtained, click Next.
k. In the Certificate Store dialog box, click Next.
l. ClickFinish, the The import was successful dialog box is displayed, click OK.
m. In the Console1 window, chooseConsole Root > Certificates(Local computer) >
Personal > Certificates to check whether the certificate has been stored in the
certificate management container.
2. Load a digital certificate.
a. Choose StartAll ProgramsAdministrative ToolsRemote Desktop
ServicesRemote Desktop Session Host Configuration.
b. In the Remote Desktop Session Host Configuration window, select RDP-Tcp in
the Connections list, right-click and choose Properties from the shortcut menu.
c. In the RDP-Tcp Properties dialog box, click the General tab and then Select to
load a certificate.
d. In the Windows Security dialog box, click OK.
e. In the RDP-Tcp Properties dialog box, click OK.
----End
A.1.4 How to Set the Virtual Memory to the System Managed Size
Question
How to set the virtual memory to the system managed size?
Answer
Step 1 Click Start. Right-click Computer on the desktop and choose Properties from the shortcut
menu.
Step 2 In the System dialog box, click the Advanced system settings tab.

Step 3 In the System Properties dialog box, click the Advanced tab.
Step 4 In the Performance area, click Settings.
Step 5 In the Performance Options dialog box, click the Advanced tab.
Step 6 In the Virtual memory area, click Change.
Step 7 In the Virtual Memory dialog box, deselect Automatically manage paging file size for all
drives and click the System managed size option button.
Step 8 Click Set.
Step 9 Click OK.
----End
A.1.5 How to Check Whether an NIC Is Assigned Multiple IP

Addresses (Windows)
Question
How to check whether an NIC is assigned multiple IP addresses?
Answer
Step 1 Choose Start > Run. In the Run dialog box, enter cmd to open the command line interface
(CLI) window.
Step 2 Run the ipconfig /all command and check whether multiple pieces of IP Address information
are displayed.
l If only one piece of IP Address is displayed, the NIC is assigned only one IP address.
l If multiple pieces of IP Address information are displayed, the NIC is assigned multiple
IP addresses.
----End
A.1.6 How to Delete Unnecessary IP Addresses of an NIC

(Windows)
Question
How to delete unnecessary IP addresses of an NIC?
Answer
Step 1 For details about how to check whether unnecessary IP addresses have been set, see A.1.5
How to Check Whether an NIC Is Assigned Multiple IP Addresses (Windows).
Step 2 If the NIC is assigned multiple IP addresses, perform the following steps to delete
unnecessary IP address:
Windows 2008:
1. Click Start, Right-click Network and choose Properties from the shortcut menu.

2. Click Change adapter settings.

3. Right-click Local Area Connection and choose Properties from the shortcut menu.
4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
5. On the General tab page, click Advanced.
6. In IP addresses, select the IP addresses to be deleted and click Remove.
7. Click OK.
----End
A.1.7 How to Query the Type of a Windows OS
Question
Two types of Windows OSs is available for Windows 2008: 64-bit OS. How to query the type
of a Windows OS?
Answer
Step 1 Perform the following steps for Windows 2008:
1. Log in to the OS as the ossuser.
2. Right-click Computer and choose Properties from the shortcut menu.
3. In the System dialog box, view the value of System type, as shown in the following
figure.
----End
A.1.8 How to Log In to the CLI on Windows
Question
Some system commands, such as ipconfig, can be run in the CLI on Windows. How do I log
in to the CLI on Windows?
Answer
Step 1 Choose Start > Run on Windows.
The Run window will be displayed.

Step 2 Enter cmd and click OK.

NOTE
To query the IP address and gateway information about the PC, enter ipconfig and press Enter.
----End
A.1.9 How to Shut Down Automatic Update of the Windows OS

Question
How do I shut down automatic update of the Windows OS?
Answer
Step 2 Choose Start > All Programs > Administrative Tools > Services.
Step 3 Right-click Windows Update service and choose Properties from the shortcut menu.
Step 4 On the General tab, change the value of Startup type to Disabled.
Step 5 Click OK.
Step 6 Choose File > Exit.
----End
A.1.10 How to Identify the Network Connection Name Associated

with the NMS Application IP Address on Windows
Question
How do I identify the network connection name associated with the NMS application IP
address on Windows?
Answer
Step 2 Choose Start > Run. The Run window will be displayed.
Step 4 Run the ipconfig -all command in the CLI. Information similar to the following is displayed:
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN08TG5699PK5UK

Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/1000 PB Dual Port Server

Connection
Physical Address. . . . . . . . . :
00-25-9E-81-29-5B
Dhcp Enabled. . . . . . . . .
Yes . . :
Autoconfiguration Enabled . .
Yes . . :
IP Address. . . . . . . . . . . . :
10.187.220.199
Subnet Mask . . . . . . . . . . . :
255.255.255.0
Default Gateway . . . . . . . . .
10.187.220.1:
DHCP Server . . . . . . . . . . .
10.187.220.1:
DNS Servers . . . . . . . . . . .
10.187.17.24:
10.172.255.100
10.198.248.39
Lease Obtained. . . . . . . . . . : 2012.6.8 15:49:04
Lease Expires . . . . . . . . . . : 2012.6.8 19:49:04
The network connection name associated with 10.187.220.199 is Local Area Connection 3.
----End
A.1.11 How Do I Manually Enable and Disable the FTP/SFTP

Service on a Server
Question
How do I manually enable and disable the FTP/SFTP service on a server?
Answer
l Enable and Disable the FTP service.
– Enable the FTP service.
i. Log in to the operating system with the ossuser rights.
ii. Access the D:\oss\server\3rdTools\ftp path and rename the
Start_Apache_ftp.bat script under the ftp folder. For example, change the
script name to Start_Apache_ftp_win.bat.
iii. Execute the Start_Apache_ftp_win.bat script.
NOTE
l The D:\oss\server\3rdTools\ftp path needs to be accessed if the U2000 is installed

in D:\oss. If the U2000 is not installed in D:\oss, change drive letter D in the
command line based on the actual situations.
l Enabling the uflight_dispatcher script causes the FTP service to be automatically
enabled. To prevent the the FTP service to be automatically enabled, you must
rename the Start_Apache_ftp.bat script.
l If the FTP service is enabled for the first time, you must rename the
Start_Apache_ftp.bat script, as described in Step 2. Renaming the
Start_Apache_ftp.bat script is not required later.
– Disable the FTP service.
i. Log in to the operating system with the ossuser rights.
ii. Access the D:\oss\server\3rdTools\ftp path and rename the
Uninstall_ftp_win.bat script under the ftp folder. For example, change the
script name to Uninstall_Apache_ftp_win.bat.
iii. Execute the Uninstall_Apache_ftp_win.bat script.

NOTE
l The D:\oss\server\3rdTools\ftp path needs to be accessed if the U2000 is installed

in D:\oss. If the U2000 is not installed in D:\oss, change drive letter D in the
command line based on the actual situations.
l Enabling the uflight_dispatcher script causes the FTP service to be automatically
enabled. To prevent the the FTP service to be automatically enabled, you must
rename the Uninstall_ftp_win.bat script.
l If the FTP service is disabled for the first time, you must rename the
Uninstall_ftp_win.bat script, as described in Step 2. Renaming the
Uninstall_ftp_win.bat script is not required later.
l Optional: Configure the SFTP service. The SFTP service needs to be configured only
when SFTP is used on a server where the U2000 is not installed.
The minasshd software is automatically installed along with U2000 installation. The
SFTP services is automatically installed, and the user ftpuser is automatically created
for the services.
– Starting the SFTP service
i. Log in to the System Monitor client as a system administrator account.
ii. Click the Service Monitor tab, right-click minasshd and choose Start the
Service from the shortcut menu to start the minasshd SFTP service.
– Stopping the SFTP service
i. Log in to the System Monitor client as a system administrator account.
ii. Click the Service Monitor tab, right-click minasshd and choose Stop the
Service from the shortcut menu to stop the minasshd SFTP service.
----End
A.1.12 How to Configure the minasshd Encryption Algorithm

Question
How do I configure the minasshd encryption algorithm?
Answer
Step 1 Log in to the Windows OS as the ossuser.
Step 2 Run the following command in the command line window to enter the directory of the script:
C:\Users>cd /d D:\oss\server\3rdTools\ftp\minasshd\modifyAlgorithm\
Step 3 Configure the minasshd encryption algorithm.

1. Run the following command to modify the script:
D:\oss\server\3rdTools\ftp\minasshd\modifyAlgorithm>python modifyminasshd.pyc
Start modify the mimasshd algorithms ......
System is win32
All mac_algorithms:
HMACSHA256;HMACSHA512;HMACSHA1;HMACMD5;HMACSHA196;HMACMD596
All cipher_algorithms: AES128CTR;TripleDESCBC;AES128CBC
Current configured mac_algorithms: Mac =

HMACSHA256;HMACSHA512;HMACSHA1;HMACMD5

;HMACSHA196;HMACMD596
Current configured mac_algorithms: Cipher = AES128CTR;AES128CBC;TripleDESCBC
Input Y or y to modify mac_algorithms, otherwise,exit the modification of

mac_al
gorithms.
:
NOTE
If the system prompts that the python command is not available, use the python of the U2000. To
access the python of the U2000, run D:\oss\server\3rdTools\ftp\minasshd\modifyAlgorithm and
D:\oss\server\3rdTools\python\bin\python.exe modifyminasshd.pyc in the command line
window.
2. The system prompts you whether to modify macs algorithms. Type y or Y and press
Enter. If you do not want to modify it, press Enter to skip. After you type y and press
Enter, the following information is displayed:
Please input mac_algorithms for minasshd separated by a ';'. For example:
HMACSHA256;HMACSHA512;HMACSHA1
:
After you type y and press Enter, the following information is displayed:
please input your modify MACs Algorithm with ';' separate
:
Enter the target mac_algorithms, It is recommended that
HMACSHA256;HMACSHA512;HMACSHA1 be entered and press Enter.
NOTE
Before selecting a secure algorithm, ensure that the system interconnected to the U2000 supports this
algorithm; otherwise, this system cannot connect to the U2000 server over minasshd.
3. The system prompts you whether to modify cipher_algorithms. Type y or Y and press
Enter. If you do not want to modify it, press Enter to skip.
Input Y or y to modify cipher_algorithms,otherwise,exit the modification of
cipher_algorithms.
:
After you type y and press Enter, the following information is displayed:
Please input cipher_algorithms for minasshd separated by a ';'. For example:
AES128CTR;AES256CTR
:
Enter the target cipher_algorithms, It is recommended that
AES128CTR;AES128CBC;TripleDESCBC be entered and press Enter.
NOTE
Before selecting a secure algorithm, ensure that the system interconnected to the U2000 supports this
algorithm; otherwise, this system cannot connect to the U2000 server over minasshd.
4. Check the configuration result. The configuration is successful is the following
information is displayed:
End modify the mimasshd algorithms, please restart minasshd in U2000 System
Monitor
Step 4 Open the System Monitor and restart the minasshd process for the new algorithms to take
effect.
----End
A.1.13 How to Change the Password for the Windows OS User

ossuser
Question
How to change the password for the Windows OS user ossuser?

Answer
Step 1 Perform the following operations:
l Log in to the Windows OS as ossuser to change the password:
a. Log in the operating system as the ossuser user.
b. Choose Start > Control Panel > User Accounts > Change your Windows
password > Change your password.
c. In the Change Your Password window, enter the old and new passwords of
ossuser and the new password again for verification, and click Change Password.
l Log in to the Windows OS as administrator to change the password:
a. Log in to the OS as administrator.
b. Choose Start > Control Panel > User Accounts > Add or remove user accounts
> ossuser > Change the password.
c. In the Change Password window, enter the new password of ossuser and the new
password again for verification, and click Change password.
NOTE
The rules for modifying a password are as follows:

n The password contains a minimum of 8 characters and a maximum of 30 characters.
n The password must contain four of the following combinations:
○ At least one special character ~!@#$%^&*()-_=+\|[{}];:"',<.>/?
n The password cannot be the same as the user name written in either the forward or
backward format.
Step 2 Choose Start > Run. In the Run dialog box, enter services.msc and click OK.
Step 3 In the Services window, right-click iMapService and choose Properties from the shortcut
menu.
Step 4 Click the Log On tab, enter Password and Confirm password values, and click OK.
----End

dbuser?
Question
How to change the password for the windows OS user dbuser?
Answer
Step 1 Perform the following operations:
l Log in to the Windows OS as dbuser to change the password:
a. Log in the OS as dbuser.

dbuser and the new password again for verification, and click Change Password.
b. Ensure that the SQL server database is started.
NOTE
n If the database is not started, manually start it; otherwise, the database cannot be logged
in to after the password is changed.
n If the dbuser password is changed in case the database is not started, logging in to the
SQL server database will fail. In this case, restore the original password, start the SQL
server database, and then change the dbuser password.
c. Choose Start > Control Panel > User Accounts > Add or remove user accounts
> dbuser > Change the password.
d. In the Change Password window, enter the new password of dbuser and the new
e. Choose Start > Run. In the Run dialog box, enter services.msc and click OK.
f. In the Services window, right-click SQL Server (MSSQlSERVER) and choose
Properties from the shortcut menu.
g. Click the Log On tab, enter Password and Confirm password values, and click
OK.
NOTE

n The password contains a minimum of 8 characters and a maximum of 30 characters.
n The password must contain four of the following combinations:
○ At least one special character ~!@#$%^&*()-_=+\|[{}];:"',<.>/?
n The password cannot be the same as the user name written in either the forward or
backward format.
----End

ftpuser
Question
How to change the password for the Windows OS user ftpuser?
Answer
l Log in to the Windows OS as ftpuser to change the password:
a. Log in the OS as the ftpuser user.

ftpuser and the new password again for verification, and click Change Password.
b. Choose Start > Control Panel.
c. In the Control Panel window, set View by to Category and click User Accounts.
d. In the User Accounts window, click Change your Windows password and then
click Manage another account.
e. In the Manage Accounts window, click ftpuser.
f. In the Change an Account window, click Change the password.
g. In the Change Password window, enter the new password of ftpuser and the new
NOTE

l The password contains a minimum of 8 characters and a maximum of 30 characters.
l The password must contain four of the following combinations:
l At least one lower-case letter
l At least one upper-case letter
l At least one digit
l At least one special character ~!@#$%^&*()-_=+\|[{}];:"',<.>/?
l The password cannot be the same as the user name written in either the forward or
backward format.
A.1.16 How Can I Manually Disable SSL and Start TLS

Question
How can I manually start TLE in the IE Explorer in the Windows OS?
Answer
Step 1 Start the IE Explorer, click Tools in the right corner, and select Internet Options.
Step 2 In the Internet Options dialog box displayed, select the Advanced tab. In Settings, deselect
Use SSL 2.0, Use SSL 3.0, Use TLS 1.0 and select Use TLS 1.1, Use TLS 1.2. See

.
Step 3 Click OK.
----End
A.1.17 How Do I Configure an Internet Explorer Browser as the

Default Browser on a Windows 10 OS
Question
How do I configure an Internet Explorer browser as the default browser on a windows 10 OS?
Answer
Step 1 Right-click and choose Control Panel from the shortcut menu. Then choose Program >
Set your default programs.

Step 2 In the Set Default Programs window, select Internet Explorer in Programs and click
Choose defaults for this program.
Step 3 In the Set Program Associations window, click Select All and Save.
Step 4 In the Set Default Programs window, click OK.
----End
A.2 SUSE Linux OS

This topic provides the FAQs occurred in the SUSE Linux OS.
A.2.1 How Do I Change the OS User Password?

Question
How do I change the OS user password?
Answer
l Method 1 (Log in to the OS as the user whose password needs to be changed and then
change the password):
a. Use PuTTY to log in to the OS as the user whose password needs to be changed, for
example, root or ossuser.
NOTE
l Method 1 uses the ossuser user as an example.

l The root/dbuser/webuser user cannot use SSH to log in to the OS. After security
hardening is enabled, change the root/dbuser/webuser user password by using Method
2.
b. Run the following command to set the OS user password:
$ passwd
c. Enter the current ossuser user password as prompted. The default password is
Changeme_123.
d. Enter a new password as prompted, for example, Changeme_123.
To ensure the security of the U2000, passwords must be complex enough. For
example, a password must contain eight or more characters of two types. The
allowed characters are digits, letters, and special characters. Remember to change
passwords regularly.
NOTE
Any character that you enter using the keyboard will be considered a password component,
including Backspace. For example, if you enter the string cBackspaceChangeme_123, the
password is cBackspaceChangeme_123, but not Changeme_123.
e. Enter the new password again as prompted. Press Enter to make the change take
effect.

NOTICE
After the new password takes effect, do not close the CLI.
Open another CLI and log in using the new password to verify the new password. If
the new password is correct, close all the CLIs. If the new password is incorrect,
repeat the preceding steps to change the password again.
l Method 2 (Change the passwords for other OS users, for example, iscript, as the root
user):
a. Log in to the OS.
n If security hardening is not performed, use PuTTY to log in to the OS as the
root user.
n If security hardening has been performed, perform the following operations to
log in to the OS:
1) Use PuTTY to log in to the OS as the ossuser user.
2) Run the following commands to switch to the root user:
$ su - root
b. Use PuTTY to log in to the OS as the root user.

c. Open the CLI and run the following command to set the OS user password:
# passwd OS user
For example, passwd ossuser.

d. Enter a new password as prompted, for example, Changeme_123.
To ensure the security of the U2000, passwords must be complex enough. For
example, a password must contain eight or more characters of two types. The
allowed characters are digits, letters, and special characters. Remember to change
passwords regularly.
NOTE
Any character that you enter using the keyboard will be considered a password component,
including Backspace. For example, if you enter the string cBackspaceChangeme_123, the
password is cBackspaceChangeme_123, but not Changeme_123.
e. Enter the new password again as prompted. Press Enter to make the change take
effect.
NOTICE
After the new password takes effect, do not close the CLI.
Open another CLI and log in using the new password to verify the new password. If
the new password is correct, close all the CLIs. If the new password is incorrect,
repeat the preceding steps to change the password again.
----End

A.2.2 How to Start/Stop the FTP/SFTP/Telnet Service in the SUSE

Linux OS
Question
How do I start/stop the FTP/SFTP/Telnet service in the SUSE Linux OS?
NOTE
Using SFTP is recommended, operations in this topic applies to the following scenarios:
l See operations in this topic on the U2000 server when files, such as the installation package and
license file, need to be uploaded to the U2000 server during U2000 installation.
l See operations in this topic on the SUSE Linux server before U2000 data is backed up or restored.
Answer
Step 1 Use the remote login software such as PuTTY to log in to the OS by means of SSH as the
root user.
NOTE
If the SetSuse policy has been enabled, you can log in to the OS only by means of SSH. Because after
the SetSuse policy has been enabled, only the SSH service for the ossuser user has the login right. The
PuTTY is recommended.
Run the following command to switch to the root user:
$ su - root
Enter a login password for the root user.
Step 2 Start and stop the FTP/SFTP (more secure, recommended)/Telnet service.
l Starting and stopping the FTP service:
– NMS is not installed, do as the following:
n Run the following command to start the FTP service:
# systemctl start vsftpd.service
n Run the following command to stop the FTP service:

# systemctl stop vsftpd.service
– NMS is installed, do as the following:

n Run the following command to start the FTP service:
1) Use the PuTTY to log in to the server as user ossuser in SSH mode.
2) Run the following command to set environment variables.
3) Run the following command to switch to user root.

$ su - root
Password: Password of root
4) Run the following command to disable plain FTP:

# /opt/sudobin/imap/ftp/files/setSSLForFtpSvr.sh enablePlainFtp
5) Run the following command to check whether the enabling is successful:

# grep force_local /etc/vsftpd.conf
Plain FTP is enabled if the following information is displayed:

force_local_logins_ssl=NO
force_local_data_ssl=NO
n Run the following command to stop the FTP service:

1) Use the PuTTY to log in to the server as user ossuser in SSH mode.
2) Run the following command to set environment variables.
3) Run the following command to switch to user root.

$ su - root
4) Run the following command to disable plain FTP:

# /opt/sudobin/imap/ftp/files/setSSLForFtpSvr.sh disablePlainFtp
5) Run the following command to check whether the disabling is successful:

Plain FTP is disabled if the following information is displayed:

force_local_logins_ssl=YES
force_local_data_ssl=YES
l Starting and stopping the SFTP (more secure, recommended) service:

– Run the following command to start the SFTP (more secure, recommended)
service:
# vi /etc/ssh/sshd_config
n If PAMAuthenticationViaKBDInt yes is displayed, add # to the beginning of

it to change it to #PAMAuthenticationViaKBDInt yes.
n Ensure that # is not displayed in front of UsePAM yes. That is, UsePAM yes
is displayed.
Run the :wq! command, save the settings, and exit.
# systemctl restart sshd.service
– Run the following command to stop the SFTP service:

# systemctl stop sshd.service
l Starting and stopping the Telnet service:

– Run the following command to start the Telnet service:
# chkconfig telnet on
# systemctl restart xinetd.service
– Run the following command to stop the Telnet service:

# chkconfig telnet off
# systemctl restart xinetd.service
----End
A.2.3 How to Enable and Disable the FTP Authority of the root
User in the SUSE Linux OS
Question
How to enable and disable the FTP authority of the root user in the SUSE Linux OS?
Answer
l The method of enable the FTP authority of the root user is as follow:
a. Log in to the SUSE Linux OS as the root user.
b. Run the vi /etc/ftpusers command to open the ftpusers file in the /etc directory.
Add the comment tag (#) to the beginning of the following line in the ftpusers file
to comment out this line:

root
c. Run the command wq! to save and close the ftpusers file.
l The method of disable the FTP authority of the root user is as follow:
a. Log in to the SUSE Linux OS as the root user.
b. Run the vi /etc/ftpusers command to open the ftpusers file in the /etc directory and
delete the comment tag (#) to the beginning of the following line in the ftpusers
file:
root
c. Run the command wq! to save and close the ftpusers file.
----End
A.2.4 How to Disable the SELinux Components
Question
The SELinux components are installed and enabled on U2000 server by default. How to
disable the SELinux when there is no requirements for SELinux to enhance Linux OS
security?
NOTICE
The following functions provided by SELinux will be disabled with the SELinux. Exercise
caution.
l Enables important resources such as trusted computing and key files to be accessed only
by related processes.
l Implements the minimum authorization for high-risk processes.
l Logs modification of key files.
l Modifies and upgrades security policies and protects security policy files.
Answer
Step 1 Log in to the U2000 server as the ossuser user.
Step 2 Run the following command to switch to the root user.

$ su - root
Step 3 Run the following command to disable the SELinux components.

1. Open the configuration file.
# vi /etc/selinux/config
2. Press i to enter the insert mode, then set the SELINUX to disabled.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
...
3. Press Esc, enter :wq, save and quit.

Step 4 Run the following command to restart the OS for the configurations to take effect.
$ sync;sync;sync;sync
$ shutdown -r now
Step 5 Log in to the U2000 server as the ossuser user, and check the result.
$ sestatus
When a message similar to the following, the SELinux components are disabled.
SELinux status: disabled
----End
A.2.5 How to manually Add the Default Route (SUSE Linux)
Question
How do I add the default route in the SUSE Linux OS?
Answer
Step 1 Log in to the system as user root.
Step 2 Open a terminal window.
Step 3 Run the following command in the CLI:

# vi /etc/sysconfig/network/routes
Step 4 Write the default route configurations into the /etc/sysconfig/network/routes file.
l Format:
default gateway IP address - -
NOTE
gateway IP address: network management IP address for the network on which the U2000 server
is located.
l Example:
default 10.9.1.254 - -
Step 5 Press Esc and run the command :wq to save and close the file.
Step 6 Run the following command to make the route take effect:
# systemctl restart network.service
Step 7 Run the netstat -nr command to view the default route of the system.
----End
A.2.6 How to manually Add a Static Route (SUSE Linux)
Question
How do I add a static route in the SUSE Linux OS?
NOTE
If a static route exists and a new static route needs to be added, use the MSuite to add a static route after
the U2000 is installed. Using yast2 to add a static route is prohibited to prevent several-second network
disconnection and service interruption.

Answer
Step 1 Log in to the system as user root.
NOTE
Step 2 Open a terminal window.
Step 3 Run the following command to view the existing routes in the system:
# netstat -nr
Step 4 Run the following command in the CLI:

Step 5 Write the static route configurations into the /etc/sysconfig/network/routes file.
l Format:
destination network segment address gateway IP address destination network
segment subnet mask
NOTE
– destination network segment address: The network segment of the IP address of the computer
connected to the U2000 server.
– gateway IP address: network management IP address for the network on which the U2000
server is located.
– destination network segment subnet mask: subnet mask of the network segment on which the
computer connected to the U2000 server is located.
l Example:
10.16.1.0 10.9.1.254 255.255.255.0
Press Esc and run the command :wq to save and close the file.
Step 6 Run the following command to make the route take effect:
# systemctl restart network.service
----End
A.2.7 How to Add a Static Route If the U2000 Is Installed
Question
How to add a static route after the U2000 is installed?
NOTE
If a static route exists and a new static route needs to be added, use the MSuite to add a static route after
the U2000 is installed. Using yast2 to add a static route is prohibited to prevent several-second network
disconnection and service interruption.
Answer
Step 1 Ensure that the MSuite servers on the primary and secondary sites have been started.
Run the following command as the root user to check whether the MSuite servers are started:

NOTE
# ps -ef | grep java
A message similar to the following will be displayed in the Solaris system:

...
root 16023 12635 0 16:53:09 pts/4 0:00 grep java
java -server -Dlanguage=zh -DoperationIp=10.61.33.2m
A message similar to the following will be displayed in the SUSE Linux system:
...
root 7593 7130 0 06:31 pts/7 00:00:00 grep java
ossuser 8937 12803 0 04:13 pts/8 00:00:42 /opt/oss/OSSJRE/jre_linux/bin
java -server -Dlanguage=en -Djdk.tls.ephemeralDHKeySize=2048 -
DoperationIp=127.0.0.1 -Xverify:all -Xms64m -Xmx512m -XX:MetaspaceSize=128m -
XX:MaxMetaspaceSize=256m -XX:CompressedClassSpaceSize=256m -
XX:MinHeapFreeRatio=40 -XX:MaxHeapFreeRatio=70 -XX:+UseParNewGC -XX:
+UseConcMarkSweepGC -Dengr.launcher.file=engineering/conf/launch/
deploysever_launcher.xml -Dequinox.conf=engineering/conf/equinox.ini -
Dos.native.path=engineering/lib -DCoreFramework.logFilePath=engineering/conf/
loggerservice_Server.cfg -Djava.library.path=engineering/lib/linux -
Drunway=maintenance -DautoLogin=true -DinstallDiskMode=cmd -DinstallType=server -
classpath engineering/lib/Launcher.jar:engineering/lib/equinox.jar
com.oss.core.launcher.Launcher...
NOTE
If the displayed information contains /opt/oss/OSSJRE/jre_sol/bin/java -server in the Solaris system
and /opt/oss/OSSJRE/jre_linux/bin/ java -server in SUSE Linux system, the MSuite servers have been
started.
If the MSuite servers have not been started, switch to the ossuser and run the following
commands as the root user to start the MSuite servers:
# su - ossuser
$ ./startserver.sh
Step 4 Right-click the target server and choose Configure Route from the shortcut menu. The
Configure Route dialog box is displayed.
Step 5 In the dialog box that is displayed, click Add or Delete according to actual route conditions to
configure the route.
NOTICE
Before adding a route, ensure that the server and the router are directly connected. Otherwise,
the route cannot be took effect immediately.

For example, the procedure for adding a route from a client (IP address: 10.70.73.77) to a
server (IP address: 10.71.224.12) is as follows, with the IP address of the intermediate router
being 10.71.224.1:
1. Ensure that the server and the router are directly connected.
2. Click Add. Set Destination to 10.70.73.0, Subnet Mask to 255.255.255.0, and
Gateway to 10.71.224.1.
Step 6 Click OK.
Step 7 After the configurations are complete, run the netstat -nr command to view route
configurations.
----End
A.2.8 How to Check the Remaining Space of a Disk

Question
How do I check the remaining space of a disk?
Answer
Run the df -hk command to check the remaining space of a disk.
For example, run the df -hk /opt command to check the remaining space of the /opt partition.

A.2.9 How to Monitor System Processes and Application Ports

Question
How to monitor system processes and application ports after the SUSE Linux OS is installed?
Answer
l Choose Computer > More Applications > System > GNOME System Monitor to
manage processes.
l Opens the terminal, use ps -ef | grep process name command to view processes. You can
run the vmstat or top command to view the usage of the CPU, memory, and I/O bus.
A.2.10 How to Enable Remote GUI Logins

Question
What should I do when I fail to log in to the SUSE Linux OS through the remote login tools?
Answer
Step 1 Log in to the SUSE Linux OS as user root through remote login software or the Windows OS
CLI.
Step 2 Run the following command in the terminal window:
# yast remote allow set=yes
# rcxdm restart
Step 3 Use the remote login tools to log in to the U2000 server again.
----End
A.2.11 How to Query the Process Status

Question
How do I query the process status?
Answer
Run the ps -ef | grep process name command to query the process status.
For example, run the ps -ef | grep sysmonitor command to query the status of the sysmonitor
process. The following message will be displayed:
ossuser 17156 17032 0 22:13:59 pts/3 0:00 grep sysmonitor
l imap_sysmonitor indicates information about the process, where 11972 is the process
ID.
NOTE
Process information will be displayed if the process is running.

l grep sysmonitor indicates the query operation performed by the user and can be
ignored.

A.2.12 How to Forcibly End a Process
Question
How do I forcibly end a process?
Answer
Run the kill -9 process ID command to forcibly end a process.
A.2.13 How to Use the vi Editor
Question
How do I use the vi editor?
Answer
Run the following command to open the vi editor:
vi file name
l If a file with the same filename exists, run the vi command to open and edit the file.
l If a file with the same filename does not exist, run the vi command to create and edit a
file.
The edit commands are as follows:

l The command for opening the vi editor is as follows:
vi file name
l The command for entering the command mode is as follows.
Command Function
ESC Press ESC to exit the text input mode and enter the
command mode.
l The commands for inserting text are as follows (must be run in command mode).
Command Function
a Appends text at the cursor (append).
A Appends text at the end of the line where the cursor

locates.
i Adds text in front of the cursor (insert).
I Adds text to the front of the first non-null character in the

line where the cursor locates.
o Adds text at the beginning of the next line where the cursor
locates (open).

Command Function
O Adds text at the beginning of the previous line where the

cursor locates.
l The commands for moving the cursor are as follows (must be run in command mode).
Command Function
h Moves the cursor to the left.
j Moves the cursor downwards.
k Moves the cursor upwards.
l Moves the cursor to the right.
Line number G Moves the cursor to a specified line. For example, 1G

moves the cursor to the first line.
G Moves the cursor to the end of the file.
l The commands for deleting texts are as follows (must be run in command mode).
Command Function
x Deletes the character where the cursor is located.
dd Deletes the line where the cursor is located.
l The commands for quitting the vi editor are as follows and must be run in command
mode. You are recommended to press ESC before running any command listed in Table
A-1.
Table A-1 Commands for quitting the vi editor

Command Function
:wq Saves changes and quits the vi editor.
:q Quits the vi editor without saving changes.
:q! Forcibly quits the vi editor without saving changes.
:w Saves changes without quitting the vi editor.
A.2.14 How to Change the Time and Time Zone of the SUSE
Linux OS
Question
How to change the time and time zone of a SUSE Linux OS where the U2000 is not installed
yet?

NOTE
For how to change the time and time zone of a SUSE Linux OS after the U2000 has been installed, see C.4.1
Setting the System Time and Time Zone.
Answer
Step 1 Log in to the graphical desktop system of the SUSE Linux OS as the root user.
Step 2 Open the CLI and run the following command to start the YaST2 control center.
# yast2
Step 3 Choose System > Date and Time.
Step 4 In the dialog box that is displayed, set the area and time zone.

Step 5 To change the time, click Change. In the dialog box that is displayed, set the date and time,
and then click Accept.
Step 6 Click OK.
Step 7 Run the following commands to restart the OS. It takes approximately 5 to 8 minutes to
restart the system.
# shutdown -r now
Step 8 Optional: For Suse OS, ensure that the time and time zone has been correctly modified after
restart the OS, or run the following commands.
1. Run the following commands to synchronize the hardware time.
# . /etc/sysconfig/clock
# /sbin/hwclock --systohc $HWCLOCK
2. Run the following commands to synchronize time zone information to initrd.

# mkinitrd
3. Run the following commands to restart the OS. It takes approximately 5 to 8 minutes to
restart the system.
# shutdown -r now
----End

A.2.15 How to Use the VNC to Remotely Log In to SUSE Linux by

Retaining the Session
Question
How do I use the VNC to remotely log in to SUSE Linux?
Answer
The virtual network computing (VNC) is a component of SUSE Linux. It is a typical thin
client software. The graphics processor service runs on the server and multiple instances can
be created.
l Advantage: A remote computer can access the server using the Internet Explorer. If the
connection is torn down, the desktop can be held by logging in with the same user name
and port number. The remotely run applications will not be interrupted due to the
network disconnection.
l Disadvantage: The shortcut options in the VNC window conflicts with those on the
Windows and applications. As a result, some shortcut options are unavailable in the
VNC window. Table A-2 shows the usage of the commonly seen shortcut options in the
VNC window.
NOTE
l It is recommended that you log in to the OS in SSH (recommended) or Telnet mode, instead of the
Java desktop mode. Then run the commands to enable the VNC services.
l The VNC service is automatically disabled after the OS is restarted to ensure the security of the
U2000. To use the VNC to remotely log in to SUSE Linux, reconfigure the VNC service.
l The VNC can be configured and used on NM, EM, and IS nodes in a distributed system.
l Before installing U2000, the scripts to enable and disable VNC is in the /opt/install/OSSICMR/
tools/VNC directory. After preconfiguring the OS, the scripts to enable and disable VNC is in
the/opt/sudobin/engr/tools/VNC directory. The following example describes how to use the VNC
after preconfiguring the OS.
l If log in to SUSE Linux 12 os, make sure the local PC with JRE 1.7 or later installed.
l Configure the VNC service as the root user.
a. Use the PuTTY tool to log in to the server as a root user.
b. Optional: Run the following command as user root to set the password for user
root to log in to the VNC. If the VNC login password for user root already exists or
is known, skip this step.
# vncpasswd
i. Enter the password in Password: as prompted and press Enter.

NOTE
An example password is Admin123. A password must consist of 6 to 8 characters. All

characters entered using the keyboard, except the Enter key, will be considered as
password components. Excessive characters will be automatically discarded.
Passwords must be complex enough to ensure the security of the U2000. For example,
a password must contain six or more characters of two types. The allowed characters
are digits, uppercase and lowercase letters, and special characters. Remember to
change passwords regularly and remember the new password.
ii. Enter the password in Verify: as prompted and press Enter.

NOTE
Enter the same password again. The system begins to check whether the passwords are
the same. If so, the password is set successfully. If not, set the password again.
Would you like to enter a view-only password (y/n)?
iii. Enter n and press Enter.

NOTE
l Remember the password that will be used for VNC login as user root.
l If the password is forgotten, log in to the OS as user root, run the vncpasswd command,
and set a new password according to the message.
c. Run the following commands to enable the VNC services.
NOTICE
After uploading and decompressing the preconfigured component package and
before running the script to preconfigure the OS, the scripts to enable and disable
VNC is in the in the /opt/install/OSSICMR/tools/VNC directory.
After preconfiguring the OS, the scripts to enable and disable VNC is in the in
the /opt/sudobin/engr/tools/VNC directory.
# cd /opt/sudobin/engr/tools/VNC
# sh start_vnc_root.sh
If the command output contains successfully, the VNC service corresponding to the
root user is started. The port ID is 5802 for the root user.

NOTE
l During operations on the GUI, do not close the PuTTY dialog box. Otherwise, the
connection to the VNC client becomes abnormal. If the PuTTY dialog box is closed,
refer to this FAQ to reconfigure the VNC service.
l If a message is displayed asking you to set the password, run the vncpasswd command
as the root user to set the password.
l If information similar to the following is displayed:
The vnc for root is already running and port is 2.
Run the following commands to stop the VNC service and close the port:
# sh stop_vnc_root.sh
# su - ossuser
$ vncserver -kill :2
$ exit
Run command sh start_vnc_root.sh to start the VNC service for the root user.
start vncserver :2 failed
Run the following commands to enable the VNC services.
# vncserver :2
Warning: X3650-SEC1:2 is taken because of /tmp/.X11-unix/X2
Remove this file if there is no X server X3650-SEC1:2
A VNC server is already running as :2
X3650-SEC1 is the server name.
Run ps -ef |grep vnc to check whether the VNC service corresponding to the root user
has started.
l If no information is displayed, the VNC service corresponding to the root user has
not started.
Run cd /tmp. If the .X2-lock file exists, run rm .X2-lock to delete the .X2-lock
file.
Run cd /tmp/.X11-unix. If the X2 file exists, run rm X2 to delete the X2 file.
Repeat Step 3 to start the VNC service for the root user.
l If information is displayed, the VNC service corresponding to the root user has
started.
d. Perform the following operations to create an SSH tunnel so that the
communication between the server and VNC client is more secure. In the following
example, the PuTTY is saved in the D:\PuTTY path and the server IP address is
10.9.1.1.
i. On a PC or laptop, choose Start > Run. In the dialog box that is displayed,
enter cmd to open a CLI.
ii. Run the following command to navigate to the path where the PuTTY is
located:
C:\> cd /d D:\PuTTY\
iii. Run the following command to create an SSH tunnel for the root user:
D:\PuTTY> putty -L 5902:localhost:5902 -L 5802:localhost:5802
10.9.1.1
NOTE
l Do not replace localhost with an IP address or a host name in the preceding

command.
l Establish a connection with the server. In the PuTTY Security Alert dialog box,
click Yes to confirm the connection to the server.
l 10.9.1.1 specifies the server IP address.
iv. In the PuTTY dialog box, enter the user name and password of the root user.
The SSH tunnel for the root user is created.

NOTE
l During operations on the GUI, do not close the PuTTY dialog box. Otherwise, the
connection to the VNC client becomes abnormal. If the PuTTY dialog box is
closed or SSH tunnel is disconnected due to an exception, refer to this FAQ to
reconfigure the VNC service.
l If the security hardening policy is enabled on the system, enter the user name and
password of the ossuser user in the PuTTY window to complete the creation of
the SSH tunnel.
e. Open the Internet Explorer of a PC or laptop. Enter http://localhost:5802 in the
address bar. Then press Enter.
NOTE
If a message is displayed indicating that the application is prohibited to run, choose Start >
Control Panel and click Java. In the Java Control Panel dialog box, click the Security tab,
Edit Site List, and Add, and enter http://localhost:5802. Click OK, Continue, and then
OK. Restart the Internet Explorer and enter http://localhost:5802 in the address bar.
f. Enter the password and click OK to access SUSE Linux.
NOTICE
l The VNC cannot be used to connect a PC or laptop to multiple SUSE Linux
servers. If the VNC needs to be used to connect to another server, you must shut
down the server connected to the PuTTY and then refer to the FAQ to
reconfigure the VNC connected to the server. The new VNC connected to the
SUSE Linux server overwrites the previous VNC connected to the SUSE Linux
server. To reuse the previous VNC, refer to this FAQ to reconfigure this VNC.
l After the GUI process is completed, run the following command to shut down
the VNC service in order to ensure security:
If the command output contains successfully, the VNC service corresponding to

the root user is stopped.
l If the VNC needs to be used again, refer to this document to configure the VNC.
l Configure the VNC service as the ossuser user.

a. Use the PuTTY tool to log in to the server as an ossuser user.
b. Optional: Run the following command as user ossuser to set the password for user
ossuser to log in to the VNC. If the VNC login password for user ossuser already
exists or is known, skip this step.
$ vncpasswd
i. Enter the password in Password: as prompted and press Enter.

NOTE
An example password is Admin123. A password must consist of 6 to 8 characters. All

characters entered using the keyboard, except the Enter key, will be considered as
password components. Excessive characters will be automatically discarded.
Passwords must be complex enough to ensure the security of the U2000. For example,
a password must contain six or more characters of two types. The allowed characters
are digits, uppercase and lowercase letters, and special characters. Remember to
change passwords regularly and remember the new password.

ii. Enter the password in Verify: as prompted and press Enter.

NOTE
Enter the same password again. The system begins to check whether the passwords are
the same. If so, the password is set successfully. If not, set the password again.
Would you like to enter a view-only password (y/n)?
iii. Enter n and press Enter.

NOTE
l Remember the password that will be used for VNC login as user ossuser.
l If the password is forgotten, log in to the OS as user ossuser, run the vncpasswd
command, and set a new password according to the message.
c. Run the following commands to enable the VNC service for the ossuser user.
$ su - root
# sh start_vnc_oss.sh
ossuser user is started. The port ID is 5803 for user ossuser.
NOTE
l If a message is displayed asking you to set the password, run the vncpasswd command
as the ossuser user to set the password.
The vnc for ossuser is already running and port is 3.
Run the following commands to stop the VNC service and close the port:
# sh stop_vnc_oss.sh
# vncserver -kill :3
Run command sh start_vnc_oss.sh to start the VNC service for the ossuser user.
start vncserver :3 failed
Run the following commands to enable the VNC service.
# vncserver :3
Warning: X3650-SEC1:3 is taken because of /tmp/.X11-unix/X3
Remove this file if there is no X server X3650-SEC1:3
A VNC server is already running as :3
X3650-SEC1 is the server name.
Run ps -ef |grep vnc to check whether the VNC service corresponding to the ossuser
user has started.
l If no information is displayed, the VNC service corresponding to the ossuser user
has not started.
Run cd /tmp. If the .X3-lock file exists, run rm .X3-lock to delete the .X3-lock
file.
Run cd /tmp/.X11-unix. If the X3 file exists, run rm X3 to delete the X3 file.
Repeat Step 3 to start the VNC service for the ossuser user.
l If information is displayed, the VNC service corresponding to the ossuser user has
started.
d. Perform the following operations to create an SSH tunnel for the ossuser user so
that the communication between the server and VNC client is more secure. In the
following example, the PuTTY is saved in the D:\PuTTY path and the server IP
address is 10.9.1.1.

located:
C:\> cd /d D:\PuTTY\
iii. Run the following command to create an SSH tunnel for the ossuser user:
D:\PuTTY> putty -L 5903:localhost:5903 -L 5803:localhost:5803
10.9.1.1
NOTE
l Do not replace localhost with an IP address or a host name in the preceding

command.
l 10.9.1.1 specifies the server IP address.
iv. In the PuTTY dialog box, enter the user name and password of the ossuser
user. The SSH tunnel for the ossuser user is created.
NOTE
During operations on the GUI, do not close the PuTTY dialog box. Otherwise, the
connection to the VNC client becomes abnormal. If the PuTTY dialog box is closed or
SSH tunnel is disconnected due to an exception, refer to this FAQ to reconfigure the
VNC service.
NOTE
If a message is displayed indicating that the application is prohibited to run, choose Start >
Edit Site List, and Add, and enter http://localhost:5803. Click OK, Continue, and OK,
restart the Internet Explorer, and enter http://localhost:5803 in the address bar.
f. Enter the password and click OK to access SUSE Linux.
NOTICE
l The VNC cannot be used to connect a PC or laptop to multiple SUSE Linux
servers. If the VNC needs to be used to connect to another server, you must shut
down the server connected to the PuTTY and then refer to the FAQ to
reconfigure the VNC connected to the server. The new VNC connected to the
SUSE Linux server overwrites the previous VNC connected to the SUSE Linux
server. To reuse the previous VNC, refer to this FAQ to reconfigure this VNC.
$ su - root

the ossuser user is stopped.
If you still cannot use the VNC on a PC or laptop to log in to the server after the VNC is
configured, perform the following operations to locate the fault:

a. Check whether the VNC port is occupied.

For a root user, the VNC port is 5802. For an ossuser user, the VNC port is 5803.
For the U2000 V100R008SPC300 or later, port forwarding must be configured on
Windows. VNC ports may be occupied.
On a PC or laptop running on Windows, if a root user cannot use the VNC to log in
to the server, run the netstat -a |findstr 5802 command to check whether the VNC
port is occupied. If an ossuser user cannot use the VNC to log in to the server, run
the netstat -a |findstr 5803 command to check whether the VNC port is occupied.
The following information is displayed (a root user is used as an example)
TCP 127.0.0.1:5802 SZXY1X001776702:0 LISTENING
If the command output contains 5802 and LISTENING, port 5802 is occupied. For
an osssuer user, check whether the command output contains 5803 and
LISTENING.
If the VNC port is occupied, shut down all in-use VNCs on the current PC or
laptop. Verify that no user is using the VNC on the PC or laptop running on
Windows.
b. If the problem persists, close all IE web browsers and restart the IE.
c. If the problem still exists after the IE is restarted, restore the IE to default
configurations, if applicable. To restore the IE to default configurations, choose
Tools > Internet Options > Advanced > Restore Defaults. If the Internet Explorer
cannot be reconfigured, try another browser, PC, or laptop.
Table A-2 Usage of commonly seen shortcut options in the VNC window
Scenar Availabil Shortcut Description

io ity Option/
Operation
Shortcu Unavailabl The Tab key NOTE

t e cannot be used If the Tab key is incorrectly used, no
information can be entered in the CLI. You
options for the path
must click in the CLI before entering
on the association information.
VNC function.
CLI
Available Ctrl + a Start position
Ctrl + e End position
Ctrl + k Deleting all contents from the cursor to the

end
Ctrl + u Deleting all contents from the start to the

cursor
Ctrl + d Deleting a command line. After a common

line is deleted, the CLI will be shut down
Ctrl + l Clearing the screen
Shift + Home Copying characters in the selected area
Shift + Insert Pasting the content in the VNC window


io ity Option/
Operation
Shortcu Unavailabl Contents You can only enter information in the

t e outside the VNC window or upload it to the VNC
options VNC window window.
for cannot be
operatio copied or pasted
ns not into the VNC
on the window.
VNC
CLI, The Ctrl + Alt You can only click the button on the left-
such as +U right corner to unlock a client.
operatio combination
ns on cannot be used
the file, to unlock a
window client.
, and Available Alt + F1 Opening the main menu
menu
Alt + F9 Minimizing the current window
Alt + F10 Maximizing the current window
Ctrl + c Copying the content
Ctrl + v Pasting the content in the VNC window
Table A-3 VNC FAQs and solutions

No. Description Solution
1 A user fails to run The VNC has been running for a long time
commands in the without being restarted, resulting in environment
CLI after logging variable failures. To resolve this problem, restore
in to the GUI the environment variables and run the related
through the VNC. commands.
Restore the environment variables:
1. Log in to the GUI as the root user.
2. Run the following commands to restore
environment variables:
# . /.profile-EIS

2 If the VNC service There is a low probability that this issues occurs
has been running if the VNC service has been running for a certain
for a long period period of time. If this issue occurs, restart the
of time, the GUI VNC service as the root or ossuser user.
desktop may stop
responding when a
user logs in to the
GUI desktop in
vnc mode.
3 A JRE version's Perform the following operations to rectify the

upgrade to 1.8 fault:
triggers a Linux 1. Delete the VNC cache.
OS bug, causing a
failure to access a. Choose Start > Control Panel and click
the VNC. Java.
b. In the Java Control Panel window, click
shows the the General tab.
displayed c. Click View. In the Java Cache Viewer
message. dialog box, click Resources in the
Display area.
d. Delete all records with the name of
VncViewer.jar.
e. Log in to the VNC again.
2. Optional: If the login still fails, the mapping
Linux OS patch is not installed after an
U2000 upgrade. In this case, perform either
of the following operations to avoid this
issue:
l Install the mapping Linux OS patch on the
U2000 server.
l Uninstall JRE 1.8, install JRE 1.6 or 1.7
on a windows computer, and see Step 1 to
delete the VNC cache.
4 A message is Uninstall JRE 1.8, install JRE 1.6 or 1.7 on a

displayed windows computer.
indicating that
application
blocked for
security. Failed to
validate
certificate,the
application will
not be executed.
----End

A.2.16 How to Set IP Addresses for Unused NICs on SUSE Linux
Question
How do I set IP addresses for unused NICs on a workstation after a SUSE Linux OS is
installed?
Answer
NOTICE
l Using the Yast2 to set IP addresses is not recommended because intermittent network
disconnection may occur and the NMS may fail to function properly.
l The IP address cannot be located in a network segment on which the IP addresses of some
used network interfaces are located. Otherwise, a network fault occurs.
Step 1 Log in to the OS as the root user.
Step 2 Perform the following operations to query the IP addresses of used network interfaces:
1. Run the following commands to query network interface configurations:
# cd /etc/sysconfig/network
# ls

config ifcfg-eth3 ifcfg.template
dhcp ifcfg-eth-id-34:40:b5:b1:11:08 if-up.d
ifcfg-bond0 ifcfg-lo providers
ifcfg-eth0 ifcfg.template routes
ifcfg-eth1 if-down.d routes.YaST2save
ifcfg-eth2 ifroute-lo scripts
NOTE
– If the command output contains information similar to ifcfg-bond0, bond has been configured
for the network interface. Perform Step 2.2 to view the IP address of the used network
interface.
– If the command output contains information similar to ifcfg-eth-id-34:40:b5:b1:11:08, bond
has not been configured for the network interface. Perform Step 2.3 to view the IP address of
the used network interface.
2. Optional: If bond has been configured for the network interface, run the following
command to view the IP address of the used network interface:
# cat ifcfg-bond0

BOOTPROTO='static'
BROADCAST='10.9.1.255'
IPADDR='10.9.1.1/24'
NETMASK='255.255.255.0'
STARTMODE='auto'
BONDING_MASTER='yes'
BONDING_MODULE_OPTS='mode=1 miimon=100 use_carrier=1'
BONDING_SLAVE0='eth1'
BONDING_SLAVE0='eth3'
PREFIXLEN='24'

NOTE
The value 10.9.1.1/24 of the IPADDR parameter is the IP address of network interface bond0.
Record the value. If information similar to ifcfg-bond0 is displayed, repeatedly perform Step 2.2
and record the IP address.
3. Optional: If bond has not been configured for the network interface, run the following
command to view the IP address of the used network interface:
# cat ifcfg-eth-id-34:40:b5:b1:11:08

BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='10.9.1.2/24'
MTU=''
NETWORK=''
......
NOTE
The value 10.9.1.2/24 of the IPADDR parameter is the IP address of network interface
34:40:b5:b1:11:08. Record the value. If information similar to ifcfg-eth-id-34:40:b5:b1:11:08 is
displayed, repeatedly perform Step 2.3 and record the IP address.
Step 3 Run the following operation to configure the IP address for the network interfaces that are not
used in the SUSE Linux OS.
1. Run the following command to start the AddIPForSuse.sh script:
# cd /opt/oss/engr/engineering/tool/OSSICMR/tools
# ./AddIPForSuse.sh

The NICs available in the local server are as follows:
-------------------------------------------
1 eth1
2 eth2
3 eth3
-------------------------------------------
Please enter a number to select the system NIC[1-3]:
The NICs available in the local server are as follows:
-------------------------------------------
1 eth1
-------------------------------------------
Please enter a number to select the system NIC[1-1]:
NOTE
The network interfaces displayed in the preceding command output are not configured.
2. Enter a network interface number. For example eth2eth1, enter 21 and press Enter.
Please input the IP address:
3. Enter an IP address, such as 10.78.225.28, for the network interface eth2eth1. Then
press Enter.
Please input the subnet mask:
NOTE
The IP address cannot be located in the same network segment as a recorded IP address.
Otherwise, a network fault occurs.
4. Enter the subnet mask of the network segment on which the IP address resides, such as
255.255.255.0. Then press Enter.
Please input the hostname:

5. Enter a host name, such as hostname01, for the IP address. The host name must be
unique. Then press Enter.
Configured the NIC successfully.
NOTE
If the preceding information is displayed, the IP address of the eth2eth1 network interface is
configured successfully. To configure IP addresses for other network interfaces, repeat Step 3.
Step 4 Run the following commands to restart the OS to make the configurations take effect.
# shutdown -r now
----End
A.2.17 How to Capture Snapshots on SUSE Linux

Question
How do I capture snapshot on SUSE Linux?
Answer
l Method 1: Use the keyboard.
a. Press Print Screen.
b. Rename the file and click Save.
l Method 2: Use commands.

a. In the CLI, run the gnome-panel-screenshot command.
b. Rename the file and click Save.
----End

A.2.18 How to Check Whether Bond Is Configured
Question
How do I check whether bond is configured?
Answer
l Method 1:
a. Use the remote GUI software to log in to the server as the root user.
b. On the desktop, right-click and choose Open Terminal from the shortcut menu to
display a CLI.
c. Run the following command to log in to the YaST2 Control Center.
# yast2
d. In the YaST2 Control Center dialog box, choose Network Devices > Network
Card.
e. In the Network Setup Method dialog box, select Traditional Method with ifup
and click Next.
f. The Network Card Configuration Overview dialog box is displayed.
NOTE
If bond is configured, the Bond Network option is available. If bond is not configured, the Bond
Network is unavailable.
l Method 2:
a. On the CLI, run the following command:
# ifconfig -a

bond0 Link encap:Ethernet HWaddr 5C:F3:FC:09:24:DC
inet addr:10.71.224.142 Bcast:10.71.225.255 Mask:
255.255.254.0
inet6 addr: fe80::5ef3:fcff:fe09:24dc/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:3385744 errors:0 dropped:0 overruns:0 frame:0
TX packets:3303126 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3205764595 (3057.2 Mb) TX bytes:3327903135 (3173.7
Mb)
NOTE
If bond is configured, the command output contains bond0.
----End

A.2.19 How to Configure the Resolution on SUSE Linux

Question
How do I configure the resolution on SUSE Linux?
Answer
Step 1 Log in to the GUI of the SUSE Linux OS as the root user.
Step 2 Open a CLI and run the following command to start the YaST2 control center:
# yast2
Step 3 Choose Hardware > Graphics Card and Monitor.
NOTE
If the Automatic Graphics System Setup dialog box is displayed, click Change Configuration.
Step 4 In the SaX2: X11 Configuration dialog box, click Change to modify the monitor properties.

Step 5 In the Monitor Settings dialog box, choose VESA. Select the resolution to be modified based
on the monitor size and individual habit. The commonly used resolution is 1024×768@60HZ.
NOTE
The IBM server does not support the resolution of 16:10, for example, 1440×900.

Step 6 Click OK. The SaX2: X1 Configuration dialog box is displayed.

NOTE
The newly configured resolution is displayed in Resolution. You can click it to modify the resolution too.
The resolution value should be less than or equal to the resolution set for Monitor.
Step 7 Click OK. The Message dialog box is displayed.
Step 8 Click Test. The XFine2 dialog box is displayed.
Step 9 If no error is displayed during the test, click Save. The Message dialog box is displayed.
Step 10 Click Yes.

Step 11 Run the following commands to restart the OS to make the configurations take effect. The
restart process takes about 5 to 8 minutes.
# shutdown -r now
----End
A.2.20 How to Install the 7-zip Software on the SUSE Linux OS
Question
How do I install the 7-zip software on the SUSE Linux OS?
Answer
Step 1 Download the 7-zip software package p7zip_9.20.1_src_all.tar.bz2 from http://
sourceforge.net/projects/p7zip/.
Step 2 Use SFTP to upload the 7-zip software package to the /opt directory on the server as the root
user. For details about how to use SFTP to upload the software package, see A.2.30 How to
Use the FileZilla to Transfer Files by SFTP.
Step 3 Use Telnet or SSH to log in to the server as the root user. The SSH mode is recommended
because it is more secure.
Step 4 Switch to the path where the software package is stored and assign permissions to the
software package.
# cd /opt
# chmod 750 /opt/p7zip_9.20.1_src_all.tar.bz2
Step 5 Decompress the 7-zip software package.

# tar jxvf p7zip_9.20.1_src_all.tar.bz2
Step 6 Navigate to the p7zip_9.20.1 directory.

# cd p7zip_9.20.1
Step 7 Compile the software package.

# make && make install
Step 8 Create the 7z link file.

# cd /usr/local/bin
# ln -s 7za 7z
Step 9 Add /usr/local/bin/ to the environment variable PATH.

1. Open the /etc/profile file.
# vi /etc/profile
2. Use up and down arrow keys to search for statements similar to the following:
PATH=/sbin:/usr/sbin:/usr/local/sbin:$PATH
3. Add /usr/local/bin/ to the environment variable PATH. For details about using the vi
editor, see A.2.13 How to Use the vi Editor.
After the operation is performed, information similar to the following is displayed:
PATH=/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin/:$PATH
4. Press Esc and run the :wq command to save the /etc/profile file and exit from the Vi
editor.

Step 10 Check whether the 7-zip software is installed successfully.
Run the following command:

# 7z
If the 7z Help information is displayed, the 7-zip softawre is installed successfully.
----End
A.2.21 How to Enable the File Change Audit Function on SUSE

Linux OS
Question
To ensure system security, the SUSE Linux OS supports the file change audit function that
can record relevant file change information. How do I enable the file change audit function on
SUSE Linux OS?
Answer
NOTICE
Enabling the file change audit function of the SUSE Linux OS may affect the system space
occupation and system performance. It is advised not to enable the function.
In an HA system, perform the following operations on the primary and secondary sites:
l If no security hardening is performed on the OS, perform the following operations:

a. Log in to the OS as the root user.
b. Run the following command to query whether the auditd service is running:
# service auditd status

Active: active (running) since ......
NOTE
l If information like active (running) is displayed, the auditd service is running.

l If no information like active (running) is displayed, the auditd service is not running.
Contact Huawei engineers for a solution.
c. Run the following command to query the configured audit rules of the system:
# auditctl -l

No rules
NOTE
The preceding information indicates that no audit rules have been configured.
d. Run the following command to create audit rules for the relevant U2000 directory
or file to be audited. The following uses the /opt/oss/engr directory as an example:
# auditctl -w /opt/oss/engr -p wa

NOTE
l /opt/oss/engr is the directory to be audited.

l The directory and file to be audited must be minimized.
e. Run the following command to query whether the audit rules of the /opt/oss/engr
directory are created:
# auditctl -l

LIST_RULES: exit,always dir=/opt/oss/engr (0x8) perm=wa
NOTE
The preceding information indicates that the audit rules of the /opt/oss/engr directory have
been created. The OS will audit the permission changes of files in the /opt/oss/engr
directory.
f. Run the following command to enable the creation of the audit rules of the /opt/oss/
engr directory to take effect:
# auditctl -e 1

AUDIT_STATUS: enabled=1 flag=1 pid=4091 rate_limit=0 backlog_limit=320
lost=7 backlog=0
NOTE
To query the audit log and learn the detailed file change information, run the ausearch -
f /opt/oss or /var/log/audit/audit.log command. For details, see the SUSE Linux OS
documentation. For example, https://www.suse.com/documentation/.
g. Optional: To delete the audit rules of the /opt/oss/engr directory, perform the
i. Run the following command to delete the audit rules of the /opt/oss/engr
directory:
# auditctl -W /opt/oss/engr -p wa
NOTE
/opt/oss/engr is the directory to be audited.
ii. Run the following command to query whether the audit rules of the /opt/oss/
engr directory are deleted:
# auditctl -l

No rules
NOTE
If no information like LIST_RULES: exit,always dir=/opt/oss/engr (0x8) perm=wa
is displayed, the audit rules of the /opt/oss/engr directory have been deleted.
iii. Run the following command to enable the deletion of the audit rules of
the /opt/oss/engr directory to take effect:
# auditctl -e 1
The displayed information is similar to the following:

AUDIT_STATUS: enabled=1 flag=1 pid=4091 rate_limit=0
backlog_limit=320 lost=7 backlog=0
l If security hardening is performed on the OS, perform the following operations:

b. Run the following command to switch to the root user:
$ su - root
Enter the password for the root user.

c. Run the following command to query whether the auditd service is running:
# service auditd status

NOTE
l If information like active (running) is displayed, the auditd service is running.

l If no information like active (running) is displayed, the auditd service is not running.
Contact Huawei engineers for a solution.
d. Run the following command to query existing audit rules:
# auditctl -l

LIST_RULES: exit,always arch=3221225534 (0xc000003e) key=time-change
syscall=adjtimex,settimeofday
LIST_RULES: exit,always arch=1073741827 (0x40000003) key=time-change
syscall=stime,settimeofday,adjtimex
syscall=clock_settime
LIST_RULES: exit,always watch=/etc/localtime perm=wa key=time-change
LIST_RULES: exit,always watch=/etc/group perm=wa key=identity
LIST_RULES: exit,always watch=/etc/passwd perm=wa key=identity
......
LIST_RULES: exit,always watch=/etc/sudoers perm=wa key=scope
LIST_RULES: exit,always watch=/var/log/sudo.log perm=wa key=actions
LIST_RULES: exit,always watch=/sbin/insmod perm=x key=modules
LIST_RULES: exit,always watch=/sbin/rmmod perm=x key=modules
LIST_RULES: exit,always watch=/sbin/modprobe perm=x key=modules
LIST_RULES: exit,always arch=3221225534 (0xc000003e) key=modules
syscall=init_module,delete_module
NOTE
Some audit rules are enabled by default after OS security hardening.
e. Perform the following operations to create audit rules for the relevant U2000
directory or file to be audited. The following uses the /opt/oss/engr directory as an
example:
i. Run the vi command to open the audit.rules file.
# vi /etc/audit/audit.rules

# This file contains the auditctl rules that are loaded
......
-w /var/log/sudo.log -p wa -k actions
-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-a always,exit -F arch=b64 -S init_module -S delete_module -k modules
-e 2
ii. Add the audit rules of the /opt/oss/engr directory to the audit.rules file, as
follows:
......

-w /opt/oss/engr -p a
-e 2
NOTE
l /opt/oss/engr is the directory to be audited.

l The directory and file to be audited must be minimized.
iii. Run the :wq command to save the modification and exit the vi editor.
f. Run the following commands to restart the OS:
For single-server system running on SUSE Linux, please run the following
commands.
# shutdown -r now
For high-availability system running on SUSE Linux, please run the following
commands.
# hastart -onenode
# shutdown -r now
g. Log in to the OS as the ossuser user.

h. Run the following command to switch to the root user:
$ su - root
Enter the password for the root user.

i. Run the following command to query whether the audit rules of the /opt/oss/engr
directory are created:
# auditctl -l

......
LIST_RULES: exit,always dir=/opt/oss/engr (0x8) perm=wa

NOTE
l The preceding information indicates that the audit rules of the /opt/oss/engr directory
have been created. The OS will audit the permission changes of files in the /opt/oss/engr
directory.
l To query the audit log and learn the detailed file change information, run the ausearch -
f /opt/oss or /var/log/audit/audit.log command. For details, see the SUSE Linux OS
documentation. For example, https://www.suse.com/documentation/.
j. Optional: To delete the audit rules of the /opt/oss/engr directory, perform the
i. Run the vi command to open the audit.rules file.
# vi /etc/audit/audit.rules

......
-w /opt/oss/engr -p a
-e 2
NOTE
/opt/oss/engr is the directory to be audited.
ii. Delete the audit rules of the /opt/oss/engr directory from the audit.rules file,
as follows:
......
-e 2
iii. Run the :wq command to save the modification and exit the vi editor.
iv. Run the following commands to restart the OS:
For single-server system running on SUSE Linux, please run the following
commands.
# shutdown -r now
For high-availability system running on SUSE Linux, please run the following
commands.
# hastart -onenode

# shutdown -r now
v. Run the following command to query whether the audit rules of the /opt/oss/
engr directory are deleted:
# auditctl -l

......
NOTE
If no information like LIST_RULES: exit,always dir=/opt/oss/engr (0x8) perm=wa
is displayed, the audit rules of the /opt/oss/engr directory have been deleted.
----End
A.2.22 How Do I Set an Encryption Algorithm for OpenSSH

(SUSE Linux 12)
Question
How do I set an encryption algorithm for OpenSSH?
Answer
Step 1 Log in to the SUSE Linux OS as the ossuser user through SSH by using PuTTY.
Step 2 Run the following command to access the directory /opt/oss/engr/engineering/script/.
$ cd /opt/oss/engr/engineering/script/
Step 3 Perform the following operations to set an encryption algorithm for OpenSSH.
1. Run the following command:
$ bash modifysshdalg.sh
The command output is as follows:

Start modify OpenSSH algorithms ......
System environment is : linux
uid=0(root) gid=0(root) groups=0(root),105(sfcb)
All mac_algorithms:
1: hmac-md5-etm@openssh.com 2:hmac-sha1-etm@openssh.com
3: umac-64-etm@openssh.com 4:umac-128-etm@openssh.com
5: hmac-sha2-256-etm@openssh.com 6:hmac-sha2-512-
etm@openssh.com
7: hmac-ripemd160-etm@openssh.com 8:hmac-sha1-96-

etm@openssh.com
9: hmac-md5-96-etm@openssh.com 10:hmac-md5
11: hmac-sha1 12:umac-64@openssh.com
13: umac-128@openssh.com 14:hmac-sha2-256
15: hmac-sha2-512 16:hmac-ripemd160
17: hmac-sha1-96 18:hmac-md5-96
All cipher_algorithms:
1: aes128-cbc 2:3des-cbc
3: blowfish-cbc 4:cast128-cbc
5: arcfour128 6:arcfour256
7: arcfour 8:aes192-cbc
9: aes256-cbc 10:chacha20-
poly1305@openssh.com
11: aes128-ctr 12:aes192-ctr
13: aes256-ctr 14:aes128-gcm@openssh.com
15: aes256-gcm@openssh.com
All Kex_algorithms:
1: ecdh-sha2-nistp256 2:ecdh-sha2-nistp384
3: ecdh-sha2-nistp521 4:diffie-hellman-group-
exchange-sha256
5: diffie-hellman-group-exchange-sha1 6:diffie-hellman-group14-sha1
7: diffie-hellman-group1-sha1 8:curve25519-
sha256@libssh.org
Current configured cipher_algorithms: chacha20-poly1305@openssh.com,aes128-

ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-
gcm@openssh.com,aes128-cbc
Current configured kex_algorithms: curve25519-sha256@libssh.org,ecdh-sha2-

nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-
sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Note: If the security algorithms supported by the SSH service are

inconsistent with those supported by the interconnected external NEs or NMSs,
communication through SSH will fail. As a result, NEs become unreachable or
the SFTP service becomes unavailable.
mac_algorithms.
:
2. Enter Y or y and press Enter.

Please input numbers of mac_algorithms separated by a ',' . For example:
11,12,13
:
3. Select the secure MACs algorithm for OpenSSH based on actual situations and press
Enter.
NOTE
Before selecting an algorithm, ensure that the system interconnected to the U2000 supports this
algorithm; otherwise, this system cannot connect to the U2000 server over OpenSSH.
cipher_algorithms.
:

Please input numbers of cipher_algorithms separated by a ',' . For example:
11,12,13
:
5. Select the secure Ciphers algorithm for OpenSSH based on actual situations and press
Enter.

NOTE
Input Y or y to modify kex_algorithms, otherwise, exit the modification of
kex_algorithms.
:

Please input numbers of kex_algorithms separated by a ',' . For example: 2,4,6
:
7. Select the secure Kex algorithm for OpenSSH based on actual situations and press
Enter.
NOTE
Operation succeeded. Please restart Openssh for the settings to take effect.
Please input Y or y to restart OpenSSH, inputting others will exit directly
and no restart OpenSSH!
input :

Shutting down SSH daemon done
Starting SSH daemon done
Restarting OpenSSH is successful.
End modify OpenSSH algorithm ......
NOTE
If the message "Restarting OpenSSH is successful." is displayed, the OpenSSH encryption algorithm is
successfully set.
----End
A.2.23 How Do I Set an Encryption Algorithm for OpenSSH

(SUSE Linux 11)
Question
Answer
Step 1 Log in to the SUSE Linux OS as the ossuser user through SSH by using PuTTY.



uid=0(root) gid=0(root) groups=0(root),105(sfcb)
All mac_algorithms:
etm@openssh.com
etm@openssh.com
13: umac-128@openssh.com 14:hmac-sha2-256
15: hmac-sha2-512 16:hmac-ripemd160
17: hmac-ripemd160@openssh.com 18:hmac-sha1-96
19: hmac-md5-96
5: arcfour128 6:arcfour256
7: arcfour 8:aes192-cbc
9: aes256-cbc 10:rijndael-cbc@lysator.liu.se
13: aes256-ctr
All Kex_algorithms:
1: ecdh-sha2-nistp256 2:ecdh-sha2-nistp384
exchange-sha256
5: diffie-hellman-group-exchange-sha1 6:diffie-hellman-group14-sha1
7: diffie-hellman-group1-sha1

mac_algorithms.
:

Please input numbers of mac_algorithms separated by a ',' . For example: 2,3
Enter.
NOTE
cipher_algorithms.

11,12,13
Enter.
NOTE

Input Y or y to modify kex_algorithms,otherwise,exit the modification of

kex_algorithms.
:

:
Enter.
NOTE
Please input Y or y to restart OpenSSH,inputing others will exit directly and
no restart OpenSSH!
input :

Shutting down SSH daemon done
Starting SSH daemon done
NOTE
If the message "Restarting OpenSSH is successful." is displayed, the OpenSSH encryption algorithm is
successfully set.
----End
A.2.24 How to Set the OpenSSH Encryption Algorithm on a Linux

Distributed System
Question
How do I set the OpenSSH encryption algorithm on a Linux distributed system?
Answer

# cd /opt/oss/engr/engineering/script/
2. When information similar to the following is displayed, enter Y or y and press Enter to
set the MAC algorithm.
uid=0(root) gid=0(root) .0(root) ?.?
=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

All mac_algorithms:
1: hmac-md5-etm@openssh.com 2:hmac-sha1-
etm@openssh.com
3: umac-64-etm@openssh.com 4:umac-128-
etm@openssh.com
etm@openssh.com
etm@openssh.com
9: hmac-md5-96-etm@openssh.com 10:hmac-
md5
11: hmac-sha1
12:umac-64@openssh.com
13: umac-128@openssh.com 14:hmac-
sha2-256
15: hmac-sha2-512 16:hmac-
ripemd160
17: hmac-sha1-96 18:hmac-
md5-96
1: aes128-cbc 2:3des-
cbc
3: blowfish-cbc 4:cast128-
cbc
5: arcfour128
6:arcfour256
7: arcfour 8:aes192-
cbc
9: aes256-cbc 10:chacha20-
11: aes128-ctr 12:aes192-
ctr
13: aes256-ctr 14:aes128-
gcm@openssh.com
15: aes256-gcm@openssh.com
All Kex_algorithms:
1: ecdh-sha2-nistp256 2:ecdh-sha2-
nistp384
exchange-sha256
5: diffie-hellman-group-exchange-sha1 6:diffie-hellman-group14-
sha1
7: diffie-hellman-group1-sha1 8:curve25519-
sha256@libssh.org
Current configured cipher_algorithms: chacha20-poly1305@openssh.com,aes128-

ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-
gcm@openssh.com,aes128-cbc
Current configured kex_algorithms: curve25519-sha256@libssh.org,ecdh-sha2-

nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-
sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Note: If the security algorithms supported by the SSH service are

inconsistent with those supported by the interconnected external NEs or NMSs,
communication through SSH will fail. As a result, NEs become unreachable or
the SFTP service becomes unavailable.

mac_algorithms.
3. When information similar to the following is displayed, enter the MAC algorithm
number to be configured and press Enter.
Please input numbers of mac_algorithms separated by a ',' . For example:
11,12,13

NOTE
set the cipher algorithms.
cipher_algorithms.
5. When information similar to the following is displayed, enter the cipher algorithm
numbers to be configured and press Enter.
11,12,13
NOTE
set the kex algorithms.
kex_algorithms.
7. When information similar to the following is displayed, enter the kex algorithm numbers
to be configured and press Enter.
NOTE
restart the OpenSSH.
no restart OpenSSH!
input :
If the message "Restarting OpenSSH is successful." is displayed, the OpenSSH

encryption algorithm is successfully set.
Shutting down the listening SSH
daemon
done
Starting SSH
daemon
done
----End
A.2.25 How Do I Obtain the Public Key of a Third-party SFTP

Server?
When you add or modify a third-party SFTP server on the U2000 client, you can choose
whether to check the server public key. If you choose to check it, users need to configure the
SFTP server public key on the client.

Prerequisites
Based on the IP address of the SFTP server to be added or modified on the U2000 client, find
the SFTP server the client connects to. Perform the following operations on the SFTP server.
Context
l The third-party SFTP server runs the Linux or Solaris operating system.
l If you choose to check the server public key when configuring a third-party SFTP server
on the U2000 client, the system compares the third-party SFTP server public key entered
by users on the client with the third-party SFTP server public key. If the public key are
different, the SFTP function used for communications between the third-party SFTP
server and the U2000 client is unavailable.
Procedure
Step 1 Log in to the third-party SFTP server.
Step 2 Run the following command to switch to user root.
$ su - root
Password:Password of root
Step 3 Run the following command to obtain the public key content of the SFTP server:
# cat /etc/ssh/ssh_host_rsa_key.pub
If information similar to the following is displayed, the public key content has been obtained.
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwjUbMhStgUyeFrEzMGrBFCnQYGsQBcLAGC18NBF78I3I9W0SE4fcoQ
ujhTAAVG1+jkvQiaqylSYUWnlUbd/lF/
l9GDkWUhCH1RWYDbdypgMHHKIANwrxLKnIoyaCpLvfz75aWQFP4IKaSMdiV6BKvFXSAUa00V8yoQttOq5x
FwU= root@linux
----End
A.2.26 How to Check Downloaded Software Packages Using

HashMyFiles Software
Question
How do I check downloaded software packages using HashMyFiles software?
Answer
Step 1 Obtain the MD5 code or SHA information that is used to check the downloaded software
package integrity.
l Download the iManager U2000 version MD5 CODE(English) file from http://
support.huawei.com/carrier. The iManager U2000 version MD5 CODE(English) file
contains MD5 code information after all software and document packages are
decompressed. Please contact a Huawei engineer to download the file.
– For carrier, log in to http://support.huawei.com/carrier. Search for U2000 and
select iManager U2000 in the search box on the Software tab. Then select a
desired version. Download the file in the Version Documentation column.

– For enterprise, log in to http://support.huawei.com/enterprise. Search for U2000

and select iManager U2000 in the search box on the Support tab. Then click
Documentation tab. Select a desired version and download the file.
NOTE
Take the following method to obtain the iManager U2000 version MD5 CODE(English) file. Only
Huawei engineers can download the file. If the customer requires using the file, please contact Huawei
engineers for help.
l The files in the ServiceCD of the Huawei server are archived in Support website.
Perform the following operations to obtain the ISO files:
a. Log in to http://enterprise.huawei.com.
b. Choose SUPPORT > Servers.
c. Choose TaiShan > FusionServer Tools > Downloads > V100R002C00 >
V100R002C00SPC300.
d. Download the FusionServer Tools-ServiceCD2.0-V109.zip software packages.
e. Use the PGPverify to verify correctness of the software packages. For details, see
A.2.27 How Do I Verify Downloaded Software Packages Using the PGPVerify
Software.
l For other third-party software, obtain the MD5 code or SHA information from the
corresponding official websites.
Step 2 Navigate to http://www.nirsoft.net/utils/hash_my_files.html and download the
HashMyFiles. For more information about software operation, see the software Help or go to
the official website of the software http://www.nirsoft.net/utils/hash_my_files.html for
technical support.
Step 3 Run the HashMyFiles.
Step 4 Choose Files > Add Folder from the main menu to access the Select Folder dialog box.
NOTE
You can also drag each local downloaded software package to the running window of the HashMyFiles.
Step 5 Select the folder in which the compression packages are stored and click OK.
Step 6 After uploading is complete, the MD5 code information of the local downloaded packages is
automatically generated. Choose View > HTML Report All Items to export the MD5 code
information and compare it with that in the MD5 code file obtained from Step 1.
Option Description
If the exported MD5 code information is the same as that in packages are correctly
the MD5 code file obtained from Step 1, downloaded.
If the exported MD5 code information is the different from download software
that in the MD5 code file obtained from Step 1, packets again.
----End

A.2.27 How Do I Verify Downloaded Software Packages Using

the PGPVerify Software
Question
How do I verify downloaded software packages using the PGPVerify software?
Answer
l Software packages and signature files correspond to each other and are stored in the
same directory. A software package corresponds to a signature file. Signature files are
released with products and their software packages.
l The extension of signature files is .asc. Generally, the names of signature files are the
same as the names of software packages. That is, when the software package name is
V200R017C60.zip, the corresponding signature file name is V200R017C60.zip.asc.
NOTE
The asc files will need to click the PGP after software packages to
download.
l Obtain the PGPVerify tool that is used to verify the completeness of downloaded
software packages and its public key file KEYS.
a. Download the PGPVerify tool and its public key file KEYS.
n For carrier: visit http://support.huawei.com/carrier/digitalSignatureAction
to download the OpenPGP Signature Verification Guide package and
decompress it. Obtain the PGPVerify tool and its public key file KEYS.
n For enterprise: visit http://support.huawei.com/enterprise/en/tool/software-
digital-signature-validation-tool--pgp-verify--TL1000000054, choose the
latest version and download the VerificationTools.rar package and its public
key file KEYS.
b. Decompress the VerificationTools.rar and obtain different versions of PGPVerify
software for different OSs.
n Windows: PGPVerify.exe (in the Windows\x86\PGPVerify TOOL directory)
n Solaris: PGPVerify-sparc.tar.bz2 (in the solaris\PGPVerify TOOL directory)
n Linux: PGPVerify-x86_64.tar.gz (in the linux\X86\bit64\PGPVerify TOOL
directory)
c. On Solaris/Linux OSs, use SFTP as the root user to upload the obtained PGPverify
software and public key file KEYS to the server. For details about the SFTP transfer
method, see A.2.30 How to Use the FileZilla to Transfer Files by SFTP.
d. Windows OS supports GUI-based verification and CLI-based verification. Solaris
and Linux OSs support CLI-based verification only.
l PGPVerify is a digital signature verification tool released by Huawei. Users can select
third-party openPGP verification tools based on actual needs.

Tool OS Tool Description
PGPVerify Windows/Solaris/Linux It is a simple PGP

verification tool released
by Huawei.
GNU Privacy Guard for Windows It is an official version of

Windows (Gpg4Win) GnuPG for Windows.
Official website: http://
www.gpg4win.org/
Recommended version:
2.2.1
The GNU Privacy Guard Linux It is a free and source-open

(GnuPG) GNU tool that implements
the OpenPGP standard
defined by the RFC4880
protocol. This tool is pre-
installed on most Linux
OSs.
Official website: http://
www.gnupg.org
Recommended version:
2.0.9
l GUI-based verification on Windows OS:
Files to be prepared before verification:

– PGPVerify software: PGPVerify.exe
– Public key file corresponding to the PGPVerify software: KEYS
– U2000 software package
– Signature file corresponding to the U2000 software package
a. Double-click PGPVerify.exe to start the PGPVerify tool.

b. Click Select Public Key, select the obtained public key file KEYS, and load it.
c. Click Multiple Verify and select the D:\oss\ directory to verify all files in it.
NOTE
l D:\oss\ indicates the directory that stores the signature file. Change it based on site
requirements. The signature file and software package must be stored in the same
directory.
l To verify a single file, click Single Verify and select the file to be verified.
n The green item indicates passed verification, that is, [PASS].
n The yellow item indicates unsupported verification, that is, [WARN]. For
example, the signature file or software version does not exist.
n The red item indicates failed verification, that is, [FAIL].
If no "WARN" or "FAIL" character is displayed, the signature file is valid. All items
are displayed in green.

NOTICE
If a version has multiple signature files to be verified, the version is secure only
when the verification results of all files are "PASS". If the verification results
contain "WARN" or "FAIL", the verification is not passed and security risks exist.
In that event, re-download the software package.
l CLI-based verification on Windows OS:

a. Open the CLI and run the following command to verify the signature file:
> "C:\PGPVerify.exe" -k "C:\KEYS" -d "D:\oss"
NOTE
l Assume that the signature file and software package are stored in the D:\oss\ directory, and
the PGPVerify tool and public key file are stored in the C:\ directory.
l To verify a single file, run the C:\PGPVerify.exe" -k "C:\KEYS" -f "D:\oss
\V200R017C60.zip.asc command.

[INFO]:Filter file in directory, please wait...
[WARN]:Can't find signature file, signed file position: D:\oss
\V200R017C60.zip.
[WARN]:Can't find signed file, signature file position: D:\oss
\V200R017C60.zip.asc.
[FAIL]:Invalid Signature. File path: D:\oss\V200R017C60.zip.
[PASS]:Good Signature. File path: D:\oss\V200R017C60.zip, Public key
fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824
[INFO]: Verify Complete.
NOTE
In the preceding characters in bold, the RSA key ID is consistent with the public key ID. For a
certain file, if no "WARN" or "FAIL" character is contained in other information, the signature
file is valid.
NOTICE
l CLI-based verification on Solaris and Linux OSs:

Files to be prepared before verification:
– PGPVerify software:
n Solaris: PGPVerify-sparc.tar.bz2
n Linux: PGPVerify-x86_64.tar.gz
– Public key file corresponding to the PGPVerify software: KEYS
– U2000 software package
– Signature file corresponding to the U2000 software package
b. Run the following command to decompress the PGPVerify software.

NOTE
Assume that the PGPVerify tool and public key file are stored in the /opt directory and the
signature file and software package are stored in the /opt/install.
Solaris:
# cd /opt
# bzip2 -d PGPVerify-sparc.tar.bz2
# tar xvf PGPVerify-sparc.tar
Linux:
# cd /opt
# tar xvfz PGPVerify-x86_64.tar.gz
c. Run the following commands to verify the signature file:

# ./PGPVerify -k KEYS -d install
NOTE
To verify a single file, run the following commands:
# cd /opt
# ./PGPVerify -k KEYS -f install/plugins-cloudtask-C01.zip.asc

[INFO]:Filter file in directory, please wait...
[PASS]:Good Signature. File path: install/plugins-cloudtask-C01.zip.asc,
Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824.
[PASS]:Good Signature. File path: install/twain.dll.asc, Public key
fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824.
[PASS]:Good Signature. File path: install/buildcloud-proxy.zip.asc,
[PASS]:Good Signature. File path: install/buildcloud_pvmtrans.zip.asc,
[PASS]:Good Signature. File path: install/plugins-cicloud-C01.zip.asc,
[PASS]:Good Signature. File path: install/ConfigCenter.war.asc, Public
key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824.
[PASS]:Good Signature. File path: install/watcher-wrapper.zip.asc,
[PASS]:Good Signature. File path: install/watcher.zip.asc, Public key
[PASS]:Good Signature. File path: install/rpm.war.asc, Public key
[PASS]:Good Signature. File path: install/buildcloud-rpm.zip.asc, Public
key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824.
[INFO]: Verify Complete.
NOTE
In the preceding characters in bold, the RSA key ID is consistent with the public key ID. For a
certain file, if no "WARN" or "FAIL" character is contained in other information, the signature
file is valid.
NOTICE
----End

A.2.28 How to Fix Garbled Characters in the SUSE Linux

Command Output
Question
How do I fix garbled characters in the SUSE Linux command output?
NOTE
l Using the PuTTY or the server terminal window is recommended because local terminals that do not
support the character set configuration. For example, the CLI window of a Windows OS does not support
handling of garbled characters in a command output.
l If the ls command output contains garbled characters, the directory that contains the garbled characters is
created using another type of character set. After the character set is modified, the directory that contains
the garbled characters is normally displayed. Directories that do not contain garbled characters may
include garbled characters after the character set is modified. This does not affect operations on the
U2000. You need to pay attention only to the directory displayed in the current character set.
l If the length of displayed Chinese characters exceeds the CLI window width, garbled characters may
occur.
Answer
l Scenario 1: After you run the ls command to view a directory, garbled characters are
displayed in the directory name.
a. If you use PuTTY to fix the garbled characters, set the PuTTY character set to Use
font encoding.
NOTE
The procedure for setting the PuTTY character set is as follows:
1. Right-click on the PuTTY toolbar. The PuTTY Reconfiguration window is displayed.
2. Choose Window > Translation and select Use font encoding from the Received data
assumed to be in which character set drop-down list.
b. If you fix the garbled characters using the server terminal window, set the character
set in the server terminal window to GB18030.
NOTE
The procedure for setting the character set in the server terminal window is as follows:
In the server terminal window, choose Terminal > Set Character Encoding > GB18030.
c. If you are a root user, run the ls command to view the directory. If you are an
ossuser or dbuser user, run the ls |more command to view the directory.
l Scenario 2: After you run other commands, garbled characters are displayed in the
command output.
a. If you use PuTTY to fix the garbled characters, set the PuTTY character set to
UTF-8.
NOTE
The procedure for setting the PuTTY character set is as follows:
1. Right-click on the PuTTY toolbar. The PuTTY Reconfiguration window is displayed.
2. Choose Window > Translation and select UTF-8 from the Received data assumed to
be in which character set drop-down list.
b. If you fix the garbled characters using the server terminal window, set the character
set in the server terminal window to UTF-8.

NOTE
The procedure for setting the character set in the server terminal window is as follows:
In the server terminal window, choose Terminal > Set Character Encoding > UTF-8.
l Scenario 3: If you fix the garbled characters using the server terminal window, perform
the following operations to modify the character set in the server terminal window:
Choose Terminal > Set Character Encoding in the server terminal window to view the
character set.
NOTE
For the Solaris, a root user should use the GB18030 character set, and an ossuser should use the
Unicode(UTF-8) character set.
For the SUSE Linux OS, a root user should use the GB2312 character set, and an ossuser should
use the Unicode(UTF-8) character set.
If the current user uses the mapping character set but the garbled characters are displayed, perform
the following operations to modify the character set:
For the Solaris OS:
l If the current character set is GB18030, change it to Unicode(UTF-8).
l If the current character set is Unicode(UTF-8), change it to GB18030.
For the SUSE Linux OS:
l If the current character set is GB2312, change it to Unicode(UTF-8).
l If the current character set is Unicode(UTF-8), change it to GB2312.
If the used OS has no mapping character set, choose Terminal > Set Character Encoding to add
the mapping character set and select it.
----End
A.2.29 Checking the NTP Service on Linux

This topic describes how to check the NTP service on Linux. Two commands are available to
query the NTP status: ntpq -p and ntptrace. The command outputs help you determine
whether NTP synchronization is normal.
Context
l You can run the service ntpd status command to check the running status of the NTP
service.
– If the command output contains active (running), the NTP service has started.
NOTE
l If the NTP service has been started, port 123 corresponding to the service will also be
enabled. Run the netstat -an |grep 10.185.166.48:123 command to check whether port
123 used by the NTP service has been enabled on the current U2000 server.
10.185.166.48 is the ip address of the current U2000 server.
Information similar to the following is displayed means the port 123 has been enabled.
udp 0 0 10.185.166.48:123 0.0.0.0:*
l If no information displayed, means the port 123 has not been enabled. Run the service
ntpd restart command to restart the NTP service and port 123 corresponding to the
service will also be enabled.
– If inactive (dead) is displayed, the NTP service is not started.
Active: inactive (dead)

NOTE
If the NTP service is not started, run the service ntpd start command to start the NTP service.
l You can run the date command.
– Check whether the medium-level NTP server time and the upper-level NTP
server time are the same.
– Check whether the NTP client time and the upper-level NTP server time are the
same.
If they are the same, the NTP service is in the normal state.
l In the ntpq -p command output, the remote field specifies the address of the reference
clock source. in the return message of the ntpq -p command is the IP address of the
reference time source. It indicates the status of the reference time source.
l The ntptrace command traces the entire NTP synchronization link from the local
machine to the NTP server at the highest level.
Procedure
Step 1 Log in to OS as user root.
Step 2 In a command line interface (CLI), run the ntpq -p command to view the NTP clock source.
Step 3 Run the ntptrace command to view the NTP synchronization link.
----End
Result
l If the server has been configured as the NTP server with the highest stratum, information
similar to the following is displayed.
# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 10 l 1 64 1 0.000 0.000
0.001
NOTE
l The preceding information indicates that the current server is the NTP server with the highest
stratum and is tracing the local time.
l The check of the NTP service takes about 5 minutes after the NTP server and NTP clients have
been started. In the ntpq -p command output, the remote field is not marked with an asterisk
(*). In the ntptrace command output, Timeout or Not Synchronized is displayed. Wait
5 minutes and then run the ntpq -p command or ntptrace command.
l If the server running on SUSE Linux is configured as the medium-level NTP server,
information similar to the following is displayed.
# ntpq -p
==============================================================================
*10.71.224.140 .LOCL. 16 u - 64 0 0.000 0.000
0.000
+LOCAL(0) 10 l 6 64 1 0.000 0.000
0.001
# ntptrace
localhost: stratum 2, offset 0.000049, synch distance 0.02863
10.71.224.140: stratum 1, offset -0.001166, synch distance 0.01024

NOTE
l In the ntpq -p command output, *10.71.224.140 specifies that the IP address of the NTP
server on which the host performs time synchronization is 10.71.224.140. The asterisk (*)
indicates that the status is normal. The value in the st column indicates that 10.71.224.140 is at
stratum 1.
l In the ntptrace command output, localhost: stratum 2 specifies that the host is at
stratum 2, and the IP address of the host at the upper level is 10.71.224.140 at stratum 1.
l If the server running on SUSE Linux is configured as an NTP client, information similar
to the following is displayed.
# ntpq -p
==============================================================================
*10.71.224.140 LOCAL(0) 2 u - 64 0 0.000 0.000
0.000
# ntptrace
localhost: stratum 3, offset 0.000035, sycnh distance 0.08855
10.71.224.140: stratum 2, offset 0.000224, synch distance 0.07860
10.161.94.212: stratum 1, offset 0.060569, synch distance 0.01036,
refid 'LCL'
NOTE
stratum 2.
stratum 3, the IP address of the host at stratum 2 is 10.71.224.140, and the IP address of the
host at stratum 1 is 10.161.94.212.
A.2.30 How to Use the FileZilla to Transfer Files by SFTP
Question
How do I use the FileZilla to transfer files by SFTP?
NOTE
l Before the U2000 is installed, use SFTP as the root user to transfer files.
l If the U2000 has been installed without security hardening, use SFTP as the ftpuser, ossuser, root
or another OS user to transfer files. This topic uses the root user as an example.
l If the U2000 has been installed with security hardening, use SFTP as the ftpuser user to upload files
to the /opt/backup/ftpboot directory under the root directory of the ftpuser user and then copy the
files to the specified directory. The operations of downloading files are similar.
Answer
Step 1 On a PC or laptop, double-click the shortcut icon of FileZilla client to open the FileZilla.

NOTE
You can go to http://filezilla-project.org to download the latest version of FileZilla. For more
information about software operation, see the software Help or go to the official website of the software
https://wiki.filezilla-project.org/Documentation for technical support.
Step 2 Create a site.

1. Choose File > Site Manager from the main menu to access the Site Manager window.
2. Click New site.
3. On the General tab page, set the relevant parameters.
– Enter a server IP address in the Host text box.
– Enter 22 in the Port text box.
– Select SFTP from the Server Type drop-down list.
– Select Ask for password from the Logon Type drop-down list.
– Enter a user name of the server OS in the User text box.
Use the root user as an example to establish a site, as shown in Figure A-1.
Figure A-1 Create a site
4. Optional: Click the Charset tab and select a character set depending on the name of the
file to be transferred. If the file name consists of letters, digits, and underscores (_), no
character set needs to be selected. If the file name contains Chinese or other characters,
select a character set based on actual needs. The use of an incorrect character set will
cause garbled characters in the file name.

NOTE
Filezilla supports file name processing by configuring the character set during the file transfer. To
convert file names only when the U2000 server supports UTF-8, select Autodetect, the default
option. If the U2000 server does not support UTF-8, file names remain unchanged. To forcibly
convert file names to UTF-8, select Force UTF-8. To convert files that are not in UTF-8 format,
manually enter the actual character set.
5. Click Connect. And the Enter password dialog box is displayed, as shown in Figure
A-2.
NOTE
After the site is connected to the server for the first time, the Unknown host key dialog box will
be displayed. Select Always trust this host, add this key to the cache and click OK.
Figure A-2 Enter password
6. Enter a user password in the Password text box, and ensure Remember password for
this session selected. Click OK.
If message Directory listing successful is displayed, as shown in Figure A-3, SFTP

connection is successful.
Figure A-3 Successful SFTP connection
Step 3 Perform the following operations to upload files:

NOTE
Verify that that the name of the directory where the installation packages are stored can contain only
letters, digits, and underscores (_). The directory name cannot contain spaces, brackets, or Chinese
characters. Need to refresh before uploading package under the server is file directory.
1. In the Local site directory tree, locate the folder in which the files to be uploaded reside
and click it. The folder will be displayed in Filename under Local site.
2. In the Remote site directory tree, locate the folder in which the uploaded files are to be
stored and click it. All files in the folder will be displayed in Filename under Remote
site.

3. Click a file to be uploaded and hold down to drag the file to the folder on the Remote
site node.
4. Release the button. File uploading starts.
For example, upload the 1.txt in the /opt directory in the G:\test1 path, as shown in Figure
A-4.
Figure A-4 Uploading files
Step 4 After the file is successfully uploaded, a success message is displayed, as shown in Figure
A-5.
Figure A-5 Successful file uploading
----End
A.2.31 What Can I Do If Logging In to the GUI Desktop Fails in

SUSE Linux
Question
What can I do if logging in to the GUI desktop fails in SUSE Linux?
The following error messages is displayed:

Answer
Step 1 Log in to the real-time desktop of a blade.
1. Logging in to the GUI of the MM910 management module.
2. Click KVM via MM. The Security Warning dialog box is displayed.
NOTE
– This step needs to be performed in an environment with JRE 1.7 or later installed.
– A 32-bit browser uses the 32-bit JRE, and a 64-bit browser uses the 64-bit JRE; otherwise, the
KVM window fails to be accessed through a browser.
– If the next page cannot be displayed on the Internet Explorer, switch to another browser or
close the current browser and log in to the controller card.
3. Click Yes. The blade management window is displayed.
4. Click to refresh the window.

5. Click the slot number where the blade resides, such as blade1. Choose Private Mode,
the real-time desktop of a blade is displayed.
NOTE
– Private Mode allows only one user to access and perform operations on the server.
– Shared Mode allows two users to access and perform operations on the server simultaneously.
One user can view the operations performed by the other user.
Step 2 Restart the server.
1. Click in the menu bar of the server real-time window.

2. Select Forced Power Cycle. Are you sure to perform this operation? is displayed.
3. Click Yes. The server is restarted. The startup takes about 3 to 5 minutes.
Step 3 Perform the following operations to log in to the SUSE Linx GUI Desktop:
1. When the start window is displayed, move the cursor to Failsafe - SUSE Linux
Enterprise Server 12 SP2 - 4.4.114-92.64-default .
2. Press Esc. The Exiting… dialog box is displayed.
3. Press Tab to select OK and press Enter to enter the GRUB window.

4. Press c to enter the CLI window.

5. Enter the following commands that the system is started in CLI mode.
grub> root (hd0,0)
grub> cat /grub/menu.lst
grub> kernel /vmlinuz-4.4.114-92.64-default root=/dev/vg_root/lv_root
vga=0x314 3
grub> initrd /initrd-4.4.114-92.64-default
grub> boot
6. When the following information is displayed, enter the root user name and password to
log in to the operating system.
Float166251 login: root
Password:
7. 7 Run the following command to start the GUI on a terminal:

# startx
Step 4 Optional: Re-install the login server.

NOTE
If an ISO installation disk that contains the same SP version as the SUSE Linux is available, perform the
following sub-steps to re-instasll the login server. If such an ISO installation disk is unavailable, you can
only perform Step 1 to Step 3 to log in to the SUSE Linux GUI through the text mode interface.
1. Click the icon in the tool bar on the blade desktop to mount the same ISO installation
disk as that for the operating system with the SP version.
If Low Disk Space is warned, please run the following commands to remove log files.
# cd /var/log
# rm –rf messages
2. Enter the YaST window.

3. Choose Software > Software Repositories to enter the Software Repositories window.
Ensure Enabled is √.
4. Exit the Software Repositories window. Choose Software > Software Management to
enter the Software Management window.
5. Enter login into the text box on the Search tab. The list of related software packages will
be displayed in the right pane. Click the login software package to reinstall the login
service.
6. Run the following command to check runlevel. Ensure that its value is 5.
# cat /etc/inittab
The default runlevel is defined here
Id:5:initdefault:
7. Restart the operating system.

# shutdown -r now
----End
A.2.32 How do I set the network of the system

Question
How do I set the network of the system?
Answer
Step 1 Log in to the OS as user root.
Step 2 Run the following command to log in to the YaST Control Center:
# yast2
Step 3 In the YaST Control Center dialog box, choose Network Devices > Network Settings.
Step 4 In the Network Settings dialog box, select Overview.
Step 5 Select the network port whose Device is eth0 and click Edit.
NOTE
Select the network port whose Device is eth0 and connect network interfaces identified as 1 to the
network.
Step 6 In the Network Card Setup dialog box, select Address.

Step 7 Select Statically assigned IP Address. Set system IP address and subnet mask, and click
Next.
Step 8 Add a static route.
NOTE
A route must be added if a user needs to connect to the network. A static route is recommended.
l If network connection security is highly required, add a static route and allow users on some IP
network segments to connect to the server.
l If network connection security is not highly required, add a default route and allow all users to
connect to the server. For details, see A.2.5 How to manually Add the Default Route (SUSE
Linux).
1. In the Network Settings window, select Routing.
2. Click Add in the Routing Table area. The following dialog box for configuring a static
route is displayed.

NOTE
Set the following parameters:
– Destination: An IP address on the network segment of the computer connected to the U2000
server.
– Device: use the default value. The default value is eth0.
– Gateway: network management IP address for the network on which the U2000 server is
located.
– Netmask: subnet mask of the network segment on which the computer connected to the
U2000 server is located.
Leave other parameters empty.
3. Click OK.
4. Click OK.
Step 9 Close the YaST Control Center dialog box.
NOTE
l After the system IP addresses and the routes are set, run the netstat -nr command through the CLI
to check whether the route is successfully added. Wait for about 1 to 2 minutes, then run the ping
system IP address command to check whether the network of the system is set. If the system IP
address can be pinged, the network of the system is successfully set.
l If a static route exists and a new static route needs to be added, use the MSuite to add a static route
after the U2000 is installed, see A.2.7 How to Add a Static Route If the U2000 Is Installed.
Using yast2 to add a static route is prohibited to prevent several-second network disconnection and
service interruption.
Step 10 Run the following command to restart the OS. It takes approximately 5 to 8 minutes to restart
the system.
# shutdown -r now
----End
A.3 Solaris OS
This topic provides answers to FAQs about clients installed on Solaris OS.
A.3.1 Network Configurations of the Workstation

This topic provides answers to FAQs about the network configurations of the workstation.
A.3.1.1 How to Make the Devices Directly Connected to the two NICs of the
Server Communicate with Each Other
Question
How do I make the devices directly connected to the two NICs of the server communicate
with each other?
Answer
Step 1 Log in the OS as user root.

Step 2 Run the following command to enable the route forwarding function:
# ndd -set /dev/ip ip_forwarding 1
Step 3 To prevent the command from being invalid after the workstation is restarted, create a file
whose filename begins with an S in the /etc/rc3.d directory, and type ndd -set /dev/ip
ip_forwarding 1 into the file. Use the Srouter file as an example:
# vi /etc/rc3.d/Srouter
Write ndd -set /dev/ip ip_forwarding 1 into the file.
Run the command :wq! to save and close the file.
NOTE
When creating a file whose filename begins with an S in the /etc/rc3.d directory, run the following
command to view the existing files in the /etc/rc3.d directory. Ensure that the filename is unique in the
path.
# ls /etc/rc3.d
----End
A.3.1.2 How to Add the Default Route
Question
How do I add the default route?
Answer
Step 1 Log in the OS as user root.
Step 2 Open a terminal window in the Solaris OS.
Step 3 Run the following command:

# vi /etc/defaultrouter
Step 4 Enter an IP address as the default route in the file, for example, 10.9.1.254.
Step 5 Press Esc. Then, run the :wq command to save the file and exit the vi editor.
Step 6 Run the following commands to restart the server:

Step 7 Log in to the Solaris OS as the root user. Run the netstat -nr command to view the default
route of the system.
----End
A.3.1.3 How to Add a Static Route
Question
How do I add a static route?

Answer
1. Log in to the server as the root user and run the following command to add a static route:
# route -p add destination network segment address -netmask destination
network segment subnet mask gateway IP address
NOTE
l destination network segment address: network segment on which the IP address of the
computer connecting to the U2000 server is located
l destination network segment subnet mask: subnet mask of the network segment on which the
IP address of the computer connecting to the U2000 server is located
l gateway IP address: gateway IP address of the network on which the U2000 server is located
For example, add a static route from the U2000 server (IP address: 10.9.1.1; subnet
mask: 255.255.255.0; gateway IP address: 10.9.1.254) to a remote computer (IP address:
10.67.56.226; subnet mask: 255.255.254.0; gateway IP address: 10.67.56.1).
# route -p add 10.67.56.0 -netmask 255.255.254.0 10.9.1.254
2. Run the following command in the CLI to check that the route has been added:
# netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
10.67.56.0 10.9.1.254 UG 1 61
If the preceding information is displayed, the static route has been added. Otherwise, add
a static route again.
A.3.1.4 How to Query the Gateway of a Sun Workstation
Question
How do I query the gateway of a Sun workstation?
Answer
Step 1 Log in to the OS as user root and open the terminal window.
Step 2 Run the following command to query the workstation:

# netstat -nr
The following message will be displayed:

Routing Table: IPv4
-------------------- -------------------- ----- ----- ------ ---------
10.71.224.0 10.71.225.24 U 1 1006 bge0
224.0.0.0 10.71.225.24 U 1 0 bge0
default 10.71.224.1 UG 1 114902
127.0.0.1 127.0.0.1 UH 6 25558 lo0
NOTE
l The contents displayed on the terminal will vary according to the route configuration.
l The gateway with UG listed in the Flags is the gateway of the workstation. In this example, the IP
address of the workstation gateway is 10.71.224.1. There are five flags (UGHDM) for a specified
route.
----End

A.3.1.5 How to Configure the DNS on Solaris OS
Question
How do I configure the DNS on Solaris OS?
Answer
Step 2 Run the following command to open the nsswitch.conf file:

# vi /etc/nsswitch.conf
Step 3 In the nsswitch.conf file in the /etc directory, add dns to the end of the line where hosts:file
is located. The following message will be displayed:
hosts:
files dns
Step 4 Create the /etc/resolv.conf file and add contents in the following format:
domain domain name address nameserver DNS IP address
For example:
domain huawei.com nameserver 10.15.1.3
Step 5 Save the configuration and exit.
----End
A.3.1.6 How to Check the NIC Type of a Server
Question
How do I check the NIC type of a server?
Answer
You can run the more /etc/path_to_inst | grep network command as user root to check the
NIC type of a server.
A.3.1.7 How to Check Whether an NIC Has Multiple IP Addresses on Solaris
Question
How to check whether an NIC has multiple IP addresses on Solaris?
Answer
Step 1 Log in to the Solaris OS as the root user.
Step 2 To check whether an NIC has multiple IP addresses, run the following command:
# ifconfig -a

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>mtu 8232 index 1
inet 127.0.0.1 netmask ff000000

bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>mtu 1500 index 2

inet 10.71.210.182 netmask fffffe00 broadcast 10.71.211.255
ether 0:b:5d:e5:10:8
bge0: 1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>mtu 1500 index 2
inet 192.168.0.22 netmask fffffe00 broadcast 192.168.0.255
ether 0:3:ba:be:b3:59
NOTE
In NIC name: x, NIC name specifies the name of an NIC and x is a digit. If x is 1, the NIC has 2 IP addresses;
if x is n, the NIC has n+1 addresses. NIC name and x vary according to the machine model and IP addresses.
In this example, the NIC has two IP addresses, and bge0 and bge0:1 specify two IP addresses.
----End
A.3.1.8 How to Delete Excess IP Addresses of an NIC on Solaris
Question
How to delete excess IP addresses of an NIC on Solaris?
Answer
If an NIC has multiple IP addresses, run the following command to delete excess IP
addresses. For details about how to check whether excess IP addresses have been set for an
NIC, see A.3.1.7 How to Check Whether an NIC Has Multiple IP Addresses on Solaris.
# ifconfig NIC name:x unplumb
NOTE
In the command, NIC name and x vary according to the machine model and set IP addresses.
For example, if NIC name is bge0 and x is 1, run the following command to delete IP addresses
corresponding to bge0: 1:
# ifconfig bge0:1 unplumb
A.3.1.9 How to Set IP Addresses for Unused NICs on a Workstation
Question
How do I set IP addresses for unused NICs on a workstation after a Solaris OS is installed and
before installing the U2000 software?
Answer
On Solaris, the common method of setting IP addresses is to modify the following files:
l /etc/hostname.NIC name
l /etc/hosts
l /etc/inet/ipnodes
l /etc/netmasks
Step 1 Log in to Solaris as the root user.
Step 2 Perform the following operations to configure the /etc/hostname.NIC name file:
1. Run the following command to add and edit the /etc/hostname.NIC name file:
# vi /etc/hostname.NIC name

NOTE
NIC name indicates the name of an NIC for which an IP address is to be set, for example.
e1000g1.
2. Enter a host name, for example, NMSserver, in the file.
NOTICE
If multiple network interfaces need to be configured, host names for the network
interfaces must be different.
3. Save and exit the file.

Step 3 Perform the following operations to configure the /etc/hosts file:
NOTICE
The host names configured in the /etc/hosts and /etc/hostname.port name must be the same.
1. Run the following command to edit the /etc/hosts file:

# vi /etc/hosts
2. Add a line to the file, and enter an IP address and host name, for example, 10.9.9.1
NMSserver.
NOTICE
If the IP addresses of multiple network interfaces must be configured, ensure that the IP
addresses of different network interfaces must be located on different network segments.

Step 4 Perform the following operations to configure the /etc/inet/ipnodes file:
NOTICE
The host names and IP addresses configured in the /etc/inet/ipnodes and /etc/hosts files must
be the same.
1. Run the following command to edit the /etc/inet/ipnodes file:

# vi /etc/inet/ipnodes
2. Add a line to the file, and enter an IP address and host name, for example, 10.9.9.1
NMSserver.
Step 5 Perform the following operations to configure the /etc/netmasks:
1. Run the following command to edit the /etc/netmasks file:
# vi /etc/netmasks

2. Add a line to the file and enter a routing segment, for example, 10.9.9.0 255.255.255.0.
NOTE
10.9.9.0 is the network segment of 10.9.9.1 and 255.255.255.0 is the subnet mask.
Step 6 Run the following commands to restart the workstation:
NOTE
When the U2000 is installed, before running the following commands, please stop the U2000 server
processes , shut down the database, and stop the VCS service (for a High Availability System ) in
sequence by referring to descriptions in Chapter Shutting Down a U2000.
Step 7 After the workstation is restarted, log in to Solaris as the root user and run the ifconfig -a
command to view the configured IP addresses.
----End
A.3.1.10 How to Enable IPv4 Forwarding Between NICs
Question
How do I enable IPv4 forwarding between NICs after Solaris is installed?
Answer
Step 2 Run the following command to configure IPv4 forwarding:

# routeadm -e ipv4-forwarding -u
Step 3 Run the following command to check whether the configuration is successful:
# routeadm
If the IPv4 configurations are displayed and the system status is enabled, the configuration is
successful.
----End
A.3.1.11 How to Configure a Workstation NIC to Work in Full-Duplex Mode
Question
On Solaris 10, how do I configure a workstation NIC to work in full-duplex mode?
Answer
Step 1 Run the following command to get in the directory by root user.
# cd /etc/rc3.d
Step 2 Run the vi editor create the S99setbge file, input the following commands and save it:
# vi S99setbge
ndd -set /dev/bge0 adv_1000fdx_cap 0
ndd -set /dev/bge0 adv_1000hdx_cap 0


ndd -set /dev/bge0 adv_autoneg_cap 0
ndd -set /dev/bge0 adv_pause_cap 0
ndd -set /dev/bge0 adv_asym_pause_cap 0
NOTE
The meanings of the preceding commands are as follows:
ndd -set /dev/bge0 adv_1000fdx_cap 0 (off 1000M Full Duplex)
ndd -set /dev/bge0 adv_1000hdx_cap 0 (off 1000M Half Duplex)
ndd -set /dev/bge0 adv_100fdx_cap 1 (on 100M Full Duplex)
ndd -set /dev/bge0 adv_10fdx_cap 0 (off 10M Full Duplex)
ndd -set /dev/bge0 adv_autoneg_cap 0 (off Auto-negotiation)
NOTICE
Here, bge0 indicates the name of the NIC to be configured. Enter a value as required.
Step 3 Run the following command to modify the S99setbge file attribute:
# chmod 744 S99setbge
# chgrp sys S99setbge
Step 4 Run the following command to check the S99setbge file attribute:
# ls -l S99setbge
Step 5 Run the following command to restart the system, make the configuration be succeed:
# sync;sync;sync;sync;
Step 6 Run the following command to check the network card attribute:
# kstat -p bge | grep link_
If the following information is displayed, the 100M full-duplex mode has been successfully
configured for bge0:
......
bge:0:parameters:link_duplex 2
......
bge:0:parameters:link_speed 100
......
Here, the mappings between link_duplex values and attributes are as follows:
l The value 0 indicates Down.
l The value 1 indicates Half Duplex.
l The value 2 indicates Full Duplex.
----End
A.3.2 System Settings of the Workstation

This topic covers FAQs about workstation system settings.

A.3.2.1 How to Boot Up the Workstation from the CD-ROM Drive
Question
How do I boot up the workstation from the CD-ROM drive?
Answer
Step 1 At the # prompt, run the following command to display the OK prompt (OK>):
# init 0
Step 2 After the OK prompt is displayed, insert the installation DVD of Solaris OS into the CD-ROM
drive.
Step 3 Run the following command and press Enter. The workstation starts from the CD-ROM
drive.
l If the server model is Netra T4-1/Oracle T4-1, run the following command:
ok boot cdrom
l If the server model is Oracle T4-2/Netra T4-2, run the following command:
ok boot dvd
Press Enter. The system will restart. After five minutes, the system will prompt you to select
the language for the installation program.
----End
A.3.2.2 How to Set the Interface Language of Solaris OS
Question
How do I set the interface language of Solaris OS?
Answer
Step 1 Power on the workstation, and start Solaris OS.
Step 2 Choose Options > Language. A dialog box will be displayed prompting you to select a
language.
Step 3 Select the system language from the list box according to the conditions at your site.
Step 4 Click OK.

If you want to save the setting of the system language, select Set selected language as
default.
----End
A.3.2.3 How to Start the Snapshot Tool When It Is Unavailable
Question
How do I start the snapshoot tool if the snapshot tool is unavailable by right-clicking on the
GUI desktop?

Answer
Step 1 The snapshot tool is attached to Solaris OS. Generally, it is available using the shortcut
application. If the snapshot tool is unavailable in the shortcut application, run the following
command to start it:
# /usr/dt/bin/sdtimage -snapshot
----End
A.3.2.4 How to Switch to the Multi-user Mode or Single-user Mode
Question
How do I switch to the multi-user mode or single-user mode?
Answer
Step 1 Optional: Display the ok prompt using the controller.
l If the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server is used, perform the
following operations to display the OK prompt:
a. Log in to the system controller in SSH mode.
NOTE
The Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server does not support login through
Telnet. Log in to the system controller performing the following:
n Install the tool software of the SSH client on the Windows terminal to log in to the
system controller, for example: Putty.
n Run the ssh SC_IP_Address command on the terminals of other Sun servers. If the
following message is displayed, enter yes:
The authenticity of host '10.9.1.20 (10.9.1.20)' can't be
established.
RSA key fingerprint is 0b:23:07:0c:27:72:44:3f:d1:aa:
12:99:ed:dd:c0:5a.
Are you sure you want to continue connecting (yes/no)?
b. In the CLI, enter the user name and password of the system controller. The default
user name and password are root and changeme.
c. Optional:
Perform the following operations to check whether the system controller of the
server needs to be upgraded:
-> cd /HOST
-> ls
n Netra T4-1/Oracle T4-1/Oracle T4-2 server:

View the sysfw_version information in the command output. For example,
sysfw_version = Sun System Firmware 8.2.1.b 2012/08/03 11:58.
If sysfw_version shows that the version is 8.3.0 or later, perform the next step.
If sysfw_version shows that the version is earlier than 8.3.0, you must upgrade
the system controller. For details, see A.3.4.12 How to Upgrade the System
Controller Firmware of the Netra T4-1/Oracle T4-1/Oracle T4-2 Server.
d. Run the following command:
-> set /HOST/bootmode state=reset_nvram script="setenv auto-boot? false"
NOTE
There must be a space between ? and false.


Set 'state' to 'reset_nvram'
Set 'script' to 'setenv auto-boot? false'
e. Run the following command:

-> start /SYS

Are you sure you want to start /SYS (y/n)?
f. Enter y to start the server.

If the message start: Target already started is displayed, the system is running.
Perform the following operations:
-> stop /SYS
Are you sure you want to stop /SYS (y/n)?
Enter y. The following message will be displayed:

Stopping /SYS
Enter show /HOST status repeatedly to check the system status. After a message
containing status = Powered off is displayed, proceed with the next step.
-> start /SYS
Enter y to start the server.

g. Run the following command to display the OK prompt:
-> start /SP/console

Are you sure you want to start /SP/console (y/n)?
h. Enter y and press Enter.

NOTE
n If a prompt is displayed, enter y and press Enter.

n If the following information is displayed, the EEPROM Password policy in SetSolaris
security hardening has been enabled.
Firmware Password:
Enter the Firmware Password, The default password is sek12345.
Serial console started. To stop, type #.
...
Setting configuration variables to default values.
NOTICE: Probing PCI devices.
NOTICE: Finished PCI probing.
Netra SPARC T4-2, No Keyboard

Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights
reserved.
OpenBoot 4.35.5.a, 63.5000 GB memory available, Serial #106450436.
Ethernet address 0:10:e0:58:4e:4, Host ID: 86584e04.
auto-boot? = false
{0} ok

Step 2 Run the following command to switch to the Multi-user Mode or Single-user Mode.
l Run the following command to switch to the multi-user mode:
ok boot
l Run the following command to switch to the single-user mode:
ok boot -s
----End
A.3.2.5 How to Open the Terminal Window on the Desktop in the Java Desk
System
Question
How do I open the terminal window on the desktop in the Java Desk System (JDS)?
Answer
Step 1 Open the desktop in the JDS.
1. Enter the user name for login, such as root.
2. Choose Options > Session > Java Desktop System to select the JDS.
3. Click OK. Enter the password for the user.
4. Click OK to log in to the desktop in the JDS.
Step 2 Right-click on the desktop in the JDS and choose Open Terminal from the shortcut menu to
open a terminal window.
----End
A.3.2.6 How to Query the Drive of the Default Startup Disk of the Workstation
Question
On the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server, the system starts from hard
disk PhyNum 0 by default. How do I query the drive of hard disk PhyNum 0?
Answer
After the system enters the OK mode, run the following command to query the drive of the
startup disk:
{0} ok probe-scsi-all

/pci@400/pci@2/pci@0/pci@f/pci@0/usb@0,2/hub@2/hub@3/storage@2
Unit 0 Removable Read Only device AMI Virtual CDROM 1.00
/pci@400/pci@2/pci@0/pci@c/LSI,sas@0
FCode Version 1.00.54, MPT Version 2.00, Firmware Version 5.00.17.00
/pci@400/pci@2/pci@0/pci@8/SUNW,qlc@0,1
QLogic QLE2562 Host Adapter FCode(SPARC): 2.03 06/30/08

Firmware version 4.03.02

Fibre Channel Link down
Possible causes: No cable, incorrect connection mode or data rate
SFP state: 8Gb Present
/pci@400/pci@2/pci@0/pci@8/SUNW,qlc@0
/pci@400/pci@2/pci@0/pci@4/scsi@0
Target 9
Unit 0 Disk HITACHI H106060SDSUN600G A2B0 1172123568 Blocks, 600 GB
SASDeviceName 5000cca0253b71ac SASAddress 5000cca0253b71ad PhyNum 0
Target a
Unit 0 Removable Read Only device TEAC DV-W28SS-V 1.0B
SATA device PhyNum 6
/pci@400/pci@1/pci@0/pci@8/SUNW,qlc@0,1
/pci@400/pci@1/pci@0/pci@8/SUNW,qlc@0
/pci@400/pci@1/pci@0/pci@4/scsi@0
Target 9
Unit 0 Disk HITACHI H106060SDSUN600G A2B0 1172123568 Blocks, 600 GB
SASDeviceName 5000cca0253d1400 SASAddress 5000cca0253d1401 PhyNum 0
NOTE
l pci@1 specifies the first controller and pci@2 specifies the second controller.
l If PhyNum 0 is available on the first controller but not on the second controller, the system by
default starts from the hard disk of the first controller. Record 5000cca0253d1400 corresponding to
PhyNum 0 on the first controller as the drive of the startup disk.
l If PhyNum 0 is available on the second controller but not on the first controller, the system by
default starts from the hard disk of the second controller. Record 5000cca0253b71ac corresponding
to PhyNum 0 on the second controller as the drive of the startup disk.
l If PhyNum 0 is available on both the first and second controllers, the system by default starts from
the hard disk of the first controller. Record 5000cca0253d1400 corresponding to PhyNum 0 on the
first controller as the drive of the startup disk.
The preceding command output is used as an example. In this example, 5000cca0253d1400

corresponding to PhyNum 0 on the first controller is the drive of the startup disk. Before
disk partition, select the drive of the startup disk as the first hard disk.
A.3.2.7 How to Operate the CD-ROM
Question
How do I operate the CD-ROM?

Answer
Step 1 If the Sun workstation has a built-in CD-ROM drive, perform the following operation:
The system automatically installs the CD-ROM to the /cdrom directory after startup. If there
is a CD-ROM in the CD-ROM drive, view the contents of the CD-ROM after accessing the /
cdrom directory.
Step 2 If the Sun workstation has an external CD-ROM drive, perform the following operation:
Power on the CD-ROM drive after the SCSI wire is connected. Then, power on the
workstation. The system automatically identifies and installs the CD-ROM to the /cdrom
directory after startup.
Step 3 Use appropriate commands to open the CD-ROM drive.
If there is a CD-ROM in the CD-ROM drive, run appropriate commands to open the CD-
ROM drive.
Verify that the CD-ROM is not being used by any program and exit the directory for the CD-
ROM. Run the following command as user root:
# eject
NOTE
If the DVD cannot be ejected after the eject command is executed, you must add the drive mounting
position next to the command, You can run the df -h command to query the drive mounting position.
# df -h
...
/vol/dev/dsk/c2t6d0/solaris
2.8G 2.8G 0k 100% /cdrom/solaris
The drive mounting position is solaris. Run the eject solaris command to eject the DVD.
Open the CD-ROM drive and take out the CD-ROM.
NOTE
If the system prompts "Device busy" and the CD-ROM cannot be ejected, run the following command
as user root:
# svcadm disable volfs
Press the eject button on the drive panel to take out the CD-ROM.
The drive becomes unavailable in this situation. Run the following command:
# svcadm enable volfs
The CD-ROM drive can then be used.
Step 4 Install or start the system from the CD-ROM.

Insert the CD-ROM to the drive, and then run the following command at the ok prompt on
the workstation:
l If the server model is Netra T4-1/Oracle T4-1, run the following command:
ok boot cdrom
l If the server model is Oracle T4-2/Netra T4-2, run the following command:
ok boot dvd
Press Enter. The system will restart. After five minutes, the system will prompt you to select
the language for the installation program.
By doing this, you can install or start the system from the CD-ROM.

Step 5 Check the SCSI device mounted on the workstation.

Enter the following command at the ok prompt:
ok probe-scsi
By doing this, you can check the SCSI device mounted on the workstation. This command is
usually used to verify that the CD-ROM drive is correctly mounted.
----End
A.3.2.8 How to Solve the Problem that the Current File System Is Not in the UFS
Format
Question
In Solaris 10, if the file system is not in the UFS format, How to solve this problem?
Answer
l Contact Huawei technical support engineers to assist in reinstalling the operating system
and U2000. Change the file system format to UFS during reinstallation of the operating
system.
l If the live network does not allow reinstallation of the operating system or U2000,
perform the following operations:
a. Log in to the operating system of the server as the ossuser user.
b. Run the following command to view the current file system format:
$ cat /etc/vfstab

#device device mount FS fsck mount
mount
#to mount to fsck point type pass at boot
options
#
fd - /dev/fd fd - no -
/proc - /proc proc - no -
/dev/md/dsk/d31 - - swap - no -
/dev/md/dsk/d30 /dev/md/rdsk/d30 / ufs 1 no -
/dev/md/dsk/d36 /dev/md/rdsk/d36 /var ufs 1 no -
/dev/md/dsk/d37 /dev/md/rdsk/d37 /export/home ufs 2
yes -
/dev/md/dsk/d65 /dev/md/rdsk/d65 /opt ufs 2 yes -
/dev/md/dsk/d35 /dev/md/rdsk/d35 /opt/backup ufs 2
yes -
/dev/md/dsk/d95 /dev/md/rdsk/d95 /opt/sybase ufs 2
yes -
/devices - /devices devfs - no -
sharefs - /etc/dfs/sharetab sharefs - no -
ctfs - /system/contract ctfs - no -
objfs - /system/object objfs - no -
swap - /tmp tmpfs - yes -
NOTE
The column to which FS type belongs indicates the format of the current file system. In this
example, the file system is in the UFS format.
c. Run the following commands to add the type of disks to be monitored:
$ SettingTool -cmd setparam -path /imap/common/monitor/monitorgroup/
SupportFS -value "zfs;vxfs;ufs"

NOTE
l The following disk types are supported: VxFS, UFS, and ZFS.
l Different disk types are separated by columns (;).
l The default disk type is UFS.
d. Run the following command to check whether desired disks are added:
$ SettingTool /imap/common/monitor/monitorgroup/SupportFS
If the following information is displayed, the desired disks have been successfully
added.
zfs;vxfs;ufs
e. Restart the ResourceMonitor process.

i. Run the following command to obtain the ID of the ResourceMonitor process:
$ ps -ef | grep ResourceMonitor

ossuser 9252 1 0 15:41:58 ? 0:00 /opt/oss/server/
platform/bin/ResourceMonitor -cmd start >/dev/null 2>&1
ossuser 9268 9130 0 15:42:06 pts/1 0:00 grep
ResourceMonitor
ii. Run the following command to shut down the ResourceMonitor process:
$ kill -9 process ID
In this example, run the kill -9 9252 command to shut down the
ResourceMonitor process.
f. Wait about 1 minute. The ResourceMonitor process automatically starts.
----End
A.3.2.9 How to Use the VNC to Remotely Access a Workstation
Question
How do I use the VNC to remotely access a workstation?
Answer
The VNC is a component of Solaris. It is a typical thin client software. The graphics processor
service runs on the server and multiple instances can be created. The VNC advantage is that a
remote computer can access the server using the Internet Explorer. If the connection is torn
down, the desktop can be held by logging in with the same user name and port number. The
remotely run applications will not be interrupted due to the network disconnection.

NOTICE
l After the following operations are performed, you can remotely log in to Solaris as a
specified OS user and retain the session. If the connection is torn down and you log in
using the same port as the same user, the session will be retained.
l If the use of the VNC to remotely log in to the Solaris OS needs to be performed as the
root user, the login user must be root. If the use of the VNC to remotely log in to the
Solaris OS needs to be performed as the ossuser user, log in to the Solaris OS as the
ossuser user after the U2000 is installed.
l Do not use the Java desktop mode to log in to the OS. Using Telnet or SSH (more secure,
recommended) to log in to the OS is recommended. After login succeeds, run the
associated commands to start the VNC service.
l Before installing U2000, the scripts to enable and disable VNC is in the /opt/install/
OSSICMR/tools/VNC directory. After preconfiguring the OS, the scripts to enable and
disable VNC is in the/opt/sudobin/engr/tools/VNC directory. The following example
describes how to use the VNC after preconfiguring the OS.
Run the following command to check the svc:/milestone/network:defaultstatus:

# svcs |grep svc:/milestone/network:default

online 20:17:02 svc:/milestone/network:default
If the command output contains online, you do not need to run the following commands. If
the command output contains maintenance or offline, run the following commands to change
the status of svc:/milestone/network:default to online.
# svcadm clear svc:/milestone/network:default
# svcadm enable svc:/milestone/network:default
# svcs |grep svc:/milestone/network:default
If the status of svc:/milestone/network:default is online, perform the following operations to

configure the VNC service for the root or ossuser user:
l Configure the VNC service as the root user.
a. Use the PuTTY tool to log in to the server as a root user.
b. Optional: Run the following command to set the password for user root to log in to
the VNC. If the VNC login password for user root already exists, skip this step.
# vncpasswd
A message similar to the following is displayed:

Password:
An example password is Admin123. A password must consist of 6 to 8 characters.

All characters entered using the keyboard, except the Enter key, will be considered
as password components. Excessive characters will be automatically discarded.
Passwords must be complex enough to ensure the security of the U2000. For
example, a password must contain six or more characters of two types. The allowed
characters are digits, letters, and special characters. Remember to use the
vncpasswd command to change passwords regularly and keep the passwords well.
i. Enter the password and press Enter.
Verify:

ii. Enter the password again and press Enter.

NOTE
l Enter the same password again. The system begins to check whether the passwords
are the same. If so, the password is set successfully. If not, set the password again.
l Remember the password that will be used for VNC login as user root.
l If the password is forgotten, log in to the OS as user root, run the vncpasswd
NOTICE
After uploading and decompressing the preconfigured component package and
before running the script to preconfigure the OS, the scripts to enable and disable
VNC is in the in the /opt/install/OSSICMR/tools/VNC directory.
After preconfiguring the OS, the scripts to enable and disable VNC is in the in
the /opt/sudobin/engr/tools/VNC directory.
root user is stopped. Run the following command:
# sh start_vnc_root.sh
root user is started. The port ID is 5802 for the root user.
NOTE
If a message is displayed asking you to set the password, run the vncpasswd password as the
root user to set the password.
d. Perform the following operations to create an SSH tunnel so that the
communication between the server and VNC client is more secure. If the PuTTY is
stored in the D:\PuTTY path, the IP address of server 1 is 10.9.1.1, and the IP
address of server 2 is 10.9.1.2, the VNC service can be implemented as the root
user for the two servers. You must ensure that the VNC service corresponding to the
root user has been started for both of the two servers.
located:
C:\>cd /d D:\PuTTY\
iii. Run the following command to create an SSH tunnel for the root user:
D:\PuTTY>putty -L 5902:localhost:5902 -L 5802:localhost:5802 10.9.1.1
D:\PuTTY>putty -L 5904:localhost:5902 10.9.1.2

NOTE
l If the VNC needs to be connected to only one server, only the first command needs
to be executed. If the VNC needs to be connected to two servers, both of the two
commands need to be executed.
l 10.9.1.1 and 10.9.1.2 specify the IP addresses of server 1 and server 2.
iv. In the PuTTY dialog box, enter the user name and password of the root user.
The SSH tunnel for the root user is created.
NOTE
l During operations on the GUI, do not shut down the PuTTY dialog box.
Otherwise, the connection to the VNC client becomes abnormal.
l If the security hardening policy is enabled on the system, enter the user name and
password of the ossuser user in the PuTTY window to complete the creation of
the SSH tunnel.
f. Perform the following operations to access the Solaris OS of the two servers:
n Ensure that the value of Server in the VNC Viewer dialog box is localhost:2.
Click OK. In the dialog box that is displayed, enter a password and click OK
to access the Solaris OS of server 1.
n Repeat Step 1e and change the value of Server to localhost:4 in the VNC
Viewer dialog box. Click OK. In the dialog box that is displayed, enter a
password and click OK to access the Solaris OS of server 2.

NOTICE
cd /opt/sudobin/engr/tools/VNC

the root user is stopped.
l If you need to use the VNC again after logging in to the server through the VNC
and logging out of the root user in the GUI, refer to this document to configure
the VNC.
l Configure the VNC service as the ossuser user.

b. Optional: Run the following command to set the password for user ossuser to log
in to the VNC. If the VNC login password for user ossuser already exists, skip this
step.
$ vncpasswd
A message similar to the following is displayed:

Password:
An example password is Admin123. A password must consist of 6 to 8 characters.

All characters entered using the keyboard, except the Enter key, will be considered
as password components. Excessive characters will be automatically discarded.
Passwords must be complex enough to ensure the security of the U2000. For
example, a password must contain six or more characters of two types. The allowed
characters are digits, letters, and special characters. Remember to use the
vncpasswd command to change passwords regularly and keep the passwords well.
i. Enter the password and press Enter.

Verify:
ii. Enter the password again and press Enter.

NOTE
l Enter the same password again. The system begins to check whether the passwords
are the same. If so, the password is set successfully. If not, set the password again.
l Remember the password that will be used for VNC login as user ossuser.
l If the password is forgotten, log in to the OS as user ossuser, run the vncpasswd
$ su - root
# sh start_vnc_oss.sh
ossuser user is started. The port ID is 5803 for user ossuser

NOTE
If a message is displayed asking you to set the password, run the vncpasswd password as the
ossuser user to set the password.
d. Perform the following operations to create an SSH tunnel for the ossuser user so
that the communication between the server and VNC client is more secure. If the
PuTTY is stored in the D:\PuTTY path, the IP address of server 1 is 10.9.1.1, and
the IP address of server 2 is 10.9.1.2, the VNC service can be implemented as the
ossuser user for the two servers. You must ensure that the VNC service
corresponding to the ossuser user has been started for both of the two servers.
located:
C:\>cd /d D:\PuTTY\
iii. Run the following command to create an SSH tunnel for the ossuser user:
D:\PuTTY>putty -L 5903:localhost:5903 -L 5803:localhost:5803 10.9.1.1
D:\PuTTY>putty -L 5905:localhost:5903 10.9.1.2
NOTE
l If the VNC needs to be connected to only one server, only the first command needs
to be executed. If the VNC needs to be connected to two servers, both of the two
commands need to be executed.
l 10.9.1.1 and 10.9.1.2 specify the IP addresses of server 1 and server 2.
iv. In the PuTTY dialog box, enter the user name and password of the ossuser
user. The SSH tunnel for the ossuser user is created.
NOTE
During operations on the GUI, do not shut down the PuTTY dialog box. Otherwise,
the connection to the VNC client becomes abnormal.
f. Perform the following operations to access the Solaris OS of the two servers:

n Ensure that the value of Server in the VNC Viewer dialog box is localhost:3.
Click OK. In the dialog box that is displayed, enter a password and click OK
to access the Solaris OS of server 1.
n Repeat Step 2e and change the value of Server to localhost:5 in the VNC
Viewer dialog box. Click OK. In the dialog box that is displayed, enter a
password and click OK to access the Solaris OS of server 2.
NOTICE

the ossuser user is stopped.
l If you need to use the VNC again after logging in to the server through the VNC
and logging out of the ossuser user in the GUI, refer to this document to
configure the VNC.
If you still cannot use the VNC on a PC or laptop to log in to the server after the
VNC is configured, perform the following operations to locate the fault:
i. Check whether the VNC port is occupied.
For a root user, the VNC port is 5802. For an ossuser user, the VNC port is
5803. For the U2000 V100R008SPC300 or later, port forwarding must be
configured on Windows. VNC ports may be occupied.
On a PC or laptop running on Windows, if a root user cannot use the VNC to
log in to the server, run the netstat -a |findstr 5802 command to check
whether the VNC port is occupied. If an ossuser user cannot use the VNC to
log in to the server, run the netstat -a |findstr 5803 command to check
whether the VNC port is occupied.
The following information is displayed (a root user is used as an example)
TCP 127.0.0.1:5802 SZXY1X001776702:0 LISTENING
If the command output contains 5802 and LISTENING, port 5802 is

occupied. For an osssuer user, check whether the command output contains
5803 and LISTENING.
If the VNC port is occupied, shut down all in-use VNCs on the current PC or
laptop. Verify that no user is using the VNC on the PC or laptop running on
Windows.

ii. If the problem persists, close all IE web browsers and restart the IE.
iii. If the problem still exists after the IE is restarted, restore the IE to default
configurations, if applicable. To restore the IE to default configurations,
choose Tools > Internet Options > Advanced > Restore Defaults. If the
Internet Explorer cannot be reconfigured, try another browser, PC, or laptop.
Table A-4 Usage of commonly seen shortcut options in the VNC window
io ity Option/
Operation
Shortcu Unavailabl The Tab key NOTE

t e cannot be used If the Tab key is incorrectly used, no
information can be entered in the CLI. You
options for the path
must click in the CLI before entering
on the association information.
VNC function.
CLI
Available Ctrl + a Start position
Ctrl + e End position
Ctrl + k Deleting all contents from the cursor to the

end
Ctrl + u Deleting all contents from the start to the

cursor
Ctrl + d Deleting a command line. After a common

line is deleted, the CLI will be shut down
Ctrl + l Clearing the screen
Shift + Home Copying characters in the selected area
Shift + Insert Pasting the content in the VNC window
Shortcu Unavailabl Contents You can only enter information in the

t e outside the VNC window or upload it to the VNC
options VNC window window.
for cannot be
operatio copied or pasted
ns not into the VNC
on the window.
VNC
CLI, The Ctrl + Alt You can only click the button on the left-
such as +U right corner to unlock a client.
operatio combination
ns on cannot be used
the file, to unlock a
window client.
, and Available Alt + F1 Opening the main menu
menu
Alt + F9 Minimizing the current window


io ity Option/
Operation
Alt + F10 Maximizing the current window
Ctrl + c Copying the content
Ctrl + v Pasting the content in the VNC window
Table A-5 VNC FAQs and solutions

1 A user fails to run The VNC has been running for a long time
commands in the without being restarted, resulting in environment
CLI after logging variable failures. To resolve this problem, restore
in to the GUI the environment variables and run the related
through the VNC. commands.
Restore the environment variables:
1. Log in to the GUI as the root user.
2. Run the following commands to restore
environment variables:
# . /.profile-EIS
2 If the VNC service There is a low probability that this issues occurs
has been running if the VNC service has been running for a certain
for a long period period of time. If this issue occurs, restart the
of time, the GUI VNC service as the root or ossuser user.
desktop may stop
responding when a
user logs in to the
GUI desktop in
vnc mode.

3 A JRE version's Perform the following operations to rectify the

upgrade to 1.8 fault:
triggers a Linux 1. Delete the VNC cache.
OS bug, causing a
failure to access a. Choose Start > Control Panel and click
the VNC. Java.
b. In the Java Control Panel window, click
shows the the General tab.
displayed c. Click View. In the Java Cache Viewer
message. dialog box, click Resources in the
Display area.
d. Delete all records with the name of
VncViewer.jar.
e. Log in to the VNC again.
2. Optional: If the login still fails, the mapping
Linux OS patch is not installed after an
U2000 upgrade. In this case, perform either
of the following operations to avoid this
issue:
l Install the mapping Linux OS patch on the
U2000 server.
l Uninstall JRE 1.8, install JRE 1.6 or 1.7
on a windows computer, and see Step 1 to
delete the VNC cache.
4 A message is Uninstall JRE 1.8, install JRE 1.6 or 1.7 on a

displayed windows computer.
indicating that
application
blocked for
security. Failed to
validate
certificate,the
application will
not be executed.
----End
A.3.3 FTP and Telnet Service Configuration

This topic covers the FAQs about the FTP and Telnet service configuration.
A.3.3.1 How Do I Set an Encryption Algorithm for OpenSSH(Solaris)
Question

Answer
Step 1 Log in to the Solaris OS as the ossuser user through SSH by using PuTTY.

System environment is : solaris
uid=0(root) gid=0(root)
All mac_algorithms:
5: hmac-ripemd160-etm@openssh.com 6:hmac-sha1-96-etm@openssh.com
11: umac-128@openssh.com 12:hmac-ripemd160
13: hmac-ripemd160@openssh.com 14:hmac-sha1-96
15: hmac-md5-96 16:hmac-sha2-256-
etm@openssh.com
17: hmac-sha2-512-etm@openssh.com 18:hmac-sha2-256
19: hmac-sha2-512
3: aes256-ctr 4:arcfour256
5: arcfour128 6:chacha20-
11: aes192-cbc 12:aes256-cbc
13: arcfour 14:rijndael-cbc@lysator.liu.se
All kex_algorithms:
1: diffie-hellman-group-exchange-sha256 2:diffie-hellman-group-
exchange-sha1
3: diffie-hellman-group14-sha1 4:diffie-hellman-group1-sha1
Current configured mac_algorithms: hmac-sha2-256-etm@openssh.com
Current configured cipher_algorithms: aes128-ctr,aes192-ctr,aes256-

ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
cbc,aes256-cbc,arcfour

mac_algorithms.
:

Please input numbers of mac_algorithms separated by a ',' . For example: 9,10
:
Enter. It is recommended that 9 be entered.
NOTE
Before selecting a secure algorithm, ensure that the system interconnected to the U2000 supports
this algorithm; otherwise, this system cannot connect to the U2000 server over OpenSSH.


cipher_algorithms.
:

1,2,3
:
Enter. It is recommended that 1,2,3 be entered.
NOTE
kex_algorithms.
:

:
Enter. It is recommended that 4 be entered.
NOTE
no restart OpenSSH!
input :

starting /usr/local/sbin/sshd... done.
NOTE
If the message "Restarting OpenSSH is successful." is displayed, the OpenSSH encryption
algorithm is successfully set.
----End
A.3.3.2 How to Start/Stop the SSH Service
Question
How do I start/stop the SSH service?
Answer
Use the following methods to start/stop the SSH service.

l Start the SSH service as follows:

a. Log in to Solaris OS as user root through Telnet by using PuTTY.
NOTE
You can also log in to the system controller in SSH mode and then follow A.3.4.8 How to
Access the OS from the Controller to perform subsequent operations.
b. Run the following command to check whether the U2000 or OS SSH service is
used:
# ps -ef|grep ssh
n If the queried directory is /user/lib/ssh/sshd, the OS SSH service is used.
n If the queried directory is /user/local/sbin/sshd, the U2000 SSH service is
used.
c. Start the SSH service:
n Run the following command to start the U2000 SSH service:
# /etc/init.d/opensshd start
n Run the following commands to start the OS SSH service:
1) # svcadm restart ssh
2) # svcadm enable ssh
l Stop the SSH service as follows:
a. Log in to Solaris OS as user root through Telnet by using PuTTY.
NOTE
You can also log in to the system controller in SSH mode and then follow A.3.4.8 How to
Access the OS from the Controller to perform subsequent operations.
b. Run the following command to check whether the U2000 or OS SSH service is
used:
# ps -ef|grep ssh
n If the queried directory is /user/lib/ssh/sshd, the OS SSH service is used.
n If the queried directory is /user/local/sbin/sshd, the U2000 SSH service is
used.
c. Run the following command to stop the SSH service:
n Run the following command to stop the U2000 SSH service:
# /etc/init.d/opensshd stop
n Run the following commands to stop the OS SSH service:
# svcadm disable ssh
A.3.3.3 How to Start/Stop the FTP, SFTP, and Telnet Services
Question
How do I start/stop the FTP, SFTP, and Telnet services?
NOTE
Using SFTP is recommended.

Answer
Use the following methods to start/stop the FTP, SFTP, and Telnet services. You are
recommended to restore the original settings afterwards.
l Start the FTP, SFTP, and Telnet services as follows:
– when NMS is not installed, starting the FTP service
i. Log in to Solaris OS as user root.
ii. Run the following command to start the FTP service:
# svcadm enable ftp
– when NMS is installed, starting the FTP service
i. Use the PuTTY to log in to the iMAP server as user ossuser in SSH mode.
ii. Run the following command to set environment variables.
iii. Run the following command to switch to user root.

$ su - root
iv. Run the following command to enable non-encrypted file transfer over FTP:
# /opt/sudobin/imap/ftp/files/setSSLForFtpSvr.sh enablePlainFtp
v. Run the following command to check whether the enabling is successful:

Non-encrypted file transfer over FTP is enabled if the following information is

displayed:
force_local_logins_ssl=NO
force_local_data_ssl=NO
– Starting the SFTP service (The default installation starts and OpenSSH
(recommended) is enabled.)
n Use the OpenSSH.
1) Log in to Solaris OS as user root.
2) Run the following commands to enable OpenSSH:
# /etc/init.d/opensshd start
n Use the SFTP service carried by the system.
2) Run the following command to start the SFTP service:
# vi /etc/ssh/sshd_config
Modify the "PAMAuthenticationViaKBDInt yes" to
"PAMAuthenticationViaKBDInt no", and run the :wq! command to save
the settings and exit.
# svcadm restart network/ssh
# svcadm enable network/ssh
– Starting the Telnet service
ii. Run the following command to start the Telnet service:
# svcadm enable telnet

l Stop the FTP, SFTP, and Telnet services as follows:

– when NMS is not installed, stopping the FTP service
ii. Run the following command to stop the FTP service:
# svcadm disable ftp
– when NMS is installed, stopping the FTP service
i. Use the PuTTY to log in to the iMAP server as user ossuser in SSH mode.
ii. Run the following command to set environment variables.
iii. Run the following command to switch to user root.

$ su - root
iv. Run the following command to disable non-encrypted file transfer over FTP:
# /opt/sudobin/imap/ftp/files/setSSLForFtpSvr.sh disablePlainFtp
v. Run the following command to check whether the disabling is successful:

non-encrypted file transfer over FTP is disabled if the following information is

displayed:
force_local_logins_ssl=YES
force_local_data_ssl=YES
– Stopping the SFTP service

n Shut down the OpenSSH.
2) Run the following commands to shut down the OpenSSH:
# /etc/init.d/opensshd stop
n Shut down the SFTP service carried by the system.
2) Run the following command to stop the SFTP service:
# svcadm disable network/ssh
– Stopping the Telnet service
ii. Run the following command to stop the Telnet service:
# svcadm disable telnet
A.3.3.4 How to Enable and Disable the FTP/Telnet Authority of user root on
Solaris OS
Question
How do I enable and disable the FTP/Telnet authority for user root on Solaris OS?

Answer
Step 1 Enable or disable the FTP authority for user root as follows:
l Enabling the FTP authority for user root
a. Log in to Solaris OS as user root.
b. Run the following commands to enable the FTP authority for user root:
# svcadm enable ftp
# sed "/^root/s//#root/g" /etc/ftpd/ftpusers > /tmp/ftpusers
# cp /tmp/ftpusers /etc/ftpd/ftpusers
l Disabling the FTP authority for user root

b. Run the following commands to enable the FTP authority for user root:
# echo "root" >> /etc/ftpd/ftpusers
Step 2 Enable or disable the Telnet authority for user root as follows:
l Enabling the Telnet authority for user root
a. Log in to the Solaris OS as user root.
b. Run the following commands to enable the Telnet authority of user root:
# svcadm enable telnet
# sed "/^CONSOLE/s//#CONSOLE/g" /etc/default/login > /tmp/login
# cp /tmp/login /etc/default/login
l Disabling the Telnet authority for user root

b. Run the following commands to disable the Telnet authority of the root user:
# sed "/^#CONSOLE/s//CONSOLE/g" /etc/default/login > /tmp/login
# cp /tmp/login /etc/default/login
----End
A.3.4 Usage and Maintenance of Workstation

This topic covers the FAQs about the usage and maintenance of the workstation.
A.3.4.1 How to View the Versions and its patches of the Solaris OS
Question
How do I view the versions and its patches of the Solaris OS?
Answer
1. Open a terminal window on Solaris OS.
2. Run the following command to view the version of the system:
# more /etc/release

Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC
Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
Assembled 23 August 2011

If the Solaris version is Solaris 10 8/11 if the following message is displayed. The OS
and patches are successfully installed. Otherwise, use a correct installation DVD-ROM
to reinstall the OS or the OS patch.
3. Run the following command to view the version of the system and its patches:
# uname -rv

Generic_150400-59
If the core patch version is Generic_150400-59, the OS and the sparc_patch_33.0.0 patch
have been installed. If another version is displayed, install the OS patch.
A.3.4.2 How to Check Whether the Hard Disk of the Sun Workstation Is
Damaged
Question
How do I check whether the hard disk of the Sun workstation is damaged?
Answer
During the operation of the Sun workstation, inappropriate powering-off usually causes
damage to the hard disk and even renders the Sybase database unavailable. Run the iostat -E
command to check whether the hard disk of the OS is damaged.
Log in to the Sun workstation as user root and run the following command:
# iostat -En

c0t0d0 Soft Errors: 0 Hard Errors: 0 Transport Errors: 0
Vendor: FUJITSU Product: MAY2073RCSUN72G Revision: 0501 Serial No: 0742S0EPT7
Size: 73.40GB <73400057856 bytes>
Illegal Request: 0 Predictive Failure
Analysis: 0
Vendor: FUJITSU Product: MAY2073RCSUN72G Revision: 0501 Serial No: 0742S0EPL9
Size: 73.40GB <73400057856 bytes>
Vendor: FUJITSU Product: MBB2073RCSUN72G Revision: 0505 Serial No: 0805A011C0
Size: 73.40GB <73400057856 bytes>
Vendor: TSSTcorp Product: CD/DVDW TS-T632A Revision: SR03 Serial No:
Size: 0.00GB <0 bytes>
Vendor: FUJITSU Product: MBB2073RCSUN72G Revision: 0505 Serial No: 0805A011DH
Size: 73.40GB <73400057856 bytes>
NOTE
The hard disk is damaged if the information to the rights of Hard Errors is not 0. Send the message
series files in the /var/adm directory to Huawei engineers so that they can apply for a spare part to
replace the hard disk on site.

A.3.4.3 How to Check the Partition of Solaris OS
Question
How do I check the partition of Solaris OS?
Answer
Step 1 Log in to Solaris OS as user root.
Step 2 Run the following command to check all disks of the server:
# format

Searching for disks...done
AVAILABLE DISK SELECTIONS:

0. c0t0d0 <SUN146G cyl 14087 alt 2 hd 24 sec 848>
/pci@0/pci@0/pci@2/scsi@0/sd@0,0
Specify disk (enter its number):
Step 3 Enter 0 and press Enter to view the information about the c1t0d0 disk. The following
message will be displayed:
selecting c0t0d0
[disk formatted]
/dev/dsk/c0t0d0s1 is in use by dump. Please see dumpadm(1M).
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
!<cmd> - execute<cmd>, then return
quit
format>
Step 4 Enter p and press Enter to select the partition list. The following message will be displayed:
PARTITION MENU:
0 - change `0' partition
1 - change `1'partition


select - select a predefined table
modify -modify a predefined partition table
name - name the current table
print - display the current table
label - write partition map and label to the disk
quit
partition>
Step 5 Enter p and press Enter to view the partition information of disk c1t0d0, including the raw
partition information. The following message will be displayed:
Current partition table (original):
Total disk cylinders available: 14087 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 root wm 0 - 3091 30.01GB (3092/0/0)
62928384
1 swap wu 3092 - 6389 32.01GB (3298/0/0)
67120896
2 backup wm 0 - 14086 136.71GB (14087/0/0)
286698624
3 - wu 0- 14086 136.71GB (14087/0/0)
286698624
4 - wu 14083 - 14086 39.75MB (4/0/0) 81408
5 unassigned wm 6390 - 10511 40.00GB (4122/0/0)
83890944
6 var wm 10512 - 13603 30.01GB (3092/0/0) 62928384
7 unassigned wm 0 0 (0/0/0) 0
partition>
Step 6 Enter q to exit the c1t0d0 disk directory. The following message will be displayed:
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label -write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
quit
format>
Step 7 Enter q and exit the format command.
Step 8 Repeat Step 2 to Step 7, and select other disks to check the partitions.
----End
A.3.4.4 How to Check the IP Address and Routing Information for a Workstation
Question
How to check the IP address and routing information for a workstation?

Answer
Step 2 Run the following command to view the IP address of the host:
# ifconfig -a

lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232inet 127.0.0.1 netmask
ff000000
hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST>mtu 1500 inet
10.9.169.143 netmask ffff0000 broadcast 10.9.255.255
hme0:1:flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet
NOTE
In the previous output, the IP address of the displayed host is 10.9.169.143, and the logical IP address is
10.6.253.136. In the Solaris or SUSE Linux system, a network adapter can bind several logical IP
addresses, which realizes communications between different network segments.
Step 3 Run the following command to view the information about the routing tables:
# netstat -rn

Routing Table:
10.105.28.0 10.105.28.202 U 4 2 hme0
10.0.0.0 10.105.31.254 UG 0 0
224.0.0.0 10.105.28.202 U 4 0 hme0
127.0.0.1 127.0.0.1 UH 0 896 lo0
A router can be in any of the following five different flags: U, G, H, D, and M, as described in
Table A-6.
Table A-6 Description of routing flags

Flag Description
U U indicates that a route is currently available.
G G indicates that a route is destined for a gateway such as a router.

If this flag is not set, you can infer that the destination is connected directly.
Flag G distinguishes between direct and indirect routes. Flag G is
unnecessary for direct routes. The difference is that the packet sent through a
direct route carries both the destination IP address and the link-layer address.
In the packet sent through an indirect route, however, the IP address points
to the destination and the link layer address points to the gateway (for
example, the next router).

Flag Description
H H indicates a route destined for a host. That is, the destination address is a
complete host address.
NOTE
l If this flag is not set, you can infer that the route leads to a network and that the
destination address is a network address: either a network number or a network.
The part in the address for the host is 0.
l When you search the routing table for an IP address, the host address must exactly
match the destination address.
l The network address, however, is required to match only the network number and
subnet number of the destination address.
D D indicates that a route is created by a redirected packet.
M M indicates that a route is modified by a redirected packet.
The Ref (Reference count) column lists the number of routing progresses. The protocol for
connection, such as TCP, requires a fixed route when a connection is established. If the telnet
connection is established between the host svr4 and the host slip, the Ref is 1. If another telnet
connection is established, its value is changed to 2.
The next column (Use) displays the number of packets sent through a specified route. After
you run the ping command as the unique user of this route, the program sends five groups and
the number of packets is displayed as 5. The last column (Interface) indicates the name of
the local interface.
The name of the loop-back interface is permanent set to lo0. Flag G is not set because the
route is not destined for a gateway. Flag H indicates that the destination address, 127.0.0.1, is
a host address and not a network address. Because flag G is not set, the route here is a direct
route and the gateway column shows the outgoing IP address.
Each host has one or multiple default routes. That is, if a particular route is not found in the
table, the packet is sent to the router. In addition, the current host can access other systems
through the Sun router (and the slip link) on the internet, based on the settings of the routing
table. The flag UG refers to the gateway.
----End
A.3.4.5 How to View the Controller IP Addresses for the Sun Workstation
Question
How to view the controller IP addresses for the Sun workstation?
Answer
l Check the controller IP address for the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle
T4-2 server.
a. Connect the computer and the server physically.
i. Use a serial port (DB9-RJ45) to connect the serial port of the local console and
the serial port (SERIAL MGT) of the server.

Use an RJ45 connector at one end of the serial port cable to connect to the
serial port (SERIAL MGT) of the server and use a DB-9 connector at the other
end of the cable to connect to the serial port (COM1 or COM2) of the
computer.
ii. Use a network cable to connect the network management port (NET MGT) of
the system controller and the switch.
Figure A-6 Connections between the Netra T4-1 server and the controller
Figure A-7 Connections between the Netra T4-2 server and the controller

Figure A-8 Connections between the Oracle T4-1 server and the controller
Figure A-9 Connections between the Oracle T4-2 server and the controller
b. Set up a logical connection between the computer and the server.

i. Start the computer and enter Windows OS.
ii. Run the PuTTY tool. In the dialog box that is displayed, choose Serial from
the navigation tree.

iii. In the right-hand pane, set parameters as follows for an interface, such as
COM1:
Attribute Attribute Value
Serial line to connect to COM1
Speed(baud) 9600
Data bits 8
Stop bits 1
Parity None
Flow Control None
iv. Choose Session from the navigation tree. In the right-hand pane, set
Connection type to Serial and use the default values for other parameters.
v. Click Open.
c. Enter the user name and password. The default user name is root and the default
password is changeme.
NOTE
The OS will be started after this step is complete if the OS is installed on the workstation.
Run the #. command to display the prompt of the controller.
d. Perform the following operations to configure hardware at the -> prompt:
i. Enter cd /SP/network.
/SP/network
ii. Enter show

/SP/network
Targets:
Properti
commitpending = (Cannot show
property)
dhcp_server_ip = none
ipaddress = 10.9.1.20
ipdiscovery = static
ipgateway = 10.9.1.1
ipnetmask = 255.255.255.0
macaddress = 00:21:28:3F:
9F:E9
pendingipaddress =
10.9.1.20
pendingipdiscovery =
static
pendingipgateway =
10.9.1.1
pendingipnetmask =
255.255.255.0
state = enabled
Commands:
cd
set
show

NOTE
In the preceding message, the controller IP address is 10.9.1.20, corresponding to

pendingipaddress; the controller gateway address is 10.9.1.1, corresponding to
pendingipgateway; the controller subnet mask is 255.255.255.0, corresponding to
pendingipnetmask.
iii. Enter exit to close the serial port-based login window.
----End
A.3.4.6 How to Decompress Files
Question
Compressed files are usually in *.tar, *.tar.gz, or *.zip format. How do I decompress these
files?
Answer
l To decompress a *.tar file, perform the following operation:
The following uses the abc.tar file as an example. Run the following command:
# tar xvf abc.tar

l To decompress a *.tar.gz file, perform the following operation:
– The following uses the abc.tar.gz file as an example. Run the following commands:
# gunzip abc.tar.gz
# tar xvf abc.tar
– The following uses the solaris10_HuaweiPatch9.0.tar.gz file as an example. Run
the following command:
# gzcat solaris10_HuaweiPatch9.0.tar.gz | tar xBpf -
l To decompress a *.zip file, perform the following operation:
The following uses the abc.zip file as an example. Run the following command:
# unzip abc.zip
----End
A.3.4.7 How to Remotely Log In to the System as User root
Question
Remote login fails after the system is restarted. How do I remotely log in to the system as user
root?
Answer
Step 1 Log in to the server from the controller. Ensure that the server is running.
Step 2 Check whether user root has rights to log in to the server. Ensure that user root has rights to
log in to the server.

Step 3 Verify the routing information about the server. Ensure that the route is reachable.
----End
A.3.4.8 How to Access the OS from the Controller
Question
How to use a controller to access the OS when login to the OS from the system IP address
fails or security hardening does not take effect and remote login to the OS as the root user
fails?
Answer
Step 1 Log in to the controller.
l For Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 servers, log in to the controller in
SSH mode.
Step 2 Access the OS.
l For Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 servers, run the start /SP/console
command to access the OS.
----End
A.3.4.9 How to Switch Between the Console, OK Prompt, and # Prompt
Question
How do I switch between the console, OK prompt, and # prompt?
NOTE
The switching method varies based on the type of the Sun server used.
Answer
l Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 Servers
– Switch from the console to the OK prompt.
NOTE
When you switch from the console to the OK prompt, the OS will be shut down. If the
U2000 is already running during switching, ensure that the U2000 and database have been
shut down.
i. Log in to the IP address of the system controller in Secure Shell (SSH) mode.
Perform the following operations to display the OK prompt:

NOTE
The Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server does not support the login
to the system controller in Telnet mode. Log in to the system controller by performing
the following operation:
l Install the SSH client tool, such as the PuTTY, in the console on Windows. Then,
you can log in to the system controller through the tool.
l Run the ssh IP address of the system controller command on the terminal console
of another Sun server to log in to the system controller. If a message similar to the
following is displayed, enter yes to continue:
established.
12:99:ed:dd:c0:5a.
ii. In the command line interface (CLI) that is displayed, enter the user name and
password of the system controller. By default, the user name is root and the
default password is changeme.
iii. Run the following command:
-> set /HOST/bootmode state=reset_nvram script="setenv auto-boot?
false"
NOTE

iv. Run the following command:

-> show /HOST status
If status = Solaris running is displayed in the command output, run the

start /SP/console command to enter the OS, and run the shutdown -y -g0 -i0
command as the root user to display the OK prompt. Skip the following steps.
If status = Solaris running is not displayed in the command output, perform
the following operations.
v. Run the following command:
-> start /SYS

vi. Enter y to start the server.

If the message start: Target already started is displayed, the system is
running. Perform the following operations:
-> stop /SYS
Enter y. The following message will be displayed:

Stopping /SYS
Enter show /HOST status repeatedly to check the system status. After a
message containing status = Powered off is displayed, proceed with the next
step.
-> start /SYS

Enter y to start the server.

vii. Run the following command to display the OK prompt:
-> start /SP/console -f

viii. Enter y and press Enter.

...

reserved.
auto-boot? = false
{0} ok
– Switch from the OK prompt to the # prompt.

ok setenv auto-boot? true
NOTE
There must be a space between ? and true.

If the message auto-boot? = true is displayed, the setting succeeds.
Run the following command to verify that the parameter settings have taken effect:
ok printenv
NOTE
If the message auto-boot? true is displayed, the parameters have taken effect.
Variable Name Value Default Value
...
auto-boot? true true
...
Run the following command to enable the system to perform another self-check:
ok reset-all
The system will display the OK prompt. Enter boot. If # is displayed, the system
has successfully switched to the # prompt.
ok boot
– Switch from the # prompt to the console.

# #.
NOTE
Enter # and ..
– Switch from the # prompt to the OK prompt.

# init 0
– Switch from the console prompt to the #.

The system will start running. Run the following command to change the status
from the console prompt to the # prompt.
l V240 and V440 Servers

– Switch from the console to the OK prompt.
i. Run the telnet IP address of the controller command on the console to log in
to the controller IP address by means of Telnet.
Login:
ii. Enter the user name and password.

iii. Run the following command to display the OK prompt.
sc> console -f
NOTE
In certain conditions, the following message will be displayed:

Warning: User < > currently has write permission to this console
and
forcibly removing them will terminate any current write actions
and all work will be lost.
Would you like to continue? [y/n]
Enter y.
If the intended server is used for the first time, the system will display the OK prompt.
If the server is installed with the OS, the system will display the # prompt. Perform the
Enter #. to display the ALOM prompt. (If the RSC control board is used, enter ~..)
Run the following command at the ALOM prompt:
sc> break
Are you sure you want to send a break to the system [y/n]?
Enter y.
sc> console -f
– Switch from the OK prompt to the # prompt.

ok setenv auto-boot? true
NOTE
There must be a space between ? and true.

Run the following command to verify that the parameter settings have taken effect:
ok printenv
Run the following command to enable the system to perform another self-check:
ok reset-all
The system will display the OK prompt. Enter boot to display the # prompt.
ok boot
– Switch from the # prompt to the console.


# #.
NOTE
Enter # and ..
– Switch from the # prompt to the OK prompt.
# init 0
– Switch from the console prompt to the #.

The system will start running. Run the following command to change the status
from the console prompt to the # prompt.
-> console -f
----End
A.3.4.10 How to Use the Text Editor
Question
How do I use the text editor?
NOTE
Use the text editor only through the GUI.

The text editor is recommended because it is easier to use than the vi editor.
Answer
Run the following command to open the text editor:
dtpad file name
l If a file with the same filename exists, run the dtpad command to open and edit the file.
l If a file with the same filename does not exist, run the dtpad command to create and edit
a file.
A.3.4.11 How to Query the Process Status
Question
How do I query the process status?
Answer
Run the ps -ef | grep process name command to query the process status.
For example, run the ps -ef | grep sysmonitor command to query the status of the sysmonitor
process. The following message will be displayed:
ossuser 17156 17032 0 22:13:59 pts/3 0:00 grep sysmonitor
l imap_sysmonitor indicates information about the process, where 11972 is the process
ID.
NOTE
Process information will be displayed if the process is running.

l grep sysmonitor indicates the query operation performed by the user and can be
ignored.
A.3.4.12 How to Upgrade the System Controller Firmware of the Netra T4-1/
Oracle T4-1/Oracle T4-2 Server
Question
If the version of the Netra T4-1/Oracle T4-1/Oracle T4-2 server is earlier than 8.3.0, alarms
about the power module and fan module cannot be reported. Therefore, the Netra T4-1/Oracle
T4-1/Oracle T4-2 server must be upgraded. During the upgrade, the system controller must be
shut down. How do I upgrade the version of the system controller firmware of the Netra T4-1/
Oracle T4-1/Oracle T4-2 server?
Answer
Step 1 Log in to http://support.huawei.com/carrier and enter Software. Choose Tool > Mini-tool
Software > Network OSS&Service > Universal OS & Patches > Solaris and download
patch packages based on the server type. Only Huawei engineers have the permissions to
download software packages. If the installation using software packages is required, contact
Huawei engineers to obtain software packages.
l Netra T4-1 server:Netra_T4-1_SC_patch-8_3_0_solaris_SPARC.zip
l Oracle T4-1 server:T4-1_SC_patch-8_3_0_solaris_SPARC.zip
l Oracle T4-2 server:T4-2_SC_patch-8_3_0_solaris_SPARC.zip
Step 2 Log in to the system controller.
Step 3 Run the following command to start the HTTP service of the system controller firmware:
-> cd /SP/services/https
-> set servicestate=enabled
If information similar to the following is displayed, the HTTP service is started successfully.
Set 'servicestate' to 'enabled'
Step 4 On the computer where the Windows OS has been installed, open the Internet Explorer.
Step 5 On the address bar, enter the IP address of the workstation controller.
Step 6 In the login dialog box that is displayed, enter the user name and password of the controller
and click Log In.
NOTE
l A message indicating an issue about the security certificate may be displayed. Ignore the message.
l The default user name of the Netra T4-1/Oracle T4-1/Oracle T4-2 controller is root.
l The default password of the Netra T4-1/Oracle T4-1/Oracle T4-2 controller is changeme.

Step 7 After successful login to the server, power off the server. If the server has been powered off,
skip the following operations:
Netra T4-1/Oracle T4-1 Server:
1. Choose Remote Control > Remote Power Control.
2. On the Server Power Control page, select Immediate Power Off and click Save.
Oracle T4-2 Server:
1. Choose Host Management > Power Control.
2. On the Server Power Control page, select Immediate Power Off and click Save.
Step 8 Upgrade the system controller firmware.
1. Copy the obtained patch package to a PC directory and decompress it.
2. After the uploading is complete, check whether the uploaded software packages are
appropriate. For details, see A.2.27 How Do I Verify Downloaded Software Packages
Using the PGPVerify Software.
3. Choose Maintenance > Firmware Upgrade. Then click Enter Upgrade Mode.
4. Click Browse and select the patch package based on the server type.
– Netra T4-1 server: Navigate to the 150417-02 directory in the decompression
directory of the patch package. Select the Sun_System_Firmware-8_3_0_c-
Netra_SPARC_T4-1.pkg patch package.
– Oracle T4-1 server: Navigate to the 150413-02 directory in the decompression
SPARC_T4-1.pkg patch package.
– Oracle T4-2 server: Navigate to the 150414-02 directory in the decompression
SPARC_T4-2.pkg patch package.
5. Click Upload to upload the patch package of the system controller firmware. Then click
Start Upgrade to start upgrading the system controller firmware.

6. If information similar to the following is displayed, the upgrade is complete.
Step 9 Log in to the controller of the server as the root user. Run the following command to view the
version of the system controller firmware:
-> cd /HOST
-> ls
View the sysfw_version information in the command output. For example, sysfw_version =
Sun System Firmware 7.4.6.c 2012/03/14 10:49.
If sysfw_version = Sun System Firmware 7.4.6.c is displayed, the version of sysfw_version

is later than 7.4.6.c and the system controller firmware is upgraded successfully.
l Netra T4-1/Oracle T4-1/Oracle T4-2 server:

View the sysfw_version information in the command output. For example,
sysfw_version = Sun System Firmware 8.3.0.b 2012/08/03 11:58.
If sysfw_version = Sun System Firmware 8.3.0 is displayed, the version of
sysfw_version is later than 8.3.0 and the system controller firmware is upgraded
successfully.
NOTE
If an OS has been installed, access the OS and restart it after the system controller firmware is upgraded.
Netra T4-1/Oracle T4-1/Oracle T4-2 Server:
l Perform Step4 to Step6 to login to the server.
l Choose Host Management > Power Control.
l On the Server Power Control page, select Power On and click Save.
----End
A.3.4.13 How to Solve the Problem Where the OS Fails to Start After the Netra
T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 Server Is Abnormally Powered Off
Question
After the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server is abnormally powered off,
the control card displays the message "System faults or hardware configuration prevents
power on" during OS startup. How do I address this problem?

Answer
Step 1 On the computer where the Windows OS has been installed, open the Internet Explorer.
Step 2 On the address bar, enter the IP address of the workstation controller.
Step 3 In the login dialog box that is displayed, enter the user name and password of the controller
and click Log In.
NOTE
l A message indicating an issue about the security certificate may be displayed. Ignore the message.
l The default user name of the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 controller is root.
l The default password of the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 controller is
changeme.
Step 4 Click the Components tab.
Step 5 Perform the following operations to start components in the Disabled state:
1. Select Component State: Disabled from Filter to filter out components in the Disabled
state.
2. Select all the components in the Disabled state.

3. Select Enable Component from Actions to start the components.

NOTE
l If components in the Disabled state are unavailable, all components are normal.
l If the components still fail to be started after Enable Component is selected, a hardware fault
occurs. Contact Oracle engineers to address the issue.
Step 6 Perform the following operations to restore faulty components:

1. Select Fault Status: Faulted from Filter to filter out components in the Faulted state.
2. Select all the components in the Faulted state.

3. Select Clear Faults from Actions.
NOTE
If the fault persists after Clear Faults is selected, a hardware fault occurs. Contact Oracle engineers to
address the issue.
Step 7 After the preceding operations are complete, shut down the Internet Explorer.
Step 8 Perform the following operations to restart the workstation:

1. If the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server is used, perform the
a. Log in to the system controller in SSH mode.
NOTE
The Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server does not support login through
Telnet. Log in to the system controller performing the following:
n Install the tool software of the SSH client on the Windows terminal to log in to the
system controller, for example: Putty.
n Run the ssh SC_IP_Address command on the terminals of other Sun servers. If the
following message is displayed, enter yes:
established.
12:99:ed:dd:c0:5a.

b. In the CLI, enter the user name and password of the system controller. The default
user name and password are root and changeme.
c. Enter set /HOST/bootmode state=reset_nvram script="setenv auto-boot?
false".
NOTE

d. Enter start /SYS.

e. Enter y to start the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2.

The system is running if the following message is displayed:
start: Target already started
If the message is not displayed, go to the step Step 8.1.f.
i. Enter stop /SYS.
ii. Enter y.
Stopping /SYS
iii. Enter show /HOST status repeatedly to check the system status.
Proceed with the subsequent operations until the following message is
displayed:
status = Powered off
iv. Enter start /SYS.

v. Enter y to start the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2.

f. Enter start /SP/console.
g. Enter y and press Enter.

NOTE
n If a prompt is displayed, enter y and press Enter.

n If the following information is displayed, the EEPROM Password policy in SetSolaris
security hardening has been enabled.
Firmware Password:
Enter the Firmware Password, The default password is sek12345.
...


reserved.
auto-boot? = false
{0} ok
----End
A.3.4.14 How to Deploy a Solaris Single-Server System If Data Is Stored on Some

Hard Disks
Question
A server is equipped with four hard disks, two of which are in use. How to deploy a Solaris
single-server system without impacting data on the two hard disks?
Answer
Step 1 Remove the two hard disks from the server.
Step 2 Use the other two hard disks for U2000 installation and quick system installation.
For details, see the U2000 Single-Server System Software Installation and Commissioning
Guide (Solaris).
Step 3 Insert the removed hard disks into the server.
If the two hard disks are mounted but the vfstab file is not modified, data on the two hard
disks can be viewed and used only this time. After the server is restarted, data on the two hard
disks cannot be viewed.
Step 4 To ensure proper use, mount the two hard disks.
Run the following commands:
# mkdir data1
# mkdir data2
# mount -F ufs /dev/dsk/c1t2d0s7 /data1
# mount -F ufs /dev/dsk/c1t3d0s7 /data2
Step 5 Modify the vfstab file to ensure that data on the two hard disks can still be viewed after the
server is restarted.
# vi /etc/vfstab
Add the following two lines of information to the vfstab file:

/dev/dsk/c1t2d0s7 /dev/rdsk/c1t2d0s7 /data1 ufs 2 yes -
/dev/dsk/c1t3d0s7 /dev/rdsk/c1t3d0s7 /data2 ufs 2 yes -

Press ESC. Then, press Shift+;, enter wq!, and press Enter.
----End
A.3.4.15 How to Solve the Problem Where the Monitor or KVM Cannot Access
the GUI After the OS Is Installed on the Netra T4-1/Netra T4-2/Oracle T4-1/
Oracle T4-2 Server
Question
The OS was installed by using the quick installation DVD. After the Netra T4-1/Netra T4-2/
Oracle T4-1/Oracle T4-2 is connected to the KVM, the GUI cannot be opened. How do I
rectify this fault?
Answer
Step 1 To set the I/O mode, run the following commands:
# eeprom output-device=screen
# eeprom input-device=keyboard
Step 2 To set the screen resolution and refresh rate, perform the following operations:
1. To view information about the current video board, run the following command:
# fbconfig -list

Device File Name Device Model Config Program
---------------- ------------ --------------
/dev/fbs/ast0 display fbconf_xorg
NOTE
The value of /dev/fbs/ast0 differs according to on-site requirements.
2. Optional: If Config Program is displayed as program not available, run the following
commands:
# ln -s /dev/fbs/ast0 /dev/fb
# fbconfig -xserver Xorg

3. To view the screen resolution and refresh rate supported for the current video board, run
the following command:
# fbconfig -dev /dev/fbs/ast0 -res \?

Valid values for -res option are:
...
...
VESA_STD_640x480x60
[1] Resolution is supported by monitor
[2] Preferred resolution for monitor
No EDID data for monitor. Can not determine supported resolutions.
Use of an unsupported resolution can render the video display unusable.
Abbreviations such as "1280x1024x75" may also be used.

4. To view the current configurations for the video board, run the following command:
# fbconfig -dev /dev/fbs/ast0 -propt
--- Graphics Configuration for /dev/fbs/ast0 ---

xorg.conf: machine -- /etc/X11/xorg.conf
Screen section: "ast0"
Device section: "ast0"
Monitor section: none
Video Mode: Not set
Screen Information:
Remote Screen: Not set
5. The screen resolution and refresh rate are not set if Video Mode is set to not set. To set
the screen resolution and refresh rate, run the following commands:
# fbconfig -dev /dev/fbs/ast0 -res 1024x768x60 now

fbconf_xorg: Unrecognized video mode, "1024*768*60"
fbconf_xorg: Use "1024*768*60" anyway (yes/no) ?
Enter y, and then press Enter. A message similar to the following will be displayed:
Setting 1024x768x60
6. To view the current configurations for the video board, run the following command:
# fbconfig -dev /dev/fbs/ast0 -propt
The setting has taken effect if a message similar to the following is displayed.
--- Graphics Configuration for /dev/fbs/ast0 ---
xorg.conf: machine -- /etc/X11/xorg.conf

Screen section: "ast0"
Device section: "ast0"
Monitor section: "ast0"
Video Mode: "VESA_STD_1024x768x60"
Screen Information:
Remote Screen: Not set
Step 3 To restart the OS, run the following command. After the OS is restarted, connect the Netra
T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 to the KVM.
NOTE
If a message asking you to enter a user name is displayed on the monitor or KVM during the restart of
the OS, ignore the message. The OS automatically accesses the login window.
----End

A.3.4.16 How to Obtain Packet Headers on Solaris
Question
Packet headers obtain may be required for fault locating. How do I obtain packet headers on
Solaris?
Answer
NOTICE
To ensure security of customers' networks, obtain customers' written authorization before you
obtain packet headers. In addition, comply with laws of associated countries or user privacy
policies of Huawei and take effective measures to ensure that personal data is fully protected.

Step 2 Run the snoop command to obtain packet headers. The common format of the snoop
command is snoop -d NIC name -o Generated file name IP address.
NOTE
l snoop is a command provided by Solaris. For more information about how to use this command, run
the man snoop command.
l To stop capturing packets, press Ctrl+C.
l Command description:
– NIC name: name of the NIC communicating with the destination IP address.
– Generated file name: usually in the format of xxxx.cap.
– IP address: IP address of the packet headers obtain target. It is usually the IP
address of an NE.
Command use example: For example, it is assumed that the IP address of an NE is
10.71.212.13, the name of the NIC that the server uses to communicate with the NE is
bge0, and the name of the file generated after packet headers obtain is complete is /opt/
123.cap.
Run the following command to obtain packet headers:
# snoop -d bge0 -o /opt/123.cap 10.71.212.13
----End
A.3.4.17 Mappings Between Physical and Logical Network Interfaces on Server

Running Solaris
This topic describes the mappings between physical and logical network interfaces on server
running Solaris.
Example 1: In Figure A-10, the mappings between the physical and logical network
interfaces for the Netra T4-1 are described as follows:
l The Netra T4-1 is integrated with one NIC. The associated logical network interfaces on
the integrated NIC are named igb0, igb1, igb2, and igb3.
l If an NIC is inserted to the PCI slot, the logical network interfaces on the NIC are
numbered from right to left in ascending order.

l If an expansion NIC is installed in a PCI slot, refer to the operation for Netra T4–2 in
this topic to check the mapping between logical and physical network interfaces.
Figure A-10 Mappings between physical and logical network interfaces on the Netra T4-1
interfaces for the Oracle T4-1 are described as follows:
l The Oracle T4-1 is integrated with one NIC. The associated logical network interfaces
on the integrated NIC are named igb0, igb1, igb2, and igb3.
numbered from right to left in ascending order.
Figure A-11 Mappings between physical and logical network interfaces on the Oracle T4-1
interfaces for the Oracle T4-2 are described as follows:

l One NIC is integrated to the Oracle T4-2. The four logical network interfaces on the NIC
are identified as follows from left to right and from top to bottom:igb2, igb3, igb0, and
igb1.
numbered from top to bottom in descending order.
Figure A-12 Mappings between physical and logical network interfaces on the Oracle T4-2
interfaces for the Netra T4-2 are described as follows:
l One NIC is integrated to the Netra T4-2. The four logical network interfaces on the NIC
are identified as follows from left to right and from top to bottom:igb2, igb3, igb0, and
igb1.
Figure A-13 Mappings between physical and logical network interfaces on the Netra
T4-2

numbered from top to bottom in descending order.
l If an expansion NIC is installed in a PCI slot, perform the following operations to check
the mapping between logical and physical network interfaces:
a. Access the operating system from the console.
i. Log in to the controller as the root user.
ii. Run the following command to start the operating system:
-> start /SYS
Enter y to start the workstation.

iii. Run the following command to access the operating system:
Enter y to access the operating system.

b. Run the following two commands to check the information about the logical and
physical network interfaces, respectively. A logical network interface matches the
physical network interface with the same parameter settings. Use the following
command outputs as an example. In the output of the first command, "/pci@400/
pci@2/pci@0/pci@0/network@0" indicates the parameter settings of igb0, a logical
network interface. The physical network interface it matches is the first network
interface on the NIC in the PCIE0 slot because that network interface has the same
parameter settings as igb0.
# cat /etc/path_to_inst |grep network
"/pci@400/pci@2/pci@0/pci@0/network@0" 0 "igb"
"/pci@400/pci@2/pci@0/pci@0/network@0,1" 1 "igb"
"/pci@400/pci@2/pci@0/pci@f/network@0" 8 "igb"
"/pci@400/pci@2/pci@0/pci@f/network@0,1" 9 "igb"
# prtdiag -v |grep network
/SYS/MB/PCIE0 PCIE network-pciex8086,1521 SUNW,pcie-igb
5.0GTx4
/pci@400/pci@2/pci@0/pci@0/network@0
5.0GTx4
/pci@400/pci@2/pci@0/pci@0/network@0,1
5.0GTx4
5.0GTx4
5.0GTx4
5.0GTx4


5.0GTx4
5.0GTx4
/SYS/MB/NET0 PCIE network-pciex8086,10c9
2.5GTx4
/pci@400/pci@2/pci@0/pci@f/network@0
2.5GTx4
/pci@400/pci@2/pci@0/pci@f/network@0,1
2.5GTx4
2.5GTx4
c. Compare the outputs of the two commands to determine the physical network
interface that matches the planned logical network interface. Then insert a network
cable into this physical network interface.
NOTE
The logical network interface used in factory installation is igb0. Ensure that the network cable is
inserted into the physical network interface that matches igb0.
A.3.4.18 How to Enable Audit on Solaris OS Commands
Question
How do I enable the function of auditing Solaris OS commands?
NOTICE
l The function helps users to monitor changes of the file system. Users can learn the file
modification time, person who perform the modification, and the modified process. The
information provides reference for system management, system security improvement, and
system fault location.
l Enabling commands audit function of the Solaris OS may affect the system space
occupation and system performance. It is advised not to enable the function.
Answer
NOTE
Step 2 Run the following command to check whether the log function has been enabled:
# lastcomm

sh ossuser __ 0.00 secs Fri Apr 24 18:48
grep ossuser __ 0.00 secs Fri Apr 24 18:48


ps S ossuser __ 0.15 secs Fri Apr 24 18:48
NOTE
l If the log function has not been enabled, the following information is displayed:
/var/adm/pacct: No such file or directory
l If up-to-date information can be queried, the log function has been enabled.
l If the amount of log information is huge, you can run the lastcomm command to save the log
information as a file for viewing. For example:
# lastcomm >testAccount.log
# more testAccount.log
Step 3 If the log function has not been enabled, run the following command to enable it:
# /usr/lib/acct/accton /var/adm/pacct
Step 4 Check the log information. If you use the lastcomm command to query the log information, a
long list of log information may be displayed. To narrow down the scope of log information,
run the command with specified parameters.
l To query changes by chmod commands:
# lastcomm | grep chmod

chmod root pts/8 0.00 secs Fri Apr 24 17:36
chmod ossuser __ 0.01 secs Fri Apr 24 17:35
l To query chmod operations performed by the root user:

# lastcomm chmod root

NOTE
If you want to check the background audit log to learn the detailed system file changes, see the Saloris
documentation.
Step 5 Optional: (Optional) Run the following command to disable the log function:
# /usr/lib/acct/accton
----End
A.3.5 How Do I Obtain the Public Key of a Third-party SFTP

Server
When you add or modify a third-party SFTP server on the U2000 client, you can choose
whether to check the server public key. If you choose to check it, users need to configure the
SFTP server public key on the client.
Prerequisites
Based on the IP address of the SFTP server to be added or modified on the U2000 client, find
the SFTP server the client connects to. Perform the following operations on the SFTP server.
Context
l The third-party SFTP server runs the Linux or Solaris operating system.

l If you choose to check the server public key when configuring a third-party SFTP server
on the U2000 client, the system compares the third-party SFTP server public key entered
by users on the client with the third-party SFTP server public key. If the public key are
different, the SFTP function used for communications between the third-party SFTP
server and the U2000 client is unavailable.
Procedure
Step 1 Log in to the third-party SFTP server.

$ su - root
Step 3 Run the following command to obtain the public key content of the SFTP server:
# cat /usr/local/etc/ssh_host_rsa_key.pub
If information similar to the following is displayed, the public key content has been obtained.
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwjUbMhStgUyeFrEzMGrBFCnQYGsQBcLAGC18NBF78I3I9W0SE4fcoQ
ujhTAAVG1+jkvQiaqylSYUWnlUbd/lF/
l9GDkWUhCH1RWYDbdypgMHHKIANwrxLKnIoyaCpLvfz75aWQFP4IKaSMdiV6BKvFXSAUa00V8yoQttOq5x
FwU= root@linux
----End
A.4 Disk Array

This topic describes FAQs related to the disk array settings.
A.4.1 Description About Interfaces Connecting to Disk Arrays

This topic describes the interfaces connecting to disk arrays.
Figure A-14 is an example of the interfaces connecting to the S3900 disk array.
Figure A-14 Description about the interfaces connecting to the S3900 disk array.

Figure A-15 is an example of the interfaces connecting to the 5500 V3 disk array.
Figure A-15 Description about the interfaces connecting to the 5500 V3 disk array.
A.4.2 How Do I Check Whether the Power Failure of the Disk

Array Affects System Functions?
Question
After the disk array is powered off unexpectedly, power it on again. How do I check whether
the unexpected power-off of the disk array affects U2000 functions?
Answer
SUSE Linux Enterprise Server 12 SP2 used by the U2000 has a special file protection
mechanism. When a storage exception such as a sudden power failure or disk damage occurs,
the file systems may change to the read-only mode to protect data. Therefore, after the disk
array is powered off and then powered on again, check whether the file systems are read-only.
If the file systems are read-only, the functions of the U2000 will be affected.
Step 1 Check whether the file systems are read-only.

1. Use PuTTY to log in to the U2000 server as the ossuser in SSH mode.
2. Run the following commands to switch to the root user:
$ su - root
Password: Password for the root user
3. Check the mounting status of the file systems.

# cat /proc/mounts

......
tmpfs /run tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0
tmpfs /sys/fs/cgroup tmpfs ro,seclabel,nosuid,nodev,noexec,mode=755 0 0
......
NOTE
In the command output, the fourth column indicates the mounting status. ro indicates the read-only
mode, and rw indicates the read/write mode.
– If the file systems are in read-only mode, perform Step 2.

– If the file systems are not in read-only mode, it is normal. Log out of PuTTY and
use the U2000.
Step 2 Optional: Restart the OS to re-mount the file system.
NOTE
The file systems are read-only, so you cannot stop the U2000 and database services. Restart the OS
directly.
1. Run the following commands to restart the OS:
# shutdown -r now
2. Perform Step 1 to check the mounting status of file systems again.

– If the file systems are not in read-only mode, it is normal. Log out of PuTTY and
use the U2000.
– If the file systems are still in read-only mode, contact Huawei technical support.
----End
A.5 System Settings of the Huawei server

This topic covers FAQs about Huawei server system settings.
A.5.1 How Do I Use iBMC IP to Log In to a Remote 2288H V5

server
Question
How do I use iBMC IP to log in to a remote 2288H V5 server?
Answer
Step 1 Open Internet Explorer a on the local PC.
Step 2 In the address box, enter the iBMC address in the format: https://IP address of the iBMC
management network port on the server. Press Enter. The iBMC login page is displayed.
NOTE
l Choose Tools > Internet option before logging in to the Huawei server. Click the Connection tab
to clear settings of the proxy server of the Internet Explorer.
l If the message There is a problem with this website's security certificate is displayed, click
Continue to this website (not recommended).
l If the system displays the Security Alert dialog box indicating a certificate error, click Yes.
Display the following page:

Step 3 On the login page, enter the User Name and Password. SelectLocal iBMC from the Domain
drop-down list. Click Log In.
NOTE
l Default user name: Administrator

l Default password: Admin@9000 (Enter the new password if the password has been changed. If the
password has not been changed, it is recommended to change the password quickly and keep the
new password safe for the safety of a system. For details, see A.5.8 How to Change the Password
of 2288H V5 server iBMC User Administrator. )
Step 4 Choose Remote Control from the navigation tree to open the remote control window. The
remote control window displays the KVM property and the virtual media property.
Step 5 Click Remote Virtual Console (shared mode) or Remote Virtual Console (private mode)
as required to enter the virtual console window.
l HTML5 Integrated Remote Console: depends on the browser version. (This console is
recommended.)
l Java Integrated Remote Console: depends on the browser and Java versions.
NOTE
– If the Safe warning dialog box is displayed, click Permission.

– If a message is displayed indicating that the application is prohibited to run, choose Start >
Edit Site List, and Add, enter an iBMC IP address, such as http://192.168.2.100, and click
OK. Click OK, restart the IE Explorer, and log in to iBMC again.
l Shared: Two users can log in to the remote virtual console concurrently. The server
responds to commands of each user.
l Private: Only one user can log in to the remote virtual console.
----End

A.5.2 How Do I Use iMana/iBMC IP to Log In to a Remote

Huawei server (RH2288H V3 server, RH5885H V3 server and
RH2288H V2 server)
Question
How do I use iMana/iBMC IP to log in to a remote Huawei server?
Answer
Step 1 Open the Internet Explorer and enter the IP address of the iMana/iBMC module in the address
bar. The iMana/iBMC login window is displayed.
NOTE
l The default IP of iMana/iBMC is 192.168.2.100. The subnet mask is 255.255.255.0. See A.5.4 How
to View the IP Address of the iMana/iBMC on the Huawei server (RH2288H V3 server,
RH5885H V3 server and RH2288H V2 server) if the default IP of iMana/iBMC changes.
Step 2 Enter the user name and the password of iMana/iBMC and click Log In.
NOTE
l Default user name: root

l Default password: Huawei12#$ (Enter the new password if the password has been changed. If the
of iMana/iBMC User Root (RH2288H V3 server, RH5885H V3 server and RH2288H V2
server). )
l If log in to the RH5885H V3 or RH2288H V2 server through iMana, display the

following page:

l If log in to the RH5885H V3 server through iBMC, display the following page:
Step 3 Choose Remote Control from the navigation tree to open the remote control window. The
remote control window displays the KVM property and the virtual media property.

l If log in to the RH5885H V3 or RH2288H V2 server through iMana, display the

following page:

Step 4 Click Remote Virtual Console (shared mode) or Remote Virtual Console (private mode)
as required to enter the virtual console window.
l Remote Virtual Console (shared mode): Two users can log in to the remote virtual
console concurrently. The server responds to commands of each user.
l Remote Virtual Console (private mode): Only one user can log in to the remote virtual
console.
NOTE
l If the Safe warning dialog box is displayed, click Permission.

l If a message is displayed indicating that the application is prohibited to run, choose Start >
Control Panel and click Java. In the Java Control Panel dialog box, click the Security tab, Edit
Site List, and Add, enter an iMana/iBMC IP address, such as http://192.168.2.100, and click OK.
Click OK, restart the IE Explorer, and log in to iMana/iBMC again.
----End
A.5.3 How to View the IP Address of the iBMC on the 2288H V5

server
Question
How do I view the IP address of the iBMC on the 2288H V5 server?
Answer
Step 1 Start the server.
l HTML5 Integrated Remote Console:
a. Log in to the server. For details, see A.5.1 How Do I Use iBMC IP to Log In to a
Remote 2288H V5 server. Click HTML5 Integrated Remote Console (Private)
or HTML5 Integrated Remote Console (Shared).

b. Click on the toolbar which is right above Remote Virtual Console and select
BIOS Setup.
c. Click on the toolbar which is right above Remote Virtual Console and select
Forced System Reset.
d. In the dialog box that is displayed, click Yes to restart the server.
NOTE
password. The default password is Admin@9000, if the password has been changed, enter
the new password. If the password has not been changed, for system security, modify the
default password and remember the new password.
l Java Integrated Remote Console:
Remote 2288H V5 server. Click Java Integrated Remote Console (Private) or
Java Integrated Remote Console (Shared).
c. In the dialog box that is displayed, click Yes to restart the server.
d. During server restart, press Delete until the BIOS configuration window is
displayed.
NOTE
l In local mode:
a. Press the power button to restart the PC server.
b. During server start, press Delete until the BIOS configuration window is displayed.
NOTE
Step 2 View the IP Address of the iBMC.

1. Place the cursor over Advanced by using up and down arrow keys, enter the Advanced
window by pressing Enter.

2. Place the cursor over IPMI iBMC Configuration by using up and down arrow keys and
press Enter. The IPMI iBMC Configuration is displayed.
3. Place the cursor over iBMC Configuration by using up and down arrow keys and press
Enter to access the iBMC Configuration window to view the IP address.

----End
A.5.4 How to View the IP Address of the iMana/iBMC on the

Huawei server (RH2288H V3 server, RH5885H V3 server and
RH2288H V2 server)
Question
How do I view the IP address of the iMana/iBMC on the Huawei server?
Answer
Step 1 Install the KVM on the server.
Step 2 Press the power button on the server and restart the server.
Step 3 During server restart, press Delete until the BIOS configuration window is displayed.
NOTE
If a dialog box is displayed asking you to enter a password, enter the desired password and then press
Enter.
Step 4 View the IP Address of the iMana/iBMC.

l If log in to the RH5885H V3 server through iMana, perform the following operations:
a. Choose Server Mgmt tab.
b. Choose BMC network configuration, and press Enter to access the BMC
network configuration window to view the IP address.

l If log in to the Huawei RH2288H V2 server through iMana, perform the following
operations:
a. Choose Advanced > IPMI BMC Configuration, and press Enter. The IPMI
BMC Configuration page is displayed.
b. Select BMC Configuration, and press Enter to access the BMC Configuration
window to view the IP address.

a. Choose Server Mgmt tab.
b. Choose BMC network configuration, and press Enter to access the BMC
network configuration window to view the IP address.
a. Choose Advanced > IPMI iBMC Configuration, and press Enter. The IPMI
iBMC Configuration page is displayed.

b. Select iBMC Configuration, and press Enter to access the iBMC Configuration
window to view the IP address.
----End
A.5.5 How Do I Configure the Boot Mode and Boot Medium of

2288H V5 server
Question
How do I configure the boot mode and boot medium of 2288H V5 server?

Answer
NOTE
NOTE

Step 4 Click Configuration from the left navigation tree to open the remote control window and
then click Boot Device.
Step 5 Set the boot mode and boot medium in the Boot Device window.
l Set Boot Mode Changeover to ON to keep the boot mode of the server the same as that
set in the iBMC.
l Set Boot Mode to Legacy BIOS or UEFI (Unified Extensible Firmware Interface).
l Set Effective to One-time.
l Set Boot Medium to DVD-ROM.
Step 6 Click Save.
----End

A.5.6 How Do I Mount the ISO File or the U2000 Quick

Installation DVD to a Drive (RH2288H V3 server, RH5885H V3
server and RH2288H V2 server)
Question
How do I mount the ISO file or the U2000 quick installation DVD to a drive (Huawei
server)?
Answer
Step 1 Insert the quick installation DVD-ROM (Terminal Physical Software, iManager U2000,
iManager U2000 version_server_sles, Physical Software Package For Linux Network
Management System, CD) to the drive on a PC or laptop. If an ISO image file is used to
install the operating system, save the ISO image file to any directory on the PC or laptop.
Step 2 Log in to the server. For details, see A.5.2 How Do I Use iMana/iBMC IP to Log In to a
Remote Huawei server (RH2288H V3 server, RH5885H V3 server and RH2288H V2
server).
Step 3 Click on the toolbar which is right above Remote Virtual Console.
Step 4 Load the installation DVD or ISO file.

l If the installation DVD is used, select CD/DVD in the virtual disk dialog box, select the
drive letter of the installation DVD from the drop-down list on the right, and click
Connect. If the drive has successfully connected to the server, the Connect changes to
Disconnect.
l If the ISO file is used, perform the following operations:
a. In the virtual disk dialog box, select Image File and click Browse.
b. In the Open dialog box, select the ISO file of the quick RAID configuration DVD
U2000version_server_os_sles12_x64_dvd1.iso and click Open.
c. In the virtual disk dialog box, click Connect. If the virtual drive has successfully
connected to the server, the Connect changes to Disconnect.
Step 5 Click on the toolbar which is right above Remote Virtual Console and select Reset,
Cold Reset or Forced System Reset.
Step 6 In the dialog box that is displayed, click Yes to restart the server.
----End

A.5.7 How Do I Mount the ISO File or the U2000 Quick

Installation DVD to a Drive (2288H V5 server)
Question
How do I mount the ISO file or the U2000 quick installation DVD to a drive (Huawei
server)?
Answer
Step 1 Insert the quick installation DVD-ROM (Terminal Physical Software, iManager U2000,
iManager U2000 version_server_sles, Physical Software Package For Linux Network
Management System, CD) to the drive on a PC or laptop. If an ISO image file is used to
install the operating system, save the ISO image file to any directory on the PC or laptop.
Step 2 Log in to the server. For details, see A.5.1 How Do I Use iBMC IP to Log In to a Remote
2288H V5 server.
Step 3 Set the boot mode of the server.
l If HTML5 Integrated Remote Console is selected in Step 2 to log in to the server, see
A.5.5 How Do I Configure the Boot Mode and Boot Medium of 2288H V5 server to
set Boot Mode Changeover to ON and set Boot Mode to Legacy BIOS.
l If Java Integrated Remote Console is selected in Step 2 to log in to the server, see A.
5.5 How Do I Configure the Boot Mode and Boot Medium of 2288H V5 server to set
Boot Mode Changeover to ON, set Boot Mode to Legacy BIOS and set Boot
Sequence to DVD-ROM.
l If HTML5 Integrated Remote Console is selected in Step 2 to log in to the server, see
A.5.5 How Do I Configure the Boot Mode and Boot Medium of 2288H V5 server to
set Boot Mode Changeover to ON and set Boot Mode to UEFI (Unified Extensible
Firmware Interface).
l If Java Integrated Remote Console is selected in Step 2 to log in to the server, see A.
5.5 How Do I Configure the Boot Mode and Boot Medium of 2288H V5 server to set
Boot Mode Changeover to ON, set Boot Mode to UEFI (Unified Extensible
Firmware Interface) and set Boot Sequence to DVD-ROM.
Step 4 Load the installation DVD or ISO file.
– If the installation DVD is used:
i. Click on the toolbar which is right above Remote Virtual Console.
ii. In the virtual disk dialog box, select Local File and click .
iii. In the Open dialog box, select the ISO file and click Open.
iv. In the virtual disk dialog box, click Connect.

NOTE
If Connect is displayed as Disconnect, the virtual disk is connected to the server.
v. Click on the toolbar which is right above Remote Virtual Console and
select DVD-ROM.
– If the ISO file is used:
ii. In the virtual disk dialog box, select Image File and click .
iv. In the virtual disk dialog box, click Connect.

NOTE
If Connect is displayed as Disconnect, the virtual disk is connected to the server.
v. Click on the toolbar which is right above Remote Virtual Console and
select DVD-ROM.
– If the installation DVD is used:

ii. In the virtual disk dialog box, select Image File and click Browse.
iv. In the virtual disk dialog box, click Connect. If the virtual drive has
successfully connected to the server, the Connect changes to Disconnect.
– If the ISO file is used:

ii. In the virtual disk dialog box, select Image File and click Browse.
iv. In the virtual disk dialog box, click Connect. If the virtual drive has
successfully connected to the server, the Connect changes to Disconnect.


a. Click on the toolbar which is right above Remote Virtual Console and select
Reset or Forced System Reset.
b. In the dialog box that is displayed, click Yes to restart the server.
----End
A.5.8 How to Change the Password of 2288H V5 server iBMC

User Administrator
Question
How to modify the password of 2288H V5 server iBMC user Administrator?
Answer
NOTE

NOTE

Step 4 Choose Configuration > Local User from the left navigation tree.
Step 5 Click the of user Administrator.
Step 6 Change the password of user Administrator.

1. Enter the current password for the Administrator user in the Current User Password
text box.
2. Select Change Password.
3. Enter the new password for the Administrator user in the Password and Confirm
Password text boxes.
4. Click Save.
NOTE
Requirements on the user password are different when the function of checking the password
complexity is enabled or disabled:
l If the function is disabled, you can leave the password blank or enter a string whose length is shorter
than 20 characters.
l If this function is enabled, the password must meet the following requirements:
– The password contains a minimum of 8 characters and a maximum of 20 characters.
– At least one space or one special character: `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
– At least two of the following combinations: lowercase letters a to z, uppercase letters A to Z,
and digits 0 to 9.
– The password cannot be the same as the user name or the reverse of the user name.
----End
A.5.9 How to Change the Password of iMana/iBMC User Root

(RH2288H V3 server, RH5885H V3 server and RH2288H V2
server)
Question
How to modify the password of iMana user root?

Answer
Step 1 Open Internet Explorer. Enter the IP address of the iMana/iBMC module in the address bar.
The window for logging in to iMana is displayed.
NOTE
The default IP address of iMana/iBMC is 192.168.2.100. The subnet mask is 255.255.255.0. See A.5.4
How to View the IP Address of the iMana/iBMC on the Huawei server (RH2288H V3 server,
RH5885H V3 server and RH2288H V2 server) if the default IP of iMana/iBMC changes.
Step 2 Enter the user name and the password of iMana/iBMC and click Log In.
NOTE
l Default user name: root

l Default password: Huawei12#$ (Enter the new password if the password has been changed. If the
new password safe for the safety of a system.)
Step 3 Choose Configuration > User from the left navigation tree, and click the of user root.
Step 4 In the Modify User Information dialog box, enter new user information, and click OK.
NOTE
Requirements on the user password are different when the function of checking the password complexity is
enabled or disabled:
l If the function is disabled, you can leave the password blank or enter a string whose length is shorter than
20 characters.
– At least two of the following combinations: lowercase letters a to z, uppercase letters A to Z, and
digits 0 to 9.

Step 5 Open the configuration page of the root user.

l If log in to the RH5885H V3 or RH2288H V2 server through iMana, choose
Configuration > User from the navigation tree. Click corresponding to the root
user.
l If log in to the RH5885H V3 server through iBMC, choose Config > Local User from
the navigation tree. Click corresponding to the root user.
l If log in to the RH2288H V3 server through iBMC, choose Config > User Settings from
the navigation tree. Click corresponding to the root user.
Step 6 Change the password for the root user.

NOTE
Requirements on the user password are different when the function of checking the password complexity is
enabled or disabled:
l If the function is disabled, you can leave the password blank or enter a string whose length is shorter than
20 characters.
– At least two of the following combinations: lowercase letters a to z, uppercase letters A to Z, and
digits 0 to 9.
l If log in to the RH5885H V3 or RH2288H V2 server through iMana, the Modify User
Information page is displayed. Enter the modification information and click OK.
l If log in to the RH5885H V3 server through iBMC, enter the current password for the
root user in the Current User Password text box. Select You can change the password
only after selecting the check box. Enter the new password for the root user in the
Password and Confirm text boxes. Click Save.
l If log in to the RH2288H V3 server through iBMC, enter the current password for the
root user in the Current User Password text box. Select You can change the password
only after selecting the check box. Enter the new password for the root user in the
Password and Confirm text boxes. Click Save.

----End
A.5.10 Mappings Between Physical and Logical Network

Interfaces on an Huawei server Running SUSE Linux
This topic describes the mappings between physical and logical network interfaces on an
Huawei server running SUSE Linux.
NOTE
l The Ethernet interfaces on an Huawei server consist of integrated network interfaces and extended
network interfaces. The integrated network interfaces are recommended.
l An Huawei server running SUSE Linux supports only the Broadcom and Intel NICs.
interfaces for the Huawei 2288H V5 server are described as follows:
l The Huawei 2288H V5 server with one extended NIC right at management interface.
The associated logical network interfaces on the extended NIC are named eth0, eth1,
eth2, and eth3.
l The Huawei 2288H V5 server with one extended NIC left top at Slot 1(Small-scale
network do not have this NIC). The associated logical network interfaces are named
eth4, eth5, eth6, and eth7.
Figure A-16 Mappings between physical and logical network interfaces on the Huawei
2288H V5 server

interfaces for the Huawei RH2288H V3 server are described as follows:
l The Huawei RH2288H V3 server is integrated with one NIC. The associated logical
network interfaces on the integrated NIC are named eth0, eth1, eth2, and eth3.
l eth4, eth5, eth6, and eth7 are network interfaces on the extended NICs. The associated
logical network interfaces are named eth4, eth5, eth6, and eth7.
RH2288H V3 server
l eth0, eth1, eth2, and eth3 are network interfaces on the integrated NIC. The associated
NOTE
The Huawei RH5885H V3 server supports twelve extended NICs with four interfaces. For the six NICs
on the right, the mapping logical interfaces from top down are: eth8 to eth11, eth4 to eth7, eth12 to
eth15, eth16 to eth19, eth20 to eth23, and eth24 to eth27. For the six NICs in the middle, the mapping
logical interfaces from top down are: eth28 to eth31, eth32 to eth35, eth36 to eth39, eth40 to eth43,
eth44 to eth47, and eth48 to eth51.

RH5885H V3 server
l The Huawei RH2288H V2 server is integrated with one NIC. The associated logical
network interfaces on the integrated NIC are named eth0, eth1, eth2, and eth3.
RH2288H V2 server
A.5.11 Confirming Mapping of Physical and Logical Interfaces on

Huawei RH Series Servers (SUSE Linux OS) in CLI Mode
The names of logical interfaces on Huawei RH series servers running a SUSE Linux OS are
automatically allocated according to the sequence that the system traverses NICs. The
sequence of logical interfaces may be changed in some special scenarios. This topic describes

how to confirm the mapping of physical and logical interfaces on Huawei RH series servers
running a SUSE Linux OS in CLI mode.
Context
l A delivered Huawei RH series server has one NIC with four Broadcom interfaces and
one NIC with four extend interfaces.
l Interfaces on an NIC are marked from left to right or from top down.
NOTE
The following uses an RH5885H V3 server running a Linux OS as an example.
Procedure
Step 2 Run the following command to check information of physical interfaces on NICs of the
server.
# lspci | grep -i Ethernet

04:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit
Ethernet PCIe (rev 01)
45:00.0 Ethernet controller: Intel Corporation 82580 Gigabit Network Connection
(rev 01)
(rev 01)
(rev 01)
(rev 01)
NOTE
04:00.0 to 04:00.3 correspond to four Broadcom interfaces, and 45:00.0 to 45:00.3 correspond to four
extend interfaces.
Step 3 Run the following command to check information of a logical interface (eth0 is used as an
example):
# ethtool -i eth0

driver:
igb
version: 4.1.2-
k
firmware-version: 3.32,
0x80000271
bus-info:
0000:45:00.0
supports-statistics:
yes

supports-test:
yes
supports-eeprom-access:
yes
supports-register-dump:
yes
Compare the bus-info field value (45:00.0) and the information queried in Step 2. It is found
that interface eth0 maps the first extend interface.
----End
A.5.12 Formatting disks (2288H V5 server, UEFI Boot)

This topic describes how to formatting disks.
Prerequisites
l If the disks are to be formatted in local mode, you must ensure that the server is
connected to the KVM.
l If the disks are to be formatted in remote mode, you must ensure that the following
preparations are ready:
– A PC or laptop on which the Internet Explorer browser is installed is ready.
– Internet Explorer browsers do not support a proxy server.
Procedure
l In local mode:
Press the power button to restart the PC server.
Step 2 See A.5.5 How Do I Configure the Boot Mode and Boot Medium of 2288H V5 server to

NOTE
The default Boot Mode of the RH2288H V5 server is UEFI (Unified Extensible Firmware Interface).
Step 3 After the basic input/output system (BIOS) check is completed, as shown in the following
figure.
NOTE
This screen stays for a short period of time. Press F11 the moment you see Press F11 go to Front Page
on the screen. If F11 is not pressed, restart the system.
Step 4 Press F11 as prompted to access the Front Page.

NOTE
If a dialog box asking you to enter a password displayed during startup, enter the required password. The
default password is Admin@9000, if the password has been changed, enter the new password. If the
password has not been changed, for system security, modify the default password and remember the new
password.

Step 5 Select the Device Manager by using left and right arrow keys and press Enter.
Step 6 Select AVAGO MegaRAID <SAS3108> Configuration Utility - 03.21.14.02 by using up

and down arrow keys and press Enter.

Step 7 Seletc Main Menu and press Enter.
Step 8 Seletc Configuration Management and press Enter.

Step 9 Select Clear Configuration and press Enter.
Step 10 Press Enter to set Confirm to Enabled.

Step 11 Seletc Yes by using up and down arrow keys and press Enter.
Step 12 Press Enter.



l In local mode:
Press Ctrl+Alt+Delete to restart the server.
----End
A.5.13 Formatting disks (2288H V5 server, Legacy Boot)

Prerequisites
Procedure
l In local mode:

NOTE
Step 3 After the basic input/output system (BIOS) check is completed, the BIOS information about
the RAID is displayed, as shown in the following figure.
NOTE
This screen stays for a short period of time. Press Ctrl+R the moment you see Ctrl+R on the screen. If
Ctrl+R is not pressed, restart the system.
Step 4 Press Ctrl+R as prompted to access the BIOS window.
Step 5 Place the cursor over SAS3108 (Bus 0x1d, Dev 0x00) by using up and down arrow keys and
press F2. The configuration tab is displayed.
Step 6 Select the Clear Configuration tab by using up and down arrow keys and press Enter. A
page asking whether to clear configurations is displayed.

NOTICE
Clear Configuration will clear the previous RAID configurations, resulting in data damage
or loss in hard disks. Therefore, before performing this operation, determine whether the data
in hard disks can be cleared.
Step 7 Select YES and press Enter. The following page is displayed after RAID configurations are
cleared.


l In local mode:
----End
A.5.14 Formatting disks (Huawei serverRH5885H V3 server or

RH2288H V2 server)
Prerequisites
Procedure
l In local mode, press the power button to restart the PC server.
l In remote mode, perform the following operations:
a. Log in to the server. For details, see A.5.2 How Do I Use iMana/iBMC IP to Log
In to a Remote Huawei server (RH2288H V3 server, RH5885H V3 server and
RH2288H V2 server).
Cold Reset.
Step 2 On Huawei RH5885H V3 server, ignore the following operations; If log in to the Huawei
RH2288H V2 server through iMana, perform the following operations:
1. When the BIOS start page appears, press Delete until the BIOS Setup Utility program is
started.
NOTE
If the BIOS password has been modified, a dialog box asking you to enter a password will be
displayed during startup. Enter the required password to access the Setup Utility application.
2. Choose Exit > Load Optimal Defaults, and press Enter.

3. In the Load Optimal Defaults? dialog box, click Yes and press Enter.
4. Choose Exit > Exit Saving Changes, and press Enter.
5. In the Exit Saving Changes? dialog box, click Yes and press Enter.
NOTE
This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on the screen. If
Ctrl+H is not pressed, restart the system.
Step 4 Press Ctrl+H as prompted to access the Adapter Selection window.

l On Huawei H2288H V2 server, the following window is displayed.
l On Huawei RH5885H V3 server, the following window is displayed.

Step 5 Click Start to access the WebBIOS window.

NOTE
If window MegaRAID BIOS Config Utility Foreign Configuration is displayed, click Clear.
Step 6 Click Configuration Wizard to access the RAID configuration wizard window, as shown in
the following figure.
Step 7 Select Clear Configuration and click Next.
NOTICE
After you select Clear Configuration, all RAID configurations will be deleted; as a result,
hard disk data will be damaged or lost. Check whether hard disk data can be deleted before
selecting Clear Configuration.
Step 8 Click Yes to clear the configuration, and return to the WebBIOS window.
Step 9 Initialize RAID configurations.

1. Click Configuration Wizard to access the RAID configuration wizard window
2. Select New Configuration and click Next.
3. Click Yes to delete RAID configurations.
4. Select Automatic Configuration and click Next. The Preview dialog box is displayed.
NOTE
Use the default value, Redundancy when possible, for Redundancy.
5. Click Accept.
6. Click Yes to save RAID configurations.
7. Click Yes to initialize RAID configurations.
8. Click Home to return to the WebBIOS window.
After the initialization is complete, the WebBIOS window is displayed. As shown in the
following figure, the eight hard disks are used as an example.
– On Huawei H2288H V2 server, the following window is displayed.

– On Huawei RH5885H V3 server, the following window is displayed.
Step 10 Click Exit to exit the WebBIOS window. The Exit Application dialog box is displayed.
Step 11 Click Yes, A dialog box is displayed.

l In local mode, press Ctrl+Alt+Delete to restart the server.
Cold Reset.
----End

A.5.15 Formatting disks (RH2288H V3 server or RH5885H V3

server)
Prerequisites
Procedure
RH2288H V2 server).
NOTE
Step 4 Place the cursor over SAS3108 (Bus 0x01, Dev 0x00) by using up and down arrow keys and
press F2. The configuration tab is displayed.

Step 5 Select the Clear Configuration tab by using up and down arrow keys and press Enter. A
page asking whether to clear configurations is displayed.
NOTICE
Clear Configuration will clear the previous RAID configurations, resulting in data damage
or loss in hard disks. Therefore, before performing this operation, determine whether the data
in hard disks can be cleared.
Step 6 Select YES and press Enter. The following page is displayed after RAID configurations are
cleared.


----End
A.5.16 Viewing Hard Disk Information (2288H V5 server, UEFI

Boot)
This topic describes how to view hard disk information.
Prerequisites
Procedure

l In local mode:
NOTE
Step 3 After the basic input/output system (BIOS) check is completed, as shown in the following
figure.
NOTE
This screen stays for a short period of time. Press F11 the moment you see Press F11 go to Front Page
on the screen. If F11 is not pressed, restart the system.

Step 4 Press F11 as prompted to access the Front Page.

NOTE
If a dialog box asking you to enter a password displayed during startup, enter the required password. The
default password is Admin@9000, if the password has been changed, enter the new password. If the
password has not been changed, for system security, modify the default password and remember the new
password.

Step 5 Select the Device Manager by using left and right arrow keys and press Enter.
Step 6 Select AVAGO MegaRAID <SAS3108> Configuration Utility - 03.21.14.02 by using up

and down arrow keys and press Enter.

Step 7 Seletc Main Menu and press Enter.
Step 8 Select Drive Management by using up and down arrow keys and press Enter.
NOTE
The following figure assumes that RAID is not configured for hard disks. The actual screen may be
different due to the RAID configuration. You only need to focus on the hard disk information on the
page. A total of 8 hard disks numbered from 00 to 07 are displayed.


l In local mode:
----End
A.5.17 Viewing Hard Disk Information (2288H V5 server, Legacy

Boot)
Prerequisites

Procedure
l In local mode:
NOTE
NOTE

NOTE

l In local mode:
----End
A.5.18 Viewing Hard Disk Information (Huawei serverRH5885H

V3 server or RH2288H V2 server)
Prerequisites
l If the hard disk information is to be viewed in local mode, you must ensure that the
server is connected to the KVM.

l If the hard disk information is to be viewed in remote mode, you must ensure that the
following preparations are ready:
Procedure
RH2288H V2 server).
Cold Reset.
NOTE


NOTE
If window MegaRAID BIOS Config Utility Foreign Configuration is displayed, click Clear.

Step 5 Click Physical View to access the Physical View window, as shown in the following figure.
NOTE
l In the navigation tree, the Physical View node automatically changes to Logical View.
l In the following example, RAID has not been configured for hard disks. The displayed information
displayed in the scenario where RAID has been configured is different from that in the scenario
where RAID has not been configured. Pay attention to only slot information in Physical View and
check whether the slot information meets the following conditions:
– IDs of eight slots from Slot: 0 to Slot: 7 are displayed.
– The description for every slot ID has three available options: Unconfigured Good, Online,
and Global Hot Spare.
If any two of the preceding three conditions are met, the eight hard disks on the server are available.
Otherwise, an unavailable hard disk exists on the server.

Step 6 Click Exit to exit the WebBIOS window. The Exit Application dialog box is displayed.
Step 7 Click Yes, A dialog box is displayed.

Cold Reset.
----End
A.5.19 Viewing Hard Disk Information (RH2288H V3 server or

RH5885H V3 server)
Prerequisites

Procedure
RH2288H V2 server).
NOTE

NOTE


----End
A.5.20 How to Upgrade the System Controller Firmware Version

for 2288H V5 server
Question
This topic describes how to upgrade the controller fireware version of 2288H V5 server.
When the controller iBMC firmwave version of 2288H V5 server is so early that alarms fail
to be reported. A controller has to be closed during an upgrade.
Answer
Step 1 Download the patch package.
1. Log in to http://support.huawei.com/carrier. Enter 2288H V5 in the search box on the
Product Support to access the Search Results page.
2. Choose Carrier IT > Server > Fusion Server > Rack Server > 2288H V5 from Filter
by Product in the navigation tree. Click Software to access the Software page.
3. Select the firmware upgrade package 2288H V5-iBMC-V270.zip to download it and the
mapping PGP file.
4. Use the PGPverify to verify correctness of the firmware upgrade package. For details,
see A.2.27 How Do I Verify Downloaded Software Packages Using the PGPVerify
Software.

5. Decompress the firmware upgrade package.
Step 2 Open the Internet Explorer of a PC. Enter the iMana IP address in the address bar to access
the iBMC login page. Enter the user name and password to log in to the control card page.
Step 3 Choose System > Firmware Upgrade to access the Firmware Upgrade page.
Step 4 On the Firmware Upgrade tab, click of Upgrade File and select the local directory
where the firmware upgrade package is stored.
NOTE
The firmware upgrade package to be uploaded must be an *.hpm file.
Step 5 Click Upgrade and click Yes. The system starts to upload the upgrade package to the server
and then starts to perform the upgrade.
After the iBMC or SD controller firmware is upgraded, the iBMC will automatically restart
for the upgrade take effect.
----End

for Huawei RH5885H V3 and RH2288H V2 Servers
Question
This topic describes how to upgrade the controller iMana fireware version of Huawei
RH5885H V3 and RH2288H V2 servers. When the controller iMana firmwave version of
Huawei RH5885H V3 or Huawei RH2288H V2 is so early that alarms fail to be reported. A
controller has to be closed during an upgrade.
Answer
NOTE
The following uses Huawei RH5885H V3 server as an example (The method of downloading the patch
package and upgrading the firmware version for Huawei RH5885H V3 server is the same as that for
Huawei RH2288H V2 server):
1. Log in to http://support.huawei.com/carrier. Enter RH5885H V3 in the search box on
the Product Support to access the Search Results page.
2. Choose Carrier IT > Server > Fusion Server > Rack Server > RH5885H V3 from
Filter by Product in the navigation tree. Click Software to access the Software page.
3. Select the firmware upgrade package RH5885H V3-iMana-V722.zip to download it and
the mapping PGP file.
Software.
the iMana login page. Enter the user name and password to log in to the control card page.
Step 3 Choose Configuration > Firmware Upgrade to access the Firmware Upgrade page.

Step 4 On the Firmware Upgrade tab, click Browse of Upgrade File Name and select the local
directory where the firmware upgrade package is stored.
NOTE
Step 5 Set Take-effect Mode to Restart Immediately.

Step 6 Click Upgrade and click Yes. The system starts to upload the firmware upgrade package to
the server and then starts to perform the upgrade.
After the upgrade is complete, the server automatically restarts.
----End

for RH2288H V3 server and RH5885H V3 server
Question
This topic describes how to upgrade the controller fireware version of RH2288H V3 server
and RH5885H V3 server. When the controller iBMC firmwave version of RH2288H V3
server and RH5885H V3 server is so early that alarms fail to be reported. A controller has to
be closed during an upgrade.
Answer
NOTE
The following uses RH2288H V3 server as an example (The method of downloading the patch package
and upgrading the firmware version for RH5885H V3 server is the same as that for RH2288H V3 server
server):
1. Log in to http://support.huawei.com/carrier. Enter RH2288H V3 in the search box on
the Product Support to access the Search Results page.
2. Choose Carrier IT > Server > Fusion Server > Rack Server > RH2288H V3 from
Filter by Product in the navigation tree. Click Software to access the Software page.
3. Select the firmware upgrade package RH2288H V3-iBMC-V206.zip to download it and
the mapping PGP file.
Software.
the iBMC login page. Enter the user name and password to log in to the control card page.
Step 3 Choose System > Firmware Upgrade to access the Firmware Upgrade page.
Step 4 On the Firmware Upgrade tab, click Browse of Upgrade File Name and select the local
directory where the firmware upgrade package is stored.
NOTE
Step 5 Set Select iBMC Boot Mode Used After the iBMC Firmware of the Target Version Is
Uploaded to Immediately restart automatically.

Step 6 Click Start Upgrade and click Yes. The system starts to upload the upgrade package to the
server and then starts to perform the upgrade.
After the upgrade is complete, the server automatically restarts.
----End
A.6 System Settings of the IBM Server

This topic covers FAQs about IBM Server system settings.
A.6.1 How to Solve the Problem Where the Remote Control

Desktop Appears and Then Disappears Immediately
Question
How do I solve the problem where the remote control desktop appears and then disappears
immediately?
Answer
Step 1 On the Internet Explorer, choose Tools > Internet Options > Security > Trusted sites >
Sites, the Trusted sites dialog is displayed.
Step 2 Clear the selection of the Require server verification (https:) for all sites in this zone check
box.
Step 3 Add website address to the Add this website to the zone.
NOTE
If the Would you like to move it to the Trusted sites zone? dialog is displayed, click Yes.
Step 4 Click Close.
Step 5 Click Custom level.

Step 6 Select Low from the Reset to drop-down list.

NOTE
The IE browser has different versions. Select the lowest level from the Reset to drop-down list.
Step 7 Click Reset.
Step 8 Click OK.
Step 9 Click Apply.
Step 10 Click OK.
Step 11 Press F5 to refresh the Internet Explorer.
----End
A.6.2 How do I use an IMM IP address to remotely log in to an

IBM server (IBM X3650 M4)
Question
How do I use an IMM IP address to remotely log in to an IBM server (IBM X3650 M4)?

Answer
Step 1 Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar to
access the page for logging into the IMM.
NOTE
The default IP address of the IMM is 192.168.70.125 and the default subnet mask is 255.255.255.0. If
the default IP address of the IMM is changed, see A.6.4 How to View the IMM IP Address on the
IBM Server.
Step 2 Enter an IMM user name and a password, and click Log In.
NOTE
l The default user name is USERID.

l The default password is PASSW0RD. Note that the sixth character is digit 0 but not letter O. If the
system security, modify the default password and remember the new password. For details, see A.
6.5 How to Change the Password of the IMM User USERID(IBM X3650 M4).
Step 3 Click Remote Control, select Use the ActiveX Client > Start remote control in single-user
mode to access the remote control desktop.

NOTE
l When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog box
asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you whether to
trust this site.
l Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box cannot
be displayed.
l If the remote control desktop appears and then disappears immediately, see A.6.1 How to Solve the
Problem Where the Remote Control Desktop Appears and Then Disappears Immediately to
solve the problem.
l If Use the ActiveX Client is unavailable, just click Start remote control in single-user mode to
access the remote control desktop.
l Keep the default values of other parameters unchanged.
l For the IBM X3650 M4 server, if CAPS is displayed in the lower right corner of the Video Viewer
window, letters are entered in upper case; if CAPS is not displayed in the lower right corner of the
Video Viewer window, letters are entered in lower case. The Caps indicator on the keyboard cannot
indicate whether letters are entered in upper or lower case.
l For the IBM X3650 M4 server, if NUM is displayed in the lower right corner of the Video Viewer
window, digits can be entered; if NUM is not displayed in the lower right corner of the Video
Viewer window, digits cannot be entered. The Num indicator on the keyboard cannot indicate
whether the number keypad is available.
l If a message is displayed indicating that the application is prohibited to run, choose Start > Control
Panel and click Java. In the Java Control Panel dialog box, click the Security tab, Edit Site List,
and Add, enter an iMana/iBMC IP address, such as http://192.168.2.100, and click OK. Click OK,
restart the IE Explorer, and log in to iMana/iBMC again.
----End
A.6.3 How to Use an IMM IP Address to Remotely Log In to an

IBM Server(IBM X3850 X5 and IBM X3650 M3)
Question
How do I use an IMM IP address to remotely log in to an IBM server?
Answer
Step 1 Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar to
access the page for logging into the IMM.

NOTE
IBM Server.
Step 2 Enter an IMM user name and a password, and click Login.
NOTE

6.6 How to Change the Password of the IMM User USERID(IBM X3850 X5 and IBM X3650
M3).
Step 3 Click Continue to access the Integrated Management Module web page.
NOTE
You do not need to set Inactive session timeout value. Keep the default value no timeout.
Step 4 Enable remote control. Choose Tasks > Remote Control from the navigation tree. In the
right-hand pane, click Use the ActiveX Client with Microsoft Internet Explorer > Start
Remote Control in Single User Mode to access the remote control desktop.

NOTE
l When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog box
asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you whether to
trust this site.
l If the remote control desktop appears and then disappears immediately, see A.6.1 How to Solve the
Problem Where the Remote Control Desktop Appears and Then Disappears Immediately to
solve the problem.
l If Use the ActiveX Client with Microsoft Internet Explorer is unavailable, just click Start
l Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box cannot
be displayed.
l If a message is displayed indicating that the application is prohibited to run, choose Start > Control
Panel and click Java. In the Java Control Panel dialog box, click the Security tab, Edit Site List,
and Add, enter an iMana/iBMC IP address, such as http://192.168.2.100, and click OK. Click OK,
restart the IE Explorer, and log in to iMana/iBMC again.
----End
A.6.4 How to View the IMM IP Address on the IBM Server

Question
How do I view the IMM IP address on the IBM server?
Answer
Step 1 Install the KVM on the IBM server.
NOTE
A common monitor is enough.
Step 2 Press the power button of the IBM server to restart it.
Step 3 Wait about 1 minute after the IBM System X window is displayed. The <F1> Setup option is
displayed.

Step 4 Press F1 to select Setup, and press Enter.
Step 5 Use arrow keys to select System Settings, and press Enter.
l For IBM X3650 M3 or IBM X3850 X5, show as follows:

l For IBM X3650 M4, show as follows:
Step 6 Use arrow keys to select Integrated Management Module, and press Enter.

Step 7 Use arrow keys to select Network Configuration press Enter and access the page for
modifying the IMM IP address.

Step 8 View the IP address in IP Address.
----End
A.6.5 How to Change the Password of the IMM User

USERID(IBM X3650 M4)
Question
How to change the password of the IMM user USERID(IBM X3650 M4)?
Answer
Step 1 Enter the default IMM IP address on the Internet Explorer of the PC to access the IMM Web
login window.
NOTE
IBM Server.

NOTE

system security, modify the default password and remember the new password.
Step 3 Click IMM Management > Users.
Step 4 In the displayed User Accounts page, click Global Login Settings. Select Custom security
settings from Account security level, and set the Password expiration period (days)to 0
and other parameters to the maximum value. Then click OK.
Step 5 In the User Accounts page, click USERID.
Step 6 Enter a new password, such as Changeme_123, in Password. Enter the password again in
Confirm password. To ensure the security of the U2000, passwords must be complex
enough. For example, a password must contain eight or more characters of two types. The
allowed characters are digits, letters, and special characters. Remember to change passwords
regularly.

Step 7 Click OK.
----End

A.6.6 How to Change the Password of the IMM User

USERID(IBM X3850 X5 and IBM X3650 M3)
Question
How do I change the password of the IMM user USERID?
Answer
login window.
NOTE
IBM Server.
NOTE

password has been changed, enter the new password.
NOTE
Step 4 Choose Login Profiles from the navigation tree and click Global Login Settings. Select
Custom security settings from Account security level, and set the Maximum Password
Age to 0 and other parameters to the maximum value. Then click Save.
Step 5 Choose Login Profiles from the navigation tree and click USERID.
Step 6 Enter a new password, such as Changeme_123, in Password. To ensure the security of the
U2000, passwords must be complex enough. For example, a password must contain eight or
more characters of two types. The allowed characters are digits, letters, and special characters.
Remember to change passwords regularly.

Step 7 Enter the password again in Confirm password.
Step 8 Click Save. A message indicating that the password will take effect is displayed. Click OK.
----End
A.6.7 Mappings Between Physical and Logical Network Interfaces

on an IBM Server Running SUSE Linux
This topic describes the mappings between physical and logical network interfaces on an IBM
server running SUSE Linux.
NOTE
l The Ethernet interfaces on an IBM server consist of integrated network interfaces and extended
network interfaces. The integrated network interfaces are recommended.
l An IBM server running SUSE Linux supports only the Broadcom and Intel NICs.
interfaces for the IBM X3650 M4 are described as follows:
l The IBM X3650 M4 is integrated with one NIC. The associated logical network
interfaces on the integrated NIC are named eth0, eth1, eth2, and eth3.
Figure A-20 Mappings between physical and logical network interfaces on the IBM X3650
M4
interfaces for the IBM X3850 X5 are described as follows:
l eth0 and eth1 are network interfaces on the integrated NIC. The associated logical
network interfaces are named eth0 and eth1.
l eth2, eth3, eth4, eth5, eth6, and eth7 are network interfaces on the extended NICs. The
associated logical network interfaces are named eth2, eth3, eth4, eth5, eth6, and eth7.

X5
interfaces for the IBM X3650 M3 are described as follows:
l The IBM X3650 M3 is integrated with two NICs. The NIC on the right is integrated NIC
1 and the NIC on the left is integrated NIC 2. The associated logical network interfaces
are named eth0, eth1, eth2, and eth3.
M3
A.6.8 Viewing Hard Disk Information in Local Mode (IBM

Server)
This topic describes how to view hard disk information in local mode.
Prerequisites
You must ensure that the server is connected to the KVM.

Context
NOTE
l The operation snapshots in this topic vary according to the IBM WebBIOS versions and do not
affect the RAID configuration. During the RAID configuration, use actual snapshots.
l If no window is displayed after you click a button during the configuration, move the mouse and try
again.
Procedure
Step 1 Start the IBM server. After the basic input/output system (BIOS) check is completed, the
BIOS information about the RAID is displayed, as shown in the following figure.
NOTE

NOTE
If MegaRAID BIOS Config Utility Foreign Configuration window is displayed, click Clear.

NOTE
– If configuring eight hard disks for the IBM server with standard delivery configurations, IDs
of eight slots from Slot: 0 to Slot: 7 are displayed. If configuring two hard disks for the IBM
server (X3850 X5) with standard delivery configurations, IDs of two slots from Slot: 0 to
Slot: 1 are displayed.
If any two of the preceding three conditions are met, all hard disks on the server are available.
Otherwise, an unavailable hard disk exists on the server. As shown in the following figure, the eight hard
disks are used as an example.
Step 5 Click Exit to exit the WebBIOS window.
Step 6 Click Yes. A dialog box is displayed.
Step 7 Press Ctrl+Alt+Delete to restart the server.
----End
A.6.9 Viewing Hard Disk Informationin Remote Mode (IBM

X3650 M4)
This topic describes how to view hard disk information in remote mode.
Prerequisites
l A PC or laptop on which the Internet Explorer browser is installed is ready.

l Internet Explorer browsers do not support a proxy server.

NOTE
The supported browsers and their versions are showed as follows:
l Internet Explorer 9.0/10.0/11.0
l Mozilla Firefox 26.0/39.0
l Google Chrome 21.0/44.0
l The IMM IP address has been set.
Context
NOTE
again.
Procedure
Step 1 Perform the following operations to access the RAID configuration window.
1. Open the Internet Explorer and enter the IMM IP address of the IMM in the address bar
to access the page for logging into the IMM.
2. Enter an IMM user name and a password, and click Login.
NOTE
– The default user name is USERID.

– The default password is PASSW0RD. Note that the sixth character is digit 0 but not letter O.
If the password has been changed, enter the new password. If the password has not been
For details, see A.6.5 How to Change the Password of the IMM User USERID(IBM
X3650 M4).
3. Click Remote Control and select Use the ActiveX Client > Start remote control in
single-user mode to access the remote control desktop.

NOTE
– When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog
box asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you
whether to trust this site.
– Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box
cannot be displayed.
– If the remote control desktop appears and then disappears immediately, see A.6.1 How to
Solve the Problem Where the Remote Control Desktop Appears and Then Disappears
Immediately to solve the problem.
– If Use the ActiveX Client is unavailable, just click Start remote control in single-user mode
to access the remote control desktop.
– Keep the default values of other parameters unchanged.
– For the IBM X3650 M4 server, if CAPS is displayed in the lower right corner of the Video
Viewer window, letters are entered in upper case; if CAPS is not displayed in the lower right
corner of the Video Viewer window, letters are entered in lower case. The Caps indicator on
the keyboard cannot indicate whether letters are entered in upper or lower case.
– For the IBM X3650 M4 server, if NUM is displayed in the lower right corner of the Video
Viewer window, digits can be entered; if NUM is not displayed in the lower right corner of the
Video Viewer window, digits cannot be entered. The Num indicator on the keyboard cannot
indicate whether the number keypad is available.
4. Choose Tools > Power > Reboot from the main menu to reboot the system.

NOTE
– If a message asking you whether to continue is displayed, click Yes.

– If Reboot is unavailable, choose Tools > Power > On and then choose Tools > Power >
Reboot to restart the system.
5. Start the IBM server. After the basic input/output system (BIOS) check is completed, the
NOTE
This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on the
screen. If Ctrl+H is not pressed, restart the system.
6. Press Ctrl+H as prompted to access the Adapter Selection window.

NOTE
Two pointers will be displayed. You can choose Tools > Single Cursor from the main menu to
change to the single pointer mode. Select the pointer mode according to individual operation
habits.
To quit single pointer mode, press F12.
7. Click Start to access the WebBIOS window.

NOTE

NOTE
– IDs of eight slots from Slot: 0 to Slot: 7 are displayed.
If any two of the preceding three conditions are met, the eight hard disks on the server are available.
Otherwise, an unavailable hard disk exists on the server.
Step 3 Click Exit to exit the WebBIOS window. The Exit Application dialog box is displayed,
asking you whether to exit.
Step 4 Click Yes and choose Tools > Power > Reboot to restart the server. It takes approximately 5
to 8 minutes to restart the system.
NOTE
If a message asking you whether to continue is displayed, click Yes.
----End
A.6.10 Viewing Hard Disk Informationin Remote Mode (IBM

X3850 X5 and IBM X3650 M3)
This topic describes how to view hard disk information in remote mode.
Prerequisites

NOTE
Context
NOTE
again.
Procedure
NOTE

X3850 X5 and IBM X3650 M3).
3. Click Continue to access the Integrated Management Module web page.
NOTE
4. Enable remote control. Choose Tasks > Remote Control from the navigation tree. In the
right-hand pane, click Use the ActiveX Client with Microsoft Internet Explorer >
Start Remote Control in Single User Mode to access the remote control desktop.
The remote control desktop consists of two parts: virtual media window and desktop
display window.

NOTE
– If a dialog box is displayed asking you to install plug-in, click Install.

– If Use the ActiveX Client with Microsoft Internet Explorer is unavailable, just click Start
NOTE

6. Start the IBM server. After the basic input/output system (BIOS) check is completed, the
NOTE

NOTE
habits.


NOTE
NOTE
– If configuring eight hard disks for the IBM server with standard delivery configurations, IDs
of eight slots from Slot: 0 to Slot: 7 are displayed. If configuring two hard disks for the IBM
server (X3850 X5) with standard delivery configurations, IDs of two slots from Slot: 0 to
Slot: 1 are displayed.
If any two of the preceding three conditions are met, all hard disks on the server are available.
Otherwise, an unavailable hard disk exists on the server. As shown in the following figure, the eight hard
disks are used as an example.
Step 4 Click Yes and choose Tools > Power > Reboot to restart the server. It takes approximately 5
to 8 minutes to restart the system.

NOTE
----End
A.6.11 Formatting disks in Local Mode (IBM Server)

This topic describes how to format disks in local mode.
Prerequisites
You must ensure that the server is connected to the KVM.
Context
NOTE
again.
Procedure
Step 1 After the server is restarted, press F1 to access the BIOS window as prompted.

Step 2 Select Load Default Settings to restore default settings. Press Enter. The following dialog
box is played.
Step 3 Select Boot Manager, press Enter, and then choose Add Boot Option.
Step 4 Optional: For IBM X3650 M3 or IBM X3850 X5, select Legacy Only. Press Enter.

Step 5 Optional: For IBM X3650 M4, select Generic Boot Option and then Legacy Only by arrow
keys. Press Enter.
Step 6 Press Esc to return to Boot Manager.
Step 7 Select Change Boot Order. Press Enter. The following dialog box is played.
Step 8 Press Enter, and select Legacy Only using the arrow key ↓.
Step 9 Press Shift and + to set the startup precedence to Legacy Only.
Step 10 Press Enter. Select Commit Changes using the arrow keys and press Enter to save the
settings.
Step 11 Restart the server manually.
NOTE


NOTE
If a window shown in the following figure is displayed, click Clear.

NOTICE

NOTE
5. Click Accept.
Step 19 Click Exit to exit the WebBIOS window.
Step 20 Click Yes. A dialog box is displayed.

Step 21 Press Ctrl+Alt+Delete to restart the server.
----End
A.6.12 Formatting the disks in Remote Mode (IBM X3650 M4)

This topic describes how to format the disks in remote mode.
Prerequisites
NOTE
Context
NOTE
again.
Procedure
NOTE

X3650 M4).

3. Click Remote Control, select Use the ActiveX Client, and click Start remote control
in single-user mode to access the remote control desktop.
NOTE
– When logging in to the IBM server for the first time, perform the following operations:
1. Click Start remote control in single-user mode and wait about 2 minutes. In the dialog
box asking you whether to install the IMM_KVMVM32.cab, click Install.
2. During the installation, click Run in the Warning-Security dialog box asking you
whether to trust this site.
– Do not close the ActiveX KVM Client dialog box. Otherwise, the Video Viewer dialog box
cannot be displayed.
– If Use the ActiveX Client is unavailable, just click Start remote control in single-user mode
to access the remote control desktop.
– Keep the default values of other parameters unchanged.
– For the IBM X3650 M4 server, if CAPS is displayed in the lower right corner of the Video
Viewer window, letters are entered in upper case; if CAPS is not displayed in the lower right
corner of the Video Viewer window, letters are entered in lower case. The Caps indicator on
the keyboard cannot indicate whether letters are entered in upper or lower case.
– For the IBM X3650 M4 server, if NUM is displayed in the lower right corner of the Video
Viewer window, digits can be entered; if NUM is not displayed in the lower right corner of the
Video Viewer window, digits cannot be entered. The Num indicator on the keyboard cannot
indicate whether the number keypad is available.

NOTE

5. After the IBM System X window is displayed, wait for about 2 minutes until <F1>
Setup is displayed.
6. Press F1 to access the BIOS window.

7. Select Load Default Settings to restore default settings. Press Enter. The following
dialog box is played.

8. Select Boot Manager and press Enter. Then select Add Boot Option and press Enter.
9. Select Generic Boot Option and then select Legacy Only by arrow key ↓. Press
Enter.
10. Press Esc twice to return to Boot Manager.
11. Select Change Boot Order. Press Enter. The following dialog box is played.
12. Press Enter, and select Legacy Only using the arrow key ↓.
13. Press Shift and + to set the startup precedence to Legacy Only.

14. Press Enter. Select Commit Changes using the arrow keys and press Enter to save the
settings.
NOTE

16. After the basic input/output system (BIOS) check is completed, the BIOS information
about the RAID is displayed, as shown in the following figure.
NOTE
– Wait about 5 minutes until BIOS information about the RAID is displayed. Do not perform
any operation when the IBM System X window is displayed.
– This screen stays for a short period of time. Press Ctrl+H the moment you see Ctrl+H on
the screen. If Ctrl+H is not pressed, restart the system.

NOTE
habits.


NOTE
NOTICE

4. Select Automatic Configuration and click Next.

NOTE
5. Click Yes in the dialog box showing the message Are you sure you want to disable
data protection?.
6. Click Accept.
8. Click Yes in the dialog box showing the message All data on the new Virtual Drivers
will be lost. Want to Initialize? to initialize RAID configurations.
The following figure shows the WebBIOS window after the initialization is complete.
Step 7 Click Yes, and the following window is displayed.
Step 8 Choose Tools > Power > Reboot to restart the server. It takes approximately 5 to 8 minutes to
restart the system.

NOTE
----End
A.6.13 Formatting the disks in Remote Mode (IBM X3850 X5 and

IBM X3650 M3)
This topic describes how to format the disks in remote mode.
Prerequisites
NOTE
Context
NOTE
again.
Procedure
NOTE

X3850 X5 and IBM X3650 M3).
3. Click Continue to access the Integrated Management Module web page.
NOTE
4. Enable remote control. Choose Tasks > Remote Control from the navigation tree. In the
right-hand pane, select Use the ActiveX Client with Microsoft Internet Explorer and
click Start Remote Control in Single User Mode to access the remote control desktop.

The remote control desktop consists of two parts: virtual media window and desktop
display window.
NOTE
– If a dialog box is displayed asking you to install plug-in, click Install.

– If Use the ActiveX Client with Microsoft Internet Explorer is unavailable, just click Start
NOTE

6. After the IBM System X window is displayed, wait for about 2 minutes until <F1>
Setup is displayed.

7. Press F1 to access the BIOS window.

8. Select Load Default Settings to restore default settings. Press Enter. The following
dialog box is played.
9. Select Boot Manager and press Enter. Then select Add Boot Option and press Enter.
10. Select Legacy Only. Press Enter.
11. Press Esc to return to Boot Manager.
12. Select Change Boot Order. Press Enter. The following dialog box is played.

13. Press Enter, and select Legacy Only using the arrow key ↓.
14. Press Shift and + to set the startup precedence to Legacy Only.
15. Press Enter. Select Commit Changes using the arrow keys and press Enter to save the
settings.
NOTE


17. After the basic input/output system (BIOS) check is completed, the BIOS information
about the RAID is displayed, as shown in the following figure.
NOTE

NOTE
habits.

NOTE

NOTICE

NOTE
5. Click Accept.

Step 6 Click Exit to exit the WebBIOS window. The Exit Confirmation dialog box is displayed,
Step 7 Click Yes, and the following window is displayed.
Step 8 Choose Tools > Power > Reboot to restart the server. It takes approximately 5 to 8 minutes to
restart the system.
NOTE
----End
A.6.14 How to Configure the HTTPS on the IMM(IBM X3650 M4)
Question
The HTTPS is recommended for remotely accessing the server to ensure system security.
How do I configure the HTTPS on the IMM?
Answer
login window.
NOTE
The default IP address of the IMM is 192.168.70.125. If the default IP address of the IMM has been
changed, see A.6.4 How to View the IMM IP Address on the IBM Server.

NOTE

6.5 How to Change the Password of the IMM User USERID(IBM X3650 M4).
Step 3 Click IMM Management > Security. Ensure that the value of HTTPS Server certificate
status is A signed certificate is installed. As shown in the following figure.
If the value of HTTPS Server certificate status is not A signed certificate is installed,
perform the following operations to install SSL authentication:
1. Click Generate a New Key and a Self-signed Certificate.
2. Set the related parameters in Generate New Key and Self-signed Certificate dialog
box.
NOTE
– Set parameters in the Required SSL Certificate Data area as prompted. The following figure
shows examples of the parameter settings.
– The Optional SSL Certificate Data parameter does not need to be set.

3. Click OK. After automatic authentication is complete, the value of HTTPS Server
certificate status changes to A signed certificate is installed.
Step 4 Ensure that Enabled HTTPS server is selected. As shown in the following figure.
If Enabled HTTPS server is not selected, perform the following operations:

1. Select Enabled HTTPS server.
2. Click Apply. The Confirm Restart dialog is played.
3. Click OK. The IMM restarts automatically.
NOTE
l During restart of the IMM, run the ping IMM IP address -t command on the CLI of the PC or
laptop. If the IMM IP address can be pinged through, the IMM is successfully restarted. Restarting
IMM takes about 3 minutes.
l If HTTPS needs to be disabled and HTTP needs to be used, clear the selection of the select Enabled
HTTPS server. Then execute Step 4.2 through Step 4.3.

login window.
NOTE
If a security certificate error is displayed when HTTPS is used for web page access, ignore it and
continue the operation.
----End
A.6.15 How to Configure the HTTPS on the IMM(IBM X3850 X5

and IBM X3650 M3)
Question
The HTTPS is recommended for remotely accessing the server to ensure system security.
How do I configure the HTTPS on the IMM?
Answer
login window.
NOTE
The default IP address of the IMM is 192.168.70.125. If the default IP address of the IMM has been
changed, see A.6.4 How to View the IMM IP Address on the IBM Server.
NOTE

6.6 How to Change the Password of the IMM User USERID(IBM X3850 X5 and IBM X3650
M3).
NOTE
Step 4 Choose Security from the navigation tree. Ensure that the value of HTTPS Server
certificate status is A self-signed Certificate is installed.

If the value of HTTPS Server certificate status is not A self-signed Certificate is installed,
perform the following operations to install SSL authentication:
1. Click Generate a New Key and a Self-signed Certificate.
2. Set the related parameters.
NOTE
– Set parameters in the Certificate Data area as prompted. The following figure shows
examples of the parameter settings.
– The Optional Certificate Data parameter does not need to be set.
3. Click Generate Certificate in the lower-right corner. After automatic authentication is

complete, the value of HTTPS Server certificate status changes to A self-signed
Certificate is installed.
Step 5 Ensure that the value of HTTPS Server is Enabled.
If the value of HTTPS Server is not Enabled, perform the following operations:
1. Select Enabled from the HTTPS Server drop-down list.
2. Click Save. A message asking you to restart the IMM is displayed.
3. Click OK.
4. Choose Restart IMM from the navigation tree.
5. On the Restart IMM page, click Restart. A message indicating that the IMM will be
restarted is displayed.
6. Click OK. A message asking you to shut down the Internet Explorer or tabs is displayed.
7. Click Yes.

NOTE
l During restart of the IMM, run the ping IMM IP address -t command on the CLI of the PC or
laptop. If the IMM IP address can be pinged through, the IMM is successfully restarted. Restarting
IMM takes about 3 minutes.
l If HTTPS needs to be disabled and HTTP needs to be used, select Disabled from the HTTPS
Server drop-down list. Then execute Step 5.2 through Step 5.7.
login window.
NOTE
If a security certificate error is displayed when HTTPS is used for web page access, ignore it and
continue the operation.
----End
A.7 Veritas HA System

This topic covers FAQs about the Veritas HA system.
A.7.1 License Management

This topic describes the FAQs about license management.
A.7.1.1 Applying for the Veritas License

This topic describes how to apply for a formal Veritas license. The Veritas license used in
NMS installation is a demo license. After the server is delivered to the installation site, the
demo license must be replaced with a formal Veritas license in time.
Prerequisites
l GTS rights for ESDP login are available.
l The license confirmation form or contact number has been obtained.
NOTE
The license confirmation form is delivered in paper format along with the DVD. The license
confirmation form functions as the license file and should be kept properly on site.
Procedure
Step 1 Obtain information used for license download.
l If the license confirmation form has been obtained, send the information to related
Huawei engineers or the local office of Huawei.
l If the license confirmation form has not been obtained, obtain the contract number and
send it to related Huawei engineers or the local office of Huawei.
Step 2 Huawei engineers log in to the ESDP website http://w3.huawei.com/sdp/ (Huawei intranet)
or http://app.huawei.com/isdp/ (Internet) according to the obtained information.
Step 3 In Carrier Navigation, select the ESDP product module.
Step 4 Choose Order Management > Entitlement Management from the left-hand navigation tree.
The Entitlement Management page is displayed.

Step 5 On the Entitlement Management page, enter the following conditions and click Search.
l Entitlement Type: Select The 3rd Party Software.
l Huawei Contract No.: Enter the 14-digit Huawei Contract No..
Step 6 View license information, select the required license, and click Download The 3rd Party
License.
Step 7 Download the license according to the right-hand button status.
l If the Download License button is orange, the license can be downloaded.
l If the Download License button is gray, the requirement has not been confirmed, and
you must wait for a period of time to download the license.
l If the Download License button is unavailable, the license cannot be downloaded.
l If the Reapply button is available, the license has been downloaded, and you can re-
apply for license download. After clicking this button, enter the approver and application
reason and sign a letter of commitment on the Reapply page. Then click Sure to
Download to download the license.
Step 8 After clicking the download button, verify that the information is consistent with information
about installed software. Select I have read already and enter Receiving E-mail address.
Then click Sure to Download.
Step 9 The related Huawei engineer sends the Veritas license obtained by email to the user.
NOTE
Keep the license properly. If the license is lost, you can re-download it only after being approved.
----End
A.7.1.2 How to Check the Veritas License
Question
How to check the Veritas license?
Answer
NOTE
Step 2 Run the following commands to query the details about the Veritas license.
# vxlicrep -e|egrep 'Global|VVR|Product Name|KEYLESS|VxVM'

NOTE
l The above message displayed is the Veritas 7.1.

l Red characters indicate the VCS. The Global Cluster Option (GCO) is Enabled and
VXKEYLESS is Disabled.
l Blue characters indicate the VxVM. The VxVM is Enabled and VXKEYLESS is Disabled.
l Green characters indicate the VVR. The VVR is Disabled and VXKEYLESS is Disabled.
l The value of VXKEYLESS is Disabled.
If the preceding four conditions are met, the license is a permanent formal license.
----End
A.7.2 Disk Maintenance

This topic describes the FAQs about disk maintenance.
A.7.2.1 How to Query the Disk Status
Question
How do I query the disk status during the maintenance of the HA system?
Answer
Step 1 Run the following command to view the disk status:
# vxdisk list
Assume there are two disks. The following message will be displayed on Solaris OS:
c1t0d0s2 auto:sliced disk01 datadg online
c1t1d0s2 auto:sliced disk02 datadg online

Assume there are eight disks. The following message will be displayed on SUSE Linux OS:
sda auto:none - - online invalid
sdb auto:sliced disk03 datadg online
sdc auto:sliced disk04 datadg online
Step 2 Check whether the disk status is online. If not, the disk status is abnormal.
NOTE
If the value of STATE of sda is online invalid and the values of STATE of sdb and sdc are online, the
disk group status is correct on SUSE Linux OS.
----End
A.7.2.2 How to Query the Status of the Disk Group
Question
How do I query the status of the disk group during the maintenance of the HA system?
Answer
Step 1 Run the following command to view the status of the disk group:
# vxdg list
A message similar to the following will be displayed on Solaris OS:

NAME STATE ID
rootdg enabled 1159119913.12.T5220227183
datadg enabled 1159119543.10.T5220227183
A message similar to the following will be displayed on SUSE Linux OS:

NAME STATE ID
datadg enabled 1335153278.7.linux
Step 2 Check whether the status of the disk group is enabled. If not, the disk group is abnormal.
On Solaris OS, in normal cases, a disk group such as the proceeding one rootdg must exist.
Otherwise, the disk group is partitioned incorrectly.
----End
A.7.2.3 How to Query the Status of the Disk Volume (Solaris & SUSE Linux)
Question
How do I query the status of the disk volume during the maintenance of the HA system?
Answer
Step 1 Run the following command to view disk volume names:
# vxprint -v
Disk group: datadg


v lv_backup fsgen ENABLED 838860800 - ACTIVE - -
v lvdata datarvg ENABLED 209715200 - ACTIVE - -
v srl datarvg ENABLED 209715200 SRL ACTIVE - -
NOTE
The lv_backup, lvdata, and srl under NAME are disk volume names.
Step 2 Run the following command to view the status of the disk volume:
For example, run the following command to view the status of the disk volume:
# vxprint -l lvdata
Disk group: datadg
Volume: lvdata
info: len=209715200
type: usetype=fsgen
assoc: rvg=datarvg
plexes=lvdata-01,lvdata-02
exports=(none)
flags: open writecopy writeback
apprecov: seqno=0/0
recov_id=0
device: minor=25001 bdev=199/25001 cdev=199/25001 path=/dev/vx/dsk/datadg/lvdata
guid: {41ad6708-b94f-11e2-875a-1a5d1918d772}
mediatype: hdd
In the command, VolumeName indicates the name of the disk volume. The name of the
current disk volume can be obtained through the vxprint -v command.
Table A-7 describes all fields about the status of the disk volume.
Table A-7 Fields about the disk volume status

Field Description
Disk group Indicates the disk group to which the disk volume belongs.
Volume Indicates the name of a disk volume.
Info Indicates the length of the disk volume.
type Indicates the type of the disk volume.
state Indicates the status of the disk volume. In normal cases, the situations
are as follows:
l state is ACTIVE.
l kernel is ENABLED.

Field Description
assoc Indicates the association relationship of the disk volume.

l rvg indicates the RVG of the disk volume.
l plexes indicates the plexes contained by the disk volume.
policies Indicates the management policy of the disk volume.
flags Indicates the flag of the disk volume.
logging Indicates the log of the disk volume. In normal cases, type is DCM.
apprecov Indicates the verification parameter of the disk volume.
recovery Indicates the recovery mode of the disk volume.
device Indicates the device ID and path of the disk volume.
perms Indicates the owner and right of the disk volume.
guid Indicates the sequence of stored data.
----End
A.7.3 Monitoring Active and Standby Sites

This topic describes how to monitor the status of active and standby sites by using the VCS or
the commands.
A.7.3.1 Checking the Data Replication Status

This topic describes how to check the data replication status of the active and standby sites.
Procedure
l In the Solaris or SUSE Linux OS:
a. Log in to the active site as the root user.
NOTE
b. Run the following command to check the data replication status of the active and
standby sites.
Primary:
Host name: 10.71.210.78
RVG name: datarvg
DG name: datadg
Data volumes: 4
VSets: 0

SRL name: lv_srl

SRL size: 3.00 G
Secondary:
Host name: 10.71.210.76
RVG name: datarvg
DG name: datadg
Logging to: SRL
Check whether the displayed information about the Data status is consistent, up-
to-date and that of Replication status is replicating (connected). If yes, it
indicates that the replication relation between the active site and the standby site is
normal. Otherwise, you need to create the replication relation again.
----End
A.7.3.2 Checking the Status of the Primary and Secondary Sites

This topic describes how to check the status of the all the resource groups on the primary and
secondary sites and the heartbeat status.
Procedure
Step 1 Log in to the primary site OS as the root user.
NOTE
Step 2 Run the following command to check the resource group status in the primary site:
# hagrp -state
According to the command output, AppService, ClusterService, and VVRService are

ONLINE for localclus in System, which indicates that the resource group status in the
primary site is normal.
Linux OS:
#Group Attribute System Value
AppService State linux-169Cluster:linux-169 |OFFLINE|
AppService State localclus:linux-168 |ONLINE|
ClusterService State localclus:linux-168 |ONLINE|
VVRService State localclus:linux-168 |ONLINE|
Solaris OS:
AppService State SecmasterCluster:Secmaster |OFFLINE|
AppService State localclus:Primaster |ONLINE|
ClusterService State localclus:Primaster |ONLINE|
VVRService State localclus:Primaster |ONLINE|
Step 3 Run the following command to check the heartbeat status in both primary and secondary sites:
# hares -state
According to the displayed information, the wac is ONLINE for localclus in System, which
indicates that the heartbeat status between the primary and secondary sites is normal.

Linux OS:
APPBOND State linux-169Cluster:linux-169 ONLINE
APPBOND State localclus:linux-168 ONLINE
BackupServer State linux-169Cluster:linux-169 OFFLINE
BackupServer State localclus:linux-168 ONLINE
DatabaseServer State linux-169Cluster:linux-169 OFFLINE
DatabaseServer State localclus:linux-168 ONLINE
NMSServer State linux-169Cluster:linux-169 OFFLINE
NMSServer State localclus:linux-168 ONLINE
RVGPrimary State linux-169Cluster:linux-169 OFFLINE
RVGPrimary State localclus:linux-168 ONLINE
datarvg State localclus:linux-168 ONLINE
mountRes State linux-169Cluster:linux-169 OFFLINE
mountRes State localclus:linux-168 ONLINE
wac State localclus:linux-168 ONLINE
Solaris OS:
BackupServer State SecmasterCluster:Secmaster OFFLINE
BackupServer State localclus:Primaster ONLINE
DataFilesystem State SecmasterCluster:Secmaster OFFLINE
DataFilesystem State localclus:Primaster ONLINE
DatabaseServer State SecmasterCluster:Secmaster OFFLINE
DatabaseServer State localclus:Primaster ONLINE
NMSServer State SecmasterCluster:Secmaster OFFLINE
NMSServer State localclus:Primaster ONLINE
RVGPrimary State SecmasterCluster:Secmaster OFFLINE
RVGPrimary State localclus:Primaster ONLINE
datarvg State localclus:Primaster ONLINE
wac State localclus:Primaster ONLINE
Step 4 Log in to the secondary site OS as the root user.

NOTE
Step 5 Run the following command to check the resource group status in the secondary site:
# hagrp -state
According to the command output, AppService is OFFLINE, ClusterService and

VVRService are ONLINE for localclus in System, which indicates that the resource group
status in the secondary site is normal.
Linux OS:
AppService State linux-168Cluster:linux-168 |ONLINE|
AppService State localclus:linux-169 |OFFLINE|
ClusterService State localclus:linux-169 |ONLINE|
VVRService State localclus:linux-169 |ONLINE|
Solaris OS:
AppService State PrimasterCluster:Primaster |ONLINE|
AppService State localclus:Secmaster |OFFLINE|
ClusterService State localclus:Secmaster |ONLINE|
VVRService State localclus:Secmaster |ONLINE|
Step 6 Run the following command to check the heartbeat status in both primary and secondary sites:
# hares -state
According to the displayed information, the wac is ONLINE for localclus in System, which
indicates that the heartbeat status between the primary and secondary sites is normal.

Linux OS:
APPBOND State linux-168Cluster:linux-168 ONLINE
APPBOND State localclus:linux-169 ONLINE
BackupServer State linux-168Cluster:linux-168 ONLINE
BackupServer State localclus:linux-169 OFFLINE
DatabaseServer State linux-168Cluster:linux-168 ONLINE
DatabaseServer State localclus:linux-169 OFFLINE
NMSServer State linux-168Cluster:linux-168 ONLINE
NMSServer State localclus:linux-169 OFFLINE
RVGPrimary State linux-168Cluster:linux-168 ONLINE
RVGPrimary State localclus:linux-169 OFFLINE
datarvg State localclus:linux-169 ONLINE
mountRes State linux-168Cluster:linux-168 ONLINE
mountRes State localclus:linux-169 OFFLINE
wac State localclus:linux-169 ONLINE
Solaris OS:
BackupServer State PrimasterCluster:Primaster ONLINE
BackupServer State localclus:Secmaster OFFLINE
DataFilesystem State PrimasterCluster:Primaster ONLINE
DataFilesystem State localclus:Secmaster OFFLINE
DatabaseServer State PrimasterCluster:Primaster ONLINE
DatabaseServer State localclus:Secmaster OFFLINE
NMSServer State PrimasterCluster:Primaster ONLINE
NMSServer State localclus:Secmaster OFFLINE
RVGPrimary State PrimasterCluster:Primaster ONLINE
RVGPrimary State localclus:Secmaster OFFLINE
datarvg State localclus:Secmaster ONLINE
wac State localclus:Secmaster ONLINE
----End
A.7.3.3 Manual Switchover Between Active and Standby Sites

Prerequisites
Ensure that the following prerequisites are met before performing the operation.
l The heartbeat connection between the active site and the standby site is normal.
l The data replication between the active site and the standby site is normal.
l The active site and the standby site are normal and no fault occurs. If there is a fault tag,
clear it by running the following command:
hares -clear <resource_name> [-sys hostname]
Command example:
Context
After the active site is switched over to the standby site, the original standby site in the cluster
changes to the active site. In addition, the replication relation between the active site and the
standby site is repaired and the replication direction is specified again.

NOTICE
Procedure
Step 1 Check the replication status.
1. Log in to the active site as the root user.
NOTE
2. Run the following command to check the data replication status of the active sites.
In the Solaris or SUSE Linux OS:
# vradmin -g <diskgroupname> repstatus <rvgname>
Command example:
Primary:
Host name: 10.71.210.78
RVG name: datarvg
DG name: datadg
Data volumes: 4
VSets: 0
SRL name: lv_srl
SRL size: 3.00 G
Secondary:
Host name: 10.71.210.76
RVG name: datarvg
DG name: datadg
Logging to: SRL
NOTE
You can perform the active/standby replication switchover only when Data status is consistent,
up-to-date.
Step 2 To perform manual switchover between the primary and secondary sites.
Use commands:

l To switch over the U2000 and database applications from the primary site to the
secondary site, run the following command on the secondary site as the root user:
l To switch over the U2000 and database applications from the secondary site to the
primary site, run the following command on the primary site as the root user:
NOTE
Run the hastatus -sum command as the root user to check the service status and service group status.
Use GUI:
1. Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite Client.
2. Choose Deploy > Monitor HA Status from the main menu. The Monitor the Status
3. Optional: Click View to view the historical records of the primary and secondary sites.
NOTE
The status of each HA system indicator is displayed. You can click detail info to view details or
4. Click check now to view the current information about the primary and secondary sites.
NOTE
– It takes three to five minutes to check the HA system status.

– After the check, you can view the check results, details, and suggestions in the HA Status dialog
box.
– The check results are saved as .xml files in /opt/oss/engr/engineering/ha_review/result. The name
of the latest check result file contains the word new. For example,
ha_review_result_20150421165146.xml. In this example, 20150421165146 indicates the time when
the HA system status is checked. You can run the following commands to check the file
information:
5. Click Switch to Secondary to switch to the secondary site.
----End
A.7.4 System Settings

This topic describes the FAQs about the system settings in the HA system.
A.7.4.1 What Are the Reasons for Automatic Switching
Question
What are the reasons for automatic switching?
Answer
Generally, the causes of a failover on an HA system are as follows:
l Cause 1: A resource in the AppService resource group does not function properly. After
the failover is complete, the HA system enters the Fault switching state.

NOTE
l If you manually stop the following resources, the HA system switchover is not triggered.
l BackupServer is used to monitor the backup database server process. If the backup database
server is faulty, the HA system switchover is not triggered.
Table A-8 Resources in the AppService resource group
Name
NMSServer Used to monitor key U2000 processes. If a key U2000 process

does not function properly, the U2000 automatically restart the
process for three times. If three attempts fail, a failover occurs on
the HA system. The HA system supports only the method of
viewing non-key processes.
NOTE
To view non-key processes in standard mode and maximum mode, run the
following command:
$ cat process_std
$ cat process_max
DatabaseServer Used to monitor database server processes. If the database server

does not function properly, a failover occurs on the HA system.
DataFilesystem Used to monitor the lv_nms_data volume. If the lv_nms_data

volume does not function properly, a failover occurs on the HA
system.
RVGPrimary Used to monitor the RVG on the local site. If the RVG on the local
site does not function properly, a failover occurs on the HA system.
appNIC Used to monitor the NIC associated with the U2000 application IP
(Solaris) address. If the NIC does not function properly, a failover occurs on
APPBOND (PC the HA system.
Linux) NOTE
l For Solaris HA system, if an independent NMS application IP address
without IPMP has been configured, the VCS does not monitor this
resource.
l For Solaris HA system, if the system IP address without IPMP is used
as the NMS application IP address, not the heartbeat or replication IP
address, the VCS does not monitor this resource.
l Cause 2: The U2000 on the primary site abnormally powers off, has a hardware fault, or
is broken down. A hardware fault may occur because of disasters such as earthquake,
tsunami, or flood. The U2000 may be broken down because the operating system is
damaged. After the failover is complete, the HA system enters the Fault switching state.
l Cause 3: The interval for interruption of heartbeat connections between the primary and
secondary sites exceeds 600 seconds, the HA system enters the Primary-primary state.

NOTE
For Solaris HA system, if a separate heartbeat network and a separate replication network have
been configured, the heartbeat between the primary and secondary sites uses the replication
network if the communication on the heartbeat network is interrupted. In this scenario, the HA
system status changes from Normal state to Primary-primary state only if the communication on
both the heartbeat and replication networks has been stopped for more than about 600 seconds.
A.7.4.2 How to Query the RVG Status (Solaris, PC Linux)
Question
How do I query the RVG status?
Answer
Step 1 Log in to the primary site as user root.
NOTE
Step 2 Run the following command to view the RVG status of the active site:
# vxprint -Vl

Disk group: datadg
Rvg: datarvg
info: rid=0.1269 version=4 rvg_version=30 last_tag=3
state: state=ACTIVE kernel=ENABLED
assoc: datavols=lv_nms_data
srl=srl_vol
rlinks=datarlk
exports=(none)
vsets=(none)
att: rlinks=datarlk
flags: closed primary enabled attached
datarvg
Table A-9 describes the RVG status of the primary site.
Table A-9 RVG status of the primary site

Field Description
Disk group Indicates the disk group where the RVG is located.
Rvg Indicates the name of the RVG.
info Indicates the information about the RVG.
state Indicates the status of the RVG. In normal cases, the situations are as
follows:
l state is set to ACTIVE.
l kernel is set to ENABLED.

Field Description
assoc Indicates the association information about the RVG.

l datavols indicates the data disk volume that the RVG contains.
l srl indicates the SRLog disk volume that the RVG contains.
l rlinks indicates the RLink that the RVG contains.
att Indicates the activated Rlink of the RVG.
flags Indicates the flag of the RVG. In normal cases, the value is closed primary
enabled attached.
device Indicates the device information of the RVG, including the device ID and
path.
perms Indicates the right information about the RVG.
Step 3 Log in to the secondary site as user root.

NOTE
Step 4 Run the following command to view the RVG status at the secondary site:
# vxprint -Vl

Disk group: datadg
Rvg: datarvg
srl=srl_vol
rlinks=datarlk
exports=(none)
vsets=(none)
att: rlinks=datarlk
flags: closed secondary enabled attached
datarvg
For the description of the RVG status on the secondary site, see Table A-9. Normally, flags on
the secondary site is closed secondary enabled attached.
----End
A.7.4.3 How to Query the Rlink Status (Solaris, PC Linux)
Question
How do I query the Rlink status?

Answer
Step 1 Log in to the primary site as the root user.
NOTE
Step 2 Run the following command to view Rlink names:

# vxprint -Pl

Disk group: datadg
Rlink: datarlk
info: timeout=500 packet_size=8400 rid=0.1113
latency_high_mark=10000 latency_low_mark=9950
bandwidth_limit=none
state: state=ACTIVE
synchronous=off latencyprot=off srlprot=autodcm
assoc: rvg=datarvg
remote_host=192.168.10.82 IP_addr=192.168.10.82 port=4145
remote_dg=datadg
remote_dg_dgid=1356843347.7.linux
remote_rvg_version=30
remote_rlink=datarlk
remote_rlink_rid=0.1113
local_host=192.168.10.137 IP_addr=192.168.10.137 port=4145
protocol: UDP/IP
flags: write enabled attached consistent connected
NOTE
The datarlk in Rlink is an Rlink name.
Step 3 Run the following command to query the RLink status:
# vxprint -Pl <rlinkName>
For example, run the following command to query the status of datarlk:
# vxprint -Pl datarlk

Disk group: datadg
Rlink: datarlk
info: timeout=500 rid=0.1414
bandwidth_limit=none checksum=on
state: state=ACTIVE
assoc: rvg=datarvg
remote_dg=datadg
remote_dg_dgid=1160936796.6.T522022456
protocol: UDP/IP
flags: write enabled attached consistent connected asynchronous
Table A-10 describes the Rlink status on the primary site.

Table A-10 Rlink status on the primary site

Field Description
Disk group Indicates the disk group where the Rlink is located.
Rlink Indicates the name of the Rlink.
info Indicates the information about the Rlink.

l timeout indicates the timeout period.
l rid indicates the ID of the Rlink.
l latency_high_mark indicates the highest delay flag.
l latency_low_mark indicates the lowest delay flag.
l bandwidth_limit indicates the bandwidth limit.
state Indicates the status of the Rlink. In normal cases, the situations are as
follows:
l state is set to ACTIVE.
l synchronous is set to off.
l latencyprot is set to off.
l srlprot is set to autodcm.
assoc rvg Indicates the RVG where the Rlink is located.
remote_host Indicates the name of the remote host.
IP_addr Indicates the IP address of the remote host.
remote_dg Indicates the remote disk group.
port Indicates the port number of the remote host.
remote_dg_dgid Indicates the ID of the remote disk group.
remote_rvg_version Indicates the RVG version of the remote host.
remote_rlink Indicates the Rlink name of the remote host.
remote_rlink_rid Indicates the Rlink ID of the remote host.
local host Indicates the name of the local host.
protocol Indicates the protocol for synchronizing data. The protocols configured on
the primary and secondary sites must be the same.
flags Indicates the flag of the Rlink. Normally, the value is write enabled
attached consistent connected asynchronous.
Step 4 Log in to the secondary site as user root.

NOTE
Step 5 Run the following command to query the Rlink status:

# vxprint -Pl <rlinkName>
For example, run the following command to query the datarlk status:
# vxprint -Pl datarlk

Disk group: datadg
Rlink: datarlk
info: timeout=500 rid=0.1405
bandwidth_limit=none checksum=on
state: state=ACTIVE
assoc: rvg=datarvg
remote_dg=datadg
remote_dg_dgid=1160936853.6.T522022448
protocol: UDP/IP
flags: write enabled attached consistent connected
For the description of the Rlink status on the secondary site, see Table A-10.
----End
A.7.4.4 How to Query the VVR Status (Solaris, PC Linux)
Question
How do I query the VVR status during the maintenance of the Veritas HA system?
Answer
Step 1 Run the following command to view the rvg name of the replication system:
# vradmin printrvg

Primary:
HostName: 10.71.224.48
RvgName: datarvg
DgName: datadg
Secondary:
HostName: 10.71.224.50
RvgName: datarvg
DgName: datadg
In the preceding message, the rvg name (RvgName) is datarvg.
Step 2 Run the following command to view the Rlink name of the replication system. The parameter
datarvg is obtained in Step 1.
# vxprint -l datarvg

Disk group: datadg
Rvg: datarvg
srl=srl_vol
rlinks=datarlk
exports=(none)
vsets=(none)
att: rlinks=datarlk
flags: closed primary enabled attached
datarvg
In the preceding message, the Rlink name (Rlink) is datarlk.
Step 3 Run the following commands to view other status information of the replication system. The
parameters datarvg and datarlk are obtained in Step 1 and Step 2.
l Run the # vxdisk list command to query the disk status.
l Run the # vxdg list command to query the status of the disk group.
l Run the # vxprint -ht command to query the information about the disk volume.
l Run the # vxprint -l datarvg command to query the RVG status.
l Run the # vxprint -l datarlk command to query the Rlink status.
l Run the # vxrlink -g datadg status datarlk command at the primary site to query the
replication cache status.
Save the response to the preceding commands.
----End
A.7.4.5 How to check whether the VCS service has been started
Question
How to check whether the VCS service has been started?
Answer
Step 1 Run the following command to check whether the VCS service has been started:
# ps -ef | grep had

root 5852 1 0 07:14:51 ? 0:00 /opt/VRTSvcs/bin/hashadow
root 5842 1 0 07:14:45 ? 1:36 /opt/VRTSvcs/bin/had -onenode
NOTE
If the displayed information contains /opt/VRTSvcs/bin/hashadow and /opt/VRTSvcs/bin/had -
onenode, the VCS service has been started.
----End

A.7.4.6 How to Manually Start the VCS Service (Solaris, PC Linux)
Question
How do I manually start the VCS service?
Answer
NOTE
Step 2 Run the following command to start the VCS processes:

# hastart -onenode
----End
A.7.4.7 How to Manually Start the VVR (Solaris, PC Linux)
Question
How do I manually start the VVR?
Answer
NOTE
Step 2 Run the following commands to start the VVR:

# cd /etc/init.d
# ./vras-vradmind.sh start
----End
A.7.4.8 How to Manually Stop the VCS Service (Solaris, PC Linux)
Question
How do I manually stop the VCS service (Solaris & SUSE Linux)?
Answer
NOTE

Step 2 Run the following command to check whether the VCS service has been started:
# ps -ef | grep had

NOTE
onenode, the VCS service has been started. Perform Step 3. Otherwise, the follow-up operation is not
required.
Step 3 Optional: Run the following command to stop the VCS service:
----End
A.7.4.9 How to Solve the Problem Where the Communications between the
Primary Site and the Secondary Site Are Interrupted After the HA System Is Set
Up
Question
After the HA system is set up, the communications between the primary site and secondary
site are interrupted. As a result, the primary-primary state occurs and the replication status
between the primary site and the secondary site is abnormal. How do I restore the normal HA
system relationship?
Answer
Step 1 Check the connection status of the network port or network cables of the primary site. Then,
restore the normal communications at the primary site.
Step 2 Check the resource group status in the primary site.

1. Log in to the primary site OS as the ossuser user using the Putty and run the following
command to switch to the root user:
2. Run the following command to check the resource group status in the primary site:
# hagrp -state
According to the command output, AppService, ClusterService, and VVRService are

ONLINE for localclus in System, which indicates that the resource group status in the
primary site is normal.
AppService State linux216154Cluster:linux216154 |OFFLINE|
AppService State localclus:linux216212 |OFFLINE|
ClusterService State localclus:linux216212 |FAULT|
VVRService State localclus:linux216212 |FAULT|
Step 3 Run the following commands to clear resource group error information:
# hagrp -clear ClusterService -sys Primary
# hagrp -clear VVRService -sys Primary
NOTE
The format of the command used to clear resource group error information is as follows:
# hagrp -clear resource group name -sys host name

Step 4 Run the following commands to get a resource group online:

# hagrp -online ClusterService -sys Primary
# hagrp -online VVRService -sys Primary
NOTE
The format of the command used to get a resource group online is as follows:
# hagrp -online resource group name -sys host name
Step 5 In the secondary site, log in to the MSuite client and choose Deploy > Force local site be
primary.
Step 6 Click OK. In this case, the primary and secondary relationship in the HA system has been
restored, and the U2000 programs are running in the secondary site.
----End
A.7.4.10 How to Start/Stop the NMS Before Synchronizing the Primary and
Secondary Sites (Solaris, PC Linux)
Question
How to start/stop the NMS before synchronizing the primary and secondary sites of a high
availability system (Solaris, PC Linux)?
Answer
l CLI mode:
a. Log in to the OS as the root user through Putty.
NOTE
b. Run the following commands to start the U2000 server:
# haconf -makerw > /dev/null 2>&1
NOTE
To stop the U2000 service, run the following command:
----End
A.7.4.11 How Do I Ensure Proper Connections to VVR and MSuite Ports on the
Primary and Secondary Sites
Question
How do I ensure proper connections to VVR and MSuite ports on the primary and secondary
sites?

Answer
Step 1 Check whether a firewall has been set on the network between the primary and secondary
sites. If a firewall has been set, permit VVR and MSuite ports into the firewall.
Step 2 On the primary and secondary sites, log in to the OS as the ossuser user.
Step 3 On the primary and secondary sites, verify that the SFTP port and VVR ports used by the peer
site can be connected.
NOTE
l Port 22 is SFTP port.

l Ports 4145, 8199, and 8989 are VVR ports.
The following uses port 8199 as an example.
1. Run the following commands to check whether the SFTP port and VVR ports used by
the peer site can be connected:
$ cd /opt/oss/engr/engineering/tool/OSSICMR/bin
$ ./Hacheck.sh Peer site application IP address
$ exit
Enter the password for the ossuser user used by the peer site.
– Information similar to the following is displayed, SFTP port and VVR ports
connected successfully.
The SFTP service is normal.
-----------------------------
Connection closed by foreign host.
Port 4145 is connected successfully.
......
– If ports 22, 4145, 8199, and 8989 all fail to be connected, go to step Step 3.2.
2. Switch to the root user and run the following commands to view the PID of the process
that uses the port:
$ su - root
– On Linux OS, run the following command:

# netstat -ntlp | grep -w 8199

tcp 0 0 :::8199 :::*
LISTEN 979/
– On Solaris OS, run the following commands:

# cd /proc
# pfiles * > /tmp/proc.txt
# more /tmp/proc.txt

979: /opt/oss/server/conf/../bin/DmsSyslogCollector
Current rlimit: 4096 file descriptors
13: S_IFREG mode:0644 dev:32,88 ino:52929 uid:0 gid:0 size:892888
O_WRONLY|O_CREAT|O_TRUNC
/opt/oss/server/conf/log/DmsSyslogCollector20080226_133400.log
14: S_IFSOCK mode:0666 dev:323,0 ino:22704 uid:0 gid:0 size:0
O_RDWR
SOCK_DGRAM
SO_SNDBUF(57344),SO_RCVBUF(57344)

sockname: AF_INET 0.0.0.0 port: 8199
Port 8199 is used by the process 979.

3. View the process.
# ps -ef |grep 979

root 20161 2440 0 14:56:37 pts/1 0:00 grep 979
root 979 25685 0 Feb 20 ? 8:17 /opt/oss/server/conf/../bin/
DmsSyslogCollector
Process 979 is DmsSyslogCollector.

4. Run the kill PID command to stop the process after confirming that it can be stopped.
NOTICE
Stop the process only after you confirm that it can be stopped. Otherwise, the U2000
may fail to run properly.
Step 4 On the primary and secondary sites, verify that the MSuite ports can be connected.
NOTE
l Ports 12212, 12213, 12214, and 12215 are MSuite ports.

l The following uses port 12212 as an example.
1. Run the following commands to check whether MSuite ports are occupied:
– On Linux OS, run the following command:
# netstat -ntlp | grep -w 12212
n If no command output is returned, the ports are not occupied and can be
connected.
n If a command output is returned and contains the information below, the ports
are occupied by process 979. Then go to step Step 4.2.
tcp 0 0 :::12212 :::*
LISTEN 979/
– On Solaris OS, run the following commands:

# cd /proc
# pfiles * > /tmp/proc.txt
# more /tmp/proc.txt
n If a command output is returned but does not contain the information below,
the ports are not occupied and can be connected.
n If a command output is returned and contains the information below, the ports
are occupied by process 979. Then go to step Step 4.2.
979: /opt/oss/server/conf/../bin/DmsSyslogCollector
Current rlimit: 4096 file descriptors
13: S_IFREG mode:0644 dev:32,88 ino:52929 uid:0 gid:0 size:892888
O_WRONLY|O_CREAT|O_TRUNC
/opt/oss/server/conf/log/DmsSyslogCollector20080226_133400.log
14: S_IFSOCK mode:0666 dev:323,0 ino:22704 uid:0 gid:0 size:0
O_RDWR
SOCK_DGRAM

SO_SNDBUF(57344),SO_RCVBUF(57344)
sockname: AF_INET 0.0.0.0 port: 12212
2. View the process.

# ps -ef |grep 979

root 20161 2440 0 14:56:37 pts/1 0:00 grep 979
root 979 25685 0 Feb 20 ? 8:17 /opt/oss/server/conf/../bin/
DmsSyslogCollector
Process 979 is DmsSyslogCollector.

3. Run the kill PID command to stop the process after confirming that it can be stopped.
NOTICE
Stop the process only after you confirm that it can be stopped. Otherwise, the U2000
may fail to run properly.
----End
A.8 SQL Server Database

This topic describes the FAQs about the SQL server database.
A.8.1 How to Change the user sa Password of the SQL Server
Question
How to change the sa password if you forget to set the password during the installation or if
you want to change the password?
NOTE
l U2000 has been installed, you must use the MSuite instead of the Sybase database to manually
change the sa user password.
l The NMS processes are ended. See A.11.8 How to End the Processes of the U2000 Single-Server
System on Windows to end the NMS processes if they are running.
l The database is running. See A.8.4 How to Start the SQL Server Database to start the database if
it is not running.
Answer
Step 2 On the MSuite client, choose Deploy > Change Database Administrator Password. The
Change Password dialog box is displayed.
Step 3 Enter the old password and new password.

NOTICE
l Be sure to remember the password of user sa. If this password is missed, database-related
operations may fail to be performed.
l The database sa user password must meet the following requirements, please set the new
password as required:
– The password contains a minimum of eight characters and a maximum of 30
characters.
– The password must contain at least four of the following combinations:
n At least one lower-case letter
n At least one upper-case letter
n At least one digit
n At least one special character ~@#^*-_+[{}]:./?
Other special characters are not supported. Do not include other special
characters, such as ()|<>&`!$\"%'=;,space in passwords.
– The password must be different from the user name or the user name in reverse order
and cannot contain the complete user name (case-insensitive).
Step 4 Click OK. The password is changed.

NOTE
l If the following information is displayed, the database administrator password has been changed
successfully.
Succeeded in changing the password.
After changing the database administrator password, start U2000 server processes.
l In Windows 2008 OS, if the above operations are right, but the message Change the password
failed. or a message indicating that the password is too newest is displayed, Please log in Windows
2008 OS. Then, click Start > All Programs > Microsoft SQL Server 2008 > SQL Server
Management Studio, connect the server as sa user. Select the Security > Logins from the
navigation tree, double-click sa. Clear the selection of the Enforce password policy in the Login
Properties dialog box.
----End
A.8.2 How to Expand the master Database

Question
How to expand the master database?
Answer
Studio. The Connect to Server window is displayed. Set parameters according to the
following information and then click Connect.
l Server type: Database Engine
l Server name: DBSVR
l Authentication: Windows Authentication

Step 2 In the Enterprise Manager of the SQL server, select the master database, right-click, and then
choose Properties.
Step 3 In the dialog box that is displayed, click the Data Files tab, modify the database size in the
Space allocated(MB) area, and then select the Unrestricted file growth option button.
Step 4 Click the Transaction Log tab, modify the database size in the Space allocated(MB) area,
and then select the Unrestricted file growth option button.
Step 5 Check whether the modified database size is proper, and click OK.
Step 6 Restart the database.
----End
A.8.3 How to Shut Down the SQL Server Database
Question
How do I shut down the SQL server database?
Answer
Step 2 Perform the following operations to ensure that the SQL Server database has been stopped.
Right-click SQL Server (MSSQLSERVER) and check whether the shortcut menu option
Stop is grayed out.
l If Stop is grayed out, the SQL Server database is stopped.

l If Stop is not grayed out, the SQL Server database is not stopped. Right-click SQL
Server (MSSQLSERVER) and choose Stop from the shortcut menu.
----End
A.8.4 How to Start the SQL Server Database
Question
How do I start the SQL server database?
Answer
Step 2 Perform the following operations to ensure that the SQL Server database has been started.
Right-click SQL Server (MSSQLSERVER) and check whether the shortcut menu option
Start is grayed out.
l If Start is grayed out, the SQL Server database is started.

l If Start is not grayed out, the SQL Server database is stopped. Right-click SQL Server
(MSSQLSERVER) and choose Start from the shortcut menu.
----End
A.8.5 How to Change the sa User Password If the U2000 Is Not

Installed
Question
How to change the sa user password if the U2000 is not installed?
NOTE
The following method applies to the scenario where the U2000 is not installed. If the operating system
has the U2000 installed and a user forgets the sa user password, contact Huawei technical support
engineers.
Answer
Studio. The Connect to Server window is displayed. Set parameters according to the
following information and then click Connect.
l Server type: Database Engine
l Server name: DBSVR
l Authentication: Windows Authentication
Step 2 Choose Security > Logins of the local server in the navigation tree. Then, select sa, right-
click it, and choose Properties from the shortcut menu.
Step 3 Change the password of user sa and click OK.

NOTICE
characters.
----End
A.8.6 How to Check Whether the SQL Server Database Can Be

Sorted in Binary Mode
Question
When you install the SQL Server database, you need to select the binary mode as the sorting
mode. How do I check whether the SQL Server database can be sorted in binary mode?
Answer
Step 1 Perform the following operations to ensure that the SQL Server database has been started.
Choose Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL
Server Configuration Manager, choose SQL Server Services from the navigation tree,
right-click SQL Server (MSSQLSERVER) in the right pane, check whether the shortcut
menu option Start is grayed out.
l If Start is grayed out, the SQL Server database is started.

l If Start is not grayed out, the SQL Server database is stopped. Right-click SQL Server
(MSSQLSERVER) and choose Start from the shortcut menu.
Step 2 Run the following commands at the command prompt:

C:\> isql -Usa -SDBSVR
NOTE
Password:

1> sp_helpsort
2> go
NOTE

l The prompt C:\> varies according to on-site conditions. If the system is logged in to as the dbuser
user, the default prompt is C:\Users\dbuaer>. You can run the cd command to switch the
directory. A command example is
Step 3 If the displayed information includes binary sort, the database is sorted in binary mode. If the
displayed information does not include binary sort, the database is not sorted in binary mode.
Then, run the quit command.
----End
A.8.7 How to Check the Name of the SQL Server Database Server
Question
How to check the name of the SQL Server database server?
Answer
Server Configuration Manager > SQL Native Client 10.0 Configuration.
Step 2 Click the Aliases tab page to check the name of the SQL Server database server.
----End
A.8.8 How to Check the Version of the SQL Server Database

Server
Question
How to Check the Version of the SQL Server Database Server?
Answer
Step 3 In the CLI, run the following commands to check the database version information:

NOTE

l The prompt C:\> varies according to on-site conditions. If the system is logged in to as the dbuser
user, the default prompt is C:\Users\dbuaer>. You can run the cd command to switch the
directory. A command example is
1> select @@version
2> go
l In Windows Server 2008, if the database version is correct, information similar to the
following is displayed:
----------------------------------------------------------------- Microsoft
SQL Server 2008 (SP4) - 10.0.6241.0 (X64) Apr 17 2015 10:56:08 Co pyright (c)
1988-2008 Microsoft Corporation Enterprise Edition (64-bit) on Windows NT 6.1
<X64> (Build 7601: Service Pack 1) (1 row affected)
If the database version is not 10.0.6241.0, you must reinstall the database patch or
contact Huawei technical support engineers.
----End
A.8.9 How to Create a Replacement User for the SQL Server 2008
Database Administrator sa User
This topic describes how to disable the SQL Server 2008 database administrator (sa user by
default) and create a replacement user for the database administrator. Disabling the default
database administrator reduces potential security risks.
Prerequisites
l The database administrator sa has exited from the connection.
l The U2000 is stopped. For details about how to check whether the U2000 is stopped, see
3.2.1 Stopping the U2000 Server Processes.
l The database is started. For details about how to check whether the database is started,
see 2.1.2 Starting the Database.
l The MSuite is stopped.For details about how to end processes on the MSuite
server,seeA.10.3 How to End Processes on the MSuite Server
Context
l To reduce the probability of security threats, you can disable the database administrator,
create a new database user to replace the database administrator, and assign the new user
with the same permissions as the database administrator.
l You can only manually disable the sa user and create a replacement user for the sa user
only after the U2000 is installed or upgraded.
Procedure


Step 4 Perform the following operations to disable the sa user and create a new user to replace the sa
user.
1. Run the following commands to disable the sa user and create a new administrator:
> cd /d D:\oss\server\platform\bin
> sec_adm -cmd modifyDBAUserName -oldname sa -newname dbadmin
NOTE
– D:\oss: U2000 installation directory.

– sa: the current database administrator
– dbadmin: the database administrator to be created. The dbadmin user is used as an example of
the new administrator of the database. The administrator name can be customized as required.
The customized user name must start with a letter and can contain lower-case letters, digits,
and special character _. The length of the customized user name must be less than 17
characters.
– If the created user dbadmin already exists, this command assigns permissions to the new
database administrator.
The following is displayed:
Warning: After this operation is successfully performed, the current database
administrator account fails.
2. Input yes.
Enter the password of the sa user:
3. Enter the password of the sa user as prompted.

NOTE
The default password of the sa user is Changeme_123.
If the following information is displayed, the replacement user for the sa user is created
successfully.
The command is executed successfully.
NOTE
The new database administrator dbadmin uses the same password as the sa user. In fact, the sa
user is renamed without resetting the password.
----End
Result
Check whether the replacement user for the sa user is successful.
1. Log in to the OS as a user with administrator rights.
4. Run the following commands to check whether the sa user is disabled.
> isql -Usa -SDBSVR

Password:
Enter the password of the sa user.

If information similar to the following is displayed, the sa user is disabled.
Login failed for user 'sa'.
5. In the CLI, run the following commands to check whether the dbadmin user is created
successfully:

> isql -Udbadmin -SDBSVR
If information similar to the following is displayed, enter the password of the dbadmin
user.
Password:
If the database can be connected properly, the dbadmin user is created successfully.
Follow-up Procedure
If the database administrator sa needs to be restored, refer to the preceding operations to
disable the existing database administrator and use the sa user as the new database
administrator.
NOTICE
If the password of the new database administrator has been changed after the sa user is
disabled, restore the password to the one used when the sa user is still enabled. Otherwise, the
database may be unavailable after the database administrator sa is restored.
A.8.10 How Do I Activate the Microsoft SQL Server Database
Question
After obtaining the product key for Microsoft SQL Server, how do I install the database?
Answer
Step 1 Log in to the OS on which Microsoft SQL Server runs.
Server Installation Center(64 bit).
Step 3 In the SQL Server Installation Center dialog box, choose Maintenance from the navigation
pane and click Editor Upgrade in the right pane.
Step 4 After the SQL Server 2008 Setup dialog box is displayed, wait for 5 minutes. Then click
OK. In the Product Key dialog box, enter the product key you have obtained.
Step 5 Click Next. Keep the default settings until the installation is finished.
----End
A.8.11 How Do I Change the IP Address Bound to an SQL Server

Database Port to 127.0.0.1
Question
How do I change the IP address bound to an SQL server database port to 127.0.0.1?

Answer
Step 1 Log in to the OS as an administrator. Choose Start > All Programs > Microsoft SQL
Server 2008 > Configuration Tools > SQL Server Configuration Manager > SQL Server
Network Configuration > Protocols for MSSQLSERVER.
Step 2 Double-click TCP/IP. The TCP/IP Properties dialog box is displayed.
Step 3 Click the Protocol tab. Select No for Listen All under General.
Step 4 Click the IP Address tab. Select Yes for Enabled under the IP address of 127.0.0.1.
Step 5 Click OK. In the Warning dialog box displayed indicating that the settings take effect only
after the database is restarted, click OK.
28,788 K
21,400 K
41,216 K
11,688 K
23,112 K
35,408 K
python.exe 34552 Services 0
18,736 K
httpd.exe 23320 Services 0
11,220 K
java.exe 8276 Services 0
100,712 K
httpd.exe 21160 Services 0
16,756 K
U2000 process.If information similar to the following is displayed, the database has
to be started. For details, see 2.1.2 Starting the Database. Then, execute the
NOTE

Step 7 Restart the database.

1. Choose Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools >
SQL Server Configuration Manager > SQL Server Services.
2. Right-click SQL Server (MSSQLSERVER) and choose Restart(T) from the shortcut
menu.
----End

A.9 Sybase Database

This topic covers FAQs about the Sybase database.
A.9.1 Startup and Shutdown of the Sybase Database

This topic describes the FAQs about the startup and shutdown of the Sybase database.
A.9.1.1 How to Disable the Sybase Database Service
Question
How do I disable the Sybase database service?
Answer
Step 1 Perform the following operations to disable the Sybase database service in the single-server
system:
1. Log in to the OS as user ossuser.
2. Run the following commands to disable the Sybase database service:
# su - dbuser
NOTE
Enter the password of the database administrator as prompted.

1> shutdown SYB_BACKUP 2> go 1> shutdown 2> go
the HA system:
NOTE
$ su - root


NOTE
----End
A.9.1.2 How to Start the Sybase Database Service
Question
How do I start the Sybase database service?
Answer
l Perform the following operations to start the Sybase database service in the single-server
system:
a. Log in to the OS as user ossuser.
b. Run the following commands to start the Sybase database service:
# su - dbuser
c. Run the following command to check whether the Sybase database service is
running:
$ ./showserver

dbuser 4195 4170 0 18:42:26 ? 70:35 /opt/sybase/
ASE-15_0/bin/dataserver -ONLINE:1,0,0x6505fd2a, 10000000000, 0x18fc
ASE-15_0/bin/backupserver -SDBSVR_back -e/opt/sybase/ASE-15_0/install
ASE-15_0/bin/dataserver -sDBSVR -d/opt/sybase/data/lv_master -e/opt
NOTE
If the displayed information contains /opt/sybase/ASE-15_0/bin/dataserver -

ONLINE, /opt/sybase/ASE-15_0/bin/backupserver -SDBSVR_back and /opt/sybase/
ASE-15_0/bin/dataserver -sDBSVR, the Sybase database service is running.
l Perform the following operations to start the Sybase database service in the HA system:
a. Log in to the active site as the ossuser user. Run the following command to switch
to the root user.
$ su - root
b. Run the following commands to query Veritas resource names:

# haconf -makerw
# hares -list

Information similar to the following is displayed in a Solaris high availability

system:
DataFilesystem Primary
NMSServer Primary
RVGPrimary Primary
datarvg Primary
wac Primary
Information similar to the following is displayed in a PC Linux high availability

system:
APPBOND Primaster
NMSServer Primary
RVGPrimary Primary
datarvg Primary
mountRes Primary
wac Primary
c. Run the hagrp -autoenable AppService -sys hostname command to set the
AppService group to autoenable. Run the hares -modify resource name Enabled
1 command to change the status of all Veritas resources to Enabled. Use the
resource names displayed in the previous command output as an example. Run the
following commands to change the status of all the Veritas resources to Enabled:
For example, execute the following commands in a Solaris high availability system:
# hares -modify DataFilesystem Enabled 1
For example, execute the following commands in a PC Linux high availability

system:
# hagrp -autoenable AppService -sys hostname
# hares -modify APPBOND Enabled 1
# hares -modify mountRes Enabled 1
NOTE
hostname specifies the server name. You can run the hostname command to view the server
name.
d. Run the following command to start the Sybase database service:
NOTE
hostname specifies the server name. You can run the hostname command to view the server
name.
----End

A.9.1.3 How to Verify That the Sybase Database Is Running
Question
How do I verify that the Sybase database is running?
Answer
Step 1 Log in to the OS as user ossuser.
Step 2 Enter the CLI and run the following commands to check the Sybase process status:
# su - dbuser
$ ./showserver

dataserver -ONLINE:1,0,0x6505fd2a, 10000000000, 0x18fc
backupserver -SDBSVR_back -e/opt/sybase/ASE-15_0/install
NOTE
l when NMS is not installed: If the displayed information contains /opt/sybase/ASE-15_0/bin/

backupserver -SDBSVR_back, and /opt/sybase/ASE-15_0/bin/dataserver -sDBSVR, the Sybase
database has been started.
l when NMS is installed: If the displayed information contains /opt/sybase/ASE-15_0/bin/
dataserver -ONLINE, /opt/sybase/ASE-15_0/bin/backupserver -SDBSVR_back, and /opt/
sybase/ASE-15_0/bin/dataserver -sDBSVR, the Sybase database has been started.
----End
A.9.2 Sybase Database Maintenance

This topic describes the FAQs about the Sybase database maintenance.
A.9.2.1 How to Check the Sybase Database Version
Question
How do I perform the required check on the Sybase database version to see if it is correct
after the Sybase database is installed?
Answer
Step 1 Log in to the OS as user dbuser.
NOTE
l To switch to the dbuser user, run the su - dbuser command.

l After the U2000 is installed, the password for the dbuser user is Changeme_123. For system
security, modify the default password and remember the new password. For detail, see A.2.1 How
Do I Change the OS User Password?.
Step 2 Run the following commands:

NOTE

Step 3 Run the following commands to check the Sybase database version:
1> use master
2> go
1> select @@version
2> go
NOTE
There must be a space between select and @ in the select @@version command.
In Solaris OS, a message similar to the following will be displayed:

-----------------------
Adaptive Server Enterprise/15.7/EBF 27346 SMP SP138 /P/Sun_svr4/OS 5.10/ase157s

p138x/4002/64-bit/FBO/Mon Aug 29 09:09:29
2016
(1 row affected)
1>
The preceding message indicates that Sybase database version is SYBASE 15.7.
NOTE
EBF 27346 indicates the latest Sybase patch. The earlier Sybase patches are not displayed.
In SUSE Linux OS, a message similar to the following will be displayed:

-----------------------
Adaptive Server Enterprise/15.7/EBF 27353 SMP SP138 /P/x86_64/Enterprise Linux/

ase157sp138x/4002/64-bit/FBO/Mon Aug 29 20:46:15
2016
(1 row affected)
The preceding message indicates that Sybase database version is SYBASE 15.7.
NOTE
EBF 27353 indicates the latest Sybase patch. The earlier Sybase patches are not displayed.
----End
A.9.2.2 How to View the Server Name of the Sybase Database
Question
How do I view the server name of the Sybase database?

Answer
NOTE

Step 2 Run the following command to view the server name of the Sybase database:
$ more /opt/sybase/interfaces

DBSVR
master tcp ether 10.71.225.89 4100
query tcp ether 10.71.225.89 4100
query tcp ether 10.71.225.89 4100
query tcp ether 127.0.0.1 4100
DBSVR_back
query tcp ether 10.71.225.89 4200
query tcp ether 10.71.225.89 4200
query tcp ether 127.0.0.1 4200
----End
A.9.2.3 How to Change the sa User Password for the Sybase Database If the
U2000 Is Not Installed
Question
How to change the sa user password for the Sybase database if the U2000 is not installed?
Answer
NOTE


NOTE
Step 3 Run the following commands to change the sa user password for the Sybase database:

1> sp_password "old password","new password"
2> go
NOTICE
characters.
l Leave a space between sp_password and old password.
l The "new password" and "old password" must be marked with double quotation marks
during password modification.
Information similar to the following will be displayed:

Setting password succeeded.
(return status=0)
1>
Step 4 Run the quit command to exit.
----End
A.9.2.4 How to Change the Database Administrator Password for the Sybase
Database If the U2000 Is Installed
Question
How to change the database administrator user password for the Sybase database if the U2000
is installed?

NOTICE
l In the high availability system (Veritas hot standby), change the password of the
administrator of the database only on the MSuite server at the primary site. The passwords
of the administrator of the databases at both the primary and secondary sites are changed.
l After the U2000 is installed, using the MSuite to change the password of the database
administrator is recommended. Do not manually change the password. Otherwise, the
U2000 may fail to be started properly. If the password of the database administrator is
changed manually, you must use the MSuite to change the password again to ensure the
normal operation of the U2000.
Answer
Log in to the single system as user ossuser and run the following commands to end the
U2000 processes:
$ ./stopnms.sh
Use the PuTTY to log in to the primary site OS by means of SSH as the root user.
NOTE
Right-click in the blank area of the desktop and choose Open Terminal from the shortcut
menu to open the CLI, run the following command.
NOTE
NOTE

...
...

NOTE
started.
# su - ossuser
$ ./startserver.sh
Step 5 Enter the old password, new password and confirm password.
NOTE
l The initial password is Changeme_123. To enhance system security, you need to regularly update
the password and keep it well.
– The password contains a minimum of eight characters and a maximum of 30 characters.
Other special characters are not supported. Do not include other special characters, such
as ()|<>&`!$\"%'=;,space in passwords.
– The password must be different from the user name or the user name in reverse order and
cannot contain the complete user name (case-insensitive).
l If the Change Password dialog box is displayed, click OK.

NOTE
If the following information is displayed, the password of the database administrator has been changed
successfully.
After changing the password of the database administrator, start U2000 server processes.
----End
A.9.2.5 How to View the Bit Number of the Sybase Database
Question
How do I view the bit number of the Sybase database?

Answer
NOTE


NOTE

Step 3 Run the following commands to view the bit number of the Sybase database:
1> select @@version
2> go
NOTE
There must be a space between select and @ in the select @@version command.
The following message will be displayed on the Solaris OS:
Adaptive Server Enterprise/15.7/EBF 27346 SMP SP139 /P/Sun_svr4/OS 5.10/

ase157sp138x/4040/64-bit/FBO/Tue Aug 8 00:13:51
2017
(1 row affected)
1>
The following message will be displayed on the SUSE Linux OS:
Adaptive Server Enterprise/15.7/EBF 27353 SMP SP139 /P/x86_64/Enterprise Linux/

ase157sp138x/4041/64-bit/FBO/Tue Aug 8 05:53:20
2017
(1 row affected)
64-bit indicates the bit number of the Sybase database.
----End
A.9.2.6 How to View the Details of the Sybase Database
Question
How do I view the details about the Sybase database during routine maintenance?

Answer
NOTE

Step 2 Run the following commands to view the details of all databases:
NOTE

1> sp_helpdb
2> go
The information about the Sybase database will be displayed, including the name, size, owner,
and status.
Step 3 Run the following commands to view the details of a specific database:
1> sp_helpdb database_name
2> go
NOTE
In the sp_helpdb database_name command, database_name is the name of the Sybase database.
Database space used can also be viewed.
----End
A.9.2.7 How to View Data Tables
Question
How do I view the details of data tables of the Sybase database during routine maintenance?
Answer
NOTE

Step 2 Run the following commands to view all data tables of the database.

NOTE

1>use <dbname>
2>go
1>sp_help
2>go
The data of all data tables in the specified database will be displayed, including name, owner,
and type.
Step 3 To view details about a data table, run the following commands:
1>sp_help <tablename>
2>go
Structure information about the data table is displayed. Ensure that the operations are
performed in the current database. Otherwise, a message is displayed indicating that the data
table is not found.
----End
A.9.2.8 How to Query a Database Table if Only Part of the Table Name Is
Remembered
Question
How do I query a database table if I cannot remember the complete name of a database table?
Answer
NOTE

Step 2 Run the following commands to view the details of all databases:
NOTE

Step 3 Assume that abc is included in a database table name. Run the following SQL commands to
query the database table after opening the database view:

1> select name from sysobjects where name like "%abc%"
2> go
All database table names containing abc will be displayed in a list.
----End
A.9.2.9 How to Identify Database Errors Caused by Unexpected Powering-Off of

the Workstation
Question
How do I identify database errors caused by unexpected powering-off of the workstation?
Answer
Step 2 Run the following commands to identify the database error:
# ps -ef | grep dataserver
NOTE
l If /opt/sybase/ASE*/bin/dataserver is displayed, the database server is running. In this

case, skip the step for manually starting the database server, and check whether the database server
malfunctions based on startup information.
l When only a line of grep dataserver is displayed, the database server is not running. In this
case, run the following commands to start the database server manually:
# su - dbuser
$ ./startserver -f ./RUN_DBSVR
$ ./startserver -f ./RUN_DBSVR_back
Step 3 Run the following commands to check whether the database server malfunctions by viewing
the Database server name.log file:
$ tail -100 DBSVR.log
NOTE
l Run the tail -100 DBSVR.log command to view the latest 100 records in the log file. You can adjust
the number of records to be displayed.
l Check whether error or other error symbols are contained in the file. For example, error 926, a
common error, is displayed:
Error: 926, Severity: 14, State: 1 00:00000:00001:2002/05/31
09:26:26.65 server Database 'FaultDB' cannot be opened.
If the preceding message is displayed, the database server FaultDB is faulty.
Step 4 Run the following commands to check whether the database connection is available if the
preceding errors are not displayed:

NOTE

The 1> prompt is displayed. If the 1> prompt is not displayed, verify that the database server
is running and the password of the database administrator is correct.
Run the following commands to check whether the database is offline:
1>sp_helpdb
2>go
If the system does not prompt any error, the U2000 database works properly. In this case, start
the U2000 again.
NOTE
l If the NMS of Chinese edition is installed, illegible characters may be displayed when you log in to
the system by using the remote terminal login tool (CLI-based). Then, set the encoding scheme of
the remote terminal login tool to UTF-8.
l If the remote terminal login tool does not support the function of setting the encoding scheme, log in
to the system through the GUI.
Step 5 If the system prompts an error, check for database errors according to the error code and
rectify the error. The following uses the FaultDB database as an example to describe how to
rectify error 926.
1>sp_configure "allow updates", 1
2>go
1>update sysdatabases set status =-32768 where name="FaultDB"
2>go
1>shutdown with nowait
2>go
Restart the Sybase database service and register with the Sybase database as the database
administrator.
1>update sysdatabases set status=0 where name="FaultDB"
2>go
1>sp_configure "allow updates", 0
2>go
1>shutdown with nowait
2>go
Check whether the U2000 database works properly. If the database error persists, contact
Huawei technical support engineers.
----End

A.9.2.10 How to Expand Space for the master Database
Question
How do I expand space for the master database when it is full?
Answer
running:
Database Service.
Database Service.

NOTE

Step 2 Run the sp_helpdevice command to check the space of the master database.
Step 3 Run the following commands to increase space for the master database if the available space
of the database device is sufficient:
NOTE

1>alter database master on master=18
2>go
Step 4 Run the following commands to back up the master database if the available space of the
database device is insufficient:

NOTE

1>dump database master to '/opt/sybase/master.dump'
2>go
Step 5 Run the following commands to clear logs in the master database:
$ clear master log
1>dump tran master with truncate_only
2>go
Step 6 Run the following commands to restart the master database:

1>shutdown SYB_BACKUP
2>go
1>shutdown
2>go
Step 7 Optional: In the HA system, run the hagrp -unfreeze AppService command to unfreeze the
AppService resource group.
----End
A.9.2.11 How to Set Up More User Connections to a Database
Question
How do I set up more user connections to a database?
Answer
Step 1 Run the following commands to add the following content at the end of the /etc/system file:
# vi /etc/system
set rlim_fd_max = 4096 (set the maximum number of process file descriptors)
set rlim_fd_cur = 2048 (set the current number of process file descriptors)
Step 2 Restart the system and run the following command to verify that the modification has taken
effect:
$ sysdef | grep "file descriptors"
The following message will be displayed. The first hexadecimal number indicates the current
value and the one indicates the maximum value.
0x0000000000000800:0x0000000000001000 file descriptors
Step 3 Run the following commands to set the maximum number of user connections:

1>sp_configure 'number of user connections ',1024
2>go
----End
A.9.2.12 How to Check for Database Errors Using the dbcc Tool
Question
How do I check for database errors using the dbcc tool?
Answer
NOTE

Step 2 Run the following commands to view the database error information:
NOTE

1>dbcc checkdb(database name)

2>go
The system will display information about all database tables and database errors.
The following uses FaultDB as an example.
1>dbcc checkdb(FaultDB)
2>go
Checking FaultDB
Checking sysobjects
The total number of data pages in this table is 6.
Table has 104 data rows.
......
DBCC execution completed. If DBCC printed error messages, contact a user with
System Administrator (sa) role.
Step 3 Run the following commands to view the information about the database table error:
1>use (database name)
2>go
1>dbcc checktable(table name)

2>go
The system will display the check results and the error information about the database table.
Step 4 Run the following commands to restore the database index:
1>dbcc reindex(table name)
2>go
All indexes of the database are automatically recreated.
Step 5 Run the quit command to exit the isql program.
NOTE
By default, the database service at the secondary site is not running.
----End
A.9.2.13 How to Set the Network Transport Parameters of Databases
Question
How do I set the network transport parameters of databases?
Answer
Step 1 In Solaris 10, the network transmission parameters of databases are set incorrectly if you set
Transport type to tli tcp when installing Sybase 12.5 manually or after you change the
database transmission type to tli tcp in the /opt/sybase/interfaces file.
In Solaris10, set Transport type to tcp while installing Sybase12.5. Perform the following
operations to correct parameter values if the parameters are set incorrectly.
Step 2 Log in to the server as user root. Open the terminal window and run the following commands:
# . /opt/sybase/SYBASE.sh
# dsedit
Step 3 In the dialog box as shown in Figure A-23, click OK.
Figure A-23 Selecting the service path

Step 4 In the dialog box as shown in Figure A-24, select DBSVR and click Modify Server entry.
Figure A-24 Selecting the database service
Step 5 In the dialog box as shown in Figure A-25, select available network transport settings, and
click Modify network transport.
Figure A-25 Selecting available network transport settings
Step 6 In the dialog box as shown in Figure A-26, select tcp from the Transport type drop-down
list.

Figure A-26 Modifying the transport type
Step 7 Click OK in turn. The dialog box as shown in Figure A-24 is displayed.
Step 8 Repeat Step 4 to Step 6 and set Transport type of the DBSVR_back database to tcp.
Step 9 Save the settings and close all the windows.
Step 10 Restart the Sybase database to make the settings take effect.
NOTE
Before the operation, run the ps -ef|grep sybase command to check whether the Sybase service is
running. If the Sybase service is running, stop it and restart it. If the Sybase service is not running,
restart it.
----End
A.9.2.14 How to Delete a Suspect Database
Question
How do I delete a suspect database?
Answer
Step 1 A suspect database cannot be deleted by the drop database DBname command. Run the
dbcc dbrepair(DBname, dropdb) command in the isql command mode to delete the
database. Replace DBname with the name of the actual suspect database. If the suspect
database still cannot be deleted, change the database status to 320 and run the dbcc
dbrepair(DBname, dropdb) command.
For example, if you cannot delete the suspect database iMapAlarmDB by running the dbcc
dbrepair(iMapAlarmDB, dropdb) command, perform the following steps.
Step 2 Change the status of the iMapAlarmDB database to 320. Log in to the database as the
database administrator and run the following commands:
1>sp_configure 'allow update', 1
2>go
1>update master..sysdatabases set status = -32768 where name = iMapAlarmDB '

2>go
1>shutdown
2>go
Step 3 Restart the database server, log in to the system as ossuser user, and run the following
commands:
# su - dbuser
Step 4 Log in to the database as the database administrator and run the following commands:
1>sp_configure 'allow update', 1
2>go
1>update master..sysdatabases set status = 320 where name = ' iMapAlarmDB '
2>go
1>select * from master..sysdatabases where name=" iMapAlarmDB "
2>go

name dbid suid status version logptr
crdate dumptrdate status2
audflags deftabaud defvwaud defpraud def_remote_type
def_remote_loc
status3 status4
----------- -----------
iMapAlarmDB 7 3 320 1 52602
02/01/14 02/02/07 48
0 0 0 0 NULL
NULL 0 0
(1 row affected)
Step 5 Run the following commands to shut down the database:

1>shutdown
2>go
Step 6 Restart the database server, log in to the system as user root, and run the following
commands:

# su - dbuser
NOTE
Restart the database after changing the database status.
----End
A.9.2.15 How to Delete a Damaged User Database
Question
How do I delete a damaged database that cannot be deleted by the drop database command?
Answer
For example, delete database pbus2.
Step 1 In the isql command mode, register with the SQL server as the database administrator.
Step 2 Run the following commands to allow for modifying the system tables:
1>sp_configure "allow updates",1
2>go
Step 3 Run the following commands to set the to-be-deleted user database to the suspect state.
1>use master
2>go
1>begin tran
2>go
1>update sysdatabases set status=256
2>where name="pubs2"
3>go
If 1 row affected is displayed, run the following commands:
1>commit
2>go
If 1 row affected is not displayed, run the following commands:
1>rollback
2>go

Step 4 Restart the database server and register as the database administartor by running the isql
command.
Step 5 Run the following commands to delete the database:
1>dbcc dbrepair(pubs2,dropdb)
2>go
Step 6 Run the following commands to allow for modifying the system tables:
1>sp_configure "allow updates",0
2>go
----End
A.9.2.16 How to Delete a Database from the Sybase Database
Question
How do I delete a database from the Sybase database?
Answer
NOTE

Step 2 Run the following commands to gain access to the database:

NOTE
In the preceding command, -SDBSVR indicates that the database instance name is DBSVR.
Step 3 Run the following isql command:

1> drop database database name
2> sp_dropdevice database name+data
3> sp_dropdevice database name+log
For example:
1> drop database VpnDB
2> sp_dropdevice VpnDBdata
3> sp_dropdevice VpnDBlog
Run the following command to exit the isql program:

4> quit
Step 4 In the /opt/Sybase/data directory, delete the ([database name]_dev).dat file and the
([database name]+log_dev).dat file, such as the VpnDB_dev.dat file and the
VpnDBlog_dev.dat file.
----End
A.9.2.17 How to View the Deadlock Information in the Database
Question
How do I view the deadlock information in the Sybase database when errors occur?
Answer
Step 1 Log in to the database server as user dbuser.
NOTE


NOTE

1>sp_lock
2>go
fid
spidloid locktype table_id page
row dbname class context ------ ------
----------- ---------------------------- ----------- -----------
------ --------------- ------------------------------
---------------------------- 0 10 20 Sh_intent
464004684 0 0 master
Non Cursor Lock (1 row affected) (return status = 0)
NOTE
In the preceding information, Non Cursor Lock indicates that no deadlock occurs. The database
name is master; the process ID of the locked table is spid=10; the locked table ID is
table_id=464004684.
For further information, perform the following operations:
1>dbcc traceon(3604)
2>go

After the dbcc command is executed, contact the system administrator if any error
information is displayed.
1>use master
2>go
1>select object_name(464004684)
2>go
------------------------------ spt_values
(1 row affected)
1>dbcc sqltext(10)
2>go
After the dbcc command is executed, contact the system administrator if any error
information is displayed.
NOTE
The previous commands are used to view the sessions of table_id=464004684 and spid=10.
----End
A.9.2.18 How to Create a Replacement User for the Sybase Database

Administrator sa User
This topic describes how to disable the Sybase database administrator (sa user by default) and
create a replacement user for the database administrator. Disabling the default database
administrator reduces potential security risks.
Prerequisites
l The database administrator sa has exited from the connection.
l The MSuite is stopped. For details about how to end processes on the MSuite server, see
How to End Processes on the How to End Processes on the MSuite Server.
l The U2000 is stopped. For details about how to check whether the U2000 is stopped, see
Stopping the U2000 Server Processes.
l The database is started. For details about how to check whether the database is started,
see Starting the Database.
Context
l To reduce the probability of security threats, you can disable the database administrator,
create a new database user to replace the database administrator, and assign the new user
with the same permissions as the database administrator.
l You can only manually disable the sa user and create a replacement user for the sa user
only after the U2000 is installed or upgraded.
l In a high availability system, you need to perform the following operations on both the
primary and secondary sites. Before the operations are performed, ensure that the
primary and secondary sites are separated.

Procedure
Step 1 Log in to the server as the ossuser user.
Step 2 Perform the following operations to disable the sa user and create a new user to replace the sa
user.
1. Run the following commands to disable the sa user and create a new administrator:
$ cd /opt/oss/engr/engineering/tool/modifyDBAUser/
$ ./modifyDBAUser.sh
NOTE
The /opt/oss directory is the U2000 installation directory.
Please enter old database administrator account:
2. Enter the database administrator user name sa as prompted.

Please enter password of old database administrator account:
3. Enter the password of the sa user as prompted.

NOTE
The default password of the sa user is Changeme_123.
Please enter new database administrator account:
4. Enter the name of the new administrator as prompted, such as dbadmin.

NOTE
– The dbadmin user is used as an example of the new administrator of the database. The
administrator name can be customized as required. The customized user name must start with
a letter and can contain lower-case letters, digits, and special character _. The length of the
customized user name must be less than 17 characters.
– If the created user dbadmin already exists, this command assigns permissions to the new
database administrator. If the new password is different from the old password, the user
password is reset.
Please enter password of new database administrator account:
Please confirm password of new database administrator account:
5. Enter the password of the new administrator as prompted.

NOTE
The password of the new user must comply with the following requirements. To enhance system
security, you need to regularly update the password and keep it well.
The following is displayed:
Warning: After this operation is successfully performed, the current database
administrator account fails.

6. Input yes.
If the following information is displayed, the replacement user for the sa user is created
successfully.
The command is executed successfully.
Success to modify dba user.
NOTE
If the information Success to modify dba user. is displayed, the automatic database growth parameter
is set successfully.
----End
Result
Check whether the replacement user for the sa user is successful.
1. Log in to the server as the dbuser user.
2. In the CLI, run the following commands to check whether the sa user is disabled.

Password:
Enter the password of the sa user.

If information similar to the following is displayed, the sa user is disabled.
CT-LIBRARY error:
ct_connect(): protocol specific layer: external error: The attempt to
connect to the server failed.
3. In the CLI, run the following commands to check whether the dbadmin user is created
successfully:
$ ./isql -SDBSVR -Udbadmin
If information similar to the following is displayed, enter the password of the dbadmin
user.
Password:
If the database can be connected properly, the dbadmin user is created successfully.
Follow-up Procedure
If the database administrator sa needs to be restored, refer to the preceding operations to
disable the existing database administrator and use the sa user as the new database
administrator.
NOTICE
l Enter the existing database administrator name (such as dbadmin) and password and then
the database administrator name sa and the password to be restored.
l The password of the database administrator sa to be restored is the one that is not disabled.
The password cannot be set randomly.

A.10 MSuite
This topic covers FAQs about the NMS maintenance suite.
A.10.1 How to Verify That The Process of the MSuite Server Is

Started
Question
Login to the NMS maintenance suite client is allowed only when the process of the NMS
maintenance suite server is running. How do I verify that process of the NMS maintenance
suite server is running?
Answer
l Log in to the Windows OS as the administrator user, check whether the msdaemon.exe
and msserver.exe processes are started in the Task Manager window. If you can find
the two processes in the process list, the MSuite server is running.
l In Solaris or SUSE Linux OS, run the following command as user ossuser to verify that
the MSuite server is running:
The MSuite server is running if /opt/oss/OSSJRE/jre_sol/bin/java -server or /opt/oss/
OSSJRE/jre_linux/bin/java -server is displayed.
A.10.2 How to Start the Process of the MSuite Server
Question
Generally, the process of the NMS maintenance suite server is started with the OS startup.
How do I start the process of the NMS maintenance suite server?
Answer
In the high availability system, the MSuite server process must be started on both the primary
the two processes in the process list, the MSuite server is running. If the two processes
do not exist in the process list, the MSuite server is not running. In this case, perform the
following operations to start the MSuite server:
Go to the D:\oss\engr\engineering path, and double-click the startserver.bat file.


OSSJRE/jre_linux/bin/java -server is displayed. Run the following commands to start
the MSuite server if it is not running:

$ ./startserver.sh
----End
A.10.3 How to End Processes on the MSuite Server

Question
How do I end processes on the NMS maintenance suite server?
Answer
l On Windows OS, Go to the D:\oss\engr\engineering path, double-click the
stopserver.bat file, and end the MSuite server process.
l On Solaris or SUSE Linux OS, run the following commands as the ossuser user:
$ ./stopserver.sh
A.10.4 How to Start the MSuite Client

Question
How do I start the NMS maintenance suite client?
Answer
It must meet the following requirements for starting the NMS maintenance suite client:
l The MSuite server must be started.
l Port 12212 on the MSuite server is enabled.
l The MSuite client and the server communicate with each other properly.
l The MSuite server process is started on both the primary and secondary sites during
some operations in the high availability system, and the MSuite client can properly
communicate with the MSuite server on both the primary and secondary sites.
1. Ensure that the MSuite server has been started.
In Windows 2008 OS. Log in to the Windows OS as the administrator user, check
whether the msdaemon.exe and msserver.exe processes are started in the Task
Manager window. If you can find the two processes in the process list, the MSuite
server is running.If the two processes do not exist in the process list, the MSuite server is
not running. In this case, perform the following operations to start the MSuite server:
In Solaris OS, run the following command as user root to verify that the MSuite server is
running:
The MSuite server is running if /opt/oss/OSSJRE/jre_sol/bin/java -server is displayed.

Switch to the ossuser user and run the following commands to start the MSuite server if
it is not running:
# su - ossuser
$ ./startserver.sh
In SUSE Linux OS, run the following command as user root to verify that the MSuite
server is running:

The MSuite server is running if /opt/oss/OSSJRE/jre_linux/bin/java -server is

displayed. Switch to the ossuser user and run the following commands to start the
MSuite server if it is not running:
# su - ossuser
$ ./startserver.sh
2. On a computer where the MSuite client is installed, double-click the U2000 NMS
Maintenance Suite shortcut icon on the desktop and then wait about one minute. The
Login dialog box is displayed.
NOTE
l In Solaris or SUSE Linux OS, log in to the Java desktop system as user ossuser. Otherwise,
the U2000 NMS Maintenance Suite shortcut icon is not displayed on the desktop. To start the
MSuite Client by running commands, log in to the OS as user ossuser through VNC.
$ ./startclient.sh
l If a dialog box showing The client and server versions are different. Upgrade the client
using the CAU. is displayed, the method of upgrading the U2000 client by using the CAU is
as follow:
1. Install the U2000 client software in network mode: Enter https://server's IP address/cau/
(recommended for higher security) or http://server's IP address/cau/ in the address box of
the Internet Explorer, and press Enter to access the Web installation page. For details, see
Installing a U2000 Client in CAU ModeInstalling a U2000 Client in CAU Mode in the
U2000 Client Software Installation Guide.
2. If you upgrade the U2000 client software using the CAU, the MSuite client is also
upgraded.
3. Set the login parameters.
– IP Address:
n To log in to the local MSuite server, use the default IP address 127.0.0.1.
n To log in to the remote MSuite server, enter the IP address of the computer
where the MSuite server is installed. If multiple IP addresses are configured
for the computer, use the NMS application IP address.
NOTE
The Login dialog box of the MSuite client has the function to keep the login list. Selecting
an IP address from the IP Address drop-down list is recommended. If the desired IP address
is not displayed in the drop-down list, enter an IP address.
– Port: The default port ID is 12212. There is no need to change the default value
during login but ensure that the port is not occupied.
– User Name: The default user name is admin.
– Password: The initial password of the admin user is Changeme_123. The
password must be changed during the first login to ensure system security. Keep the
password confidential and change it regularly.
4. Click Login.
NOTE
l When you log in to the MSuite client, a progress bar is displayed showing the progress of Refresh
Deployment Information. Wait until the operation is complete.
l The MSuite works in single-user mode. Specifically, only one MSuite client can log in to the
MSuite at one time.

A.10.5 Starting the Process of the MSuite Server

This topic describes how to start the process of the MSuite server.
Context
Generally, the process of the MSuite server is not started with the OS startup. If the process is
not started, perform the following operations to start it.In the high availability system, the
MSuite server process must be started on both the primary and secondary sites.
Procedure

$ ./startserver.sh
----End
A.10.6 How to Resolve the Problem of Failing to Log In to a

MSuite Client

N Problem Description Troubleshooting Method

o
.
1 After a user enters correct 1. Log in to the server as the root user.
parameter values and 2. Check that the MSuite server has been started.
clicks Login in the login
window of a MSuite l Log in to the Windows OS as the administrator user,
client, a message check whether the msdaemon.exe and msserver.exe
indicating a failure to processes are started in the Task Manager window.
connect to the MSuite If you can find the two processes in the process list,
server is displayed. the MSuite server is running. If the two processes do
not exist in the process list, the MSuite server is not
running. In this case, perform the following
operations to start the MSuite server:
Go to the D:\oss\engr\engineering path, and
double-click the startserver.bat file.
l On the Solaris or SUSE Linux OS, run the following
command as user root to verify that the MSuite
server is running:
The MSuite server is running if /opt/oss/OSSJRE/
jre_sol/bin/java -server or /opt/oss/OSSJRE/
jre_linux/bin/java -server is displayed. Run the
following commands to start the MSuite server if it
is not running:
# su - ossuser
$ ./startserver.sh
3. If the login fails again, run the ping server IP address

command to check the network communication.
Ensure that the network communication is normal.
4. If the login fails again, replace SSL certificates for the
U2000 server and client. For details, see C.8.2
Replacing SSL Certificates Used for the U2000
Server.

N Problem Description Troubleshooting Method

o
.
2 A user logs in to the 1. Check that startclient.sh is run in the /opt/oss/client/

server as the ossuser user engineering directory.
using the GUI. The 2. If the Login dialog box is still not displayed, check that
Login dialog box for a the owner of the startclient.sh file in the /opt/oss/
MSuite client, however, client/engineering directory is ossuser.
is not displayed on the
server. a. Run the following commands to check the owner of
the startclient.sh file:
$ ls -al
If the command output contains -rwxr-x--- 1
ossuser ossgroup 6355 2? 1? 16:57 startclient.sh,
the owner of the startclient.sh file is ossuser and
the group is ossgroup.
If the owner of the startclient.sh file is root, run the
following commands as the root user to change the
owner to ossuser:
$ su - root
# cd /opt/oss/client/engineering
# chown ossuser startclient.sh
NOTE
Do not run the startclient.sh file in the /opt/oss/client/
engineering directory as the root user.
A.11 U2000 System

This topic covers FAQs about the U2000 system.
A.11.1 How to Change the System Time and Time Zone of the
Single-Server System on Windows
Question
How do I change the system time and time zone of the single-server system on Windows?
NOTICE
When the U2000 services are running, do not change the system time.
Answer
Step 1 Stop the U2000 processes and the SQL Server database. Please see A.11.8 How to End the
Processes of the U2000 Single-Server System on Windows and A.8.3 How to Shut Down
the SQL Server Database.

Step 2 Open the Control Panel window. Click the Clock, Language, and Region. Then, click the
Date and Time.
Step 3 In the dialog box that is displayed, click the Date and Time tab. Click the Change date and
time to set the current system date and time. Click OK. Click the Change time zone tab and
select the required time zone from the related drop-down list. Click OK.
Step 4 Click OK.
Step 5 If the time zone is changed, you need to restart the OS to make the modifications take effect.
Restart the OS according to the displayed prompt.
NOTE
l The U2000 system will start while the OS started.

l The OS does not need to be restarted if only the time is changed. It needs to be restarted if the time
zone is changed.
Step 6 If only the time is changed, start the U2000 system. For details, see 2 Starting the U2000
System.
----End
Single-Server System (Solaris)
Question
How do I change the system time and time zone of the single-server system (Solaris)?
Answer
$ ./stopnms.sh
Step 3 Run the following commands to end database processes.

# su - dbuser
NOTE

Step 5 On the MSuite client, choose Deploy > Change Time Zone. The Modify System Time Zone
Step 6 Set the time zone and system time according to the local time zone and standard time.

NOTE
Perform desired operations according to on-site conditions:
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is a
correct local time, no modification is required.
l In New Time Zone, if the value of Time Zone is a local time zone and the value of Time is not a
correct local time, correct Time in Current Time Zone. No other modification is required.
l In New Time Zone, if the value of Time Zone is not a local time zone, change it to a local time
zone. The Time below the Time Zone will be changed automatically. If the automatically changed
time is a correct local time, no other modification is required. Otherwise, adjust the value of Time in
Current Time Zone until the value of Time in New Time Zone is a correct local time.
Step 7 Click OK.
l The OS does not need to be restarted if only the time is changed. It needs to be restarted
if the time zone is changed.
l On Solaris or SUSE Linux, if the time zone is changed and after the OS is restarted, the
time is adjusted according to the new time zone.
System.
----End
A.11.3 How to Modify the Time and Time Zone on the SUSE
Linux Single-Server System
Question
How do I modify the time and time zone on the SUSE Linux single-server system?

Answer
Step 1 Log in to the server as the ossuser user.
Step 2 Open the CLI. Run the following command to shut down the U2000:
$ ./stopnms.sh
Step 3 Run the following command to shut down the database:

# su - dbuser
NOTE

Step 4 After the database is shut down, start an NMS Maintenance Suite client.
NOTE
Step 7 Click OK.


NOTE

zone is changed.
l On Solaris or SUSE Linux, if the time zone is changed and after the OS is restarted, the time is
adjusted according to the new time zone.
# shutdown -r now
System.
----End
High Availability System (Solaris, SUSE Linux)
Question
How do I change the system time and time zone of the High Availability System (Solaris,
SUSE Linux)?
Answer
Step 1 Log in to the primary site as user root. Open a terminal window and run the following
command to shut down the high availability system:
NOTE
# hagrp -offline AppService -sys host name of active site
For example, if the host name of the primary site is Primaster, run the following command.
# hagrp -offline AppService -sys Primaster
Step 2 Log in to the NMS Maintenance Suite client.

NOTE
The IP address entered during login is the system IP address of the primary site.

NOTE
Step 5 Click OK.
NOTE

zone is changed.
l The OS does not need to be restarted if only the time is changed. Run the following
commands to start the U2000 server:
# hagrp -online AppService -sys host name of active site
For example, if the host name of the primary site is Primaster, run the # hagrp -online
AppService -sys Primaster command.
l Run the following commands to restart the OS if the time zone is changed.
Solaris OS:
SUSE Linux OS:

# shutdown -r now
Step 7 Log in to the NMS Maintenance Suite client.

NOTE
The IP address entered during login is the system IP address of the secondary site.
NOTE
Step 10 Click OK.
NOTE

zone is changed.
Solaris OS:
SUSE Linux OS:

# shutdown -r now

System.
----End
A.11.5 How to Determine Whether an Installed SUSE Linux

System is a Local or Remote High Availability System
Question
How do I determine whether an installed SUSE Linux system is a local or remote high
availability system?
Answer
Step 1 Log in to the SUSE Linux high availability system on the primary or secondary site as the
root user.
NOTE
Step 2 Run the following command to view the high availability system type on the current server:
# cat /var/ICMR/sles10sp4_sign_file.inf

installtype=3
hatype=2
NOTE
l If the command output contains installtype=1, the system is a single-server system. If the command
output contains installtype=3, the system is a high availability system.
l If the command output contains hatype=1, the system is a local availability system. If the command
output contains hatype=2, the system is a remote system.
For example, if the command output contains installtype=3 and hatype=2, the system is a remote high
availability system.
----End
A.11.6 How to Verify That the Processes of the U2000 Single-

Server System Are Running on Windows
Question
How do I verify that the processes of the U2000 single-server system are running on
Windows?
Answer
Step 2 View the startup information about the U2000 server processes.


19,252 K
19,812 K
39,720 K
14,216 K
25,024 K
36,628 K
21,216 K
11,140 K
92,424 K
16,476 K
NOTE
30,392 K
21,404 K
42,116 K
11,676 K
28,184 K
39,632 K
NOTE

----End
A.11.7 How to Start the Processes of the U2000 Single-Server

System on Windows
Question
How do I start the processes of the U2000 single-server system (Windows)?

Answer
Step 2 If the database does not automatically start along with the OS, run the following command to
manually start it.
Choose Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL
Server Configuration Manager > SQL Server Services, right-click SQL Server
(MSSQLSERVER) and choose Start to start the database. If the database has started, skip
this step.
Step 3 Perform the following operations to ensure that the U2000 server processes have been started.
19,252 K
19,812 K
39,720 K
14,216 K
25,024 K
36,628 K
21,216 K
11,140 K
92,424 K
16,476 K
NOTE
30,392 K
21,404 K
42,116 K
11,676 K
28,184 K
39,632 K

NOTE

----End
A.11.8 How to End the Processes of the U2000 Single-Server

System on Windows
Question
How do I end the processes of the U2000 single-server system on Windows?
NOTICE
You can stop all the services of the NMS, including the system monitoring process.
If you use the Stop All NMS Services function of the System Monitor, the system monitoring
process is not ended. Do not use this method if perform operations for shutting down the
NMS that are associated with the database.
Answer
Step 1 Exit all the U2000 clients.

1. Right click Start > Run. The Run window will be displayed.
3. In the CLI, run the daem_ps command to check whether the U2000 process is stopped.
– If no command output is displayed, the U2000 process has stopped.
– If information similar to the following is displayed, the U2000 process is not
stopped. In the CLI, run the D:\oss\server\platform\bin\stopnms.bat command to
stop the U2000 process.
19,252 K
19,812 K
39,720 K
14,216 K
25,024 K
36,628 K
21,216 K
11,140 K
92,424 K


16,476 K
NOTE
n If information similar to the following is displayed, the U2000 process is not stopped.
Switch to the administrator and run the D:\oss\server\platform\bin\stopnms.bat command
to stop the U2000 process.
imapmrb.exe 11116 Services
0 30,392 K
imapeventmgr.exe 11164 Services
0 21,404 K
imapsysd.exe 10236 Services
0 42,116 K
imapwatchdog.exe 8584 Services
0 11,676 K
ResourceMonitor.exe 26056 Services
0 28,184 K
imap_sysmonitor.exe 13168 Services
0 39,632 K
n Stopping the U2000 process takes about 3 minutes.
----End

Server System Are Running on Solaris
Question
How do I verify that the processes of the U2000 single-server system are running on Solaris?
Answer
Step 1 Log in to the server as user ossuser.

$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE
To start the U2000 if it is not running, run the following commands:

$ ./startnms.sh
----End


System on Solaris
Question
How do I start the processes of the U2000 single-server system on Solaris?
Answer

$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE

$ ./startnms.sh
----End

System on (Solaris)
Question
How do I end the processes of the U2000 single-server system on (Solaris)?
Answer

To check the running status of U2000 processes, run the following command:
$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb


NOTE
If the U2000 is still running, run the following commands to stop it:
$ ./stopnms.sh
----End

Server System Are Running on SUSE Linux
Question
How do I verify that the processes of the U2000 single-server system are running on SUSE
Linux?
Answer
Step 2 Check the U2000 processes.

$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE
----End

System on SUSE Linux
Question
How do I start the processes of the U2000 single-server system on SUSE Linux?

Answer
$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE

$ ./startnms.sh
----End

System on (SUSE Linux)
Question
How do I end the processes of the U2000 single-server system on (SUSE Linux)?
Answer
$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE

$ ./stopnms.sh
----End
A.11.15 How to Check Whether the U2000 Processes of the High

Availability System (Solaris, PC Linux) Are Started
Question
How to check whether the U2000 processes of the high availability system (Solaris, PC
Linux) are started?
Answer
Step 1 Log in to the OS of the active site as the ossuser user.
Step 2 Check the U2000 processes.

$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE
imapsysd -cmd start, imapeventmgr, imap_sysmonitor -cmd start, ResourceMonitor -cmd start.
----End
A.11.16 How to Start the U2000 Processes of the High Availability

System (Solaris, PC Linux)
Question
How do I start the U2000 processes of the high availability system (Solaris, PC Linux)?
Answer
Step 1 Use the PuTTY to log in to the primary site OS by means of SSH as the ossuser user. Run the
following command to switch to the root user.
$ su - root
Step 2 Right-click in the blank area of the desktop and choose Open Terminal from the shortcut
# hares -online NMSServer -sys hostname
----End

A.11.17 How to End the U2000 Processes of the High Availability

System (Solaris, PC Linux)
Question
How do I end the U2000 processes of the high availability system (Solaris, PC Linux)?
Answer
Step 1 Use the PuTTY to log in to the primary site OS by means of SSH as the ossuser user. Run the
following command to switch to the root user.
$ su - root
----End
A.11.18 What Factors Affect the Response Speed of the NMS
Question
What factors affect the response speed of the NMS?
Answer
Step 1 Number of gateway NEs and number of NEs managed by a gateway NE.
Step 2 Status of the communication between the NMS and gateway NEs.
Step 3 Scale of ECC subnetworks.
Step 4 Hardware configurations of the U2000 server.
Step 5 Management capability of the U2000 server.
----End
A.11.19 How to Resolve the Problem Wherein Illegible Characters

Occur in the NMS Window
Question
How do I resolve the problem that illegible characters occur in the NMS window?
Answer
Step 1 The possible causes are as follows:
l Illegible characters may occur when multiple NMSs of different languages manage the
same NE.

l If the character set is modified by means of commands on the NE side, illegible

characters may occur when you query the information about the NE on the NMS.
l If the character set is configured after the NE is upgraded, illegible characters may occur
when you query the information about the NE on the NMS.
In any of the preceding cases, the problem can be resolved after you restore the original
character set.
----End
A.11.20 How Do I Install a Domain Component Incrementally
Question
When installing the U2000, I uploaded the software package of a single domain and selected
only one domain component (for example, the transport domain). If I need another domain
component later, for example, the IP domain, how do I install it incrementally?
NOTE
The core network component can be incrementally installed only on Solaris OS.
Answer
Step 1 Optional: In a high availability system, you must separate the primary site from the
secondary site. For details, see C.6.2 Separating the Primary Site from the Secondary Site.
NOTICE
In an HA system, steps 2 to 15 must be performed on the primary and secondary sites
separately after separated the primary site from the secondary site. When the primary site is
being monitored, first perform steps 2 to 15 on the secondary site and then on the primary
site. Then connect the primary and secondary sites by referring to C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites. After the primary and secondary
sites have been connected, perform the following steps based on the actual HA environment.

l In Solaris/SUSE Linux OS, log in to the GUI of the OS as the root user.
NOTE
If the security hardening policy has been enabled in the system, log in to the OS as ossuser and
run the su root command to switch to the root user, enter the password according to prompts.
Otherwise, the GUI for deploying is unavailable.
l In Windows OS, log in to the OS as the administrator user.
Step 3 Verify that the following paths have sufficient remaining space.
l On Solaris or SUSE Linux, verify that the following paths have sufficient remaining
space.

NOTE
– You can run the df -hk command to view the remaining space. For example, to view the
remaining space of the /opt/oss path, run the df -hk /opt/oss command.
– Installing domains incrementally does not affect the current management scale. That is, if the
management scale is medium during U2000 installation, the management scale is still medium
after incremental domain installation.
Table A-11 Space requirement for Solaris or SUSE Linux

Directory Small- Common- Medium- Large- Super-
Scale Scale Scale Scale Large-
Network Network Network Network Scale
(Less (500-2000 (2000 to (6000 to network
Than 500 equivalent 6000 15000
Equivalen NEs) Equivalen Equivalen
t NEs) t NEs) t NEs)
/opt/oss – Transpor – Transpor – Transpor – Transpor – Transpor

t t t t t
domain: domain: domain: domain: domain:
1.5 GB 1.5 GB 1.5 GB 1.5 GB 1.5 GB
– Access – Access – Access – Access – Access
1.0 GB 1.0 GB 1.0 GB 1.0 GB 1.0 GB
– IP – IP – IP – IP – IP
0.8 GB 0.8 GB 0.8 GB 0.8 GB 0.8 GB
/opt/ – Transpor – Transpor – Transpor – Transpor – Transpor

sybase/ t t t t t
data domain: domain: domain: domain: domain:
7.6 GB 7.6 GB 10.8 GB 35.0 GB 35.0 GB
– Access – Access – Access – Access – Access
7.4 GB 7.4 GB 13.0 GB 43.0 GB 43.0 GB
– IP – IP – IP – IP – IP
14.5 GB 14.5 GB 23.0 GB 54.0 GB 54.0 GB
l On Windows, verify that the following paths have sufficient remaining space.

Table A-12 Space requirement for Windows

Directory Small-Scale Common-Scale Medium-Scale
Network Network Network
(Less Than 500 (500-2000 (2000 to 6000
Equivalent NEs) equivalent NEs) Equivalent NEs)
Database file path – Transport – Transport – Transport

(For example, D: domain: 7.6 GB domain: 7.6 GB domain: 10.8
\data) – Access domain: – Access domain: GB
7.4 GB 7.4 GB – Access domain:
– IP domain: 14.5 – IP domain: 14.5 13.0 GB
GB GB – IP domain: 23.0
GB
NMS installation – Transport – Transport – Transport

path (For example, domain: 1.5 GB domain: 1.5 GB domain: 1.5 GB
d:\oss) – Access domain: – Access domain: – Access domain:
1.0 GB 1.0 GB 1.0 GB
– IP domain: 0.8 – IP domain: 0.8 – IP domain: 0.8
GB GB GB
Step 4 Upload the software package for which a domain needs to be added and the corresponding
digital signature ZIP package to the U2000 server.
l For Solaris or SUSE Linux:
NOTICE
The software package and the corresponding digital signature ZIP package must be
stored in the /opt/install directory or its sub-directory. Otherwise, the software package
will fail to be verified.
a. Upload the software package and the corresponding digital signature ZIP package
to the /opt/install directory or its sub-directory.
n If security hardening is not performed on the OS, upload the software package
and the corresponding digital signature ZIP package to the /opt/install
directory or its sub-directory on the server as the root user.
n If security hardening is performed on the OS, FTP/SFTP rights of root will be
disabled. In this case, you need to upload files to the backup directory in the
FTP root directory as the ftpuser user (the FTP root directory of ftpuser
is /opt/backup/ftpboot). And then the software packages and mapping
digital signature files must be moved to the directory of /opt/install or its
sub-directory. For example,
# cd /opt/backup/ftpboot/ftproot
# mv U2000version_server_nmsip_sles_x64* /opt/install/
b. Modify the owner and permission of the installation directory, software package
and the corresponding digital signature file.
n If the upload directory is /opt/install, run the following commands:

# chmod 700 /opt/install

# chown ossuser:ossgroup /opt/install
# chown ossuser:ossgroup /opt/install/Package Name
# chmod 400 /opt/install/Package Name
# chown ossuser:ossgroup /opt/install/xxx_signature.zip
# chmod 400 /opt/install/xxx_signature.zip
n If the upload directory is a subdirectory of /opt/install, for example, /opt/

install/a, run the following commands:
# chown ossuser:ossgroup /opt/install
# chmod 700 /opt/install/a
# chown ossuser:ossgroup /opt/install/a
# chown ossuser:ossgroup /opt/install/a/Package Name
# chmod 400 /opt/install/a/Package Name
# chown ossuser:ossgroup /opt/install/a/xxx_signature.zip
# chmod 400 /opt/install/a/xxx_signature.zip
l For Windows OS, upload the software package to U2000 installation directory, for
example: D:\oss.
Step 5 The NMS processes are ended. Perform the following operations to end the NMS processes if
they are running:
l For the Single-Server System (Windows), see A.11.8 How to End the Processes of the
U2000 Single-Server System on Windows.
l For the Single-Server System (Solaris), see A.11.11 How to End the Processes of the
U2000 Single-Server System on (Solaris).
l For the Single-Server System (SUSE Linux), see A.11.14 How to End the Processes of
the U2000 Single-Server System on (SUSE Linux).
l For the High Availability System (Solaris/SUSE Linux), see A.11.17 How to End the
U2000 Processes of the High Availability System (Solaris, PC Linux).
Step 6 Verify that the database is running. The database is running. Perform the following operations
to start the database if it is not running:
l For the Single-Server System (Windows), see 2.1.2 Starting the Database.
l For the Single-Server System (Solaris), see 2.2.2 Starting the Database.
l For the Single-Server System (SUSE Linux), see 2.3.2 Starting the Database.
l For the High Availability System (Solaris/SUSE Linux), see 2.4.2 Starting the
Database.
Step 8 In MSuite client, choose Deploy > Deploy. The Deploy dialog box is displayed.
NOTE
l In the Deploy dialog box, if some domains are gray, the domains have been deployed.
l Cannot deploy the xxxx domain, because the installation package of this domain has not been
correctly or fully decompressed. displays in the Deploy dialog box, click Incremental Install to
install it incrementally. See A.11.20 How Do I Install a Domain Component Incrementally.
Step 9 Click Incremental Install. Please input software package name, for example,
U2000version_server_nmsaccess_sles_x64.7z,
U2000version_server_nmsaccess_solaris_SPARC.7z or
U2000version_server_nmsaccess_win32_x86.7z.
Step 10 Click OK.
Step 11 If a message is displayed indicating the software package verification success, click OK. Wait
until the space size of the U2000 directory and database directory is checked.

NOTE
If a warning message The system time is earlier than the signature package generation time. The
verification cannot be performed. Ensure that the system time is later than the signature package
generation time. The signature package generation time is Oct 23, 2017 4:36:37 PM. is displayed,
change the system time by referring to C.4.1 Setting the System Time and Time Zone.
Step 12 Select a domain and click OK. A dialog box is displayed showing the deployment progress.
The time required for the installation depends on the number of domains to be deployed and
the configurations of the server. Wait patiently.
Step 13 If the "The XXX domain has been deployed. Restart the NMS" message is displayed, the
domain has been successfully deployed.
NOTICE
During the waiting period, do not start or stop the U2000 server processes. Otherwise, domain
deployment fails.
Step 14 Click OK. The MSuite automatically refreshes U2000 data.
Step 15 Restart the U2000.

You can do as follows to restart NMS processes:
1. Stop the U2000. For details, see Stopping the U2000 Server Processes of the chapter
Shutting Down the U2000 Server in 3 Shutting Down a U2000.
2. start the U2000. For details, see Starting the U2000 Server Processes of the chapter
Starting the U2000 Server in 2 Starting the U2000 System.
Step 16 Uninstall all U2000 clients installed in network mode (CAU mode) and then reinstall U2000
clients in network mode (CAU mode). For details about how to install a U2000 client, see the
section "Installing the U2000 Client in Network Mode" in the U2000 Client Software
Installation Guide.
Step 17 If a patch has been installed on the U2000 before incremental deployment is performed, the
newly added component of the patch does not take effect. After incremental deployment is
performed, you need to re-install the patch. For details about patch installation, see
corresponding patch installation guides.
Use the following methods to view patch information:
l On Windows:
In the oss\server\patch folder, In the command output, the file name indicates the patch
name and the time information indicates the time the patch is installed.
l On Solaris or SUSE Linux:
$ cd /opt/oss/server/patch
$ ls -ls
In the command output, the file name indicates the patch name and the time information
indicates the time the patch is installed.
Step 18 Delete the software package for which a domain needs to be added and the corresponding
digital signature ZIP package.
l For Solaris or SUSE Linux, run the following commands as root user.
– If the upload directory is /opt/install, run the following commands:


# chown root:root /opt/install
# rm -rf /opt/install/Package Name
# rm -rf /opt/install/xxx_signature.zip
– If the upload directory is a subdirectory of /opt/install, for example, /opt/install/a,

run the following commands:
# chown root:root /opt/install
# rm -rf /opt/install/a
l For Windows OS, go to the directory storing software packages and delete the
corresponding software and signature file. If a subdirectory exists, delete it.
----End
A.11.21 How to Rectify the U2000 Startup Failure After the IP

Address or Host Name of the Single-Server System (Solaris) Is
Changed Manually
Question
If the IP address or host name of the Single-Server System (Solaris) is changed not by
following steps described in 12.1.3 How to Change the IP Address and Host Name for the
Single-Server System (Solaris) but in manual mode, the U2000 fails to start. How do I
rectify this fault?
Answer
NOTE
Step 2 Change the IP address recorded in the Sybase database.

Run the vi command to modify the interfaces configuration file and change the IP address to
the new IP address.
# su - dbuser
$ vi /opt/sybase/interfaces
Step 3 Restart the Sybase database.

1. To stop the database service manually, run the following commands:
NOTE

2> go
1> shutdown
2> go
2. To start the Sybase database, run the following commands:



Run the following command to check whether the Sybase database is started:
$ ./showserver
If the displayed message contains /opt/sybase/ASE-15_0/bin/dataserver

-sDBSVR and /opt/sybase/ASE-15_0/bin/backupserver -
SDBSVR_back, the database is already started.
Step 4 Synchronize network configurations by using the MSuite.

1. Log in to the MSuite client. For detail, see C.2.2 Logging In to the MSuite Client.
2. On the MSuite client, click the Server tab.
3. Right-click the server whose network configurations need to be synchronized and choose
Synchronize Network Configuration from the shortcut menu. A dialog box is
displayed for you to confirm the operation.
4. Click OK. A progress bar showing the synchronization progress is displayed.
5. When the system displays the message "Synchronize network configuration success",
click OK.
----End
A.11.22 How to View the U2000 and Sybase Database Installation

Paths
Question
How do I view the U2000 and Sybase database installation paths?
Answer
Generally, the U2000 installation path is /opt/oss and the Sybase database installation path
is /opt/sybase.
To view the installation paths, perform the following steps:

NOTE
Step 2 Check the ICMR_conf.xml configuration file to confirm the installation paths.
Run the following commands to check the ICMR_conf.xml configuration file:
# cd /etc/ICMR
# more ICMR_conf.xml
<CONFIGITEMS>
<SYBASEUSERNAME>dbuser</SYBASEUSERNAME>
<DBDEVICEPATH>/opt/sybase/data</DBDEVICEPATH>
<IFCONFIGSYSNET>no</IFCONFIGSYSNET>
<INSTALLTYPE>1</INSTALLTYPE>

<SYBASEDBSERVERNAME>DBSVR</SYBASEDBSERVERNAME>
<LANG>C</LANG>
<DEBUGLEVEL>9</DEBUGLEVEL>
<SYBASEBACKUPSERVERPORT>4200</SYBASEBACKUPSERVERPORT>
<DATABASEINSTALLPATH>/opt/sybase</DATABASEINSTALLPATH>
<SYBASEBACKUPSERVERNAME>DBSVR_back</SYBASEBACKUPSERVERNAME>
<REUSEDB>no</REUSEDB>
<NMSINSTALLPATH>/opt/oss</NMSINSTALLPATH>
<FINISHTASKLIST>tasks::installtype_request,tasks::instSybase_request,tasks::
instNMS_request,tasks::single_network_request,tasks::modify_sys_paras,tasks::ena
ble_multipath,tasks::mirrorDisk,tasks::mount_array_disks,tasks::install_sybase,t
asks::build_server</FINISHTASKLIST>
<NETCONFIGFILE>/etc/ICMR/netCfg/OS/os_net_config.cfg</NETCONFIGFILE>
<SYBASEGROUPNAME>dbgroup</SYBASEGROUPNAME>
<SYBASEDBSERVERPORT>4100</SYBASEDBSERVERPORT>
Confirm the installation paths according to the preceding message:

l The Sybase database installation path is /opt/sybase if
<DATABASEINSTALLPATH>/opt/sybase</DATABASEINSTALLPATH> is
displayed.
l The U2000 installation path is /opt/oss if <NMSINSTALLPATH>/opt/oss</
NMSINSTALLPATH> is displayed.
----End
A.11.23 How to View Network Configurations for the Primary

Site or Secondary Site Installed with a HA System (Solaris)
Question
How do I view network configurations for the primary site or secondary site installed with a
high availability (HA) system?
Answer
NOTE
The following uses viewing configurations for the primary site as an example. Viewing configurations for the
secondary site is similar to that for the primary site.
Step 1 Log in to the OS of the primary site as user root.

NOTE
Step 2 View the vcs_net_config.cfg file. Saving this file to a local disk is recommended.
Run the following commands to view the vcs_net_config.cfg file:
# cd /etc/ICMR/netCfg/VCS/
# more vcs_net_config.cfg

...
#The following are meanings of configuration item

ClearFlag=yes
SystemIP=10.78.218.52
SystemHostname=primary
SystemNetmask=255.255.255.0

SystemNic=bge0
SystemRouter=10.78.218.1
...
HBCFG=no
HBIP=10.78.218.52
HBHostname=primary
HBNetmask=255.255.255.0
...
# To use another NIC to back up PHBNic, configure the following parameters.
HBIsIPMP=no
HBStandbyNic=
HBStandbyIP=
HBStandbyNetmask=255.255.255.0
HBStandbyHostname=HBSlave
#VVR network configure, support the IPMP

VVRCFG=no
VVRIP=
VVRHostname=VVRService
VVRNetmask=255.255.255.0
VVRMasterNic=
VVRMasterIP=
VVRMasterHostname=VVRMaster
VVRMasterNetmask=255.255.255.0

VVRIsIPMP=
VVRStandbyNic=
VVRStandbyIP=
VVRStandbyHostname=VVRSlave
VVRStandbyNetmask=255.255.255.0
#APP network configure, support the IPMP

APPCfg=yes
APPIP=10.78.218.52
APPHostname=primary
APPNetmask=255.255.255.0
APPMasterNic=bge0
APPMasterIP=
APPMasterHostname=APPMaster
APPMasterNetmask=255.255.255.0
# To use anther NIC to back up the HBNic, configure the following
parameters.
APPIsIPMP=no
APPStandbyNic=
APPStandbyIP=
APPStandbyNetmask=255.255.255.0
APPStandbyHostname=APPSlave
The preceding information shows the system IP address, the host name, the subnet mask, the
default route, and the relationships between the system IP address and the heartbeat network,
replication network, and NMS application network. Details are as follows:
l SystemIP=10.78.218.52: The system IP address is 10.78.218.52.
l SystemHostname=primary: The system host name is primary.
l HBCFG=no: The system IP address is used as the heartbeat IP address (there is no need
to set a heartbeat IP address).
l HBIsIPMP=no: IPMP is not configured for the heartbeat IP address.

l VVRCFG=no: The heartbeat IP address is used as the replication IP address (there is no

need to set a replication IP address).
l APPCfg=yes: The application IP address needs to be set.
Step 3 Run the following command to view and record routing information:
# netstat -rn

Routing Table: IPv4
-------------------- -------------------- ----- ----- ---------- ---------
default 10.78.218.1 UG 1 129077
10.78.218.0 10.78.218.52 U 1 1776 bge0
224.0.0.0 10.78.218.52 U 1 0 bge0
127.0.0.1 127.0.0.1 UH 12 1243318 lo0
----End
A.11.24 How to View Network Configurations for the Primary

Site or Secondary Site Installed with a HA System (SUSE Linux)
Question
How do I view network configurations for the primary site or secondary site installed with a
high availability (HA) system?
Answer
NOTE
The following uses viewing configurations for the primary site as an example. Viewing configurations for the
secondary site is similar to that for the primary site.
Step 1 Log in to the OS of the primary site as user root.

NOTE
Step 2 View the vcs_net_config.cfg file. Saving this file to a local disk is recommended.
Run the following commands to view the vcs_net_config.cfg file:
# cd /etc/ICMR/netCfg/VCS/
# more vcs_net_config.cfg

...
#The following are config item meannings

ClearFlag=yes
SystemIP=10.9.1.1
SystemHostname=Primary
SystemNetmask=255.255.255.0
SystemNic=eth0
SystemRouter=10.9.1.254
SystemMAC=34:40:b5:b1:11:08
...
HBCFG=yes
HBIP=10.168.10.10

HBNic=eth1
HBHostname=Primary
HBNetmask=255.255.255.0
HBMAC=34:40:b5:b1:11:0a
...
HBIsIPMP=yes
HBStandbyNic=eth2
HBStandbyIP=10.9.1.2
HBStandbyNetmask=255.255.255.0
HBStandbyHostname=HBSlave
HBStandbyMAC=90:e2:ba:17:94:84
HBBondName=bond1
#VVR network configure, support the ipmp

VVRCFG=yes
VVRIP=10.168.10.10
VVRNic=eth1
VVRHostname=VVRService
VVRNetmask=255.255.255.0
VVRMAC=34:40:b5:b1:11:0a
VVRMasterNic=eth1
VVRMasterIP=10.168.10.10
VVRMasterHostname=VVRMaster
VVRMasterNetmask=255.255.255.0
VVRMasterMAC=34:40:b5:b1:11:0a
VVRMasterRouter=

VVRIsIPMP=yes
VVRStandbyNic=eth2
VVRStandbyIP=10.168.10.11
VVRStandbyHostname=VVRSlave
VVRStandbyNetmask=255.255.255.0
VVRStandbyMAC=90:e2:ba:17:94:84
VVRBondName=bond1
#APP network configure, support the ipmp
APPCfg=yes
APPIP=10.9.1.1
APPNic=eth0
APPHostname=Primary
APPNetmask=255.255.255.0
APPMAC=34:40:b5:b1:11:08
APPMasterNic=eth0
APPRouter=
APPMasterIP=10.9.1.1
APPMasterHostname=APPMaster
APPMasterNetmask=255.255.255.0
APPMasterMAC=34:40:b5:b1:11:08
# To use anther NIC to back up the HBNic, configure the following parameters.
APPIsIPMP=yes
APPStandbyNic=eth0
APPStandbyIP=10.9.1.2
APPStandbyNetmask=255.255.255.0
APPStandbyHostname=APPSlave
APPStandbyMAC=90:e2:ba:17:94:85
APPBondName=bond0
FLOATAPPIP=10.9.1.3
FLOATIP=10.9.1.3
FLOATHostname=null
FLOATNetmask=255.255.255.0

FLOATMasterNic=34:40:b5:b1:11:08
...
The preceding information shows the system IP address, the host name, the subnet mask, the
default route, and the relationships between the system IP address and the heartbeat network,
replication network, and NMS application network. Details are as follows:
l SystemIP=10.9.1.1: The system IP address is 10.9.1.1.
l SystemHostname=Primary: The system host name is Primary.
l HBCFG=yes: It needs to set a heartbeat IP address. The heartbeat IP address is
10.168.10.10.
l VVRCFG=yes: It needs to set a replication IP address. The replication IP address is
10.168.10.10. The replication IP address is used as the heartbeat IP address.
l VVRBondName=bond1: The bone name of the replication bond solution is bond1.
l APPCfg=yes: The application IP address needs to be set. The application IP address is
10.9.1.1. The application IP address is used as the system IP address (It needs to set an
application IP address). The application IP address is used as the system IP address.
l APPBondName=bond0: The bone name of the application bond solution is bond0.
Step 3 Run the following command to view and record routing information:
# netstat -rn

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.9.1.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
10.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 bond1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.9.1.1 255.255.255.0 UG 0 0 0 bond0
0.0.0.0 10.168.10.1 255.255.255.0 UG 0 0 0 bond1
----End
A.11.25 How to Reinstalling the U2000 on or Migrating the U2000

to Another Computer
Question
In the U2000 single-server system, the U2000 may need to be reinstalled on or migrated to
another computer from the currently running U2000 server for some reasons, such as a fault
on the original U2000 or hardware replacement. This topic describes how to reinstall or
migrate the U2000.

Answer
NOTICE
l Reinstalling the U2000 may interrupt the U2000 services and management. Therefore, you
need to ensure that networks are not affected due to the shutdown of the U2000.
l Reinstalling or migrating the U2000 may cause data loss of some configurations. Thus, re-
configuration is required.
l NE login conflicts may occur during the U2000 migration if the current U2000 is not
stopped.
Step 1 Back up the license file. If the machine has been replaced, the license must be applied for
again. This is because the license is associated with the MAC address of the NIC. For details
about how to apply for a license, see U2000 License User Guide.
Step 2 Back up the U2000 database to a specified position. Note that the database data cannot be
deleted after the U2000 is reinstalled.
NOTE
Before backing up the SQL Server database, see A.8.6 How to Check Whether the SQL Server
Database Can Be Sorted in Binary Mode to check whether the collation sort order of the old SQL
Server database is in binary mode.
Step 3 Manually record other information about the U2000. Some data, such as the IP address, host
name, commonly used items, and NBIs, is not backed up during U2000 database backup.
l Perform the following operations to view commonly used system items:
a. Log in to a U2000 Client.
b. Choose File > Preferences from the main menu. The Preferences dialog box is
displayed.
c. Manually record configurations of the commonly used system items. Back up the
snapshots of the configurations.
l Perform the following operations to configure NBIs:
a. Open the Internet Explorer. Enter the IP address of the NBI Maintenance Tool
server in the address field. The NBI Maintenance Tool Login dialog box is
displayed.
NOTE
Enter the IP address of the server, for example, https://127.0.0.1:13231. The four octets
127.0.0.1 is the access address of the local server computer in integrated system or the NM
server computer in distributed system, The 13231 is the port number.
b. Choose the NBIs from the navigation tree on the left.
c. Manually record configurations about all NBI instances. Back up the snapshots of
the configurations.
Step 4 Refer to the installation guide to reinstall the U2000. Before reinstalling the U2000, ensure
that the U2000 version (including the patch version), and database version are the same as
those of the old U2000.
Step 5 Restore U2000 database data. For details, see C.12 Managing Databases.

Step 6 Refer to Step 3 to restore the U2000 configurations and commonly used system items. If NBIs
are available, reconfigure the NBIs.
----End
A.11.26 How to Replace Network Interfaces for a U2000 Single-

Server System (Windows 2008)
Question
If a failed network interface needs to be replaced on the U2000 single-server system
(Windows 2008), how should I operate to ensure that the U2000 works properly after the
network interface is replaced?
Answer
NOTE


NOTICE

value during login.
NOTE
Database.
3. Restart the OS.
----End

Server System (Solaris)
Question
If a failed network interface needs to be replaced on the U2000 single-server system (Solaris/
SUSE Linux), how should I operate to ensure that the U2000 works properly after the
Answer
Step 1 On the PC or laptop, use the remote GUI login software (such as VNC) to log in to the OS
GUI desktop as the ossuser user. For details, see Configure the VNC service as the ossuser
user.
NOTE
Use the default password Changeme_123 of the ossuser user.
menu to open the CLI.
$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb


NOTE
The process is stopped if the displayed information is empty.For the high availability system (Solaris),
you can still view information about the imapwatchdog and ResourceMonitor processes after the
U2000 is stopped. This is because the two processes are used to monitor high availability system alarms
and will be automatically enabled after the U2000 is stopped.
$ ./stopnms.sh
Step 4 Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE

l The process is stopped if the displayed information is empty.
l For the high availability system (Solaris), you can still view information about the imapwatchdog
used to monitor high availability system alarms and will be automatically enabled after the U2000 is
stopped.

install/RUN_DBSVR
...
NOTE

$ su - dbuser
$ exit

NOTE
l Enter the dbuser user password as prompted. The default password is Changeme_123. For system
security, modify the default password and remember the new password. For details, see A.2.1 How
interfaces command.
Step 6 Perform the following operations to commission system parameters:

1. Double-click the U2000 MSuite icon on the desktop. Wait about 1 minute. The Login
2. Set login paremeters.
– IP address: Use the default value 127.0.0.1.
– Port : Use the default value 12212.
– User name: Use the default value admin.
– Password: Use the default value Changeme_123.
3. Click Login.
NOTE
– When accessing Client of NMS maintenance suite, a progress indicating the progress of
querying components and instances is displayed. Wait patiently.
– NMS maintenance suite is in single-user mode. Only one Client of NMS maintenance suite
can perform login at a time.
Step 7 Perform the following operations to implement system commissioning:

1. Choose Tools > Commissioning Tool from the MSuite client main menu to access the
Information dialog box.
2. Read the information carefully and click Start to access the system commissioning
window.
Step 8 Re-configure network interface by choose a new network interface for the commissioning
item Set Network in the commissioning wizard.
NOTICE
Ensure that the current network interface and the new network interface you choose are both
normal and available.
Replacing the network interface relates only to Set Network. Ensure that the current
parameter value of the other commissioning items are unchanged.
Step 9 Run the following commands as the ossuser user to end the server process of the MSuite.
$ ./stopserver.sh
Step 10 Run the following command to disable the Sybase database service, see 3.3.2 Shutting Down
the Database.

Step 11 Switch to the root user, and run the following commands to restart the OS:
$ su - root
----End

Server System (SUSE Linux)
Question
If a failed network interface needs to be replaced on the U2000 single-server system (SUSE
Linux), how should I operate to ensure that the U2000 works properly after the network
interface is replaced?
Answer
Step 1 On the PC or laptop, use the PuTTY to enable the VNC service for the ossuser user. Log in to
the SUSE Linux GUI desktop as the ossuser user. For details, see Configure the VNC
service as the ossuser user.
Step 2 Right-click the blank area of the desktop and choose Open Terminal from the shortcut menu
to open the CLI.
$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb
NOTE
$ ./stopnms.sh


install/RUN_DBSVR


...
NOTE

$ su - dbuser
$ exit
NOTE
l Enter the dbuser user password as prompted. The default password is Changeme_123. For system
security, modify the default password and remember the new password. For details, see A.2.1 How
interfaces command.
Step 5 Perform the following operations to log in to the MSuite client:

2. Set the login parameters.
– IP Address: Use the default value 127.0.0.1.
– Port: Use the default value 12212.
– User Name: Use the default value admin.
– Password: The initial password of the admin user is Changeme_123. The
password must be changed during the first login to ensure system security. Keep the
password confidential and change it regularly.
3. Click Login.
NOTE
– When you log in to the MSuite client, a progress bar is displayed showing the progress of
Refresh Deployment Information. Wait until the operation is complete.
– The MSuite works in single-user mode. Specifically, only one MSuite client can log in to the
MSuite at one time.

window.

NOTICE
$ ./stopserver.sh
Step 9 Shut down the database. For details, see 3.4.2 Shutting Down the Database.
Step 10 Run the following commands to restart the OS as the root user to make the modification take
effect:
# shutdown -r now
----End
A.11.29 How to Replace Network Interfaces for a U2000 High

Question
If a failed network interface needs to be replaced on the U2000 high availability system
(Solaris), how should I operate to ensure that the U2000 works properly after the network
interface is replaced?
NOTICE
Before the operations mentioned in this topic are performed, separate the primary site from
the secondary site. For details, see C.6.2 Separating the Primary Site from the Secondary
Site.
Answer
Step 1 On the PC or laptop, use the remote GUI login software (such as VNC) to log in to the OS
GUI desktop as the root user. For details, see Configure the VNC service as the root user.
Step 2 Check the status of all resources. Ensure that the NMSServer resource is in the offline state
and other resources are in the online state.


online state.
NOTE
$ daem_ps
NOTE

l The process is stopped if the displayed information is empty.
l For the high availability system (Solaris), you can still view information about the imapwatchdog
used to monitor high availability system alarms and will be automatically enabled after the U2000 is
stopped.
Step 4 Perform the following operations to commission system parameters:

1. On the PC or laptop, use the remote GUI login software to log in to the U2000 OS server
as the ossuser user. For details, see Configure the VNC service as the ossuser user.
2. Double-click the U2000 MSuite icon on the desktop. Wait about 1 minute. The Login
3. Set login paremeters.
– IP address: Use the default value 127.0.0.1.
– Port number: Use the default value 12212.
– User name: Use the default value admin.
– Password: Use the default value Changeme_123.
4. Click Login.
NOTE
– When accessing Client of NMS maintenance suite, a progress indicating the progress of
querying components and instances is displayed. Wait patiently.
– NMS maintenance suite is in single-user mode. Only one Client of NMS maintenance suite
can perform login at a time.


window.
NOTICE
$ ./stopserver.sh
Step 8 Run the following command to disable the Sybase database service, see 3.5.2 Shutting Down
the Database.
Step 9 To stop the VCS service, see 3.5.3 Stopping the VCS Service.
Step 10 Switch to the root user, and run the following commands to restart the OS:
$ su - root
----End
A.11.30 How to Replace Network Interfaces for a U2000 High

Availability System (SUSE Linux)
Question
If a failed network interface needs to be replaced on the U2000 high availability system
(SUSE Linux), how should I operate to ensure that the U2000 works properly after the
NOTICE
Before the operations mentioned in this topic are performed, separate the primary site from
the secondary site. For details, see C.6.2 Separating the Primary Site from the Secondary
Site.

Answer
Step 1 On the PC or laptop, use the PuTTY to enable the VNC service for the root user. Log in to the
SUSE Linux GUI desktop as the root user. For details, see Configure the VNC service as
the root user.
Step 2 Check the status of all resources. Ensure that the NMSServer resource is in the offline state
and other resources are in the online state.

online state.
NOTE


# su - ossuser
$ daem_ps
NOTE
Step 4 Perform the following operations to log in to the MSuite client:

2. Click Login.
NOTE
– When you log in to the MSuite client, a progress bar is displayed showing the progress of
Refresh Deployment Information. Wait until the operation is complete.
– The MSuite works in single-user mode. Specifically, only one MSuite client can log in to the
MSuite at one time.


window.
NOTICE
$ ./stopserver.sh
Step 8 Shut down the database. For details, see 3.6.2 Shutting Down the Database.
Step 9 To stop the VCS service, see 3.6.3 Stopping the VCS Service.
Step 10 Run the following commands to restart the OS as the root user to make the modification take
effect:
# hastart -onenode
# shutdown -r now
----End
A.11.31 How to Set the Communication Mode on the U2000 server

for the Single-Server System (Windows)
Question
The U2000 server and client can communicate with each other in common or Security Socket
Layer (SSL) mode. How to set the common or SSL mode?
Answer
Step 1 Log in to the OS on the U2000 server as an administrator and do as follows to query the
communication mode in use:
Choose Start > Run. In the Run dialog box, enter cmd to open the command line interface
(CLI). Enter ssl_adm -cmd query to query the communication mode that the U2000 server is
using.
Step 2 Stop U2000 processes.

In the U2000 software installation path, for example, D:\oss\server\platform\bin, run the
stopnms.bat file to stop U2000 processes.

Step 3 Set the communication mode for the U2000 server and client.
Choose Start > Run. In the Run dialog box, enter cmd to open the CLI. Enter ssl_adm -cmd
setmode mode parameter and set the communication mode for the U2000 server and client.
NOTE
The available options for mode parameter are common, ssl, and both.
l common: common mode. If mode parameter is set to common, the U2000 server and client can
communicate only in common mode, and http protocol must be used to download the U2000 client
in CAU mode.
l ssl: security mode. If mode parameter is set to ssl, the U2000 server and client can communicate
only in security mode, and https protocol must be used to download the U2000 client in CAU
mode. The security mode is recommended to ensure security for communication between the
U2000 server and client.
l both: indicates that the U2000 server and client can communicate with each other in either
common or SSL mode.
If the following information is displayed, the communication mode of the server has been set
successfully.
Operation succeeded. Please restart all services for the settings to take effect.
Step 4 If you need to install the client in CAU mode after the server communication mode is set, you
must perform the following operations as the administrator user:
In the U2000 software installation path, for example, D:\oss\cau\bin, run the cau.bat file to
update the CAU. If the following information is displayed, the operation has been set
successfully.
CAU is now updating resource, please wait...
Script is executed successfully.
Step 5 Start U2000 processes.

In the U2000 software installation path, for example, D:\oss\server\platform\bin, run the
startnms.bat file to start U2000 processes.If information similar to the following is
displayed, the database has to be started. For details, see 2.1.2 Starting the Database. Then,
----End

for the Single-Server System (Solaris)
Question
Answer
Step 1 Log in to the OS on the U2000 server as ossuser user and do as follows to query the
$ ssl_adm -cmd query
Step 2 Run the following command to stop U2000 processes.

$ cd
/opt/oss/server/platform/bin

$ ./stopnms.sh
$ ssl_adm -cmd setmode mode parameter
NOTE
in CAU mode.
common or SSL mode.
If the following message is displayed, the operation is successful.

NOTE
You can ignore messages displayed before this message because they do not affect the operation result.
must perform the following operations as the ossuser user:
$ cd /opt/oss/cau/bin
$ bash cau.sh
Step 5 Run the following command to start U2000 processes.

$ cd
$ ./startnms.sh
----End

for the Single-Server System (SUSE Linux)
Question
Answer
Step 1 Log in to the OS on the U2000 server as ossuser user and do as follows to query the
Step 2 Run the following command to stop U2000 processes.

$ ./stopnms.sh

NOTE
in CAU mode.
common or SSL mode.
If the following message is displayed, the operation is successful.

NOTE
You can ignore messages displayed before this message because they do not affect the operation result.
$ bash cau.sh
Step 5 Run the following command to start U2000 processes.

$ cd
$ ./startnms.sh
----End
A.11.34 How to Set the Communication Mode of the Server in a

High Availability System (Solaris, SUSE Linux)
Question
The server in a high availability system (Solaris, SUSE Linux) has two communication
modes, namely, common and Security Socket Layer (SSL). How to set the common or SSL
mode?
NOTICE
If the primary and secondary sites have been connected to each other, change the
communication mode on the primary site and perform a primary/secondary switchover. Then
the communication mode used on the primary site will be synchronized to the secondary site.
If the primary and secondary sites have not been connected to each other, change the
communication mode on them separately.
Answer
Step 1 Log in to the OS as the ossuser user and run the following commands to query the

Step 2 Stop U2000 processes.

1. Run the following command to stop the U2000 server processes.
NOTE
2. Ensure that the U2000 is not running.
a. Run the following command to change to ossuser user.
# su - ossuser
b. Run the following command to check the running status of the U2000 process:
$ daem_ps

ossuser 27069 1 0 10:31:39 ? 1:39 imapmrb ossuser
27079 1 0 10:31:39 ? 0:00 imapwatchdog -cmd start
ossuser 27086 1 0 10:31:39 ? 0:09 imapeventmgr ossuser
23679 1 1 17:57:06 pts/8 0:02 imap_sysmonitor -cmd start
start
c. Run the following commands to stop the U2000 processes:

$ su - root
# exit
d. Run the following command to check the running status of the U2000 process:
$ daem_ps
NOTE
n The process is stopped if the displayed information is empty.

n For the high availability system (Solaris, SUSE Linux), you can still view information about
the imapwatchdog and ResourceMonitor processes after the U2000 is stopped. This is
because the two processes are used to monitor high availability system alarms and will be
automatically enabled after the U2000 is stopped.
Step 3 Run the following commands to set the communication mode of the server:
NOTE
in CAU mode.
common or SSL mode.
If the following information is displayed, the communication mode of the server has been set
successfully.
NOTE
Ignore information that is displayed before this information because the operation result is not impacted.

$ bash cau.sh
Step 5 Start the U2000 server process.

$ su - root
NOTE
l Use the actual host name for real-world configuration.

l If a fault has occurred during the start of the AppService process, run the
# hagrp -clear AppService -sys hostname
command to rectify the fault. Then run the
Step 6 Optional: If the primary and secondary sites have been connected to each other, follow A.
7.3.3 Manual Switchover Between Active and Standby Sites to perform a primary/
secondary switchover. Then the communication mode used on the primary site will be
synchronized to the secondary site.
----End
A.11.35 How to Choose a Key Process Mode in HA System

(Solaris, PC Linux)
Question
The Solaris and PC Linux HA system provides two key process modes, standard mode and
maximum mode. If a non-key process fails, an active/standby switchover is not triggered. You
can choose the standard mode or maximum mode as needed. This topic describes how to
choose a key process mode for the Solaris and PC Linux HA system.
NOTE
The default key process mode of the Solaris and PC Linux HA system is the standard mode.
With the differentiation of key processes and non-key processes, the HA system will not fail over due to
non-key process failure and the server will not be marked faulty and fail to protect the system against
server faults. Non-key process failure must be rectified in time.
Answer
Step 1 Log in to the server on the primary site as the ossuser user.
Step 2 Run the following commands to choose a key process mode:
$ cd /opt/oss/engr/OSSApp
$ ./changePrcMoniModel.sh

=============================================================================
======
==================================== waring!!! ==============================

======
=============================================================================
======
To run this script , process monitor model will be changed, some NMS process ex
ception will not sensitive.
Please choose monitor model: (1) standard protect model (2) maximum protect mod
el.
To choose the standard mode, enter 1. To choose the maximum mode, enter 2.
NOTE
To view non-key processes in standard mode and maximum mode, run the following command:
$ cat process_std
$ cat process_max
Step 3 Log in to the server at the secondary site as the ossuser user. Change the key process mode of
the secondary site to the same as that of the primary site.
----End
A.11.36 How to Configure a Client to Log In to Both the Primary

and Secondary Servers in a High Availability System (Solaris, PC
Linux)
Question
In a Solaris or PC Linux high availability system, you can modify the configuration scripts to
allow a client to log in to both the primary and secondary servers. After IP addresses of both
the primary and secondary servers are entered, the client determines which server is started
and automatically connects to the started server. How do I configure a client to log in to both
the primary and secondary servers?
Answer
Step 1 Perform the following operations to modify the configuration file:
1. Use SFTP to download the loginuiconfig.xml file in the U2000 installation path/client/
client/plugins/U2000_EM/style/productstyle/loginui/conf/loginui path to the local
disk as the ossuser user.
NOTICE
On Solaris or Linux, ensure that you download the file using SFTP as the ossuser user. If
security hardening is performed on the OS, FTP/SFTP rights of ossuser will be disabled.
In this case, you need to upload files to the backup directory in the FTP root directory as
the ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot).
2. Open the file loginuiconfig.xml using the notepad.

3. In the file, locate the isSupportSecondaryServer string and ensure that the value on the
right of value= is true. If not, please set it true.
4. Save and close the file.
5. Upload loginuiconfig.xml to the U2000 installation path/client/client/plugins/
U2000_EM/style/productstyle/loginui/conf/loginui path.
NOTICE
On Solaris or Linux, ensure that you upload the file using SFTP as the ossuser user.
If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this
case, you need to upload files to the backup directory in the FTP root directory as the
ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy
files to the target directory as the ossuser user.
Step 2 Log in to the client again. Then enter the IP addresses of both the primary and secondary
servers.
NOTE
After login to the server where a client is located, the client determines whether the primary or
secondary server is started and automatically connects to the started server. By default, the primary
server is connected. If the client has been connected to a started server and the server performs active/
standby switchover, a message is displayed on the client indicating that the connection fails and you
mustrelog in to the client. The client then automatically connects to the started server.
----End
A.11.37 How to Configure the U2000 Server in a Solaris and PC

Linux High Availability System to Start Automatically
Question
By default, the U2000 server in a Solaris and PC Linux high availability system does not start
along with the OS. How do I configure the U2000 server in a Solaris and PC Linux high
availability system to start automatically?
NOTE
l Start the U2000 server on both the primary and secondary sites.
l This configuration will not take effect if the U2000 server has been upgraded, and you need to
perform this configuration again after the U2000 server is upgraded.
Answer
Step 1 Log in to the server OS as the root user.
NOTE
Step 2 Run the following commands to configure the U2000 server to start automatically:
# haconf -makerw

# hagrp -modify AppService AutoStart 1

# hagrp -modify AppService AutoStartList hostname
NOTE
hostname indicates the host name of the server. Set it as required.
----End
A.11.38 How to Confirm the Encoding Format of the U2000

License File
Question
How do I confirm the encoding format of the U2000 license file?
Answer
The encoding format of the U2000 license file must be UNIX, not DOS.
l If the Solaris OS is used, perform the following operations to confirm the encoding
format for the U2000 license file:
b. Run the vi command to open the U2000 license file. For example, assume that the
U2000 license file name is license.dat.
c. # vi license.dat
n Normally, the U2000 license file is in UNIX format and information similar to
the following is displayed:
Huawei Technologies Co., Ltd.
All rights reserved.
LicenseSerialNo=LIC2011083100E710
Creator=Huawei Technologies Co., Ltd.
CreatedTime=2011-08-31 15:03:05
Country=China
n In some special cases (for example, the U2000 license file has an error during
file transfer), the encoding format of the U2000 license file is changed to DOS.
Huawei Technologies Co., Ltd.^M
All rights reserved.^M
^M
LicenseSerialNo=LIC2011083100E710^M
Creator=Huawei Technologies Co., Ltd.^M
CreatedTime=2011-08-31 15:03:05^M
^M
Country=China^M
Run the dos2unix command to change the encoding format of the U2000
license file from DOS to UNIX.
# dos2unix license.dat license.dat
NOTE
The U2000 license file is properly displayed after the format conversion.
l If the SUSE Linux OS is used, perform the following operations to confirm the encoding
format of the U2000 license file:


b. Run the cd License file save path command to access the path where the license file
is stored.
c. Run the vi License file name.dat command to open the U2000 license file.
For example, assume that the U2000 license file name is license.dat, run the vi
license.dat command.
n If dos is contained in the last line of the window for viewing license.dat, for
example,
"license.dat" [noeol][dos] 163L, 13496C
The file is in the DOS format. Run the :q command and press Enter to exit
from the vi command. Then run the following command to change the format
of the U2000 license file from DOS to UNIX.
# dos2unix license.dat license.dat
n If dos is not displayed in the last line of the license.dat file, for example,
"license.dat" [noeol] 163L, 13496C
The file is in the UNIX format.
----End
A.11.39 How to Transfer Files by Means of FTP
Question
How do I transfer files by means of FTP?
NOTE
Using SFTP (more secure) to transfer files is recommended.

The available FTP modes are ASCII (default) and binary. To ensure that files are available after transfer,
determine the FTP transfer mode before transferring files.
l Generally, license files are transferred in ASCII mode.
l Before the U2000 is installed, you can upload the U2000 license file as the root user.
l After the U2000 is installed, if no security hardening is performed on the OS, you must upload
the U2000 license file as the ossuser user. Otherwise, the U2000 license file will be invalid. If
security hardening is performed on the OS, FTP/SFTP rights of ossuser will be disabled. In
this case, you need to upload files to the backup directory in the FTP root directory as the
ftpuser user (the FTP root directory of ftpuser is /opt/backup/ftpboot).
l Binary files, such as the U2000 installation program and database interfaces file, are transferred in
binary mode.
Answer
Step 1 Run the following command to connect to the server by means of FTP:
ftp server IP address
Enter the user name and password of the server.
Step 2 Set the FTP transfer mode.

l To use the ASCII mode, run the ascii command.
l To use the binary mode, run the bin command.
Step 3 Go to the path to files to be transferred.

lcd path of files to be transferred

Step 4 Go to the path where the files are to be transferred.
cd path to which the files are to be transferred
Step 5 Optional: Run the hash command to view the file uploading progress.
hash
Step 6 Run the following put command to transfer files:
put names of files to be transferred
Step 7 After the files are transferred, run the quit command to break the FTP connection.
----End
A.11.40 How to Check and Change an OS User ID

Question
Before the U2000 is installed, you must check whether the OS uses a U2000 user ID. How do
I check and change an OS user ID?
Answer
Step 2 Run the following commands to query the database user ID and U2000 user ID in the system:
l Run the following command to check whether a database user ID exists in the system.
800 specifies a database user ID.
# grep x:800: /etc/passwd
l Run the following command to check whether a U2000 user ID exists in the system. 900
specifies a U2000 user ID.
# grep x:900: /etc/passwd
Step 3 If no command output is displayed, the current system does not use any U2000 user ID. If a
command output is displayed, the current system uses a U2000 user ID, and the installation of
the U2000 may fail. Perform the following operations to back up the user ID and then delete
it. The testuser user ID is used as an example.
Run the following command to query the ID of the testuser user:
# id testuser
If information similar to the following is displayed, the modification succeeds.

uid=1000(testuser) gid=900(testgroup) groups=900(testgroup)
Run the following command to delete the ID of the testuser user:

# userdel testuser
NOTICE
If the user is a login user, the execution of the userdel command fails to delete the user. A
message will be displayed indicating that the user is being used.

Step 4 After the U2000 is installed, create the user and restore the backup user data.
In system, create a new user named testuser. The testuser user belongs to the testgroup user
group.
# useradd -g testgroup testuser
----End
A.11.41 How to Deal with an Automatically Configured

Temporary IP Address
Question
After the U2000 is installed on the Netra T4-1/Netra T4-2/Oracle T4-1/Oracle T4-2 server, a
user uses the ifconfig -a command to find that the system contains information about
usbecm0, an extra NIC, and a temporary IP address is automatically configured for the NIC.
How do I deal with the temporary IP address?
Answer
Step 1 Log in to the system controller IP address
Step 2 At the -> prompt, run the following commands to configure hardware:
Step 3 Enter cd /SP/network/interconnect.

/SP/network/interconnect
Step 4 Enter set hostmanaged=false.

Set 'hostmanaged' to 'false'
Step 5 Enter set state=disabled.

Set 'state' to 'disabled'
Step 6 Enter set commitpending=true.

Set 'commitpending' to 'true'
Step 7 Enter exit to complete configuration.
Step 8 Powering off the U2000 and the database.

l For the Single-Server System (Solaris), see 3.3.1 Stopping the U2000 Server Processes
and 3.3.2 Shutting Down the Database.
l For the High Availability System (Solaris), see 3.5.1 Stopping the U2000 Server
Processes and 3.5.2 Shutting Down the Database.
Step 9 Log in to the OS as the root user. Run the following command to restart the OS:

----End
A.11.42 How to Handle the Network Interruption Problem

Occurred When the Primary and Secondary Sites Are Connected
to or Separated from Each Other in an HA System
Question
How do I handle the problem where the network between the client and server is interrupted
when the primary and secondary sites are connected to or separated from each other in an HA
system?
Answer
l The network is interrupted when the primary and secondary sites are connected to each
other.
a. Handle the network interruption problem and restore the network connection.
b. Log in to the primary site as the root user, and run the following command to check
the data replication relationship:
NOTE
n If information similar to the following is displayed, the primary and secondary

sites have not been connected to each other. In this case, use the NMS
Maintenance Suite or commands to connect them.
Primary:
Host name: 192.168.1.10
RVG name: datarvg
DG name: datadg
Data volumes: 1
VSets: 0
SRL name: srl_vol
SRL size: 1.00 G

sites are properly connected, and no other operations are required.
Primary:
Host name: 10.9.1.1
RVG name: datarvg
DG name: datadg
Data volumes: 1
VSets: 0
SRL name: srl_vol
SRL size: 1.00 G
Secondary:
Host name: 10.9.1.2
RVG name: datarvg

DG name: datadg
Logging to: SRL
NOTE
l If Replication status is displayed as resync in progress (autosync), Data status

is displayed as inconsistent, and the value of Logging to is becoming smaller, data
is being duplicated between primary and secondary sites.
l If Replication status is displayed as replicating (connected) and Data status is
displayed as consistent, up-to-date, data duplication of the high availability
system (Veritas hot standby) is complete.
l If Replication status is displayed as logging to DCM (needs dcm
resynchronization), you must run the vradmin -g datadg resync datarvg
command on the primary site as the root user to perform manual synchronization.
l The duration of data replication depends on the stability of the network bandwidth
and the volume of the data to be replicated.
l To save copy time, historical spectrum data is not saved to the data replication
volumes due to its large size. After a HA system switchover, the historical
spectrum data at the primary site cannot be viewed at the secondary site.
l The network is interrupted when the primary and secondary sites are separated from each
other.
a. Handle the network interruption problem and restore the network connection.
b. Log in to the primary site as the root user, and run the following command to check
the data replication relationship:
NOTE

sites have not been separated from each other. In this case, use the NMS
Maintenance Suite or commands to separate them.
Primary:
Host name: 10.9.1.1
RVG name: datarvg
DG name: datadg
Data volumes: 1
VSets: 0
SRL name: srl_vol
SRL size: 1.00 G
Secondary:
Host name: 10.9.1.2
RVG name: datarvg
DG name: datadg
Logging to: SRL

sites are properly separated, and no other operations are required.
Primary:

Host name: 192.168.1.10

RVG name: datarvg
DG name: datadg
Data volumes: 1
VSets: 0
SRL name: srl_vol
SRL size: 1.00 G
----End
A.11.43 How to Burn the ISO File to DVD
Question
How do I burn the ISO file to DVD?
Prerequisites
l The desired ISO file is obtained.
l The DVD recorder has been installed on a Windows PC.
l The burning software has been obtained and installed.
NOTE
The commonly used burning software is Nero, which is a paid software. Purchase Nero from its
official website and then use it. Nero 8 is used as an example in this topic. For more information
about the software, see the software Help or log in to the official website http://
www.nero.com/enu/support/ of the software for technical support.
l An empty DVD is available.
Answer
Step 1 See A.2.27 How Do I Verify Downloaded Software Packages Using the PGPVerify
Software to verify correctness of the obtained ISO file.
Step 2 Execute the Nero software.
Step 3 Click the Image, Project, Copy button.
The Copy Entire CD, Copy Entire DVD, and Disc Image or Saved Project dialog box is
displayed.
Step 4 Click Disc Image or Saved Project.
The Open dialog box is displayed.
Step 5 Select the ISO file to be burnt to DVD and click Open.
The Final Burn Settings dialog box is displayed.
Step 6 Insert the empty DVD to the DVD-ROM.
Step 7 Choose the desired recorder from the Current Recorder drop-down list and select the Verify
data on disc after burning check box.

NOTICE
This step aims at ensuring that the contents burnt to DVD are the same as those in the ISO
file.
Step 8 Click Burn to start burning the ISO file to DVD.

The Burning Process dialog box is displayed, showing the burning progress. After the ISO
file is burnt to DVD, the Nero Express dialog box is displayed, and a message about the
printing result is displayed.
Step 9 Click OK.
Step 10 Click Next.
Step 11 Click to close the program.
----End
A.11.44 How to Check the U2000 Version

Question
How to check the U2000 version?
Answer
l In Solaris and Linux, run the following commands as the ossuser user:
$ cd /opt/oss/engr/install/etc/conf
$ cat MacroFileNW.properties

...
@{U2000Product_Server_VersionName}=V200R017C60SPCxxx
...
The preceding displayed information shows the U2000 version.
NOTE
Only the U2000 SPC version number can be viewed on this way. If the version has been installed
with a CP patch, perform View the CP version of the U2000 to view more version information
about the U2000 software.
l In Windows, check the U2000 version.
a. Log in to the OS as a user with ossuser rights.
b. Choose Start > Run.
The Run window will be displayed.
c. Enter cmd and click OK.
d. In the CLI, run the following command:
type D:\oss\engr\install\etc\conf\MacroFileNW.properties

...
@{U2000Product_Server_VersionName}=V200R017C60SPCxxx
...
The preceding displayed information shows the the U2000 version.
NOTE
Only the U2000 SPC version number can be viewed on this way. If the version has been
installed with a CP patch, perform View the CP version of the U2000 to view more version
information about the U2000 software.
l If the version has been installed with a CP patch, you can use the following method to
view the CP version of the U2000.
The version information is stored on the U2000 server as a configuration file named the
version number. Access the following directory to view all version information:
In Windows: %IMAP_ROOT%\patch, such as D:\oss\server\patch.
In Solaris and Linux: $IMAP_ROOT/patch, such as /opt/oss/server/patch.
NOTE
The CP version number can be obtained only by accessing the directory. One version can have
either 0 patch or multiple CP patches.
For example, if the directory contains the V100R009C00CP3011.cfg,

V100R009C00CP3013.cfg, and V100R009C00SPC301.cfg files, the version has been
installed with two CP patches and one SPC patch.
----End
A.11.45 How to Configure the FTP or SFTP Service on Windows

OS
This topic describes how do I configure the FTP or SFTP service on Windows OS.
Prerequisites
l To use the service of a third-party tool for file transfer, make sure that the third-party tool
configured as the FTP or SFTP service is started, and stop the FTP/SFTP service of the
U2000 server.
NOTE
The way of stop the FTP/SFTP service of the U2000 server is Stop the XftpDm process in the task
manager, configure the third-party FTP service, and then restart the ftpdaemon process.
l The file transfer parameters set on the U2000 must be the same as the parameters set on
the FTP or SFTP service.
l If FTP is used, peform operations as required. SFTP is recommended because it provides
better security.
– If the U2000 is not installed on the server, log in to http://mina.apache.org/
ftpserver-project/downloads.html to download the latest apache-ftpserver
compression package and refer to the documents on the website to configure the
FTP service. For more information about software operation, see the software Help
or go to the official website of the software http://mina.apache.org/ftpserver-
project/documentation.html for technical support. In addition to the apache-
ftpserver, the wftpd32.exe is another third-party tool used to configured the FTP

service. The wftpd32.exe cannot be used to configure the FTP service. Otherwise,
an abnormality occurs during remote database backup.
– If the U2000 has been installed on the server, apache-ftpserver will be
automatically installed along with U2000 installation. Therefore, you do not need to
manually configure the FTP service after the U2000 is installed.
Context
l The SFTP service is recommend because it provides better security.
l See operations in this topic on the windows server before U2000 data is backed up or
restored.
l User created for minasshd SFTP services is ftpuser by default and the default password
is Changeme_123. To ensure the security of the NMS, change the password for the
ftpuser user periodically.
NOTE
The password must meet the following rules:
l The password consists of 8 to 32 characters.
l The password must be a combination of three types of characters: digit, letter, and special character.
l Configuring the SFTP service key method is as follows, assuming the SFTP root
directory is D: .
a. Log in to the NMS server as a NMS administrator account.
b. Copy the key file authorized_keys to the SFTP root directory.
c. Copy and paste the public key information to the .ssh file in the SFTP root
directory. If the .ssh file does not exist, run the following commands to create the
file and copy key information:
> cd d:
> mkdir .ssh
> copy authorized_keys .ssh
Procedure
l Optional: Configure the SFTP service.The SFTP service needs to be configured only
when SFTP is used on a server where the U2000 is not installed.
The minasshd software is automatically installed along with U2000 installation. The
SFTP services is automatically installed, and the user ftpuser is automatically created
for the services.
l Starting the SFTP service
a. Log in to the System Monitor client as a system administrator account.
b. Click the Service Monitor tab, right-click minasshd and choose Start the Service
from the shortcut menu to start the minasshd SFTP service.
l Stopping the SFTP service
a. Log in to the System Monitor client as a system administrator account.
b. Click the Service Monitor tab, right-click minasshd and choose Stop the Service
from the shortcut menu to stop the minasshd SFTP service.
----End

A.11.46 How Do I Configure SFTP Public Key Authentication?

SFTP is based on SSH. Public key authentication and password authentication are two
standard authentication modes defined by SSH. Public key authentication is more secure and
reliable than password authentication. Before using SFTP and public key authentication on
both the U2000 client and server to connect and transmit data, configure SFTP public key
authentication for the U2000 server and client.
Context
By default, SFTP uses password authentication (that is, the account used for connecting to the
sftp server, and the corresponding password are used for authentication), but does not use
public key authentication.
Procedure
Step 1 Configure SFTP public key authentication on the server.
1. Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.Log in to the
U2000 server as user ossuser.
2. Run the following command to switch to user root.
$ su - root
3. Run the following command to allow user ftpuser to log in to the operating system in
shell mode.
# FTP_SHELL=`grep "^ftpuser:" /etc/passwd | awk -F':' '{print $7}'`
# usermod -s /bin/bash ftpuser

4. Run the following commands to create the .ssh folder and assign related permissions for
the folder.
# mkdir -p /opt/backup/ftpboot/.ssh
# chmod 750 /opt/backup/ftpboot/.ssh
# chown ftpuser:ossgroup /opt/backup/ftpboot/.ssh

5. Run the following command to switch to user ftpuser.
# su - ftpuser
6. Run the following commands to create key files and specify the password for the private
key file:
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/opt/backup/

ftpboot/.ssh/id_rsa): Press Enter to use the default file name.
Enter passphrase (empty for no passphrase): Enter the password.
Enter same passphrase again: Enter the password again.

NOTE
– After commands are executed, id_rsa.pub and id_rsa are generated under the /opt/backup/
ftpboot/.ssh directory.
– The names of the public key file and the private key file can be customized. The default names
are used as an example in this document.
– It is recommended that the private key file is updated periodically to ensure data security. The
updating period can be customized. The recommended period for updating the private key file
is one month.
– The password must contain at least 6 characters and is recommended to contain a maximum of
64 characters. It must contain at least three types of the following characters: lowercase letter
(a–z), uppercase letter (A–Z), digit (0–9), and special characters (~!@#%*-_=+[{}]:,./?).
7. Run the following commands to import id_rsa.pub to authorized_keys.
$ cd /opt/backup/ftpboot/.ssh
$ cat id_rsa.pub >> authorized_keys
$ exit
8. Run the following command to prohibit user ftpuser from logging in to the operating
system in shell mode.
# usermod -s $FTP_SHELL ftpuser
Step 2 Configure SFTP public key authentication on the client.
1. Copy id_rsa from the server path /opt/backup/ftpboot/.ssh to any directory on the
client (such as D:\).
2. Run Client installation directory\client\client\bin\CertConfigurator.bat.
3. Click the SFTP Settings tab, select Enable public key authentication, and then select
the private key file and enter the private key file password, as shown in Figure A-27.
Figure A-27 SFTP Settings

NOTE
– Try password authentication specifies whether to use password authentication when public
key authentication fails. When it is selected, if public key authentication fails, the U2000
attempts at password authentication. When it is cleared, if public key authentication fails, the
U2000 does not attempt at password authentication and immediately displays an authentication
failure message.
– The password must contain at least 6 characters and is recommended to contain a maximum of
64 characters. It must contain at least three types of the following characters: lowercase letter
(a–z), uppercase letter (A–Z), digit (0–9), and special characters (~!@#%*-_=+[{}]:,./?).
4. Click OK.
----End
A.11.47 How to Resolve the U2000 SyslogCollectorDM Service

Startup Failure Due to a Port Conflict
Question
The UDP port 514 is used by the syslogd service in the Solaris OS/the syslog service in the
SUSE Linux OS to receive remote logs. After you install the U2000 on the operating system,
the SyslogCollectorDM service of the U2000 also uses port 514 to receive remote logs. If the
syslogd service is enabled in the Solaris OS/the syslog service is enabled in the SUSE Linux
OS before an upgrade, a port conflict occurs after the upgrade. As a result, the
SyslogCollectorDM service is disabled and the attempt to start the SyslogCollectorDM
service fails.
Answer
To ensure that the NE logs are properly displayed on the U2000 client, disable the remote log
receiving function for the syslogd service in the Solaris OS/the syslog service in the SUSE
Linux OS, and allow the U2000 SyslogCollectorDM service instead of the OS receives the
remote logs. Perform the following operations on the nodes where the SyslogCollectorDM
service has been deployed to ensure that UDP port 514 is not used by the OS.
1. Use the PuTTY to log in to the U2000 server as user ossuser in SSH mode.Log in to the
U2000 server as user ossuser.
2. Run the following command to set environment variables.
3. Run the following command to enable the U2000 SyslogCollectorDM service:
$ svc_adm -cmd enable -svcname SyslogCollectorDM
– If the SyslogCollectorDM service is started, the problem is not caused by the port
conflict. The procedure ends.
– If the SyslogCollectorDM service is not started, perform .4.
4. Run the following command to switch to user root.
$ su - root
5. Run the following command to view the usage of port UDP 514:
In the Solaris OS:

# netstat -an -P udp |grep 514

If the following information is displayed, port UDP 514 has been occupied by the
syslogd service:
*.514 Idle
In the SUSE Linux OS:

# lsof -i:514
If the following information is displayed, port UDP 514 has been occupied by the syslog
service of the OS:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
syslog-ng 8786 root 5u IPv4 8511952 UDP *:syslog
6. Disable the remote log receiving function for the syslogd service in the Solaris OS/the
syslog service in the SUSE Linux OS.
In the Solaris OS:
a. Run the following command to stop the syslogd service on the OS:
b. Run vi to modify the /etc/default/syslogd file.
Change LOG_FROM_REMOTE=YES that is in the last row of the file to
LOG_FROM_REMOTE=NO, and delete # of this line. Run :wq! to save the file
and exit.
c. Run the following command to start the syslogd service:
In the SUSE Linux OS:
a. Run the following command to stop the syslog service on the OS:
# service syslog stop
b. Run vi to modify the /etc/syslog-ng/syslog-ng.conf file.
Comment on the udp<ip<"0.0.0.0"> port<514>> line. Run :wq! to save
the file and exit.
unix-dgram("/dev/log");
#
# uncomment to process log messages from network:
#
# udp<ip<"0.0.0.0"> port<514>>;
c. Run the following command to restart the syslog service:

# service syslog start
7. Take this step if you use the Solaris OS. Run the following command to view the usage
of port UDP 514 again:
# netstat -an -P udp |grep 514
If no information is displayed, the syslogd service has released port UDP 514. In this
case, if the U2000 SyslogCollectorDM service is started, the SyslogCollectorDM service
can receive remote logs even with port UDP 514.
8. Run the following command to switch to user ossuser.
# su - ossuser
9. Run the following command to set environment variables.

10. Take this step if you use the Solaris OS. Run the following command to start the
SyslogCollectorDM service:
$ svc_adm -cmd startsvc SyslogCollectorDM
11. Take this step if you use the SUSE Linux OS. Run the following command to check
whether the U2000 SyslogCollectorDM service is running.
$ svc_adm -cmd status
If the service is not running, run the following command to start the SyslogCollectorDM
service:
$ svc_adm -cmd startsvc SyslogCollectorDM
12. Take this step if you use the SUSE Linux OS. Run the following command to switch to
user root.
$ su - root
13. Take this step if you use the SUSE Linux OS. Run the following command to view the
usage of port UDP 514 again:
# lsof -i:514
If the following information is displayed, the U2000 SyslogCollectorDM service has
occupied this port.
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
SyslogCol 11101 root 31u IPv4 8519207 UDP *:syslog
A.11.48 How Do I Restore a Site in the Unilateral Separation State

to an Independent Site in a HA System (Solaris)
Question
After the secondary site in a HA system fails, separating the primary site from the secondary
site is performed on the primary site. However, the primary site fails to deliver commands to
the secondary site to separate the primary site from the secondary site. As a result, this
separation succeeds on the primary site but fails on the secondary site. In this situation, the
secondary site is in the unilateral separation status. (If the primary site in a HA system fails in
the preceding scenario, it will also be in the unilateral separation status.)
This example illustrates how to restore the secondary site to an independent site after this
secondary site recovers from the unilateral separation status.
Answer
Step 1 Ensure that the primary site has exited from the MSuite client. For details, see C.2.3 Exiting
from the MSuite client.
Step 2 Separate the primary site from the secondary site on the secondary site. For details, see C.6.2
Separating the Primary Site from the Secondary Site.
----End

A.11.49 How Do I Obtain Third-Party Software and Hardware

Materials
Question
How do I obtain third-party software and hardware materials?
Answer
The U2000 running depends on third-party software and hardware. To help you better
maintain third-party software and hardware, handle related faults, and acquire knowledge, you
can obtain corresponding materials from third-party websites. Table A-13 lists the URLs of
commonly seen third-party software and hardware.
NOTE
Websites of third-party materials may vary with different reasons. The correct URLs are subject to the
official release.
Table A-13 Websites for obtaining software and hardware materials

Type Category Model Website URL
Operating system Operating system Solaris 10 http://www.oracle.com/

technetwork/
documentation/
solaris-10-192992.html
SUSE Linux 10 https://www.suse.com/

documentation/sles10/

documentation/sles11/

documentation/sles-12/
Windows 10 http://
windows.microsoft.com/en
-us/windows/windows-
help#windows=windows-1
0
Database Sybase 15 http://help.sap.com
SQL Server 2008 http://

msdn.microsoft.com/en-us/
library/bb545450.aspx
Two-node cluster Veritas http://www.symantec.com/

software business/support/index?
page=products

Antivirus OfficeScan 11 http://

docs.trendmicro.com/en-
us/enterprise/
officescan.aspx
Virtual machine VMware http://pubs.vmware.com/

software vsphere-55/index.jsp?
lang=en
FusionSphere l FusionSphere OpenStack

OM: http://
support.huawei.com/
carrier/
navi#col=product&allP
roduct=true&path=PBI
1-21430725/
PBI1-21430806/
PBI1-21431666/
PBI1-21778697
l ServiceCenter: http://
support.huawei.com/
carrier/
navi#allProduct=true&
col=product&path=PBI
1-21430725/
PBI1-21430806/
PBI1-21431666/
PBI1-21782552/
PBI1-21270651
HaneWIN NFS haneWIN NFS http://www.hanewin.net/

Server 1.2.18 nfs-e.htm
Adobe Flash Adobe Flash https://get2.adobe.com/cn/

Player Player23 flashplayer/
Third-party PC server 2288H V5 http://support.huawei.com/

hardware enterprise/en/server/
2288h-v5-pid-21872244
RH2288H V2 http://support.huawei.com/
enterprise/
productsupport?
lang=en&pid=9581539&id
AbsPath=7919749|
9856522|9856792|9581539

enterprise/
productsupport?
AbsPath=7919749|
9856522|9856792|9901881
enterprise/
productsupport?
AbsPath=7919749|
9856522|9856792|9768163
Midrange Netra T4-1 http://docs.oracle.com/cd/

computer/ E23203_01/index.html
Workstation
Netra T4-2 http://docs.oracle.com/cd/
E21893_01/index.html
T4-1 http://docs.oracle.com/cd/
T4-2 http://docs.oracle.com/cd/
Blade server E9000 http://support.huawei.com/

enterprise/
productsupport?
lang=en&pid=19961380&i
dAbsPath=7919749|
9856522|9856786|
19955022|19961380
Tape drive SUN LTO4 http://www.oracle.com/

technetwork/
documentation/tape-
storage-curr-187744.html
Small software FTP tool Filezilla https://wiki.filezilla-

project.org/Documentation
SSH/Telnet tool PuTTY http://

www.chiark.greenend.org.
uk/~sgtatham/putty/
download.html

PGPverify tool PGPverify For carrier: http://

support.huawei.com/
carrier/digitalSignature-
Action
For enterprise: http://
support.huawei.com/
enterprise/en/tool/
software-digital-signature-
validation-tool--pgp-
verify--TL1000000054
Desktop Citrix http://support.citrix.com/

virtualization proddocs/topic/
tool infocenter/ic-how-to-
use.html
FTP server Apache FTP http://mina.apache.org/

Server ftpserver-project/
documentation.html
SFTP server minasshd http://mina.apache.org/

sshd-project/
documentation.html
Decompression 7-Zip http://www.7-zip.org/

tool support.html
IE plug-in JRE http://www.java.com/en/

download/help/
Disk burning Nero http://www.nero.com/enu/

software support/
A.11.50 How Can I Configure an IP Address for the

Communication Between the U2000 and Southbound NEs
Question
After the U2000 is installed, you can select an independent network interface to implement
secure communication between the U2000 and southbound NEs. This topic describes how to
configure an IP address for the selected independent network interface.

NOTICE
l If the device is connected to the network through the server's application IP address, the
server's application IP addresses should communicate normally with their interconnected
devices, and the server's application IP address should add to the southbound IP address
list.
l The server's application IP address should communicate normally with all client networks.
l The U2000 will be restarted in the IP address configuration process, thus interrupting the
communication between the U2000 and southbound NEs.
l In the HA system, see C.6.2 Separating the Primary Site from the Secondary Site to
separate the primary and secondary sites. then perform the following operations on the
master and slave servers.
Answer
Step 1 Configure an IP address on an unused network interface for the communication between the
U2000 and southbound NEs.
l If the Linux OS is used, see A.2.16 How to Set IP Addresses for Unused NICs on
SUSE Linux.
l If the Solaris OS is used, see A.3.1.9 How to Set IP Addresses for Unused NICs on a
Workstation.
l If the Windows OS is used, configure an IP address on an unused network interface for
the communication between the U2000 and southbound NEs.
NOTE
l The configured IP address can be used only for the communication between the U2000 and
southbound NEs.
l If in the environment, needs separately in the host prepares on the server to carry out the following
step.
Step 2 Log in to the U2000 as the ossuser user. Run the following commands to configure an IP
address for the communication between the U2000 and southbound NEs. For example, on the
U2000 that runs the Solaris OS, configure the IP address 10.9.9.1.
l In Linux&Solaris OS, perform the following operations:
$ cd /opt/oss/server/tools/configSouthIP
$ ./configsouthip.sh -set 10.9.9.1
l In Windows OS, perform the following operations:

> cd /d D:\oss\server\tools\configSouthIP
> configsouthip.bat -set 10.9.9.1
NOTE
l To configure more than one such IP address, the specified IP addresses must be in the following
format:
"IP1;IP2;IP3..."
For example, to configure 10.9.9.1 and 10.9.9.2, run the ./configsouthip.sh -set "10.9.9.1;10.9.9.2"
command.
l IP addresses for the communication between the U2000 and southbound NEs must be on the same
network as the IP address of the U2000. If a southbound communication IP address is on a different
network segment, perform an NAT operation to convert the IP address. For details about how to
convert an IP address using NAT, see Working with the NMS > Setting Parameters for the
Communication Between the U2000 and NEs > Configuring the xFTP Service > Configuring
the NAT Address Translation in the Help.

If information similar to the following is displayed, the communication IP address is

configured successfully.
Parameter removal failure. The parameter does not exist.
set new south IP success!
Notify new deploy information success!
Step 3 Run the following command to check the IP address used for the communication between the
U2000 and southbound NEs.
$ ./configsouthip.sh -get
NOTE
In Windows OS, perform the following operations:
> configsouthip.bat -get
If information similar to the following is displayed, the IP address 10.9.9.1 is configured as an

IP address for the communication between the U2000 and southbound NEs.
10.9.9.1
Step 4 Stop the U2000 service. For details, see operations of stopping the U2000 server in 3
Shutting Down a U2000.
Step 5 Start the U2000 service. For details, see operations of starting U2000 server in 2 Starting the
U2000 System.
----End
A.11.51 Checking the NTP Service on Solaris

This topic describes how to check the NTP service on Solaris. Two commands are available to
query the NTP status: ntpq -p and ntptrace. The command outputs help you determine
whether NTP synchronization is normal.
Context
l You can run the svcs svc:/network/ntp:default command to check the running status of
the NTP service.
– If the command output contains online, the NTP service has started.
STATE STIME FMRI
online 11:00:06 svc:/network/ntp:default
NOTE
l If the NTP service has been started, port 123 corresponding to the service will also be
enabled. Run the netstat -an |grep 10.185.166.48.123 command to check whether port
123 used by the NTP service has been enabled on the current U2000 server.
10.185.166.48 is the ip address of the current U2000 server.
Information similar to the following is displayed means the port 123 has been enabled.
10.185.166.48.123 Idle
l If no information displayed, means the port 123 has not been enabled. Run the svcadm
restart ntp command to restart the NTP service and port 123 corresponding to the
service will also be enabled.
– If maintenance is displayed, run svcadm clear svc:/network/ntp:default and
check again.
STATE STIME FMRI
maintenance 14:50:17 svc:/network/ntp:default
– If disabled is displayed, the NTP service is not started.

STATE STIME FMRI
disabled 11:00:06 svc:/network/ntp:default

NOTE
If the NTP service is not started, run the svcadm enable svc:/network/ntp:default command to
start the NTP service.
l You can run the date command.
– Check whether the medium-level NTP server time and the upper-level NTP
server time are the same.
– Check whether the NTP client time and the upper-level NTP server time are the
same.
If they are the same, the NTP service is in the normal state.
l In the ntpq -p command output, the remote field specifies the address of the reference
clock source. in the return message of the ntpq -p command is the IP address of the
reference time source. It indicates the status of the reference time source.
l The ntptrace command traces the entire NTP synchronization link from the local
machine to the NTP server at the highest level.
Procedure
Step 1 Log in to OS as user root.
Step 2 In a command line interface (CLI), run the ntpq -p command to view the NTP clock source.
Step 3 Run the ntptrace command to view the NTP synchronization link.
----End
Result
l If the server running on Solaris is configured as the NTP server at the top level, the
command outputs are as follows:
# ntpq -p
remote refid st t when poll reach delay
offset disp
==============================================================================
==
*local(0) .LOCL. 1 29 64 377
0.000 0.000 0.000
NOTE
l The preceding information indicates that the current server is the NTP server with the highest
stratum and is tracing the local time
l If the server running on Solaris is configured as the NTP server at the intermediate level,
the command outputs are as follows:
# ntpq -p
remote refid st t when poll reach delay
offset disp
==============================================================================
==
*10.161.94.212 .LCL. 1 u 165 512 377
0.406 61.294 0.111
+local(0) Local(0) 3 1 29 64 377
0.000 0.000 0.000
# ntptrace

localhost: stratum 2, offset 0.000049, synch distance 0.02863

10.161.94.212: stratum 1, offset -0.001166, synch distance 0.01024
NOTE
stratum 1.
stratum 2, and the IP address of the host at the upper level is 10.161.94.212 at stratum 1.
l If the clients running on Solaris are configured as NTP clients at the intermediate level,
the command outputs are as follows:
# ntpq -p
remote refid st t when poll
reach delay offset disp
==============================================================================
=
*10.161.94.214 10.161.94.212 2 u 58 64
377 0.37 0.217 0.05
# ntptrace
localhost:stratum 3, offset 0.000035, sycnh distance 0.08855
10.161.94.214: stratum 2, offset 0.000224, synch distance 0.07860
10.161.94.212: stratum 1, offset 0.060569, synch distance 0.01036,
refid 'LCL'
NOTE
stratum 2.
stratum 3, the IP address of the host at stratum 2 is 10.161.94.214, and the IP address of the
host at stratum 1 is 10.161.94.212.
A.11.52 Starting or Stopping the NTP Service on Solaris

This topic describes how to start or stop the NTP service on Solaris.
Context
If the NTP service is stopped, the U2000 server fails to synchronize the time with that of the
NTP server. This may result in a time deviation.
Procedure
Step 1 Use the PuTTY to log in to the Solaris OS as user ossuser in SSH mode.

$ su - root

Step 3 Run the following command to check the running status of the NTP service.
# svcs svc:/network/ntp:default
l If the command output contains online, the NTP service has started.
STATE STIME FMRI
online 11:00:06 svc:/network/ntp:default
If the NTP service has been started, port 123 corresponding to the service will also be
enabled. Run the netstat -an |grep 123 command to check whether port 123 used by the
NTP service has been enabled on the current server.
l If maintenance is displayed, run svcadm clear svc:/network/ntp:default and check
again.
STATE STIME FMRI
maintenance 14:50:17 svc:/network/ntp:default
l If disabled is displayed, the NTP service is not started.

STATE STIME FMRI
disabled 11:00:06 svc:/network/ntp:default
Step 4 Run the following command to start or stop the NTP service.
l Run the following command to start the NTP service.
# svcadm enable svc:/network/ntp:default
l Run the following command to stop the NTP service.
# svcadm disable svc:/network/ntp:default
NOTE
The command needs to be run only once. After the command is run, the NTP service does not
automatically start each time the system is restarted.
----End
A.11.53 Starting or Stopping the NTP Service on SUSE Linux

This topic describes how to start or stop the NTP service on SUSE Linux.
Context
If the NTP service is stopped, the U2000 server fails to synchronize the time with that of the
NTP server. This may result in a time deviation.
Procedure
Step 1 Use the PuTTY to log in to the SUSE Linux OS as user ossuser in SSH mode.

$ su - root
Step 3 Run the following command to check the running status of the NTP service.
# service ntpd status
l If the command output contains active (running), the NTP service has started.

If the NTP service has been started, port 123 corresponding to the service will also be
enabled. Run the netstat -an |grep 123 command to check whether port 123 used by the
NTP service has been enabled on the current server.
l If inactive (dead) is displayed, the NTP service is not started.
Active: inactive (dead)
Step 4 Run the following command to start or stop the NTP service.
l Run the following command to start the NTP service.
# service ntpd start
l Run the following command to stop the NTP service.
# service ntpd stop
----End
A.11.54 How to Query Information About the Software and

Hardware Installation and ESNs of a Huawei Rack Server
Question
How do users query the software and hardware installation and equipment serial numbers
(ESNs) after they obtain the contract number?
Answer
Step 1 Log in to http://texpert.huawei.com/TExpert/Pages/PageContainer.htm.
NOTE
l The following assumes that an engineer queries and installs a server on which the SUSE Linux OS is
installed.
l Only Huawei engineers have permission to log in to the system. Customers can contact Huawei
engineers to obtain information as needed.
Step 2 In the HUMEP iTestCommander page that is displayed, set Domain to FT and FT Data
Browse to By SN.
Step 3 Enter the obtained bar code number next to the Serial Number text box and click Search.
NOTE
You can obtain the bar code number from the server shelf.

Step 4 On the tab that is displayed, select the row whose SubSequence is 5 and has the latest
TransactionTime. Click SerialNumber.
Step 5 The query result page is displayed. View information about the software and hardware
installation and ESNs on the Result Two tab.
Step 6 Close the page.
----End

A.11.55 How Do I Modify the Database Scheduled Backup Time
Question
By default, the U2000 database is automatically backed up at 01:00 every Wednesday. How
do I set the database scheduled backup time based on service needs?
Answer
NOTICE
protected.
Step 1 Log in to the OS of the server as the ossuser user. Run the following command to switch to
the root user.
$ su - root
Step 2 Run the following commands to set automatic startup of the scheduled backup task on the
U2000 server:
# cd /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/PlantBackDB
# ./userconfig.sh

Current task config is:
every week=3,day=*,colck=1 run task,want change it? (Y|N):
Enter Y and press Enter.

To create a weekly task or a monthly task? (weekly|monthly):
Enter weekly and press Enter.

To create a task at 01:00 every Wednesday? (Y|N):
Enter N and press Enter.

please input the day of the week to run the task (0-6,0=Sunday):
Enter 5 and press Enter.

please input the hour to run the task (0-23):
Enter 3 and press Enter.


create timing-task OK.
NOTE
l The characters in bold are the contents to be entered. In the preceding example, a scheduled backup task
that runs at 03:00 every Friday is created. Users can modify the scheduled backup time based on service
needs.Ensure that the system is running on the primary database (normal mode) when a periodic
backup task is triggered.
l The command output "create timing-task OK." indicates that the scheduled backup time is modified
successfully.
----End
A.11.56 How to Rectify the Data Restoration Failure on a

Secondary Site Because of Missing Databases
Question
What should I do if the data restoration on the secondary site fails because of missing
databases?
NOTE
The failure occurs if the xxDB file is missing from backup files on the primary site or the xxDB file is
missing from the database of the secondary site.
Answer
Step 1 Check for the xxDB file of the Sybase or SQL Server database of the primary site.
To check for the xxDB file of the Sybase database, perform the following steps:
1. Log in to the OS as the dbuser user.
NOTE
– If you log in as another user, you can run su - dbuser to switch to the dbuser user.
– By default, the password of the dbuser is Changeme_123 after system installation.
2. Run the following command to check the database information:
NOTE

1> sp_helpdb
2> go
The database information includes the database name, size, owner, and status.
To check for the xxDB file of the SQL Server database, perform the following steps:
1. Log in to the OS as the dbuser.
2. Run the following command at the command prompt:
NOTE

Password:
1> sp_helpdb
2> go
NOTE
– DBSVR specifies the database name.

– Enter the database sa user password as prompted.
– The prompt C:\> varies according to on-site conditions. If the system is logged in to as the
dbuser user, the default prompt is C:\Users\dbuaer>. You can run the cd command to
switch the directory. A command example is
The database information includes the database name, size, owner, and status.
Step 2 Optional: Add the xxDB file if it is missing from the database.
NOTE
You can add the xxDB file by means of domain deployment. If the method does not work, contact
Huawei technical support engineers.
Step 3 Check whether xxDB information exists in the ../server/etc/conf/sysconfigure.xml file on the
site where the xxDB file is missing.
l If xxDB information does not exist on the primary site, use the following workaround:
delete xxDB information from the ../server/etc/conf/sysconfigure.xml file on the
secondary site. The database is not restored in the cold backup scheme.
l If xxDB information does not exist on the secondary site, use the following workaround:
add xxDB information to the ../server/etc/conf/sysconfigure.xml file on the secondary
site. The database is restored in the cold backup scheme.
NOTICE
This operation is critical and may affect services. Back up related files before the adding or
deleting information in the files.
Step 4 Restart the backup and restoration tasks.
----End
A.11.57 How Do I Deploy Security Certificates for VRP8-based

OSN 9800s
Question
How do I deploy security certificates for VRP8-based OSN 9800s?
Answer
l Import an SSL certificate for the U2000 and an NE through the GUI.
a. Log in to the MSuite client from the U2000 server. For details, see C.2.2 Logging
In to the MSuite Client.
b. Choose Certificate File Management > SBI Certificate.

c. In the Certificate Configuration dialog box, click Import.

d. In the Import Certs dialog box, click the ID Certificate tab and configure the SSL
Client and SSL Server identity certificates.
i. Select Generate SSL authentication certificates.

NOTE
l Generate SSL authentication certificates: Generates certificates for SSL

communication between NEs and the U2000.
l Generate USB authentication certificates: Generates certificates for USB
authentication when configuration scripts need to be applied to NEs through a
USB flash drive.
ii. In the SSL Client Cert area, click next to File Name. In the Select Certs
dialog box, select a certificate and click OK.
iii. In the SSL Client Cert area, enter the encryption password of an SSL client
identity certificate in the PFX Password text box.
iv. In the SSL Server Cert area, click next to File Name. In the Select Certs
v. In the SSL Server Cert area, enter the encryption password of an SSL server
identity certificate in the Password text box.
vi. In the text box on the right of Certs backup path, enter the directory name.
e. Click the Trust Certificate tab, and click Add. In the Select Certs dialog box,
select the trust certificate and click OK.
f. Optional: Click the Certificate Revocation List tab and click Add. In the Select
Certs dialog box, select the revocation certificate and click OK.

NOTICE
If the SSL certificate is revoked, the U2000 cannot communicate with NEs in SSL
mode after the U2000 is restarted. Exercise caution.
g. In the Import Certs dialog box, click OK.

h. Optional: In the Certificate Configuration dialog box, select the new certificate to
be imported and click Default to set the new certificate as the default one.
i. Check that the U2000 generates the necerts folder in the certificate directory and
this folder contains the CA.CRT, CERTNE.CRT, CERTNE.KEY, and
SSLCFG.KEY certificates.
NOTICE
The certificate files are saved in the following directory: /opt/oss/server/etc/ssl/
nemanager/User-defined folder/necerts, where User-defined folder is the
directory name of Certs backup path specified when the SSL certificate was
imported.
If you want to load these certificates to the NE, please remember to copy them to
the root directory for the FTP. the user logging to FTP is ftpuser.
j. Load and deploy the four certificates on the NE.

Load and deploy certificates.
i. Log in to the U2000 client.
ii. Open the NE Explorer and choose Security > SSL Certificate Management
> SSL Certificate Download from the navigation tree.
iii. Select CA.CRT, CERTNE.CRT, and CERTNE.KEY certificates and click
File Upload to load them.
iv. Click the SSL Policy Management tab and click Create.
v. Set ssl-policy-name, for example, to u2000.
vi. Click the sslCertLoad tab and click Create. Configure the authentication
certificate.

○ certType: certpr_pem
○ certFile: CERTNE.CRT
○ authCode: password for encrypting the authentication certificate
○ keyType: keytype_rsa
○ keyFile: CERTNE.KEY
vii. Click the sslTrustCALoad tab and click Create. Configure the trust
certificate.
○ caType: catype_pem-ca
○ caFile: CA.CRT
○ authCode: password for encrypting the trust certificate
viii. In the NE Explorer, choose Communication > Communication Parameters
from the navigation tree.
ix. Set SSL Policy-Name, for example, to u2000.

x. Click Apply.
xi. Choose Administration > DCN Management from the main menu
(traditional style); alternatively, double-click Fix-Network NE Configuration
in Application Center and choose Administration > DCN Management
from the main menu (application style). Click the GNE tab.
xii. Set the connection mode to Security SSL.
xiii. Click next to SSL Certificate. In the Select SSL Certificate dialog box,
select the desired certificate and click OK.
xiv. Log in to the NE.
l Import an SSL certificate for the U2000 and NE using commands.
a. Start importing the identity certificate and trust certificate scripts.
n Solaris/SUSE Linux (as the ossuser user):
$ cd /opt/oss/server/tools/trans_cert_tool
$./ssl_cert_adm.sh -cmd import user -client_cert client.p12 [-pfxpwd
password1] -server_cert server.p12 [-pfxpwd password2] -trust trust.cer
NOTE
user indicates the name of the folder in which SSL certificates are stored. password1
and password2 indicate the encrypted password for the SSL Client and SSL Server
certificates.
n Windows:
>cd /d d:\oss\server\tools\trans_cert_tool
>ssl_cert_adm.bat -cmd import user -client_cert client.p12 [-pfxpwd
password1] -server_cert server.p12 [-pfxpwd password2] -trust trust.cer
NOTE
certificates.
b. Optional: Start the CRL configuration script.


$ ./ssl_cert_adm.sh -cmd add_revoke user revoke.crl
NOTE
user indicates the name of the folder in which SSL certificates are stored.
n Windows:
>ssl_cert_adm.bat -cmd add_revoke user revoke.crl
NOTE
c. Check that the U2000 generates the necerts folder in the certificate directory and
d. Load and deploy the four certificates on the NE.
Load and deploy certificates.
ii. Open the NE Explorer and choose Security > SSL Certificate Management
> SSL Certificate Download from the navigation tree.
iii. Select CA.CRT, CERTNE.CRT, and CERTNE.KEY certificates and click
File Upload to load them.
iv. Click the SSL Policy Management tab and click Create.
v. Set ssl-policy-name, for example, to u2000.
vi. Click the sslCertLoad tab and click Create. Configure the authentication
certificate.
○ certType: certpr_pem
○ certFile: CERTNE.CRT
○ authCode: password for encrypting the authentication certificate

○ keyType: keytype_rsa
○ keyFile: CERTNE.KEY
vii. Click the sslTrustCALoad tab and click Create. Configure the trust
certificate.
○ caType: catype_pem-ca
○ caFile: CA.CRT
○ authCode: password for encrypting the trust certificate
viii. In the NE Explorer, choose Communication > Communication Parameters
from the navigation tree.
ix. Set SSL Policy-Name, for example, to u2000.
x. Click Apply.
xi. Choose Administration > DCN Management from the main menu
(traditional style); alternatively, double-click Fix-Network NE Configuration
in Application Center and choose Administration > DCN Management
from the main menu (application style). Click the GNE tab.

xii. Set the connection mode to Security SSL.
xiii. Click next to SSL Certificate. In the Select SSL Certificate dialog box,
select the desired certificate and click OK.
xiv. Log in to the NE.
----End
A.11.58 How Do I Handle the Failure to Connect Two Servers

Due to a Mutual Trust Authentication Error
Question
How do I handle the failure to connect two servers due to a mutual trust authentication error?
Answer
Step 1 Log in to the desired server's OS as the root user over SSH using the PuTTY.
Step 2 Run the following command to clear established authentication buffer:

# >/root/.ssh/known_hosts
NOTE
You can then run the cat /root/.ssh/known_hosts command to check the result of buffer clearance.
Step 3 Re-connect to the server that authentication requires.
----End

A.11.59 How to Change the Private Key of the SNMPv3 User

Between U2000 and the Disk Array
Question
How to change the private key of the SNMPv3 user(Kaimse) between U2000 and the disk
array?
Answer
Step 1 Change the private key of the SNMPv3 user in disk array.
NOTICE
If multiple disk arrays are configured, you need to perform the operation on every disk array
and ensure that the private keys for the disk arrays are the same.
1. Use PuTTY to log in to U2000 server in SSH mode as user ossuser. In an HA system, a
remote HA system, log in to any U2000 server.
2. Run the following command to log in to controller A or controller B of the disk array as
user admin in SSH mode.
$ ssh admin@@IP address of controller A or controller B
Password: password of user admin
NOTE
The default password for the user admin is Admin@storage and password set after
preinstallation is Changeme_123.
3. Run the following command to modify the environment variables for the lib library.
$export LD_LIBRARY_PATH=/usr/sfw/lib
4. Run the following command to change the password for the default user Kaimse of the
disk array SNMP service.
– OceanStor 5500 V3 disk array:
> change snmp usm user_name=Kaimse authenticate_protocol=SHA
private_protocol=AES
Enter the old and new passwords for user Kaimse according to the system prompt.
Please input your authenticate password: new authenticate password
Please input your authenticate password again: new authenticate password
Please input your private password: new private password
Please input your private password again: new private password

NOTE
The default password and password set after preinstallation for the user Kaimse is
ism@Storage.
The new authenticate password and the new private password must be different.
The private key can contain 6 to 32 characters, including digits 0 to 9, lowercase letters a to
z, uppercase letters A to Z, and special characters @%-=_.]{}. To improve private key
security, please use the following private key policies:
n Must contain special characters and at least two types of following characters:
uppercase letters, lowercase letters and digits when password complex is normal.
n Must contain special characters, uppercase letters, lowercase letters and digits when
password complex is high.
n Must contain any types of the following characters: special characters, uppercase
letters, lowercase letters and digits when password complex is low.
n Be different from the user name or reversed used name.
n Repeated character strings whose unit length is common fractor of 64 (1, 2, 4, 8, etc.)
are not allowed in the passwords, for example, abab and abcdabcd.
To enhance the system security, periodically update the key.
The system displays the following information:
CAUTION: You are advised to set the USM account using secure
authentication protocol SHA and data encryption protocol AES.
Do you wish to continue?(y/n)
Enter y and press Enter. When the system displays the following information, the
password of user Kaimse has been changed successfully:
Command executed successfully.
– OceanStor S3900/OceanStor S2600 disk array:

> chgusmpasswd -u Kaimse
Enter the old and new passwords for user Kaimse according to the system prompt.
Old password: old key
New password: new key
Re-enter new password: new key
NOTE
The default password and password set after preinstallation for the user Kaimse is
Kaimse@storage.
The private key can contain 6 to 32 characters, including digits 0 to 9, lowercase letters a to
z, uppercase letters A to Z, and special characters @%-=_.]{}. To improve private key
security, please use the following private key policies:
n Must contain special characters and at least two types of following characters:
uppercase letters, lowercase letters and digits when password complex is normal.
n Must contain special characters, uppercase letters, lowercase letters and digits when
password complex is high.
n Must contain any types of the following characters: special characters, uppercase
letters, lowercase letters and digits when password complex is low.
n Be different from the user name or reversed used name.
n Repeated character strings whose unit length is common fractor of 64 (1, 2, 4, 8, etc.)
are not allowed in the passwords, for example, abab and abcdabcd.
When the system displays the following information, enter y and press Enter to
restart the SNMP service of the disk array.
This operation will lead to reboot the snmp service!
Do you want to continue? y or n: y

When the system displays the following information, the password of user Kaimse
has been changed successfully:
command operates successfully
5. Run the following command to log out of the disk array.

> exit
If the system displays the following information, type y to log out of the disk array.
Are you sure to exit?(y/n): y
Step 2 Change the private key of the SNMPv3 user in U2000 server. In an HA system or a remote
HA system, you must perform this operation on every server.
1. Use PuTTY to log in to U2000 server in SSH mode as user ossuser.
2. Run the following commands to start the tool for changing the private key.
$ cd /opt/oss/engr/engineering/tool/
$ ./modifyUSMvalue.sh
The system displays the following information.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ Welcome to use SnmpV3 key modify tools +
+ +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
=============================================================
Please select a operation type
1--S2600/S3900
2--5500v3
Q--Exit
=============================================================
Please make a choice : 1
3. Type 1 or 2 to choose S2600/S3900 or 5500v3 and then press Enter.

=============================================================
1--authpasswd
2--privpasswd
R--Return
=============================================================
Please make a choice :
4. Type 1 to choose authpasswd and then press Enter.

Old key: old key
New key: new key
Re-enter new Key: new key

NOTE
For OceanStor 5500 V3 disk array, the default password and password set after preinstallation is
ism@Storage.
For OceanStor S3900/OceanStor S2600 disk array, the default password and password set after
preinstallation is Kaimse@storage.
The private key can contain 8 to 30 characters, including digits 0 to 9, lowercase letters a to z,
uppercase letters A to Z, and special characters @%-=_.]{}. To improve private key security,
please use the following private key policies:
– The private key contains at least one uppercase letter.
– The private key contains at least one lowercase letter.
– The private key contains at least one digit.
– The private key contains at least one special character.
– The key cannot be composed of duplicate character strings, for example, Te_1Te_1.
5. Change the key of the SNMPv3 to the new authenticate password you have set in Step
1.4 as prompted.
When the system displays the
Operation succeeded...,
message, the private key of the SNMPv3 user is changed successfully.
Operation succeeded...
=============================================================
1--authpasswd
2--privpasswd
R--Return
=============================================================
Please make a choice : r
6. If the 5500 V3 disk array is used, privpasswd needs to be modified. If the other disk
array is used, please ignore this step to perform Step 2.7.
Type 2 to choose privpasswd and press Enter.
Old key: old key
New key: new key
Re-enter new Key: new key
Change the key of the SNMPv3 to the new private password you have set in Step 1.4 as
prompted.
When the system displays the
Operation succeeded...,
message, the private key of the SNMPv3 user is changed successfully.
Operation succeeded...
=============================================================
1--authpasswd
2--privpasswd
R--Return
=============================================================
Please make a choice :
7. Type r to choose Return and press Enter to back to the previous menu.
=============================================================

1--S2600/S3900
2--5500v3
Q--Exit
=============================================================
Please make a choice : q
8. Type q to choose Exit and press Enter to exit the tool for changing the private key.
Goodbye!
9. Run the following commands as root user to restart the ResourceMonitor process:
# ps -ef | grep ResourceMonitor
ossuser 13382 1 0 07:13:20 ? 0:38 /opt/oss/server/
platform/bin/ResourceMonitor -cmd start >/dev/null 2>&1
ossuser 17176 16883 0 15:32:15 pts/2 0:00 grep ResourceMonitor
In the command output, the second row of the ResourceMonitor -cmd start line
displays the ID of ResourceMonitor.
# kill -9 13382
NOTE
In the preceding command, 13382 is the process ID of ResourceMonitor. Replace it with the
actual value.
# su - ossuser
$ exit
# ResourceMonitor -cmd start
----End
A.11.60 How Can I Change the Password of the H2 Database

(Linux/Solaris)
Question
How can I change the password of the H2 database?
NOTE
The default user name of the H2 database is ossuser and the default password is Changeme_123. The
default password of H2 database file is Changeme_123. To ensure system security, change passwords
immediately after installation, update it periodically, and save it properly.
Answer
Step 1 Use PuTTY to log in to the OS as the ossuser user in SSH mode.
Step 2 Run the following commands to ensure the isdb is running.
$ svc_adm -cmd startsvc isdb
Step 3 Run the following commands to start the H2 user management tool.
$ cd /opt/oss/server/tools/h2UserManager
$ ./H2SqlExecTool.sh
Information similar to the following is displayed.

Please input your DB user:
Step 4 Enter the database user name and press Enter. The default user name is ossuser.

Please input your user password:
Step 5 Enter the database user password and press Enter. The default password is Changeme_123.
Please input your file password:
Step 6 Enter the database file password and press Enter. The default password is Changeme_123.
NOTE
This script can be used to modify the database user password but not the database file password.

Please input your operation mode : If you want to add a user : -a
If you want to change current user's password : -c
Step 7 Enter -c and press Enter.

NOTE
To add a database user, enter -a and perform operations according to prompts.

The password of the database user must meet the following requirements:
At least one lowercase letter
At least one uppercase letter
At least one digit
At least one special character: ~@#^*--+[{}]:./?
Other special characters, such as \()|<>&`!$"%'=;, and space, are not supported
Please input your new password:
Step 8 Enter the new planned database user password according to the prompted password rule and
press Enter.
Please confirm your new user password:
Step 9 Enter the new planned database user password according to the prompted password rule again
and press Enter.
If "success" is displayed similar to the following, the password is changed successfully.
User: Modify password success.
Step 10 Run the following commands to restart isdb and is_server.

$ svc_adm -cmd restartsvc isdb
$ svc_adm -cmd restartsvc is_server
----End
A.11.61 How Can I Change the Password of the H2 Database File
Question
How can I change the password of the H2 database file?
NOTE

Answer
Step 1 Use PuTTY to log in to the OS as the ossuser user in SSH mode.
Step 2 Run the following commands to stop isdb and is_server.

$ svc_adm -cmd stopsvc isdb
$ svc_adm -cmd stopsvc is_server
Step 3 Run the following command to set environment variables.

Step 4 Run the following commands to start the tool to change the H2 database file password.
$ cd /opt/oss/server/tools/h2UserManager
$ ./H2FilePWDChange.sh
NOTE
This script can be used to modify the database file password but not the database user password.

Please input your DB user:
Step 5 Enter the database user name and press Enter. The default user name is ossuser.

Please input your user password:
Step 6 Enter the database user password and press Enter. The default password is Changeme_123.

Please input your old file password:
Step 7 Enter the old database file password and press Enter. The default password is
Changeme_123.

The password of the database must meet the following requirements:
At least one lowercase letter
At least one uppercase letter
At least one digit
At least one special character: ~@#^*--+[{}]:./?
Other special characters, such as \()|<>&`!$"%'=;, and space, are not
supported
Please input your new file password:
Step 8 Enter the new planned database user password according to the prompted password rule and
press Enter.

Please input your new file password again:
Step 9 Enter the new planned database user password according to the prompted password rule again
and press Enter.
If "success" is displayed similar to the following, the password is changed successfully.

Test DB success. The file password write to file success.
Step 10 Run the following commands to start isdb and is_server.

$ svc_adm -cmd startsvc isdb

$ svc_adm -cmd startsvc is_server
----End
A.11.62 How Do I Change an H2 Database User's Password

(Windows)
Question
How do I change an H2 database user's password?
NOTE
Answer
Step 1 Log in to the operating system as the administrator user.
Step 2 Navigate to \server\tools\h2UserManager of the U2000 installation path and double-click

the H2ManagerTool.bat file to manage the H2 database.
Step 3 In the H2 Manager dialog box, set relevant parameters, as shown in Table A-14.
Figure A-28 H2 Manager dialog box

Table A-14 Parameters in the H2 Manager dialog box
DB user Name of an H2 database user, which is defaulted to ossuser
DB password Password of an H2 database user, which is defaulted to

Changeme_123
File password Password of an H2 database file, which is defaulted to

Changeme_123
Change new New password of an H2 database user

current user password l Ensure that the H2 database has been started. If the
password database has not been started, navigate to \server
\platform\sacscript\standalone\start_isdb of the
U2000 installation path and double-click the
stop_isdb.bat file to start the database.
l The password of an H2 database user must contain:
– At least one lowercase letter
– At least one uppercase letter
– At least one special character: :~@#^*-_+[{}]:./?
Other special characters, such as ()|<>&`!$\"%'=;,
and spaces, are not supported.
confirm Confirm password of an H2 database user

new
password
Step 4 Click Change user password. If the Info dialog box showing the following message is
displayed, the password has been successfully changed.
----End
A.11.63 How Do I Change an H2 Database User's Password for

the U2000 Guard
Question
How do I change an H2 database user's password for the U2000 Guard?
NOTE
The default user name of the H2 database for the U2000 guard is dbuser and the default password is
Changeme_123. To ensure system security, change passwords immediately after installation, update it
periodically, and save it properly.

Answer
NOTE
Stop the Sysguard process on the U2000 before changing the password of the U2000 Guard's H2
database.
l Perform the following operations to change the password of an H2 database user on the
Solaris/SUSE Linux-based U2000:
NOTE
In a HA system, the H2 database user's password must be changed in both primary and secondary
sites to ensure consistency.
a. Log in to the OS as the ossuser user over SSH using the PuTTY.
b. Run the following command to start the tool used to manage passwords of H2
database users:
$ cd /opt/oss/server/base_service/sysguard/H2Manager
$ ./H2Manager.sh

please input dbuser's password:
c. Enter the password of the database user dbuser and press Enter. The default
password is Changeme_123. The password must be changed during the first login
to ensure system security. Keep the password confidential and change it regularly.
if you want to change the password,please input the old password:
--------------------------------password
requirements---------------------------------------
--1: Length between 8 to 30. --
--2: At least one lowercase letter. --
--3: At least one uppercase letter. --
--4: At least one digit. --
--5: At least one special character: ~@#^-_+[{}]:./? --
--6: Not the same as the old password.
--7: Not the same as the last 5 times password.
--8: Other special characters, such as ()|<>&\\`!$\"%'=;, and space, are
not supported.
--9: Note: if change to default password, will cause security risk.
-------------------------------------------------------------------------
-------------------

please input the new password:
d. Enter a planned database user password and press Enter.

please input the new password again:
e. Enter the planned database user password again and press Enter.
If the last line of the command output is as follows, the password has been
successfully changed:
Changing the dbuser's password succeeded.
l Perform the following operations to change the password of a H2 database user on the
Windows-based U2000:
a. Log in to the Windows OS as a user with the administrator rights.
b. Assess the D:\oss\server\base_service\sysguard\H2Manager directory where the
tool used to manage H2 database user passwords resides.

NOTE
The tool resides in the U2000 installation directory, which may be different from the
preceding directory. You can modify the U2000 installation directory based on actual
situations.
c. Double-click H2Manager.bat to start the tool.
please input dbuser's password:
d. Enter the password of the database user dbuser and press Enter. The default
password is Changeme_123.
if you want to change the password,please input the old password:
--------------------------------password
requirements---------------------------------------
--1: Length between 8 to 30. --
--2: At least one lowercase letter. --
--3: At least one uppercase letter. --
--4: At least one digit. --
--5: At least one special character: ~@#^-_+[{}]:./? --
--6: Not the same as the old password.
--7: Not the same as the last 5 times password.
--8: Other special characters, such as ()|<>&\\`!$\"%'=;, and space, are
not supported.
--9: Note: if change to default password, will cause security risk.
-------------------------------------------------------------------------
-------------------

Please input your new password:
e. Enter a planned database user password and press Enter.

please input the new password again:
f. Enter the planned database user password again and press Enter.
If the following information is displayed, the password has been successfully
changed.
Changing the dbuser's password succeeded.
A.11.64 How Do I Import a U2000 Key Store

This topic describes how to manually import a U2000 key store.
Question
How do I import a U2000 key store?
Answer
l For the Windows OS:
b. Run the following command to import the key store.
> cd /d D:\oss\engr\tools\crypto
> import.bat import_path

NOTE
l import_path is the directory that stores the backup key store, for example, the backup
file path is D:\oss\engr\tools\crypto\cryptoInfo.zip.
l By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in
this directory, replace the directory in the preceding command with the actual installation
directory.
If information similar to the following is displayed, the import succeeds.

Operations are successful.
l For the SUSE Linux or Solaris OS:

a. Log in to the OS as the ossuser user over SSH using the PuTTY.
b. Run the following command to import the key store.
$ ./import.sh import_path
NOTE
l import_path is the directory that stores the backup key store, for example, the backup
file path is /opt/oss/engr/tools/crypto/cryptoInfo.zip.
l By default, the U2000 is installed in the /opt/oss directory. If the U2000 is not installed
in this directory, replace the directory in the preceding command with the actual
installation directory and navigate to the actual installation directory to execute the
mapping script.
If information similar to the following is displayed, the import succeeds.

Operations are successful.
----End
A.11.65 How Do I Disable the U2000 from Monitoring the All-

Zero IP Address
When the U2000 is upgraded, many services on the old version listen the all-zero IP address
by default. To enhance U2000 security, all-zero IP address listening needs to disabled, and the
U2000 service has to configured to listen a specified IP address.
Prerequisites
l The U2000 application and southbound IP addresses have been obtained.

NOTE
l To query the U2000 server IP address, run the # ifconfig -a command for the SUSE Linux and
Solaris OSs and the > ipconfig command for a Windows OS.
l To query the U2000 southbound IP address.
l SUSE Linux or Solaris OS:
Log in the OS as the ossuser user.
$ cd /opt/oss/server/tools/configSouthIP
$ ./configsouthip.sh -get
By default, the U2000 is installed in the /opt/oss directory. If the U2000 is not installed
in this directory, replace the directory in the preceding command with the actual
installation directory and navigate to the actual installation directory to execute the
mapping script.
l Windows OS:
Log in the OS as the ossuser user.
> cd /d D:\oss\server\tools\configSouthIP
> configsouthip.bat -get
By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in
directory.
l If the southbound IP address is configured:
– If the device is connected to the network through the server's application IP address,
the server's application IP address should add to the southbound IP address list, see
A.11.50 How Can I Configure an IP Address for the Communication Between
the U2000 and Southbound NEs.
– The southbound IP addresses should communicate normally with their
interconnected devices. If the device is connected to the network through the
server's application IP address, the application IP addresses should communicate
normally with their interconnected devices.
– The server's application IP address should communicate normally with all client
networks.
– On the NBI Config Tools query the North IP address which the upper-layer OSS
connected to the network management server, the North IP address should
communicate normally with the upper-layer OSS.
l If the southbound IP address is not configured:
– The server's application IP address should communicate normally with all client
networks.
– The server's application IP address should communicate normally with managed
devices.
– On the NBI Config Tools query the North IP address which the upper-layer OSS
connected to the network management server, the North IP address should
communicate normally with the upper-layer OSS.
NOTE
Log in to the server OS as user root, run the command ping -S NMS_application_IP Destination_IP to
ensure that NMS application IP address can be normal communicated.
Context
l For a distributed system, the operations need to be performed only on the NM and EM
nodes.

l For a HA system, the operations need to be performed only on the primary site. Related
data will be automatically synchronized to the secondary site using the VCS.
NOTE
In a HA system, after data is synchronized to the secondary site, the NMS process at the secondary site
has to be restarted to enable all-zero IP address monitoring.
Procedure
a. Log in the OS as the ossuser user.
b. Stop the U2000 process.
c. Run the following command to disable all-zero IP address monitoring on the CML:
> cd /d D:\oss\server\platform\bin\special > sec_adm -cmd
disableListenAllIP
NOTE
By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in this
directory, replace the directory in the preceding command with the actual installation
directory.
If information similar to the following is displayed, all-zero IP address monitoring
is successfully disabled:
Operation succeeded. Please restart all services for the settings to
take effect.
d. Start the U2000 process.

a. Log in the OS as the ossuser user.
c. Run the following command to disable all-zero IP address monitoring on the CML:
$ ./opt/oss/server/svc_profile.sh
$ cd /opt/oss/server/platform/bin/special
$ sec_adm -cmd disableListenAllIP
NOTE
By default, the U2000 is installed in the /opt/oss directory. If the U2000 is not installed in
directory and navigate to the actual installation directory to execute the mapping script.
If information similar to the following is displayed, all-zero IP address monitoring
is successfully disabled:
Operation succeeded. Please restart all services for the settings to
take effect.

----End
Follow-up Procedure
When the U2000 server functions as an SNMP client and assesses devices, the specified IP
address and interface must be configured on the firewall to reduce attacks because the
interfaces on the SNMP client monitor only the all-zero IP address. The following describes
how to configure the firewall embedded in the Linux OS:
NOTE
For details about the interfaces in the following tables, see iManager U2000 Communication Port
Matrix.

Table A-15 IP addresses and interfaces configured on the firewall in a centralized system
Scenar Configur Interface Description
io ation Number
Item
Perfor U2000 14001 to Used by the PMSDm and BULKCollectorDm

mance SBI IP 14101 processes.
Manag address
ement 14421 to Used by the SNMPCollectorDm process.
14520
Access U2000 14347 Used by the BmsCommon process.

device SBI IP
manag address 14348 to Used by the BmsAccess process.
ement 14355
14356 Used by the BmsTest process.
14357 Used by the BmsAtur process.
14358 Used by the nemgr_bits process.
14359 Used by the profile process.
NE U2000 14360 Used by the EnpowerDm process.

Softwa SBI IP
re address
Manag
ement
Transp U2000 8001 Used by the Eml_PubSvr process to receive response

ort NE southboun packets from NEs.
search d Ethernet
(IP port
auto
discove
ry)
Public U2000 14901 to Used by the U2000 to communicate with NEs over
SBI IP 15900 SNMP.
address
Table A-16 IP addresses and interfaces configured on the firewall in a distributed system
Object Configur Interface Description
ation Number
Item
NM U2000 14001 to Used by the PMSDm and BULKCollectorDm

SBI IP 14101 processes.
address
14421 to Used by the SNMPCollectorDm process.
14520

Object Configur Interface Description

ation Number
Item
PM U2000 14901 to Used by the SNMPCollector, BulkCollector, and

SBI IP 15650 RTPCollector processes.
address
15661 to Used by the InstanceManager process.
15670
EM U2000 14347 Used by the BmsCommon process.

SBI IP
address 14348 to Used by the BmsAccess process.
14355
14356 Used by the BmsTest process.
14357 Used by the BmsAtur process.
14358 Used by the nemgr_bits process.
14359 Used by the profile process.
14360 Used by the EnpowerDm process.
14901 to Used by the U2000 to communicate with NEs over

15900 SNMP.
U2000 8001 Used by the Eml_PubSvr process to receive response

southboun packets from NEs.
d Ethernet
port
ACN U2000 14901 to Used by the U2000 to communicate with NEs over
SBI IP 15900 SNMP.
address
The following describes how to configure the specified IP address and interface for the
centralized performance management system (the configuration methods in other scenarios
are similar):
1. Log in to the U2000 OS as the root user.
2. For the NM node in a distributed system or a centralized NMS, run the following
command to set service_ip1 and the interface
NOTE
l For the Solaris OS, the configuration command is ipf, for details, see http://
docs.oracle.com/cd/E19253-01/816-5166/ipf-1m/index.html.
l In the following command, service_ip1 indicates the U2000 SBI IP address, which should be
replaced with the mapping U2000 IP address in the preceding tables.
l The following describes how to open the access to the IP address specified for service_ip1.
l For transport NE search (IP auto discovery), the command used to open the access to
Ethernet ports is similar to the following:# iptables -A INPUT -i eth0 -p udp --dport 8001 -j
ACCEPT. eth0 corresponds to the Configuration Item column in 1 and 2.

a. Open the access to the related interfaces.

i. Run the following command to open the access to interfaces 14001 to 14101:
# iptables -A INPUT -p udp -d service_ip1 --dport 14001:14101 -j
ACCEPT
ii. Run the following command to open the access to interfaces 14421:
# iptables -A INPUT -p udp -d service_ip1 --dport 14421 -j ACCEPT
b. Restrict the access to the related interfaces.

i. Run the following command to restrict the access to interfaces 14001 to
14101:
# iptables -A INPUT -p udp --dport 14001:14101 -j DROP
ii. Run the following command to restrict the access to interfaces 14421:
# iptables -A INPUT -p udp --dport 14421 -j DROP
c. Run the following command to view the configuration result:

# iptables -L -n
NOTE
For transport NE search (IP auto discovery), the command is # iptables -L -nv.
If information similar to the following is displayed, the configuration succeeds:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 10.67.172.24 udp dpts:
14001:14101
14421
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14001:14101
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14421
Chain FORWARD (policy ACCEPT)

Chain OUTPUT (policy ACCEPT)

3. Optional: For the NM node in a distributed system or a centralized NMS, to open the
access to the IP address specified for service_ip2 (U2000 server's another IP address),
delete the DROP rules, add the IP address specified for service_ip2, and add DROP
rules again.
NOTE
l For the Solaris OS, the configuration command is ipf, for details, see http://
docs.oracle.com/cd/E19253-01/816-5166/ipf-1m/index.html.
l In the following command, service_ip2 indicates the U2000 SBI IP address, which should be
replaced with the mapping U2000 IP address in the preceding tables.
l The following describes how to open the access to the IP address specified for service_ip2:
l If an interface has multiple IP addresses, open the access to the interfaces mapping to the IP
addresses one by one. Then, restrict the access to them one by one. For example, open the
access to the interfaces mapping to service_ip1 and service_ip2 values and then restrict the
access to these interfaces one by one.
l For transport NE search (IP auto discovery), the command used to open the access to
Ethernet ports is similar to the following:# iptables -A INPUT -i eth1 -p udp --dport 8001 -j
ACCEPT. eth0 corresponds to the Configuration Item column in 1 and 2.
a. Run the following command to check the line numbers of DROP rules:
# iptables -L -n

NOTE
14001:14101
14421
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14001:14101
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14421

b. According to the command output, the DROP rules exist in lines 3 and 4. Run the
following command to delete the DROP rules starting from line 4:
# iptables -D INPUT 4
# iptables -D INPUT 3
c. Run the following command to open the access to service_ip2:

i. Run the following command to open the access to interfaces 14001 to 14101:
# iptables -A INPUT -p udp -d service_ip2 --dport 14001:14101 -j
ACCEPT
ii. Run the following command to open the access to interfaces 14421:
# iptables -A INPUT -p udp -d service_ip2 --dport 14421 -j ACCEPT
iii. Run the following command to restrict the access to interfaces 14001 to
14101:
# iptables -A INPUT -p udp --dport 14001:14101 -j DROP
iv. Run the following command to restrict the access to interfaces 14421:
# iptables -A INPUT -p udp --dport 14421 -j DROP
d. Run the following command to view the configuration result:

# iptables -L -n
NOTE
If information similar to the following is displayed, the configuration succeeds:
14001:14101
14421
14001:14101
14421
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14001:14101
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:
14421



A.11.66 How Do I Enable the U2000 from Monitoring the All-Zero

IP Address
If the U2000 from monitoring the all-zero IP address disabled, you can execute the follow
steps the enable the U2000 from monitoring the all-zero IP address.
Procedure
Step 1 Log in the OS as the ossuser user.
Step 2 Enable all-zero IP address monitoring.
NOTICE
l After all-zero IP address monitoring is enabled, the U2000 client can use any NIC IP
address to log in to the U2000 server, which poses security risks. Exercise caution when
performing this operation.
l Before all-zero IP address monitoring is enabled, the Huawei technical support engineers
needs to apply for and obtain written authority from the customer and comply with local
laws and regulations.

a. Stop the U2000 process. For details, see A.11.8 How to End the Processes of the
b. Run the following command to enable all-zero IP address monitoring on the CML:
> cd /d D:\oss\server\platform\bin\special
> sec_adm -cmd enableListenAllIP
NOTE
By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in this
directory, replace the directory in the preceding command with the actual installation
directory.
c. Start the U2000 process. For details, see A.11.7 How to Start the Processes of the
l For the SUSE Linux or Solaris OSs:
a. Stop the U2000 process. For details, see A.11.14 How to End the Processes of the
U2000 Single-Server System on (SUSE Linux) or A.11.11 How to End the
Processes of the U2000 Single-Server System on (Solaris).
b. Run the following command to enable all-zero IP address monitoring on the CML:
$ cd /opt/oss/server/platform/bin/special
$ sec_adm -cmd enableListenAllIP
NOTE
By default, the U2000 is installed in the /opt/oss directory. If the U2000 is not installed in
directory and navigate to the actual installation directory to execute the mapping script.

c. Start the U2000 process. For details, see A.11.13 How to Start the Processes of
the U2000 Single-Server System on SUSE Linux or A.11.10 How to Start the
Processes of the U2000 Single-Server System on Solaris.
----End
A.11.67 How Do I Perform a Rollback After the H2 Key

Replacement Fails
Question
How do I perform a rollback after the H2 key replacement fails?
Answer
Step 1 Log in to the OS as the ossuser user.
Step 2 Run the following commands to perform a rollback:
l SUSE Linux or Solaris OS:
$ rm -rf /opt/oss/server/etc/oss_cfg/frame/is_server/data/isdb.h2.db $
cp /opt/oss/server/etc/oss_cfg/frame/is_server/data/isdb.h2.db.bak /opt/oss/
server/etc/oss_cfg/frame/is_server/data/isdb.h2.db $ rm -rf /opt/oss/
server/etc/oss_cfg/frame/is_server/data/isdb.h2.db.bak
NOTE
l Windows OS:
a. Go to the D:\oss\server\etc\oss_cfg\frame\is_server\data directory and delete the
isdb.h2.db file.
b. Rename the isdb.h2.db.bak file to isdb.h2.db.
NOTE
----End
A.11.68 How Can the U2000 Client and MSuite Use a Non-NMS-
Application IP Address for Login
After the U2000 is installed, the U2000 client and MSuite can only use the NMS application
IP address for login by default. This topic describes how to configure non-NMS-application
addresses so that the U2000 client and MSuite can use multiple NIC IP addresses for login.
Prerequisites
You have obtained all non-NMS-application IP addresses that need to be configured, and the
IP addresses must can be pinged.
l For Windows OS, see Step 1 to Step 5 in 12.1.1 How to Change the IP Address of the
Single-Server System (Windows 2008) to configure IP addresses.
l For Linux OS, see A.2.16 How to Set IP Addresses for Unused NICs on SUSE Linux
to configure IP addresses.

l For Solaris OS, see A.3.1.9 How to Set IP Addresses for Unused NICs on a
Workstation to configure IP addresses.
Procedure
b. Stop the U2000 process, see A.11.8 How to End the Processes of the U2000
Single-Server System on Windows.
c. Run the following command to configure the IP addresses of non-OSS applications
on the OSS server.
> cd /d D:\oss\server\platform\bin\special
> config_access_ip.bat -cmd modifyAccessIP IP
NOTE
l By default, the U2000 is installed in the D:\oss directory. If the U2000 is not installed in
directory.
l Each OSS server supports a maximum of five IP addresses.
l Only IPv4 addresses can be used. Multiple IP addresses are separated by commas (,). If
more IP addresses are specified in the command, only the first five are used.
d. Start the U2000 process, see A.11.7 How to Start the Processes of the U2000
Single-Server System on Windows.
NOTE
l Clear the IP addresses of non-OSS applications on the OSS server: config_access_ip.bat

-cmd clearAccessIP
l Check the IP addresses of non-OSS applications on the OSS server:
config_access_ip.bat -cmd checkAccessIP
e. Restart the MSuite.
For a HA system, the operations need to be performed only on the primary site. Related
data will be automatically synchronized to the secondary site using the VCS.
NOTE
In a HA system, after data is synchronized to the secondary site, the NMS process at the secondary
site has to be restarted to enable the non-NMS-application IP addresses.
a. Use the PuTTY to log in to the server as user ossuser in SSH mode.
n For the Single-Server System (Solaris), see A.11.11 How to End the
Processes of the U2000 Single-Server System on (Solaris).
n For the Single-Server System (SUSE Linux), see A.11.14 How to End the
n For the High Availability System (Solaris/SUSE Linux), see A.11.17 How to
End the U2000 Processes of the High Availability System (Solaris, PC
Linux).
c. Configure the IP addresses of non-OSS applications on the OSS server as user root.
$ su - root
# cd /opt/sudobin/imap
# bash config_access_ip.sh -cmd modifyAccessIP IP
# exit

NOTE
l Each OSS server supports a maximum of five IP addresses.

l Only IPv4 addresses can be used. Multiple IP addresses are separated by commas (,). If
more IP addresses are specified in the command, only the first five are used.
n For the Single-Server System (Solaris), see A.11.10 How to Start the
Processes of the U2000 Single-Server System on Solaris.
n For the Single-Server System (SUSE Linux), see A.11.13 How to Start the
Processes of the U2000 Single-Server System on SUSE Linux.
n For the High Availability System (Solaris/SUSE Linux), see A.11.16 How to
Start the U2000 Processes of the High Availability System (Solaris, PC
Linux).
NOTE
l Clear the IP addresses of non-OSS applications on the OSS server: bash config_access_ip.sh
-cmd clearAccessIP
l Check the IP addresses of non-OSS applications on the OSS server: bash
config_access_ip.sh -cmd checkAccessIP
e. Restart the MSuite.
----End
A.11.69 How Do I Enable the U2000 Distributed System to

Monitor Default Network Adapters
After the U2000 distributed system is installed, users can access each node through all
network adapters by default. To improve the security of U2000, this topic describes how to
monitor the default network adapters (eth0 and eth1) of the U2000 distributed system.
Therefore, users can access each distributed node only through the default network adapters
(eth0 and eth1).
Procedure
Step 1 Log in to the OS of each distributed node as the ossuser user.
Step 2 Run the following commands to monitor the default network adapters (eth0 and eth1) of the
U2000 distributed system:
$ cd /opt/oss/manager/adapter/network
$ ./setDistributedIptables.sh -add
If information similar to the following is displayed, the command execution succeeds.

Script execution succeeds.
NOTE
l If the preceding commands are run, users can access each distributed node only through eth0 and
eth1.
l The preceding commands enable only eth0 and eth1 to be monitored. If a new network adapter (for
example, eth2) is added on a distributed node, users must clean up the preceding configuration to
ensure the valid use of the new network adapter. For details, see Follow-up Procedure.
----End

Follow-up Procedure
Perform the following operations to clean up the function of monitoring default network
adapters (eth0 and eth1) of the U2000 distributed system:
1. Log in to the OS of each distributed node as the ossuser user.
2. Run the following commands to clean up the function of monitoring default network
adapters of the U2000 distributed system:
$ cd /opt/oss/manager/adapter/network
$ ./setDistributedIptables.sh -clear
If information similar to the following is displayed, the command execution succeeds.

A.11.70 How to Configure an SSH Listening IP Address(Solaris,

PC Linux)
Question
How to configure an SSH listening IP address?
Answer
Step 1 Log in to the OS as the ossuser user using the PuTTY.
Step 2 Run the following command to configure or rollback an SSH listening IP address:
Run the following command to configure an SSH listening IP address:

$ ./LockIPForLogin.sh -add newIP
NOTE
-add indicates adding of an SSH listening IP address.

newIP is optional, which should be set to the U2000 application IP address and system IP address.
Run the following command to rollback SSH listening IP address:

$ ./LockIPForLogin.sh -delete IP
NOTE
-delete indicates rollback of an SSH listening IP address.

IP is optional, which should be set to the U2000 application IP address and system IP address. If IP is
set to all, it indicates rollback of all SSH listening IP address.
----End
A.11.71 How Do I Configure an SSH Listening IP

Address(Windows)
Question
After an SSH listening IP address is configured, a user can access the U2000 over SSH only
using this IP address, thereby enhancing access security.How do I configure an SSH listening
IP address?

Answer
Step 1 Log in to the Windows OS as a user with administrator rights.
Step 2 Choose Start > Control Panel > System and Security > Windows Firewall > Turn on or
off Windows Firewall and click Customize Settings and then OK.
Step 3 Configure an SSH listening IP address.

l Add an SSH listening IP address.
– Manually add an SSH listening IP address (all listening IP addresses can be added).
i. Choose Start > Control Panel > System and Security > Windows Firewall
and click Advanced Setting.
ii. In the Windows Firewall With Advanced Security window, right-click
Inbound rules and choose New Rule from the shortcut menu.
iii. In the Rule Type dialog box, select Port and click Next.
iv. In the Protocol and Ports dialog box, set Specific local ports to 22 and click
Next.
v. In the Action dialog box, click Next.
vi. In the Profile dialog box, click Next.
vii. In the Name dialog box, set Name to a value such as minasshd (Description
is optional) and click Finish.
viii. In the Windows Firewall With Advanced Security window, click Inbound
rules. Right-click minasshd and choose Properties from the shortcut menu.
ix. In the minasshd Properties dialog box, click the Scope tab.
x. In Remote IP address, select These IP addresses and click Add.
xi. Configure a listening IP address based on the actual situation.
○ Select This IP address or subnet to add one listening IP address.
○ Select This IP address range to specify an IP address range so that all IP
address within this range will be added.
○ Select Predefined set of computer to add all IP addresses in the
predefined computer set.
– Add an SSH listening IP address by executing a script (only the IP addresses
mapping the default GNEs can be added).
i. Choose Start > Run enter cmd to open the command line interface (CLI) and
enter the ipconfig command to check all the default GNEs. The default GNEs
can access only the IP addresses within the mapping network segment.
ii. Access the F:\oss\server\3rdTools\ftp\minasshd\engineering\script directory
and execute the setfirewall.bat file.
iii. Choose Start > Control Panel > System and Security > Windows Firewall
and click Advanced Setting. In the displayed window, add the minasshd rule.
l Cancel an SSH listening IP address.
a. Choose Start > Control Panel > System and Security > Windows Firewall and
click Advanced Setting.
b. In Inbound rules, right-click the minasshd rule and choose Delete from the
shortcut menu.

c. In the Windows Firewall With Advanced Security dialog box, click Yes.
----End
A.11.72 How Do I Configure iptables Listening for a Solaris/

Linux HA System
Describes how to configure iptables listening for a Solaris/Linux HA system.
Context
l After the primary and secondary sites are associated, iptables listening can be configured
based on actual situations.
l If iptables listening has been added, the related command should be executed to clear the
replication/heartbeat IP addresses monitored by iptables before they are modified.
replication/heartbeat IP addresses monitored by iptables after the primary and secondary
sites are separated.
l Log in to both primary and secondary sites as the ossuser user to execute the commands.
Procedure
l Run the following command to add the peer end's heartbeat and replication IP addresses
to be monitored by iptables:
$ cd /opt/oss/engr/engineering/conf/ha/script/veritas/vcs
$ ./setiptables.sh -add

l Run the following command to clear the peer end's heartbeat and replication IP addresses
monitored by iptables:
$ cd /opt/oss/engr/engineering/conf/ha/script/veritas/vcs
$ ./setiptables.sh -clear
l Run the following command to check whether the peer end's heartbeat and replication IP
addresses to be monitored by iptables are added:
– Run the following command for a Linux HA system:
$ su - root
# cd /opt/oss/engr/engineering/conf/ha/script/veritas/vcs
# iptables -L -nv
If information similar to the following is displayed, iptables monitoring has been

added:
Chain INPUT (policy ACCEPT 628 packets, 80590 bytes)
pkts bytes target prot opt in out source destination
628 80590 engr_firewall all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

Chain OUTPUT (policy ACCEPT 619 packets, 79752 bytes)

Chain engr_firewall (1 references)

0 0 ACCEPT tcp -- * * 192.168.10.36 0.0.0.0/0 tcp dpt:14155


0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:14155
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4145
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8199
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8989
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:14150
– Run the following command for a Solaris HA system:

$ su - root
# cd /opt/oss/engr/engineering/conf/ha/script/veritas/vcs
# ipfstat -io
If information similar to the following is displayed, iptables monitoring has been

added:
empty list for ipfilter(out)
block in proto tcp from any to any port = 14155
pass in quick proto tcp from 10.67.154.202/32 to any port = 14155
----End
A.11.73 How Do I Modify the ossuser or dbuser ID at the

Secondary Site to Be the Same as that at the Primary Site
Question
How do I modify the ossuser or dbuser ID at the secondary site to be the same as that at the
primary site?
Answer
Step 1 Log in to the OS at the primary site as the root user using the PuTTY.
Step 2 Run the following command to view the uid and gid values of the ossuser or dbuser user:
# id username
NOTE
l To view the uid and gid values of the ossuser user, set username to ossuser.
l To view the uid and gid values of the dbuser user, set username to dbuser.
Step 3 Log in to the OS at the secondary site as the root user using the PuTTY.

Step 4 Run the following command to modify the uid and gid values of the ossuser or dbuser user:
# cd /opt/oss/engr/tools
# ./ModifyUserID.sh -U username -UID uid -GID gid
NOTE
l username is set either ossuser or dbuser.

l uid is set to the uid value queried for the corresponding user at the primary site. For details, see Step
2.
l gid is set to the gid value queried for the corresponding user at the primary site. For details, see Step
2.
If the following information is displayed, a user ID is successfully changed.

l ossuser
Modify ID for ossuser successfully!
l dbuser
Modify ID for dbuser successfully!
----End
A.11.74 How to Change the Password for the User ftpuser

Describes how to change the password for the user ftpuser.
Question
How to change the password for the user ftpuser?
Answer
a. Change the password for the Windows OS user ftpuser, see A.1.15 How to
Change the Password for the Windows OS User ftpuser.
b. Log in to the U2000 server operating system as a user with ossuser rights.
c. Choose Start > Run. In the Run dialog box, enter the cmd command to access the
CLI.
d. Perform the following operations to change the password for the ftpuser user.
> cd /d D:\oss\server\3rdTools\ftp\minasshd\usermgr
> SftpUserManager.bat name password rootpath
> cd /d D:\oss\server\3rdTools\ftp\apacheftpserver\bin
> UserManager.bat cfg name password rootpath
The CLI is displayed, which contains information similar to the following:

Using XML configuration file ./res/conf/ftpd.xml...
FtpServer started

NOTE
l In this command, the U2000 is installed on drive D. If the U2000 is installed on another
drive, D in the command must be replaced with this drive letter.
l name specifies the user ftpuser to change the password.
l password specifies the new password for the ftpuser.
l rootpath specifies the root path for the ftpuser.
l After the U2000 is installed, the default ftpuser home directory is D:\. You can
manually change the default ftpuser home directory to another directory such as
D:\ftp.
l Do not set the ftpuser home directory to D:\oss (U2000 installation directory) or
C:\ (system directory).
l For example,
> cd /d D:\oss\server\3rdTools\ftp\minasshd\usermgr
> SftpUserManager.bat ftpuser Changeme_123 D:\
> cd /d D:\oss\server\3rdTools\ftp\apacheftpserver\bin
> UserManager.bat cfg ftpuser Changeme_123 D:\
e. Close the CLI and log in to the system monitor client to restart the
uflight_dispatcher service.
i. Logging in to the system monitor client, see 10.2 Logging In to the System
Monitor Client.
ii. On the System Monitor, click the Service Monitor tab.
iii. Select uflight_dispatcher service, right-click, and choose Stop Service.
iv. Select uflight_dispatcher service, right-click, and choose Start Service.
f. Logging in to a U2000 client, see 2.6 Logging In to a U2000 Client.
g. Choose Administration > Settings > FTP Account Information Management
from the main menu (traditional style); alternatively, double-click System
Management in Application Center and choose Settings > FTP Account
Information Management from the main menu (application style).
h. In the FTP Account Information Management dialog box, click the Configure
FTP Account tab.
i. Right-click Default local FTP account and choose Modify from the shortcut
menu.
j. In the Modify FTP User dialog box, select Change password and input the
Password and Confirm password.
k. Click OK.
l. In the Result dialog box, click Close.
l For the SUSE Linux or Solaris OSs:

NOTE
l Run modify_ftp_setting.sh to change the password of the user ftpuser on U2000 server and
OS.
l For HA system, separate the primary and secondary sites and then run the
modify_ftp_setting.sh on both primary and secondary site.
l The following command output is displayed on a Linux OS (used as an example).
l The rules for modifying a password are as follows:
l At least one lower-case letter
l At least one upper-case letter
l At least one special character ~!@#$%^&*()-_=+\|[{}];:"',<.>/?
l The password cannot be the same as the user name written in either the forward or
backward format.
l If security hardening is performed on the OS, set the password by referring to the
password policies in Security Hardening Guide.
b. Run the following commands to switch to root user.
$ su - root
c. Run the following commands to change the password for the user ftpuser as
prompted.
n SUSE Linux:
# cd /opt/sudobin/imap/ftp/nosudofiles
# bash modify_ftp_setting.sh -i /opt/oss -u ftpuser -l false
n Solaris:
# cd /opt/oss/server/3rdTools/ftp/nosudofiles
# bash modify_ftp_setting.sh -i /opt/oss -u ftpuser -l false
Changing the password of user ftpuser...
Changing password for ftpuser.
New password: new password for the ftpuser
Retype new password: new password for the ftpuser
Password changed.
Modifying FTP configurations of OSS...
The password of user ftpuser is required.
Please enter the changed password of user ftpuser: new password for the
ftpuser
If the following message displayed, the password for the user ftpuser modified
successfully.
FTP configurations modified successfully.
----End
A.11.75 How to Apply for U2000 Digital Certificates

If a carrier has a Certificate Authority (CA), apply for general SSL client and server identify
certificates from the CA and obtain the related CA trust certificate. This topic describes how
to apply for new digital certificates when you replace the preconfigured U2000 digital
certificates.

Question
How do I apply for U2000 digital certificates?
NOTE
The following operations apply to Windows OS and use the U2000 server and client certificates as an
example. The application method of other digital certificates is similar.
Answer
Step 1 Generate a certificate request file using the online CSR tool.
1. Enter https://certificatesssl.com/ssl-tools/csr-generator.html in the address bar of the
Chrome browser.
2. On the Generate CSR page, set the following parameters in turn.
The following table describes how to set the parameters.

Domain This parameter corresponds to the Common Name field in

the certificate. Enter the host name or IP address of the
U2000 server or the unique information that identifies the
certificate.
Company Enter the name of the company to which the certificate

belongs.
Division Enter the department name.
City Enter the city name.

State Enter the province or state name.
Country Enter the country name.
E-mail Enter the email of the contact.
Key type Select the default RSA type.
hash algorithm The hash signature algorithm is used. Select sha-2.
The length of This parameter corresponds to the RSA type. Select 2048.
encryption key
3. Select I am representative of the company entered above and I agree to generate a

private key and CSR file.
4. Click Generate CSR to generate the CSR and private key file.
5. Click download as a file separately to download and save the CSR and private key file.
NOTE
Save the downloaded private key file private.key to a secure place. After the certificate
application is complete, merge the requested certificate and the private key file to a .p12 file and
then delete the private key file.

6. Rename the downloaded file csr.txt as u2kserver.csr and submit it to the CA for
certificate issuing.
Step 2 Obtain the identity certificate issued by the CA and the CA certificates.
Assume that the identity certificate issued by the CA is u2kserver.cer, in the PEM format.
Example:
Assume that the CA has two levels. The returned CA certificates are rootca.cer and
intermediateca.cer, in the PEM format. Example:
NOTE
The preceding identity certificate and CA certificates have no requirement on the file name extension
and mainly check whether the file is in the PEM format.
Step 3 Merge the .p12 identity certificate file (server.p12).

NOTE
The .p12 file is a key library file and contains encrypted certificates and private key files. It is merged
using the OpenSSL software.
1. Enter https://wiki.openssl.org/index.php/Binaries in the address bar of a browser.
2. Download the required OpenSSL for Windows based on the OS bit version. The
following uses Win32OpenSSL_Light-1_1_0e.exe as an example.
NOTE
If the OS bit version is 32-bit, download the 32-bit OpenSSL software; if the OS bit version is 64-
bit, either the 32-bit or 64-bit OpenSSL software is applicable.
3. After the OpenSSL software is installed, run the following command in the CLI to
generate the identity certificate file server.p12:

> openssl pkcs12 -export -inkey private.key -in u2kserver.cer -out server.p12
-certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES
> Enter Export Password:<Enter the password>
> Verifying - Enter Export Password:<Confirm the password>
NOTE
In consideration of software compatibility, the PBE-SHA1-3DES algorithm is used by default. If
supported, the more secure AES-128-CBC algorithm is recommended.
The following table describes the meaning of each parameter in the preceding command.
inkey Indicates the private key file. The default file format is
PEM.
in Indicates the identity certificate file. The default file

format is PEM.
out Indicates the file output after the merge, which is in

binary mode.
certpbe Indicates the encryption algorithm of the certificate in

the .p12 key library file.
keypbe Indicates the encryption algorithm of the private key in

the .p12 key library file.
NOTE
The encryption password of the identity certificate must meet certain complexity requirements:
– Must contain 8 to 20 characters.
– Contain at least one space or one of the following special characters: `~!@#$%^&*()-_=+\|
[{}];:'",<.>/?
– Must be a combination of at least two of the following characters: lowercase letters (a-z),
uppercase letters (A-Z), and digits (0-9).
– Must be different from the user name or the reverse user name.
Step 4 Merge the trust certificate file (trust.cer).

1. Use a text tool (for example, Notepad++) to merge the rootcat.cer and
intermediateca.cer files. The file output after the merge is trust.cer. In this file, the
upper part is the content of the rootcat.cer file and the lower part is the content of the
intermediateca.cer file, as shown in the following figure.

2. Verify the file output after the merge.

a. Enter http://www.oracle.com/technetwork/java/javase/downloads/jdk8-
downloads-2133151.html in the address bar of a browser, download the required
JDK software, and install it.
NOTE
If the OS has been installed with the JDK software, skip this step.
b. Run the following command in the CLI to verify the file output after the merge:
> keytool -printcert -v -file trust.cer
If you can view the parsed certificate, the file is merged successfully.
----End
A.11.76 How Do I Uninstall a Mirroring Database
Question
How do I uninstall a mirroring database?
Answer
Step 1 Log in to the OS as the ossuser user through SSH by using PuTTY.
Step 2 Run the following commands to switch to the root user and uninstall the mirroring database.
$ su - root
# cd /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/PlantBackDB
# ./uninstall_DBSVRBCK.sh
Step 3 Run the following command to check whether the mirroring database is successfully
uninstalled:
# crontab -l | grep runtimetask.sh
l If no information is displayed, the mirroring database is successfully uninstalled.

l If information similar to the following is displayed, the mirroring database fails to be
uninstalled:
0 1 * * 3 cd /opt/oss/server/tools/UEasy/UEasy_Others/DBSVRBCK/PlantBackDB; ./
runtimetask.sh > /dev/null 2>&1
----End

A.11.77 Checking Whether the Restoration Server Meet

Restoration Requirements
If data is restored to a remote server, execute scripts on the restoration server to check
whether the restoration server meets restoration requirements.
Procedure
Step 1 Use the restoration server as a file server and establish a remote mounting relationship
between the restoration server and the backup server. For details, see 6.1.7.2.3 Mounting the
SUSE Linux File Server.
Step 2 Run the following commands to copy the checkEnvironment directory to the restoration
server.
# cd /opt/ssrbackup_local/backup_Timestamp/
# cp -rp checkEnvironment/ /opt/ssrbackup_local/file_server/
Step 3 Execute the following scripts on the restoration server to obtain the risk level of restoring
services on the restoration server.
# cd /opt/nfs/checkEnvironment/
# chmod 750 *.sh
# ./ check_environment.sh
l If the information similar to the following is displayed, the system can be restored.
The system can be restored.
l If the information similar to the following is displayed, performing restoration operations

for the system will lead to medium-level risks.
Risk level of restoration in the current system: Medium.
The following information is displayed in the following sequence:

DriverName RiskLevel CurrentSystemDriverVersion
SourceSystemDriverVersion CurrentSystemDriverSigner SourceSystemDriverSigner
thermal_sys Medium A602C115A2B83376EE184F2
A602C115A2B80376EE184F2 ----------------------- -----------------------
l If the information similar to the following is displayed, performing restoration operations

for the system will lead to high-level risks.
Risk level of restoration in the current system: High.
The following information is displayed in the following sequence:

DriverName RiskLevel CurrentSystemDriverVersion
SourceSystemDriverVersion CurrentSystemDriverSigner
SourceSystemDriverSigner
nf_conntrack_ipv4 High -----------------------
----------------------- SUSE|Linux|Enterprise|Secure|Boot|Signkey Ubuntu

NOTE
l When information is displayed in a table, there are six columns. The first column DriverName
indicates the driver name. The second column RiskLevel indicates the risk level. The third column
CurrentSystemDriverVersion indicates the driver version on the restoration servers. The fourth
column SourceSystemDriverVersion indicates the driver version on the backup server. The fifth
column CurrentSystemDriverSigner indicates the driver vendor of the restoration server. The sixth
column SourceSystemDriverSigner indicates the driver vendor of the backup server.
l If specific contents are displayed in the third and fifth columns, the driver does not exist on the
backup server. If specific contents are displayed in the third and fourth columns, the driver version
on the backup and restoration servers are inconsistent. If specific contents are displayed in the fifth
and sixth columns, the driver vendors of the backup and restoration servers are inconsistent.
l If a message is displayed indicating that restoring services is risky, determine whether to continue
the restoration with caution.
l If it will restore failed is displayed, the partitions on the backup and restoration servers are
inconsistent and the restoration operations cannot be performed.
----End
A.11.78 How Do I Seal or Unseal Fixed Information

Question
How do I seal or unseal fixed information?
Answer
Step 1 Log in to the server OS as the root user.
NOTE
Step 2 Run the following commands to seal or unseal fixed information.

l To seal fixed information, run the following commands:
# cd /opt/sudobin
# ./tpmseal.sh

the version is SUSE12.
TPM chip is installed.
the TPM script can execute.
Please input TPM Owner password:
clear key succeed.
tpm2 la setting......
NOTE
– TPM Owner password is defaulted to Changeme_123. You can run the ./tpmtakeowner.sh
script in the /opt/sudobin directory to change TPM Owner password.
– If information similar to the following is displayed, fixed information is sealed successfully:
********************
Set Finished
********************
set key succeed.
l To unseal fixed information, run the following commands:

# cd /opt/sudobin
# ./tpmunseal.sh


tpm2 la checking......
NOTE
– If information similar to the following is displayed, fixed information is unsealed successfully:

***************
Trusted
***************
unseal succeed.
– If information similar to the following is displayed, fixed information fails to be unsealed:
*****************
unTrusted
*****************
****************
Finished
****************
unseal error.
----End
A.11.79 How Do I Seal or Unseal User Information

Question
How do I seal or unseal user information?
Answer
Step 1 Log in to the server OS as the ossuser.
Step 2 Run the following commands to seal or unseal user information.
l To seal user information, run the following commands:
$ cd /opt/oss/engr/engineering/script
$ ./userseal.sh

clear key succeed.
Please print the data you want to seal(Notice: Not empty, no more than 100
characters):
Enter the data to be sealed.
The password meets at least the following requirements.
password minimum length is 8--30 characters.
password must contain combination of characters from following set:
- At least one lowercase letter
- At least one uppercase letter
- At least one digit
- At least one special character: ~@#^*-_+[{}]:./?
- Special characters are not supported, for example ()|<>&`!$\"%'=;, and
space.
Please input new primary key password:
Please input new primary key password again:
The password meets at least the following requirements.

password minimum length is 8--30 characters.

password must contain combination of characters from following set:
- At least one lowercase letter
- At least one uppercase letter
- At least one digit
- At least one special character: ~@#^*-_+[{}]:./?
- Special characters are not supported, for example ()|<>&`!$\"%'=;, and
space.
Please input new seal key password:
Please input new seal key password again:
tpm2 la setting......
NOTE
– TPM Owner password is defaulted to Changeme_123. You can run the ./tpmtakeowner.sh
script in the /opt/sudobin directory to change TPM Owner password.
– If information similar to the following is displayed, user information is sealed successfully:
********************
Set Finished
********************
set key succeed.
l To unseal user information, run the following commands:

$ cd /opt/oss/engr/engineering/script
$ ./userunseal.sh

Please input primary key password:
Please input seal key password:
tpm2 la checking......
NOTE
– If information similar to the following is displayed, user information is unsealed successfully:

***************
Trusted
***************
unseal succeed.
the data you want to seal is :
Hello
– If information similar to the following is displayed, user information fails to be unsealed:
Unseal failed
*****************
unTrusted
*****************
Unseal failed
verify /etc/tpm2-la.conf.d/la-data/seal_file failed
****************
Finished
****************
unseal error.
----End

A.11.80 How Do I Upgrade the BIOS or Replace the Hardware of

the Server Supporting TPM-based Trusted Computing
Question
How do I upgrade the BIOS or replace the hardware of the server supporting TPM-based
trusted computing?
Answer
Step 1 To ensure system integrity before the upgrade, restart the OS and U2000 to automatically
invoke the tpmunseal.sh script.
Step 2 Upgrade the BIOS or replace the hardware.
Step 3 Restart the OS and U2000 again to automatically invoke the tpmunseal.sh script. An alarm
occurs.
Step 4 Manually invoke the tpmseal.sh script. For details, see A.11.78 How Do I Seal or Unseal
Fixed Information.
Step 5 Manually invoke the tpmunseal.sh script to clear the alarm. For details, see A.11.78 How Do
I Seal or Unseal Fixed Information.
Step 6 Manually invoke the userseal.sh script to seal the user information again. For details, see A.
11.79 How Do I Seal or Unseal User Information.
NOTE
If user information is sealed for an integrity check, you need to seal the user information again.
Otherwise, the integrity check will fail.
----End
A.12 VMware Virtual Machine(VMware vSphere Client)

This topic provides answers to the most frequent questions concerning the VMware virtual
machine.
A.12.1 How Do I Log In to the VMware ESXi

Question
How Do I Log In to the VMware ESXi?
Answer
Step 1 On the computer installed the virtual machine client VMware vSphere Client, double-click the
VMware vSphere Client shortcut icon on the desktop. The login dialog box is displayed.
Step 2 Set the required login parameters.
l IP address/Name: ESXi host's IP address or name.
l User name: User name of an ESXi host.
l Password: Password of the ESXi host user.

NOTE
Keep the Use Windows session credentials check box unselected, which is the default setting.
Step 3 Click Login.

NOTE
l If a dialog box showing a certificate warning is displayed, click Ignore.

l If a message indicating that the request fails due to an operation timeout, perform the preceding
steps and log in to the VMware vSphere Client again.
l If a message is displayed indicating that the SSL certificate of the server cannot be authenticated and
the server cannot be connected , log in to the http://www.microsoft.com/en-us/download/
confirmation.aspx?id=25150 to download Microsoft .NET Framework 3.5 Service Pack 1. The
Internet access must be available during the installation to download more files. To avoid
compatibility issues, VMware vSphere Client 5.1 is recommended.
----End
A.12.2 How Do I Log In to the VMware vCenter Server?
Question
How do I log in to the VMware vCenter server?

Answer
Step 1 Optional: Add rights to administrative accounts.
NOTE
l If this is your first-time login to the VMware vCenter Server and security hardening has not been
performed for the OS on which vCenter runs, use the administrator@vsphere.local account to log
in and add rights to the administrator account.
l If this is your first-time login to the VMware vCenter Server and security hardening has been
performed for the OS on which vCenter runs, use the administrator@vsphere.local account to log
in and add rights to the SWMaster account.
1. Double-click the shortcut icon of the VMware vSphere client on the desktop. The login
2. Set the required login parameters.
Set the parameters as follows:

– IP address/Name: IP address or computer name of the VMware vCenter server.
– User name: default user name of the VMware vCenter server:
administrator@vsphere.local.
– Password: default password of the user administrator@vsphere.local, which is
set during vCenter installation. To ensure system security, change the password
promptly, update it periodically, and save it properly. For details about how to

change a password, see A.12.19 How Do I Change the Password of the

administrator@vsphere.local User?.
– Use Windows session credentials: Use the default setting.
3. Click login.
4. Click the Permissions tab on the homepage of the VMware vSphere client. On the
Permissions tab, right-click in the blank area and choose Add Permission from the
shortcut menu.
NOTE
If a cluster has been created, select the cluster and click the Permissions tab.
5. The Assign Permissions dialog box is displayed. Select Administrator in the Assigned
Role group box and click Add.
6. The Select Users and Groups dialog box is displayed. Select Administrator in the
Users and Groups group box and click Add.
NOTE
To add rights to the SWMaster account, select SWMaster on the Users and Groups tab.

7. Click OK to return to the Assign Permissions dialog box, Click OK. The administrator
rights are added.
8. Close the VMware vSphere client.
Step 2 On the computer installed the virtual machine client VMware vSphere Client, double-click the
VMware vSphere Client shortcut icon on the desktop. The login dialog box is displayed.
Step 3 Set login parameters.
Login-related parameters are set as follows:
l IP address/Name: IP address of the vCenter Server OS or the computer name.
l User name: user name for logging in to the vCenter Server OS.
NOTE
– If security hardening has not been performed, log in as administrator.

– If security hardening has been performed, administrator is unavailable. Log in as SWMaster
instead.
l Password: password corresponding to the user name for logging in to the vCenter Server
OS.
l Use Windows session credentials: use the default value.

Step 4 Click Login.

NOTE
l If a dialog box showing a certificate warning is displayed, click Ignore.

l If a message indicating that the request fails due to an operation timeout, perform the preceding
steps and log in to the VMware vSphere Client again.
l If a message is displayed indicating that the SSL certificate of the server cannot be authenticated and
the server cannot be connected , log in to the http://www.microsoft.com/en-us/download/
confirmation.aspx?id=25150 to download Microsoft .NET Framework 3.5 Service Pack 1. The
Internet access must be available during the installation to download more files. To avoid
compatibility issues, VMware vSphere Client 5.1 is recommended.
----End
A.12.3 How to Check and Create a Port Group (Network Label) on

the Virtual Machine
Question
How do I check and create a port group (network label) on a virtual machine?

Answer
Step 1 Log in to the VMware vCenter Server.
Step 2 In the navigation tree, select an ESXi host. Click Configuration and select Networking in
the right window.
NOTE
Requirements of the U2000 on the virtual machine port group (network label): As management and
services are implemented on independent network segments, the service network must be connected to
the external network through a service router. U2000 virtual machines need to be created on the service
router.
l Perform the following operations to view the non-used port groups (network label) on
the virtual machine:
If no information about the virtual machine is displayed in the Virtual Machine Port
Group area, the port group of the virtual machine is not used. Otherwise, the port group
(network label) is used. As shown in the preceding figure, port group VM
Network_U2000 is not used by the virtual machine.
l Perform the following operations to create a virtual machine port group (network label):
a. Click Properites on a standard switch, such as vSwitch2.
b. On the Ports page, click Add.

c. The connection type is Virtual Machine by default, click Next.
NOTE
n If the network is a small-scale, common-scale or a medium-scale network, the

connection type is Virtual Machine.
n If the network is a common-scale or medium-scale network, the connection type is
Virtual Machine.
n If the network is a large-scale or super-large-scale network, the connection type is
VMkernel.
d. In the Network Label area, set the name of the new label and set VLAN ID to the
default value None.
e. Click Next.

f. Click Finish.
g. Click Close.
----End
A.12.4 How to Check Whether the Available Space of the Storage

on a Virtual Machine Meets the U2000 Requirement
Question
On the VMware vSphere Client, how do I check whether the available space of the storage on
a virtual machine meets the U2000 requirement?
Answer
Step 1 Log in to the VMware vSphere Client.
Step 2 On the VMware vSphere Client, you can select the IP address of the VMware server from the
navigation tree and click Summary in the right pane and view the available space of the
storage on a virtual machine.
NOTE
l The available space of the storage on the virtual machine must meet the U2000 requirement
(Storage: 400 GB or higher.); otherwise, the U2000 cannot be installed.
l A storage with the available space of 805 GB is used as an example to describe how to check the
available space. You can create virtual hard disks 1 and 2 on the storage.
----End
A.12.5 How to View the Usage of Network Interfaces on the

VMware Server
Question
How do I view the usage of network interfaces on the VMware server?
Answer
Table A-17 Usage of the network interfaces on the VMware server

Network Adapters (network Whether used as an active adapter
interfaces)
vmnic0

Network Adapters (network Whether used as an active adapter

interfaces)
vmnic1
vmnic2
...
vmnicN
Step 2 Select the IP address of the VMware vSphere Client and choose Configuration >
Networking. Click Properties of a switch.
Step 3 Click the Network Adapters tab and view all network interfaces of the VMware server. Add
the Network Adapters (network interfaces) column in Table A-17.
Step 4 Click the Ports tab and select all Virtual Machine Port Group one by one. View
information about Active Adapters and Standby Adapters. Add the Whether used as an
active adapter column in Table A-17.

Step 5 Click Close.
----End
A.12.6 How Do I Configure Virtual Machine Memory?

Question
How do I configure the memory of a virtual machine?
Answer
Step 2 Power off the virtual machine to be configured.
Step 3 Perform the following operations to configure the memory:

1. Right-click a VM and choose Edit Settings from the shortcut menu.

2. In the Virtual Machine Properties dialog box, choose Hardware > Memory.
3. Set the memory amount in one of the following ways:

– Click on the scale.
– Click the up and down arrows in the spin box.

– Enter a number in the spin box.

NOTE
– The memory size must be a multiple of 4 MB.

– Minimum memory size is 4 MB. The maximum value is the largest capacity supported by the
host of the VM. The ESXi can display any multiple of 4 MB, but not all multiples apply to
each guest OS. The colored triangles provide three or four values to help you select an
appropriate value for the current guest OS.
n Minimum value recommended for the guest OS: You are not advised to select this value.
The OS may crash or performance may deteriorate.
n Recommended memory size: The recommended memory size is sufficient for the
standard (normal) functions of the guest OS in standard (normal) scenarios.
n Maximum value recommended for the guest OS: If the memory size is greater than this
value, the memory cannot be effectively used by the OS.
n Maximum value for best performance (not always displayed): This value depends on
host configurations and indicates the maximum memory size that should be allocated to
a single VM. On an ESXi host, if the memory size is greater than this value, the VM
memory needs to be swapped in the VMkernel, which greatly decreases the VM
performance. The memory size is displayed on the Memory Configuration area only
when it is less than the maximum value recommended for the guest OS.
– If the memory is overcommitted or requirements and capacity change, you can reallocate
resources using the resource management function to effectively use the available capacity.
4. Click OK.
Step 4 Configuring Memory Resources:
2. In the Virtual Machine Properties dialog box, choose Resources > Memory.
3. Set the memory value as predefined and click OK.
----End
A.12.7 How Do I Change the Number of CPUs in a Virtual

Machine?
Question
How do I change the number of CPUs in a virtual machine?
Answer
Step 3 Right-click a VM and choose Edit Settings from the shortcut menu.

Step 4 In the Virtual Machine Properties dialog box, choose Hardware > CPUs.
Step 5 Choose a value from the Number of virtual sockets drop-down list and a value from the
Number of cores per socket drop-down list. The resulting total number of cores is a number
equal to or less than the number of logical CPUs on the host.

Step 6 Click OK.
----End
A.12.8 How Do I Configure the Disk of a Virtual Machine?

Question
How do I configure the disk of a virtual machine?
Answer
Step 4 In the Virtual Machine Properties dialog box, choose Hardware > Add.

Step 5 In the Device Type dialog box, select Hard Disk and click Next.
Step 6 In the Select a Disk dialog box, select Create a new virtual disk and click Next.

Step 7 In the Create a Disk dialog box, set the capacity to the size of virtual machine disk, select
Thick Provision Lazy Zeroed, and click Next.
Step 8 In the Advanced Options dialog box, keep default values and click Next.
Step 9 In the Ready to Complete dialog box, click Finish.

Step 10 Click OK.
----End
A.12.9 Establishing Connections Between the E9000 Server and

the OceanStor 5500 V3 Disk Array on the GUI
This topic describes how to establish a connection between each blade on the E9000 server
and the OceanStor 5500 V3 array disk for data storage.
Prerequisites
l The E9000 server has been physically connected to disk arrays.
l ESXi has been installed and configured on the E9000 server. For details, see Installing
and Configuring VMware ESXi.
l A VMware vSphere Client has been installed on a computer. For details, see Installing a
VMware vSphere Client.
Context
All the blades on the E9000 server must establish a connection with the OceanStor 5500 V3
array disk. The following section describes how to establish a connection between blade 2 on
the E9000 server and the OceanStor 5500 V3 array disk.
Procedure
Step 2 Configure network connections.

1. Optional: If the virtual machine list is not displayed, choose Home > Inventory from
the main menu to view the virtual machine list.
2. Select the ESXi host's IP address to be configured, click Configuration, and then click
Networking.
3. Click Add Networking. In the Add Network Wizard dialog box, select VMKernel.
4. Click Next. The VMkernel-Network Access window is displayed. Cancel the selection
of vmnic 0, select vmnic 8.

NOTE
IP addresses are learned by VMware through network protocols and are related to the network
environment, not NIC configurations.
5. Click Next. In the VMkernel-Connection Settings window, set Network Label to

VMkernel-iSCSI1.
6. Click Next and add a blade's IP address used to connect to iSCSI network interface P0 of
the disk array, the IP of iSCSI interface Controller Port 0 are 192.168.0.20 and
192.168.0.21, IP Address must be on the same network segment as the disk array iSCSI
network P0 interface's IP address.

NOTE

– Select Use the following IP settings.
– IP Address: must be on the same network segment as the disk array iSCSI network P0
interface's IP address. For details, see Network Planning.
– Subnet Mask: must be the same as the subnet mask of the disk array iSCSI network
interface P0. For details, see Network Planning.
– VMkernel Default Gateway: Use the default value.
7. Click Next. The Ready to Complete dialog box is displayed.
8. Click Finish. In the window that is displayed, the newly added network is displayed.

NOTE
11. Click Next. In the VMkernel-Connection Settings window, set the network label name
to VMkernel_iSCSI2.

NOTE

14. Click Finish. The newly added network is displayed.
Step 3 Configure an iSCSI client.

1. Select the ESXi host's IP address and click Configuration. On the Configuration tab
page, click Security Profile and then click Properties on the right of Firewall.

2. In the Firewall Properties dialog box, select Software iSCSI Client.
3. Click OK.
Step 4 Add an iSCSI adapter and establish a connection with the disk array.

page, click Storage Adapters.
2. Click Add in the upper right corner. The Add Storage Adapter dialog box is displayed.
3. Click OK. The Software iSCSI Adapter dialog box is displayed.
4. Click OK. The newly added iSCSI Software Adapter is displayed.
5. Select the newly added iSCSI adapter, such as vmhba39. Right-click and select
Properties from the shortcut menu. The iSCSI Initiator (vmhba39) Properties dialog
box is displayed.

6. Click Dynamic Discovery. On the Dynamic Discovery tab page, click Add. In the Add
Send Target Server dialog box, configure a disk array's iSCSI network interface IP
address for the iSCSI server.
NOTE
– iSCSI Server: uses the IP address of the disk array's iSCSI network interface. For details,
see Network Planning.
– Port: keeps the default settings unchanged.
7. Click OK. Repeat Step 4.6 to configure all disk array's iSCSI network interfaces' IP
addresses for the iSCSI server.

8. Click Static Discovery and check whether dynamic iSCSI targets are discovered.

9. Click Next. The Rescan dialog box is displayed.

10. Click Yes to rescan the adapter.
Step 5 Log in to the OceanStor DeviceManager.
1. Open the Internet Explorer on the Windows management terminal.
2. Enter https://XXX.XXX.XXX.XXX:8088 in the address bar of the Internet Explorer
(where XXX.XXX.XXX.XXX indicates the IP address of the management network port
of the storage array controller). Such as https://10.9.1.10:8088.
NOTE
– XXX.XXX.XXX.XXX indicates the IP address of the management network port of the storage
array controller.
– Port 8088 needs to be enabled when the system provides the web service externally in an
environment with the firewall deployed.
– A message may be displayed indicating that the security certificate of the website brings risks.
In this case, ignore the message and continue to visit the disk array as long as the IP address is
correct.
The OceanStor DeviceManager login window is displayed.

3. Enter the user name and password and click Log in to log in to the OceanStor
DeviceManager.
NOTE
– Username: The default user name is admin.

– Password: The default password is Admin@storage. If the disk array is preinstalled, the
password is Changeme_123. (If the password has already been changed, enter the new
password. If the password is never changed, refer Setting the SC IP Address for the OceanStor
5500 V3 Disk Array to change it regularly and keep it privately.)
In the Welcome to OceanStor DeviceManager dialog box, click Close.

Step 6 Click Provisioning.
Step 7 Click Host in the Provisioning window.
Step 8 On the Host tab, select the desired blade and click Add Initiator.
Step 9 In the Available Initiators area, select the desired initiator and click .

Step 10 Click OK. In the Danager dialog box, select I have read and understood the consequences
associated with performing this operation. and click OK.
Step 11 In the Execution Result dialog box, click Close.

The added initiator is displayed in the lower part.
Step 12 Repeat Step 1 to Step 11 to establish a connection between other blades and the array disk.
Step 13 Add E9000 datastore identities.

NOTE
l After establishing connections between the disk array and computing nodes, the Devices tab displays
new LUNs but the Datastores tab does not display the identities of the new LUNs. You need to add
the identities manually.
l Adding only one E9000 datastore identity is needed. Other E9000 datastore identities will be
automatically added.
1. Select the desired host in the host cluster and click Configuration. On the
Configuration tab, click Storage. The Datastores tab does not display the identities of
the new LUNs.
2. Click Add Storage. The Add Storage dialog box is displayed.

3. Select Select Disk/LUN and click Next. The Select Disk/LUN dialog box is displayed.
4. Select a disk and click Next. The File System Version dialog box is displayed.

5. Select VMFS-5 and click Next. The Current Disk Layout dialog box is displayed.
6. Click Next. The Properties dialog box is displayed.

NOTE
A datastore name to be entered must map the previously selected LUN name.
7. Enter a datastore name (such as LUN001_U2000) and click Next. The Disk/LUN-
Formatting dialog box is displayed.

9. Click Finish.
10. When the identity status of the disk is Completed, the Datastores displays the identity
of the LUN.

----End

the OceanStor S3900 Disk Array on the GUI
and the OceanStor S3900 array disk for data storage.
Prerequisites
l A VMware vSphere Client has been installed on a computer. For details, see Installing a
VMware vSphere Client.
Context
All the blades on the E9000 server must establish a connection with the OceanStor S3900
the E9000 server and the OceanStor S3900 array disk.
Procedure

1. Optional: If the virtual machine list is not displayed, choose Home > Inventory from
the main menu to view the virtual machine list.
2. Select the ESXi host's IP address to be configured, click Configuration, and then click
Networking.


NOTE
5. Click Next. In the VMkernel-Connection Settings window, set Network Label to

VMkernel-iSCSI1.

NOTE


NOTE
11. Click Next. In the VMkernel-Connection Settings window, set the network label name
to VMkernel_iSCSI2.

NOTE

14. Click Finish. The newly added network is displayed.

page, click Security Profile and then click Properties on the right of Firewall.

2. In the Firewall Properties dialog box, select Software iSCSI Client.
3. Click OK.

page, click Storage Adapters.
2. Click Add in the upper right corner. The Add Storage Adapter dialog box is displayed.
3. Click OK. The Software iSCSI Adapter dialog box is displayed.
4. Click OK. The newly added iSCSI Software Adapter is displayed.
5. Select the newly added iSCSI adapter, such as vmhba39. Right-click and select
Properties from the shortcut menu. The iSCSI Initiator (vmhba39) Properties dialog
box is displayed.

6. Click Dynamic Discovery. On the Dynamic Discovery tab page, click Add. In the Add
Send Target Server dialog box, configure a disk array's iSCSI network interface IP
address for the iSCSI server.
NOTE
– iSCSI Server: uses the IP address of the disk array's iSCSI network interface. For details,
see Network Planning.


9. Click Next. The Rescan dialog box is displayed.

10. Click Yes to rescan the adapter.
Step 5 Log in to the ISM.
2. Enter https://XXX.XXX.XXX.XXX (more secure, recommended) or http://
XXX.XXX.XXX.XXX in the address bar of the Internet Explorer (where
XXX.XXX.XXX.XXX indicates the IP address of the management network port of the
storage array controller). Such as https://10.9.1.10.
NOTE
If "The page cannot be displayed" is displayed on the Internet Explorer, the Windows management
terminal and the disk array controller fail to communicate with each other. Check the network
connection.
The system will navigate to the default login window of the ISM, as shown in the
following figure.
3. Click Click Here to Launch OceanStor ISM. The system will check whether the ISM
is installed on the Windows management terminal.
NOTICE
Before installing the ISM, install the Java runtime environment (JRE). For more
information about JRE versions, refer to information on the homepage of OceanStor
ISM.
If the ISM fails to be displayed on the Internet Explorer, click Internet Options >
Advanced > Reset to reset IE settings.
If the ISM is not installed on the Windows management terminal, the system will
automatically download and install the ISM by means of the Java web start (JWS). If the
ISM is installed on the Windows management terminal, the system will automatically
check the software version. If the version of the ISM is not the latest version, the system
will automatically upgrade the software to the latest version.
4. In the Warning - Security dialog box, select Always trust content from this publisher
and click Run.

5. In the Welcome window of the ISM, click Discover array. The Discover array dialog
box will be displayed, as shown in the following figure.

6. Selects a mode for discovering disk arrays according to the conditions at your site. Table
A-18 describes the parameters for discovering disk arrays.
Table A-18 Parameters for discovering disk arrays
Authenticati The associated disk arrays can be found only when the entered user
on name and password are the same as those of the disk arrays.
Username The default user name for logging in to the ISM is admin.
Password The default password is Admin@storage. Change the password after

login and keep it secret.
Authenticati Selects a desired authentication mode. Choose Local Device from the
on Mode drop-down list.
Device Selects a desired device type. Choose Storage Unit from the drop-
Type down list.
Discovery Indicates that the discovery range is the IP address subnet segments on
Modes which the ISM client resides. The mode is by default selected.

Specify an Indicates that disk arrays are discovered according to the IP address of
IP address the management network port on the specified disk array.
When you specify the IP address, the first field on the left ranges from
1 to 223 (except 127), the last field ranges from 1 to 254, and the other
fields range from 0 to 255.
Specify IP Indicates that disk arrays are discovered according to the IP address
Segment segment of the management network port on the specified disk array.
Start IP Address and End IP Address indicate the start and end IP
addresses of disk arrays to be discovered. When setting this parameter,
pay attention to the following points:
– The discovery range is the IP subnet segment of the ISM client.
– The first field on the left ranges from 1 to 223 (except 127), the last
field ranges from 1 to 254, and the other fields range from 0 to 255.
– The start IP address must be less than or equal to the end IP
address.
Local sub- Indicates that the discovery range is the IP subnet segment of the ISM
network client. This mode is the default discovery mode of the system.
7. Click OK. After the system successfully discovers storage arrays, the message Discover
device succeed. is displayed on Task Manager.
Step 6 Check whether the blade is connected to the disk array.

1. In the navigation tree, choose SAN Services > Mappings > Initiators and check
whether there is a newly added adapter.
If the content in the following red box is the same as that in Step 4.4, the blade has been
successfully connected to the disk array.

If no newly added Initiators exists on the disk array, the blade fails to establish a
connection with the disk array. Repeat Step 4.1 to Step 4.10 to reconfigure the
connection.
Step 7 Mount the array disk's LUN.

1. In the navigation tree, choose SAN Services > Mappings > Initiators.
2. According to the iSCSI adapter identity added in Step 4.4, select the corresponding
iSCSI adapter and click Add to host.
3. Select a desired host, click Yes for Enable ALUA, and click OK.
NOTE
A desired host is the computing node that has the disk array mounted.
4. Click OK in the displayed dialog box.
5. Click Close in the Result dialog box.

6. Log in to the VMware vSphere Client, select the ESXi host's IP address, and click
Configuration. On the Configuration tab page, click Storage Adapters.
7. Select the existing iSCSI adapter and right-click. Then select Rescan from the shortcut
menu.
8. Click Devices and check whether the disk array is mounted.
NOTE
If the Devices tab lists one device whose Operational State is Mounted, disks are correctly
mounted.
You need to log in to the ISM only once.
NOTE
Configuration tab, click Storage. The Datastores tab does not display the identities of
the new LUNs.



NOTE
A datastore name to be entered must map the previously selected LUN name.
7. Enter the datastore name LUN001_U2000 and click Next. The Disk/LUN-Formatting

9. Click Finish.
10. Add the datastore LUN002_U2000. For details, see Step 9.1 to Step 9.10
11. When the identity status of the disk is Completed, the Datastores displays the identity
of the LUN.

----End
A.12.11 Expanding LUNs of a 5500 V3 Disk Array

In a U2000 system, 1.2 TB LUN capacity is reserved as the temporary space for SRM disk
array replication. If the SRM disk array replication solution is not deployed. To improve LUN
usage, LUN expansion is performed for a 5500 V3 disk array by mounting 1.2 TB
redundancy space to the EXSi host.
Prerequisites
l The user name and password used to log in to OceanStor DeviceManager are available.
l The 5500V3 disk array has remaining space that has no LUN divided.
Procedure
Step 1 Log in to the OceanStor DeviceManager at the protected site.
2. Enter https://XXX.XXX.XXX.XXX:8088 in the address bar of the Internet Explorer (where
storage array controller). Such as https://192.168.10.30:8088.
NOTE
– A message may be displayed indicating that the security certificate of the website brings risks. In
this case, ignore the message and continue to visit the disk array as long as the IP address is correct.
DeviceManager.
NOTE

– Password: The default password is Admin@storage. If the disk array is preinstalled, the password
is Changeme_123. (If the password has already been changed, enter the new password. If the
password is never changed to change it regularly and keep it privately.)
Step 2 Create LUN003_U2000 on the disk array.

1. Click Provisioning in the right pane and select LUN in the left pane.

2. On the LUN tab, click Create. The Create LUN dialog box is displayed.
3. Enter the LUN name LUN003_U2000.
4. Select Use all the free of the owning storage pool.
5. Click OK.
Step 3 Add LUN003_U2000 to the LUN group.

1. Select U2000_LUN_Group from LUN groups and click Add object.
2. Select LUN003_U2000 in the Available LUNs area on the LUN tab and move it to the
Selected LUNs area.
3. Click OK.
Step 4 Add LUN003-U2000.

1. Log in to the VMware vCenter server
Configuration tab, click Storage.



8. Enter the datastore name LUN003_U2000 and click Next. The Disk/LUN-Formatting
9. Click Next until the operation is complete.
----End
A.12.12 Creating a Service Network on the GUI

This topic describes how to use a VMware vSphere client to create a service network on the
ESXi host of a blade on the E9000 server. The creation involves creating virtual service
switches and setting names for virtual machine port groups.

Context
A service network must be created on each blade where VMware vSphere ESXi is installed.
Procedure
Step 1 Log in to the VMware vCenter server.
Step 2 Choose the IP address of the ESXi host of a blade from the navigation tree. Then choose
Configuration > Networking in the right pane.
In the following figure, vSwitch0 indicates a switch on the management and maintenance
network, and vSwitch1 and vSwitch2 indicate switches on the data storage network. You
need to create vSwitch3 for the service network.
Figure A-29 Standard vSphere switches
Step 3 Click Add Networking in the upper right corner. The Add Network Wizard dialog box is
displayed.
Step 4 Select Virtual Machine as the connection type and click Next. In the Virtual Machine-
Network Access window, select vmnic 2 and vmnic 9.

Step 5 Click Next. In the Virtual Machine-Connection Settings dialog box, set a name for the
virtual machine port group, such as VM Network_U2000.
Step 6 Click Next. The Ready to Complete dialog box is displayed.
Step 7 Click Finish.
Step 8 Configure service network interfaces.

1. Choose the IP address of the VMware server from the navigation tree and choose
Configuration > Networking in the right pane. Click Properties on the right of
vSwitch3.

2. Configure vSwitch3. In the vSwitch3 Properties dialog box, select vSwitch and click
Edit. In the vSwitch3 Properties dialog box, click the NIC Teaming tab and check the
parameter settings of vSwitch3.

a. Load Balancing: Use the default value Route based on the originating virtual
port ID.
b. Network Failover Detection: Select Beacon probing.
c. Notify Switches: Use the default value Yes.
d. Failback: Use the default value Yes.
e. Failover Order: To ensure reliable communication, configuring network interface
protection for vSwitch1 is recommended, preventing the single point of failure on
network interfaces. The configuration principles are as follows:

n Active Adapters: Two or more are required. If there are less than two active
adapters, select an adapter to be moved and use Move Up or Move Down to
set it to an active adapter. For example, set vmnic2 and vmnic9 to Active
Adapters.
n Standby Adapters: If more adapters are available, adding these available
adapters to Standby Adapter is recommended.
3. Click OK.
4. Configure the virtual machine port group (network label). Select the current virtual
machine port group, for example, VM Network_U2000, and click Edit. In the VM
Network_U2000 Properties dialog box, click the NIC Teaming tab and check the
parameter settings of the VM network.
a. Load Balancing: Select Route based on the originating virtual port ID.
b. Network Failover Detection: Select Beacon probing.
c. Notify Switches: Select Yes.
d. Failback: Select Yes.
e. Failover Order: Select Override switch failover order. To endure secure U2000
communication, configure network interface protection for the virtual network to
prevent a single point of failure. The configuration rules are as follows:
n Active Adapters: Set one of the Active Adapters configured in the preceding
step for vSwitch2 to be an active adapter for a VM network, such as vmnic 2.
If vSwitch2 has several VM networks, it is recommended that the server use a
VM network's Active Adapters different from other VM networks' Active
Adapters. For example, Active Adapters of VM Network_U2000 must be
different from those of VMkernel_iSCSI1 or VMkernel_iSCSI2. Select an
adapter to be moved and use Move Up or Move Down to adjust it.
n Standby Adapters: Set another one of the Active Adapters configured in the
preceding step for vSwitch2 to be a standby adapter for a virtual network, such
as vmnic 9. If more adapters are available, adding these available adapters to
Standby Adapter is recommended.

5. Click OK.
6. Click Close.
Step 9 Repeat Step 1 to Step 8 to create a service network on each blade where VMware vSphere
ESXi is installed.
----End
A.12.13 How Do I Test the Real-Time Network Speed of an ESXI

Host?
Question
How do I test the real-time network speed of an ESXI host?
Answer
Step 1 Log in to a networked PC except the ESXI host.
Step 2 Run the following command in the command line window:

> ping -l 1000 ESXI host IP address -t
NOTE
l 1000 indicates the 1000 bytes to be sent.

l For example: ping -l 1000 192.168.10.21 -t
Step 3 Press Ctrl+c to stop the command after about 20 periods. In the case of no packet loss, the
average communication time is 10 ms.
> Ping 192.168.10.21 1000(1000) bytes of data.
1000 bytes from 192.168.10.21: time=6ms TTL=60
192.168.10.21 ping statistics

Packets Sent=20 Received=20 Lost=0
Approximate round trip times in milli-seconds
Minimum=6ms Maximum=11ms Average=6ms

NOTE
l If packet loss occurs or the average communication time is longer than 10 ms, the real-time network
speed of the ESXI host is low. In this case, reconfigure the network.
l If the average communication time is shorter than or equal to 10 ms, the real-time network speed of
the ESXI host is normal.
l This method is only used to preliminarily determine a network speed. To test a network speed, you
must use professional tools.
----End
A.12.14 How Do I Replace a Physically Damaged Blade and

Configure the New Blade?
Question
How do I replace a physically damaged blade and configure the new blade?
NOTE
After a blade is physically damaged, VMs installed on it will be automatically switched to the failover
host. After the damaged blade is restored, the VMs switched to the failover host will be automatically
switched back to the new blade.
Answer
Step 1 If a damaged blade is powered off, remove the damaged blade from the E9000 chassis.
Step 2 Install a new blade of the same type as that of the damaged blade to the E9000 chassis and
power on the new blade.
Step 3 Install and configure the VMware ESXi. For details, see Installing and Configuring VMware
ESXi.
NOTE
The IP address configured for and the user name and password used to log in to the ESXi host must be
the same as those on the damaged blade. This ensures that the VMs previously installed on the damaged
blade can be automatically switched to the new blade.
Step 4 For details about how to establish connections between the new blade and the disk array, see
A.12.9 Establishing Connections Between the E9000 Server and the OceanStor 5500 V3
Disk Array on the GUI.
Step 6 For details about how to add the new blade to the HA cluster to which the damaged blade
belongs, see 3 in Configuring an HA Cluster for Blades.
Step 7 For details about how to create a service network on the new blade, see A.12.12 Creating a
Service Network on the GUI.
Step 8 Check whether the VMs on the failover host are switched to the new blade that has been
configured.
1. Select the IP address of the ESXi host on which the new blade is installed in the
navigation tree on the VMware client.
2. Click the Virtual Machines tab, as shown in the following figure.

– If the VMs previously installed on the damaged blade are displayed on the Virtual
Machines tab and running properly, the VMs have been successfully switched from
the failover host to the new blade. In this situation, the damaged blade has been
successfully replaced by the new blade.
– If the VMs previously installed on the damaged blade are not displayed on the
Virtual Machines tab, the VMs have not been switched from the failover host to
the new blade. In this situation, check and reconfigure the new blade according to
the FAQ.
----End
A.12.15 How Do I Change the User Passwords for the vCenter and
the OS That Houses the vCenter?
Question
How do I change the user passwords for the vCenter and the OS that houses the vCenter?
Answer
l Changing the Password of the Windows 2008 OS:
a. log in to the Windows 2008 OS.
b. Choose Control Panel > User Accounts > Change your password.
l Changing the vCenter password:
Changing the OS password also takes effect on the vCenter password. For details about
how to change a vCenter password, see Changing the Password of the Windows 2008
OS.
A.12.16 How to shut down the OfficeScan software

Question
How to shut down the OfficeScan software?
Answer
Step 1 log to the Windows OS,Choose Start > All Programs > Trend Micro OfficeScan Server >
OfficeScan Web Console (HTML). The Web console login page is displayed.

NOTE
l If a security certificate message is displayed, click Continue to this website (not recommended),
and click OK.
l If the Security Alert dialog box for the installation certificate is displayed, click OK to continue the
installation.
l If a message asking you to add the trusted sites is displayed, click Add, and click Add in the
Trusted sites dialog, close the installation window.
l If a message asking you to install the ActiveX control is displayed, click Install.
l If a message is displayed indicating that the ActiveX control download fails, choose Tools >
Internet Options from the main menu of the Internet Explorer. Click Security tab page, click
Trusted sites and click Sites. The Trusted sites dialog is displayed. Add the OfficeScan server
address to Add this website to the zone.
Step 2 Set User name and Password and click Log On.
Step 3 Choose Networked Computers > Client Management from the navigation tree. On the
Client Management page in the right pane, choose Settings > Real-time Scan Settings. In
the Real-time Scan Settings dialog box, check whether the Enable virus/malware scan
check box is deselected.
l If the Enable virus/malware scan check box is deselected, the OfficeScan software has
been shut down.
l If the Enable virus/malware scan check box is selected, deselect it and then click
Apply to All Clients to shut down the OfficeScan software.
----End
A.12.17 How Do I Change the Idle Time After Logging In to the

vCenter Through the VMware vSphere Web Client?
Question
How do I change the idle time after logging in to the vCenter through the VMware vSphere
web client?
Answer
Step 1 Log in to the operating system where the vCenter resides as the administrator user.
Step 2 Access the C:\ProgramData\VMware\vSphere Web Client directory. Open the

webclient.properties file in the text editor.
Step 3 Delete # in front of session.timeout = 120, and change 120 to a desired value (for example,
10).
NOTE
session.timeout is expressed in seconds.
Step 4 Then save configurations and close the file.
Step 5 Restart the VMware vSphere Web Client service.

1. Right-click Computer and choose Manage from the shortcut menu.
2. In the Server Manager dialog box, choose Configuration > Services. Click VMware
vSphere Web Client in the service list to restart this service.

3. Close the Server Manager dialog box.
----End
A.12.18 How to Enable or Disable Access to the ESXi Host

Through Internet Explorer
Question
How do I enable or disable access to the ESXi host through Internet Explorer?
Answer
Step 1 Use Putty to log in to the ESXi host as user root.
Step 2 Enable or disable access to the ESXi host through Internet Explorer.
l To disable access to the ESXi host through Internet Explorer:
# vim-cmd proxysvc/remove_service "/" "httpsWithRedirect"
If
Successfully removed service.
is displayed, the access to the ESXi host through Internet Explorer has been disabled.
l To enable access to the ESXi host through Internet Explorer:
# vim-cmd proxysvc/add_tcp_service "/" httpsWithRedirect localhost 8309
If
Successfully added service.
is displayed, the access to the ESXi host through Internet Explorer has been enabled.
----End
A.12.19 How Do I Change the Password of the

administrator@vsphere.local User?
Question
How do I change the password of the administrator@vsphere.local user?
Answer
Step 1 Enable the vSphere web client function by referring to A.12.20 How Do I Enable or Disable
the vSphere Web Client Function?.
Step 2 Log in to the vSphere web client as the administrator@vsphere.local user.

1. Start a browser.
2. Enter https://VCSA server IP address:9443/vsphere-client/ into the address bar and
press Enter.
3. Enter values for User and Password in the login window.
Step 3 Choose System Management > Single Sign-On > Users and Groups from the main menu.

Step 4 Click the User tab.
Step 5 Right-click an Administrator and choose Edit User from the shortcut menu.
Step 6 Change the user's password in the displayed window.

NOTE
A new password must meet password policy requirements. For details about password policies, choose
System Management > Configuration > Password Policy from the main menu.
Step 7 Click OK.
----End
A.12.20 How Do I Enable or Disable the vSphere Web Client

Function?
Question
How do I enable or disable the vSphere web client function?
NOTE
To ensure security, the vSphere web client function is disabled by default during VCSA installation.
Answer
Step 1 Log in to the OS on which the VCSA is installed as the administrator.
Step 2 Click Start.
Step 3 Right-click Computer and choose Manage from the shortcut menu.
Step 4 In the Server Manager window, choose Configuration > Services.
Step 5 Choose vSphere Web Client from the server list, right-click, and choose Start or Stop from
the shortcut menu.
----End
A.12.21 How to Change the Windows OS Computer Name?
Question
How do I change the Windows OS computer name?
Answer
Step 1 Log in to the Windows OS as the administrator.
Step 2 Change the name of the computer where the OS is installed.

1. Choose Start > Computer.
2. Right-click Computer and choose Properties from the shortcut menu.
3. Click Change settings.
4. In the System Properties window, click Change on the Computer Name tab.

5. In the Computer Name/Domain Changes dialog box, set Computer Name to the name
of the new computer where the OS is installed.
6. Click OK. In the System Properties window, click OK.
7. Restart the computer.
Step 3 Optional: To change the computer name of the vCenter OS, perform the following operations
to delete the existing certificate and install the vCenter again.
1. Access C:\ProgramData\VMware\VMware VirtualCenter\SSL and delete all files in
the directory.
2. Choose Start > Control Panel and click uninstall a program to uninstall the VMware
vCenter Server.
3. Restart the OS.
4. Re-install the vCenter server.
----End
A.12.22 How Do I Rectify an NIC Type Error for a VM
Question
How do I rectify an NIC type error for a VM?
Answer
Step 2 Shut down the mapping VM OS.

1. Right-click the VM and choose Open Console from the shortcut menu. The console
2. Log in to the SUSE Linux as the root user.
3. On the desktop, right-click and choose Open in Terminal from the shortcut menu to
access the command line interface (CLI).
4. Run the following command in the CLI window to close the OS:
# sync;sync;shutdown -h now
5. Close the console dialog box.

Step 3 Remove the adapter with an NIC type error, for example, Network adapter 1.
1. Select the desired VM and click Edit Settings. The Virtual Machine Properties
window is displayed.
2. Select Network adapter 1, copy the MAC address value, click Remove, and delete the
Network adapter 1 value.
3. Click OK, the Virtual Machine Properties closed.
Step 4 Add Network adapter 1.
2. Click Add. The Add Hardware dialog box is displayed.
3. Select Ethernet Adapter and click Next. The Network connection dialog box is
displayed.

4. Set Named network with specified label: to VM Network_U2000 and click Next.
5. Click Finish.
6. Select New NIC (adding) and Manual to paste the copied MAC address in Step 3.
7. Click OK.
The network adapter will be successfully created 5 minutes later.
Step 5 Select the virtual machine, right-click, and choose Power > Power On from the shortcut
menu.
Step 6 Check the NIC type.

2. Select Network adapter 1.
– When the VM has the SUSE OS installed, ensure that the Adapter Type value is
VMXNET 3.
– When the VM has the Windows OS installed, ensure that the Adapter Type value
is E1000.
----End
A.12.23 How to Manage VM Snapshot
Question
A snapshot is the duplicate of a VM at a certain time point. If system exceptions or failure
occurs, you can use the snapshot to restore the VM. How to manage VM snapshot?
Answer
l Taking a Snapshot
It is recommended that a maximum of 2 snapshots be taken; otherwise, the VM OS

performance will be compromised. To ensure data consistency between VMs and shorten
the snapshot-taking time, perform the following operations:
a. Run the following command to shut down the guest OS:

# sync;sync;shutdown -h now
b. On the vCenter client, right-click the VM and choose Snapshot > Take Snapshot
c. Set Name and Description and click OK.

d. Open the Recent Tasks list and verify that the task is completed.

NOTE
The snapshot of the stopped VM can be taken within 2 seconds.

l Revert to a Snapshot
This section describes how to revert to a snapshot. You do not need to shut down the VM
for the reversion. After the reversion, current VM data will be erased.
a. On the vCenter client, right-click the VM and choose Snapshot > Snapshot
Manager from the shortcut menu.
b. In the Snapshots for VM name dialog box, select a snapshot and click Go to. In the
Confirm dialog box, click Yes.
c. Open the Recent Tasks list and verify that the task is completed.
NOTE
The VM remains shut down after the reversion is completed.

l Deleting a Snapshot
If a VM has been running properly, you can delete its snapshot for higher read and write
performance. The deletion does not require the VM to be shut down either.
a. On the vCenter client, right-click the VM and choose Snapshot > Snapshot
Manager from the shortcut menu. In the Snapshots for VM name dialog box,
select a snapshot and click Delete.
b. Open the Recent Tasks list and verify that the task is completed.

NOTE
The VM runs as usual after the snapshot is deleted.
----End
A.12.24 How to Check and Add a Storage

Question
How do I check and add a storage?
Answer
Step 2 In the navigation tree, click the IP address of the VMware server. In the right pane, choose
Configuration > Storage.
Step 3 Click Rescan All to access the Rescan dialog box.

Step 4 Click OK.
NOTE
In the Recent Tasks column, if Status is displayed as Completed for all scanning tasks, scanning is
complete.
Step 5 Click Add Storage to access the Add Storage dialog box.
Step 6 Click Next. Use the default Select Disk/LUN.

l If the Name list is empty, no storage is added.

l If the Name list is not empty, add a storage with the available space greater than or equal
to 300 GB.
a. Select a storage and click Next to access the File System Version dialog box.
b. Click Next. Use the default VMFS-5.

c. Click Next.
d. In Enter a datastore name, enter a storage name, such as datastore2.
e. Click Next.
f. Click Next. Use the default Maximum available space.
g. Click Finish.
NOTE
If in the Recent Tasks column, Status is displayed as Completed for the data storage task,
the storage is added successfully.
----End
A.12.25 How Do I Modify Timeout for VM Startup and

Shutdown?
Question
A VMware tools (W) timeout message is displayed during switching of active and standby
SRMs. How do I modify Timeout to avoid this issue?
Answer
Step 1 See A.13.1 How Do I Log In to VCSA? to log in to the VCSA at the primary site.
NOTE
The following operations should be performed on all service nodes (IS, NM, EM, NBI_GW, FloatIP,
Backup, and PM).
Step 2 Select Site Recovery in Home.
Step 3 Select Recovery Plans in the lower left corner and click the created recovery plan.
Step 4 Select a VM and click Configure Recovery. The VM Recovery Properties dialog box is
displayed.
Step 5 Select Shutdown Action and modify Timeout to 15 minutes.

Step 6 Select Startup Action and modify Wait for VMware Tools(W) to 15 minutes.
----End
A.12.26 Configuring the Replication (Heartbeat) Network

(VMware vSphere Client)
After the U2000 is deployed, the VM uses one network port by default. If the VM uses two
network ports, you need to add a replication (heartbeat) network manually. The replication
(heartbeat) network uses the virtual interface group VM Network_U2000_Replication.
Procedure
Step 2 Add the virtual interface group VM Network_U2000_Replication on the vSwitch3 virtual
switch of U2000 computing node.
1. Select the ESXi host where the U2000 VM resides and click Configuration.
2. Select Networking and click Properties in the Standard Switch: vSwitch3 area.

3. In the vSwitch3 Properties dialog box, click Add.

4. In the Add Network Wizard dialog box, click Next.
5. In the Port Group Wizard area, set Network Label to VM
Network_U2000_Replication, set VLAND ID (Optional) to 3011, and click Next.
6. Click Finish.
Step 3 Add a U2000 VM-specific network adapter.

1. Right-click the desired virtual machine and choose Edit Settings from the shortcut
menu. The Virtual Machine Properties dialog box is displayed.
2. Click Add on the Hardware tab. The Add Hardware dialog box is displayed.
3. Select Ethernet and click Next.

4. Select VM Network_U2000_Replication for Named network with specified label,
keep default settings for other parameters, and click Next.
5. Click Finish.

6. Click OK.
----End
A.12.27 Configuring the Replication (Heartbeat) and Application

Networks (VMware vSphere Client)
After the U2000 is deployed, the VM uses one network port by default. If the VM uses three
network ports, you need to add a replication (heartbeat) network and an application network
manually. The replication (heartbeat) network uses the virtual interface group VM
Network_U2000_Replication, and the application network uses the virtual interface group
VM Network_U2000_Application.
Procedure
Step 2 Add the virtual interface groups VM Network_U2000_Replication and VM

Network_U2000_Application on the vSwitch3 virtual switch of U2000 computing node.
1. Select the ESXi host where the U2000 VM resides and click Configuration.
2. Select Networking and click Properties in the Standard Switch: vSwitch3 area.
3. In the vSwitch3 Properties dialog box, click Add.

4. In the Add Network Wizard dialog box, click Next.
5. In the Port Group Wizard area, set Network Label to VM
Network_U2000_Replication, set VLAND ID (Optional) to 3011, and click Next.
6. Click Finish.
7. Repeat steps Step 2.1 to Step 2.6 to add the virtual interface group VM
Network_U2000_Application and set VLAND ID (Optional) to 3010.
Step 3 Add two U2000 VM-specific network adapters.

1. Right-click the desired virtual machine and choose Edit Settings from the shortcut
menu. The Virtual Machine Properties dialog box is displayed.
2. Click Add on the Hardware tab. The Add Hardware dialog box is displayed.
3. Select Ethernet and click Next.

4. Select VM Network_U2000_Replication for Named network with specified label,
keep default settings for other parameters, and click Next.
5. Click Finish.
6. Click OK.
7. Repeat steps Step 3.1 to Step 3.6 to add one adapter and select VM
Network_U2000_Application under Named network with specified label.
----End
A.13 VMware Virtual Machine(vSphere Web Client)

This topic describes operations related to VMware 6.5 where the VCSA is logged in through
the vSphere Web Client.
A.13.1 How Do I Log In to VCSA?
Question
How do I log in to VCSA?
Answer
Step 1 Enter https://VCSA IP address/vsphere-client in the address bar of a browser and press
Enter to access the login page.
l Browser versions supported by the vSphere Web Client include: Mozilla Firefox 34 to
49, and Google Chrome 39 to 53. For best performance, use Google Chrome.
l vSphere Web Client 6.5 requires Adobe Flash Player 16 to 23. For best performance and
security fixes, use Adobe Flash Player 23.

NOTE
If you encounter any problem related to the Adobe Flash Player, visit http://www.adobe.com/support/
documentation/cn/flashplayer/help/index.html and see the description on this webpage for
troubleshooting.
Step 2 Enter the VMware VCSA administrator name and password and click Log in.
NOTE
l Change the passwords periodically (at an interval of 3 or 6 months) to improve system security and avoid
security risks, such as violent password cracking. For details, see A.13.7 How Do I Change a VCSA
User Password?.
l This manual uses a Google Chrome as an example to describe how to operate the vSphere Web Client.
Operations using a Mozilla Firefox browser may differ slightly.
----End
A.13.2 How Do I Log In to the VMware ESXi
Question
How do I log in to the VMware ESXi?
Answer
Step 1 Start a browser, enter https://IP address of the VMware ESXi host/ui into the address bar
and press Enter.
NOTE
Supported browser versions include: Mozilla Firefox 15 and later, and Google Chrome 25 and later.
Step 2 Enter the root user name and password of the ESXi host and click Login.
NOTE
Change the passwords periodically (at an interval of 3 or 6 months) to improve system security and
avoid security risks, such as violent password cracking. For details, seeHow Do I Change the Account
Password for the VMware ESXi OS?.
----End
A.13.3 How Do I Log In to the VCSA Management Page?
Question
How do I log in to the vCenter Server Appliance management page?
Answer
Step 1 Enter https://VCSA IP address:5480 in the address bar of a browser and press Enter to
access the login page.
l Supported browser versions include: Mozilla Firefox 15 and later, and Google Chrome
25 and later.
l Ensure that TLS 1.1 and TLS 1.2 are enabled in security settings.
Step 2 Enter the root user name and password and click Login.

The default root user password is the password set during VCSA deployment.
----End
A.13.4 How Do I Log In to the VR Management Page

Question
How Do I Log In to the VR Management Page?
Answer
Step 1 Enter https://VR IP address:5480 in the address bar of a browser and press Enter to access
the login page.
l Supported browser versions include: Mozilla Firefox 15 and later, and Google Chrome
25 and later.
l Ensure that TLS 1.1 and TLS 1.2 are enabled in security settings.
Step 2 Enter the root user name and password and click Login.
l The default root user password is the password set during VR deployment.
l Change the passwords periodically (at an interval of 3 or 6 months) to improve system
security and avoid security risks, such as violent password cracking. For details, see A.
13.8 How to change the Password of the vSphere Replication Appliance.
----End
A.13.5 How to Power on or Power off the VM

Question
How to Power on or Power off the VM?
Answer
Step 1 Log in to the VCSA.
Step 2 Power on or power off the VM.

l Right-click the VM and choose Power > Power On to power on the VM.
l Right-click the VM and choose Power > Power Off to power off the VM.
----End
A.13.6 How Do I Restart the ESXi Host

Question
How do I restart the ESXi host?
Answer
Before restarting or shutting down the ESXi host, you need to shut down all VMs running on
the ESXi host. This prevents VM OS data from being lost during the power-off of the ESXi

host. VMs can be shut down manually or automatically. If too many VMs are running on the
ESXi host, you are advised to use the automatic VM startup and shutdown function provided
by VMware. For details about the automatic operations, see Step 1. For details about the
manual operations, see A.13.5 How to Power on or Power off the VM. If the host is part of
a vSphere HA cluster, the automatic VM startup and shutdown is disabled by VMware.
Step 1 Configure VMs running on the ESXi host to automatically start or shut down as the ESXi host
is started or shut down.
1. Optional: Select the cluster HA. On the Configure tab on the right, select vSphere
Availability to ensure vSphere HA is Turned OFF.
NOTE
If the host is part of a vSphere HA cluster, the automatic VM startup and shutdown is disabled by
VMware. That is, this step is mandatory only when the following conditions are met:
1. The host to be restarted is located in the vSphere HA cluster.
2. The vSphere HA function has been enabled in the cluster.
2. Click the ESXi host to be restarted, choose ConfigureVirtual Machines > Virtual
Machine Startup and Shutdown, and click Edit.
3. In the Default VM Settings area, select Automatically start and stop the virtual
machines with the system.
4. In the Per-vm Overrides area, use to move all VMs on the ESXi host to Automatic
Startup.
5. Click OK.
Step 2 Right-click the ESXi host to be restarted and choose Power > Shut Down from the shortcut
menu.
VMs on the ESXi host are automatically shut down in reverse order based on the
configuration in Step 1.4.
Step 3 Right-click the ESXi host to be restarted and choose Power > Power On from the shortcut
menu.
VMs on the ESXi host are automatically started in order based on the configuration in Step
1.4.
Step 4 Optional: Select the cluster HA. On the Configure tab on the right, choose vSphere
Availability and ensure vSphere HA is Turned ON.

NOTE
This step is mandatory only when the following conditions are met:
1. The host to be restarted is located in the vSphere HA cluster.
2. The vSphere HA function needs to be enabled again in the cluster.
----End
A.13.7 How Do I Change a VCSA User Password?
Question
How do I change a VCSA user password?
Answer
l Log in to the VCSA.
l Click the user name in the upper right corner and select Change Password.
l In the Change Password dialog box, change the user password and click OK.
NOTE
A password must meet requirements. For details, click . Choose Home > Administration >
Single Sign-On > Configuration > Policies > Password Policy. To ensure system security, you can
modify password requirements. For example, a password must:
l Contain at least eight characters.
l Be different from the latest five passwords.
l Contains at least two letters.
l Contains at least one special character.
l Contains at least one uppercase letter.
l Contains at least one lowercase letter.
l Contains at least one digit.
A.13.8 How to change the Password of the vSphere Replication

Appliance
Question
How to change the Password of the vSphere Replication Appliance?
NOTE
Change the passwords periodically (at an interval of 3 or 6 months) to improve system security and avoid
security risks, such as violent password cracking.
Answer
Step 1 Log in to the VR Management Page.
Step 2 Click the VR tab and click Security.
Step 3 Type the current password in the Current Password text box.
Step 4 Type the new password in the New Password and the Confirm New Password text boxes.

The password must be a minimum of eight characters. vSphere Replication does not support
blank passwords.
Step 5 Click Apply to change the password.
----End
A.13.9 How to Check and Create a Port Group (Network Label) on

the Virtual Machine
Question
How do I check and create a port group (network label) on a virtual machine?
Answer
Step 2 In the navigation tree, select an ESXi host. Click Configure > Networking > Virtual
switches.
NOTE
Requirements of the U2000 on the virtual machine port group (network label): As management and
services are implemented on independent network segments, the service network must be connected to
the external network through a service router. U2000 virtual machines need to be created on the service
router.
l Perform the following operations to view the non-used port groups (network label) on
the virtual machine:
If no information about the virtual machine is displayed in the Virtual Machine Port
Group area, the port group of the virtual machine is not used. Otherwise, the port group
(network label) is used. As shown in the preceding figure, port group VM
Network_U2000 is not used by the virtual machine.
l Perform the following operations to create a virtual machine port group (network label):
a. Select a vSwitch, such as vSwitch2. Click and the Add Networking dialog
box is displayed.
b. Select Virtual Machine Port Group for a Standard Switch and click Next.
c. Select Select an existing standard switch and click Next.
d. In the Network Label area, set the name of the new label and set VLAND ID to
the default value None.

e. Click Next.
f. Click Finish.
----End
A.13.10 How to Check Whether the Available Space of the Storage

on a Virtual Machine Meets the U2000 Requirement
Question
On the VMware vSphere Client, how do I check whether the available space of the storage on
a virtual machine meets the U2000 requirement?
Answer
Step 2 On the VMware vSphere Client, you can select the IP address of the VMware server from the
navigation tree and click Summary in the right pane and view the available space of the
storage on a virtual machine.
NOTE
l The available space of the storage on the virtual machine must meet the U2000 requirement
(Storage: 3.77 TB or higherStorage: 400 GB or higherStorage: 400 GB or higher); otherwise, the
U2000 cannot be installed.
l A storage with the available space of 4.61 TB is used as an example to describe how to check the
available space. You can create virtual hard disks 1 and 2 on the storage.
----End
A.13.11 How to View the Usage of Network Interfaces on the

VMware Server
Question
How do I view the usage of network interfaces on the VMware server?
Answer
Table A-19 Usage of the network interfaces on the VMware server

Network Adapters (network Virtual Machine PortGroup (network
interfaces) label)
vmnic0
vmnic1

Network Adapters (network Virtual Machine PortGroup (network

interfaces) label)
vmnic2
...
vmnicN
Step 2 Select an ESXi host from the navigation tree. Choose Configure > Networking > Virtual
switches.
Step 3 Select a virtual switch and click . The Manage Physical Network Adapters for
vSwitch dialog box is displayed. Check all network interfaces of the virtual switch and
manually enter them into the Network Adapters (network interfaces) column in Table
A-19.
Step 4 Select the virtual switch. In the details area, click on the right of network labels one by
one. Choose All > Teaming and failover to check information of Active adapters and
Standby adapters and supplement the Virtual Machine PortGroup (network label)
column in Table A-19.
----End

A.13.12 How Do I Configure Virtual Machine Memory?
Question
How do I configure the memory of a virtual machine?
Answer
Step 3 Perform the following operations to configure the memory:

2. In the Edit Settings dialog box, choose Virtual Hardware > Memory.
3. Set the memory value and clickOK.
Step 4 Configuring memory resources.

1. Click the VM name. Choose Configure > VM Hardware and click Edit in the upper
right corner.
2. In the Edit Settings dialog box, click Memory.
NOTE
– Shares: Select Custom and set the memory value as predefined
– Reservation: Input 0 MB.
– Reserve all guest memory (All locked): Clear the selection of the check box.
– Limit: Unlimited.
3. Click OK.
----End

A.13.13 How Do I Change the Number of CPUs in a Virtual

Machine?
Question
How do I change the number of CPUs in a virtual machine?
Answer
Step 4 In the Edit Settings dialog box, choose Virtual Hardware > CPU.
Step 5 Choose the number of CPUs from the CPU drop-down list.
NOTE
l The available virtual CPUs of a VM depends the number of CPUs supported by a host and that supported
by the VM OS.
l After parameter settings are complete, you can select the number of CPUs for each slot from the Cores
per Socket drop-down list.
----End
A.13.14 How Do I Configure the Disk of a Virtual Machine?

Question
How do I configure the disk of a virtual machine?
Answer
Step 4 In the Edit Settings dialog box, choose Virtual Hardware tab.
Step 5 In the Virtual Hardware dialog box, choose New Hard Disk from the New Device drop-
down list and click Add.

Step 6 Expand the new hard disk. Enter a size for the virtual hard disk to be configured, choose
Thick provision lazy zeroed from the Disk Provisioning drop-down list, and use default
settings for other parameters.

Step 7 Click OK.
----End

the OceanStor 5500 V3 Disk Array on the GUI
and the OceanStor 5500 V3 array disk for data storage.
Prerequisites
Context
All the blades on the E9000 server must establish a connection with the OceanStor 5500 V3
the E9000 server and the OceanStor 5500 V3 array disk.

Procedure

1. Select an ESXi host to be configured in the left pane. Choose Configure > Networking
> VMkernel adapters in the right pane.
2. Click . In the Add Networking dialog box, select VMKernel Network Adapter.
3. Click Next. In the Select target device dialog box, select New standard switch.
NOTE
4. Click Next. In the Create a Standard Switch dialog box, click . The Add Physical
Adapters to the Switch dialog box is displayed.
5. In the Add Physical Adapters to the Switch window, select Active adapters for
Failover order group and vmnic3 for Network Adapters. Then, click OK.
6. Click Next. In the Port properties dialog box, set Network label to VMkernel-iSCSI1,
VLAN ID to 3012, IP Settings to IPv4, and TCP/IP stack to Default.
the disk array.

NOTE

interface's IP address. The IP of iSCSI interface Controller A Port 0 and Controller B Port 0
are 192.168.0.20 and 192.168.0.21 respectively.
interface P0. The subnet mask of iSCSI interface Controller A Port 0 and Controller B Port 0
are 255.255.255.0.
Choose Configure > Networking > VMkernel adapters to view newly added
networks.
NOTE

NOTE

are 255.255.255.0.
1. Select an ESXi host to be configured and choose Configure > System > Security
Profile. Click Edit on the right of Firewall.
2. In the Edit Security Profile dialog box, select Software iSCSI Client.
3. Click OK.
1. Select an ESXi host to be configured, choose Configure > Storage > Storage Adapters,
and click .
2. Select Software iSCSI adapter.
3. In the Software iSCSI adapter dialog box, click OK. The window displays the newly
added iSCSI Software Adapter.

4. Select the added iSCSI Software Adapter, for example, vmhba64. On the Adapter
Details tab, select Targets.
5. On the Dynamic Discovery tab, click Add. In the Add Send Target Server dialog box,
add an iSCSI server that interconnects with the IP address of a network interface on the
disk array.
NOTE
– iSCSI Server: uses the IP address of the disk array's iSCSI network interface.
8. Click to rescan the adapter.

Step 5 Log in to the OceanStor DeviceManager.
2. Enter https://XXX.XXX.XXX.XXX:8088 in the address bar of the Internet Explorer
(where XXX.XXX.XXX.XXX indicates the IP address of the management network port
of the storage array controller). Such as https://10.9.1.10:8088.
NOTE
– XXX.XXX.XXX.XXX indicates the IP address of the management network port of the storage
array controller.
– A message may be displayed indicating that the security certificate of the website brings risks.
In this case, ignore the message and continue to visit the disk array as long as the IP address is
correct.
The OceanStor DeviceManager login window is displayed.

DeviceManager.
NOTE

– Password: The default password is Admin@storage. If the disk array is preinstalled, the
password is Changeme_123. (If the password has already been changed, enter the new
password. If the password is never changed, refer Setting the SC IP Address for the OceanStor
5500 V3 Disk Array to change it regularly and keep it privately.)

Step 6 Click Provisioning.
Step 7 Click Host in the Provisioning window.
Step 8 On the Host tab, select the desired blade and click Add Initiator.
Step 9 In the Available Initiators area, select the desired initiator and click .
Step 10 Click OK. In the Danager dialog box, select I have read and understood the consequences
associated with performing this operation. and click OK.
Step 11 In the Execution Result dialog box, click Close.

The added initiator is displayed in the lower part.


NOTE
1. Select an ESXi host and click the Datastores tab. The Datastores tab does not display
IDs of new LUNs.
2. Click New Datastore.
3. In the New Datastore dialog box, select VMFS and click Next.
4. Enter the LUN name LUN001_U2000, which is to be interconnected with
LUN001_U2000 on the disk array. Click Next.
5. In the VMFS version dialog box, select VMFS-5 and click Next.
6. In the Partition configuration dialog box, click Next.
7. In the Network dialog box, verify parameter settings and click Finish.
NOTE
If the status of data storage task creation is Finished in the Recent Tasks column, the LUN is
successfully added
Step 14 Repeat Step 13 to add LUN002_U2000.
Step 15 After the configuration is complete, IDs of new LUNs are displayed in the Datastores area.
----End

the OceanStor S3900 Disk Array on the GUI
and the OceanStor S3900 array disk for data storage.
Prerequisites
Context
All the blades on the E9000 server must establish a connection with the OceanStor S3900
the E9000 server and the OceanStor S3900 array disk.

Procedure

1. Select an ESXi host to be configured in the left pane. Choose Configure > Networking
> VMkernel adapters in the right pane.
NOTE
the disk array.

NOTE

are 255.255.255.0.
Choose Configure > Networking > VMkernel adapters to view newly added
networks.
NOTE

NOTE

are 255.255.255.0.
1. Select an ESXi host to be configured and choose Configure > System > Security
Profile. Click Edit on the right of Firewall.
2. In the Edit Security Profile dialog box, select Software iSCSI Client.
3. Click OK.
1. Select an ESXi host to be configured, choose Configure > Storage > Storage Adapters,
and click .
2. Select Software iSCSI adapter.
3. In the Software iSCSI adapter dialog box, click OK. The window displays the newly
added iSCSI Software Adapter.

4. Select the added iSCSI Software Adapter, for example, vmhba64. On the Adapter
Details tab, select Targets.
5. On the Dynamic Discovery tab, click Add. In the Add Send Target Server dialog box,
add an iSCSI server that interconnects with the IP address of a network interface on the
disk array.
NOTE
– iSCSI Server: uses the IP address of the disk array's iSCSI network interface.
8. Click to rescan the adapter.

Step 5 Log in to the ISM.
2. Enter https://XXX.XXX.XXX.XXX (more secure, recommended) or http://
XXX.XXX.XXX.XXX in the address bar of the Internet Explorer (where
storage array controller). Such as https://10.9.1.10.
NOTE
If "The page cannot be displayed" is displayed on the Internet Explorer, the Windows management
terminal and the disk array controller fail to communicate with each other. Check the network
connection.
The system will navigate to the default login window of the ISM, as shown in the
following figure.
3. Click Click Here to Launch OceanStor ISM. The system will check whether the ISM
is installed on the Windows management terminal.
NOTICE
Before installing the ISM, install the Java runtime environment (JRE). For more
information about JRE versions, refer to information on the homepage of OceanStor
ISM.

If the ISM fails to be displayed on the Internet Explorer, click Internet Options >
Advanced > Reset to reset IE settings.
If the ISM is not installed on the Windows management terminal, the system will
automatically download and install the ISM by means of the Java web start (JWS). If the
ISM is installed on the Windows management terminal, the system will automatically
check the software version. If the version of the ISM is not the latest version, the system
will automatically upgrade the software to the latest version.
4. In the Warning - Security dialog box, select Always trust content from this publisher
and click Run.
5. In the Welcome window of the ISM, click Discover array. The Discover array dialog
box will be displayed, as shown in the following figure.

6. Selects a mode for discovering disk arrays according to the conditions at your site. Table
A-20 describes the parameters for discovering disk arrays.
Table A-20 Parameters for discovering disk arrays
Authenticati The associated disk arrays can be found only when the entered user
on name and password are the same as those of the disk arrays.
Username The default user name for logging in to the ISM is admin.
Password The default password is Admin@storage. Change the password after

login and keep it secret.
Authenticati Selects a desired authentication mode. Choose Local Device from the
on Mode drop-down list.
Device Selects a desired device type. Choose Storage Unit from the drop-
Type down list.
Discovery Indicates that the discovery range is the IP address subnet segments on
Modes which the ISM client resides. The mode is by default selected.

Specify an Indicates that disk arrays are discovered according to the IP address of
IP address the management network port on the specified disk array.
When you specify the IP address, the first field on the left ranges from
1 to 223 (except 127), the last field ranges from 1 to 254, and the other
fields range from 0 to 255.
Specify IP Indicates that disk arrays are discovered according to the IP address
Segment segment of the management network port on the specified disk array.
Start IP Address and End IP Address indicate the start and end IP
addresses of disk arrays to be discovered. When setting this parameter,
pay attention to the following points:
– The discovery range is the IP subnet segment of the ISM client.
– The first field on the left ranges from 1 to 223 (except 127), the last
field ranges from 1 to 254, and the other fields range from 0 to 255.
– The start IP address must be less than or equal to the end IP
address.
Local sub- Indicates that the discovery range is the IP subnet segment of the ISM
network client. This mode is the default discovery mode of the system.
7. Click OK. After the system successfully discovers storage arrays, the message Discover
device succeed. is displayed on Task Manager.
Step 6 Check whether the blade is connected to the disk array.

1. In the navigation tree, choose SAN Services > Mappings > Initiators and check
whether there is a newly added adapter.
If the content in the following red box is the same as that in Step 4.3, the blade has been
successfully connected to the disk array.

If no newly added Initiators exists on the disk array, the blade fails to establish a
connection with the disk array. Repeat Step 4.1 to Step 4.8 to reconfigure the
connection.
Step 7 Mount the array disk's LUN.

1. In the navigation tree, choose SAN Services > Mappings > Initiators.
2. According to the iSCSI adapter identity added in Step 4.3, select the corresponding
iSCSI adapter and click Add to host.
3. Select a desired host, click Yes for Enable ALUA, and click OK.
NOTE
A desired host is the computing node that has the disk array mounted.
4. Click OK in the displayed dialog box.
5. Click Close in the Result dialog box.

6. Log in to the vSphere Web Client, select the ESXi host's IP address, and select
Configure > Storage > Storage Adapters.
7. Select the existing iSCSI adapter..
8. Select Devices in the Adapter Details window to check whether the disk array is
connected to VCSA Server.
NOTE
If the Devices tab lists one device whose Operational State is Attached, disks are correctly
attached.
You need to log in to the ISM only once.

NOTE
1. Select an ESXi host and click the Datastores tab. The Datastores tab does not display
IDs of new LUNs.
2. Click New Datastore.
3. In the New Datastore dialog box, select VMFS and click Next.
4. Enter the LUN name LUN001_U2000, which is to be interconnected with
LUN001_U2000 on the disk array. Click Next.
5. In the VMFS version dialog box, select VMFS-5 and click Next.
6. In the Partition configuration dialog box, click Next.
7. In the Network dialog box, verify parameter settings and click Finish.
NOTE
If the status of data storage task creation is Finished in the Recent Tasks column, the LUN is
successfully added
Step 10 After the configuration is complete, IDs of new LUNs are displayed in the Datastores area.
----End

A.13.17 How Do I Create a Network on the GUI
Question
How do I create a network on the GUI through vSphere Web Client?
Answer
For example, create and configure a service network for the ESXi host by referring to Table
A-21.
Table A-21 Network Parameters
Network Virtual Network VLAN ID vmnicX

Switch Label
Service network vSwitch3 VM 3014 vmnic1, vmnic5

Network_U200
0
Step 2 Create a network.

1. Select the ESXi host from the navigation tree.
2. On the right-hand Configure tab page, choose Networking > Virtual switches.
3. Click .
4. On the Select connection type tab page of the Add Networking window, choose
Virtual Machine PortGroup for a Standard Switch, then clickNext.
5. On the Select target device tab page, choose New standard switch, then clickNext.
6. On the Create a Standard Switch tab page, click .

7. On the Add Physical Adapters to the Switch window, add vmnic1, then clickOK.
Repeat this step to add vmnic5.
– Failover order group: Active adapters
– Network Adapters: vmnic1, vmnic5
8. Click Next.
9. On the Connection settings tab page, set the network label and VLAN ID.
– Network label: VM Network_U2000
– VLAN ID: 3014
10. On the Ready to Complete tab page, check the settings, click Finish.
Step 3 Configure NIC teaming and failover policy for vSwitch3.

1. On the Virtual switchestab page of the ESXi host, choose vSwitch3 created in Step 2,
click .

2. On the Teaming and failover tab page of the Edit Setting window, set the following
parameters.
a. Load balancing: Use Route based on the originating virtual port by default.
b. Network failover detection: Select Beacon probing.
c. Notify Switches: Use Yes by default.
d. Failback: Use Yes by default.
e. Failover Order: use or to configure network interface protection for

vSwitch3, preventing the single point of failure on network interfaces.
n Active adapters: Make sure vmnic1 and vmnic5 are both set to active
adapter.
n Standby adapters: If more adapters are unused, adding these available
adapters to Standby Adapter is recommended.
3. Click OK.
Step 4 Configure NIC teaming and failover policy for VM Network_U2000.
1. Choose the VM Network_U2000 of vSwitch3 confugured in Step 2, click .

2. On the Teaming and failover tab page of the Edit Settings window, make sure the
settings are the same as those in Step 3.2.
3. Click OK to finish.
----End
A.13.18 How Do I Test the Real-Time Network Speed of an ESXI

Host?
Question
How do I test the real-time network speed of an ESXI host?
Answer
Step 1 Log in to a networked PC except the ESXI host.
Step 2 Run the following command in the command line window:
> ping -l 1000 ESXI host IP address -t
NOTE
l 1000 indicates the 1000 bytes to be sent.

l For example: ping -l 1000 192.168.10.21 -t
Step 3 Press Ctrl+c to stop the command after about 20 periods. In the case of no packet loss, the
average communication time is 10 ms.
> Ping 192.168.10.21 1000(1000) bytes of data.


192.168.10.21 ping statistics

Packets Sent=20 Received=20 Lost=0
Approximate round trip times in milli-seconds
Minimum=6ms Maximum=11ms Average=6ms
NOTE
l If packet loss occurs or the average communication time is longer than 10 ms, the real-time network
speed of the ESXI host is low. In this case, reconfigure the network.
l If the average communication time is shorter than or equal to 10 ms, the real-time network speed of
the ESXI host is normal.
l This method is only used to preliminarily determine a network speed. To test a network speed, you
must use professional tools.
----End

Configure the New Blade (vSphere HA)
Question
How do I replace a physically damaged blade and configure the new blade?
NOTE
After a blade is physically damaged, VMs installed on it will be automatically switched to the failover
host. After the damaged blade is replaced, the VMs switched to the failover host need to be manually
switched back to the new blade.
Answer
Step 1 Powered off the damaged blade, then remove the damaged blade from the E9000 chassis.
Step 3 Install and configure the VMware ESXi on the new blade, see Installing and Configuring
VMware ESXi.
NOTE
the same as those on the damaged blade.
Step 4 Establish connections between the new blade and the disk array, see Create a Connection
Between the E9000 Server and Disk Array in the CLI.
Step 6 Select the damaged blade from the cluster, right-click, and choose Remove from Inventory
Step 7 Add the new blade to the cluster to which the damaged blade belongs, see Configuring an HA
Cluster for Blades.

Step 8 Create networks on the new blade, see Configure Networks in the CLI.
Step 9 Switch VMs to the new blade.

1. In the navigation tree on the vSphere Web Client, select the VMs on the failover host,
choose Migrate.
2. On the Select the migration type tab of the Migrate page, choose Change compute
resource only, click Next.
3. On the Select compute resourcetab, choose the new balde, click Next.
4. On the Select networks tab, the Destination Network must be the same as that of
Source Network, click Next.
5. On the Select vMotion prioritytab, choose Schedule vMotion with high priority, click
Next.
6. On the Ready to complete tab, click Finish.
7. Repeat Step 9.1 to Step 9.6 to switch all VMs back to the corresponding new blade.
8. In the navigation tree on the vSphere Web Client, right-click the new blade.
9. Select VMs > Virtual Machines.
– If the VMs previously installed on the original damaged blade are displayed on the
Virtual Machines tab and running properly, the VMs have been successfully
switched from the failover host to the new blade. In this situation, the damaged
blade has been successfully replaced by the new blade.
the new blade. In this situation, check and reconfigure the new blade and switch the
VMs according to the FAQ.
----End

Configure the New Blade (vSphere DRS)
Question
For the recovery site with vSphere DRS enabled in the SRM solution, the blade where the
host in the cluster resides encounters physical damage. How do I replace a physically
damaged blade and configure the new blade?
NOTE
Rectify the fault as soon as possible, ensuring that the VM corresponding to the host in the DRS rules
can be properly restored during the SRM switchover. After the damaged blade is replaced, the VMs
switched to the failover host need to be manually switched back to the new blade.
Answer
Step 1 Powered off the damaged blade, then remove the damaged blade from the E9000 chassis.
Step 3 Install and configure the VMware ESXi on the new blade, see Installing and Configuring
VMware ESXi.

NOTE
the same as those on the damaged blade.
Step 4 Establish connections between the new blade and the disk array, see Create a Connection
Between the E9000 Server and Disk Array in the CLI.
Step 6 Select the damaged blade from the cluster, right-click, and choose Remove from Inventory
Step 7 Add the new blade to the cluster to which the damaged blade belongs, see Configuring an HA
Cluster for Blades.
Step 8 Create networks on the new blade, see Configure Networks in the CLI.
Step 9 Switch VMs to the new blade.

1. In the navigation tree on the vSphere Web Client, select the VMs on the failover host,
choose Migrate.
2. On the Select the migration type tab of the Migrate page, choose Change compute
resource only, click Next.
3. On the Select compute resourcetab, choose the new balde, click Next.
4. On the Select networks tab, the Destination Network must be the same as that of
Source Network, click Next.
5. On the Select vMotion prioritytab, choose Schedule vMotion with high priority, click
Next.
6. On the Ready to complete tab, click Finish.
7. Repeat Step 9.1 to Step 9.6 to switch all VMs back to the corresponding new blade.
8. In the navigation tree on the vSphere Web Client, right-click the new blade.
9. Select VMs > Virtual Machines.
– If the VMs previously installed on the original damaged blade are displayed on the
Virtual Machines tab and running properly, the VMs have been successfully
switched from the failover host to the new blade. In this situation, the damaged
blade has been successfully replaced by the new blade.
the new blade. In this situation, check and reconfigure the new blade and switch the
VMs according to the FAQ.
----End
A.13.21 How Do I Change the Idle Time After Logging In to the

VCSA Through the VMware vSphere Web Client
Question
How Do I Change the Idle Time After Logging In to the VCSA Through the VMware
vSphere Web Client?

Answer
Step 2 Select the VCSA's IP address from the navigation tree. Choose Configure > Settings >
General in the right pane.
Step 3 Click Edit in the upper right corner.
Step 4 In the Edit vCenter Server Setting dialog box, select Timeout setting.
Step 5 In Normal operations, enter a timeout interval, in seconds, for normal operations.
Step 6 In Long operations, enter a timeout interval, in minutes, for long-time operations.
Step 7 Restart the VMware vSphere Web Client service.
1. Click in the upper right corner and click Home to access the Home page.
2. Choose Administrator > Deployment > System Configuration.
3. Choose System Configuration > Services from the navigation tree and expand the
Services list.
4. Select VMware vSphere Web Client in the service list, right-click, and choose Restart
from the shortcut menu to restart it.
----End
A.13.22 How Do I Enable SSH for the VMware ESXI Hosts?
Question
How do I enable SSH for the VMware ESXI hosts?
Answer
Step 1 Log in to the VMware ESXi.
Step 2 Choose Host > Manage > Services, ensure that the SSH process of Services is displayed as
Running
Step 3 Optional: If the SSH process is displayed as Stopped, click Start to enable SSH.
NOTE
To disable SSH, click Stop to disable SSH.
----End

A.13.23 How Do I Rectify an NIC Type Error for a VM?
Question
How do I rectify an NIC type error for a VM?
Answer
Step 2 Select the VM with an NIC Type Error, right-click, and choose Power > Power Off to stop
the VM.
Step 3 Remove the adapter with an NIC type error, for example, Network adapter 1.
1. Select the desired VM and click Edit Settings. The Edit Settings window is displayed.
2. Choose Virtual Hardware > Network adapter 1. Expand Network adapter 1, copy
the MAC Address value and click Remove to delete Network adapter 1.
3. Click OK, the Edit Settings closed.
Step 4 Add Network adapter 1.

2. Choose Virtual Hardware > New Device. Choose Network from the New Device drop-
down list and click Add.
3. Expand Network adapter 1.
Table A-22 Parameters and values

Parameter Value
New Network VM Network_U2000
Adapter Type – SUSE OS:

VMXNET 3
– Windows OS:
E1000
MAC Address Choose Manual. Then, paste the MAC

address copied in Step 3.
4. Click OK. Hardware adding is complete.
Step 5 Select the virtual machine, right-click, and choose Power > Power On from the shortcut
menu.
Step 6 Check the NIC type.

2. Select Network adapter 1. Ensure that Adapter Type is VMXNET 3.
3. Choose Virtual Hardware > Network adapter 1. Expand content of Network adapter
1 and ensure that Adapter Type is the same as that specified in Step 4.
----End

A.13.24 How to Manage VM Snapshot
Question
How to manage VM snapshots?
Answer
l A VM snapshot is an image of a VM disk file at a specific time point and is used to back
up the current system status.
l VM snapshots need to be generated only before system upgrade or patch installation.
When VM system upgrade or patch installation fails and cannot be recovered, you can
restore the VM to the previous status using snapshots.
l It is recommended that the number of snapshots on a VM be no more than two and the
stored time of each snapshot be no more than three days.
l Log in to the VCSA.
l Taking a Snapshot
It is recommended that a maximum of 2 snapshots be taken; otherwise, the VM OS
performance will be compromised. To ensure data consistency between VMs and shorten
the snapshot-taking time, perform the following operations:
a. Right-click the VM and choose Power > Power Off to power off the VM.
b. Right-click the VM and choose Snapshots > Take Snapshot.
c. Set Name and Description and click OK.
d. Open the Recent Tasks list and verify that the task is completed.
NOTE
The snapshot of the stopped VM can be taken within 2 seconds.

l Revert to a Snapshot
This section describes how to revert to a snapshot. You do not need to shut down the VM
for the reversion. After the reversion, current VM data will be erased.
a. Right-click the VM and choose Snapshot > Snapshot Manager from the shortcut
menu.
b. In the Snapshots for VM name dialog box, select a snapshot and click . In the
Confirm dialog box, click Yes.
c. Open the Recent Tasks list and verify that the task is completed.
d. After the reversion, right-click the VM and choose Power > Power On to power on
the VM.
l Deleting a Snapshot
If a VM has been running properly, you can delete its snapshot for higher read and write
performance. The deletion does not require the VM to be shut down either.
a. Right-click the VM and choose Snapshot > Snapshot Manager from the shortcut
menu. In the Snapshots for VM name dialog box, select a snapshot and click
Delete.
b. Open the Recent Tasks list and verify that the task is completed.

NOTE
The VM runs as usual after the snapshot is deleted.
----End
A.13.25 How Do I Upgrade a VM Hardware Version?

Question
How do I upgrade a VM hardware version?
Answer
l A VM compatibility level determines virtual hardware available to VMs. Virtual
hardware on a VM maps physical hardware on a host. A compatibility level upgrade will
upgrade a VM hardware version.
l Virtual hardware includes BIOS and EFI, number of available virtual PCI slots,
maximum number of CPUs, maximum memory configurations, and other features. Table
A-23 shows function differences of various hardware versions.
Table A-23 Virtual hardware function differences

Function Hardware Hardware Hardware
Version 13 Version 11 Version 10
Maximum memory 6128 4080 1011

(GB)
Maximum number 128 128 64

of logical
processors
Maximum number 128 128 64

of cores per slot
(virtual CPUs)
NVMe controller 4 N N
Maximum video 2 GB 2 GB 512 MB

memory (MB)
PCI passthrough 16 16 6
Serial port 32 32 4
l Select a VM from the navigation tree in vSphere Web Client and click the Summary tab
to check its hardware versions.

Step 1 Log in to VCSA.
Step 2 Power off the VM to be upgraded. For details, see A.13.5 How to Power on or Power off the
VM.
Step 3 Right-click the VM and choose Compatibility > Upgrade VM Compatibility.
Step 4 Select a desired ESXi version. Table A-24 shows the mapping of VM compatibility and
hardware versions.
Table A-24 Version mapping

Compatibility Hardware Version Description
ESXi 6.5 and higher Hardware version 13 This VM is compatible with

ESXi 6.5.
ESXi 6.0 and higher Hardware version 11 This VM is compatible with

ESXi 6.0 and ESXi 6.5.
----End
A.13.26 How Do I Configure the Default Method for Enabling the

VM Remote Console?
Question
How do I configure the default method for enabling VM remote control?
Answer
Use vSphere Web Client to start the VM remote console and access the virtual desktop. The
VM remote console allows you to perform various tasks on VMs. The tasks include installing
an OS, setting OS parameters, running an application, and monitoring performance. vSphere
Web Client supports two VM remote consoles.

NOTE
l Remote Console: The VMware Remote Console (VMRC) application is opened in an independent
window. This application is used to connect to clients and start the VM console on a remote host.
l Web remote console: This console is opened in a browser. When the web remote console is used, some
functions are unavailable.
Step 2 Select a VM from the navigation tree. Click on the Summary tab.
Step 3 Select Change Default Console.

Step 4 In the Change Default Console dialog box, select the default method of opening the VM
remote console and click OK.
NOTE
If Remote Console is used, the VMRC must be installed.
1. Click install from here in Change Default Console. The message There is a problem with this
website's security certificate. is displayed.
2. Click Continue to this website (not recommended). to download the VMRC installation software.
3. Double-click the software to start VMRC installation.
----End
A.13.27 How to Check and Add a Storage Device

Question
How do I check and add a storage device?
Answer
Step 2 In the navigation tree, click the IP address of the VMware server. In the right pane, choose
Configure > Storage > Datastores.

Step 3 Click in the preceding figure.

NOTE
In the Recent Tasks column, if Status is displayed as Completed for all scanning tasks, scanning is
complete.
Step 4 Click .
Step 5 In the New Datastore dialog box, select VMFS and click Next.
l If the Name list is empty, no storage device is added.
l If the Name list is not empty, add a storage device.
Step 6 Enter the datastore name, select a storage device and click Next.
Step 7 In the VMFS version dialog box, select VMFS-5 and click Next.
Step 8 In the Partition configuration dialog box, click Next.
Step 9 In the Ready to complete dialog box, verify partition parameter settings and click Finish.
NOTE
If in the Recent Tasks column, Status is displayed as Completed for the data storage task, the storage is
added successfully.
----End
A.13.28 Installing VMware Tools

This section describe how to install VMware tools. VMware Tools are drivers that enhance
the performance of virtual video cards and hard disk and synchronize clocks between the
VMs and their housing hosts.
Context
VMware Tools installation may cause temporary network disconnections. You need to restart
the OS to make the installed VMware Tools take effect. Therefore, exercise caution when
performing this operation.
Procedure
Step 2 Check drive configurations.

1. Right-click a VM and choose Edit Settings... from the shortcut menu. The Edit Settings
2. On the Virtual Hardware tab, click CD/DVD drive 1. Ensure that Device Type is
select Client Device and Mode is select Emulate CD-ROM.

3. Click OK.
Step 3 Install the VMware Tools (applicable to the Windows Server 2008 VM or the SRM VM).
NOTE
Due to restrictions of the VMware software, it is normal that the system does not respond to mouse
operations before VMware Tools is installed on the Windows VM.
NOTE
Due to restrictions of the VMware software, it is normal that the Windows Server 2012 OS does not
respond to mouse operations before VMware Tools is installed on the VM.
1. Right-click the VM and choose Guest OS > Install VMware Tools from the shortcut
menu. The Install VMware Tools dialog box is displayed.
2. Click Mount to mount the VMware Tools software.
3. Right-click the VM, and choose Open Console from the shortcut menu. The console
The VM's remote console is enabled in two methods. To switch to default method of
opening the remote console, see A.13.26 How Do I Configure the Default Method for
Enabling the VM Remote Console?.
NOTE
– If you use a Chrome, if the Invalid security certificate dialog box is displayed after you
choose Open Console, select Allow.
– If you want to exit from the console, press Ctrl+Alt.
– The number pad keyboard is not recommended. This is because Num Lock may fail to work
normally when the OS is installed on certain machines.

4. Log in to the Windows OS.

5. On the desktop, use Tab, up and down arrow keys and press Enter to select Start > This
PC, then select DVD Driver with the VMware Tools mounted. The VMware Tools
installation wizard is displayed.
6. After the installation is complete, restart the Windows OS.
Step 4 Right-click a VM and choose Edit from the shortcut menu. In the displayed window, choose
VM Options > VMware tools and select Synchronize guest time with host.
Step 5 Click OK.
----End
A.13.29 How Do I Modify Timeout for VM Startup and

Shutdown?
Question
A VMware tools timeout message is displayed during switching of sites on the SRM solution.
How do I modify Timeout to avoid this issue?
Answer
NOTE
The following procedues need to be performed on all service nodes on the protected site.

Step 2 Select > Site Recovery.
Step 3 Choose Recovery Plans from the navigator tree.
Step 4 Choose the created recovery plan from the navigator tree.
Step 5 On the right pane, choose Related Objects > Virtual Machines.
Step 6 Right-click a VM and choose Configure Recovery.
Step 7 On the VM Recovery Properties dialog box, select Shutdown Action and set Timeout
under Shutdown guest OS before power off(requires VMware Tools) to 15 minutes.
Step 8 Select Startup Action and set Timeout under Wait for VMware Tools to 15 minutes.
Step 9 Click OK.
----End
A.13.30 How Do I Troubleshoot Error#1009?
Question
After a recovery plan is created, a user changes the startup or shutdown time of a VM or
customizes a VM IP address. There is a probability that Error#1009 is reported. How do I
troubleshoot Error#1009?
Answer
Step 1 Stop the VMware vCenter Server service.
1. Log in to the VCSA.
2. Choose > Administration > System Configuration > Services.

3. Choose VMware vCenter Server from the navigation tree on the left and choose Stop
Step 2 Delete all files from the serenity directory.

1. Use PuTTY to log in to the VCSA VM as the root user.
2. Run the following commands to open the network configuration file and delete all files
from the serenity directory:
Command> shell
When Shell access is granted to root is displayed, run the following commands:
root@localhost [ ~ ]# rm -rf /storage/vsphere-client/SerenityDB/serenity/*
Step 3 Start the VMware vCenter Server service.

1. Log in to the VCSA.
2. Choose > Administration > System Configuration > Services.

3. Choose VMware vCenter Server from the navigation tree on the left and choose Start
----End

Administrator Guide B U2000 Utilities
B U2000 Utilities
This topic describes the common applications of the U2000. The U2000 provides certain
simple applications so that you can conveniently perform operations on the U2000.
Table B-1 shows the common applications provided by the U2000 in the Windows OS.
Table B-2 shows the common applications provided by the U2000 in the Solaris OS.
Table B-3 shows the common applications provided by the U2000 in the SUSE Linux OS.
Table B-1 Common applications in the Windows OS
Application Function Path
startup_all_global. Starts the U2000 client. D:\oss\client

bat \startup_all_global.bat
startnms.bat Starts the U2000 server. D:\oss\server\platform\bin

\startnms.bat
startup_sysmonitor Starts the System Monitor. D:\oss\client

_global.bat \startup_sysmonitor_global.bat
stopnms.bat Stops the U2000 server. D:\oss\server\platform\bin

\stopnms.bat
startserver.bat Starts the NMS maintenance D:\oss\engr\engineering

tool service. \startserver.bat
stopserver.bat Stops the NMS maintenance D:\oss\engr\engineering

tool service. \stopserver.bat
Table B-2 Common applications in the Solaris OS
startnms.sh Starts the U2000 server. /opt/oss/server/platform/bin/

startnms.sh

Administrator Guide B U2000 Utilities
stopnms.sh Stops the U2000 server. /opt/oss/server/platform/bin/

stopnms.sh
startserver.sh Starts the NMS maintenance /opt/oss/engr/engineering/

tool service. startserver.sh
stopserver.sh Stops the NMS maintenance /opt/oss/engr/engineering/

tool service. stopserver.sh
Table B-3 Common applications in the SUSE Linux OS

startnms.sh Starts the U2000 server. /opt/oss/server/platform/bin/

startnms.sh
stopnms.sh Stops the U2000 server. /opt/oss/server/platform/bin/

stopnms.sh
startserver.sh Starts the NMS maintenance /opt/oss/engr/engineering/

tool service. startserver.sh
stopserver.sh Stops the NMS maintenance /opt/oss/engr/engineering/

tool service. stopserver.sh

Administrator Guide C MSuite
C MSuite
This topic describes the related concepts and common operations of the MSuite.
C.1 Overview
This topic describes the system structure, functions, features, and certain basic concepts of the
MSuite.
C.2 Starting and Stopping the MSuite
This topic describes how to start and stop the MSuite.
C.3 System Management
This topic describes how to use the system management functions of the MSuite.
C.4 U2000 Deployment
This topic describes how to deploy the U2000. After the U2000 is installed, you can maintain
or adjust the deployment of the U2000 through the MSuite.
C.5 Adjusting the NMS
This topic describes how to adjust the NMS. After the U2000 is installed, you can adjust the
U2000 server parameters through the MSuite.
C.6 Management of the High Availability System (Veritas hot standby)
This topic describes the frequently used operations of managing and maintaining the high
availability system (Veritas hot standby) through the MSuite.
C.7 Configuring the Northbound Interface Instance
This topic describes how to configure the northbound interface (NBI) instance.
C.8 Managing Certificate File
If the SSL certificate has expired or a specific SSL certificate is required, replace the current
SSL certificate.
C.9 Commissioning Tool
This topic describes the scenarios where a U2000 is commissioned. To enable a U2000 to
manage networks, you must commission the U2000 before using it to manage NEs and
configure services. The commissioning tool is used only after the initial installation of the
U2000 is complete. Do not use the commissioning tool after the U2000 has running for a
period of time. If the U2000 need to be commissioned after the initial installation of the
U2000 is complete, see section Commissioning the U2000 in the software installation and
commissioning guide.
C.10 Modify U2000 Configuration Items

Some function items of the U2000 can be controlled by the configuration items in the
configuration file. The U2000 provides a GUI-based tool that allows you to view and modify
configuration item settings through graphical user interfaces (GUIs).
C.11 Visualization Configuration Item List
This topic describes the visualization configuration items for the MSuite.
C.12 Managing Databases
This topic describes how to manage databases. To ensure the security of system data, the
MSuite provides the function of managing databases.
C.1 Overview
This topic describes the system structure, functions, features, and certain basic concepts of the
MSuite.
C.1.1 Basic Concepts

This topic describes the basic concepts related to the MSuite.
Terms
l MSuite: The MSuite is a graphical maintenance tool developed for the Huawei iManager
U2000 (U2000), a type of Huawei network product. The MSuite is used to debug,
maintain, and redeploy the U2000. For the system architecture of the MSuite, see C.1.2
System Architecture. For the functions and features of the MSuite, see C.1.3 Function
Overview.
l Server: Usually, a computer running the server program is called a server. Here, the
server refers to a computer that runs the U2000 server program.
l Domain: It is the software unit deployed on a computer.
C.1.2 System Architecture

This topic describes the system architecture of the MSuite.
The MSuite adopts the client/server model. The client communicates with the server through
the TCP/IP protocol. After receiving a request from the client, the server completes the
specific task, and then sends the result back to the client. Figure C-1 shows the system
architecture.

Figure C-1 System architecture of the MSuite
The MSuite is automatically installed during the installation of the U2000.

l During the installation of the U2000 server, the MSuite server and MSuite client are
automatically installed.
l During the installation of the U2000 client, the MSuite client are automatically installed.
NOTICE
The MSuite works in single-user mode. That is, only one MSuite client is allowed to log in to
the MSuite server at one time. For example, in the Figure C-1, maintenance engineers 1 and 2
cannot log in to the MSuite client at the same time to operate the U2000.
C.1.3 Function Overview

This topic describes the functions and application scenarios of the MSuite.
After the U2000 is installed, you can deploy or maintain the U2000 through the MSuite. The
specific functions are described as follows:
NOTE
l In different OSs, the functions of the MSuite are different.

l The
MSuite client and MSuite server must have the same version. Otherwise, the MSuite fails to work
properly.

Table C-1 Functions of the MSuite

Type Function Description
Managing the Changing the password For details, see C.3.1 Changing the Password
NMS of the MSuite.
Logging out of the For details, see C.2.3 Exiting from the MSuite
MSuite client client.
Exiting from the For details, see C.2.3 Exiting from the MSuite
MSuite client client.
Deploying Modifying the system For details, see C.4.1 Setting the System Time
and time and time zone and Time Zone.
maintaining
the NMS Changing the password For details, see C.4.2 Changing the Password
of the administrator of the Database Administrator.
user of the database
Changing the password For details, see C.4.3 Changing the Password
of the NMS user of the of the User of the Database.
database
Configuring NTP For details, see C.4.4 Configuring the NTP

Service.
Deploying domains For details, see C.4.5 Deploying Domains.
Undeploying domains For details, see C.4.6 Undeploying Domains.
Maintaining Synchronizing the For details, see C.6.1 Establishing the HA

the high primary and secondary Relationship Between the Primary and
availability sites Secondary Sites.
system
(Veritas hot Separating the primary For details, see C.6.2 Separating the Primary
standby) and secondary sites Site from the Secondary Site.
Configuring the local For details, see C.6.3 Configuring the Current
site as the primary site Server as the Active Server Forcibly.
forcibly
Monitoring the Status For details, see C.6.4 Monitoring the Status of
of the HA System the HA System.
Updating the veritas For details, see C.6.6 Updating the Veritas
Licenses (Solaris) Licenses (Solaris).
Updating the veritas For details, see C.6.7 Updating the Veritas
Licenses (SUSE Licenses (SUSE Linux).
Linux)
Monitor Replication For details, see C.6.8 Monitor Replication

Status Status.
Managing the Backing up the system For details, see C.12.1 Backing Up the System
database database Database.

Restoring the system For details, see:

database l C.12.2 Restoring Data of a U2000 Single-
Server System (Windows)
l C.12.3 Restoring U2000 Single-Server
System (Solaris) Data
l C.12.4 Restoring U2000 Single-Server
System (SUSE Linux) Data
l C.12.5 Restoring U2000 High Availability
System (Solaris) Data
l C.12.6 Restoring U2000 High Availability
System (SUSE Linux) Data
Initializing the U2000 For details, see C.12.7 Initializing the U2000
database Database.
Adjusting the Changing the host For details, see C.5.1 Changing the Host
NMS name and IP address Name and IP Address.
Configuring routes For details, see C.5.2 Configuring Routes.
Synchronizing the For details, see C.5.3 Synchronizing Network

network configuration Configurations.
Configuring - For details, see C.7 Configuring the

NBI instances Northbound Interface Instance.
Managing Replacing SSL For details, see C.8.2 Replacing SSL

certificate file certificates used for the Certificates Used for the U2000 Server.
communication
between the U2000
server and client
Importing SSL For details, see C.8.4 Importing SSL

certificates used for Certificates Used for Communication
communication Between the U2000 and NEs.
between the U2000
and NEs
Replacing SSL For details, see C.8.5 Replacing SSL

certificates used for the Certificates Used for the Communication
communication Between the U2000 and NE.
between the U2000
and NE
Replacing SSL For details, see C.8.6 Replacing SSL

certificates used for the Certificates Used for the Communication
communication Between the U2000 and uTraffic.
between the U2000
and uTraffic
Tool Commissioning Tool For details, see C.9 Commissioning Tool.

Modify U2000 For details, see C.10 Modify U2000

Configuration Items Configuration Items.
C.1.4 Graphical User Interface

The MSuite client supports the graphic user interface (GUI). The GUI consists of menus,
toolbar buttons, maintenance list column and the NMS vision.
Main Window
Figure C-2 shows the GUI of the MSuite client.
Figure C-2 GUI of the MSuite client
GUI Components
Component Meaning
Menu item Serves as a navigation path to enter the GUI

of the corresponding function.

Component Meaning
Shortcut icon Serves as a shortcut to enter the GUI of the

corresponding function. The same function
can be accessed through the corresponding
menu.
NOTE
Move the pointer over the shortcut icon. The
system prompts you the function of the shortcut
icon.
Maintenance list column l On the Domain tab page, you can view
the names, types, descriptions, and
number of instances of all Domains.
l On the Server tab page, you can view
the Server Name, OSS Application IP
Address, Server Type, and Server Status
of all servers.
Log bar Displays the log information when a task is

executed.
OSS Version Displays the NMS version.
C.1.5 Command Line Interface

This topic describes the CLI. The MSuite client allows you to perform operations through
command lines. In the Solaris or SUSE Linux OS, if you cannot use the graphical desktop
system, you can use command lines to deploy the U2000.
Frequently Used Commands in the CLI

Table C-2 shows the frequently used command lines of the MSuite.

NOTICE
l Before you perform operations through the CLI, make sure that the NMS maintenance
suite server is started.
In Solaris or SUSE Linux OS, run the following command as user root to verify that the
MSuite server is running:

OSSJRE/jre_linux/bin/java -server is displayed. Run the following commands as user
ossuser to start the MSuite server if it is not running:
# su - ossuser
$ ./startserver.sh
l The maximum number of characters in a CLI command line is 255. Try to make the
command strings simple and convenient.
l When using the command lines of the MSuite, you need to run the cd /opt/oss/client/
engineering command to switch to the directory where the MSuite client is installed.
l Run the command lines of the MSuite as user ossuser. If you have logged in as the root
user, relog in to the OS as user ossuser, you cannot run the su - ossuser command to
switch to the ossuser user to run the following command.
Table C-2 Common CLI commands for the MSuite

Syntax of Command Line Meaning
./startclient.sh deploy -ip 127.0.0.1 -port Query information.

12212 -username admin query -type l Querying Domain information: query -
querytype type 1
l Querying server information: query -
type 2
./startclient.sh deploy -ip 127.0.0.1 -port Deploy domains.

12212 -username admin deploydomain -
domain domain_name
./startclient.sh deploy -ip 127.0.0.1 -port Undeploy domains.

12212 -username admin undeploydomain
-domain domain_name
./startclient.sh deploy -ip 127.0.0.1 -port Synchronize the primary and secondary
12212 -username admin buildHA - sites.
secondaryip Application IP address of the
peer site
./startclient.sh deploy -ip 127.0.0.1 -port Separate the primary site from secondary
12212 -username admin splitHA sites.
./startclient.sh deploy -ip 127.0.0.1 -port Force active of local site

12212 -username admin forcePrimary

Syntax of Command Line Meaning
./startclient.sh deploy -ip 127.0.0.1 -port Change the host name.

12212 -username admin modifyhostname NOTICE
-hostname hostname After you change the host name using a
command, restart the OS immediately as
prompted. Otherwise, the change will fail.
./startclient.sh deploy -ip 127.0.0.1 -port Change the IP address.

12212 -username admin modifyip -oldip NOTICE
ipaddress -newip ipaddress -oldnetmask After you change the IP address using a
oldnetmask -newnetmask newnetmask command, restart the OS immediately as
prompted. Otherwise, the change will fail.
./startclient.sh deploy -ip 127.0.0.1 -port Change the float IP address (PC Linux HA
12212 -username admin modifyfloatip - system).
newip ipaddress -netmask netmask NOTE
l The new floating IP address must be on the
same network segment as the application IP
address.
l If the original IP address and modified IP
address are in the same network segment,
you can choose to change both the
application IP address and floating IP address
or only one of them as required. You can
change either the application IP address or
the floating IP address first.
l If the original IP address and modified IP
address are not in the same network segment,
both the application IP address and floating
IP address need to be changed and the
application IP address needs to be changed in
prior to the floating IP address.
l If the six-NIC scheme is used, the system IP
address and application IP address must be
on different network segments. If the
application IP address is modified, the
application IP address and system IP address
must be still on different network segments
after the modification. Changing the system
IP address using commands is prohibited.
./startclient.sh deploy -ip 127.0.0.1 -port Change the password of the database
12212 -username admin administrator or the database user.
changedbpassword -username username
./startclient.sh deploy -ip 127.0.0.1 -port Change the password of the MSuite.
12212 -username admin
changemsuitepassword
NOTE
The information in italic type in the following table indicates the variable parameters that can be
changed as required.

Example for Using Command Lines

The following takes the operation of querying the Domain installed on the U2000 on Solaris
through command lines as an example:
1. Log in to the OS as the ossuser user to open the terminal window.
2. Run the following commands to query the installed Domain:
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin query -
type 1
NOTE

C.2 Starting and Stopping the MSuite

This topic describes how to start and stop the MSuite.
C.2.1 Starting the Process of the MSuite Server

This topic describes how to start the process of the MSuite server.
Context
Generally, the process of the MSuite server is not started with the OS startup. If the process is
not started, perform the following operations to start it.In the high availability system, the
MSuite server process must be started on both the primary and secondary sites.
Procedure


$ ./startserver.sh
----End

C.2.2 Logging In to the MSuite Client

This topic describes how to log in to the MSuite client.
Prerequisites
l The MSuite server must be started.
l Port 12212 on the MSuite server is enabled.
l The MSuite client and the server communicate with each other properly.
l The MSuite server process is started on both the primary and secondary sites during
some operations in the high availability system, and the MSuite client can properly
communicate with the MSuite server on both the primary and secondary sites.
Context
l If you consecutively enters incorrect passwords three times, the IP address of the PC on
which the MSuite client is installed will be locked by the U2000. The U2000 will unlock
this IP address 5 minutes later.
l The password of the admin user of the MSuite has a validity period of 90 days. If the
password expires, change the password as prompted after you log in to the MSuite.
l After you have logged in to the MSuite client, if the MSuite client has not been used for
over 10 minutes, the MSuite client will be automatically locked, and you must enter the
login password again to lock the MSuite client out.
Procedure
Step 1 Ensure that the MSuite server has been started.
1. Log in to the Windows OS as the administrator user, check whether the msdaemon.exe
2. Run the following command as user ossuser to verify that the MSuite server is running:

OSSJRE/jre_linux/bin/java -server is displayed. Switch to the ossuser user and run the
following commands to start the MSuite server if it is not running:
# su - ossuser
$ ./startserver.sh
Step 2 On a computer where the MSuite client is installed, double-click the U2000 NMS
Maintenance Suite shortcut icon on the desktop and then wait about one minute. The Login

NOTE
l In Solaris or SUSE Linux OS, log in to the Java desktop system as user ossuser. Otherwise, the
U2000 NMS Maintenance Suite shortcut icon is not displayed on the desktop. To start the MSuite
client by running commands, log in to the OS as user ossuser through VNC.
$ ./startclient.sh
l If a dialog box showing The client and server versions are different. Upgrade the client using
the CAU. is displayed, the method of upgrading the U2000 client by using the CAU is as follow:
1. Install the U2000 client software in network mode: Enter https://server's IP address/cau/
(recommended for higher security) or http://server's IP address/cau/ in the address box of the
Internet Explorer, and press Enter to access the Web installation page. For details, see U2000
Client Software Installation Guide in the U2000 Client Software Installation Guide.
2. If you upgrade the U2000 client software using the CAU, the MSuite client is also upgraded.
Step 3 Set the login parameters.

The login parameters are described as follows:
l IP Address:
– To log in to the local MSuite server, use the default IP address 127.0.0.1.
– To log in to the remote MSuite server, enter the IP address of the computer where
the MSuite server is installed. If multiple IP addresses are configured for the
computer, use the NMS application IP address.
NOTE
The Login dialog box of the MSuite client has the function to keep the login list. Selecting an IP
address from the IP Address drop-down list is recommended. If the desired IP address is not
displayed in the drop-down list, enter an IP address.
l Port: The default port ID is 12212. There is no need to change the default value during
login but ensure that the port is not occupied.
l User Name: The default user name is admin.
l Password: The initial password of the admin user is Changeme_123. The password
must be changed during the first login to ensure system security. Keep the password
confidential and change it regularly.
Step 4 Click Login.
NOTE
l When you log in to the MSuite client, a progress bar is displayed showing the progress of Refresh
Deployment Information. Wait until the operation is complete.
l The MSuite works in single-user mode. Specifically, only one MSuite client can log in to the MSuite at
one time.
----End
C.2.3 Exiting from the MSuite client

This topic describes how to exit from the MSuite client.
Procedure
Step 1 On the MSuite client, choose System > Exit. The Exit dialog box is displayed.
Step 2 Click OK.
----End

C.2.4 Ending the Process of the MSuite Server

Before adding components incrementally, or changing the IP address of the Windows OS. you
must end the MSuite server process.
Procedure
the two processes in the process list, the MSuite server is running. If the MSuite server is
running, run the following commands to stop the MSuite server:
Go to the D:\oss\engr\engineering path, double-click the stopserver.bat file, and end
the MSuite server process.
OSSJRE/jre_linux/bin/java -server is displayed. If the MSuite server is running, run
the following commands to stop the MSuite server:
$ ./stopserver.sh
----End
C.3 System Management

This topic describes how to use the system management functions of the MSuite.
C.3.1 Changing the Password of the MSuite

This topic describes how to change the password of the MSuite. To ensure the security of the
U2000, change the password of the MSuite immediately and record the password after
installing the U2000 server.
Prerequisites
MSuite processes are running. If they are not running, start them by following the steps
provided in A.10.2 How to Start the Process of the MSuite Server.
Context
In the high availability system, you only need to log in to the MSuite server on the primary
site and change the password of the MSuite. The password of the MSuite on the secondary
site is then automatically changed.
Procedure
Step 2 On the MSuite client, choose System > Change Password from the main menu. The Change
Password dialog box is displayed.

Step 3 Click OK. The Change Password dialog box is displayed.

Step 4 Enter the old password and new password.
NOTE
The initial password is Changeme_123.

– At least one lower-case letter
– At least one upper-case letter
– At least one special character ~!@#$%^&*()-_=+\|[{}];:"',<.>/?
l The password cannot be the same as the user name written in either the forward or backward
format.
If the password does not meet requirements, an error message will be displayed.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the MSuite GUI desktop system, change
the password of the administrator of the database through the CLI.
changemsuitepassword
Enter the old MSuite server password[]:
Enter the new MSuite server password[]:Enter the new MSuite server password
according to the prompted password rule.
Enter the confirm MSuite server password[]:
NOTE
l username: the user name of the MSuite.

l If the new MSuite password does not meet the verification rules, a message will be displayed asking
you whether to continue. If you want to continue, enter Y. If you do not want to continue, enter N.
l If the following information is displayed, the MSuite password has been changed successfully.
After changing the MSuite password, start U2000 server processes.
C.3.2 Logging Out of the MSuite Client

This topic describes how to log out of the current MSuite client. After you perform the logout
operation, the Login dialog box is displayed.

Procedure
Step 1 On the MSuite client, choose System > Log Out. The Confirm dialog box is displayed.
Step 2 Click Yes.
----End
C.4 U2000 Deployment

This topic describes how to deploy the U2000. After the U2000 is installed, you can maintain
or adjust the deployment of the U2000 through the MSuite.
C.4.1 Setting the System Time and Time Zone

This topic describes how to set the system time and time zone. During the maintenance of the
U2000, you can use the MSuite to set the time and time zone of the U2000 server.
Prerequisites
The U2000 and database must be shut down when setting the system time and time zone. For
details, see 3 Shutting Down a U2000.
Context
l In a high availability system (Veritas hot standby), you need to log in to the MSuite
server of the primary and secondary sites to respectively change the time and time zones
of the primary and secondary sites. The time of the primary site and the time of the
secondary site can be in different time zones and different time. Make sure that the time
is consistent with the standard date and time zone of the local area.
l In the Windows OS, the MSuite does not support this function. Open Date and Time on
the Control Panel. In the Date and Time Properties dialog box, set the time zone, date
and time.
Procedure

NOTE
Step 4 Click OK.

NOTE

zone is changed.
System.
----End
Example for changing the time zone and time

The operation on the Solaris OS is used as an example.
l This example assumes that the current time zone is Etc/GMT+6 and the current time is
12:00, the time zone needs to be changed to Etc/GMT+5, and the time needs to be
changed to 11:00. Perform the following operations:
– In the Change Time Zone dialog box, change the value of Time Zone in New
Time Zone to UTC+07:00.
The value of Time in New Time Zone is automatically changed to 11:00, If the
automatically changed time is a correct local time, no modification is required.

Otherwise, change the value of Time in Current Time Zone until the value of
Time in New Time Zone is the correct local time.
– Click OK.
– Click OK as prompted. Run the following commands to restart the Solaris
operating system:
After the Solaris OS is restarted, the local time and time zone will be displayed.
C.4.2 Changing the Password of the Database Administrator

This topic describes how to change the password of the database administrator. After
installing the U2000, you can change the password of the database administrator through the
MSuite.
Prerequisites
running:
Database.
Database Service.
Database Service.
Context
NOTE
l In the high availability system (Veritas hot standby), change the password of the administrator of the
database only on the MSuite server at the primary site. The passwords of the administrator of the
databases at both the primary and secondary sites are changed.
l After the U2000 is installed, using the MSuite to change the password of the database administrator
is recommended. Do not manually change the password. Otherwise, the U2000 may fail to be started
properly. If the password of the database administrator is changed manually, you must use the
MSuite to change the password again to ensure the normal operation of the U2000.

NOTICE
Changing the password of a database user may cause the database login failure.
Procedure
Step 3 Enter the old password, new password and confirm password.
NOTE

NOTE
successfully.
l In Windows 2008 OS, if the above operations are right, but the message Change the password
failed. or a message indicating that the password is too newest is displayed, Please log in Windows
2008 OS. Then, click Start > All Programs > Microsoft SQL Server 2008 > SQL Server
Management Studio, connect the server as sa user. Select the Security > Logins from the
navigation tree, double-click sa. Clear the selection of the Enforce password policy in the Login
Properties dialog box.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, change the
password of the administrator of the database through the CLI.

Enter the old database password[]:
Enter the new database password[]:Enter the new database password according to
the prompted password rule.
Enter the confirm database password[]:
NOTE
l username: the user name of the database administrator. The default user name of the database
administrator is sa. If created a replacement user for the database administrator sa user, input the
new user name of the database administrator.
l If the new database password does not meet the verification rules, a message will be displayed
asking you whether to continue. If you want to continue, enter Y. If you do not want to continue,
enter N.
successfully.
C.4.3 Changing the Password of the User of the Database

This topic describes how to change the password of the user of the database. After the U2000
is installed, you can change the password of the user of the database through the MSuite.
Prerequisites
running:
Database.
Database Service.
Database Service.

Context
l In Solaris/SUSE Linux OS, the Sybase database is installed and the database user is
dbuser.
l In Windows OS, the SQL Server database is installed and the database user is dbuser.
NOTE
l In the high availability system (Veritas hot standby), change the password of the user of the database
only on the MSuite server at the primary site. The passwords of the users of the databases at both the
primary and secondary sites are changed.
l After the U2000 is installed, using the MSuite to change the password of the dbuser user is
recommended. Do not manually change the password. Otherwise, the U2000 may fail to be started
properly. If the password of the dbuser user is changed manually, you must use the MSuite to
change the password again to ensure the normal operation of the U2000.
NOTICE
Changing the password of a database user may cause a database login failure.
Procedure
Step 2 On the MSuite client, choose Deploy > Change Database User Password. The Change
Password dialog box is displayed.
Step 3 Enter the old password, new password and confirm new password.
NOTE

NOTE
In Windows 2008 OS, if the above operations are right, but the message Failed to change the
password, because the new password does not meet the password security policy. or a message
indicating that the password is too newest is displayed, Please log in Windows 2008 OS. Then, click
Start > All Programs > Microsoft SQL Server 2008 > SQL Server Management Studio, connect the
server as dbuser user. Select the Security > Logins from the navigation tree, double-click dbuser. Clear
the selection of the Enforce password policy in the Login Properties dialog box.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, change the
password of the user of the database through the CLI.
Enter the old database password[]:
Enter the new database password[]:Enter the new database password according to
the prompted password rule.
Enter the confirm database password[]:
NOTE
l username: the database user is dbuser.

C.4.4 Configuring the NTP Service

This topic describes how to configure the NTP service. After installing the U2000, you can
configure the NTP service through the MSuite to ensure the consistency in the time of the
NTP client and the NTP server.
Prerequisites
l The NTP client and server must conform to the local standard date and time zone. The
time difference between the NTP client or server and the local standard time must be less
than 2 minutes.
– On Windows, click Date and Time in Control Panel. In the Date and Time dialog
box, view the OS time zone, date, and time.
– On Solaris, run the # echo $TZ command to view the OS time zone, and run the #
date command to view the OS date and time. Run the tzselect command and
perform operations based on the command output to view the time zone identifier of
each country.
– On SUSE Linux, run the # yast2 timezone command to view the OS time zone,
date, and time. Run the tzselect command and perform operations based on the
command output to view the time zone identifier of each country.

If the date, time zone, or time of the workstation does not meet requirements, refer to C.
4.1 Setting the System Time and Time Zone to correct it.
l If the time difference between the NTP client and NTP server is large, for example, tens
of minutes, the time on the NTP client cannot be synchronized with that on the NTP
server at once. In this case, you need to adjust the time difference for several times.
Thus, it is recommended that the time difference between the NTP client and the NTP
server is less than 5 minutes. In this manner, the influence imposed by major time
adjustment can be avoided on the application.
NOTE
If the time zones of the NTP client and server are different, change the time to the UTC time and
check the time zones. For example, the Beijing time is UTC+8.0. If the current Beijing time is
14:00, the UTC time is 6:00.
Context
l Here, you can only configure a server as an NTP client. To configure a server as an
intermediate or highest-level NTP server, invoke the commissioning tool to configure the
NTP service. For details about how to invoke the commissioning tool, see the chapter
Configuring System Commissioning Parameters in the associated installation guide.
l In a high availability system (Veritas hot standby), you need to log in to the MSuite
server of the primary and secondary sites to respectively configure NTP serive of the
primary and secondary sites.
Procedure
Step 2 On the MSuite client, choose Deploy > Configure NTP. The Configure NTP dialog box is
displayed.
Step 3 Enter the IP address of the NTP server, and then click OK.
NOTE
l If external clock sources are not traced, set NTP server IP to 127.127.1.0.
l If external clock sources are traced, set NTP server IP to the IP address of the server that is traced.
l Click Add and enter the IP addresses of the primary and secondary NTP servers. A maximum of 10
secondary NTP server IP addresses can be added at a time. Click Delete to delete IP addresses of the
primary and secondary NTP servers.
Step 4 Click OK.

----End
Follow-up Procedure
l On Solaris, see A.11.51 Checking the NTP Service on Solaris to check whether the
NTP service is correctly configured. If you want to stop the NTP, see A.11.52 Starting
or Stopping the NTP Service on Solaris.
l On SUSE Linux, see A.2.29 Checking the NTP Service on Linux to check whether the
NTP service is correctly configured. If you want to stop the NTP, see A.11.53 Starting
or Stopping the NTP Service on SUSE Linux.
C.4.5 Deploying Domains

The U2000 can manage the access, transport, and IP domains. Software packages of all
domains have been uploaded during U2000 installation but some domains may not be

deployed. Therefore, you can use the domain deployment function to deploy a new domain as
needed so that the U2000 can manage NEs in this domain.
Prerequisites
l The MSuite server has been started.
Context
In the high availability (HA) system, you need to perform operations described here only on
the MSuite server on the primary site. The deployed domains on the secondary site are
updated after data replication and synchronization are completed between the primary and
secondary sites.
Procedure
Step 2 In MSuite client, choose Deploy > Deploy. The Deploy dialog box is displayed.
NOTE
l In the Deploy dialog box, if some domains are gray, the domains have been deployed.
l Cannot deploy the xxxx domain, because the installation package of this domain has not been
correctly or fully decompressed. displays in the Deploy dialog box, click Incremental Install to
install it incrementally. See A.11.20 How Do I Install a Domain Component Incrementally.
Step 3 Select a domain and click OK. A dialog box is displayed showing the deployment progress.
The time required for the installation depends on the number of domains to be deployed and
the configurations of the server. Wait patiently.
Step 4 If the "The XXX domain has been deployed. Restart the NMS" message is displayed, the
domain has been successfully deployed.
NOTICE
deployment fails.
Step 6 Restart the U2000.

You can do as follows to restart NMS processes:
1. Stop the U2000. For details, see Stopping the U2000 Server Processes of the chapter
Shutting Down the U2000 Server in 3 Shutting Down a U2000.
2. start the U2000. For details, see Starting the U2000 Server Processes of the chapter
Step 7 Log in to the U2000 client again to cause the new domain to take effect.
NOTE
If the U2000 client is running, stop it and log in to it again.

Step 8 Replace the U2000 key store. For details, see 7.1 U2000 Key Solution Introduction.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system,, deploy
domains in CLI mode.
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin deploydomain -
domain domain_name

The operation mode is command
Starting OSS Engineering CMD Client...
Enter the MSuite login password as prompted. The following information is displayed:
Deploy option: deploydomain
Domain name: access
Progress:0%
......
NOTE
l domain_name indicates the domain name, which can be Access, Trans, or IP. The domain name is
case-insensitive. If multiple domains need to be deployed, separate them using commas.
l During incremental domain deployment in CLI mode, if a domain has already been deployed, a
message is displayed indicating the deployment status.
After incremental domain deployment is complete, the message "The domain_name domain
has been deployed. Restart the NMS." is displayed.
Restart the U2000 as prompted.

1. Stop the U2000 server. For details about the procedure, see the 3 Shutting Down a
U2000.
2. Start the U2000 server. For details about the procedure, see 2 Starting the U2000
System.
C.4.6 Undeploying Domains

To disable the U2000 from managing NEs in a domain, undeploy the domain to improve
system operation efficiency.

Prerequisites
l U2000 processes have been stopped. According to the OS and the deployment schemes,
choose to refer to 3 Shutting Down a U2000.
l The MSuite server has been started.
Context
In the high availability (HA) system, you need to perform operations described here only on
the MSuite server on the primary site. The deployed domains on the secondary site are
updated after data replication and synchronization are completed between the primary and
secondary sites.
Procedure
Step 2 In MSuite client, choose Deploy > Undeploy. The Undeploy dialog box is displayed.
Step 3 Select a domain and click OK. A dialog box is displayed showing the message "Undeploying
a domain will delete all its data on the NMS irreversibly. Are you sure you want to
continue?".
NOTICE
l In the Undeploy dialog box, do not select all the domains because there must be at least
one domain deployed.
l In the Undeploy dialog box, if some domains are gray, the domains have not been
deployed. Refer to C.4.5 Deploying Domains to deploy the domains.
Step 4 Click OK. A dialog box is displayed showing the undeployment progress. The time required
for the uninstallation depends on the number of domains to be undeployed and the
configurations of the server. Wait patiently.
Step 5 If the "The XXX domain has been undeployed." message is displayed, the domain has been
successfully undeployed.
NOTICE
undeployment fails.
Step 7 Start the U2000. For details, see Starting the U2000 Server Processes of the chapter
Step 8 Log in to the U2000 client again.

NOTE
If the U2000 client is running, stop it and log in to it again.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system,, undeploy
domains in CLI mode.
undeploydomain -domain domain_name

The operation mode is command
Starting OSS Engineering CMD Client...
Enter the MSuite login password as prompted. The following information is displayed. Enter
y and continue with the operations.
Deploy option: undeploydomain
Domain name: domain_name

Undeploying a domain will delete all its data on the NMS irreversibly. Are you
sure you want to continue(Y/N)?
NOTE
l domain_name indicates the domain name, which can be Access, Trans, or IP. The domain name is
case-insensitive. If multiple domains need to be undeployed, separate them using commas.
Undeploying all domains is not required. There must be at least one domain deployed.
l During domain undeployment in CLI mode, if the domain_name domain has not been deployed, the
message Cannot undeploy the domain_name domain, because this domain
has not been deploy before. is displayed.
Start the U2000. For details, see Starting the U2000 Server Processes of the chapter
C.5 Adjusting the NMS

This topic describes how to adjust the NMS. After the U2000 is installed, you can adjust the
U2000 server parameters through the MSuite.
C.5.1 Changing the Host Name and IP Address

If network configurations change, you must use the MSuite to change the IP address, host
name, and route of the server.

The rules of modify the IP address and host name

If network configurations change, you must change the IP address, host name, and route of
the server to ensure normal running the U2000. If the U2000 has been installed on the server,
you must use the MSuite to change the IP address, host name, and route of the server in
compliance with the following rules:
l In the scenario of a high availability system, you must separate the primary site from the
secondary site and then change the host names and IP addresses for the primary site and
secondary site.
l The U2000 processes must be stopped.
l The database must be running.
l The new host name must comply with the host name naming rule.
– The host name of the U2000 server must be unique on the network.
– On Solaris/SUSE Linux OS.
n host name must be a string consisting of no more than 24 characters that can
only be letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
n The first character must be a letter and the last character cannot be a hyphen.
n The host name cannot contain --.
n The host name cannot contain only one character.
– On Windows OS, the host name must be a string consisting of no more than 30
characters that can only be letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
– The host name cannot be any of the following keywords in the high availability
system.
action false keylist static after firm local stop requires
remotecluster
system group resource global Start str temp set heartbeat
ArgListValues
System Group boolean hard Name soft before online condition
MonitorOnly
remote start cluster event VCShm type Path offline Signaled
HostMonitor
Probed state Cluster IState int Type State VCShmg NameRule
ConfidenceLevel
l If NBIs instances are deployed before the host name and IP address are changed, you
name.
l It is recommended that you back up the database in time after changing the IP address
and host name.
NOTICE
Modifying IP addres information may result in network interruption. Perform this

Modify the IP address and host name through the GUI

The procedure for changing the IP address and host name varies according to U2000
deployment schemes. Details are as follows:
server system (Windows 2008), see 12.1.1 How to Change the IP Address of the
Single-Server System (Windows 2008) and 12.1.2 How to Change the Host Name of
the Single-Server System (Windows 2008).
server system (Solaris), see 12.1.3 How to Change the IP Address and Host Name for
the Single-Server System (Solaris).
server system (SUSE Linux), see 12.1.4 How to Change the IP Address and Host
Name for the Single-Server System (SUSE Linux).
l For information on how to change IP addresses and host names on a GUI for a high
availability system (Solaris), see 12.1.5 How to Change the IP Address and Host
Name for the High Availability System (Solaris).
l For information on how to change IP addresses and host names on a GUI for a local high
availability system (SUSE Linux), see 12.1.6 How to Change the IP Address and Host
Name for the Local High Availability System (SUSE Linux).
l For information on how to change IP addresses and host names on a GUI for a remote
high availability system (SUSE Linux), see 12.1.7 How to Change the IP Address and
Host Name for the Remote High Availability System (SUSE Linux).
Modify the IP address and host name through the CLI

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system,, modify the IP
address and host name of the server through the CLI.
Before using commands to change the IP address and host name, make sure that the preceding
requirements are met. Details are as follows:
NOTICE
if the server configure multiple IP addresses, you can modify the NMS application IP address
through the CLI only.
l Run the following command to change the IP address:

NOTE

After this operation, restart the OS to make the new IP address take effect.
l Run the following commands to change the host name:
modifyhostname -hostname hostname
NOTE
l The application IP address parameter indicates the application IP address of the U2000. The
variable ipaddress indicates the IP address associated with the host name to be changed. The
variable hostname indicates the modified host name. After the preceding commands are
executed, restart the OS to make the host name take effect.
C.5.1.1 How to Change the IP Address of the Single-Server System (Windows

2008)
Question
How do I change the IP address of the single-server system (Windows 2008)?
Answer
NOTE
Changing an IP address includes the following major steps:

1. Shut down the NMS server and all NMS clients, and ensure that the database is running.
2. Shut down the U2000 MSuite server.
3. Change the IP address of the U2000 server.
4. Start the U2000 MSuite server.
6. Restart the OS.
NOTICE
to be started.


NOTE


Step 4 Disable one or more unwanted NIC.
2. Select one ore more unwanted old NICs, right-click, and choose Disable from the
shortcut menu.
Step 5 Perform the following operations to change the IP address of the server:
2. In the Network and Sharing Center dialog box, click Change adapter settings.
3. In the Network Connections dialog box that is displayed, right-click the network
connection to be configured and choose Properties from the shortcut menu.
4. In the Local Area Connection Properties dialog box, click Internet Protocol Version
4 (TCP/IPv4) and then Properties.
5. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box that is displayed,
enter the new IP address, subnet mask, and default gateway address, and perform the
related modification. Click OK.
Step 6 Login the NMS server with the new IP address.
Step 7 Change the IP address information in the nic.cfg configuration file as required.
NOTE
l The prerequisite to perform this step is that the server communication NIC needs to be replaced or
the NIC name needs to be modified. If you do not need to replace the communication NIC or modify
the NIC name, do not perform this step.
l During U2000 installation, the server IP address must be set to the IP address for external
communication. A loopback IP address, such as 127.0.0.1, is not allowed.
1. Navigate to D:\oss\engr\engineering\conf, copy nic.cfg, and save it as nic_bak.cfg.
NOTE
If the U2000 is not installed in disk D, change D to the actual drive letter.
2. Double-click nic.cfg.
3. Change the IP address information in nic.cfg as required, Ensure that all NIC names in
the file are the same as names of actual NICs on the host, Change physical addresses of
all network interface cards (NIC) to thoses of actual hosts in nic.cfg as follows:

NOTICE
In the CLI, run the ipconfig command to view the associated IP addresses.
– Choose Start > Run. The Run window will be displayed.
– Enter cmd and click OK.
– In the CLI, run the ipconfig -all command to view the associated IP addresses.
HOST01_PublicNIC_NAME=localhost
HOST01_PublicNIC_MAC=00-0C-29-8F-DD-3F
HOST01_PrivateNIC_NAME=localhost
HOST01_PrivateNIC_MAC=00-0C-29-8F-DD-3F
4. Save and close nic.cfg.

NOTICE
value during login.
NOTE
Database.
3. Restart the OS.

NOTE
– If NBIs instances are deployed before the host name and IP address are changed, you must re-
– The changed IP address will be used for re-configure an NBI. For details, see the related NBI
user guide.
----End
C.5.1.2 How to Change the Host Name of the Single-Server System (Windows
2008)
Question
How to change the host name of the single-server system (Windows 2008)?
Answer
NOTE
Changing the host name includes the following major steps:

1. Shut down the U2000 server and client, and ensure that the database is running.
2. Change the host name of the U2000 server.
3. Restart the OS.
NOTICE
to be started.

NOTE

Step 3 Perform the following operations to change the host name of the server:
1. Click Start. Right-click Computer on the desktop and choose Properties from the
shortcut menu.

2. In the Computer name, domain, and workgroup settings area, click Change settings.
3. In the Computer Name tab, click Change.
4. In the dialog box that is displayed, change the computer name, and then click OK.
NOTE
– Ensure that you change the host name in the work group.
– The host name must be a string consisting of no more than 30 characters that can only be
letters (A to Z, a to z), digits (0 to 9) and hyphen (-).
displayed, click OK.
6. Click Close.
displayed, click Restart Now to restart the OS.
Step 4 Refer to Step 2 to shut down the NMS server and client.


NOTICE
value during login.
NOTE

----End
C.5.1.3 How to Change the IP Address and Host Name for the Single-Server
System (Solaris)
Question
How to change the IP address and host name for the single-server system (Solaris)?
Answer
NOTE

2. Use the MSuite to change the IP address and host.
NOTICE

$ ./stopnms.sh
NOTE
Step 3 After the processes are ended, on the NMS server. For details, see A.10.4 How to Start the
MSuite Client.
shortcut menu.


$ su - root
NOTE
guide.
Single-Server System Software Installation and Commissioning Guide (Solaris) manual.
----End
C.5.1.4 How to Change the IP Address and Host Name for the Single-Server
System (SUSE Linux)
Question
How to change the IP address and host name for the single-server system (SUSE Linux)?
Answer
NOTE

2. Use the MSuite to change the IP address and host name.
NOTICE

$ ./stopnms.sh
NOTE
Step 5 Do as follows to change the IP address.

shortcut menu.
NOTE
Multiple IP addresses cannot share the same host name. You must set a host name for each IP address.
$ su - root
# shutdown -r now

NOTE
guide.
----End
C.5.1.5 How to Change the IP Address and Host Name for the High Availability
System (Solaris)
Question
How do I change the IP address and host name for the High Availability System (Solaris)?
Answer
NOTE

primary site.
secondary site.
NOTICE
Step 3 Check the status of all resources on the primary site. Ensure that the NMSServer resource is
in the offline state and other resources are in the online state on the primary site.



online state.
NOTE



shortcut menu.

$ su - root
Step 7 Check the status of all resources on the secondary site. Ensure that the NMSServer resource
is in the offline state and other resources are in the online state on the secondary site.


BackupServer State Secmaster ONLINE
DataFilesystem State Secmaster ONLINE
DatabaseServer State Secmaster ONLINE
NMSServer State Secmaster ONLINE
RVGPrimary State Secmaster ONLINE
datarvg State Secmaster ONLINE
wac State Secmaster ONLINE
online state.
NOTE

shortcut menu.


$ su - root
NOTE
guide.
HA System Software Installation and Commissioning Guide (Solaris) manual.
----End
C.5.1.6 How to Change the IP Address and Host Name for the Local High
Question
How do I change the IP address and host name for the Local High Availability System (SUSE
Linux)?
Answer
NOTE

are in ONLINE state on the primary site.
are in ONLINE state on the secondary site.

NOTICE
l The new floating IP address must be on the same network segment as the application IP
address.
l If the original IP address and modified IP address are in the same network segment, you
can choose to change both the application IP address and floating IP address or only one of
them as required. You can change either the application IP address or the floating IP
address first.
l If the original IP address and modified IP address are not in the same network segment,
both the application IP address and floating IP address need to be changed and the
application IP address needs to be changed in prior to the floating IP address.

NOTE
the primary site are in the OFFLINE state and other resources are in the ONLINE state.

NOTE


shortcut menu.

incorrectly.
# hastart -onenode
NOTICE
# shutdown -r now


NOTE
the secondary site are in the OFFLINE state and other resources are in the ONLINE state.

NOTE

shortcut menu.


incorrectly.
# hastart -onenode
NOTICE
# shutdown -r now
NOTE
guide.
----End
C.5.1.7 How to Change the IP Address and Host Name for the Remote High
Question
How do I change the IP address and host name for the Remote High Availability System
(SUSE Linux)?

Answer
NOTE

primary site.
secondary site.
NOTICE
NOTE
Step 4 Check the status of all resources. Ensure that the NMSServer resource of the primary site is

online state.

NOTE



shortcut menu.

incorrectly.
# hastart -onenode
NOTICE

# shutdown -r now

NOTE
Step 10 Check the status of all resources. Ensure that the NMSServer resource of the secondary site is

online state.
NOTE

shortcut menu.


incorrectly.
# hastart -onenode
NOTICE
# shutdown -r now
NOTE
guide.
----End
C.5.2 Configuring Routes

This topic describes how to configure routes. After the U2000 is installed, if the network
configurations of the server change, you can configure the routes of the server through the
MSuite.
Prerequisites
l U2000 processes must have been stopped.

l The MSuite server and client are installed on the same computer or communicate with
each other properly.
Context
l In the high availability system (Veritas hot standby), if you need to modify the routes of
the primary and secondary sites, you need to log in to the MSuite servers of the primary
and secondary sites to perform the operation.
l On Solaris, if the MSuite client is not installed and you need to modify the default route,
see A.3.1.2 How to Add the Default Route. If the MSuite client is not installed and you
need to modify a static route, see A.3.1.3 How to Add a Static Route.
l On SUSE Linux, if the MSuite client is not installed and you need to modify the default
route, see A.2.5 How to manually Add the Default Route (SUSE Linux). If the
MSuite client is not installed and you need to modify a static route, see A.2.6 How to
manually Add a Static Route (SUSE Linux).
NOTICE
Modifying routing information may result in network interruption. Perform this operation
NOTE
Configuring routes on Solaris OS is used as an example.
Procedure
NOTE

...
...

NOTE
started.
# su - ossuser
$ ./startserver.sh
Step 4 Right-click the target server and choose Configure Route from the shortcut menu. The
Configure Route dialog box is displayed.
Step 5 In the dialog box that is displayed, click Add or Delete according to actual route conditions to
configure the route.
NOTICE
Before adding a route, ensure that the server and the router are directly connected. Otherwise,
the route cannot be took effect immediately.
For example, the procedure for adding a route from a client (IP address: 10.70.73.77) to a
server (IP address: 10.71.224.12) is as follows, with the IP address of the intermediate router
being 10.71.224.1:

1. Ensure that the server and the router are directly connected.
2. Click Add. Set Destination to 10.70.73.0, Subnet Mask to 255.255.255.0, and
Gateway to 10.71.224.1.
Step 6 Click OK.
Step 7 After the configurations are complete, run the netstat -nr command to view route
configurations.
----End
C.5.3 Synchronizing Network Configurations

If the host name or system IP address of the U2000 server is not manually modified using the
MSuite, you must synchronize the network configuration so that the IP addresses and
hostnames of the MSuite and server are synchronized. Otherwise, the U2000 cannot be
properly used.
Prerequisites
l Ensure that no client logins on the NMS server.
l Ensure that the NMS server programs are already stopped. For details, see Shutting
Down the U2000 Server in the relevant 3 Shutting Down a U2000 solution.
l Ensure that the database is running.
l In a high availability system, delete the high availability relationship between the
primary and secondary sites. For details, see C.6.2 Separating the Primary Site from
the Secondary Site. Then, log in to both the primary and secondary sites to synchronize
network configurations.
l Connect the network interface that is configured with a system IP address during pre-
installation to the network. If the network interface is not connected to the network, the
U2000 fails to synchronize network configurations or be started. Configuring the system
IP address for the network interface with the smallest interface serial number is
preferred. For example, the network interface eth0 with serial number of 1 can be used
for the Huawei 2288H V5, Huawei RH2288H V3, Huawei RH5885H V3, Huawei
RH2288H V2, IBM X3650 M4, IBM X3650 M3 and IBM X3850 X5 servers.

Procedure
Step 3 Right-click the server whose network configuration needs to be synchronized and choose
Synchronize Network Configuration from the shortcut menu. A dialog box is displayed for
you to confirm the operation.
Step 4 Click OK. A progress bar showing the synchronization progress is displayed.
NOTE
If a message is displayed indicating that you confirm no client logins on the NMS server and stop the NMS
service manually, click OK to stop the configuration synchronization. Synchronize network configurations
after the prerequisites are met.
Step 5 When the system displays "Synchronize network configuration success", click OK.
----End
Follow-up Procedure
In a high availability system, reestablish the high availability relationship between the primary
and secondary sites after synchronizing network configurations.
1. On the primary and secondary sites, do as follows to check whether the VCS service has
been started:
# ps -ef | grep had

NOTE
onenode, the VCS service has been started. If the VCS service has not been started, run the
hastart -onenode command on the primary and secondary sites to start the VCS service.
2. Reestablish the high availability relationship between the primary and secondary sites.
For details, see C.6.1 Establishing the HA Relationship Between the Primary and
Secondary Sites.
C.5.4 Example for Adjusting the Network configurations of the

Solaris Single-Server System
If the U2000 is preinstalled on servers delivered from Huawei to sites, the network
configurations for the servers need to be adjusted after the servers arrive at the sites because
the site network configurations are different from the preinstalled network configurations. The
adjustment covers changing IP addresses and configuring routes.
Prerequisites
l A laptop computer or PC is available. A laptop computer or PC on which the remote
GUI desktop software has been installed is recommended. If no GUI desktop software is
available, you can only use commands to adjust network configurations.
l A network cable is available.

Context
For example, Table C-3 shows the server IP address and routing information after
preinstallation, as well as the server IP address and routing information that is required after
the server reaches the site.
Table C-3 Server IP address and routing information

Scenario Server IP Address Gateway IP
Address
After preinstallation 10.71.224.12 10.71.224.1

NOTE
The IP address and routing information about the
preinstalled U2000 server can be obtained from the
U2000 server label.
After the server reaches the site 10.70.67.17 10.70.67.1
Procedure
Step 1 Connect the laptop computer or PC to the U2000 server with the network cable.
Step 2 Change the IP address and subnet mask of the laptop computer or PC so that this IP address is
on the same network segment as the IP address of the U2000 server. For example, the IP
address is 10.71.224.13 and subnet mask is 255.255.254.0.
Step 3 Power on the U2000 server.
Step 4 Perform the following operations to modify the IP address:

1. Log in to the U2000 server OS as the ossuser user from the laptop computer or PC.
2. Open a terminal window and run the following commands to end U2000 processes.
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, see A.9.1.2 How to
Start the Sybase Database Service.
3. After the processes are ended, log in to the MSuite client.
shortcut menu.

6. In the Change IP Address And Hostname dialog box, enter the new IP address and
subnet mask.
NOTICE
When changing the IP address, do not change the host name. Otherwise, the U2000 fails
to be started.

restart the OS and back up the database in time. click OK.
The OS does not restart automatically and you need to enter a restart command. Do not
restart the OS at that time but restart it after the routing information is modified.
NOTE
If no GUI desktop software is available, you can only use commands to change the IP address.
1. Open a CLI on the PC or laptop connected to the server, and run the telnet command to log in to the
U2000 server OS as the ossuser user.
$ ./stopnms.sh
3. Run the following command to change the IP address:
– The default user name of the MSuite is admin and the default password is Changeme_123. If the
– In this example, the value of ipaddress is 10.71.224.12, the value of ipaddress is 10.70.67.17, and
the value of netmask is 255.255.254.0.
Step 5 Perform the following operations to modify the default route:

1. Log in the OS as user root.
2. Open a terminal window in the Solaris OS.
4. Enter an IP address as the default route in the file. In this example, the default route is
10.70.67.1.
5. Run the :wq command to save and close the file.

Step 8 Disconnect the PC from the U2000 server and connect the U2000 server to the network.
----End
C.5.5 Example for Adjusting the Network configurations of the

SUSE Linux Single-Server System
Prerequisites
l A laptop computer or PC is available.
Context

Address

NOTE
U2000 server label.
Procedure
Step 1 On the rear board on the U2000 server, select a network interface configured with system IP
and use a network cable to connect the network interface and the PC.
NOTE
During preinstallation, the system IP is configured for network interfaces marked as 1 by default.
Step 4 Perform the following operations to modify the IP address:

1. On the PC or laptop directly connected to the U2000 server, use VNC to log in to the OS
as the ossuser user.

2. Open a terminal window and run the following commands to end U2000 processes.
$ ./stopnms.sh
NOTE
Do not stop the database. If the database is not running, start it. For details, see A.9.1.2 How to
Start the Sybase Database Service.
3. After the processes are ended, log in to the MSuite client.
shortcut menu.
subnet mask.
NOTICE
to be started.

2. Open a terminal window in the SUSE Linux OS.

10.70.67.1.

# shutdown -r now
Step 7 Log in to the SUSE Linux OS as the root user. Run the netstat -nr command to view the
default route of the system.
----End
C.5.6 Example for Adjusting Network Configurations of the High

Prerequisites
Context

Address

NOTE
U2000 server label.
Procedure
Step 1 Connect the laptop computer or PC to the U2000 server with the network cable.

Step 4 Perform the following operations to change the IP address:

2. Start the database. For details, see 2.4.2 Starting the Database.
NOTE
Ensure that the U2000 is shut down. If the U2000 has been started, shut it down by referring to
3. Start the MSuite client.
shortcut menu.
subnet mask.
NOTICE
to be started.


NOTE
If no GUI desktop software is available, you can use commands to change the IP address. Details are as
follows:
1. Open a CLI on the PC or laptop connected to the server, Use the PuTTY to log in to the U2000 server OS
as the root user.
2. Run the following command to start the database:
3. Switch to the ossuser user.
# su - ossuser

2. Open a terminal window in the Solaris OS.
10.70.67.1.
Step 6 Restart the OS to make the settings take effect.
Step 9 Perform Step 1 to Step 8 on the secondary site to change the IP address and route of the
secondary site.
Step 10 Log in to the primary site and connect the primary and secondary sites to establish a high
availability system. For details, see C.6.1 Establishing the HA Relationship Between the
Primary and Secondary Sites.
----End

C.5.7 Example for Adjusting Network Configurations of the High

Prerequisites
Context

Address

NOTE
U2000 server label.
Procedure
Step 1 On the rear board on the U2000 server, select a network interface configured with system IP
and use a network cable to connect the network interface and the PC.
NOTE
During preinstallation, the system IP is configured for network interfaces marked as 1 by default.
Step 4 Perform the following operations to change the IP address:

2. Start the database. For details, see 2.5.2 Starting the Database.

NOTE
Ensure that the U2000 is shut down. If the U2000 has been started, shut it down by referring to
3. Start the MSuite client.
shortcut menu.


NOTE
If no GUI desktop software is available, you can use commands to change the IP address. Details are as
follows:
1. Open a CLI on the PC or laptop connected to the server, Use the PuTTY to log in to the U2000 server OS
as the root user.
2. Run the following command to start the database:
3. Switch to the ossuser user.
# su - ossuser

2. Open a terminal window in the SUSE Linux OS.
10.70.67.1.
Step 6 Optional: In the 6-NIC scheme, the system IP address and application IP address are on
different network segments, and the default route for the OS is the application route. For
details about how to add a route for the system IP address, see C.5.2 Configuring Routes.
Step 7 Restart the OS to make the settings take effect.
# shutdown -r now
Step 10 Perform Step 1 to Step 9 on the secondary site to change the IP address and route of the
secondary site.

Step 11 Log in to the primary site and connect the primary and secondary sites to establish a high
availability system. For details, see C.6.1 Establishing the HA Relationship Between the
Primary and Secondary Sites.
----End
C.6 Management of the High Availability System (Veritas

hot standby)
This topic describes the frequently used operations of managing and maintaining the high
availability system (Veritas hot standby) through the MSuite.
C.6.1 Establishing the HA Relationship Between the Primary and

Secondary Sites
This topic describes how to synchronize the primary and secondary sites. In a high availability
system (Veritas hot standby), after installing the U2000 at the primary and secondary sites,
synchronize the primary and secondary sites to configure the primary and secondary sites as
an HA system.
Prerequisites
l The preceding steps for installing the primary and secondary sites must be complete.
l Database administrator password, and database NMS user password must be the same on
the primary and secondary sites.
l The user id of the ossuser must be the same on the primary and secondary sites and the
user id of the dbuser must be the same on the primary and secondary sites. If not, see A.
11.73 How Do I Modify the ossuser or dbuser ID at the Secondary Site to Be the
Same as that at the Primary Site.
l The operations on the primary and secondary sites must be the same.
l Ensure that the network between the primary and secondary sites is smooth.
l MSuite client on the secondary site must be logged out of.
l Ensure that the host names of primary and secondary sites are different.
l Ensure that VVR and Msuit ports can be connected.
l If the firewall is deployed on the network between the primary and secondary sites in a
HA system or between the U2000 server and NEs, configure the firewall in advance to
permit ICMP packets.
l If the firewall is deployed on the network between the primary and secondary sites in a
HA system, bidirectional interfaces must be enabled, that is, related interfaces that
forward traffic from the primary to secondary site and vise versa must be enabled to
ensure normal connections between two sites.
Context
Log in to only the MSuite server at the primary site to perform the operation described in this
topic.

Procedure
Step 1 Ensure that the MSuite server on the primary and secondary sites have been started.
NOTE

...
...
NOTE
started.
# su - ossuser
$ ./startserver.sh
Step 3 Choose Deploy > Synchronize Primary and Secondary Sites from the main menu. The
Synchronize the primary and secondary sites dialog box is displayed.
Step 4 Enter the IP address and the MSuite password of the remote site, and then click OK.
NOTE
Remote IP Address indicates the application IP address of the secondary site.
Step 5 Click OK. A progress bar is displayed indicating the synchronization progress between the
primary and secondary sites. Wait approximately 20 minutes until a dialog box is displayed
indicating that the synchronization is completed.
Step 6 Click OK to set up a connection between the primary and secondary sites.
Step 7 During data replication, run the following command repeatedly to check the status of data
replication. If the MSuite prompts Replication status:finish, data replication is complete.
In Solaris or SUSE Linux OS, run the following command:


Primary:
Host name: 10.9.1.1
RVG name: datarvg
DG name: datadg
Data volumes: 1
VSets: 0
SRL name: srl_vol
SRL size: 1.00 G
Secondary:
Host name: 10.9.1.2
RVG name: datarvg
DG name: datadg
Data status: inconsistent
Replication status: resync in progress (autosync)
Logging to: DCM (contains 28742784 Kbytes) (autosync)
Timestamp Information: N/A
NOTE
l If Replication status is displayed as resync in progress (autosync), Data status is displayed as

inconsistent, and the value of Logging to is becoming smaller, data is being duplicated between
primary and secondary sites.
l If Replication status is displayed as replicating (connected) and Data status is displayed as
consistent, up-to-date, data duplication of the high availability system (Veritas hot standby) is
complete.
l If Replication status is displayed as logging to DCM (needs dcm resynchronization), you must
run the vradmin -g datadg resync datarvg command on the primary site as the root user to
perform manual synchronization.
l The duration of data replication depends on the stability of the network bandwidth and the volume of
the data to be replicated.
l To save copy time, historical spectrum data is not saved to the data replication volumes due to its
large size. After a HA system switchover, the historical spectrum data at the primary site cannot be
viewed at the secondary site.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, establish the
HA relationship between the primary and secondary sites.
1. Ensure that the MSuite server on the primary and secondary sites have been started. For
details, see Step 1
2. On Solaris or SUSE Linux OS, run the following commands as user ossuser (If you have
logged in as the root user, relog in to the OS as user ossuser, you cannot run the su -
ossuser command to switch to the ossuser user to run the following command.):
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin buildHA -
secondaryip Application IP address of the peer site
Enter the remote node maintenance suite password[]:
NOTE

C.6.2 Separating the Primary Site from the Secondary Site

This topic describes how to separate the primary site from the secondary site. Separating the
primary site from the secondary site refers to disconnecting the primary site and the secondary
site.
Prerequisites
l Ensure the installation directory has enough available space. In the Solaris or SUSE
Linux OS, you can run the df -hk /opt command to view the remaining space of the /opt
directory.
l Data duplication is complete between the primary or secondary site in the high
availability system.
On the primary or secondary site, run the following command to check the system status:
If Replication status is displayed as replicating (connected) and Data status is

displayed as consistent, up-to-date, data duplication of the high availability system
(Veritas hot standby) is complete.
NOTICE
If Replication status is displayed as resync in progress (autosync), Data status is
displayed as inconsistent, and the value of Logging to is becoming smaller, data is being
duplicated between primary and secondary sites.
You can separate the primate site from the secondary site only after data duplication is
complete. Forcibly terminating the duplication may cause a data error in the secondary
site.
l Ensure that the MSuite server on the primary site and secondary site have started.
Context
If either the primary or secondary site needs to be restored as an independent one, start the
MSuite server only on the involved site and then perform the separation operation.
NOTICE
After this operation is performed for a U2000 HA system, HA fails and the U2000 application
running on the primary and secondary sites preempt to be the active one.
Procedure
Step 2 Choose Deploy > Separate Primary Site from Secondary Site. The Warning dialog box is
displayed.

Step 3 Click Yes. Then click Yes in the Warning dialog boxes displayed. The progress bar is
displayed indicating the status of separating the primary and secondary sites. Wait until the
dialog box is displayed indicating that the separation is complete.
Step 4 Click OK.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, delete the high
availability relationship between the primary and secondary sites through the CLI.
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin splitHA
NOTE
Follow-up Procedure
replication/heartbeat IP addresses monitored by iptables after the primary and secondary
sites are separated. To check whether the IP addresses to be monitored by iptables are
added or not, and to clear the peer end's heartbeat and replication IP addresses monitored
by iptables, seeA.11.72 How Do I Configure iptables Listening for a Solaris/Linux
HA System.
l To re-establish the high availability system, you must perform synchronization between
the primary and secondary sites. For details, see C.6.1 Establishing the HA
Relationship Between the Primary and Secondary Sites..
C.6.3 Configuring the Current Server as the Active Server

Forcibly
This topic describes how to forcibly configure the current server as the active server. When
the replication relations between the primary and secondary sites become abnormal or the
high availability system is in the dual-active state, you can perform this operation to specify
the active site and data replication direction to restore data replication relations.
Prerequisites
l If the system is in the primary-primary state, ensure that the communication between the
primary and secondary sites has recovered before your perform this operation.

Context
l Do not perform this operation if the HA system works in the normal state. Otherwise, an
exception may occur in the HA system.
l Do not perform this operation if the resource group AppService at the primary and
secondary sites are in starting the online process. Otherwise, an exception may occur in
the HA system.
l If you log in to the MSuite server of the primary site to perform this operation, the
primary site becomes the active site after the operation. If you log in to the MSuite server
of the secondary site to perform this operation, the secondary site becomes the active site
after the operation.
NOTICE
Forcibly configuring the current server as the primary site will close the secondary site. If the
secondary site is monitoring the primary site and a fault occurs on the primary site, this
configuration will fail, during which the network cannot be monitored for a short period of
time.
Procedure
Step 2 Choose Deploy > Force Active of Local Site.
Step 3 Click OK. Then, the current server is configured to function as the active server.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, configure the
current server as the active server forcibly through the CLI.
$ ./startclient.sh deploy -ip 127.0.0.1 -port 12212 -username admin forcePrimary
NOTE
C.6.4 Monitoring the Status of the HA System

This topic describes how to check the OS, Veritas monitor, Veritas data volume, Veritas
replication, and U2000 status on the primary and secondary sites and whether to perform an
active/standby switchover based on the check results.

Prerequisites
The HA system is running properly. The primary and secondary sites are connected.
Context
Data replication status can only be checked on the MSuite of the primary site.
Procedure
Step 2 Choose Deploy > Monitor HA Status from the main menu. The Monitor the Status dialog
box is displayed.
Step 3 Optional: Click View to view the historical records of the primary and secondary sites.
NOTE
l Only the last 30 pieces of historical records are reserved in the U2000.
l The status of each HA system indicator is displayed. You can click detail info to view details or
Step 4 Click check now to view the current information about the primary and secondary sites.
NOTE
l It takes three to five minutes to check the HA system status.

l After the check, you can view the check results, details, and suggestions in the HA Status dialog box.
l The check results are saved as .xml files in /opt/oss/engr/engineering/ha_review/result. The name of
the latest check result file contains the word new. For example, ha_review_result_20150421165146.xml.
In this example, 20150421165146 indicates the time when the HA system status is checked. You can run
the following commands to check the file information:
Step 5 Optional: Click Switch to Secondary to switch to the secondary site.

NOTE
l You are advised to perform an active/standby switchover after checking that the HA system status is
normal.
l When the HA system status is abnormal, you can click Yes in the Prompt dialog box to forcibly perform
an active/standby switchover.
----End
C.6.5 Veritas Cluster Management

The U2000 MSuite tool supports Veritas cluster management.
Context
Veritas cluster management provides the following functions:
l Bring a resource online
l Taking a resource offline
l Locking or unlocking a resource

l Unlocking or unlocking a resource

l Clearing a fault mark
Procedure
Step 2 Choose Deploy > Veritas Cluster Manager. The Veritas Cluster Manager dialog box is
displayed.
Step 3 Right-click a resource or a resource group to perform an operation.
NOTE
l You can check the status of a resource or a resource group according to the preceding figure.
l Messages triggered during an operation and the operation result will be displayed in the lower part.
----End
C.6.6 Updating the Veritas Licenses (Solaris)

This topic describes how to update a Veritas License. The Veritas License used in the NMS
installation is a demo License. After the server is delivered to the installation site, the demo
License must be replaced with the formal Veritas License in time.
Prerequisites
The formal Veritas License must be obtained.
The primary and secondary sites have been separated.

Context
You need to replace the demo licenses on the NMS servers at both the primary and secondary
sites with formal Veritas licenses. When the primary and secondary sites are separated, update
the Veritas license on the primary and secondary sites and then connect the primary and
secondary sites.
NOTICE
To ensure network security, obtain written authorization from the customer before collecting
fault information. In addition, you must obey local laws or Huawei user privacy policies and
take appropriate measures to ensure that user privacy data is fully protected.
Procedure
l Through the GUI:
a. Log in to the MSuite client. For details, see C.2.2 Logging In to the MSuite
Client.
b. Choose Deploy > Update VRTS Licenses.
c. In the Update VRTS Licenses dialog box, enter the formal licenses.
d. Click OK.
NOTE
A message asking you to restart the OS and indicating that the Veritas licenses must be updated at
both the primary and secondary sites is displayed.
e. Click OK.
f. Choose System > Exit from the main menu. The Exit dialog box is displayed.
g. Click OK.
h. To stop the VCS service, run the following commands:
i. To check whether the VCS service is stopped, run the following command:
# ps -ef|grep had

root 27663 17299 0 00:31:00 pts/2 0:00 grep had
NOTE
If the had and hadshadow processes are not displayed, the VCS service is successfully
stopped; otherwise, run the kill -9 process ID command to stop the associated processes.
j. To restart the OS, run the following commands:
k. After the secondary site is restarted, repeat the preceding operations at the primary
site to replace the Veritas licenses at the primary site.
l. Refer to Connecting the Primary and Secondary Sites to connect the primary and
secondary sites.
l Through the CLI:


b. To back up all the License files in the /etc/vx/licenses/lic path, run the following
commands:
# mkdir /export/home/licenses
# cp /etc/vx/licenses/lic/*.vxlic /export/home/licenses
c. Switch to ossuser and run the following commands to update the VxVM License.
# su - ossuser
$ cd /opt/oss/engr/tools/ha
$ bash installLicense.sh
Enter VRTS key :
d. Enter the formal License key. The formal License key is in the format of XXXX-
XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-X. Then, press Enter.
NOTE
l X indicates the a letter or digit of a License key.

l The information about the demo or formal License that is newly obtained is contained in
the License file.
e. Check whether the updated License takes effect. For details, see A.7.1.2 How to
Check the Veritas License.
f. Run the following command to change the permission of the license file:
$ exit
# chmod -R 600 /etc/vx/licenses/lic
g. To stop the VCS service, run the following commands:

h. To check whether the VCS service is stopped, run the following command:
# ps -ef|grep had

root 27663 17299 0 00:31:00 pts/2 0:00 grep had
NOTE
If the had and hadshadow processes are not displayed, the VCS service is successfully
stopped; otherwise, run the kill -9 process ID command to stop the associated processes.
i. To restart the OS, run the following commands:
j. After the secondary site is restarted, repeat the preceding operations at the primary
k. Refer to Connecting the Primary and Secondary Sites to connect the primary and
secondary sites.
----End
C.6.7 Updating the Veritas Licenses (SUSE Linux)

This topic describes how to update a Veritas License. The Veritas License used in the NMS
installation is a demo License. After the server is delivered to the installation site, the demo
License must be replaced with the formal Veritas License in time.

Prerequisites
The formal Veritas License must be obtained.
The primary and secondary sites have been separated.
Context
You need to replace the demo licenses on the NMS servers at both the primary and secondary
sites with formal Veritas licenses. When the primary and secondary sites are separated, update
the Veritas license on the primary and secondary sites and then connect the primary and
secondary sites.
NOTICE
To ensure network security, obtain written authorization from the customer before collecting
fault information. In addition, you must obey local laws or Huawei user privacy policies and
take appropriate measures to ensure that user privacy data is fully protected.
Procedure
l Through the GUI:
a. Log in to the MSuite client on the secondary site. For details, see C.2.2 Logging In
to the MSuite Client.
b. Choose Deploy > Update VRTS Licenses.
c. In the Update VRTS Licenses dialog box, enter the formal licenses.
d. Click OK.
NOTE
A message asking you to restart the OS and indicating that the Veritas licenses must be updated at
both the primary and secondary sites is displayed.
e. Click OK. To restart the OS, run the following commands:
NOTICE
After performing the preceding step, wait for about 5 minutes and perform this step.
# hastart -onenode
# shutdown -r now
f. After the secondary site is restarted, repeat the preceding operations at the primary
g. Refer to Connecting the Primary and Secondary Sites to connect the primary and
secondary sites.
l Through the CLI:


b. To back up all the License files in the /etc/vx/licenses/lic path, run the following
commands:
# mkdir /export/home/licenses
# cp /etc/vx/licenses/lic/*.vxlic /export/home/licenses
c. Switch to ossuser and run the following commands to update the VxVM License.
# su - ossuser
$ cd /opt/oss/engr/tools/ha
$ bash installLicense.sh
Enter VRTS key :
d. Enter the formal License. The formal License key is in the format of XXXX-
XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-X. Then, press Enter.
NOTE
l X indicates a letter or digit of a License key.

l The information about the demo or formal License that is newly obtained is contained in
the License file.
e. Check whether the updated License takes effect. For details, see A.7.1.2 How to
Check the Veritas License.
f. Run the following command to change the permission of the license file:
$ exit
# chmod -R 600 /etc/vx/licenses/lic
g. To restart the OS, run the following commands:
NOTICE
After performing the preceding step, wait for about 5 minutes and perform this step.
# hastart -onenode
# shutdown -r now
h. After the secondary site is restarted, repeat the preceding operations at the primary
i. Refer to Connecting the Primary and Secondary Sites to connect the primary and
secondary sites.
----End
C.6.8 Monitor Replication Status

This topic describes how to monitor the data replication status of the active and standby sites.
Context
You can use the MSuite only on the primary site to monitor the data replication status.

Procedure
Step 2 Choose Deploy > Monitor Replication Status. The Monitor Replication Status window is
displayed and the MSuite starts querying the data replication status.
l After the data replication, the The rlink status is displayed as Data staus: consistent,
up-to-date.
l If the message Data replication between the primary and secondary sites is
interrupted. Possible causes are as follows: is displayed, run the following command
as the root user and determine the cause of the problem based on the echo information.
l If close the Monitor Replication Status window, the MSuite stops querying the data
replication status.
----End
C.7 Configuring the Northbound Interface Instance

This topic describes how to configure the northbound interface (NBI) instance.
Context
l When the U2000 needs to access the upper-layer NMS, the related NBI should be
configured as required. The NBIs that are commonly used by the U2000 are CORBA,
SNMP, XML and TEXT NBIs.
l The NBI menu provides an entry for exporting NBI configuration items. After you click
the related button in the menu, you can export the configuration items of the CORBA,
SNMP, XML and TEXT NBIs that can be configured on the deployment tool to a .csv
file. Then operation personnel can compare the values of the configuration items before
and after the environment upgrade and data migration to avoid incorrect parameter
settings.
C.8 Managing Certificate File

If the SSL certificate has expired or a specific SSL certificate is required, replace the current
SSL certificate.
C.8.1 Digital Certificate Scheme for the U2000

The U2000 uses the Security Socket Layer (SSL) digital certificate to safeguard
communication between the U2000 server and client, between the U2000 and NEs, and
between the U2000 and OSS. When the U2000 is installed, the SSL certificate developed by
Huawei is loaded for temporary communication. Do not use this certificate commercially. The
U2000 supports certificate replacement. Before enabling SSL communication, apply for a
certificate from a CA and use it to replace the temporary certificate in the commissioning
phase, to improve the communication security of U2000.
SSL Certificate Overview

The SSL certificate is a type of digital certificate similar to the electronic copy of the driving
license or passport and is used for data transmission based on the SSL protocol. Located at the

transport layer, the SSL protocol authenticates clients and servers, encrypts and hides
transmitted data, protects data from being changed during transmission and therefore ensures
data integrity.
After using the SSL encryption mechanism, an encrypted communication channel is set up
between the client and the server. An SSL certificate provides the following functions:
l Data encryption: After a key is negotiated using a handshake protocol, all the transmitted
messages are encrypted using a single-key encryption algorithm, such as AES.
l Identity authentication: A public key encryption algorithm, such as Revest-Shamir-
Adleman Algorithm (RSA) or Digital Signature Standard (DSS), is used to add
signatures to all the involved communication parties.
l Data integrity guarantee: A hash algorithm, such as Secure Hash Algorithm (SHA) or
Message Digest Algorithm 5 (MD5), is used to generate a digest and Message
Authentication Code (MAC) and add digital signatures to all messages transmitted. This
guarantees the data integrity of the messages.
U2000 Digital Certificate Scenario Overview

The U2000 supports two communication modes: Common and Security (SSL). The default
communication mode is Common. The U2000 provides an SSL certificate. To meet higher
communication security requirements, you should switch to the Security (SSL) mode so that
the SSL certificate takes effect. This certificate improves communication security. For details,
see Configuring the Communication Between the Server and a Client by SSL Protocol.
As shown in the following figure, the U2000 and peripheral systems can use the SSL or
HTTPS secure protocol for communication. Secure SSL communication is available between
the U2000 server and client, U2000 and NEs, U2000 and uTraffic, U2000 and OSSs, U2000
and U2100, OS server and Internet Explorer and so on.
NOTICE
The U2000 server can be an SSL client or an SSL server based on different roles for SSL
communication.

OSS
Inventory Service Performance Diagnose

Fault Provision
Service Management Layer
U2000 Client DCN

uTraffic
SSL/HTTPS
Network Management Layer
SSL/HTTPS
U2100/T2100
U2000 Server
SSL/HTTPS
Transport network Datacom network NE Layer

Access network
MSTP/WDM/RTN/ PTN/Router/Switch/
FTTx/DSLAM/MSAN
Marine BRAS
Digital Certificate Types Supported by the U2000

Different file extensions represent different certificate types, which are described as follows:
l .p12/.pfx: Identity certificate of the PKCS12 type. (It describes the syntax of packaging
users' public keys, private keys, certificates, and other related information and the public
key encryption standards.) The key library and private keys are protected by using the
same password. The file contains certificates and private keys and is protected by
password. When obtaining an identity certificate in this format, users must obtain the
password for the certificate at the same time.
l .jks/.ks: Identity certificate of the JKS type. (It is the Java version of the key library.) The
key library and private keys are protected by using different passwords.
l .cer/.crt: Trust certificate, that is, the identity certificate of the CA. It indicates the
original format of certificates or private keys. Identity certificates and trust certificates
in .cer/.crt format are automatically saved to PEM files (in ASCII format).
l .crl: Certificate revocation list file that describes which identity certificates are revoked.
The identity certificate (.cer) and certificate revocation list file (.crl) of the CA are
trustworthy, which need to be added to the trust certificate list and certificate revocation
list of the server and client respectively.
Precautions About U2000 Digital Certificate Replacement

The U2000 is mainly deployed on carriers' internal networks and is not open to public
networks. Generally, it is unnecessary to apply for certificates from well-known CAs, such as

VeriSign. The reason is that the validity period of public network certificates is short, and you
need to purchase the certificates again after they expire, resulting in large cost. Public network
certificates are not applicable to internal network applications.
By default, the U2000 uses Huawei preconfigured digital certificates that are used only for
temporary communications and are not recommended for commercial use. If you need to
replace the preconfigured certificates of the U2000, determine which applications use SSL for
communication and obtain the desired replacement certificates in any of the following
methods. Ensure that the SSL client and server certificates are all replaced.
l Method 1: If a carrier has its own CA, apply for a general SSL client and server identity
certificate from the CA and obtain the corresponding CA trust certificate. The way of
obtain the certificate see A.11.75 How to Apply for U2000 Digital Certificates.
l Method 2: Use tools, such as OpenSSL and xCa to make digital certificates required by
the U2000.
NOTICE
When the U2000 is interconnected with third-party systems, to keep compatible with old
systems, the signature algorithm of the preconfigured certificate which poses security risks.
You are advised to replace the preconfigured certificates on the U2000 and NEs.
Precautions about digital certificate application:
l Use RSA keys. Currently, the U2000 does not support DSA or ECDSA keys.
l It is recommended that the length of the SSL client and server keys be 2048 bits and the
length of CA keys be 4096 bits.
l The signature algorithm sha256RSA is recommended.
l For internal systems, it is recommended that the validity period of the CA trust
certificate be greater than 50 years and the validity period of the SSL client and server
identity certificates be set to 25 years. Generally, the validity period must be greater than
the equipment life cycle, avoiding frequent certificate replacement after the certificates
expire.
Precautions about P12 file exports:
For security hardening concerns, the U2000 does not support some weak algorithms, for
example, RC2. If you use OpenSSL to combine certificates and private keys to a .p12 file,
you need to add the descert parameter to the command used for exporting the .p12 file. That
is because OpenSSL by default uses the RC2-40 algorithm to encrypt digital certificates and
the 3DES algorithm to encrypt private keys. The following shows a command example:
>openssl pkcs12 -export -certpbe PBE-SHA1-3DES -in client.pem -inkey client_key.pem -

out client.p12 -descert
C.8.2 Replacing SSL Certificates Used for the U2000 Server

When the U2000 is installed, the SSL certificate developed by Huawei is loaded for
temporary communication. Do not use this certificate commercially. The U2000 supports
certificate replacement. Before enabling SSL communication, apply for a certificate from a
CA and use it to replace the temporary certificate in the commissioning phase, to improve the

communication security of U2000. This topic describes how to replace the Security Socket
Layer (SSL) certificates used by the U2000 server.
Prerequisites
l You have obtained the trust certificate (rootCA.cer, subCA1.cer) and identity certificate
(server.p12) used by the server and the encryption password for the identity certificate.
l The SSL certificates have been backed up.
l Use the FTP to upload the new SSL certificate files (server.p12, rootCA.cer and
subCA1.cer) to the following directory on the U2000 server as the ossuser user before
you replace the SSL certificate of server.
– Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris or SUSE Linux OS is installed in /opt/
oss. If the U2000 is not installed in partition /opt, change the partition in the directory
accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this
– Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is
NOTICE
Place only the certificate files server.p12, rootCA.cer and subCA1.cer in this directory.
Do not place other files in it. Otherwise, the certificate replacement script will fail to be
executed.
l The U2000 processes have been shutdown.
Context
l By default, the U2000 client authenticates the U2000 server, but the U2000 server does
not authenticate the U2000 client.
l The Huawei-predefined SSL certificates used to safeguard communication between the
U2000 server and client are located in the following directory:
– On Solaris or SUSE Linux OS: /opt/oss/server/etc/ssl.
– On Windows OS: D:\oss\server\etc\ssl.
l The MSuite and the U2000 use the same SSL certificates.
l In a high availability system (Veritas hot standby) scheme, replace certificates on the
servers of the primary and secondary sites.
l The following script-based replacement procedure assumes that your OS is Solaris or
SUSE Linux OS. If your OS is Windows, replace the certificates for the U2000 server in
a similar way.

NOTICE
After SSL Certificates for the U2000 server have been replaced, you may fail to log in to
the MSuite.
Procedure
l Replace SSL certificates for the U2000 server through the GUI.
b. Choose Certificate File Management > Internal NMS Certificate.
c. In the Certificate Configuration dialog box, select the SSL certificates to be
replaced and click ReplaceAll.
d. In the Information Confirmation dialog box, enter the PFX password.
NOTE
The new encryption password for the identity certificate must meet the following
requirements:
l At least one space or one special character: `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
l At least two of the following combinations: lowercase letters a to z, uppercase letters
A to Z, and digits 0 to 9.
l The password cannot be the same as the user name or the reverse of the user name.
e. Click OK.
f. Because the MSuite reuses the U2000 digital certificates, restart the MSuite server
for the certificates to take effect.
l Replace SSL certificates for the U2000 server using a script.
a. Use the PuTTY to log in to the U2000 server in SSH mode as the ossuser user.
b. Run the following command to end the U2000 processes:
$ ./stopnms.sh

$ su - root
c. Use the FileZilla to upload certificates to /opt/oss/server/certs on the U2000 server.

d. Run the following command to back up the certificates (as the root user):
$ ssl_adm -cmd backup -backpath /opt/backup/dbbackup/ssl
NOTE
The certificates can be backed up to an absolute or relative directory. The following steps
assume that the certificates are backed up to /opt/backup/dbbackup/ssl.
e. Run the following command to replace the certificates used by the U2000 server (as
the root user):
$ ssl_adm -cmd replace_certs -dir /opt/oss/server/certs

NOTE
/opt/oss/server/certs is the path for saving certificates.
Information similar to the following is displayed by order:

Enter the password obtained along with the new certificate:
Enter the new password set for the new certificate:
Reenter the new password set for the new certificate:
f. Enter the new identity certificate old password, the new identity certificate new
password and reenter the new identity certificate new password, press Enter.
NOTE
l Two formats are available for the identity certificate.

l If the identity certificate is server.p12 of the PKCS#12 type (single file in PFX
format), enter the certificate password obtained together with the certificate after
Enter the old identity certificate password:, because the password is verified
during command execution.
l If the identity certificate file is server.cer, password is user-defined. The command
is run to convert the server.cer file into the server.p12 file of the PKCS#12 type.
l The new encryption password for the identity certificate must meet the following
requirements:
l The password contains a minimum of 8 characters and a maximum of 20
characters.
l At least two of the following combinations: lowercase letters a to z, uppercase
letters A to Z, and digits 0 to 9.
l If the certificates fail to be replaced, resolve the problem based on the prompt and run
the following command to restore the certificates before replacing them again:
$ ssl_adm -cmd restore -backpath /opt/backup/dbbackup/ssl
The certificates are successfully replaced if the following information is displayed:

SSL certificates are deployed successfully
g. Optional: If you need to use the iNBIXMLSoapAgent process, run the following
commands to change the certificate password for the process:
$ cd /opt/oss/server/nemgr/nemgr_access/scriptsinstall
$ ./postRepalceCert.sh
The certificate password is successfully changed if the following information is

displayed:
The database already has this configuration item, and the value of the
configuration file is different from the value of this configuration
item.
The value of this configuration item is updated to the database in /imap/
inbxmlsoapagent/soapxml/soapsecuremode/SOAPServerCertkey
The database already has this configuration item, and the value of the
configuration file is different from the value of this configuration
item.
The value of this configuration item is updated to the database in /imap/
inbxmlsoapagent/notification/authinfo/WSNOTIFYBrokerCertkey
svc_adm : info : reload successfully.
NOTE
If you do not perform this step, the iNBIXMLSoapAgent process will fail to start up after
certificates are replaced on the U2000 server.

h. After the certificates are successfully replaced, run the following commands to
import environment variables and update the CAU configuration data (as the
ossuser user).
$ cd /opt/oss/cau/bin/
$ ./cau.sh
i. Run the following commands to start U2000 processes for the replacement to take
effect:

$ ./startnms.sh

----End
Follow-up Procedure
l After the SSL digital certificates on the server and clients are replaced, delete the
webrenderer cache directory C:\Users\%username%\thirdparty\webrender manually
on all clients and restart the client processes. Otherwise, functions depending on
webrenderer may fail.
NOTE
If the C:\Users\%username%\thirdparty\webrender directory does not exist, skip this step.
l After the trust and identity certificates used by the U2000 server are successfully
replaced, delete certificate files from /opt/oss/server/certs on the U2000 server.
l After the trust and identity certificates used by the U2000 server are successfully
replaced, replace the trust and identity certificates used by the U2000 client as well.
C.8.3 Replacing SSL Certificates for the U2000 Client

communication security of U2000. After the certificates used by the U2000 server are
replaced, you need to replace the certificates used by the client as well. This topic describes
how to replace the Security Socket Layer (SSL) certificates used by the U2000 client.
Prerequisites
l You have obtained the trust certificate (rootCA.cer, subCA1.cer) used by the client.
l The identity certificate (client.p12) used by the client and the encryption password for
the identity certificate have been obtained. This point must be met if the default settings
have been modified to make the U2000 server authenticate the U2000 client.
l The certificate revocation list file revoke.crl has been obtained. This point must be met
if the certificate revocation list also needs to be replaced.
l The SSL certificates of U2000 server have been replaced and the U2000 client is not
running.

Context
l By default, the U2000 client authenticates the U2000 server, but the U2000 server does
not authenticate the U2000 client. Therefore, the U2000 client is equipped with the trust
certificate but not equipped with the identity certificate.
l The SSL certificates predeployed by Huawei for the U2000 client are stored in the
following paths: client\client\style\defaultstyle\conf\ssl.
Procedure
Step 1 Copy the certificate files to be replaced to a directory (for example, D:\certs) on the U2000
client.
Step 2 Double-click client installation directory\client\client\bin\CertConfigurator.bat to start

the certificate configuration tool.
Step 3 Optional: Click the ID Certificate tab and click next to File Name. In the dialog box
that is displayed, select the identity certificate client.p12 and click Open. In the PFX
Password text box, enter the encryption password for the identity certificate.
NOTE
By default, the U2000 server does not authenticate the U2000 client, which eliminates the need to
replace the identity certificate used by the U2000 client after the replacement of trust and identity
certificates for the server. If the U2000 server is enabled to authenticate the U2000 client, the identity
certificate used by the U2000 client must be replaced after the replacement of trust and identity
certificates for the server.
Step 4 Click the Trust Certificate tab and click Add. In the dialog box that is displayed, select trust
certificate and click Open.
Step 5 Optional: Click the Certificate Revocation List tab and click Add. In the dialog box that is
displayed, select the certificate revocation list file and click Open.
Step 6 Click OK.
----End
Follow-up Procedure
Start the client and log in to the client in SSL mode to verify that certificates are updated
successfully.
l If the login is successful, certificates are updated successfully.
l If the login fails, certificates fail to be updated. Contact Huawei technical engineers for
assistance.
C.8.4 Importing SSL Certificates Used for Communication

Between the U2000 and NEs
The U2000 supports the import of a new SSL certificate, for the communication between the
U2000 and NEs.
Prerequisites
l You have obtained the SSL certificates and encryption passwords from a trusted institute.

– The client.p12 contains the client certificate file and key file. The password for
encrypting the file needs to be obtained.
– The server.p12 contains the server certificate file and key file. The password for
– The rootCA.cer and subCA1.cer contains the files issued by the client, server, and
upper-layer system.
you import the SSL certificate.
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/
accordingly.
NOTE
Context
l The U2000 communicates with NEs. The U2000 is on the SSL client side and uses the
client certificate. NEs are on the SSL server side and use the server certificate. The SSL
certificate for NEs needs to be deployed through the U2000.
l The SSL certificate predeployed by Huawei for the communication between the U2000
and NEs are stored in the following paths:
– In Solaris or SUSE Linux OS: /opt/oss/server/etc/ssl/nemanager/default
– In Windows OS: D:\oss\server\etc\ssl\nemanager\default
l The SSL certificate deployment for VRP8-based OSN 9800s need to see How Do I
Deploy Security Certificates for VRP8-based OSN 9800s.
Procedure
l Import an SSL certificate for the U2000 and NE through the GUI.
c. In the Certificate Configuration dialog box, click Import.
d. In the Import Certs dialog box, click the ID Certificate tab and configure the SSL

i. Select Generate SSL authentication certificates.

NOTE
l Generate SSL authentication certificates: Generates certificates for SSL

communication between NEs and the U2000.
l Generate USB authentication certificates: Generates certificates for USB
authentication when configuration scripts need to be applied to NEs through a
USB flash drive.
ii. In the SSL Client Cert area, click next to File Name. In the Select Certs
iii. In the SSL Client Cert area, enter the encryption password of an SSL client
iv. In the SSL Server Cert area, click next to File Name. In the Select Certs
v. In the SSL Server Cert area, enter the encryption password of an SSL server
vi. In the text box on the right of Certs backup path, enter the directory name.

NOTICE
g. In the Import Certs dialog box, click OK.

h. Optional: In the Certificate Configuration dialog box, select the new certificate to
be imported and click Default to set the new certificate as the default one.
i. Check that the U2000 generates the necerts folder in the certificate directory and
NOTICE
The certificates fils save in the following directory : /opt/oss/server/etc/ssl/
nemanager/User-defined folder/necerts, the User-defined folder is the directory
name of Certs backup path When Importing the SSL certificate.
j. Load these certificates to the NE using the DC board-level software and activate
them.
Load certificates and activate them.
ii. Choose Administration > NE Software Management > Board Software
Upgrade
NOTE
By default, the DC accounts of NEs are blank, after enter the Board Software
Upgrade, the navigator tree cannot automatically filter the NE list of the subnet. You
need to configure the DC account of the NE in the DC Login User Management
(Choose Administration > NE Security Management > NE Login Management)
first, then enter the Board Software Upgrade again, the navigator tree will filter the
specific NEs.
iii. Right-click a desired NE in the navigation tree and choose Login NE from the
shortcut menu.

NOTE
You can also choose Set Login Account from the shortcut menu and set Login User
and Password in the dialog box that is displayed.
iv. Right-click the NE and choose Query Board from the shortcut menu. Then
board information about the NE is displayed.
NOTE
It may take a period of time for the board information to display, which is normal.
v. Click to expand the board list.
vi. Select the check box before the desired main control board and click
to add the board to the operation list.
vii. In the Upgrade Version field, click . The Board software setting window
is displayed.
viii. Set the software load type to Certificate and click Add Software. The Choose
File window is displayed.
NOTE
You can click Add Software to add multiple files at the same time.

ix. In the Choose File dialog box, select the CA.CRT, CERTNE.CRT,
CERTNE.KEY, and SSLCFG.KEY certificates.
NOTE
l If you want to load these certificates to the NE, please remember to copy them to
the root directory for the FTP.
l If the file path contains non-alphanumeric characters, you may fail to access the
file.
l Enter the correct IP address of the SFTP/FTP server, user name, password, and
port. Then, click . After the successful connection, you can access the files on
the FTP server. To use the FTP protocol, enter port 21. To use the SFTP (more
secure, recommended) protocol, enter port 22.
x. In the Board software setting dialog box, click OK. The upgrade software
selection is complete.
xi. Select a board in the Operation List, and click Start.
NOTE
During the process, you can click Stop to stop the loading.
xii. When the loading is complete, click Activate. The Warning dialog box is
displayed. Confirm whether to activate the software.
xiii. Click Yes to start activating the software.
xiv. After the activation, the Operation Result dialog box is displayed indicating
that the activation succeeds. Click Close.
l Import an SSL certificate for the U2000 and NE using commands.
a. Start importing the identity certificate and trust certificate scripts.
$ ./ssl_cert_adm.sh -cmd import user -client_cert client.p12 -pfxpwd
password1 -server_cert server.p12 -pfxpwd password2 -trust trust.cer
NOTE
certificates.
n Windows:
>ssl_cert_adm.bat -cmd import user -client_cert client.p12 -pfxpwd
password1 -server_cert server.p12 -pfxpwd password2 -trust trust.cer
NOTE
certificates.
b. Optional: Start the CRL configuration script.

NOTE
n Windows:
NOTE
c. Check that the U2000 generates the necerts folder in the certificate directory and
d. Load these certificates to the NE using the DC board-level software and activate
them.
Upgrade
NOTE
specific NEs.
shortcut menu.
NOTE

NOTE
is displayed.
NOTE

NOTE
file.
NOTE
----End
Result
If U2000 processes are properly started, the U2000 can be connected to NEs by means of
Security SSL and SSL certificates have been successfully imported.
Follow-up Procedure
After SSL certificates are successfully imported, delete certificate files from the following
directory on the U2000 server:
l Solaris/SUSE Linux: /opt/oss/server/certs.
NOTE
l The directory is true only if the U2000 on Solaris/SUSE Linux OS is installed in /opt/oss. If
the U2000 is not installed in partition /opt, change the partition in the directory accordingly.
l If security hardening is performed, ossuser FTP/SFTP rights will be disabled. In this case, you
need to upload files to the backup directory in the FTP root directory as the ftpuser user (the
FTP root directory of ftpuser is /opt/backup/ftpboot) and then copy files to the target
l Windows: D:\oss\server\certs.
NOTE
The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the U2000 is not
C.8.5 Replacing SSL Certificates Used for the Communication

Between the U2000 and NE

communication security of U2000. Perform the following operations to replace Security
Socket Layer (SSL) certificates used for the communication between the U2000 and NE.
Prerequisites
upper-layer system.
l Use the FTP to upload the new SSL certificate to the following directory on the U2000
server as the ossuser user before you replace the SSL certificate.
NOTE
accordingly.
NOTE
l The time between the U2000 and the NE have been synchronized.
Context
l The U2000 communicates with NEs. The U2000 is on the SSL client side and uses the
client certificate. NEs are on the SSL server side and uses the server certificate. The SSL
certificate for NEs need to be deployed through the U2000.
l The SSL certificates predeployed by huawei for the communication between the U2000
and NEs are stored in the following paths:
– In Solaris or SUSE Linux OS:/opt/oss/server/etc/ssl/nemanager/default
– In Windows OS:D:\oss\server\etc\ssl\nemanager\default
l The SSL certificate deployment for VRP8-based OSN 9800s need to see How Do I
Deploy Security Certificates for VRP8-based OSN 9800s.
Procedure
l Replace an SSL certificate for the U2000 and NE through the GUI.

c. In the Certificate Configuration dialog box, select the SSL certificate to be

replaced and click Update.
d. In the Update Certs dialog box, click the ID Certificate tab and configure the SSL
i. In the SSL Client Cert area, click next to File Name. In the Select Certs
ii. In the SSL Client Cert area, enter the encryption password of an SSL client
iii. In the SSL Server Cert area, click next to File Name. In the Select Certs
iv. In the SSL Server Cert area, enter the encryption password of an SSL server
NOTICE
g. In the Update Certs dialog box, click OK.

h. Check that the U2000 generates the necerts folder in the certificate directory and
NOTICE
The certificates fils save in the following directory : /opt/oss/server/etc/ssl/
nemanager/User-defined folder/necerts, the User-defined folder is the directory
name of Certs backup path When Importing the SSL certificate.
i. Load these certificates to the NE using the DC board-level software and activate
them.

Upgrade

NOTE
specific NEs.
shortcut menu.
NOTE
NOTE
is displayed.

NOTE
NOTE
file.
NOTE
l Replace an SSL certificate for the U2000 and NE using commands.
a. Start the identity certificate replacement script.


$ ./ssl_cert_adm.sh -cmd update user [-client_cert client.p12 -pfxpwd
password1 |-server_cert server.p12 -pfxpwd password2]
NOTE
user indicates the name of the folder in which the SSL certificates are stored.
password1 and password2 indicate the encrypted password for the SSL Client and SSL
Server certificates.
n Windows:
>ssl_cert_adm.bat -cmd update user [-client_cert client.p12 -pfxpwd
password1 |-server_cert server.p12 -pfxpwd password2]
NOTE
certificates.
b. Start the trust certificate replacement script.
$ ./ssl_cert_adm.sh -cmd add_trust user trust.cer
NOTE
n Windows:
>ssl_cert_adm.bat -cmd add_trust user trust.cer
NOTE
c. Optional: Start the CRL configuration script.
NOTE
n Windows:
NOTE
d. Check that the U2000 generates the necerts folder in the certificate directory and

e. Load these certificates to the NE using the DC board-level software and activate
them.
Upgrade
NOTE
specific NEs.
shortcut menu.
NOTE
NOTE

is displayed.
NOTE
NOTE
file.
NOTE
----End

Result
Restart the U2000.
l If U2000 processes are properly started, the U2000 can be connected to NEs by means of
Security SSL and SSL certificates have been successfully loaded. You can manually
delete the backup SSL digital certificates for U2000 and NEs.
l If the U2000 process fails to start, you must replace backup certificates and save the
target certificates to the specified path.
Follow-up Procedure
After SSL certificates used for the communication between the U2000 and NE are
successfully replaced, delete certificate files from the following directory on the U2000
server:
NOTE
NOTE

Between the U2000 and uTraffic
Socket Layer (SSL) certificates used for the communication between the U2000 and uTraffic.
Prerequisites
upper-layer system.
l Use the FTP to upload the new SSL certificate to the following directory on the U2000
server as the ossuser user before you replace the SSL certificate.

NOTE
accordingly.
NOTE
Context
l The predeployed SSL certificates for the communication between the U2000 and
uTraffic are stored in the following paths:
– Solaris or SUSE Linux: /opt/oss/server/etc/ssl/solution
– Windows: D:\oss\server\etc\ssl\solution
l The certificate replacement script is stored in the /opt/oss/server/common/pms/share/
tools/ssl path (Use Solaris/SUSE Linux as an example. The path on Windows is
similar.). Run the ./replace_certs.sh command as the ossuser user in this path.

NOTE
l -type indicates the certificate type, -file indicates the certificate path, and -pfxpass indicates
the encrypted password for the identity certificate.
l certificate type:
l 1: client identity certificate
l 2: server identity certificate
l 3: trust certificate
l 4: revocation certificate list
l certificate file: path in which the certificate is stored.
l Example:
l ./replace_certs.sh -type 1 -file client.p12 -pfxpass
l ./replace_certs.sh -type 2 -file server.p12 -pfxpass
l ./replace_certs.sh -type 3 -file trust.cer
l ./replace_certs.sh -type 4 -file revoke.crl
l To ensure the security of the system, remember to change passwords regularly and passwords
must be complex enough.
l A password cannot be short and a password is recommended containing eight or more
characters.
l At least two types of the following characters: digits, letters, and special characters
Procedure
l Replace an SSL certificate for the U2000 and uTraffic using a script.
b. Start the identity certificate replacement script.
n Solaris or SUSE Linux :
$ cd /opt/oss/server/common/pms/share/tools/ssl
$ ./replace_certs.sh -type certificate type -file certificate file -pfxpass
NOTE
l The identify certificates on the server and client must be replaced separately. For
example:
l replace_certs.bat -type 1 -file client.p12 -pfxpass
l replace_certs.bat -type 2 -file server.p12 -pfxpass
l To ensure the security of the system, remember to change passwords regularly and
passwords must be complex enough.
l A password cannot be short and a password is recommended containing
eight or more characters.
l At least two types of the following characters: digits, letters, and special
characters
n Windows:
>cd /d d:
> cd \oss\server\common\pms\share\tools\ssl
> replace_certs.bat -type certificate type -file certificate file -pfxpass

NOTE
l The identify certificates on the server and client must be replaced separately. For
example:
l replace_certs.bat -type 1 -file client.p12 -pfxpass
l replace_certs.bat -type 2 -file server.p12 -pfxpass
l To ensure the security of the system, remember to change passwords regularly and
passwords must be complex enough.
l A password cannot be short and a password is recommended containing
eight or more characters.
l At least two types of the following characters: digits, letters, and special
characters
c. Start the trust certificate replacement script.
n Solaris or SUSE Linux (as the ossuser user):
$ ./replace_certs.sh -type certificate type -file certificate file
NOTE
For information about variables, see the background information. For example, ./
replace_certs.sh -type 3 -file trust.cer.
n Windows:
>cd /d d:
> replace_certs.bat -type certificate type -file certificate file
NOTE
For information about variables, see the background information. For example,
replace_certs.bat -type 3 -file trust.cer.
d. Optional: Start the CRL configuration script.
n Solaris or SUSE Linux (as the ossuser user):
$ ./replace_certs.sh -type certificate type -file certificate file
NOTE
For information about variables, see the background information. For example, ./
replace_certs.sh -type 4 -file revoke.crl.
n Windows:
>cd /d d:
> replace_certs.bat -type certificate type -file certificate file
NOTE
For information about variables, see the background information. For example,
replace_certs.bat -type 4 -file revoke.crl.
e. Restart the U2000 service.
----End

Result
l If U2000 processes are properly started, the U2000 can be connected to uTraffic by
means of Security SSL and SSL certificates have been successfully loaded. You can
manually delete the backup SSL digital certificates for U2000 and uTraffic.
target certificates to the default certificates path.
Follow-up Procedure
After SSL certificates used for the communication between the U2000 and uTraffic are
server:
NOTE
NOTE
C.8.7 Replacing Internal Port Authentication Certificates on the

U2000 Server
communication security of U2000. This topic describes how to replace internal port
authentication certificates on the U2000 server.
Prerequisites
l The new SSL certificate and its encryption password have been obtained.
– client.p12 contains the client certificates and private key files. The encrypted
passwords of these files must be obtained.
– server.p12 contains the server certificates and private key files. The encrypted
passwords of these files must be obtained.
– rootCA.cer and subCA.cer indicates the trust certificate.
– revoke.crl indicates the revocation certificate, which is optional.
l Before replacing an SSL digital certificate, upload the newly applied SSL certificate to
the following directory on the U2000 server using the FTP tool (the default user is
ossuser):
– Solaris/SUSE Linux: /opt/oss/server/certs

NOTE
accordingly.
l The directory stores only the client.p12, server.p12, rootCA.cer, subCA.cer, and
revoke.crl certificate files for the U2000 server. Do not store other files in the directory;
otherwise, the script for replacing certificates will fail to be executed.
NOTE
l The directory is true only if the U2000 on Windows OS is installed in D:\oss. If the
U2000 is not installed in partition D, change the partition in the directory accordingly.
l The directory stores only the client.p12, server.p12, rootCA.cer, subCA.cer, and
revoke.crl certificate files for the U2000 server. Do not store other files in the directory;
otherwise, the script for replacing certificates will fail to be executed.
l By default, the U2000 is deployed with certificates from the same CA. To improve
certificate communication security, the CA that issues certificates for SSL
communication between internal U2000 server processes and the CA that issues
certificates for SSL communication between the U2000 server and external processes
must belong to different domains that do not trust each other.
Context
l For details about internal ports on the U2000 server, see ports whose Authentication
Mode is Digital Certificate in the Ports for Local Processes and Ports of the
Distributed System sheets of the U2000 Communication Port Matrix.
l By default, the authentication certificates of internal ports are stored in the following
directory on the U2000 server:
– Solaris/SUSE Linux: /opt/oss/server/etc/ssl/server
– Windows: D:\oss\server\etc\ssl\server
l In a local HA system, you only need to perform related operations on the primary server.
l In a remote HA system, you need to perform related operations on both primary and
secondary servers.
l After you deploy a certificate on the server, you need to re-log in to the client.
Procedure
b. Run the following command in the CLI to end the U2000 process:
> D:\oss\server\platform\bin\stopnms.bat
c. Use FileZilla to upload the certificates to the D:\oss\server\certs directory on the

U2000 server.
d. Run the following command as the administrator user in the CLI to back up
certificates:
> ssl_adm -cmd backup -app "server" -backpath D:\backup\dbbackup\ssl

NOTE
assume that the certificates are backed up to D:\backup\dbbackup\ssl.
e. Run the following command as the administrator user in the CLI to replace
certificates on the U2000 server:
> ssl_adm -cmd replace_certs -app "server" -dir D:\oss\server\certs -
client
NOTE
D:\oss\server\certs is the path for saving certificates.
Information similar to the following is displayed in turn:
f. Enter the original password, new password, and confirm password of the new
certificate as prompted and press Enter.
NOTE

format), ensure that the certificate password obtained together with the certificate
is correct, because the password is verified during command execution.
l If the identity certificate file is server.cer, password is user-defined. If the .pem
private key file matching the certificate is not encrypted, the password must be
greater than 6 and less than or equal to 64 bytes and contain at least three of the
following types of characters: lowercase letters, uppercase letters, digits, and
special characters (excluding spaces and ` $ & ( ) \ | ; ' " < >). The command is run
to convert the server.cer file into the server.p12 file of the PKCS#12 type.
requirements:
characters.
l To improve security, keys must be at least 2048 bits long and use the SHA256 or a more
advanced signature algorithm.
> ssl_adm -cmd restore -app "server" -backpath D:\backup\dbbackup
\ssl
Certificates are replaced successfully if the following information is displayed:

g. Run the following command as the administrator user in the CLI to start U2000
processes for the replacement to take effect:
> D:\oss\server\platform\bin\startnms.bat
l For the Linux/Solaris OS:

a. Use PuTTY to log in to the U2000 server in SSH mode as the ossuser user.
b. Run the following command to end the U2000 processes:
$ ./stopnms.sh


$ su - root
c. Use FileZilla to upload certificates to /opt/oss/server/certs on the U2000 server.

d. Run the following command to back up the certificates (as the root user):
$ ssl_adm -cmd backup -app "server" -backpath /opt/backup/dbbackup/ssl
NOTE
assume that the certificates are backed up to /opt/backup/dbbackup/ssl.
e. Run the following command to replace the certificates used by the U2000 server (as
the ossuser user):
$ ssl_adm -cmd replace_certs -app "server" -dir /opt/oss/server/certs -
client
NOTE
/opt/oss/server/certs is the path for saving certificates.
Information similar to the following is displayed in turn:
f. Enter the original password, new password, and confirm password of the new
certificate as prompted and press Enter.
NOTE

format), ensure that the certificate password obtained together with the certificate
is correct, because the password is verified during command execution.
l If the identity certificate file is server.cer, password is user-defined. If the .pem
private key file matching the certificate is not encrypted, the password must be
greater than 6 and less than or equal to 64 bytes and contain at least three of the
following types of characters: lowercase letters, uppercase letters, digits, and
special characters (excluding spaces and ` $ & ( ) \ | ; ' " < >). The command is run
to convert the server.cer file into the server.p12 file of the PKCS#12 type.
requirements:
characters.
l To improve security, keys must be at least 2048 bits long and use the SHA256 or a more
advanced signature algorithm.
$ ssl_adm -cmd restore -app "server" -backpath /opt/backup/
dbbackup/ssl
Certificates are replaced successfully if the following information is displayed:

g. Run the following commands to modify the certificate file permissions:

$ su - root
Password: Password for the root user

# cd /opt/sudobin/frame
# ./chgServerCertificatePermission.sh
The modification is successful if the following information is displayed:

change certificate permission success
h. Run the following commands to start U2000 processes for the replacement to take
effect:
$ ./startnms.sh

----End
Follow-up Procedure
After the SBI authentication certificate on the U2000 server are successfully replaced, delete
the certificate in the following directory on the U2000 server.
l Solaris/SUSE Linux: /opt/oss/server/certs
NOTE
NOTE

Between the U2000 and U2100
Socket Layer (SSL) certificates used for the communication between the U2000 and U2100.
Prerequisites
l Replacing SSL certificates of the U2000 and U2100 is used only when the U2100
interconnects with the U2000.

upper-layer system.
you replace the SSL certificate of server.
NOTE
l The directory is true only if the U2000 on Solaris or SUSE Linux OS is installed in /opt/
accordingly.
NOTE
Context
l The U2000 communicates with U2100. The U2000 is on the SSL server side and uses
the server certificate. U2100 are on the SSL client side and uses the client certificate.
l The SSL certificates predeployed by huawei for the communication between the U2000
and U2100 are stored in the following paths:
– In Solaris or SUSE Linux OS:/opt/oss/server/etc/ssl/solution/mml
– In Windows OS:D:\oss\server\etc\ssl\solution\mml
Procedure
Step 1 Log in to the MSuite client from the U2000 server. For details, see C.2.2 Logging In to the
MSuite Client.
Step 2 Choose Certificate File Management > U2100 Certificate.
Step 3 Click the Identity Certificate tab and configure the SSL Server identity certificates.
1. In the SSL Server Cert area, click next to File Name. In the Select Certs dialog
box, select a certificate and click OK.
2. In the SSL Server Cert area, enter the encryption password of an SSL server identity
certificate in the PFX Password text box.
Step 4 click OK.
Step 5 Click the Trust Certificate tab and click next to File Name. In the dialog box that is
displayed, select a trust certificate and click OK. Then click Add.
----End

Result
Restart the U2000.
l If U2000 processes are properly started, the U2000 can be connected to U2100 by means
of Security SSL and SSL certificates have been successfully loaded. You can manually
delete the backup SSL digital certificates for U2000 and U2100.
target certificates to the specified path.
Follow-up Procedure
After SSL certificates used for the communication between the U2000 and U2100 are
server:
NOTE
l The directory is true only if the U2000 on Solaris or SUSE Linux OS is installed in /opt/oss. If
NOTE

Between the server and OSS(CORBA NBI, XML NBI and
RESTCONF NBI)
To replace ssl certificates used for NBI, see U2000 CORBA NBI User Guide, U2000 XML
NBI User Guide and U2000 RESTCONF NBI User Guide.
C.8.10 Deploying the SSL Trust Certificate on the Internet

Explorer
When the U2000 uses Hedex Help or uses the Web LCT to manage NE series, such as the NG
WDM, NG WDM (NA), RTN, and Marine, some functions of the NE Explorer must be
opened through an Internet Explorer. In this case, the SSL trust certificate of the Internet
Explorer must be deployed. When the U2000 is installed, the SSL certificate developed by
Huawei is loaded for temporary communication. Do not use this certificate commercially. The
U2000 supports certificate replacement. Before enabling SSL communication, apply for a
certificate from a CA and use it to replace the temporary certificate in the commissioning
phase, to improve the communication security of U2000.

Context
The trust certificate preconfigured by Huawei consists of the root certificate
huaweiossCA.crt and intermediate certificate networkossCA.crt. All of the certificates need
to be deployed on the Internet Explorer.
Procedure
Step 1 Open the Internet Explorer of the U2000 client and choose Tool > Internet Options from the
main menu.
Step 2 In the Internet Options dialog box, select Content tab and click Certificates.
Step 3 In the Certificates dialog box, deploy the root certificate huaweiossCA.crt.
1. Select the Trusted Root Certification Authorities tab and click Import.
2. In the Certificate Import Wizard dialog box, click Next.
3. Click Browse..., select the trusted root certificate huaweiossCA.crt, and click Next.
NOTE
The trust root certificate preconfigured by Huawei, huaweiossCA.crt , is stored in the oss\client
\client\style\defaultstyle\conf\ssl\trust\PEM directory.
4. Click Next, and then click Finish.
5. In the Security Warning dialog box that is displayed, click Yes.
6. In the Certificate Import Wizard dialog box, click OK.
Step 4 Deploy the intermediate certificate networkossCA.crt.

1. Select the Intermediate Certification Authorities tab and click Import.
2. In the Certificate Import Wizard dialog box, click Next.
3. Click Browse..., select the trusted intermediate certificate networkossCA.crt, and click
Next.
NOTE
The trust intermediate certificate preconfigured by Huawei, networkossCA.crt, is stored in the

oss\client\client\style\defaultstyle\conf\ssl\trust\PEM diectory.
4. Click Next, and then click Finish.
5. In the Certificate Import Wizard dialog box that is displayed, click OK.
Step 5 Click Close.
Step 6 In the Internet Options dialog box, select the Advanced tab. Drag the scroll bar to Security
and clear the selection of the Warn about certificate address mismatch*.
Step 7 Click OK.
Step 8 Restart the Internet Explorer.
----End
Follow-up Procedure
l If the U2000 GUI is displayed abnormally, the SSL certificate fails to be uploaded. Refer
to the preceding operations to redeploy a digital certificate.

l If the dialog which prompted you need trusted certification is displayed in the U2000 NE
management, right-click Continue to this website (not recommended), and then click
Open in the New Window. In the dialog box that is displayed, click OK. If the Security
Alert dialog box for the installation certificate is displayed, click OK to display the
current function GUI. After finish the operation, the U2000 GUI will display normally.
C.8.11 Modifying the Password of the .p12 Certificate File

The U2000 allows the password modification for the .p12 identity certificate file which is
predeployed by Huawei. The cipher text settings of the new password need to be stored in the
configuration file of the .p12 identity certificate.
Prerequisites
The OpenSSL is installed on the Windows machine on which the .p12 certificate file is to be
modified. You can go to http://code.google.com/p/openssl-for-windows/downloads/list and
select a desired version based on the system model on the machine to download the OpenSSL.
Context
l The .p12 certificate files are downloaded to the Windows machine on which the
OpenSSL is installed for password modification. After the password is modified, upload
the .p12 certificate file to directory to replace the old certificate file. The Huawei
predeployed certificate used by the U2000 server is used as an example to describe how
to modify the password of the .p12 certificate file. On Solaris or SUSE Linux, you need
to use SFTP to download the Huawei predeployed certificate file to be modified to the
Windows OS, modify the password, and then upload the new certificate file and replace
the old certificate file. The permission value of the new certificate file must be 600, and
the owner is ossuser and the group is ossgroup.
l To modify the password of the SSL certificate predeployed by huawei for the MSuite
server and client, you must replace the certificate. The password is automatically
modified during certificate replacement. For details, see Replacing SSL Certificates
Used for the U2000 Server.
l The default passwords of the server certificate an client certificate predeployed by
Huawei both are Changeme_123.
Procedure
Step 1 Modify the password of the .p12 certificate file predeployed by huawei on the U2000 server.
1. Log in to the Windows server as the administrator.
2. Download the server.p12 certificate file predeployed on the U2000 server to a directory
on the Windows machine, such as D:\ssl.
NOTE
The Huawei predeployed certificate used by the U2000 server is default stored in the following
directory:
– Solaris or SUSE Linux: /opt/oss/server/etc/ssl/keyStore/PFX
– Windows: D:\oss\server\etc\ssl\keyStore\PFX
3. Choose Start > Run, enter cmd and click OK.
4. In the CLI, switch to the directory the certificate file is stored.
>cd /d D:\ssl

5. Back up the .p12 file.

>copy server.p12 server.p12.bak
6. Add the directory in which the executable file of the OpenSSL is stored to the path.
>set path=openssl_path;%PATH%
NOTE
openssl_path specifies the directory in which the executable file openssl.exe of the OpenSSL is
stored.
7. Convert the .p12 file to the .pem temporary file.
>openssl pkcs12 -in server.p12 -out temp.pem
Enter the password of the server.p12, the pass phrase of the temp.pem files and the
confirmation pass phrase as prompted. Information similar to the following is displayed:
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
NOTE
– The default password of the server.p12 predeployed by Huawei is Changeme_123.

– The temp.pem file is a temporary file which is converted from the server.p12 file. The pass
phrase of the temp.pem file is specified by the user.
– The password of the file must meet password complexity requirements. For example, the
password must contain less than eight characters and contains at least two of the following
types of characters: upper-case letter, lower-case letter, digit, special charater.
8. Generate the new .p12 file.
>openssl pkcs12 -export -certpbe PBE-SHA1-3DES -in temp.pem -out server.p12
Enter the pass phrase of the temp.pem file, the password of the temp.pem file, and the
confirmation password. Information similar to the following is displayed:
Loading 'screen' into random state - done
Enter pass phrase for temp.pem:
Enter Export Password:
Verifying - Enter Export Password:
NOTE
– The temp.pem file is a temporary file which is converted from the server.p12 file. The
server.p12 file is the newly generated certificate file.
– The password of the server.p12 file must meet password complexity requirements. For
example, the password must contain less than eight characters and contains at least two of the
following types of characters: upper-case letter, lower-case letter, digit, special charater.
9. Rename the server_key.pem file in the U2000 server installation directory D:\oss
\server\etc\ssl\privatekey\PEM\ as server_key.pem.bak, copy the temporary file
temp.pem to the D:\oss\server\etc\ssl\privatekey\PEM\ directory, and remane the
temp.pem file as server_key.pem.

NOTE
If the U2000 server uses Solaris or SUSE Linux OS, log in to the server as the ossuser user, upload the
temp.pem file to the /opt/oss/server/etc/ssl/privatekey/PEM directory in binary mode (for example,
by using FTP), and run the following commands:
$ cd /opt/oss/server/etc/ssl/privatekey/PEM
$ cp -p server_key.pem server key.pem.bak
$ mv temp.pem server_key.pem
$ chown ossuser:ossgroup server_key.pem
$ chmod 600 server_key.pem
10. Upload the server.p12 file in which the password is modified to the default server.p12
file path on the U2000 server.
Step 2 Configure the cipher-text password of the .p12 certificate file on the server to the
configuration file.
1. Log in to the U2000 server.
– Windows: Log in to the server as the administrator.
– Solaris/SUSE Linux: Log in to the server as the ossuser user.
2. Configure the ciphertext of the new password to the configuration file
CertificateConfig.xml.
– Windows:
>ssl_adm -cmd setpassword newpassword
– Solaris/SUSE Linux:
$ssl_adm -cmd setpassword newpassword
NOTE
– newpassword specifies the new password of the server.p12 file which is configured in Step 1.
– For other certificate directories in the etc/ssl path, you must use the ssl_adm -cmd
setpassword -app appname newpassword command to configure the ciphertext password of
the certificate to the configuration file. The appname specifies the name of the directory in
which the certificate is stored.
Step 3 Restart the U2000 server.

Step 4 Modify the password of the certificate file client.p12 on the client. The modification
procedure on the client is similar to that on the server. For details, see Step 1.
NOTE
The Huawei predeployed certificate used by the U2000 client is default stored in the following directory:
client\client\style\defaultstyle\conf\ssl\keyStore\PFX
Step 5 Configure the cipher-text password of the .p12 certificate file on the client to the
configuration file.
1. Start the certificate configuration tool.
Double-click the CertConfigurator.bat script in the U2000 client installation directory
client\client\bin and access the certificate configuration window.
2. In the Certificate Configuration window, click the ... buton next to File Name on the
Identity Certificate tab and select the certificate file to be configured.
The path in which the file is stored is displayed in the File Name.
3. Enter the password of the identity certificate in PFX Password and click OK.
----End

Follow-up Procedure
After the certificate password is modified and the ciphertext password is set in the
configuration file, delete the backup certificate file and the .pem file that is generated
temporarily.
C.8.12 Verifying Certificate Validity

If a digital certificate is used for secure communication, the communication will stop after the
certificate expires. The U2000 provides the function of verifying certificate validity and
reporting an alarm to users before a certificate expires. This function prevents service
disconnection from theU2000 after a certificate expires.
Context
The U2000 verifies the validities of the MSuite Certificate, Internal NMS Certificate, SBI
Certificate, Other Certificate, and NBI CORBA Certificate and NBI XML Certificate by
default.
Procedure
Step 1 Log in to the MSuite. For details, see C.2.2 Logging In to the MSuite Client.
Step 2 Choose Certificate File Management > Certificate Validity Period Check.
Step 3 In the dialog box that is displayed, select Check certificate validity period and set Check
period and Threshold for overdue alarm.
NOTE
l The default values of Check period and Threshold for overdue alarm are 1 day and 30 days.
l Threshold for overdue alarm specifies the number of days before a certificate expires and an alarm
indicating that the certificate expires is reported.
Step 4 Click OK.
----End
Result
After the configuration is performed, the U2000 regularly checks the certificate validity. If the
number of days a certificate keeps available is smaller than that before the certificate expires,
an alarm is reported, reminding users of updating the certificate in time.
C.8.13 Modifying the DH Value Length in an SSL Certificate

This topic describes how to modify the DH value length in an SSL certificate. To improve
security for U2000 V200R015C60 and later, the DH value length needs to be changed from
1024 bits to 2048 bits in the SSL certificate.
Overview
l SSL certificate: a digital certificate configured on the server, which is also called the SSL
server certificate. It is used to improve U2000 security by providing identity
authentication for communication between the U2000 and peripheral systems.
l DH: stands for Diffie-Hellman and is an asymmetric encryption algorithm used by the
SSL certificate.

Usage Scenario
Table C-7 DH parameter description in U2000 upgrade and installation scenarios

Scenario Description
U2000 l After the U2000 upgraded to V200R015C60 or later accesses an upper-

upgrade layer OSS network through an NBI (CORBA or XML interface) or an
access interface TL1, the DH value length is set to 2048 bits by default
on the SSL server. The value can be modified using the NBI
configuration tool according to the related operation guide. Other SSL
communication channels have no such restrictions and inherit the pre-
upgrade DH parameter configurations.
l To ensure communication security, it is recommended that the DH value
length be changed from 1024 bits to 2048 bits on the SSL server.
U2000 For newly installed U2000 V200R015C60 or later, the DH value length on
installation the SSL server is 2048 bits by default.
Table C-8 Modifying the DH parameter in the SSL certificate in U2000 interconnection
scenarios
Scenari Description Operation SSL Certificate
o Path
Commun For U2000 V200R015C50 1. Change the DH ssl/option.xml

ication and earlier, the SSL client value length to
between does not support the 2048-bit 1024 bits in the
the DH parameter. If the U2000 is SSL certificate on
U2000 upgraded to V200R015C60 or the server in CLI
server later, the DH value length mode.
and must be set to 1024 bits in the 2. Upgrade the
client SSL certificate on the SSL client in CAU
server and can be changed to mode.
2048 bits only after the SSL
client is upgraded 3. Change the DH
successfully. value length to
2048 bits in the
SSL certificate on
the server in CLI
mode.
Commun To ensure communication Change the DH value ssl/solution/

ication with the uTraffic, after the length to 1024 bits in option.xml
between U2000 is upgraded to the SSL certificate in
the V200R015C60 or later, the CLI mode.
U2000 DH value length configured
and on the SSL server must be
uTraffic 1024 bits.


o Path
To ensure communication Change the DH value

with the uTraffic, after U2000 length to 2048 bits in
V200R015C60 or later is the SSL certificate in
installed, the DH parameter CLI mode.
value length configured on
the SSL server must be 2048
bits.
Commun When the U2000 – ssl/nemanager/

ication communicates with NEs, SSL default/option.xml
between security is subject to NE
the configurations. Therefore,
U2000 configuring the SSL client is
and NEs not required.
The SSL certificate is used Change the DH value

when an NE uploads Syslog length to 1024 bits in
logs to the U2000. In this the SSL certificate in
scenario, the DH value length CLI mode.
must be 1024 bits during a
U2000 upgrade.
The SSL certificate is used Change the DH value

when an NE uploads Syslog length to 2048 bits in
logs to the U2000. In this the SSL certificate in
scenario, the DH value length CLI mode.
must be 2048 bits during
U2000 installation.
Commun To access the northbound Change the DH value –

ication network through a CORBA length to 1024 bits in
between interface, the DH value length the SSL certificate
the must be 2048 bits in the SSL for the CORBA
U2000 certificate in both northbound interface on the
and network upgrade and server through the
upper- deployment scenarios. If the northbound
layer U2000 fails to interconnect configuration tool.
OSS with an upper-layer OSS, the
DH value length must be
changed to 1024 bits on the
U2000 server.


o Path
To access the northbound Change the DH value –

network through an XML length to 1024 bits in
interface, the DH value length the SSL certificate
must be 2048 bits in the SSL for the XML
certificate in both northbound interface on the
network upgrade and server through the
deployment scenarios. If the northbound
U2000 fails to interconnect configuration tool.
with an upper-layer OSS, the
U2000 server.
To access the upper-layer Change the DH value ssl/access/option.xml

OSS network through a TL1 length to 1024 bits in
interface, the DH value length the SSL certificate in
must be 2048 bits in the SSL CLI mode.
certificate during U2000
installation. If the U2000 fails
to interconnect with the
upper-layer OSS network, the
U2000 server.
Commun For the newly installed – ssl/server/option.xml

ication U2000, the DH value length
among must be 2048 bits in the SSL
nodes in certificates on different nodes
the in a distributed system.
U2000
distribute
d system
Modification Method
l In CLI mode:
– For the Windows OS:
i. Log in to the OS as administrator.
ii. Run the following command to change the SSL certificate key length:
> cd /d D:\oss\server\tools\ssltool
> python ModifySSLDH.pyc ssl/XXX/option.xml -2048/-1024
NOTE
l ssl/XXX/option.xml indicates the configured certificate directory. For example,

ssl/server/option.xml is the certificate directory configured for communication
among different nodes in the U2000 distributed system.
l -2048/-1024 indicates the DH value length. To change the DH value length to 2048
bits, enter -2048; to change the DH value length to 1024 bits, enter -1024.

If information similar to the following is displayed, the modification succeeds:

Modify successfully !
– For the Solaris or Linux OS:

i. Log in to the OS as the ossuser user.
ii. Run the following command to change the SSL certificate key length:
$ cd opt/oss/server/tools/ssltool
$ python ModifySSLDH.pyc ssl/XXX/option.xml -2048/-1024
NOTE
l ssl/XXX/option.xml indicates the configured certificate directory. For example,

ssl/server/option.xml is the certificate directory configured for communication
among different nodes in the U2000 distributed system.
l -2048/-1024 indicates the DH value length. To change the DH value length to 2048
bits, enter -2048; to change the DH value length to 1024 bits, enter -1024.
If information similar to the following is displayed, the modification succeeds:
Modify successfully !
l The NBI Config Tools:

On the NBI Config Tools, choose Configure CORBA > Custom Config from the
navigation tree on the left and modify the configuration item SSL_DH_PARAM. The
default value is 1, indicating that the DH encryption key length is 2048. The value 0
indicates that the DH encryption key length is 1024.
C.9 Commissioning Tool

This topic describes the scenarios where a U2000 is commissioned. To enable a U2000 to
manage networks, you must commission the U2000 before using it to manage NEs and
configure services. The commissioning tool is used only after the initial installation of the
U2000 is complete. Do not use the commissioning tool after the U2000 has running for a
period of time. If the U2000 need to be commissioned after the initial installation of the
U2000 is complete, see section Commissioning the U2000 in the software installation and
commissioning guide.
C.10 Modify U2000 Configuration Items

Some function items of the U2000 can be controlled by the configuration items in the
configuration file. The U2000 provides a GUI-based tool that allows you to view and modify
configuration item settings through graphical user interfaces (GUIs).
Prerequisites
Ensure that the U2000 database server is running properly.
NOTICE
Before modifying configuration items, ensure that you have understood the details and
modification effects on every configuration item. The modification of some configuration
items results in a restart of processes, and this may interrupt the monitoring.

Context
The tool supports the modification only of certain common configuration items. For details
about more configuration items, submit application to Huawei.
Procedure
Step 2 Choose Tools > Config Manager from the main menu.
The Config Manager dialog box is displayed, and all configuration items are displayed by
default.
Step 3 Optional: Click Filter, set the filter criteria and click OK to query the information about the
required configuration items.
Step 4 In the Config Manager dialog box, double-click a configuration item. In the Modify Config
Value dialog box, change the value of the configuration item.

NOTE
To view the information about operation failures, navigate to the directory oss\client\logs\deploy
\bundlelog and open the Unitedmgr_client.log file.
----End
C.11 Visualization Configuration Item List

This topic describes the visualization configuration items for the MSuite.
Modifying a configuration item is a high-risk operation which results in a change of the
U2000 specification or function. Perform this operation under the guidance of Huawei
Table C-9 Configuration item list

Defau
Sybsy Config Restart
lt Description
stem Name Process
Value
SNMPCollector
AGG_MIN_ Dm, PMSDm,
Enable Min Max Aggregation Or
PM MAX_ENA 0 BulkCollectorD
Not. 0-No, 1-Yes, default is 0.
BLE m,
PMDataRefiner
AUTO_INS
TANCE_SY
PM 00:00 Provide the time in HH:MM format PMSDm
NCRONIZA
TION

Defau
lt Description
stem Name Process
Value
DATA_LIFE
_CYCLE_A Timer interval for taking the auto
UTO_DUM Dump.Minimim Interval is 1 and
PM 4 PMSDm
P_TIMER_I Maximum Interval is 24.Timer
NTERVAL_ Interval is in Hours
HRS
This config parameter specific the PMSDm,BulkC

DATA_SAV mode of the data store. 2 means ollectorDm,SN
PM 1
E_STYLE save to file, other number for MPCollectorD
database, default is 1. M,TXTNBIDm
DUMP_FIL
E_STORE_ Number of days data to keep in hard
PM 7 PMSDm
DAYS_NU drive after backup
M
ENABLE_D Enable Data Admin Or Not. 0-No,

PM 1 PMSDm
ATAADMIN 1-Yes, default is 1.
ENABLE_D Enable Dataquery Or Not. 0-No, 1-

PM 1 PMSDm
ATAQUERY Yes, default is 1.
ENABLE_D Whether to delete the back up

PM ELETE_DU 1 folders from Hard Drive or not. 0- PMSDm
MPEDFILE No, 1-Yes, default is 1.
ENABLE_R
Enable Remote manager Or Not. 0-
PM EMOTEMG 0 PMSDm
No, 1-Yes, default is 0.
R
INST_COL
Max. batch size in monitoring
PM L_CREATE 300 PMSDm
instance creation
_BATCH
LIFE_CYCL
Delay after each delete operation (in
PM E_OPER_IN 1 PMSDm
seconds)
TERVAL
PMSDm,BulkC
Maximum time after which day
MaxLargeTa ollectorDm,SN
PM 30 granularity tables will get split
bleDay MPCollectorD
( days )
M
PMSDm,BulkC
Maximum time after which
MaxMedium ollectorDm,SN
PM 4 granularity 60 min tables will get
TableDay MPCollectorD
split ( days )
M

Defau
lt Description
stem Name Process
Value
PMSDm,BulkC
MaxTableDa Maximum time after which the ollectorDm,SN
PM 1
y tables will get split ( days ) MPCollectorD
M
RouterMgrDm,
IPCOMMO ,Whether to start scheduled polling. FrameSWMgrD
IP_BA
N_SYNC_P 1 The value 1 indicates that scheduled m,BoxSWMgrD
SE
ollEnable polling will be started. m,SecurityMgr
Dm
.Whether to automatically create a

device performance indicator
collection instance. The value 1 RouterMgrDm,
IPCOMMO
indicates that a device performance FrameSWMgrD
IP_BA N_DEVSTA
0 indicator collection instance will be m,BoxSWMgrD
SE T_AUTO_C
automatically created. The value 0 m,SecurityMgr
REATE
indicates that a device performance Dm
indicator collection instance will not
be automatically created.
RouterMgrDm,
IPCOMMO
FrameSWMgrD
IP_BA N_QVShort 18000 Duration of polling all devices, in
m,BoxSWMgrD
SE _Poll_Interv 0 milliseconds
m,SecurityMgr
al
Dm
RouterMgrDm,
IPCOMMO
Time when a polling tasks is started. FrameSWMgrD
IP_BA N_SYNC_P
1 The value is an integer between 0 m,BoxSWMgrD
SE OLLTIMES
and 24 m,SecurityMgr
TART
Dm
RouterMgrDm,
IPCOMMO
Duration of executing a polling FrameSWMgrD
IP_BA N_SYNC_P
3 task, in hours. The value is an m,BoxSWMgrD
SE OLLTIMEL
integer between 0 and 24. m,SecurityMgr
AST
Dm
IPCOMMO RouterMgrDm,
N_DEVSYN Time to wait before configuration FrameSWMgrD
IP_BA
C_REBOOT 30 synchronization after a device is m,BoxSWMgrD
SE
_INTERVA restarted. m,SecurityMgr
L Dm
RouterMgrDm,
IPCOMMO FrameSWMgrD
IP_BA ,Number of devices to which a
N_SYNC_P 2 m,BoxSWMgrD
SE polling task is applied
ollNum m,SecurityMgr
Dm

Defau
lt Description
stem Name Process
Value
RouterMgrDm,
IPCOMMO FrameSWMgrD
IP_BA Interval for detecting polling tasks,
N_SYNC_P 30 m,BoxSWMgrD
SE in seconds.
ollInterval m,SecurityMgr
Dm
Whether to automatically change

the sysname on device when the
RouterMgrDm,
IPCOMMO user change the sysname on topo.
FrameSWMgrD
IP_BA N_DEVNA The value 1 indicates that a device
0 m,BoxSWMgrD
SE ME_AUTO_ sysname will be automatically
m,SecurityMgr
SET changed as the topo's. The value 0
Dm
indicates that a device sysname will
not be automatically changed.
Whether to ouput collcting data of

RouterMgrDm,
IPCOMMO synchronizing device to log file.
FrameSWMgrD
IP_BA N_DEVSYN The value 1 indicates that collecting
0 m,BoxSWMgrD
SE C_CLTDAT data will be outputted to log file.
m,SecurityMgr
A_TO_LOG The value 0 indicates that collecting
Dm
data will not be outputted to log file.
IPCOMMO
IP_BA N_SYNC_D Whether to enable historical RouterMgrDm_
0
SE YNAMIC_R resources 1
ELY
RouterMgrDm,
EML_ROU
FrameSWMgrD
IP_BA TER_RPT_ Interval of the Qasn informing and
3 m,BoxSWMgrD
SE DELAY_TI reporting(unit : s, range: 0-30)
m,SecurityMgr
ME
Dm
RouterMgrDm,
LDP_TUNN FrameSWMgrD
IP_BA LDP virtual Tunnel switch <0:close;
EL_SWITC 0 m,BoxSWMgrD
SE 1:open>.
H_STATUS m,SecurityMgr
Dm
CONFIG_C
This item specifies whether service
OMMON_I
Nml_ip 0 authority is enabled. 1: yes 0: Nml_ip
S_AUTHEN
no(default)
ABLED
CONFIG_E
VENT_PAN Display Event In Panel Enable 1:
Nml_ip 0 Nml_ip
EL_ENABL yes 0: no(default)
E

Defau
lt Description
stem Name Process
Value
This item specifies whether to query

ACCE PON_SFP_I
0 access SFP information.(0:No, BmsAccess
SS NV_SYNC
1:Yes)(default:0)
PMSDm,BulkC
Maximum size of the table i.e. No
MaxTableSi 50000 ollectorDm,SN
PM of Data Recorrds in one table
ze 00 MPCollectorD
should be
M
ENABLE_K
Enable KPI Adaptation or not. 0-
PM PI_ADAPT 0 TXTNBIDm
No, 1-Yes, default is 0
ATION
NO_OF_IN
Number of instance for which trend
PM ST_AT_TIM 1000 PMDataRefiner
caculation is required at a time
E
5,10,1
periods PMS support( mins ).
PM PERIODS 5,30,6 TXTNBIDm
comma separated list
0,1440
PMS_MAXI
MUM_ACT Maximum number of Trend
PM 2000 PMSDm
IVE_TREN instances in PMS
D_LIMIT
PM_DATA_
BACKUP_F Maximum Size of the PM DATA
PM 2 PMSDm
OLDER_M store Folder in GB
AX_SIZE
SLEEP_TIM Amount of time it should wait for

PM 120 PMDataRefiner
E cal
The Minimun timer interval for the

spliting of the data tables( in
SPLIT_TAB PMSDm,BulkC
HH ).the minimum timer should be
LE_TIMER ollectorDm,SN
PM 6 6 hours and maximum should be 24
_INTERVA MPCollectorD
hrs.the timer configured should be
L_HRS M
such that maximum%Interval &
Interval/minimum should be zero
TREND_AV
Number of days used in calculation
PM G_CALC_D 14 PMSDm
of trend average
AYS
TREND_CA Interval for which trend calc will

PM 1 PMDataRefiner
L_TIME get triggered
TREND_FO
PM RMULA_T 2 Formula type PMDataRefiner
YPE

Defau
lt Description
stem Name Process
Value
TREND_NV
PM 10 fixed value PMDataRefiner
ALUE
UPDATE_S Timer for updating the statistics of

TATISTICS user tables, Default Timer Interval
PM 1 PMSDm
_INTERVA is 1. Timer Interval should be in
L days
PMS_NEED Data Aggregation enable switch, 0-

PMSDm,SNMP
PM _AGGREG 1 No aggregation, positive value -
CollectorDM
ATION aggregated supported
PMS_AGG
Data Aggregation Loading enable
REGATION SNMPCollector
PM 0 switch, 0 - No Loading at
_LOADING Dm
SNMPStartup , 1 - Loading
_ENABLE
Check DB Size Alarm level.

Default value is CRITICAL. 1-
FaultLevel_ CRITICAL ,2-MAJOR ,3-MINOR ,
PM 1 PMSDm
Config 4-WARNING ,5-UNREPORT,6-
INDEFINITELY ,7-
SEVERITY_MAX
Synchronize SNMP Auto Task

SYNCH_RE
Resource date. Values are comma
S_FOR_AU
PM 1,3,5 separated. Default value is 1,3,5. 1- PMSDm
TO_TASK_
MON, 2-TUES, 3-WED,4-THU,5-
DATE
FRI,6-SAT,7-SUN
SYNCH_RE
S_FOR_AU Synchronize snmp auto task
PM 02:07 PMSDm
TO_TASK_ resource time(server time)
TIME
ENABLE_S Auto SNMP Task Enable disable. 0

PM NMP_AUT 0 -Disable, 1 - Enable. Default value PMSDm
O_TASK is disabled.
ENABLE_B Auto Bulk Task Enable disable. 0 -

PM ULK_AUT 0 Disable, 1 - Enable. Default value is PMSDm
O_TASK disabled
ENABLE_R
Resource Type Level Task Default
ESTYPE_L
PM 0 is disabled. 0 - Disable ,1 - Enable. PMSDm
EVEL_TAS
Default value is disabled.
K
TL1 command handling is

TL1_ENAB
PM 0 supported or not. Defautl is not PMSDm
LED
supported. 0-NO, 1-YES

Defau
lt Description
stem Name Process
Value
Maximum Number of UnMonitored

MAX_UNM Resoure to List.Default value is
ONITORED 1000. Range supported 500-5000, if
PM 1000 PMSDm
_RESOURC value configured beyond
E_COUNT range,default value will be
considered
ENABLE_
Enable mend reason or not . 0-
PM MEND_RE 1 PMSDm
disable, 1-enable
ASON
IPBULK_D
IPBulk Device file delete or not.0 -
PM ELETE_DE 1 PMSDm
Delete,1 - Not Delete
VICE_FILE
MAX_DEL 10000 The rowcount for deleting records

PM PMSDm
ETE_NUM 0 from DB after dumping data
NPMS_AUT
O_SYNCH_ NPMS Auto Synch time in 24 hour
PM 04:30 PMSDm
START_TI format
ME
MaxMendRe default value is 500000,

50000
PM sonTableSiz tiny=100000, medium=500000 and PMSDm
0
e large=1000000
NeedPartitio Need patition or not. 0-No, 1-Yes,

PM 1 PMSDm
n default is 1.
NBI_FILE_ For NBI file format type. 0-Normal,

TXTNBIDm,Bu
PM FORMAT_T 0 1-IPMS, 2-DLM, 3-TL1, 4-
lkCollectorDm
YPE PROVISIO, default is 0.
NPMS and Independent Collector

NPMS_DEP
deployment status 0 - NPMS not
PM LOY_STAT 0 PMSDm
deployed 1- NPMS deployed 2-
US
Independent Collector deployed
TREND_SU PMDataRefiner,
Enable Trend computation Or Not.
PM PPORTED_ 0 PMSDm,SNMP
0-No, 1-Yes, default is 0.
OR_NOT CollectorDM
PM_SERVE
Enable Manager VPN Mode(1 or BulkCollectorD
PM R_VPN_TY 0
0). 0-No, 1-Yes, default is 0. m
PE
ENABLE_A
UTO_SYNC Enable auto synch for manual
PM H_FOR_MA 0 instance or not. 0-No, 1-Yes, default PMSDm
NUAL_INS is 0.
T

Defau
lt Description
stem Name Process
Value
/var/p
ms/
SYNCH_FI this path is for NM to create
PM staticd PMResMgr
LE_PATH staticdata zip file
atasyn
ch
SUPPORT_
Whether require support 1 min SNMPCollector
PM 1MIN_COL 0
collection. 0-No, 1-Yes, default is 0. Dm
LECTION
SYNC_STA static data file's backup path when

var/pm PMDataSynchro
PM TIC_DATA_ synchronizing static data between
s/sync nizer
FILEPATH NM and EMs
STATICDAT
Timer's task interval when
A_SYNC_T PMDataSynchro
PM 1 synchronizing static data between
IMER_INTE nizer
NM and EMs, its units is day
RVAL
static data backup files' Max Num

MAX_BAC PMDataSynchro
PM 3 when synchronizing static data
KUP_NUM nizer
between NM and EMs
for NM's Syncchronization

EM_SYNC_
request,EM Response's timeout PMDataSynchro
PM RESPONSE 60
when synchronizing static data nizer
_TIMEOUT
between NM and EMs
UNICAST_I
PFPM_OA switch for Unicast IPFPM OAM
PM 0 PMSDm
M_ENABL NODE, 0 is disable, other is enable
E
MULTICAS
T_IPFPM_O switch for Multicast IPFPM OAM
PM 0 PMSDm
AM_ENAB NODE, 0 is disable, other is enable
LE
PM_SERVI
Service Type Name for URL based
PM CE_TYPE_ pm PMSDm
Jump
NAME
PM_DATAF
ILE_THRE Thread count of parse Performance PMDataSynchro
PM 1
AD_NUMB file nizer
ER
PMSDm,BulkC
SNMPOVE
time out for SNMPOverQx ollectorDm,SN
PM RQX_TIME 10000
Operation (ms) MPCollectorD
_OUT
M

Defau
lt Description
stem Name Process
Value
PMSDm,BulkC
SNMPOVE
retry counts for SNMPOverQx ollectorDm,SN
PM RQX_RETR 3
Operation MPCollectorD
Y_COUNT
M
IPMSNBI_T Delay Time for IPMS NBI can be

PM IMER_DEL 15 configured between 0 to 60 mins, TXTNBIDm
AY_MIN unit is minute
DLM_FILE
DLM file scan is enabled or not. 0- BulkCollectorD
PM _SCAN_NE 1
No, 1-Yes, default is 1. m
EDED
UTRAFFIC
uTraffic Extended QX device info
_NEED_EX
PM 1 required or not 0 :not required PMSDm
T_QX_DEV
1 :required
_INFO
NO_OF_TA
R_FILES_T
O_BE_DEL TAR file number deleted when BulkCollectorD
PM 5
ETED_LO space is low m,TXTNBIDm
WDISK_SP
ACE
PMS_WHE
THER_TO_
Whether to delete rambo temple file BulkCollectorD
PM DELETE_R 0
or not. 0-No, 1-Yes, default is 0. m
AMBO_TE
MPFILE
Router
,
Switch
SCRIPTUP ,VMF,
List of TDTs supporting script
PM GRADE_TD Router PMSDm
upgrade
T_LIST PTN69
00,IM
AP_T
DT
NPMS_AUT uTraffic Authentication Mode 0 - PMSDm,UTraff

PM 1
H_MODE SSL 1- SSL+UserName icAdapter
PMS_TWA
TWAMP Feature 0 - Set on Both, 1
MP_SET_S
PM 0 - Set on Source Device only, 2 - Set PMSDm
OURCE_OR
on Destination device only
_DEST
U2000_AUT U2000 Authentication Mode, 0 - AgentIntegrate,

PM 1
H_MODE SSL,1 - SSL+UserName UTrafficAdapter

Defau
lt Description
stem Name Process
Value
PM_SERVE
R_VPN_TY Enable Manager VPN Mode for
PM 1 PMSDm
PE_PTN790 PTN7900. 0-No, 1-Yes, default is 1.
0
ENABLE_D
Enable Dump to File Or Not, 1 -
PM UMP_TO_F 0 PMSDm
Enable and 0 - Disable
ILE
ALLOW_D
1044,3 The list of member resource type
ELETION_
010,69 which allow deletion operation in
PM MEMBER_ PMSDm
1044,6 composite resource. Separate by
RESOURCE
93010 comma.
_TYPE
BYPASS_M
EMBER_A
DATION_F Enable Synchronization for member
PM OR_RESTY 0 instance addion Or Not, 1 - Enable PMSDm
PES_DURI and 0 - Disable
NG_SYNC_
ENABLE
DEFAULT_DIR means base

directory will be taken from EMF
root path(oss/server). (Base
PMCO DEFA
BASE_DIR_ Directory)oss/server/nbinterface/ BulkCollectorD
LLECT ULT_
DLM XXX,Kindly specify the proper path m
OR DIR
accordingly for windows or solaris
or linux.For DSL/SEGMENT
FILES
PMCO BASE_DIR_ DEFA Path for bulk_tbd, default base

BulkCollectorD
LLECT DLM_BUL ULT_ directory will be taken as ftp/sftp
m
OR K_TBD DIR path
Path For CVLAN/ETH

PMCO BASE_DIR_ DEFA
FILES.DEFAULT_DIR means base BulkCollectorD
LLECT DLM_CVL ULT_
directory will be taken from EMF m
OR AN_ETH DIR
root path(oss/server)
Path For DSL/SEGMENT

PMCO BASE_DIR_ DEFA
FILES.DEFAULT_DIR means base BulkCollectorD
LLECT DLM_UA50 ULT_
directory will be taken from EMF m
OR 00 DIR
root path(oss/server)

Defau
lt Description
stem Name Process
Value
/
export/
PMCO home/
BASE_DIR_
LLECT nbinh2 Path for provisio file generation TXTNBIDm
PROVISIO
OR 1/
provisi
o/
/
export/
PMCO
BASE_DIR_ home/ BulkCollectorD
LLECT Path for Rambo file generation
RAMBO nbiram m
OR
bo/
rambo/
/
export/
PMCO BASE_RA home/
BulkCollectorD
LLECT MBOTEMP nbiram Path for Rambo temp file generation
m
OR _PATH bo/
tempfil
e/
PMCO BULK_FIL
Checking interval for checking local BulkCollectorD
LLECT E_CHECK_ 1
directory. In seconds m
OR INTERVAL
PMCO
U2000 EMS ID for iManager U2000. It is BulkCollectorD
LLECT EmsID
BMS used for DLM NB file names m
OR
/
export/
PMCO FILELIST_S home/
Path to generate FileList.txt for
LLECT AVED_PAT nbinh2 TXTNBIDm
Provisio files
OR H 1/
provisi
o/
PMCO PMDAP_A PMDataAggreg

Interval minutes of each
LLECT GGTIME_I 3 ationProcessorD
aggregating times in MM
OR NTERVAL m
PMDAP_A
PMCO PMDataAggreg
GG_TIME_ Aggregating time every day in
LLECT 12:00 ationProcessorD
EVERYDA HH:MM format
OR m
Y

Defau
lt Description
stem Name Process
Value
PMS_DLM_
PMCO Data Storage Mode for DLM.
DATA_STO BulkCollectorD
LLECT 1 1:FILE MODE,2:DATABSE
RAGE_MO m
OR MODE
DE
PMS_NB_D
ATE_TIME_
PMCO DATE_TIME display mode for
USING_DE BulkCollectorD
LLECT 0 data, 1: using Device time, 0: using
VICE_TIME m
OR NMS time. The default value is 0
_OR_NMS_
TIME
PMS_NB_D
PMCO LM_DATA_ the delay seconds to get file from
BulkCollectorD
LLECT COLLECTI 180 device ,the default value is 60
m
OR ON_DEALY seconds.
_SECONDS
PMS_NB_D Default Deletion Timer Time, This

PMCO
LM_DELET should be in the format HH in 24 BulkCollectorD
LLECT 04
ION_TIME hour format. Here default given is m
OR
R_TIME 04
PMS_NB_D
PMCO LM_GENE how long ( in mins ) the DLM file
BulkCollectorD
LLECT RATE_DEL 50 will generate after 1 hour, for
m
OR AY_TIME_ example if 0:50 it will be 50
MINS
Default time interval between each

PMS_NB_D
file generation,this should be in
LM_NBINT
PMCO minutes format.Minimum value is
ERFACE_TI BulkCollectorD
LLECT 60 15, Maximum value is 1440 , and
MER_INTE m
OR also
RVAL_MIN
NBINTERFACE_TIMER_INTERV
S
AL_MINS%15 should be zero.
PMS_NB_D
For Old data files to be deleted if
PMCO LM_OLD_F
exceeding following number of BulkCollectorD
LLECT ILE_DELET 03
days.default value is 3 days , It m
OR ION_DAYS
should be more than 0.
_LIMIT
PMS_NB_D
LM_SET_T
PMCO
ASK_RUN Value in Minutes. The default value BulkCollectorD
LLECT 7
NING_MIN is 7 m
OR
S_BEFORE
_HOUR

Defau
lt Description
stem Name Process
Value
PMS_NB_D
LM_WHET is used to Enable/Disable
PMCO
HER_TO_D functionality of deleting OLD DLM BulkCollectorD
LLECT 0
ELETE_OL CSV Files.values: 0 - Disabled,1 or m
OR
D_CSV_FIL any other number - Enabled
E
PMS_NB_D
PMCO LM_WHET
Whether to delete the DLM device BulkCollectorD
LLECT HER_TO_D 1
temp file. 0-No, 1-Yes, default is 1. m
OR ELETE_TE
MP_FILE
PMS_NB_P
ROVISIO_O For Old data files to be deleted if
PMCO
LD_FILE_D exceeding following number of
LLECT 05 TXTNBIDm
ELETION_ days.default value is 3 days , It
OR
DAYS_LIM should be more than 0
IT
PMCO
Supplier ID for Huawei. It is used BulkCollectorD
LLECT SupplierID HUW
for DLM NB file names m
OR
PMCO
TMPDIR_D Maximum days to keep temporary BulkCollectorD
LLECT 2
EL_DAYS files from device m
OR
PMCO
TMPDIR_D Time to delete temporary files from BulkCollectorD
LLECT 01:00
EL_TIME device m
OR
PMS_Y1731
PMCO _WHETHE Whether to delete the Y1731
BulkCollectorD
LLECT R_TO_DEL 1 temporary device files. 0-No, 1-Yes,
m
OR ETE_TEMP default is 1.
_FILE
Y1731
PMCO PW_FTPDA
_DEF directory to store the temporary BulkCollectorD
LLECT TA_TMP_D
AULT device files from device for y1731 m
OR IR
_DIR
RAMBO_E How many days Rambo empty files

PMCO
MPTY_FIL needs to be generated,if the BulkCollectorD
LLECT 3
E_GEN_MA BulkCollector process was down for m,TXTNBIDm
OR
X_DAYS few days

Defau
lt Description
stem Name Process
Value
PMS_NB_D
whether to DLM bulk DATA
PMCO LM_BULK_
MENDING feature is on/OFF,0 is BulkCollectorD
LLECT DATA_ME 0
disable(default), 1 is enable, PMS m
OR NDING_SU
will mend the data for last 3 hours.
PPORTED
PMCO
FTP_BASE_ BulkCollectorD
LLECT y1731 Ftp server base directory on device
DIR m
OR
PMCO VRP_NEED Data Aggregation enable switch for

BulkCollectorD
LLECT _AGGREG 1 VRP IP Bulk(0- No aggregation,
m
OR ATION positive value - do aggregation)
PMCO
PW_BULK_ For PW config enable. 0-No, 1-Yes, BulkCollectorD
LLECT 1
CONFIG default is 1. m
OR
PMCO PW_BULK_
BulkCollectorD
LLECT COLLECT_ 15 For bulk file collected period
m
OR PERIOD
PMCO VRP_DATA
Data Insert Mode 1- FILE MODE BulkCollectorD
LLECT _INSERT_ 2
2- DATABASE MODE m
OR MODE
DEFAULT_DIR means base

directory will be taken from EMF
PMCO DEFA root path(oss/server). (Base
BASE_DIR_ BulkCollectorD
LLECT ULT_ Directory)oss/server/xlin,Kindly
XLIN m
OR DIR specify the proper path accordingly
for windows or solaris or linux.For
XLIN FILES.
PMS_NB_X
XLIN old tar Deletion Timer
PMCO LIN_TAR_
Time,This should be in the format BulkCollectorD
LLECT DELETION 04
HH in 24 hour format. Here default m
OR _TIMER_TI
given is 04.
ME
PMS_NB_X
For Old XLIN OSS NBI tar files to
PMCO LIN_TAR_
be deleted if exceeding following BulkCollectorD
LLECT DELETION 02
number of days.default value is 2 m
OR _DAYS_LI
days,It should be more than 0.
MIT
PMS_NB_X
XLIN old ftp folder Deletion Timer
PMCO LIN_OLD_
LLECT DIR_DELE 18
OR TION_TIM
given is 18.
E

Defau
lt Description
stem Name Process
Value
PMCO NEED_TCA TCA Validation for UTraffic: 0 =

SNMPCollector
LLECT _VALIDATI 1 No need to validate,1 = Need
Dm
OR ON Validation
PMS_NB_X
For Old XLIN ftp folders to be
PMCO LIN_OLD_
deleted if exceeding following BulkCollectorD
LLECT DIR_DELE 02
OR TION_DAY
S
PMS_NB_X
LIN_WHET is used to Enable/Disable
PMCO
HER_TO_D functionality of deleting OLD XLIN BulkCollectorD
LLECT 0
ELETE_XLI Tar Files.values: 0 - Disabled,1 or m
OR
N_TAR_FIL any other number - Enabled.
E
PMS_NB_P
PNM old ftp folder Deletion Timer
PMCO NM_OLD_
LLECT DIR_DELE 18
OR TION_TIM
given is 18.
E
PMS_NB_P
For Old PNM ftp folders to be
PMCO NM_OLD_
deleted if exceeding following BulkCollectorD
LLECT DIR_DELE 02
OR TION_DAY
S
specify license mode(-1:Adaptable,

United LICENSE_ 0:SAP Mode, 1:Port Mode), must
-1 UniteUitlDM
Mgr MODE modify this parameter before update
license.
LIC_ALLO
United license exceed switch(0:Disable,
W_EXCEE 1 UniteUitlDM
Mgr 1:Enable)
D
United LIC_OFFICI offical license to temporary license

1 LicenseService
Mgr AL2TEMP switch(0:Disable, 1:Enable)
United bIsAuthorise whether customer authority is

1
Mgr d enabled. 0: disable, 1:enable
United OPERATIO Specifies whether to verify SSH

0
Mgr N_MODE fingerprints. (0: no; 1: yes)
Specifies whether the U2000

United UTRAFFIC
0 interworks with the uTraffic. (0: no; InventoryDM
Mgr _MODE
1: yes)

Defau
lt Description
stem Name Process
Value
DANGER_ Specifies whether the levels of risky

United
OPERATIO 0 operations are configurable.(0: no,
Mgr
N_LEVEL 1: yes)
Specify the protocol that the

ACCESS_X
ACCE agt_cst_xml process uses to
ML2TL1_P 1 agt_cst_xml
SS communicate with the OSS (0:
ROTOCOL
HTTP, 1: HTTPS).
ADD_MXU Whether create task while adding

ACCE
_CREATE_ 0 mxu(0:dose not create task, 1:create BmsAccess
SS
TASK task)
ADSL2+_S
ACCE Support ADSL2+ line test (0: No, 1:
PEED_FOR 0 BmsTest
SS Yes)
ECAST
ADSL_ACT
IVE_DEAC
ACCE Activate and deactivate ADSL ports
TIVE_IGNO 1 TL1NBiDm
SS repeatedly (0: No, 1: Yes)
RE_ERROR
_SWITCH
Whether the ADSL and NGADSL

ADSL_POR
port alias format should be STC
ACCE T_ALIAS_S
0 specified.(0 stands for normal, 1 BmsAccess
SS TC_SWITC
stands for STC format like *-*-
H
****), default for 0
AG_CHEC
BmsAccess,
ACCE K_H248_AL The interal of check H248
0 BmsCommon,
SS ARM_INTE Alarm(unit:min; 0:not check)
FaultService
RVAL
ALARM_A
ACCE Alarm Add ONU NAME Switch:0
DD_ONUN 0 TrapReceiver
SS disable,1 enable,default 0
AME
ALARM_A Alarm Add ONU NAME&ONU IP

TrapReceiver,B
ACCE DD_ONUN on location info Switch (0 disable,1
0 msPonAlarmTL
SS AME_ON_L enable, 2 PonTL1 Add ONU IP on
1
OCATION location,default 0)
ALARM_SE
ACCE Report device alarms (0: No, 1:
ND_SWITC 0 BmsAccess
SS Yes)
H
ALARM_SP
ACCE T_DEV_MA Alarms can be cleared in the NE
0 TrapReceiver
SS NUAL_CLE CLI.(0:disable,1:enable)
AR

Defau
lt Description
stem Name Process
Value
AUTO_AD
ACCE Switch of auto add device by
D_DEV_BY 0 BmsAccess
SS trap(0:disable,1:enable)
_TRAP
AUTO_BO
ACCE ARDCONFI Automatically confirm boards (0:
0 BmsAccess
SS RM_SWITC No, 1: Yes)
H
AUTO_DEL For MA5616,MA5603T and

_UNUSED_ MA5600T device in tr129Mode,
ACCE
VDSL2PRO 0 automatically delete unused VDSL2 BmsAccess
SS
FILE_BEFO profile before synchronization(0:
RE_SYNC No, 1: Yes)
When
BMS_TL1_ALARM_SWITCH is 1
AddAuthInf BmsPonEmsTL
or 2, if the switch is enabled, NMS
ACCE oToAlarmLo 1 and
0 will add AUTHINFO to POSITION
SS cationAtPon BmsPonAlarmT
at PON TL1 when addtion has auth
TL1ForCT L1
info. <0: Disable; 1:
Enable>(Default: 0)
ACCE AppendAlias PMS Resource name with alias

0 BmsAccess
SS AfterRes <0:close; 1:open> (default 0)
AutoDeleteR Delete the earliest routine test

ACCE
outineTestRe 1 results when the database runs out BmsTest
SS
sult of space (0: No, 1: Yes)
AutoVerifyT Interval of judging whether the

ACCE
opoDeviceIn 1 device under topo is BmsAccess
SS
tervalDays superabundance(unit:day, > 0)
Indicates the conditions under

which the U2000 verifies MxU data
redundancy for an OLT subnet in
the Main Topology after the OLT
AutoVerifyT data is synchronized. (1: The OLT
ACCE opoDeviceO subnet uses the same name as the
1 BmsAccess
SS ltSumMapPl OLT in it.2: The OLT subnet uses a
licy different name from the OLT in it
and is not a physical root subnet.3:
Verification is always performed,
regardless of the OLT subnet name
and location.)

Defau
lt Description
stem Name Process
Value
Meaning of the identifier DEV in

BMSNB_M
the NBI resource change
ACCE SGNOTIFY
0 notification message(0- BmsAccess
SS _DEVMEA
DEVNAME,1-DEVIP);parameter
N
value: default(0); range(0,1)
Switch of compatibility(0:
ACCE BMSNBiVer TL1NBiDm,
0 Enumerated character string, 1:
SS sion inTL1NBiDm
Enumerated number)
BMS_CHIN BmsAccess,TL1
ACCE China Mobile Response Format
AMOBILE_ 0 NBiDm,BmsPo
SS Switch(0: No, 1: Yes)
RSPFMT nEmsTL1
BMS_COPY
ACCE PON Service Handover (0: No, 1:
_BUSINESS 0 BmsAccess
SS Yes)
_SWITCH
BMS_DELA
ACCE YRETURN_ Delay after active a VSDL2 port for
0 TL1NBiDm
SS ACT_RESU TL1(unit: ms, 0 indicates no delay)
LT
BMS_DELA
Delay after deactive a VSDL2 port
ACCE YRETURN_
0 for TL1 (unit: ms, 0 indicates no TL1NBiDm
SS DACT_RES
delay)
ULT
Calculate license consumption

BMS_LICE
ACCE based on the number of occupied
NSE_SPECI 0 BmsCommon
SS northbound interfaces. (0: No, 1:
AL_CALC
Yes)
Client And NB Operation Message

Change Notify(0: close client and
nb operation message change
BMS_LOGI
ACCE notify; 1: only close nb operation
CRES_NOT 0 BmsAccess
SS message change notify; 2: onle
IFY
close client message change notify;
3: allow client and nb operation
message change notify)
BMS_NEIM BmsAccess,
POS Format Switch(0: name like
ACCE ENG_MOBI TL1NBiDm,
0 OLT Name-PosID-Proportion,
SS LE_POSFM BmsPonEmsTL
1:name use the GUI name)
T 1
BMS_NOTI
ACCE FY_ENABL Notify NBI Function Swtich (0: No,
0 BmsAccess
SS E_NBI_SWI 1: Yes)
TCH

Defau
lt Description
stem Name Process
Value
BMS_TL1_
Command word change flag for BmsPonEmsTL
ACCE ALARM_F
0 Telecom PON alarm NBI: 1,BmsPonAlarm
SS ORMAT_N
1=Enable, 0=Disable TL1
EW
Indicates the IP address used by the

TL1NBiDm,inT
centralized system for
L1NBiDm,Bms
communication through the TL1
ACCE BMS_TL1_ PonEmsTL1
default NBI.(This item takes effect only
SS NBI_IP and
when not all IP addresses are
BmsPonAlarmT
listened to;Default value "default",
L1
Not setting)
BMS_TL1_
ACCE Record operations logs for the TL1
OPERLOG_ 1 BmsAccess
SS NBI (0: No, 1: Yes)
SWITCH
BMS_USER
UserLabel is consistent between
ACCE LABEL_CO
0 NMS and devices (0: Disabled, 1: BmsAccess
SS NSISTENC
Enabled)
Y_TYPE
BMS_USER
ACCE
LABEL_IS_ 1 Use UserLabel (0: No, 1: Yes) BmsAccess
SS
USED
ACCE BREAK_OF NMS-NE disconnection period

15 BmsAccess
SS F_TIME (unit: minute)
CMTS_CM_ Switch of cable modem SNMP

ACCE
SNMPQUE 0 query for TL1.(0:disable,1:enable) BmsAccess
SS
RYSWITCH (default 0)
The content of CMC Position

CMTS_REP
ACCE displayed.
ORT_CMC_ Name BmsAccess
SS (Name;UserLabel;Memo.Default:N
POSITION
ame)
CMTS_REP The content of Frame Position

ACCE ORT_FRAM displayed.
Name BmsAccess
SS E_POSITIO (Name;UserLabel;Memo.Default:N
N ame)
CMTS_REP
ACCE The max rate of ports.unit:M.-1
ORT_MAX_ -1 BmsAccess
SS means invalid value.(default:-1)
RATE
CPESVC_C ONT service verification

ACCE
OLLECTIO 0 information collection(0:Off, BmsAccess
SS
N_SWITCH 1:On,default:0)

Defau
lt Description
stem Name Process
Value
ACCE ConvertInne Whether inner VLAN conversion is

0 BmsAccess
SS rVlan required.(0: No, 1: Yes)
ACCE DCT_SFTP_ File transfer protocol (0: FTP, 1: BmsAccess,Bm

1
SS SWITCH SFTP) sCommon
ACCE DEV definition (0: Device name, 1: TL1NBiDm,

DEVMEAN 0
SS Device IP address) inTL1NBiDm
BmsAccess,Bm
DEV_ERRO sCommon,inbx
ACCE tolerance switch for error of
R_TOLERA 0 mlsoap_agent,T
SS device(0:disable, 1:enable)
NCE L1NBiDm,inTL
1NBiDm
DEV_SYSN
ACCE AME_CON Use the device name as the name of
0 BmsAccess
SS TROL_SWI a new NE (0: No, 1: Yes)
TCH
Disable trap or alarm ID list of

device which format like
11@15
ID@traptype, traptype: 0-alarm,
DEV_TRAP ,
ACCE other-trap, multiple IDs using an
_DISABLE_ 114@5 BmsAccess
SS English comma to separate, between
LIST ,
DEV_TRAP_DISABLE_LIST and
115@5
DEV_TRAP_REENABLE_LIST
must be different
Reenable trap or alarm ID list of

device which format like
ID@traptype, traptype: 0-alarm,
other-trap, multiple IDs using an
DEV_TRAP
ACCE English comma to separate, config
_REENABL NULL BmsAccess
SS to all device only ont time after
E_LIST
restart process,between
DEV_TRAP_REENABLE_LIST
and DEV_TRAP_DISABLE_LIST
must be different
ACCE ENCODING
UTF-8 Server Encoding Mode BmsAccess
SS _MODE
ETHOAM_
ACCE Use the standard ETH OAM
STANDAR 1 BmsAccess
SS protocol (0: No, 1: Yes)
D_SWITCH
ACCE ETVERSIO ET Version Switch(0: Disabled, 1: TL1NBiDm,

0
SS N Enabled) inTL1NBiDm

Defau
lt Description
stem Name Process
Value
FRAMEPO
ACCE Synchornize NE data by priority (0:
LL_IS_NEE 0 BmsAccess
SS No, 1: Yes)
D_SUP_PRI
GDM_ADD
ACCE _DEV_ENV Is using SNMPv3 as default(0: No,
1 BmsAccess
SS IRONMENT 1: Yes)
_SWITCH
GPON_ON CFG-ONUBW,The vaule of UV

ACCE BmsPonEmsTL
U_USERVL 41 when config ont down limitspeed
SS 1
AN (1~4095,default:41).
GPON_POL
If modify password to loid when
ACCE L_MODIFY
0 poll,1:modify,others:not BmsAccess
SS _PASSWOR
modify,,default 0
D2LOID
ACCE ISUDISPLA ISU board switch(0: Disabled, 1:

0 TL1NBiDm
SS Y Enabled)
IS_NEED_T
O_REFRES The switch specifies whether the
ACCE H_SP_ACC sliding window refreshes service
0 BmsAccess
SS ORDING_T port data based on the search
O_GRANU granularity(0: off, 1: on)
LARITY
IS_POLL_R BmsPonEmsTL
ACCE ESULT_NE Report synchronization results to 1 and
0
SS ED_NOTIF the NBI(0: No, 1: Yes) (default 0) BmsPonAlarmT
Y_NB L1
BmsAccess,
IS_SHORT_
ACCE Does Show Short Type Name of TL1NBiDm,
ONT_TYPE 1
SS ONT(0: No, 1: Yes) BmsPonEmsTL
_NAME
1
Start running information polling

ACCE IsRunIdlePol
0 when the system is idle (0: No, 1: BmsAccess
SS l
Yes)
Synchronize physical resource data

ACCE IsStartPollin
0 of an NE upon reconnection (0: No, BmsAccess
SS g
1: Yes)
LST_DEV_
ACCE LST-DEV Show Alarm Level In
DSTAT_FU 0 TL1NBiDm
SS DSTAT Switch (0: No, 1: Yes)
NCTION

Defau
lt Description
stem Name Process
Value
TL1NBiDm,
ACCE
LoadOffline 0 Offline switch(0: off, 1: on) BmsPonEmsTL
SS
1
MAIN_BAC
KUP_SITE_ 127.0. The IP for Primary and backup
ACCE BmsAccess,Bm
EM_IPADD 0.1,12 server, just for configuring the
SS sCommon
R_MAPPIN 7.0.0.1 traphost ip.
G
MANAGE_
ACCE Switch of fan frame manageing.
FANFRAM 0 BmsAccess
SS (0:disable,1:enable)(default 0)
E_SWITCH
MAX_BQU Length limit of the messages

ACCE
ERY_MSGL 0 returned to the CPE module (range: BmsAccess
SS
ENGTH 1-1499)
ACCE MULTI_NM The scene of Multi EMS manage BmsAccess,Bm

0
SS S_SCENE the same NE (0:disable, 1:enable) sCommon
MXU_AUT Notify the NE software

ACCE O_UPGRA management process of automatic
1 BmsAccess
SS DE_SWITC MxU upgrade when a pre-deployed
H task is running (0: No, 1: Yes)
MXU_PRE_
ACCE Optimize MxU pre-
DEPLOY_P 0 BmsAccess
SS deployment(0:disable,1:enable)
ERF_OPT
MXU_UNI_
ACCE The E1 port number of the pre
PORT_COU 0 BmsAccess
SS deployment MDU (default 0)
NT_OF_E1
Dump Directory(1: FTP or SFTP

root directory/ftproot on Solaris and
NBI_INVE Linux OS or FTP or SFTP root BmsPonEmsTL
ACCE NTORY_D directory on Windows OS; 2: FTP 1,
2
SS UMP_DIRE or SFTP root directory/ftproot/ BmsPonAlarmT
CTORY DUMP on Solaris and Linux OS or L1
FTP or SFTP root directory/DUMP
on Windows OS)
NBI_INVE
Format of the file to which
ACCE NTORY_D
2 inventory data is exported through TL1NBiDm
SS UMP_VERS
the TL1 NBI (2: 2.0, 3: 3.0, 4: 4.0)
ION
NE_FTP_S
ACCE The EMS flag of synchronization BmsAccess,
YNC_EMS_ a
SS with the NE by FTP ([a,c]) BmsCommon
FLAG

Defau
lt Description
stem Name Process
Value
NE_NMS_A
ACCE Alarm Relation Swtich (0: No, 1:
LRAM_REL 0 BmsAccess
SS Yes)
ATION
NMS_SYN
Indicates the way in which the NMS
ACCE C_NE_DAT BmsAccess,
0 synchronizes data from NEs. (0:
SS A_PROTOC BmsCommon
file, 1: SNMP)
OL
ACCE NeedSaveRe Save routine test reports to a file (0:

0 BmsTest
SS portToFile No, 1: Yes)
ONT_UNI_ Number of ONT CATV UNI port,

ACCE PORT_COU use to control the max number of
8 BmsAccess
SS NT_OF_CA CATV UNI port in service profile
TV (range: 8-64)
ONT_UNI_ Number of ONT ETH UNI port, use

ACCE PORT_COU to control the max number of ETH
24 BmsAccess
SS NT_OF_ET UNI port in service profile (range:
H 8-24)
ONT_UNI_ Number of ONT MOCA UNI port,

8 BmsAccess
SS NT_OF_MO MOCA UNI port in service profile
CA (range: 8-64)
ONT_UNI_ Number of ONT POTS UNI port,

32 BmsAccess
SS NT_OF_PO POTS UNI port in service profile
TS and VAS profile (range: 8-64)
ONT_UNI_ Number of ONT TDM UNI port,

8 BmsAccess
SS NT_OF_TD TDM UNI port in service profile
M (range: 8-64)
ONT_UNI_ Number of ONT VDSL2 UNI port,

8 BmsAccess
SS NT_OF_VD VDSL2 UNI port in service profile
SL2 (range: 8-64)
ONUFREE_
ACCE CHECK_O Switch of check ONU for onufree.
0 BmsAccess
SS NU_SWITC (0:disable,1:enable)(default 0)
H
ACCE OptusAdslAl Alias Switch for Optus(0: Disabled,

0 TL1NBiDm
SS iasSwitch 1: Enabled)

Defau
lt Description
stem Name Process
Value
BmsAccess,TL1
ACCE PCCWVER PCCW Version Switch(0: Disabled,
0 NBiDm,BmsCo
SS SION 1: Enabled)
mmon
Enable the profile management

PCCW_MO process and the access device
ACCE
DE_SWITC 0 management process to send BmsAccess
SS
H messages to the TL1 NBI (0: No, 1:
Yes)
PING_OPE
ACCE MxU connectivity check by OLT
N_MXUAG 0 BmsAccess
SS agent (0: Disabled, 1: Enabled)
ENT
Indicates the interval at which

PING_PRE
ACCE online pre-deployed MDUs apply
CFG_MXU_ 24 BmsAccess
SS for synchronization.unit:h;range(>0
RELOAD
and <=24)
PING_PRE
CFG_MXU_ Indicates the interval at which the
ACCE RELOAD_H U2000 checks for the pre-
30 BmsAccess
SS AS_PREMD deployment status change of
U_POOL_O MDUs.unit:min;range(>0)
K
POLL_ADS
ACCE Synchronize ADSL port status (0:
L_PORTST 0 BmsAccess
SS No, 1: Yes)
ATE
ACCE POLL_MA Maximum concurrency of NE data

6 BmsAccess
SS X_THREAD synchronization (> 0)
POLL_SHD
ACCE Synchronize SHDSL port status (0:
SL_PORTS 0 BmsAccess
SS No, 1: Yes)
TATE
POLL_SUB
ACCE Minimum concurrency of NE data
SEQUENT_ 1 BmsAccess
SS synchronization (> 0)
NUM
POLL_SUB
ACCE Synchronize NE data concurrently
SEQUENT_ 0 BmsAccess
SS (0: No, 1: Yes)
SWITCH
The end time (t2) of scheduled NE

ACCE POLL_TIM data synchronization in the 24-hour
7:00 BmsAccess
SS E_END format xx:xx (synchronization
period: t1-t2, that is, 0:30-7:00)

Defau
lt Description
stem Name Process
Value
If the default start time and end time

of scheduled NE data
synchronization do not meet
requirements, specify them in the
ACCE POLL_TIM not format of wday.starttime.endtime.
BmsAccess
SS E_SPECIAL config For example, enter 00:00.24:00 for
all-day synchronization. If the start
time is greater or equal to the end
time, NE data will be synchronized
from the next day.
The start time (t1) of scheduled NE

ACCE POLL_TIM data synchronization in the 24-hour
0:30 BmsAccess
SS E_START format xx:xx (synchronization
period: t1-t2, that is, 0:30-7:00)
POLL_VDS
ACCE Synchronize VDSL2 port status (0:
L2_PORTST 0 BmsAccess
SS No, 1: Yes)
ATE
OFF:D
SLAM
=MA5
100V1
/
MA51
00V2/
MA53
00V1/
MA56 The output parameter DTYPE of the
PONTL1_A
00V3/ PON TL1 NBI supports two more
LARM_RO BmsPonEmsTL
ACCE UA50 options: DSLAM and AG(switch is
LETYPE_O 1,BmsPonAlarm
SS 00(IP ON or OFF).Users can configure a
F_DEVTYP TL1
MB)/ list of DSLAM devices and a list of
E
MA56 AG devices.
15/
MA56
05/
MA51
05;AG
=UA5
000(P
VMV1
)
Verify Whether a DBA Template Is

PONTL1_C
ACCE Bound to the TCOUNT1 in the Line
HECK_DB 0 BmsAccess
SS Template Bound to the
A_EXISTS
ONU(0:NoCheck,1:Check)

Defau
lt Description
stem Name Process
Value
The switch specifies whether check

PONTL1_C BmsPonEmsTL
ACCE the inputed ONUIP is ONU
HECK_ON 0 1,BmsPonAlarm
SS equipment (0: close, 1: open).
UIP TL1
Default is close.
DUMP Board HardWare version

PONTL1_D
optimize switch(0:close, 1:open) BmsPonEmsTL
ACCE UMP_BHW
0 default:0, dump board go the 1,BmsPonAlarm
SS VER_SWIT
optimize process when switch to 1, TL1
CH
or keep original process.
PONTL1_S
ACCE Whether to display the ESN column BmsPonEmsTL
HOW_ESN_ 0
SS in the query results. (0: No, 1: Yes) 1
SWITCH
PONTL1_S Specifies whether to display the

HOW_SUB paths to subnets upon export, alarm BmsPonEmsTL
ACCE
NET_AT_D 0 notification, and alarm queries 1,BmsPonAlarm
SS
UMP_NOTI through the PON TL1 NBI. The TL1
FY_QRY options are as follows: 0: no 1: yes
PON_TL1_
PON TL1 add error message in BmsPonAlarmT
ACCE ADD_ERR
0 result Switch (0: No, 1: Yes default L1,BmsPonEms
SS MSG_SWIT
0) TL1
CH
PON_TL1_ BmsPonEmsTL
ACCE LSTUNREG LST-UNREGONU Show PONID 1 and
0
SS ONU_PONI <0:NO; 1:YES> (default 0) BmsPonAlarmT
D_SWITCH L1
TL1_ONT_ PON TL1 ONT SN String

ACCE BmsPonEmsTL
SN_LENGT 16 Length( 12:SN Length is 12, 16:SN
SS 1
H Length is 16)
PON_TL1_S
Switch flag for whether or not BmsPonEmsTL
ACCE HOW_MA5
0 display MA5683T device type at 1,BmsPonAlarm
SS 683T_SWIT
PON TL1(0:NO,1:YES) TL1
CH
Indicates the list of terminal types

whose SN length needs to retain 16
TL1_SN_LE BmsAccess,TL1
ACCE bytes at PON TL1.The default value
N_SPECIAL NBiDm,BmsPo
SS is empty string ,means no terminals
_ONUTYPE nEmsTL1
needs to retain 16 bytes SN at PON
TL1.Default value is empty.

Defau
lt Description
stem Name Process
Value
var/ The path of NBITXT files

PROCESS_ dump/ saved.For example:d:/oss/
ACCE
PMS_DATA PerfFil server/var/dump/PerfFileData/pms. BmsAccess
SS
_PATH eData/ (Default:var/dump/PerfFileData/
pms pms)
PROCESS_
ACCE The days of history data saved.From
PMS_DATA 60 BmsAccess
SS 0 to 2147483647.(Deafult:60)
_SAVE
The time of process history

PROCESS_
ACCE performance data by CMTS
PMS_DATA 2200 BmsAccess
SS report.For example:1600.(Server
_TIME
Time.Default:2200)
NetWork status (1:excellent,

ACCE PingNetWor 2:generic,3:weak),used to config
1 BmsAccess
SS kStatus parameter which used to check
deivce status.
Indicates the interval at which the

RENEW_S subnets of NEs are updated. The
BmsPonEmsTL
ACCE UBNET_IN options are as follows: 0: Never
0 1,BmsPonAlarm
SS TERVALDA update the subnets of NEs. > 0:
TL1
YS Update the subnets of NE at the
specified interval.
RPS_IGNO Specifies whether to skip the

ACCE RE_DOMAI domain name and IP address of the
1 BmsAccess
SS N_MISMAT RPS certificate during verification.
CH (0: no, 1: yes)
This item indicates the month for

RoutineRepo saving test report files. The default
ACCE
rtFileMonth 1 value is 1 and the maximum value is BmsTest
SS
Num 12. Value 0 indicates to save the
files permanently.
ACCE RoutineRepo Directory of routine test report files

BmsTest
SS rtFilePath (blank by default)
SERVCIE_P
ACCE Show Serviceport ID(0:NO, 1:
ORT_ID_VI 0 BmsAccess
SS YES)
SIBLE
SUPPORT_
ACCE OLD_VERS Is suppopt old version TypeB
0 BmsAccess
SS ION_TYPE function(0: off, 1:on, default:0)
B

Defau
lt Description
stem Name Process
Value
SYNC_CO
ACCE MPLETED_ Is synchronization result notify
0 BmsAccess
SS NOTIFY_O TL1(0: No, 1: Yes)
SS
TIME_STA Interval of updating SNMP

ACCE
MP_MEM_ 1800 parameters (unit : s, range: BmsAccess
SS
SNMP 300-43200,Default: 1800)
TIME_STA
ACCE MP_OF_CL Interval of judging whether clients
300 BmsAccess
SS IENT_STAT are online (unit: s)
E
BmsPonEmsTL
TL1_LSTO ONUTYPE format switch for
ACCE 1 and
NUTYPE_S 0 Telecom PON <0:close; 1:open>
SS BmsPonAlarmT
WITCH (default 0)
L1
TL1_MAX_
TASK_COU
The Upper Limit of the Task
ACCE NT_OF_AL
30000 Created by All Users in Two Hours Tl1NBiDm
SS L_USER_IN
in TL1(Default: 30000)
_TWO_HO
URS
TL1_MAX_
ACCE TASK_COU The Upper Limit of the Task
10 TL1NBiDm
SS NT_OF_A_ Created by a Users(Default: 10)
USER
TL1_SCHE Query TL1 timing tasks (1: display

ACCE DULE_TAS TL1 timing tasks created by the TL1 Timing
1
SS K_SHOW_ current user only; 2: display TL1 Task Manager
BY_USER timing tasks created by all users)
TL1_SHOW Switch flag for whether or not

ACCE TL1NBiDm,inT
_MA5683T_ 0 display MA5683T device type at
SS L1NBiDm
SWITCH TL1(0:NO,1:YES)
TL1_TIME_
ACCE BEFORE_B The Time Before Bind IGMP RP in
24 TL1NBiDm
SS IND_IGMP_ TL1(Default: 24)
RP
TL1_TIME_
BETWEEN_ The Time Between Bind and
ACCE
BIND_AND 24 Unbind IGMP RP in TL1(Default: TL1NBiDm
SS
_UNBIND_I 24)
GMP_RP

Defau
lt Description
stem Name Process
Value
TL1_TOTA
L_TASK_C The Upper Limit of the Task
ACCE 50000
OUNT_OF_ Created by All Users in TL1NBiDm
SS 0
ALL_USER TL1(Default: 500000)
S
TL1NBiDm ,
TL1_USER BmsPonEmsTL
ACCE Record TL1 operations logs(0: No,
OPERLOG_ 1 1 and
SS 1: Yes)
SWITCH BmsPonAlarmT
L1
TL1_USE_ Use approximate string matching

ACCE HAZY_QR when the LST-PORT command is
0 TL1NBiDm
SS Y_AT_LST_ issued to query ports by port alias.
PORT (0: No; 1: Yes)
TRAP_FRE
ACCE Whether process the trap of ETH
SH_ETHPO 1 BmsAccess
SS port(0:dose not process, 1:process)
RT_INFO
USERLABE
ACCE Keep UserLabel synchronous with
L_FROM_D 0 BmsAccess
SS devices (0: Yes, 1: No)
EV_FLG
XPON_AUT
ACCE O_REPLAC Automatically replace MxUs with
0 BmsAccess
SS E_MDU_S xPON devices (0: No, 1: Yes)
WITCH
XPON_CHE
ACCE CK_IADIP_ not
Check IADIP Repeat Except IP BmsAccess
SS REPEAT_E config
XCEPTIP
XPON_CHE
ACCE CK_IADIP_ Check IADIP Repeat Swtich(0: No,
0 BmsAccess
SS REPEAT_S 1: Yes)
WITCH
XPON_CHE
ACCE CK_MAC_ Check MAC Repeat Swtich(0: No,
0 BmsAccess
SS REPEAT_S 1: Yes)
WITCH
XPON_CHE
CK_ONTD
ACCE Check ONT DOMAIN Repeat
OMAIN_RE 0 BmsAccess
SS Swtich(0: No, 1: Yes)
PEAT_SWI
TCH

Defau
lt Description
stem Name Process
Value
XPON_CHE
CK_PASSW
ACCE Check for GPON authentication
ORD_REPE 0 BmsAccess
SS password conflicts (0: No, 1: Yes)
AT_SWITC
H
XPON_CHE
CK_PHONE
ACCE Check for authentication phone
NUM_REPE 0 BmsAccess
SS number conflicts (0: No, 1: Yes)
AT_SWITC
H
Configure the fault detection period

of the FTP or SFTP server that is
XPON_CPE used to execute ONT loading tasks.
ACCE FTP_ALAR The period is 0 or ranges from 30 to
30 BmsAccess
SS MCHECK_ 1440 (unit: minute). The default
TIME period is 30 minutes. If the period is
set to 0, the fault detection function
is not enabled.
XPON_DEF
ACCE AULT_DBA Default DBA template bound to
BmsAccess
SS _WHEN_A Tcont of a new ONU
DDONU
Switch flag for whether or not

XPON_LOI
ACCE display gpon onu's sn in the BmsPonEmsTL
D_OUTPUT 0
SS authentication mode of LOID (0: 1
_SWITCH
close, 1: open). Default is close
Virtual LOID prefix in the Telecom

PON NBI, if the switch
XPON_LOID_SWITCH is enabled,
ACCE XPON_LOI
default based on which the NBI determines BmsAccess
SS D_PREFIX
whether an LOID is real. An LOID
is real if its prefix is not the value of
this item. (Default: default)
Protect a real LOID from being

ACCE XPON_LOI replaced by another one for
0 BmsAccess
SS D_SWITCH Telecom PON NBI. <0: Disable; 1:
Enable> (Default: 0)
XPON_POS
ACCE Display fake pos: 0-No; 1-Yes.
_DISPLAY_ 1 BmsAccess
SS default is 1
SWITCH

Defau
lt Description
stem Name Process
Value
XPON_SUP Support LAN port IP configuration

ACCE PORT_LAN for ONT value-added service
0 BmsAccess
SS _IP_CONFI configuration (0: not support, 1:
G support)
ACCE traphost_con Configure destination hosts for traps

1 BmsAccess
SS fig (0: Disabled, 1: Enabled)
PW_SUPPO
PM RTED_TYP PTN PW supported device types PMSDm
ES
BCPPATH_
Absolute PATHS - Add doubleqoute
PM FOR_DATA PMSDm
after the directory and at the end
DUMP
PMSDm,AgentI
Main_NPM
PM The ip address of main NPMS ntegrate,UTraffi
S_IP
cAdapter
UTRAFFIC
_TROUBLE The IP address of master Utraffic
PMSDm,UTraff
PM SHOOTING Troubleshooting. Supports multiple
icAdapter
_MASTER_ IPs, separated by semicolons.
IP
CONFIG_L This item specifies whether L3VPN

3VPN_CAN discrete services can be discovered
Nml_ip 1 Nml_ip
_DISPERSE and combined to an E2E service.
2SERVICE 1:yes(default) 0:no
CONFIG_L whether l3vpn serivce could be

Nml_ip 3VPN_DEP 1 redeployed after it is deployed to Nml_ip
LOYMODE NE 1: no(default). 0: yes.
Indicates the spelling style of the

interface name. The options are as
CONFIG_S follows:0: router style (If only
PELL_POR routers are installed, use 0.)1: PTN
Nml_ip 1 Nml_ip
TNAME_ST style (If only transport or PTN
YLE equipment is installed, use 1. If all-
domain equipment is installed, the
default value is 1.)
CONFIG_V This item specifies whether VPLS

PLS_CAN_ discrete services can be discovered
Nml_ip 0 Nml_ip
DISPERSE2 and combined to an E2E service.
SERVICE 1:yes 0:no(default)

Defau
lt Description
stem Name Process
Value
CONFIG_V Whether to associate customers for

PLS_VSIDE automatic VPLS service discovery
Nml_ip 0 Nml_ip
SC_ASSOCI according to customer names in VSI
ATECUST descriptions? 1: yes; 0: no(default)
CONFIG_V
PLS_VSI_D The count of Deploy VSI(default:
Nml_ip 10 Nml_ip
EPLOY_CO 10)
UNT
CONFIG_V
PLS_ALAR
Configure VPLS alarm merger time,
Nml_ip M_PROCES 45 Nml_ip
the default time is 45S
S_MIN_INT
ERVAL
CONFIG_V
PLS_ALAR
M_NOPRO Configure VPLS alarm refurbish
Nml_ip 200 Nml_ip
CESS_MAX time, the default time is 200S
_INTERVA
L
CONFIG_S
The Sort interval of Faulty Service
Nml_ip ORT_TIME 0 Nml_ip
Monitoring
_FAULT
CONFIG_C The U2000 supports the automatic

OMMON_I export of tunnel/PWE3 client IP
Nml_ip 0 Nml_ip
S_AUTOEX addresses. 0: No (default) IP
PORT addresses: Yes
CONFIG_C
OMMON_A This item specifies the interval
Nml_ip UTOEXPO 10 (unit: day) at which the automatic Nml_ip
RT_PERIO export task is executed.
D
CONFIG_T Whether support calculate the route

UNNEL_BA with loading balance
Nml_ip 0 Nml_ip
NDWIDTH_ bandwidth(Default 0: closed ,
BALANCE 1:open).
CONFIG_P
WE3_MSG_
Configure PWE3 alarm merger
Nml_ip PROCESS_ 3 Nml_ip
time, the default time is 3S
MIN_INTE
RVAL

Defau
lt Description
stem Name Process
Value
CONFIG_P
WE3_MSG_
Configure PWE3 alarm refurbish
Nml_ip NOPROCES 45 Nml_ip
S_MAX_IN
TERVAL
L3VPN service: the maximum

CONFIG_L
number of VRFs displayed in the
3VPN_DISP
service topology. The service
LAYTOPO_
Nml_ip 200 topology is displayed only when the Nml_ip
VRF_NUM
number of VRFs for a service is
BER_THRE
equal to or less than this value.
SHOLD
(default:200)
VPLS_MIN
The minimum of the SAIs that will
Nml_ip _AGGREG 0 Nml_ip
be aggregated, the default is 0
ATE_NUM
CONFIG_L
3VPN_MSG
Configure L3VPN alarm merger
Nml_ip _PROCESS 45 Nml_ip
_MIN_INTE
RVAL
CONFIG_L
3VPN_MSG
Configure L3VPN alarm refurbish
Nml_ip _NOPROCE 300 Nml_ip
SS_MAX_I
NTERVAL
TPOAM_TE TPOAM test delay, the default time

Nml_ip 5 Nml_ip
ST_DELAY is 5S
CONFIG_P
WE3_CONF Set the merge refresh interval for
Nml_ip IG_NOTIFY 3 PWE3 service configurations, the Nml_ip
_MIN_INTE default time is 3S
RVAL
CONFIG_P
WE3_CONF Set the refresh deadline for PWE3
Nml_ip IG_NOTIFY 45 service configurations, the default Nml_ip
_MAX_INT time is 45S
ERVAL
Specifies whether to interwork with

the uTraffic. (0: no; 1: yes) The
CONFIG_LI
default value is 0. If you set it to 1,
Nml_ip NK_TO_UT 0 Nml_ip
Region and User-Defined Service
RAFFIC
Type are mandatory during the
creation of a PWE3 service

Defau
lt Description
stem Name Process
Value
UTRAFFIC
_ADAPTER 127.0. Peer system IP collection, Most 128
Nml_ip UTrafficAdapter
_SERVER_I 0.1 characters.127.0.0.1(default)
P
CONFIG_T
UNNEL_SU
Service interruption analysis tool
Nml_ip PPORT_SR 0 Nml_ip
switches(Default 0: closed ,1:open).
VINTANAL
YSIS
CONFIG_V
Specifies whether the service of
PLS_DISCO
Vpls can be set Net Type of HVPLS
Nml_ip VERY_SET 0
after discovey(Default 0: closed ,
_HVPLS_N
1:open).
ETYPE
CONFIG_V Specifies whether support copy of

Nml_ip 0
SI_COPY VSI(Default 0: closed ,1:open).
CONFIG_V
PLS_OF_PR Specifies the Vpls of private
IVATE_NET network customized by special
Nml_ip 0 Nml_ip
WORK_FO consumer(Default 0: closed ,
R_CONSU 1:open).
MER
CONFIG_T
UNNEL_AC Maximum number of tunnels that
Nml_ip TIVATE_SE 10 can be deployed in batches . The
CURE_MA default value is 10
XNUM
This item indicates the maximum

CONFIG_T
number of tunnels that can be
UNNEL_DE
undeployed or disabled in a batch or
Nml_ip ACTIVATE_ 10
the maximum number of discrete
SECURE_M
tunnels that can be undeployed in a
AXNUM
batch. The default value is 10.
CONFIG_T
UNNEL_PG This item indicates the maximum
_DEACTIV number of protection groups that
Nml_ip 10
ATE_SECU can be undeployed or disabled in a
RE_MAXN batch. The default value is 10.
UM

Defau
lt Description
stem Name Process
Value
CONFIG_L Maximum number of L3VPN

3VPN_ACT services that can be deployed in
10000
Nml_ip IVATE_SEC batches, including L3VPN service
0
URE_MAX enabling. The default value is
NUM 100000.
CONFIG_L
Maximum number of L3VPN
3VPN_DEA
services that can be undeployed in
Nml_ip CTIVATE_S 1
batches, including L3VPN service
ECURE_M
disabling. The default value is 1
AXNUM
CONFIG_L
3VPN_NE_ Maximum number of L3VPN NEs
DEACTIVA that can be undeployed in batches,
Nml_ip 1
TE_SECUR including L3VPN NE disabling.
E_MAXNU The default value is 1.
M
CONFIG_L
3VPN_SUB Maximum number of L3VPN sub-
OBJECT_A 10000 objects that can be deployed in
Nml_ip
CTIVATE_S 0 batches, including SAI enabling.
ECURE_M The default value is 100000.
AXNUM

number of L3VPN sub-objects that
CONFIG_L
can be deleted in a batch. The
3VPN_SUB
operations include SAI deletion/
OBJECT_D
Nml_ip 10 disabling, BGP/OSPF/IS-IS/RIP/
EACTIVAT
static route deletion, VPN peer
E_SECURE
deletion, and VPN FRR/IP FRR/IP
_MAXNUM
+VPN hybrid FRR deletion. The
default value is 10.
CONFIG_L
3VPN_VRF This item indicates the maximum
_DEACTIV number VRF entries that can be
Nml_ip 1
ATE_SECU deleted in a batch, including NE
RE_MAXN deletion. The default number is 1.
UM
CONFIG_L
3VPN_ROU
Display Route Loopback Detect
Nml_ip TELOOPBA 0
Menu 1: yes 0: no(default)
CKDETECT
_ENABLE

Defau
lt Description
stem Name Process
Value
CONFIG_N
ML_TESTC Display Create Test Suite Menu 1:
Nml_ip 0
ASE_ENAB yes 0: no(default)
LE
Maximum number of PWE3

services that can be operate in
batch.The operations include
CONFIG_P
undeployed/disabled/permanently
WE3_DEAC
deleted/deleted(restore in recyle)/
Nml_ip TIVATE_SE 10
deleted in offline/deleted in
CURE_MA
network/protect group switch pwe3
XNUM
services and undeployed/deleted
discrete PWE3 services. The default
value is 10.
Maximum number of PWE3

CONFIG_P
services that can be deploying
WE3_ACTI
10000 PWE3 services, deleting pwe3
Nml_ip VATE_SEC
0 services, deploying discrete PWE3
URE_MAX
services in batches. The default
NUM
value is 100000.
CONFIG_V
PLS_DEAC
number of vpls services that can be
Nml_ip TIVATE_SE 1
disabled in a batch. The default
CURE_MA
value is 1.
XNUM
CONFIG_V
PLS_VSI_D
number of vpls vsis that can be
Nml_ip EACTIVAT 1
undeployed or disabled or deleted in
E_SECURE
a batch. The default value is 1.
_MAXNUM
CONFIG_V
PLS_OBJEC
number of vpls Objects include SAI
T_DEACTI
Nml_ip 10 and PW that can be undeployed or
VATE_SEC
disabled or deleted in a batch. The
URE_MAX
NUM
CONFIG_RI This item indicates the maximum

NG_DEACT number of MPLS Protection Ring
Nml_ip IVATE_SEC 1 that can be deleted or Virtual Node
URE_MAX that can be deleted in a batch. The
NUM default value is 1.

Defau
lt Description
stem Name Process
Value
This item indicates whether the

same source and sink operation
CONFIG_E
limit is enabled on a E2E service
2E_JUDGE_
Nml_ip 1 operation object. 1 indicates that the
SRC_SINK_
limit is enabled, and 0 indicates that
NE_LIMIT
the limit is disabled. By default, the
limit is enabled.
This item indicates whether the

single NE operation limit is enabled
CONFIG_E
on a E2E service operation object. 1
2E_JUDGE_
Nml_ip 1 indicates that the limit is enabled,
SINGLE_N
and 0 indicates that the limit is
E_LIMIT
disabled. By default, the limit is
enabled.
CONFIG_B
GP_DEACT This item indicates the number of
Nml_ip IVATE_PEE 1 BGP peers that can be deleted in a
R_MAXNU batch. The default value is 1.
M
CONFIG_P
WE3_VIEW
Nml_ip 10000 Tunnel Unconfigure Protection.
_TUNNEL_
MAXNUM
CONFIG_H This item indicates the maximum

ARDPIPE_L number of hard pipe link that can be
INK_DEAC deleted in a batch. The default value
Nml_ip 1
TIVATE_SE is 1. Configuration range 1 to 1000,
CURE_MA less than or equal to 0 is unlimited,
XNUM greater than 1000 is 1000
CONFIG_S Support IP Network Expansion

Nml_ip UPPORT_N 1 Wizard(Static Scenario) (Default 0:
EW_TCAT closed ,1:open).
CONFIG_L Forcible verify L3VPN services.

3VPN_SER Include verify of MAC address and
Nml_ip 1 Nml_ip
VICE_VERI VRF label and ECMP(Default 1:
FY open ,0:closed).
CONFIG_L
3VPN_VRF Modify VPN PEER labels of
Nml_ip _STATIC_M 0 L3VPN services. (1: open , Nml_ip
ODIFYPEE 0:closed(default)).
RLABEL

Defau
lt Description
stem Name Process
Value
CONFIG_L
3VPN_VRF Modify out tunnel of static route in
Nml_ip _STATIC_M 0 L3VPN services. (1: open , Nml_ip
ODIFYTUN 0:closed(Default)).
NEL
CONFIG_S
UPPORT_N Support Tunnel Network Adjust
Nml_ip 0
ETWORK_ (Default 0: closed ,1:open).
ADJUST
CONFIG_E
TREE_NOD This item indicates the maximum
E_DEACTI number of Etree Node that can be
Nml_ip 1
VATE_SEC undeployed or disabled or deleted in
URE_MAX a batch. The default value is 1.
NUM
CONFIG_E
TREE_ETR
number of etree Objects include
EE_OBJEC
SAI and PW and leaf Aps that can
Nml_ip T_DEACTI 10
be undeployed or disabled or
VATE_SEC
deleted in a batch. The default value
URE_MAX
is 10.
NUM
CONFIG_S This item specifies the spelling style

Nml_c PELL_POR of the interface name. The options
1 Nml_cps
ps TNAME_ST are as follows: 0: router style 1:
YLE PTN style(default)
CONFIG_C This item specifies the cps service

Nml_c PS_SUPPO support undeploy. The options are
0 Nml_cps
ps RT_UNDEP as follows: 0: not support(default) 1:
LOY suport
Specifies the minimal interval for

CONFIG_C
processing messages, in second. If
PS_MSG_P
Nml_c messages are reported at a smaller
ROCESS_M 45 Nml_cps
ps interval than the specified minimal
IN_INTERV
interval, duplicate messages will be
AL
merged and reported. unit:s
Specifies the maximum interval for

CONFIG_C
not processing messages, in second.
PS_MSG_N
Nml_c If messages are reported at a greater
OPROCESS 300 Nml_cps
ps interval than the specified
_MAX_INT
maximum interval, messages will be
ERVAL
processed forcibly. unit:s

Defau
lt Description
stem Name Process
Value
CONFIG_C
This item specifies the cps service
Nml_c PS_AUTO_
1 auto configure oam's type: 1: Y. Nml_cps
ps CONFIG_O
1711(default) 2:Y.1731
AM
Specifies whether to enable data

CHECK_NE
Nml_c consistency check between the
_SYNC_ST 1
ommon U2000 and NE. 0: Not supported; 1:
ATE
Supported.(default)
Specifies whether clock links can be

Nml_c bSupportIPL searched based on Layer 2 or IP
0 Nml_common
ommon 2LinkTrail links in the clock view. 0: No; 1:
Yes
ClockViewS Specifies whether to display

Nml_c
upportCopy 1 duplicate NEs in the clock view. 0: Nml_common
ommon
NE No; 1: Yes (default)
performance flag 0: enter NE

Nml_c
bPMSSwitch 0 performance ; 1: enter PMS Nml_common
ommon
performance
CONFIG_E
Maximum number of ERPS
Nml_c RPS_CLOS
10 services that can be deleted in
ommon E_SECURE
batches. The default value is 10.
_MAXNUM
CONFIG_E
Maximum number of ERPS
Nml_c RPS_OPEN
10 services that can be operated in
ommon _SECURE_
batches. The default value is 10.
MAXNUM
Nml_n whether support switch, 0: no

SupportSwit
ativeet 0 support, 1:support, default: Nml_nativeeth
ch
h 0(disable)
Nml_n whether support service alarm, 0: no

SupportServi
ativeet 0 support, 1:support, default: Nml_nativeeth
ceAlarm
h 0(disable)
CONFIG_N Maximum number of NativeEth

Nml_n ATIVEETH services that can be undeployed,
ativeet _CLOSE_S 10 deleted from the network side or
h ECURE_M deleted in batches. The default
AXNUM value is 10.

Defau
lt Description
stem Name Process
Value
CONFIG_N
Nml_n ATIVEETH Maximum number of NativeEth
ativeet _OPEN_SE 10 services that can be deployed in
h CURE_MA batches. The default value is 10.
XNUM
DC_SEND_ Sendg alarm notificaiton to U2000

ALARAM_ in case creating auto upgrade task
DCServer,NEU
DC FOR_AUTO 0 fail. 1 - Send alarm notification to
pgrade
UPGRADE U2000; 0 - don't send alarm
TASK notification to U2000.
MAX_COU
NT_OF_AU This variables stores the maximum DCServer,NEU
DC 400
TO_CREAT NO. of Mxu Tasks allowed. pgrade
E_TASK
POLICY_O This variable is to tell how much

F_AUTO_C percentage of Mxu task can be DCServer,NEU
DC 25
REATE_TA deleted after reaching the Max pgrade
SK count of MXU tasks
MAX_COU
This variables stores the maximum DCServer,NEU
DC NT_OF_AL 800
no of Tasks allowed. pgrade
L_TASK
This variable is to tell how much

POLICY_O
percentage of task can be deleted DCServer,NEU
DC F_ALL_TA 50
after reaching the Max count of all pgrade
SK
tasks
RECOVER_
CHECK_DE Recover operation check device DCServer,NEU
DC 1
VICE_VER version.1 check, 0 not check pgrade
SION
Auto upgrade online board of

SWPKG_A
software package mode.1 auto, 0
UTO_UPGR
manual.Attention: When this option DCServer,NEU
DC ADE_ONLI 0
is on (1 configured),the task will pgrade
NE_BOAR
auto execute,this may lead to reboot
D
of the device

Defau
lt Description
stem Name Process
Value
On-demand backup options are

follows: 0: forcible backup. 1: on-
demand backup for all domains. 2:
CONFIG_C
on-demand backup for IP and
HANGE_B DCServer,NEU
DC 1 access NEs; on-demand backup for
ACKUP_EN pgrade
MML NEs supporting the dbms-
ABLED
get-dbchglabel command and TL1
NEs supporting the RTRV-DBMS-
DBCHGLABEL command.
BMS_DEV_
Specifies whether to query data
ACCE QUERY_SE
0 from NEs.<0:NO, 1:YES>(default: BmsAccess
SS RVICEPOR
0)
T
TRAN SupportSDH Eml_PubSvr,ne

0 Support SDH NE Service Remarks.
S XCLabel mgr*
NEMGR_T
TRAN RANS_6_S Eml_PubSvr,ne
11006 nemgr_trans_6 sbi port
S BIPROXYP mgr*
ORT
NEMGR_T
11061 nemgr_trans_11 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_T
11041 nemgr_trans_16 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_21_S
TRAN Eml_PubSvr,ne
BIPROXYT 11096 nemgr_trans_21 sbi tl1 ssl port
S mgr*
L1SSLPOR
T
MaxInstThre
TRAN Number of Thread to be
adNumOfPo 1
S assigned(Large-scale instance).
w
Set whether boards of the D type on

IsSupportOS the OSN 9500 support the loopback
TRAN
N9500Board 0 and overhead attributes. By default,
S
Attr the value is 0. (0: Not Supported; 1:
Supported)

Defau
lt Description
stem Name Process
Value
Usually the XC related operations

XCLoopbac should be blocked once XC
TRAN
kBlocksXC 0 Loopback is performed, we also
S
Cfging provide a switch to break this rule.
0:not block 1: block (default)
TRAN Specifies whether to enable the

LCAS 0
S LCASV1 feature. 0: no 1: yes
Indicates the wait time for fiber

TRAN FiberSearch
30 discovery. Value range: >= 5
S WaitTime
seconds
Indicates the overhead byte

TRAN OverloadPol
0 processing mode. 0: standard mode
S icy
1: extended mode
Indicates the timeout period for

TRAN WaitNETime
150 command issuance to NEs, which
S Out
takes effect without system restart.
127.0.
TRAN 2510ServerI Indicates the IP address and port ID
0.1:84 Eml_PubSvr
S P of the iManager N2510 server.
43
Whether to support Service

TRAN ThresholdSe
0 Quantity Report. 0: not
S ttingEnable
support(default).1: support.
InventorySer
TRAN
viceHTTPPo 13500 Inventory Service HTTP Port
S
rtNo
PfmCollPars
TRAN Number of Thread to parse
eThreadCou 1 nemgr*
S performance data
nt
PfmCollPers
TRAN Number of Thread to persist
istThreadCo 1 nemgr*
S performance data
unt
PfmCollBatc
TRAN Number of NEs to collect
hCollNeCou 1
S performance data
nt
TRAN PfmCollBatc Waiting time(ms) after collecting

100
S hCollSleep batch of NEs
PfmCollBatc
TRAN Number of NEs to parse
hParseNeCo 1
S performance data
unt

Defau
lt Description
stem Name Process
Value
TRAN PfmCollBatc Waiting time(ms) after parsing

100
S hParseSleep batch of NEs
PfmCollBatc
TRAN Number of NEs to persist
hPersistNeC 1
S performance data
ount
PfmCollBatc
TRAN Waiting time(ms) after persisting
hPersistSlee 100
S batch of NEs
p
After you log in to the NE, the

U2000 will check the consistency TransNmComm
TRAN HandleLogin between the data on the NE and that on,Nml_ason_ot
30
S DelayTime on the U2000 after the time period n,Nml_ason_sd
of the HandleLoginDelayTime that h
you set.
TransNmComm
TRAN 1:big slot num (defalut), 0: small on,Nml_ason_ot
slotversion 1
S slot num. n,Nml_ason_sd
h
TransNmComm
TRAN 2: ISO8859-1 , 1:UTF-8 (default), on,Nml_ason_ot
encoding 1
S 0:GBK . n,Nml_ason_sd
h
TransNmComm
1:script file force without nename,
TRAN on,Nml_ason_ot
scriptname 0 0: script file force with
S n,Nml_ason_sd
nename(default).
h
U2000 support two kinds of VC12

time slot coding mode in one VC4. Nml_sdh,Nml_i
One coding mode is Interleave p,Nml_eth,Nml
TRAN Mode, which Lucent uses.The other _eow,Client,Tra
slotModeflg 0
S is Sequence Mode, which Huawei nsNmCommon,
uses. 0->Sequence Mode, Namely Nml_ason_otn,
Huawei Mode. 1->interleave mode, Nml_ason_sdh
Namely Lucent Mode.
Default SSL Certificate relative

TRAN defaultSslCe TransNmComm
default with IMAP_ROOT/etc/ssl/
S ritiDir on
nemanager.
TransNmComm
TRAN NEUserLogi After upgrade set NE user login on,Nml_ason_ot
1
S nflag mode n,Nml_ason_sd
h

Defau
lt Description
stem Name Process
Value
TRAN NeLoginTim Set the timeout of Logining NE Nml_ason_otn,

15
S eout commands (unit: second). Nml_ason_sdh
TRAN AllocateThre Number of Thread to be assigned. Nml_ason_otn,

10
S adNum (NM) Nml_ason_sdh
Specifies whether to retain the

TRAN ImportKeep
1 logical NE IDs in scripts during
S DevID
script import. 0: no 1: yes
Indicates the generation time of the

timeOfInsert
TRAN performance data to be inserted into
PMSAggDat 2
S the 24-hour performance data
a
aggregation table. Default: 02:00
Indicates the interval at which Qx5

TRAN InterpretOld
15 old events are interpreted. Value
S EvtIntrv
range: 1-15 Default: 15
TRAN IsPrintEQX Specifies whether to record EQX

0
S Log protocol logs. 0: no 1: yes
TRAN IsPrintHFCP Specifies whether to record HFCP

0
S Log protocol logs. 0: no 1: yes
TRAN AlarmMRRe Specifies whether to display MR

0
S port report scheduled tasks.
TRAN aqzgLogPrin
3 Indicates the log printing level.
S tLevel
TRAN EVPLShare Specifies whether to enable the

0
S State EVPL share feature. 0: no 1: yes
TRAN AutoSyncN Indicates the automatic

0
S MAvailTime synchronization time range.
TRAN bEnableDela
0 Whether to enable delay calculate
S yCalculate
TRAN bEnableInser Specifies whether to save historical

0
S tHisPerfDate performance data to the database.
TRAN bFilterRTNP Specifies whether to filter IF

1
S GProtectPort protection ports.
Specifies whether to report ASON

TRAN bIsNtfOSNX
0 cross-connection change events to
S CChange
OSSs.
bNEUnSync Specifies whether to display the

TRAN
ControlSwit 0 data inconsistency mark if cross-
S
ch connection changes occur.

Defau
lt Description
stem Name Process
Value
bRegDataSy
TRAN Specifies whether to process data
ncNumberE 0
S synchronization events.
vt
TRAN bReloadTEE Specifies whether to process

1
S ventMgrEx reloading events.
Specifies whether to delay saving

TRAN bSdhXCDel
1 cross-connection data to the
S aySaveDB
database.
bSdhXCDel
TRAN Specifies whether to delay saving
aySaveDBO 0
S trail data to the database.
nTrail
TRAN bSupportDcc Specifies whether to enable the

0
S Link DCC link function.
bSupportSelf
TRAN Indicates the file saving timeout
MacAddrTi 60
S period.
meout

TRAN CheckLose
600 U2000 checks for missing alarms,
S MsgIntrv
events, and performance data.
Indicates the number of threads

TRAN
ColletorNum 10 used to collect SDH or WDM
S
performance data.
TRAN Specifies whether to print the

g_b4Test 1
S collected performance data.
TRAN Specifies whether to process the

g_bClear 0
S clearance command.
TRAN Specifies whether to save data to the

g_bSave 0
S database (rather than files).
TRAN g_intervalTi Indicates the interval of

3
S me performance data collection.
Indicates the total time of

TRAN g_schTaskR
45 performance data collection. Unit:
S unTime
minute
Indicates the period before the

TRAN g_timeoutVa
150 performance collection command
S lue
times out. Unit: minute
Indicates the interval at which NE

TRAN intervalRptT
900 data changes are reported to NE
S oDC
Software Management.

Defau
lt Description
stem Name Process
Value
TRAN IsAutoUpgra Specifies whether to automatically

0
S deNMS upgrade the NMS.
Specifies whether to check the

TRAN IsCheckFibe
1 availability of fibers after NEs,
S rOccupied
boards, or ports are deleted.
TRAN isPrintNETy Specifies whether to print NE types

1
S pe when exporting performance data.
TRAN isPrintPFM Specifies whether to print NE-side

0
S NEEventID performance event IDs.
Specifies whether to print subrack

TRAN isPrintShelfI
1 names when exporting performance
S D
data.
TRAN IsSupportBla Specifies whether to support black-

0
S ckVNE box NEs.
MaxNumber Indicates the maximum number of

TRAN
OfBoardsQr 15 boards whose current performance
S
yCurPerf can be queried at a time.
5432,1
TRAN NeSSLPortL Indicates the southbound SSL port
3331,1
S ist list.
3320
TRAN niMAPMIT
0 Indicates the MIT loading mode.
S LoadMode
niMAPMIT
TRAN Indicates the length of the varchar
StrColumLe 512
S column in the MO table.
n
nMaxXCNu
TRAN Indicates the number of cross-
mPerPackag 3000
S connections in each package.
e
nRsp_Rpt_T Indicates the threshold (response

TRAN
imeCostToL 5000 time) for printing time-consuming
S
og information.
Specifies whether to print the

TRAN PfmCollecti
0 objects of SDH and WDM
S onPrintType
performance monitoring.
bEnableAuto Specifies whether to automatically

TRAN
IndentInterO 1 calculate optical cross-connection
S
XC edge points.

Defau
lt Description
stem Name Process
Value
Indicates the timeout period for NE

TRAN nTimeoutOn
60 searches.Value range: 60-1800 Unit:
S Searching
s
Indicates the NE search mode. 1:

search by the old protocol only 2:
TRAN nChooseWhi
3 search by the new protocol only 3:
S chSrchMode
search by both old and new
protocols
Indicates the maximum number of

TRAN LoadTtpNa TTPs allowed in each package
25000
S meLimit during the upload of changed path
names.
Indicates the range of SSL

TRAN NeSSLPortR 11051,
ports.Format: Minimum port
S ange 11100
ID,Maximum port ID
Indicates the timeout period for

TRAN WaitSpecial
1200 special board replacement.Value
S CPTimeOut
range: 30-1200 Unit: s
TRAN EventTimeIn Indicates the interval at which

60
S terval events are reported.
TRAN CollectBoar Indicates the maximum number of

20
S dNum boards to be applied at a time.
Specifies whether to enable the

TRAN IsSuppEthPo
0 Ethernet Port Bandwidth Usage
S rtUseRpt
Report. 0: no 1: yes
Specifies whether PMS supports the

TRAN bEnablePMS
0 RMON performance of transport
S _RMON
NEs. 0: no 1: yes
Specifies whether to support TPE

TRAN bDumpPfm performance customization (that is,
0
S DataMode whether to export performance files
in Excel format). 0: no 1: yes
Specifies whether to support short-

bEnableFEC
TRAN interval collection of FEC
_ShortPeroid 0
S performance for OTN NEs. 0: no 1:
Perf
yes

Defau
lt Description
stem Name Process
Value

SDH and WDM performance data
g_Save2csv collected by scheduled tasks is
TRAN
PeriodInterv 0 exported to general files. Value
S
al range: 0-16 The default value 0
indicates that the function is
disabled.
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_1_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_1_W Eml_PubSvr,ne
13101 nemgr_trans_1 wnemgr port
S NEMGRHT mgr*
TPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
RANS_2_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S NEMGRHT mgr*
TPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_3_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S NEMGRHT mgr*
TPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
RANS_4_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S NEMGRHT mgr*
TPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_5_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S NEMGRHT mgr*
TPPORT
Router NE
TRAN Poll Interval, Range:[5, 360),
PollInterval 180 Manager(VRP
S Unit:s, Default:180
V8)
Router NE
TRAN isSupportMu isSupportMultiLR, true:Support;
false Manager(VRP
S ltiLR false:Unsupported, Default:false
V8)
Router NE
TRAN isSupportMu isSupportMultiVR, true:Support;
true Manager(VRP
S ltiVR false:Unsupported, Default:true
V8)
TRAN Whether data synchronization is Eml_PubSvr,ne

EnableSync 0
S allowable. mgr*

Defau
lt Description
stem Name Process
Value

TRAN EachMgrMa Eml_PubSvr,ne
500 gateway NEs that an NE
S xGneNum mgr*
management process can manage.
TRAN SyncTimerB Trigger time of the data Eml_PubSvr,ne

5
S ase synchronization timer. mgr*
Trigger period of automatic

TRAN AutoSyncN synchronization NE timer on Eml_PubSvr,ne
900
S ECycle condition that the automatic mgr*
synchronization is allowable.
In the case of automatic

synchronization, if the DBCHG
TRAN AutoSyncN Eml_PubSvr,ne
30 event is received before the
S EDelayTime mgr*
synchronization period, the NE will
not be synchronized.
After you log in to the NE, the

U2000 will check the consistency
TRAN HandleLogin between the data on the NE and that Eml_PubSvr,ne
30
S DelayTime on the U2000 after the time period mgr*
of the HandleLoginDelayTime that
you set.
TRAN 1:big slot num (defalut), 0: small Eml_PubSvr,ne

slotversion 1
S slot num. mgr*
TRAN 2: ISO8859-1 , 1:UTF-8 (default), Eml_PubSvr,ne

encoding 1
S 0:GBK . mgr*
1:script file force without nename,

TRAN Eml_PubSvr,ne
scriptname 0 0: script file force with
S mgr*
nename(default).
U2000 support two kinds of VC12

time slot coding mode in one VC4.
Nml_sdh,Nml_i
One coding mode is Interleave
p,Nml_eth,Nml
TRAN Mode, which Lucent uses.The other
slotModeflg 0 _eow,Client,Em
S is Sequence Mode, which Huawei
l_PubSvr,nemgr
uses. 0->Sequence Mode, Namely
*
Huawei Mode. 1->interleave mode,
Namely Lucent Mode.
Default SSL Certificate relative

TRAN defaultSslCe
default with IMAP_ROOT/etc/ssl/ Eml_PubSvr
S ritiDir
nemanager.
TRAN NEUserLogi After upgrade set NE user login Eml_PubSvr,ne

1
S nflag mode mgr*

Defau
lt Description
stem Name Process
Value
TRAN NeLoginTim Set the timeout of Logining NE

15 nemgr*
S eout commands (unit: second).
Whether to collect the Self MAC

bSupportSelf Address of the E-Lan for the whole
TRAN
MacAddrCol 0 network. 0: not support(default).1: nemgr*
S
lect support.It's a time-comsuming
function,Please refer to actual need.
bEnableLoa Whether to Load Ne Soft Pakage

TRAN Eml_PubSvr,ne
dDevPkgFro 0 From NE. 0: not support(default).1:
S mgr*
mNE support.
Whether to support PCM Device

TRAN bEnabledPC
0 Management. 0: not Eml_PubSvr
S MMgr
support(default).1: support.
Using ne phycal id instand of

TRAN PfmExpPhyI logical id when export files by Eml_PerfSvr,Ne
0
S D Transmit NE Performance mgr*
Collection Schdule Task.
TRAN AllocateThre Number of Thread to be assigned.

16
S adNum (EM)
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_6_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S NEMGRHT mgr*
TPPORT
NEMGR_T
S BIPROXYP mgr*
ORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_7_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S NEMGRHT mgr*
TPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_8_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S NEMGRHT mgr*
TPPORT
NEMGR_T
S BIPROXYP mgr*
ORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_9_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S NEMGRHT mgr*
TPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_10_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
TRAN RANS_10_ Eml_PubSvr,ne
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_11_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_12_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_13_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_14_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_15_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
RANS_16_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
RANS_17_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_18_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
RANS_19_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_20_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT

Defau
lt Description
stem Name Process
Value
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_22_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_23_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T

Defau
lt Description
stem Name Process
Value
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_T
S BIPROXYP mgr*
ORT
NEMGR_T
S BIPROXYS mgr*
SLPORT
NEMGR_T
S BIPROXYT mgr*
L1PORT
NEMGR_T
RANS_24_S
TRAN Eml_PubSvr,ne
S mgr*
L1SSLPOR
T
NEMGR_T
S WNEMGRH mgr*
TTPPORT
NEMGR_M
TRAN ARINE_1_S Eml_PubSvr,ne
11025 nemgr_marine_1 sbi port
S BIPROXYP mgr*
ORT
NEMGR_M
11075 nemgr_marine_1 sbi ssl port
S BIPROXYS mgr*
SLPORT
NEMGR_M
11050 nemgr_marine_1 sbi tl1 port
S BIPROXYT mgr*
L1PORT
NEMGR_M
ARINE_1_S
TRAN Eml_PubSvr,ne
BIPROXYT 11100 nemgr_marine_1 sbi tl1 ssl port
S mgr*
L1SSLPOR
T

Defau
lt Description
stem Name Process
Value
NEMGR_M
TRAN ARINE_1_ Eml_PubSvr,ne
13150 nemgr_marine_1 wnemgr port
S WNEMGRH mgr*
TTPPORT
NESVC_V8
TRAN TRANS_1_ Eml_PubSvr,ne
13330 nemgr_v8trans_1 sbi port
S SBIPROXY mgr*
PORT
NESVC_V8
13331 nemgr_v8trans_1 sbi ssl port
S SBIPROXY mgr*
SSLPORT
NESVC_V8
13149 nemgr_v8trans_1 wnemgr port
S WNEMGRH mgr*
TTPPORT
MidInstThre
TRAN Number of Thread to be
adNumOfPo 2
S assigned(Middle-scale instance).
w
Specifies whether to overwrite the

TRAN bfiberupload fibers that conflict with those being
0
S Mode uploaded from WDM NEs. 0: no 1:
yes

microwave link bandwidth and
TRAN exportMWLi protection relationship report is
0
S nkInterval exported. Value range: 0-24 Unit:
hour The default value 0 indicates
that the function is disabled.
Specifies whether to support the

TRAN bEnableFibe
0 cross-section fiber attenuation
S rLossReport
report.
Specifies whether to enable

Exporting Ethernet Port Bandwidth
exportEthPo Usage Report periodically.
TRAN
rtUsageRptI 0 1hour-8784hours, 1day-366days
S
nterval and 1week-52weeks indicates that
the function is enabled. 0 indicates
that the function is disabled.
bSortMWLi Specifies whether to sort source and

TRAN
nkRptSrcSn 0 sink ports in the microwave link
S
k report by logical NE ID. 0: no 1: yes

Defau
lt Description
stem Name Process
Value
StatisticAirI Time to generate the statistics of Air

TRAN
nterfaceLcsT 0 Interface Capacity every day, the
S
ime valid value should between 0 to 23.
Indicates the response time for the

login command. Value range: 5-30
aqzgTimerW Unit: s Note: For the NEs that do
TRAN
aitLoginRes 5 not support modification through
S
ponse Qx commands, the configuration
item is available only after the szhw
user is modified.
Indicates the response time for the

password change command. Value
range: 5-30 Unit: s Note:For the
aqzgTimerW
TRAN NEs that do not support
aitModifyRe 5
S modification through Qx
sponse
commands, the configuration item is
available only after the szhw user is
modified.
Indicates the wait time for sending

the password change message after
login.Unit: s Note:For the NEs that
TRAN aqzgSleepAf
1 do not support modification through
S terLogin
Qx commands, the configuration
item is available only after the szhw
user is modified.

password change command is
issued after login. Unit: s Note:For
aqzgSleepAf
TRAN the NEs that do not support
terModifyPs 0
S modification through Qx
wd
commands, the configuration item is
modified.
Specifies whether to force remote

maintenance users out. 0: no 1: yes
aqzgDiscRe Note: For the NEs that do not
TRAN
moteMaintai 1 support modification through Qx
S
n commands, the configuration item is
modified.

TRAN MaxQxRsp
3000 Qx response messages to be cached.
S MsgSize
Value range: > 2000

Defau
lt Description
stem Name Process
Value

TRAN MaxPrintOp
200 operation logs for SDH, OTN, and
S erLog
WDM services.
Specifies whether to save the SDH

HisPfmSave
TRAN and WDM performance data
ToTransPerf 1
S collected by scheduled tasks to the
DB
database. 0: no 1: yes
TRAN FSBlinkThre Indicates the threshold of

2
S shold intermittent disconnection.
TRAN FSBlinkTim Indicates the timeout period of

10
S eOut intermittent disconnection.
TRAN FSAnalyseA Indicates the number of alarms

200
S larm analyzed per second.
TRAN FSProcessAl Indicates the number of alarms

500
S arm processed per second.
TRAN FSBufferWa Indicates the maximum number of

10000
S rning alarms to be cached.
Specifies whether to save 15-minute

TRAN bSavePfmLo
0 performance data to files (not to the
S g15mToFile
database). 0: no 1: yes
Indicates the path to which 15-

var/
TRAN PfmLog15m minute performance data is saved. It
PerfLo
S Path can be a relative path or an absolute
g
path.
Indicates the number of days for

TRAN PfmLog15m
3 which 15-minute performance data
S SavedDays
files are retained.
TRAN CollectTime Indicates the timeout period for

3
S Out performance data collection.
Indicates the number of periods for

TRAN
CollectNum 2 which performance data is
S
collected.
TRAN AlmAfreshS Indicates the interval at which

180
S endTime alarms are resent.
TRAN SendAlmNu Indicates the maximum number of

300
S mber alarms to be sent at a time.
TRAN IsReportEms Specifies whether to report the EMS

0
S StartAlm server startup alarm. 0: no 1: yes

Defau
lt Description
stem Name Process
Value
Specifies whether to display a pop-

TRAN IsSupportU
0 up upon the occurrence of a UAT or
S ATPrompt
TCA. 0: no 1: yes
Specifies whether to record MIT

TRAN bEnableMIT
0 locking and unlocking logs. 0: no 1:
S Log
yes
IsEnableSyn NE reports an alarm if data is not

TRAN
cGenerateAl 1 synchronized(0: not report, 1:
S
arm report)
g_newschpf Specifies whether to collect NE

TRAN
m_csv_meth 0 performance data through DCN
S
od equilibrium. 0: no 1: yes

performance data collection tasks
TRAN g_MaxParall
2 that can be run concurrently under
S elInAGne
each GNE through DCN
equilibrium.

TRAN g_MaxParall GNEs supported during
10
S elGne performance data collection through
DCN equilibrium.
DropNEAcc Indicates the special NE user whose

TRAN PMAle
essEventFor login and logout events need to be
S rt
User masked.
TRAN DMThreadN Indicates the number of data

40
S um management threads.

TRAN MaxGNEOp
4 NEs that can be cascaded to each
S erNENum
GNE.
MaxNemgr Indicates the maximum number of

TRAN
OperNENu 20 NEs that can be allocated to each
S
m NE management process.
Specifies whether to enable security

settings.0: no,1: yes.Lasers can be
TRAN enabled only when they are under
bSafeMode 1
S IPA protection and bSafeMode is
set to 1. IPA protection cannot be
disabled when lasers are enabled.
Specifies whether to record the data

TRAN bEnableAda
1 flows between the U2000 and NEs.
S pterLog
0: no,1: yes.

Defau
lt Description
stem Name Process
Value
Specifies whether to display the

TRAN bEnableAda
0 data flows between the U2000 and
S pterPrint
NEs on the screen.0: no,1: yes.
nTraceQxDa Indicates the length of data flows

TRAN
taMaxLengt 1024 between the U2000 and NEs.Value
S
h range: <= 1024 bytes.
Specifies whether to compress the

TRAN nStaticComp
1 static data in the memory of the
S ressFlag
common process.0: no,1: yes.
TRAN Indicates the path to script files. The

script_path ./script
S path is a relative to /U2000/server.
Indicates the path to XML script

TRAN xmlscript_pa
./script files. The path is a relative to /
S th
U2000/server.
TRAN isSupportEF Specifies whether to support the

1
S GSV1 EFGSV1 board.0: no,1: yes.
Specifies whether to download

items in interruptive mode.0: no,1:
yes.This item applies only to
TRAN IsMSTPInter
0 M5000, OSN 1500, OSN 2500,
S ruptMode
OSN 3500, OSN 3500 II, OSN
7500, OSN 7500 II, OSN 9500,
M100, M500, and M1000V3.
TRAN bCanTimeDi Specifies whether to support time

0
S visionXC division services.0: no,1: yes.
DC_CONV
Convert configuration upgrade task
ERT_ACCE DCServer,NEU
DC 0 switch:1 means open switch, other
SS_CONFI pgrade
value means close switch
G
b_EnablePT Whether to Collect PTN History

TRAN
NPerforman 0 Performance From NE. 0: not Client
S
ce support(default).1: support.
NB_NUMB
ER_OF_OL
How many old device zip can keep BulkCollectorD
PM D_DEVICE 40
in bulk_tbd folder m
_ZIP_FILE_
TO_KEEP
NBRAMBO
Rambo file generation delay in BulkCollectorD
PM _GENERAT 60
minutes m
E_TIME

Defau
lt Description
stem Name Process
Value
BMS_PVCE
ACCE XP_TRIGG The number of trigger backup
5 BmsAccess
SS ER_BACKU function when deleting serviceport.
P_NUM
BMS_PVCE
ACCE XP_BACNU The day number of reserving
14 BmsAccess
SS PFILE_RES serviceport backup file.
ERVEDAY
CFG-ONUBW,PON Onu Down

ONU_DOW limitspeed switch, 0-not config
ACCE BmsPonEmsTL
N_LIMITSP 0 down limitspeed base on service
SS 1
EED port, 1-config down limitspeed base
on service port,default 0
GPON_ON CFG-ONUBW,The vaule of UV

ACCE BmsPonEmsTL
U_USERVL 41 when config ont down limitspeed
SS 1
AN (1~4095,default:41).
CPESVC_C ONT service verification

ACCE
OLLECTIO 0 information collection(0:Off, BmsAccess
SS
N_SWITCH 1:On,default:0)
XPON_POS
ACCE Display fake pos: 0-No; 1-Yes.
_DISPLAY_ 1 BmsAccess
SS default is 1
SWITCH
IS_BATCH_
This item specifies whether to
REFRESH_
Nml_ip 0 refresh service alarms in batches. 1: Nml_ip
SERVICE_
yes 0: no(default)
ALARM
CONFIG_L
3VPN_VRF 10000 The count of Deploy VRF(default:
Nml_ip Nml_ip
_DEPLOY_ 0 100000)
COUNT
CONFIG_L
3VPN_AGG
Display Config Aggregate Route
Nml_ip REGATE_R 0
Button 1: yes 0: no(default)
OUTE_ENA
BLE
CONFIG_S Support offline undeploy or delete

UPPORT_O of PWE3/Tunnel and Tunnel
Nml_ip 0
FFLINE_DE Protection Group (Default 0:
L closed ,1:open).

Defau
lt Description
stem Name Process
Value
CONFIG_N
ETWORK_ This item specifies whether
Nml_ip LAYER_AL 1 network-layer alarm is enabled. 1: Nml_ip
ARM_ENA yes(default) 0: no
BLE
Specifies whether the tunnel

CONFIG_T
bandwidth configuration is rolled
UNNEL_Q
Nml_ip 0 back when modifying a node fails Nml_ip
OS_ROLLB
during tunnel modification. 0: Yes
ACK
(default value) 1: No
CONFIG_S
Nml_c The Sort interval of Faulty Service
ORT_TIME 0 Nml_common
ommon Monitoring
_FAULT
PTN_TRAN
S_MAX_IN 10000 Maximum instance count supported
PM PMSDm
STANCE_C 0 for PTN and TRANS
OUNT
PTN_DEV_
TYPE_SUP
1960,1 Maximum 1024 instance count
PM PORT_1024 PMSDm
983 supported for PTN device type
_INSTANC
E
1918,1
919,19
59,196
PTN_DEV_ 8,1969
TYPE_SUP , Maximum 256 instance count
PM PMSDm
PORT_256_ 1970,1 supported for PTN device type
INSTANCE 988,19
95,199
9,1904
,1889
PTN_DEV_
TYPE_SUP
1911,1 Maximum 4094 instance count
PM PORT_4094 PMSDm
912 supported for PTN device type
_INSTANC
E
Indicates the format of the GPON

GPON_PW
ACCE ONT authentication password saved
D_FORMAT 0 BmsAccess
SS to the database. (0: common; 1:
_IN_DB
HEX; Default: 0)

Defau
lt Description
stem Name Process
Value
RouterMgrDm,
FrameSWMgrD
IsSupportLo IP link support logical interface
IP_BA m,BoxSWMgrD
gicalInterfac 0 discovery switch <0:close; 1:open>.
SE m,SecurityMgr
e The default value is 0.
Dm,DmsBaseD
m
RouterMgrDm,
FrameSWMgrD
IsSupportLld IP link support side by side both
IP_BA m,BoxSWMgrD
pSidebySide 0 discovery switch <0:close; 1:open>.
SE m,SecurityMgr
Both The default value is 0.
Dm,DmsBaseD
m
RouterMgrDm,
FrameSWMgrD
IsSupportAu IP link support auto add device
IP_BA m,BoxSWMgrD
toAddDevic 0 discovery switch <0:close; 1:open>.
SE m,SecurityMgr
e The default value is 0.
Dm,DmsBaseD
m
RouterMgrDm,
FrameSWMgrD
IP link support 31 mask discovery
IP_BA IsSupportIp m,BoxSWMgrD
0 switch <0:close; 1:open>. The
SE Link_31 m,SecurityMgr
default value is 0.
Dm,DmsBaseD
m
RouterMgrDm,
FrameSWMgrD
IP link support lldp discovery
IP_BA IsSupportLld m,BoxSWMgrD
1 switch <0:close; 1:open>. The
SE pLink m,SecurityMgr
default value is 1.
Dm,DmsBaseD
m
RouterMgrDm,
Specifies a mode for IP NE
FrameSWMgrD
synchronization: 1: FTP 2: SFTP 3:
IPCOMMO m,BoxSWMgrD
IP_BA SFTP/FTP. The default value is 2.
N_SYNC_F 2 m,SecurityMgr
SE FTP is an insecure protocol.
TP_MODE Dm,Router NE
Exercise caution when using this
Manager(VRP
protocol.
V8)
Indicates whether SSLv3 is disabled

for the U2000 to connect to the web
IsDisabledSe
IP_BA manager of a security NE. If the
cNEWebSS false
SE value is true, SSLv3 is disabled. If
Lv3
the value is false, SSLv3 is enabled.
SSLv3 is enabled by default.

Defau
lt Description
stem Name Process
Value
Alarm ID conversion
flag(1=Convert only specified
BMS_TL1_ alarms to Telecom standard-
ACCE
ALARM_S 1 compliant ID format, 2=Convert all PONAlarmTL1
SS
WITCH alarms to Telecom standard-
compliant ID format, 3=Retain the
original ID formats of all alarms.)
NEMG Router NE
Poll Interval, Range:[5, 360),
R_VM PollInterval 180 Manager(VRP
Unit:s, Default:180
F V8)
NEMG Router NE
isSupportMu isSupportMultiLR, true:Support;
R_VM false Manager(VRP
ltiLR false:Unsupported, Default:false
F V8)
NEMG Router NE
isSupportMu isSupportMultiVR, true:Support;
R_VM true Manager(VRP
ltiVR false:Unsupported, Default:true
F V8)
Whether to enable
MULTINMS MultiNmsNanager_Alarm. The
NEMG
MANAGER value 1 indicates that Alarm will be
R_RO 1 RouterMgrDm
_ALARM_E report. The value 0 indicates that
UTER
NABLE Alarm will not be report. The
default value is 1.
MULTINMS
NEMG MultiNmsNanager_Alarm Poll
MANAGER
R_RO 89400 Interval. The default value 89400. RouterMgrDm
_ALARM_I
UTER The min value 14400.
NTERVAL
Whether to enable
INCREMEN INCREMENTSYNC_ENABLE_A
NEMG
TSYNC_EN LARM. The value 1 indicates that
R_RO 1 RouterMgrDm
ABLE_ALA Alarm will be report. The value 2
UTER
RM indicates that Alarm will not be
report. The default value is 1.
NEMG IPROUTER The entrance of view port

R_RO _SHOW_PO 0 configuration.The value is 0 off,1 is RouterMgrDm
UTER RT_CFG on.The default is 0.
CHECK_DE Indicates whether a V8 NE supports Router NE

V8com
PLOY_MO_ 1 deployment status verification. 0: Manager(VRP
mom
STATE No. 1: Yes. The default value is 1. V8)

Defau
lt Description
stem Name Process
Value
Whether to enable
CONFCHANGED_ICON. The
NEMG CONFCHA value 1 indicates that
R_RO NGED_ICO 1 CONFCHANGED_ICON will be RouterMgrDm
UTER N_ENABLE enable. The value 2 indicates that
CONFCHANGED_ICON will be
disable. The default value is 1

Nml_c PS_SUPPO support disable. The options are as
0 Nml_cps
ps RT_DISAB follows: 0: not support(default) 1:
LE suport

Nml_c PS_SUPPO support delete Component. The
0 Nml_cps
ps RT_DELCO options are as follows: 0: not
MPONENT support(default) 1: suport
ACCE FrameCmtsP CMC position in CMTS report form

Name BmsAccess
SS ostion (Base on OLT)
ACCE MxuCmtsPo CMC position in CMTS report form

Name BmsAccess
SS stion (Base on MXU)
VOIP_QUE
Specifies whether to query basic
ACCE RY_POTS_
0 information about POTS users (0: BmsAccess
SS USER_BAS
No, 1: Yes)
IC_INFO
HISTORY_
ACCE the days of the history alarm(3 or 7,
ALARM_TI 3 BmsAccess
SS default: 3)
ME_LESS
SYNC_DEV
ACCE sync NE time switch(1 or 0, default:
TIME_BY_ 1 BmsAccess
SS 1)
DEVTYPE
XML_TL1_I Specifies whether to skip the

ACCE GNORE_C commond that OSS send to DPU
0 XMLAgent
SS MD_SWITC when device type is MA5811S. (0:
H no, 1: yes)
Switch to export more Cable

ACCE CMMOREI Modem information. (0, Basic
0 TL1NBiDm
SS NFO Information, 1, Export more fields
DOCSIS)
CMCNAME
ACCE Support convert name and
_IS_DEV_D 0 BmsAccess
SS alias(0:No 1:Yes)
ESC

Defau
lt Description
stem Name Process
Value
CONFIG_E
Whether support Etree Service
TREE_SER
Nml_ip 1 Management(Defalut 1:open, Nml_ip
VICE_MAN
0:closed)
AGEMENT
EXCEPT_S
ACCE Types of ONUs for whom 12-
N_LENGTH BmsAccess
SS character SNs are displayed
_ONUTYPE
NBI_EXPO
RT_AGGD Export NBI Files for Aggregated
PM 0 TXTNBIDm
ATA_ENAB data Default=0 , Enable=1
LE
Specifies whether device capacity is

CONFIG_S
checked before a router PWE3
Nml_ip UPPORT_D 1 Nml_ip
service is disabled. (1(default): Yes;
ISABLE
0: No)
Specifies whether original IP

CONFIG_S
Network Expansion Wizard(Static
Nml_ip UPPORT_O 0
Scenario) is supported on the TCAT.
LD_TCAT
0 (default): No, 1: Yes.
TRAN Whether it is a customized version

isDTVersion 0 Client
S for DT.
DualScreenS dual screen settings (true-enbale,

ENV false
etting false-disable)
This is
PMS_WEB_
default The banner info that show to user
PM BANNER_I PMSWeb
banner by PMSWeb
NFO
info
OMCI_CON OMCI global switch,1 is open,

ACCE FIG_GLOB config the ONT voice parameter by
0 BmsAccess
SS AL_SWITC OMCI,Other value is close; default
H is close.
Q_INTERF
ACCE ACE_TIME The time out of Q interface request
2 BmsAccess
SS OUT_MUL TL1(unit: minute, >1)
TIPLE

TL1_MAX_
ACCE login connections allowed by the
SESSIONC 15 TL1NBiDm
SS TL1NBiDm northbound service
OUNT
(value range: 1–128).

Defau
lt Description
stem Name Process
Value

PONTL1_M
ACCE login connections allowed by the BmsPonEmsTL
AX_SESSIO 15
SS BmsPonEmsTL1 northbound 1
NCOUNT
service (value range: 1-128).
PONTL1AL Indicates the maximum number of

ACCE ARM_MAX login connections allowed by the
15
SS _SESSIONC BmsPonAlarmTL1 northbound
OUNT service (value range: 1–128).

INTL1_MA
X_SESSION 15 inTL1NBiDm
SS inTL1NBiDm northbound service
COUNT
(value range: 1–128).

CLTSI_MA
X_SESSION 15 cltsi
SS cltsi northbound service (value
COUNT
range: 1–128).
Indicates the charset of TL1NBiDm

ACCE TL1_CHAR northbound service (value range:
GBK TL1NBiDm
SS SET AutoSelect/UTF-8/ISO-8859-1/
GBK).
Indicates the charset of

ACCE PONTL1_C BmsPonEmsTL1 northbound BmsPonEmsTL
GBK
SS HARSET service (value range: AutoSelect/ 1
UTF-8/ISO-8859-1/GBK).

PONTL1AL
ACCE BmsPonAlarmTL1 northbound BmsPonAlarmT
ARM_CHA GBK
SS service (value range: AutoSelect/ L1
RSET
UTF-8/ISO-8859-1/GBK).

ACCE INTL1_CH inTL1NBiDm northbound service
UTF-8 inTL1NBiDm
SS ARSET (value range: AutoSelect/UTF-8/
ISO-8859-1/GBK).
Indicates the charset of cltsi

ACCE CLTSI_CH northbound service (value range:
GBK cltsi
SS ARSET AutoSelect/UTF-8/ISO-8859-1/
GBK).
United EXPORT_K Whether export key library when

1 UniteUitlDM
Mgr EY_LIB running script export(1:Yes,0:no)

Defau
lt Description
stem Name Process
Value
CONFIG_L
3VPN_STA
support choose TE Policy. 1: yes 0:
Nml_ip TIC_SELEC 0 Nml_ip
no(default)
T_TE_POLI
CY
WDM NE upgrade, the

configuration item is mainly used
for the upgrade will result in the
interruption of board large logical
component, the default is 0: not
enabled "upgrade without
WDM_SUP
interrupting large logical business" DCServer,NEU
DC PORT_ISSU 0
function 1: Enable "upgrade without pgrade
_UPGRADE
interrupting large logical business"
function, do not upgrade business
interruption board 2: Enable
"Upgrading interrupt large logical
business" functions, upgrade
business interruption board
Whether to return 1G and 10G

PON_SHO
ACCE channel data together when BmsPonEmsTL
W_ALL_CH 0
SS executing LST-PONPERF,0:no; 1
ANNEL
1:yes(default:0)
For LST-ONUCFG, Whether to

PONTL1_S
return the ONUBANDTYPE
ACCE HOW_ONU BmsPonEmsTL
0 parameter without appointed them
SS BANDTYP 1
in SHOWOPTION.(0: No, 1: Yes,
E
default: 0)
For LST-OMDDM, Whether to

return the 10GTxPower,
PONTL1_S 10GTxPowerR,10GCurrTxBias and
ACCE BmsPonEmsTL
HOW_10GI 0 10GCurrTxBiasR parameter
SS 1
NFO without appointed them in
SHOWOPTION.(0: No, 1: Yes,
default: 0)
For LST-ONU, Whether to return

PONTL1_S
the BINDWIDTHTYPE parameter
ACCE HOW_BIN BmsPonEmsTL
0 without appointed them in
SS DWIDTHT 1
SHOWOPTION.(0: No, 1: Yes,
YPE
default: 0)

Defau
lt Description
stem Name Process
Value
For LST-ONUSTATE, Whether to

PONTL1_S return the Length and
ACCE HOW_LEN ONUACTUALBANDTYPE BmsPonEmsTL
0
SS GTH_BAN parameter without appointed them 1
DTYPE in SHOWOPTION.(0: No, 1: Yes,
default: 0)
PONTL1_R
ETURN_SU For LST-ALARM, Whether return
ACCE BmsPonAlarmT
CCESS_WH 0 success when query alarm is null.(0:
SS L1
EN_NO_AL Yes, 1: No, default: 0)
ARM
SHOW_DA
United Specifies whether to show data
TACONSIS 1 UniteUitlDM
Mgr consistence. (0: no; 1: yes)
T_MODE
Nml_ot AutoRelease Port loop auto clear interval time

30 Nml_otn
n LoopInterval (30-86400 seconds)
The interval of the timer for

automatic trail search during the
Nml_ot AutoSearch
0 reporting of fiber or cross- Nml_otn
n TrailInterval
connection data. The interval is
expressed in second.
AsonWDMT Pre-alert ASON-WDM Trail

Nml_ot railLicenseP Percentage (The value is an integer
80 Nml_otn
n reAlmPercen from 1 to 100 and the default value
tNum is 80)
bDisplaySer Query trail alarm, whether to

Nml_ot
verTrailAlar 0 display server trail alarm or not. 0: Nml_otn
n
m do not display, 1: display
g_AutoSearc
Nml_ot After ason reroute autosearch trail
hTrailInterva 900 Nml_otn
n 300-900 default value:900
lForAson
g_bCreateSt
Whether need create static client
aticClientTra
Nml_ot trails which lack of XC on source or
ilsWhichLac 1 Nml_otn
n sink of the trail, 0: needn't, 1: need,
kOfXCOnSr
default is 1
cOrSnk
Nml_ot g_bIsCheck Whether need check trail's service

0 Nml_otn
n ServiceType type, 0: needn't, 1: need, default is 0
Nml_ot g_bIsNeedTr Whether need trim route, 0: needn't,

0 Nml_otn
n im 1: need, defaut is 0

Defau
lt Description
stem Name Process
Value
Nml_ot IsCheckWD Whether check unique WDM

1 Nml_otn
n MTrailName trailname, 0: not check, 1: check
ASON resource usage policy. 0: Do

not use the resources in an ASON
nOtnAsonRe
Nml_ot domain when creating a static
sourceUseSt 1 Nml_otn
n service. 1: Use all resources in an
rategy
ASON domain when creating a
static service.
PlatinumSer Define check platinum service

Nml_ot
viceGranular 0 granularity 0:NE, 1: SHELF, default Nml_otn
n
iy NE
RefreshTrail Refresh all otn trail alarm

Nml_ot
AlarmStatus 0 time(day), value range in 0 to 30, Nml_otn
n
Interval default is 0.
Whether to using path used by

Nml_ot UseDiscrete
1 discrete services when create trail 0: Nml_otn
n Service
using, 1: not using
WhetherSet Whether set in mid node when set

Nml_ot
AlmPerfInM 0 alarm or performance parameter, 0: Nml_otn
n
idNode not set, 1: set, default is 0
Nml_ot bIsAuthorise whether service authority is

0 Nml_otn
n d enabled. 0: disable, 1:enable
Whether delaytime estimate is

Nml_ot DelayTimeE
0 enabled , 0: disable, 1: enable Nml_otn
n stimate
default is 0
Nml_ot setFiberLeng Whether need set Fiber Distance, 0:

0 Nml_otn
n th disable, 1: enable default is 0
Whether need to manage the

Nml_ot bMultiBroad
0 broadcast protection group, 0: Nml_otn
n castPG
disable, 1: enable default is 0
Optical Power Flatness Monitoring

Nml_ot FlatnessMon
0 Point , 0: AUTO, 1: SourceFlatness, Nml_otn
n itorPoint
2:SinkFlatness, default is 0
Whether to calculate route within a

protect subnetwork when create trail
bCalculateR
Nml_s whose source NE and sink NE in
outeWithinP 0 Nml_sdh
dh the same protect subnetwork 0: no
SN
limit, 1:only calculate route within a
protect subnetwork

Defau
lt Description
stem Name Process
Value
Whether to enable creating MSP

Nml_s bEnableMSP
0 ring by resource sharing 0: disable, Nml_sdh
dh Share
1:enable
Nml_s bEnableSque Whether to enable squelch or not.

0 Nml_sdh
dh lch 0:disable, 1:enable
Nml_s bIsUniSDH Whether support unique trailname,

1 Nml_sdh
dh TrailName 0:not support, 1: support
This variable is used to control

whether to output the multiplex
section squelching debugging
Nml_s bLogMSPSq
0 information to the file. Do not Nml_sdh
dh uelchMgr
output it if it is not set up, and set
the state by default to not to output.
0: not to output, 1: output
bResOptimiz Whether optimum resources are

Nml_s
eByCalculat 0 used during route computation Nml_sdh
dh
eRoute when creating a trail
bDisplaySer Query trail alarm, whether to

Nml_s
verTrailAlar 0 display server trail alarm or not. 0: Nml_sdh
dh
m do not display, 1: display
Nml_s bIsAuthorise whether service authority is

0 Nml_sdh
dh d enabled. 0: disable, 1:enable
bAnalyseSer Analyse ServiceAlarm From

Nml_s
viceAlarmFr 0 Device, 0:From Device, 1: From Nml_sdh
dh
omNMS NMS
Indicates the type of route (server or

bSDHReport
Nml_s physical) in the SDH trail single
ServerOrPhy 0 Nml_sdh
dh specifics report, 0:Server layer, 1:
sical
Physical layer
Nml_s bExportPhys Whether enable export physics info

0 Nml_sdh
dh icsInfo of trail, 0: disable, 1:enable
Whether to automatically change an

AUTO_MO xDSL port alias to the service port
ACCE iNBXMLSoapA
D_XDSL_A 0 name or clear the alias during the
SS gent
LIAS creation or deletion of a service
port(0: no,1: yes).
Whether to enable PMS Interface

PMS_RESN
NEMG resname with Desc. The value 1
AME_WIT
R_RO 0 indicates resname with desc. The PMSDm
H_DESC_E
UTER value 0 indicates that resname
NABLE
without desc. The default value is 0

Defau
lt Description
stem Name Process
Value
Device connectivity test parameters:

NEMG
IcmpPingRet the number of retry times, can be set
R_VM 3 PMSDm
ryCount range: [1,5], and the default value is
F
3
Device connectivity test parameters:

NEMG
IcmpPingTi TIMEOUT, unit: ms, can be set
R_VM 1000 PMSDm
meout range: [250, 2000], and the default
F
value is 1000
Specify NE data backup folder on

U2000.0:NE data backup folder is :
ftproot/dc/bak**/NE IP,such
as:When NE IP is 10.22.22.12,the
backup folder is ftproot/dc/
bak12/10.22.22.12. 1:NE data
backup folder is:ftproot/dc/
RETURN_B DCServer,NEU
DC 0 backup/NE IP,such as:When NE IP
ACKUP pgrade
is 10.22.22.12,backup folder is
ftproot/dc/backup/
10.22.22.12.Attention that when
configure 1,NE total number needs
to be less than 30 thousands,because
on solaris ,cannot create folder more
than 30 thousands under one folder.
XPONCOM
MON_THIR Indicates the terminal type of the BmsAccess,TL1
ACCE
DONT_EQ 0 CIGG (0:CIGG; 1:The exact type. NBiDm,inTL1N
SS
UIPMENT_ Default 0) BiDm
FORMAT
Nemgr isSupportMu isSupportMultiVR, true:Support;

true nemgr_v8ptn
_v8ptn ltiVR false:Unsupported, Default:true
Nemgr isSupportMu isSupportMultiLR, true:Support;

false nemgr_v8ptn
_v8ptn ltiLR false:Unsupported, Default:false
Nemgr Poll Interval, Range:[5, 360),

PollInterval 180 nemgr_v8ptn
_v8ptn Unit:s, Default:180
bExportScri Export xml whether to recover the

TRAN
ptToRestore 0 ne data. 0: no. 1: yes.the default
S
NEdata value is 0.
EnableResu Whether to check NE serial number

TRAN
meLoginSyn 0 after NE resume login. 0: no. 1:
S
c yes.the default value is 0.

Defau
lt Description
stem Name Process
Value
ALARM_SP
ACCE Split optical transceiver exceed
LIT_OPTIC 0 TrapReceiver
SS threshold alarm.(0:no,1:yes)
_ALARM
Specifies whether to verify the

NBI_CHEC validity of single quotation marks in
ACCE K_RID_INP the RID field of the CRT-
0
SS UT_SWITC SERVICEPORT and MOD-
H SERVICEPORT commands. (0: no,
1: yes)
PON_TL1_ Indicates the length of ONT SN BmsAccess,TL1

ACCE
ONT_SN_L 16 allowed by the NBI. The value can NBiDm,BmsPo
SS
ENGTH be 12 or 16. nEmsTL1
TOTAL_NE
United whether ne capabilitiy is enabled.
_CAPABILI -1 migrate_agent
Mgr (<=0:invalid, >0:the set value).
TY
CONFIG_L Support Check VRF in the topo of

Nml_ip 3VPN_CHE 0 L3VPN service. 1: yes 0:
CK_VRF no(default)
CONFIG_T
UNNEL_SU
This item specifies whether tunnel
PPORT_FIL
Nml_ip 0 filtering based on PW types is
TERTUNNE
enabled.0: No (default),1: Yes.
L_BYPWT
YPE
CONFIG_T
UNNEL_SU
This item specifies whether using/
PPORT_RE
releasing the tunnel bandwidth
Nml_ip LEASE_OC 0
reserved on rings is enabled.0: No
CUPY_TNL
(default),1: Yes.
BANDWIT
HONRING
CONFIG_T
UNNEL_M This item specifies the maximum
AXNUM_R number of ring tunnels whose
Nml_ip ELEASE_O 200 reserved bandwidth can be used/
CCUPY_TN released. The value ranges from 1 to
LBANDWI 1000, and the default value is 200.
THONRING
This item specifies whether the

CONFIG_V
composite service is informed to
PLS_EMPT
Nml_ip 0 delete the VPLS service component Nml_ip
Y_NOTIFY
when the VPLS services becomes
_CPS
empty. 1: Yes 0: No(default)

Defau
lt Description
stem Name Process
Value
DISABLE_ This item specifies whether the

Nml_ip L3VPN_IS_ 0 menu to disable l3vpn trial is
VISIBLE hidden. 0: Hidden(default) 1: Show.
DISABLE_ This item specifies whether the

Nml_ip VPLS_IS_V 0 menu to disable vpls trial is hidden.
ISIBLE 0: Hidden(default) 1: Show.
CONFIG_V Whether the VR group pairing

RRP_VR_P policy in the VRRP detection
Nml_ip 0
AIR_POLIC configuration uses Layer 2 links.0:
Y disabled (default),1: enabled.
whether conversion between UUID

United SPTN_ENA
0 and FDN is enabled. 0: disable, UniteUitlDM
Mgr BLE
1:enable
Offline config voice

TL1_OFFLI protocol,default null,sign not
ACCE NE_CFG_V config(SIP:config SIP
TL1NBiDm
SS OICE_PRO protocol,H248:config H248
TOCOL protocol, MGCP:config MGCP
protocol)
XDSL_CON Specifies whether global profiles

ACCE FIG_GLOB are available when users modify the
1 BmsAccess
SS AL_PROFIL profiles bound to xDSL ports(0:No,
E 1:Yes,Default:1)
NEMG
autoDeleteV autoDeleteVNE,true:yes;
R_VM false
NE false:no,Default:false
F
NEMG
isSupportVa isSupportVaView,true:Support;
R_VM false
View false:Unsupported,Default:false
F
This configuration item mainly

applies to a static scenario. It is
CONFIG_T
recommended that no more than 15
UNNEL_VI
Nml_ip 15 operations be configured in a Nml_ip
EW_LSP_T
dynamic scenario.If a value larger
OPO
than 600 is set, the value 600 will be
used.
/imap/ifms/ Specifies whether to record details

ACCE isSyncNEAl about failed tasks in logs during
1 FaultService
SS armRecSysL synchronization of NE alarms(0:
og Not support 1: Support).

Defau
lt Description
stem Name Process
Value
DMP_ONTS Number of days that the files

BmsAccess,
ACCE ERVICEINF exported by the DMP-
10 TL1NBiDm,
SS O_SAVE_D ONTSERVICEINFO command will
inTL1NBiDm
AYS be retained
1,8,3,1
2,35,3
3,395,
403,39
6,399,
72,66,
75,107
,
71,635
AllInterrupti 98,636
Nml_s the first list of IDs of all the alarms
onAlarmIDL 00,183 Nml_sdh
dh that interrupt services.
ist_1 ,
63599,
63601,
63603,
63577,
9,360,
354,35
3,14,3
65,408
,194
81,77,
AllInterrupti
Nml_s 92,636 the second list of IDs of all the
onAlarmIDL Nml_sdh
dh 02,118 alarms that interrupt services.
ist_2
,201
AllInterrupti
Nml_s the third list of IDs of all the alarms
onAlarmIDL 0 Nml_sdh
dh that interrupt services.
ist_3
SourceInterr
Nml_s 9,107, the first list of IDs of the source
uptionAlarm Nml_sdh
dh 201 alarms that interrupt services
IDList_1

Defau
lt Description
stem Name Process
Value
1,8,3,1
2,35,3
3,395,
403,39
6,399,
72,66,
75,71,
63598,
63600,
SinkInterrup
Nml_s 183,63 the first list of IDs of the sink
tionAlarmID Nml_sdh
dh 599,63 alarms that interrupt services
List_1
601,63
603,63
577,81
,
77,92,
63602,
118,36
0,354,
353
SinkInterrup
Nml_s the second list of IDs of the sink
tionAlarmID 0 Nml_sdh
dh alarms that interrupt services
List_2
Source/ 14,365
Nml_s SinkInterrup , the first list of IDs of the source or
Nml_sdh
dh tionAlarmID 408,19 sink alarms that interrupt services.
List_1 4
IP_CO
ModelSuppo
MMO Device area of Model Caculate Path PathViewerDm
rt
N
CONFIG_L
3VPN_ALA Configure L3VPN alarm merger
Nml_ip 1 Nml_ip
RM_MERG time, the default time is 45S
ER_TIME
CONFIG_L
3VPN_ALA
Configure L3VPN alarm refurbish
Nml_ip RM_FORCE 300 Nml_ip
REFRESH_
TIME
BMS_ALA
ACCE
RM_SWITC 2 China telecom scene(1: Yes,2: No ) TrapReceiver
SS
H
127.0. host name of the notification service

NBI hostname Notify_Service
0.1 (default value: local host name)

Defau
lt Description
stem Name Process
Value
NBI acl ACL Configuration XMLAgent
AlarmReport
NBI 5000 Cache size of alarm report Agent_CORBA
CacheSize
AlarmTimeo Timeout seconds of NT_ALARM

NBI 1800 Agent_CORBA
ut and NT_TCA events[unit:s]
Option for TCA information,which

AlarmWithT will be added to the end of alarm
NBI 0 Agent_CORBA
CA events. 0: not take TCA, 1: take
TCA
Centra
lized:1
NBI authtype AciveMQ Authentication Mode XMLAgent
Distrib
ution:2
Whether report the alarm affected

bAlarmWith
objects in time. 0 for no, 1 for yes
NBI AffectObjNa 0 Agent_CORBA
which report alarm in delay, default
me
value is 0.
Whether return the binding tunnel in

BatchPWTra batch querying PWTrail. 0 for not
NBI 2 Agent_CORBA
ilSwitch return, 1 for return, 2 for Query
pwtrail Info from DB. default is 0.
bEnableAsn Whether to log Asn1 output. 0:NO;

NBI 1 Agent_CORBA
Log 1:Yes
bEnableAsn Whether to print Asn1 output on the

NBI 0 Agent_CORBA
Trace screen. 0:NO; 1:Yes
Whether filters the historical

performance zero value (0: Does not
bFilterHisPF
NBI 0 filter; 1: Filtration), this switch Agent_CORBA
MZeroValue
default closure, does not filter 0
values, namely reported 0 values.
Whether to make records for

NBI bLogNotify 1 CorbaAgent notification in a log. Agent_CORBA
corbaagentnotifylogX.txt
Whether to make records for

bLogOperati
NBI 1 CorbaAgent operation in a log. Agent_CORBA
on
corbaagentoperlogX.txt
whether print the command

bLogOutput parameter information, if this item
NBI 0 Agent_CORBA
Para modified it will work in time. 0:NO;
1:Yes, the default value is 0

Defau
lt Description
stem Name Process
Value
bOutGroupI Whether show the group ID. 0 for

NBI 0 Agent_CORBA
D no, 1 for yes, default value is 0.
Whether show the location

bOutSpecialI
NBI 0 information. 0 for no, 1 for yes, Agent_CORBA
nfo
default value is 0.
bOutSubSlot Whether show the sub slot ID. 0 for

NBI 0 Agent_CORBA
ID no, 1 for yes, default value is 0.
Whether add offset column in

bPfmBitsOff history performance file for BITS
NBI 0 Agent_CORBA
set devices, 0 for none, 1 for add.
Default value is 0
Whether add E2E object column in

bPfmWithE2
NBI 0 history perfmance file, 0 for none, 1 Agent_CORBA
EObj
for add. default value is 0
The switch of ChinaMobile model

bPTNModel (0:CORBA_VPN;
NBI 0 Agent_CORBA
Switch 1:MultiLayerSubnetwork),the
default value is 0
Whether query QOS information

bQueryQoS
when querying subnetwork
NBI WhenGetAll 0 Agent_CORBA
connections for China Mobile. 0 for
Resource
not, 1 for yes, the default value is 0.
Whether report the

bReportAck
NBI 0 acknowledgement alarm notice. 0 Agent_CORBA
Alarm
for no, 1 for yes.
Whether report the ason subnetwork

bReportAso
NBI 0 connection detailed information. 0 Agent_CORBA
nDetail
for no, 1 for yes, default value is 0.
Whether to report the BandWidth

bReportBWo information of atm and atm vctrunk
NBI 0 Agent_CORBA
fAtm port(0:Not report; 1: Report) default
value is 0
Whether report the notice when

bReportCros
NBI 0 create, delete, active, deactive cross Agent_CORBA
sConn
connections. 0 for no, 1 for yes.
Whether report the maintenance

bReportEngi
NBI 1 alarms. 0 for no, 1 for yes, default Agent_CORBA
neeringAlm
value is 1.

Defau
lt Description
stem Name Process
Value
strategy of TODB function, 1 stand

bReportPMP
NBI 0 for YES, 0 stand for NO, default Agent_CORBA
NativeName
value is 0
strategy of push event ,0:multi-

bSingleThre
NBI 1 thread, 1:single thread, default value Agent_CORBA
adPushEvent
is 1
bTransSlotC
WDM device multi-shelf slot
NBI ompatibleM 1 Agent_CORBA
compatible mode (Open:1, Close:0 )
ode
BUFFER_M
AX_RETRY The max retry count where query
NBI 3 Agent_CORBA
_QUERY_C failed
OUNT
BULK_EXP
Compression format of big data
ORT_DATA
files exported at a scheduled time.
NBI _FILE_CO 0 Agent_CORBA
0: gzip; 1: not compressed. The
MPRESS_T
default value is 0.
YPE
Execution period of the scheduled

BULK_EXP task for exporting big data files. The
ORT_DATA parameter value ranges from 0 to 7,
NBI 3 Agent_CORBA
_FILE_EXE in days. The default value is 3,
C_PERIOD indicating that files are exported
every 72 hours.
BULK_EXP Maximum capacity of exported big

ORT_DATA data files. The parameter value
NBI 50 Agent_CORBA
_FILE_MA ranges from 1 to 100, in MB. The
X_SIZE default value is 50.
BULK_EXP
Packaging format of big data files
ORT_DATA
exported at a scheduled time. 0: tar;
NBI _FILE_PAC 0 Agent_CORBA
1: zip; 2: not packaged. The default
KING_TYP
value is 0.
E
BULK_EXP
ORT_DATA Maximum size of total files stored
NBI _FILE_SAV 5120 on the SFTP server, in MB. The Agent_CORBA
E_MAXSIZ default size is 5 GB.
E

Defau
lt Description
stem Name Process
Value
Storage period of big data files

BULK_EXP exported at a scheduled time. The
ORT_DATA parameter value ranges from 1 to 7,
NBI 3 Agent_CORBA
_FILE_SAV in days. The default value is 3,
E_PERIOD indicating that files can be stored
for a maximum of 72 hours.
Start time of the scheduled task for

exporting big data files. The task is
BULK_EXP executed on the hour. The parameter
ORT_DATA value ranges from 0 to 23. The
NBI 0 Agent_CORBA
_FILE_STA default value is 0, indicating that the
RT_TIME export task is executed at 00:00.
You can also set the time in
HH:MM format.
BULK_EXP
Whether to enable the scheduled
ORT_DATA
NBI 0 task for exporting big data files. 0: Agent_CORBA
_FILE_SWI
disable; 1: enable. Default: 0
TCH
c3E9E
BB890
6768C
24D96
D4DF
BULK_EXP C767E
ORT_DATA 06116 SFTP server password of the big
NBI Agent_CORBA
_FTP_PASS 53D44 data granularity interface
WORD 5409E
66F56
F9E27
A50C1
2EB5
D
BULK_EXP
SFTP server subdirectory of the big
NBI ORT_DATA test Agent_CORBA
data granularity interface
_FTP_PATH
BULK_EXP
ORT_DATA SFTP server root directory of the
NBI Agent_CORBA
_FTP_ROO big data granularity interface
T_PATH
BULK_EXP
ORT_DATA
127.0. SFTP server IP address of the big
NBI _FTP_SERV Agent_CORBA
0.1 data granularity interface
ER_HOST_I
P

Defau
lt Description
stem Name Process
Value
BULK_EXP
ORT_DATA SFTP protocol connection port of
NBI 22 Agent_CORBA
_FTP_SERV the big data granularity interface
ER_PORT
BULK_EXP SFTP protocol enabling

ORT_DATA configuration of the big data
NBI 2 Agent_CORBA
_FTP_SERV granularity interface (1: SSL; 2:
ER_TYPE SSH)
BULK_EXP
ORT_DATA SFTP protocol connection port of
NBI test Agent_CORBA
_FTP_USER the big data granularity interface
NAME
BULK_EXP
Whether to query LAG member
ORT_DATA
NBI 0 port information. 0: not query; 1: Agent_CORBA
_LAGMEM
query. Default: 0
BER
Q7C27
6F3A8
A14D
E0157
420A
BULK_EXP D140C
ORT_DATA 2C408 Session password of the big data
NBI Agent_CORBA
_U2000_PA D6E6 granularity interface
SSWORD DEAE
28093
6582C
6AF30
D3658
422
BULK_EXP
ORT_DATA Session user of the big data
NBI admin Agent_CORBA
_U2000_US granularity interface
ERNAME
bUseBTNam whether use BT Name rules naming

NBI 0 Agent_CORBA
e object
bUseTelefon whether use Telefonica rule of

NBI 0 Agent_CORBA
icaRule filtering port
whether use Unique Name rules

bUseUnique
NBI 0 naming object, 0 for not use, 1 for Agent_CORBA
Name
use Unique Name rules.

Defau
lt Description
stem Name Process
Value
Character-set switch (0:do nothing /

1: transfer EMS string to local GBK
CharacterSet
NBI 0 character-set / 2: transfer EMS Agent_CORBA
Switch
string to local ISO-8859-1 character
set);
CheckRight_ Whether chech the right. 0 for not, 1

NBI 1 Agent_CORBA
Enable for yes, the default value is 0.
China Mobile switch. 0 stand for

NBI ChinaMobile 0 closed, 1 stand for open, default Agent_CORBA
value is 0.
China Telecom switch. 0 stand for

ChinaTeleco
NBI 0 closed, 1 stand for open, default Agent_CORBA
m
value is 0.
common → Specifies whether to record logs.

NBI param → 0 The options are as follows: 0: not SnmpAgent
PDUTrace record 1: record
common →
Specifies whether to filter
param
NBI 0 correlative alarms. The options are SnmpAgent
→SupportR
as follows: 0: not filter 1: filter
ootAlarm
common → Indicates the port to receive requests

NBI param → 9812 from an upper-layer NMS. The SnmpAgent
Agent_Port value ranges from 1 to 65535.
common →
Indicates the maximum length of
NBI param → 4096 SnmpAgent
each reported alarm field.
StringSize
Indicates the alarm time format. The

common →
options are as follows: 0: UTC 1:
local time without time zone 2:
TimeFormat
local time with time zone
Indicates the alarm encoding

common →
format. The options are as follows:
NBI param → UTF-8 SnmpAgent
0: UTF-8 (for English) 1: GBK (for
TrapCoding
Chinese)
common →
param → Indicates the port to transmit traps.
NBI 6666 SnmpAgent
TrapSendPor The value ranges from 1 to 65535.
t

Defau
lt Description
stem Name Process
Value
common →
param→ Indicates the trap sending interval.
NBI 0 SnmpAgent
TrapSendInt The value ranges from 0 to 1000.
erval
Indicates the time when the alarm is

common→ reported. The options are as
NBI 0 SnmpAgent
TimeType follows: 0: UTC 1: NMS time 2: NE
time
Indicates the alarm type. The

common→A
NBI 1 options are as follows: 0: current SnmpAgent
ctiveAlarm
alarm 1: active alarm
Indicates the process ID for

communicati
NBI 15 communication between the XML XMLAgent
on/procid
agent and the platform.
whether to enable the configuration

NBI conf enable file (It is invalid when the SSL Notify_Service
mode is enabled.)
./cbb/n
bi/
nbicbb configuration file for the
_3p/ notification service (a full path or
NBI conffile Notify_Service
share/b relative path; default value:
in/ notify.conf)
notify.
conf
CORBAAge localh Host name of the CORBAAgent

NBI Agent_CORBA
nt_Host ost located.
-
ORBD
ottedD
ecimal
CORBAAge tart up parameters of CORBA
NBI Addres Agent_CORBA
nt_Option Agent.
ses 1 -
ORBC
ollocat
ion no
CORBAAge
NBI 12003 Port of CORBAAgent service. Agent_CORBA
nt_Port
CORBAAge Port of CORBAAgent with SSL

nt_SSLPort protocol.

Defau
lt Description
stem Name Process
Value
CSVMode Indicates the interval at which the

→CBBbuffe CBB buffer is updated. By default,
NBI 1460 textagent
rRefreshPeri this parameter is not visible to
od external users.
CSVMode
→CsvHead
Specifies whether to report the
NBI →Line1 TRUE textagent
performance file generation time.
→FileCreati
onTime
CSVMode
→CsvHead
→Line1 Specifies whether to report indicator
NBI TRUE textagent
→Indicator group descriptions.
GroupDescri
ption
CSVMode
→CsvHead
Specifies whether to report indicator
NBI →Line1 TRUE textagent
group names.
→Indicator
GroupName
CSVMode
→CsvHead
→Line1
NBI TRUE amount of performance data textagent
→NumberO
recorded in a performance file.
fDataRecord
s
Indicates the delimiter of the

CSVMode Res_ID field in the MTOSI format.
NBI ; textagent
→Delimiter By default, this parameter is not
visible to external users.
CSVMode
→ExportDat Indicates the export time format.(0:
NBI 0 textagent
aTimeZoneT UTC time, 1: Local time)
ype
Indicates the mode used for

exporting performance files to the
CSVMode directory:1: Exporting files by
NBI →FileGenM 1 date2: Exporting files to a specified textagent
ode directory directly3: Exporting files
by a combination of indicator
group, period, date, and time

Defau
lt Description
stem Name Process
Value
CSVMode Indicates the directory used for

NBI →FileGenPa storing the exported performance textagent
th files.
CSVMode
NBI →Filter_N Indicator Filtering Template textagent
W
CSVMode Indicates how many days

NBI →HistFileD 3 performance files are saved. Unit: textagent
elDayLimit day
Specifies whether to export the

CSVMode Res_ID field in the MTOSI format
FALS
NBI →IsBTMod in BT mode. By default, this textagent
E
e parameter is not visible to external
users.
CSVMode FALS Decompressing Performance Files

NBI textagent
→IsCsvZip E Before Upload
Specifies whether to export the

CSVMode
FALS Res_ID field in the MTOSI format.
NBI →IsMtosiNa textagent
E By default, this parameter is not
me
visible to external users.
CSVMode Indicates the maximum number of

10000
NBI →MaxRecor records in a single performance file. textagent
0
dPerFile Unit: piece
Huawe Indicates the NMS name. By

CSVMode
NBI i/ default, this parameter is not visible textagent
→MDName
U2000 to external users.
Indicates the delay in exporting

CSVMode
files. The value is greater than or
NBI →MinDealF 15 textagent
equal to the collection period and
ileTime
must be a multiple of 5.
CSVMode Indicates the multi-layer subnet

NBI →MlsnNam 1 name. By default, this parameter is textagent
e not visible to external users.
CSVMode Indicates the character set for

NBI →TextCode UTF-8 generating performance files. The textagent
Format options are as follows:
CSVMode→
CsvHead→L Specifies whether to report the end
NBI TRUE textagent
ine2→Colle time of performance collection.
ctionTime

Defau
lt Description
stem Name Process
Value
CSVMode→
CsvHead→L
NBI TRUE Specifies whether to report NE IDs. textagent
ine2→Devic
eID
CSVMode→
CsvHead→L Specifies whether to report NE
NBI TRUE textagent
ine2→Devic names.
eName
CSVMode→
CsvHead→L Specifies whether to report the
NBI TRUE textagent
ine2→Granu collection period.
larityPeriod
CSVMode→
CsvHead→L FALS Specifies whether to report the IDs
NBI textagent
ine2→Resou E of measured objects.
rceID
CSVMode→
CsvHead→L Specifies whether to report the
NBI TRUE textagent
ine2→Resou names of measured objects.
rceName
CurrentMEN
NBI 43 Current ME Number Agent_CORBA
umber
Customized
Customized requirement switch(0:
NBI Requirement 0 XMLAgent
no; 1: yes, default:0)
_001
Delete
DeletePfmTa Deletes the name of the scheduled
NBI PfmTa textagent
sk→Name performance data collection task.
sk
Indicates the period of the task of

DeletePfmTa
NBI 1440 clearing historical performance textagent
sk→Period
files.
2009/9
DeletePfmTa Indicates the start time of the task of
/1
NBI sk→StartTi clearing historical performance textagent
0:00:0
me files.
0
Indicates the upgrade version. This

is a custom function. The options
DU_UPGR
NBI false are as follows:true: upgrade version XMLAgent
ADE
for DU sites,false: upgrade version
not for DU sites

Defau
lt Description
stem Name Process
Value
EmsLocatio
NBI local the physical location of EMS Agent_CORBA
n
Huawe
NBI EmsName i/ the whole network only id of EMS Agent_CORBA
U2000
EMS Type Option. 0 stands for

NBI EmsType 0 Agent_CORBA
T2000, 1 stands for T2100
EmsTypeNa typename of EMS, it can be U2000

NBI U2000 Agent_CORBA
me or T2K.
EventQueue Length of the event queue for

Length buffering the notification event.
Indicates the file export format.1:

All NEs are exported to an ID_CSV
file.2: All NEs are exported to an
NBI ExportMode 3 NE_XML file.3: Wireless NEs are textagent
exported to an NE_XML file and
fixed NEs are exported to an
ID_CSV file.
filterbuflengt max capacity of log information in

NBI 128 Agent_CORBA
h the cache for filtering
../conf/
certific
FTP_Client ate/
NBI The client key path for safe FTP Agent_CORBA
Cer corbaa
gent.ce
r
#| the port of FTP protocol. Only

NBI FTP_Port 22 SSL or SSH mode uses it, normal Agent_CORBA
mode uses 21 fixed.
../conf/
certific
FTP_Private ate/
NBI The private key path for safe FTP Agent_CORBA
Key corbaa
gent.ce
r
SSL protocol of FTP authen mode,

0: SSL_VERIFY_NONE,1:
FTP_SSL_A SSL_VERIFY_PEER,2:
NBI 1 Agent_CORBA
uthMode SSL_VERIFY_FAIL_IF_NO_PEE
R_CERT,3:
SSL_VERIFY_CLIENT_ONCE

Defau
lt Description
stem Name Process
Value
FTP_SSL_C SSL protocol type of FTP protocol.

NBI 12 Agent_CORBA
onnectMode 9 for SSLv23, 12 for TLSv1.
FTP host protocol, 0 for normal

mode, 1 for SSL mode, 2 for SSH
NBI FTP_Type 2 Agent_CORBA
mode. Only the interfaces which
will send files use it.
Indicates the IP address of the

FTPConfig 127.0.
NBI remote FTP server to which files are textagent
→IPAddr 0.1
transferred.
Q2419
AB8C
2E76B
15389
4664B
B4F9E
FTPConfig 30F54
NBI Indicates the SFTP user password. textagent
→PassWord 11520
B7E1
B2B85
299D4
B0650
994B5
B
FTPConfig
NBI 22 Indicates the SFTP service port. textagent
→Port
FTPConfig FALS Specifies whether to use FTP to

NBI textagent
→PushMode E transfer performance files.
/
FTPConfig
ftptest/
NBI →RemotePa Indicates the FTP file directory. textagent
pfm_o
th
utput/
FTPConfig
Indicates the interval at which
NBI →RetryInter 60 textagent
performance files are re-transferred.
val
FTPConfig
Indicates the SFTP certificate file
NBI →SFTPKey textagent
directory.
Path
FTPConfig
NBI →SFTPMod 1 Indicates the FTP service mode. textagent
e

Defau
lt Description
stem Name Process
Value
FTPConfig
NBI root Indicates the SFTP login user. textagent
→UserName
GenerateNB FALS Specifies whether to generate

NBI textagent
IFiles E performance files.
heartbeat → Specifies whether to enable

NBI param → 1 heartbeat. The options are as SnmpAgent
Enable follows: 0: disable 1: enable
heartbeat →
Indicates the heartbeat period. The
value ranges from 3 to 300.
Interval
Indicates the heartbeat trap

heartbeat→L SNMP
NBI configurations. The content SnmpAgent
able Agent
supports only English.
HeartBeatTi Timeout seconds of

NBI 30 Agent_CORBA
meout NT_HEARTBEAT event[unit:s]
127.0. host name of the naming service

NBI hostname Notify_Service
0.1 (default value: local host name)

Defau
lt Description
stem Name Process
Value
Centra
lized:T
LS_E
CDHE
_ECD
SA_W
ITH_A
ES_12
8_CB
C_SH
A256,
TLS_E
CDHE
_RSA
_WIT
H_AE
S_128
_CBC
_SHA
256,T
LS_RS
A_WI
TH_A
HTTPSCiph
ES_12 Indicates the HTTPS encryption
NBI erSuitesFilte XMLAgent
8_CB mode.
r
C_SH
A256,
TLS_E
CDH_
ECDS
A_WI
TH_A
ES_12
8_CB
C_SH
A256,
TLS_E
CDH_
RSA_
WITH
_AES_
128_C
BC_S
HA25
6,TLS
_ECD
HE_E
CDSA

Defau
lt Description
stem Name Process
Value
_WIT
H_AE
S_128
_CBC
_SHA,
TLS_E
CDHE
_RSA
_WIT
H_AE
S_128
_CBC
_SHA,
TLS_
RSA_
WITH
_AES_
128_C
BC_S
HA,T
LS_E
CDH_
ECDS
A_WI
TH_A
ES_12
8_CB
C_SH
A,TLS
_ECD
H_RS
A_WI
TH_A
ES_12
8_CB
C_SH
A,TLS
_ECD
HE_E
CDSA
_WIT
H_AE
S_128
_GCM
_SHA
256,T
LS_E
CDHE

Defau
lt Description
stem Name Process
Value
_RSA
_WIT
H_AE
S_128
_GCM
_SHA
256,T
LS_RS
A_WI
TH_A
ES_12
8_GC
M_SH
A256,
TLS_E
CDH_
ECDS
A_WI
TH_A
ES_12
8_GC
M_SH
A256,
TLS_E
CDH_
RSA_
WITH
_AES_
128_G
CM_S
HA25
6;
Distrib
ution:.
*_EC
DSA_
WITH
_AES_
128_.*
,.*_RS
A_WI
TH_A
ES_12
8_.*,.*
_DSS_
WITH
_AES_
128_.*

Defau
lt Description
stem Name Process
Value
NBI IDLVersion 2 IDL Version Agent_CORBA
inform → Indicates the reporting mode. The

NBI param → 0 options are as follows: 0: Trap 1: SnmpAgent
Enable Inform Default: 0
inform → Indicates retries after informing

NBI param → 3 failures. The value ranges from 2 to SnmpAgent
Retries 6.
inform →
Indicates the informing delay. The
value ranges from 5 to 120.
Timeout
inform→ Indicates the size of the cache for

NBI param→ 10000 storing real-time alarms. The value SnmpAgent
CacheSize ranges from 0 to 50000.
IS_MANUF Specifies whether to display board

NBI ACTUR_EN 0 manufacturing information. The XMLAgent
ABLE options are as follows:0: no,1: yes
China mobile OBU Card EDFA

PFM Objectname AID display
NBI IsAID 0 Agent_CORBA
opthon, 0 stand for closed, 1 stand
for open, default value is 0.
0 means the attribute

IsAlarmProb
ProbableCauseQualifier is not
ableCauseQ
NBI 1 compatible with the previous Agent_CORBA
ualifierCom
version. 1 means compatible.
patible
Default value is 1.
For Brazil whether fiber or

subnetwork connection alarms
NBI IsBzOI 0 Agent_CORBA
associated. 0 stand for closed, 1
stand for open, default value is 0.
strategy of the route of SNC ,0: all

route is SIMPLE style,1: SIMPLE
IsCombineC
NBI 0 route will be combined in Agent_CORBA
C
ADD_DROP style as appropriate ,
default value is 0
Whether filer alarms. 1 for filter, 0

NBI IsFilteAlarm 1 Agent_CORBA
for not filter, default value is 1.
Whether filters the card

IsManufactu manufacture information. 0 for not
NBI 0 Agent_CORBA
reEnable filter, 1 for filter, the default value is
0.

Defau
lt Description
stem Name Process
Value
whether need to query or check an

IsNeedChec
NBI 1 NE is ONE,(0:Close; 1:Open) Agent_CORBA
kONE
default value is 1
Indicate fiber query if return all

IsQueryAllF
NBI 0 fiber ,1: all fibers , 0: external fiber Agent_CORBA
iber
only
Whether to query All MEs using

IsQueryME BestEffort interface (0:Non Best-
NBI 0 Agent_CORBA
BestEffort effort; 1: Best-effort), default value
is 0
Whether to report
IsReportAlar NT_ALARM_UPDTAE message to
NBI 0 Agent_CORBA
mUpdate OSS(0:Not report; 1: Report)
default value is 0.
WDM device multi-shelf return

IsReportMul sub-shelf name in compatible
NBI 0 Agent_CORBA
tiShelfName mode(0 stand for close, 1 stand for
ppen), default value is close.
Specifies whether to report OMS

IsReportOM SNC events. This is a custom
NBI 0 XMLAgent
S function. The options are as
follows:0: no,1: yes
Whether to report JX/CX

IsReportOve
NBI 1 information from NE(0:Not report; Agent_CORBA
rHeadInfo
1: Report) default value is 1
Whether to report TCM/PM/SM

IsReportWD
NBI 0 information from NE(0:Not report; Agent_CORBA
MTTIInfo
1: Report) default value is 0
Specifies whether to report WDM

IsReportWD TT1 (TCM/PM/SM) overhead
NBI 0 XMLAgent
MTTIInfo information. The options are as
follows:0: no,1: yes

rcaiIndicator, X.
IsReturnCorr
733::CorrelatedNotifications, and
NBI elatedFields 1 Agent_CORBA
X.733::CorrelatedNotifications
ForOSS
alarm fields to the OSS. 1: on ; 0:
off. the default value is 1.
IsSupportSD Whether to report the SDH ASON

NBI HASONRou 0 reroute notifications. The default Agent_CORBA
teChangeNtf value is 0.

Defau
lt Description
stem Name Process
Value
VDF PTN function switch, 0 stand

IsVDFPTNF
NBI 1 for closed, 1 stand for open, default Agent_CORBA
uncOn
value is 1.
the report type of the Equipment's

IsWithSlotI nativeEMSName . 0 is without slot
NBI 0 Agent_CORBA
D ID, 1 is with slotID. The default
value is false.
The transmission parameter of IVID

value format style of UNI port in
NBI IVIDStyle 0 Agent_CORBA
NETH service, 0 for split by comma
such as
Centra
lized:fi
le:$
{active
mq.bas
e}/../../
../../etc
/ssl/nbi
/
keySto
re/JKS
NBI keyStore / JMS Authentication Key XMLAgent
keysto
re.jks,
Distrib
ution:f
ile:etc/
ssl/nbi/
keySto
re/JKS
/
keysto
re.jks
NBI ListenAllIp disable whether to bind all IP addresses Notify_Service
IP address bound to the notification

ListenIpAdd service (If there are multiple IP
NBI Notify_Service
rs addresses, separate them by
commas.)
Specifies whether the time is a local

LOCAL_TI
NBI 0 time. The options are as follows:0: XMLAgent
ME
UTC; Others: local

Defau
lt Description
stem Name Process
Value
indicate local character set(0:local

LocalCharse character set is ISO-8859-1
NBI 0 Agent_CORBA
t (default) / 1: local character set is
GBK);
0x140
NBI logfilesize max capacity of log file Agent_CORBA
0000
switch level:assert/
internal_error,external_error,io,runti
NBI logswitch 1,1,1,0 Agent_CORBA
me_trace;1 stands for open, 0 stands
for close;
logtimeinter time interval(second) for printing

NBI 60 Agent_CORBA
val log information
The adopted layer rate of LSP CTP

LR_MPLS_ which is valid only in condition of
NBI 501 Agent_CORBA
TP TI PKT function opened, default
value is 501
The adopted layer rate of TP which

LR_MPLS_ is valid only in condition of TI PKT
NBI 500 Agent_CORBA
TP_Section function opened, default value is
500
MAX_USE
NBI 10 the max user number Agent_CORBA
R
MAX_USE Maximum number of concurrent

NBI 10 XMLAgent
R different users.
MaxHugeTa
NBI 20 The huge task number (default:20); Agent_CORBA
skNum
MaxInterval
Max silent interval of SilentTime
NBI OfSilentTim 3600 Agent_CORBA
strategy(unit:second)
e
MaxSession Max session threshold of FIFO

NBI 10 Agent_CORBA
OfFIFO strategy
MaxThread Indicates the maximum number of

NBI 4 textagent
Number concurrent threads.
MIB1 →
Indicates the delimiter of alarm
NBI param → SnmpAgent
information.
Delimiter
MIB1 → Huawe Indicates the NMS name. By

NBI param → i/ default, this parameter is not visible SnmpAgent
EmsName U2000 to external users.

Defau
lt Description
stem Name Process
Value
1.3.6.1
MIB1 → Indicates the OID reported by the
.
param → heartbeat trap. The value can be
NBI 4.1.20 SnmpAgent
KeepAliveV 1.3.6.1.4.1.2011.2.15.1 or
11.2.1
BOID 1.3.6.1.4.1.2011.2.15.1.7.2.1.
5.1
Indicates an OID parameter. The

MIB1 →
options are as follows: 0: do not
distinguish alarm severities 1:
NotifyOID
distinguish alarm severities
MIB1 → Indicates the alarm message

param → encoding format. The options are as
NBI 0 SnmpAgent
ResIDForma follows: 0: 8-tuple 1: FDN 2:
t MTOSI
MIB1 → Indicates the type of the MxU NE

param → indicator group. The options are as
NBI 0 SnmpAgent
SupportOld follows: 0: old indicator group 1:
GroupID new indicator group
MIB1 →
Specifies whether to support the
param →
NBI 1 T2000 information format. The SnmpAgent
T2000Suppo
options are as follows: 0: no 1: yes
rt
MIB1 →
Specifies whether to support X.733
param
NBI 0 format. The options are as follows: SnmpAgent
→SupportX
0: not support 1: support
733Alarm
MIB1 →
severity → Critica Indicates the MIB1 alarm severity:
NBI SnmpAgent
param → l Critical.
Critical
MIB1 →
severity →
Indeter Indicates the MIB1 alarm severity:
minate Indeterminate.
Indeterminat
e
MIB1 →
severity → Indicates the MIB1 alarm severity:
NBI Major SnmpAgent
param → Major.
Major
MIB1 →
severity → Indicates the MIB1 alarm severity:
NBI Minor SnmpAgent
param → Minor.
Minor

Defau
lt Description
stem Name Process
Value
MIB1 →
severity → Unrep Indicates the MIB1 alarm severity:
NBI SnmpAgent
param → ort Unreport.
Unreport
MIB1 →
severity → Warni Indicates the MIB1 alarm severity:
NBI SnmpAgent
param → ng Warning.
Warning
MIB3 → Indicates the possible cause of the

param → alarm. The options are as follows: 0:
NBI 0 SnmpAgent
oldPCSuppo consistent with the client 1:
rt consistent with the TMF
MIB3 →
Indicates the NE type. The options
param →
NBI 0 are as follows: 0: optical NE 1: SnmpAgent
ONEShelfTy
WDM NE
peSupport
NamingServ
NBI 12001 Port of the naming service. Agent_CORBA
ice_Port
NamingServ Port of the naming service with SSL

ice_SSLPort protocol.
Specifies whether to capitalize the

NATIVEEM first letter of the NativeEMSName
NBI 0 XMLAgent
SNAME value. The options are as follows:0:
yes,1: no
The NE type list which support the

Sub_Shelf solution,'0' means
1992,1
support all the device.1992(OptiX
993,19
NETypeList OSN 9800 U32),1993(OptiX OSN
NBI 94,190 Agent_CORBA
ForSubShelf 9800 U64),1994(OptiX OSN 9800
2,1921
P18),1902(OSN9600),
,1922
1921(OSN9600U32),
1922(OSN9600U64)
nmsinfon →
alarmlevel→ Indicates the severity of alarms
NBI 1 SnmpAgent
param→Crit reported by a third-party NMS.
ical
nmsinfon →
NBI 1 SnmpAgent
param→Maj reported by a third-party NMS.
or

Defau
lt Description
stem Name Process
Value
nmsinfon →
NBI 1 SnmpAgent
param→Min reported by a third-party NMS.
or
nmsinfon →
NBI 1 SnmpAgent
param→War reported by a third-party NMS.
ning
nmsinfon →
category→ Indicates the category of alarm
NBI 0 SnmpAgent
param→Ack reporting for a third-party NMS.
nowledge
nmsinfon →
NBI 0 SnmpAgent
param→Cha reporting for a third-party NMS.
nge
nmsinfon →
NBI 0 SnmpAgent
param→Eve reporting for a third-party NMS.
nt
nmsinfon →
NBI 1 SnmpAgent
param→Faul reporting for a third-party NMS.
t
nmsinfon →
NBI 1 SnmpAgent
param→Rec reporting for a third-party NMS.
over
nmsinfon →
NBI 0 SnmpAgent
param→Una reporting for a third-party NMS.
cknowledge
Indicates the read community

b2732
password. The password must
90137
consist of 8 to 18 characters and
nmsinfon → C7251
contain three types of the following
NBI community1 68F52 SnmpAgent
four characters: digits, uppercase
→ Read F3D7E
letters, lowercase letters, and special
1EA86
characters. This item appears only
70
after SNMP instance configured.

Defau
lt Description
stem Name Process
Value
Indicates the write community

b2732
password. The password must
90137
consist of 8 to 18 characters and
nmsinfon → C7251
contain three types of the following
NBI community1 68F52 SnmpAgent
four characters: digits, uppercase
→ Write F3D7E
letters, lowercase letters, and special
1EA86
70
Indicates the SNMPv3

authentication password. The
password consists of 8 to 18
nmsinfon →
characters and the password
param →
NBI strength must be higher than or SnmpAgent
AuthPasswo
equal to level 2 (digits, letters,
rd
special symbols). This item appears
only after SNMP instance
configured.
Indicates the IP address to receive

nmsinfon →
127.0. traps. The IP address must be
0.1 appropriate. This item appears only
IPAddress
Indicates the port to receive traps.

nmsinfon →
The value ranges from 1 to 65535.
This item appears only after SNMP
Port
instance configured.
Indicates the SNMPv3 encryption

password of a third-party NMS. The
password consists of 8 to 18
nmsinfon →
characters and the password
param →
NBI strength must be higher than or SnmpAgent
PrivPasswor
equal to level 2 (digits, letters,
d
special symbols). This item appears
only after SNMP instance
configured.
Indicates the SNMPv3 user name.

nmsinfon →
The user name consists of 1 to 20
NBI param → admin SnmpAgent
V3User
nmsinfon →
Specifies whether to filter
param→Mai
NBI maintenance alarms. The options SnmpAgent
ntenanceAla
are as follows:
rmFilter

Defau
lt Description
stem Name Process
Value
Indicates the SNMP version. The

nmsinfon
options are as follows: 1:v1 2:v2c
NBI →param→ 3 SnmpAgent
3:v3 This item appears only after
Version
SNMP instance configured.
NOTIFY_A
Indicates the alarm
LARM_AC
acknowledgement event reporting
NBI KNOWLED 1 XMLAgent
mode. The options are as follows:0:
GED_EVEN
receive,1: discard
T_SWTICH
NOTIFY_E
Event swtich. 0: accept events ; 1:
NBI VENT_SWT 1 XMLAgent
discard events;
ICH
NotifyServic
NBI 12002 Port of notify service. Agent_CORBA
e_Port
NotifyServic Port of notify service with SSL

e_SSLPort protocol.
OBJECT_ID Indicates the object identifier mode.

NBI ENTIFIER_ 0 The options are as follows:0: using XMLAgent
MODE ID,1: using name
ORBThread Amount of thread in the CORBA

NBI 4 Agent_CORBA
Num Agent's thread pool
log output mode, 0 stands for

NBI outputmode 0 printing right now , 1 stands for Agent_CORBA
printing by schedule
Indicates the alarm reporting mode.

param → The options are as follows: T2000
NBI SupportedM MIB1 MIB HW MIB When deployed, if SnmpAgent
IB not modify, the value will be set
HW MIB
PFM_ONE_
Indicates the number of NEs for
NBI BATCH_SIZ 1 XMLAgent
batch performance data queries.
E
The return data size of every

package when querying history
PfmFrameR
NBI 2000 performance. It can be 0 to 6000. If Agent_CORBA
dSize
it is not it will use the default value
2000.
Indicates the number of records in

PFMFRAM
NBI 2000 each data packet for querying XMLAgent
ERDSIZE
performance data.

Defau
lt Description
stem Name Process
Value
Length of the PM data to be

PfmRecordS 10000
NBI recorded for one batch, default Agent_CORBA
ize 0
value is 100000
how many object which history PM

PfmSelectO data to return in one request, default
NBI 50 Agent_CORBA
bjSize value is 50, 0 query all the PM date
of pmTPSelectList in one request.
NBI PkNum 5000 Package number Agent_CORBA
Performance Parameter name style.

It can be Standard or NoneStandard.
PMPParamet Standa Standard means obey the TMF it
NBI Agent_CORBA
erStyle rd will report like PMP_*.
NoneStandard means it will report
as the same as NMS.
Naming_Servic
NBI port 12001 port of the naming service
e
NBI port 12001 port of the naming service Notify_Service
NBI port 12002 port of the notification service Notify_Service
QueryPWTr Whether query the Aend and Zend

ailEndTrans transmission parameters of pwtrail.
NBI 0 Agent_CORBA
missionPara Default value is 0 standing for not
m querying, 1 for querying.
max capacity of log information in

queuebuflen
NBI 16384 the cache for printing by schedule Agent_CORBA
gth
mode
strategy of nativeEMSName in TI
RTNAlarmF
NBI 0 alarm of RTN950, 1 stand for YES, Agent_CORBA
orTI
0 stand for NO, default value is 0.
SHAKEHA
the max failed times while shaking
NBI ND_FAILE 7 Agent_CORBA
hand
D_LIMIT
SHAKEHA
NBI ND_PERIO 60 shake hand period(second) Agent_CORBA
D
ShakeHand Whether shakehanding with OSS. 1

NBI 1 Agent_CORBA
WithOSS stand for YES, 0 stand for NO

Defau
lt Description
stem Name Process
Value
The order option for querying routes

SNC_ROUT
of a specified SDH/OTN trail(0: no
NBI E_ORDER 0 Agent_CORBA
sort; 1:forward sort; 2:reverse sort)
MODE
default value is 0
NBI SplitPackage 50 Splite Package Agent_CORBA
whether to enable the SSL mode

(Enabling this mode requires the Naming_Servic
NBI ssl enable
sslconf configuration file and e
related configurations.)
whether to enable the SSL mode

(Enabling this mode requires the
NBI ssl enable sslconf configuration file, related Notify_Service
configurations, and naming service
configurations.)
SSL/TLS Diffie-Hellman Modulus

size (1:DH MODP size greater than
SSL_DH_P
NBI 1 or equal to 2048; 0:DH MODP size XMLAgent
ARAM
less than or equal to 1024) default
value is 1
./etc/
oss_cf
g/nbi/
corba/
conf/ configuration file for the naming
ii_corb service in SSL mode (a full path or Naming_Servic
NBI sslconf
aagent relative path; default value: e
_bundl naming_ssl.conf)
e/
namin
g_ssl.c
onf
./etc/
oss_cf
g/nbi/
corba/
conf/ configuration file for the
ii_corb notification service in SSL mode (a
NBI sslconf Notify_Service
aagent full path or relative path; default
_bundl value: notify_ssl.conf)
e/
notify_
ssl.con
f

Defau
lt Description
stem Name Process
Value
Naming_Servic
NBI sslport 22001 SSL port
e
NBI sslport 22001 SSL port of the naming service Notify_Service
NBI sslport 22002 SSL port Notify_Service
Strategy of releasing session

StrategyOfR
resource if not detecting OSS
NBI eleasingSess 1 Agent_CORBA
online-connect. 1 stand for FIFO, 2
ion
stand for SilentTime
Task_10_N Indicates the collection period of the

NBI W→Collect 10 scheduled 10-minute performance textagent
Period data collection task.
Indicates the export delay of the

Task_10_N
NBI 25 scheduled 10-minute performance textagent
W→Delay
data collection task.

Task_10_N FALS
NBI scheduled 10-minute performance textagent
W→Enable E
Task_10_N Indicates the export period of the

NBI W→ExportP 10 scheduled 10-minute performance textagent
eriod data collection task.
Export
Pfm_1 Indicates the name of the scheduled
Task_10_N
NBI 0m_Ta 10-minute performance data textagent
W→Name
sk_N collection task.
W
2009/9
Task_10_N Indicates the export start time of the
/1
NBI W→StartTi scheduled 10-minute performance textagent
0:00:0
me data collection task.
0
Task_1440_ Indicates the collection period of the

NBI NW→Collec 1440 scheduled 1440-minute textagent
tPeriod performance data collection task.

Task_1440_
NBI 1455 scheduled 1440-minute textagent
NW→Delay
performance data collection task.
Task_1440_ Specifies whether to enable the

FALS
NBI NW→Enabl scheduled 1440-minute textagent
E
e performance data collection task.

Defau
lt Description
stem Name Process
Value
Task_1440_ Indicates the export period of the

NBI NW→Expor 1440 scheduled 1440-minute textagent
tPeriod performance data collection task.
Export
Task_1440_
NBI 440m_ 1440-minute performance data textagent
NW→Name
Task_ collection task.
NW
2009/9
Task_1440_ Indicates the export start time of the
/1
NBI NW→StartT scheduled 1440-minute textagent
3:00:0
ime performance data collection task.
0
Indicates the collection period of the

Task_1440_
scheduled 1440-minute
NBI RCN→Colle 1440 textagent
performance data collection task
ctPeriod
(wireless).

Task_1440_
NBI RCN→Dela 60 textagent
y
(wireless).

Task_1440_
FALS scheduled 1440-minute
NBI RCN→Enab textagent
E performance data collection task
le
(wireless).
Indicates the export period of the

Task_1440_
NBI RCN→Expo 1440 textagent
rtPeriod
(wireless).
Export
Task_1440_ Pfm_1 Indicates the name of the scheduled
NBI RCN→Nam 440m_ 1440-minute performance data textagent
e Task_ collection task (wireless).
RCN
2009/9 Indicates the export start time of the

Task_1440_
/1 scheduled 1440-minute
NBI RCN→Start textagent
3:00:0 performance data collection task
Time
0 (wireless).


Defau
lt Description
stem Name Process
Value

Task_15_N
W→Delay

Task_15_N
NBI TRUE scheduled 15-minute performance textagent
W→Enable

Export
Task_15_N
W→Name
W
2009/9
/1
0:00:0
0
Task_15_RC Indicates the collection period of the

NBI N→CollectP 15 scheduled 15-minute performance textagent
eriod data collection task (wireless).

Task_15_RC
N→Delay
data collection task (wireless).

Task_15_RC FALS
N→Enable E
Task_15_RC Indicates the export period of the

NBI N→ExportP 15 scheduled 15-minute performance textagent
Export
Task_15_RC
N→Name
sk_RC collection task (wireless).
N
2009/9
Task_15_RC Indicates the export start time of the
/1
NBI N→StartTim scheduled 15-minute performance textagent
0:00:0
e data collection task (wireless).
0

Defau
lt Description
stem Name Process
Value


Task_30_N
W→Delay

Task_30_N FALS
W→Enable E

Export
Task_30_N
W→Name
W
2009/9
/1
0:00:0
0


Task_30_RC
N→Delay

Task_30_RC FALS
N→Enable E

Export
Task_30_RC
N→Name
N

Defau
lt Description
stem Name Process
Value
2009/9
/1
0:00:0
0


Task_360_N
W→Delay

Task_360_N FALS
W→Enable E

Export
Task_360_N
NBI 60m_T 360-minute performance data textagent
W→Name
ask_N collection task.
W
2009/9
/1
0:00:0
0
Task_5_NW Indicates the collection period of the

NBI →CollectPer 5 scheduled 5-minute performance textagent
iod data collection task.

Task_5_NW
→Delay

Task_5_NW FALS
→Enable E
Task_5_NW Indicates the export period of the

NBI →ExportPer 5 scheduled 5-minute performance textagent
iod data collection task.
Export
Indicates the name of the scheduled
Task_5_NW Pfm_5
NBI 5-minute performance data textagent
→Name m_Tas
collection task.
k_NW

Defau
lt Description
stem Name Process
Value
2009/9
Indicates the export start time of the
Task_5_NW /1
→StartTime 0:00:0
0


Task_60_N
W→Delay

Task_60_N FALS
W→Enable E

Export
Task_60_N
W→Name
W
2009/9
/1
0:00:0
0


Task_60_RC
N→Delay

Task_60_RC FALS
N→Enable E


Defau
lt Description
stem Name Process
Value
Export
Task_60_RC
N→Name
N
2009/9
/1
0:00:0
0
Routing domain TCA events

TCASwitch reported by the PMS converted to
NBI 0 Agent_CORBA
Alarm alarm reporting. 0: not converted, 1:
converted
Strategy of TI NE name which is

TI_NE_NA valid only in condition of TI PKT
NBI 0 Agent_CORBA
ME function opened,0 closed ,1
open ,default 0
Strategy of TI KOSMOS function, 0

NBI TIKosMos 0 Agent_CORBA
closed, 1 open, default 0
the Interval of CORBAAgent

TimerInterva
NBI 30 checking connection, the unit is Agent_CORBA
l
second
TimeShowA
NBI 0 The time format. 0 for Agent_CORBA
ppearance
Time zone mode. 0 for UTC time

TimeZoneRe
NBI 0 mode , 1 for local time mode with Agent_CORBA
fPoint
current time zone
TIPtnSinglet Strategy of TI PKT function, 0

NBI 0 Agent_CORBA
on closed, 1 open, default 0

Defau
lt Description
stem Name Process
Value
Centra
lized:fi
le:$
{active
mq.bas
e}/../../
../../etc
/ssl/nbi
/trust/
NBI trustStore JMS Certificate? XMLAgent
trustst
ore.jks
,Distri
bution:
file:etc
/ssl/nbi
/trust/
trustst
ore.jks
whether to use IP addresses in Naming_Servic

NBI UseIp enable
dotted decimal notation e
whether to use IP addresses in

NBI UseIp enable Notify_Service
dotted decimal notation
v3trap Indicates the authentication

→param→ protocol. The options are as
NBI 2 SnmpAgent
AuthProtoco follows: 1: HMACMD5 2:
l HMACSHA
v3trap Indicates the data encryption

NBI →param→ 2 protocol. The options are as SnmpAgent
PrivProtocol follows: 1: DES 2: AES
v3trap→Eng Indicates the engine ID in SNMPv3

NBI SnmpAgent
ineID mode.
v3trap→para Indicates the security level. The

NBI 3 SnmpAgent
m→ Level options are as follows:

WDMPortD
NBI 0 workmode. The options are as Agent_CORBA
etailSwitch
follows:0: no, 1: yes, default is 0.
The ActiveMQ user access supports

NBI authorization true
authentication.
MaxParallel Maximum number of supported

NBI 20
Thread concurrent connections.

Defau
lt Description
stem Name Process
Value
max amount of log files in the

NBI logfilecount 10000 Agent_CORBA
directory
SSL/TLS Diffie-Hellman Modulus

size (1:DH MODP size greater than
SSL_DH_P
NBI 1 or equal to 2048; 0:DH MODP size Agent_CORBA
ARAM
less than or equal to 1024) default
value is 1
strategy of TI ROADM function,0

NBI TIROADM 0 Agent_CORBA
closed ,1 open ,default 0
NEMG isSupportMu isSupportMultiDimensionTunnelAl-

R_VM lDimenTnlA false loc, true:Support;
F lloc false:Unsupported, Default:false
Configuration of generating alarm

that NE backup policy is failed or is
long-term disabled. 0:Do not
SEND_ALA generate alarm never. 1:Generate
RM_FOR_N alarm whatever NE backup policy is DCServer,NEU
DC 1
EBACKUPP failed or is long-term disabled. pgrade
OLICY 2:Generate alarm only NE backup
policy is failed. 3:Generate alarm
only NE backup policy is long-term
disabled.
TRAN bIsSupportO Whether to support OSN virtue NE.

0
S SNVNE 0:not support(default), 1:support
This function is provided for China

Telecommunications Corporation
only. It must be used under the
guidance of Huawei engineers. Any
misuse will cause service
Nml_s FilterNeNam
interruptions.Specifies whether to Nml_sdh
dh e
break trails into two if they are
carried by a fiber whose source or
sink NE name (not both names)
contains the value of this
configuration item.
FIXED_CH Enable or Disable function of fixed DCServer,NEU

DC 0
ECK_ITEM check item. 0: Disable. 1: Enable. pgrade
AUTO_SYN
CH_MANU Resource type list supporting timer
PM AL_INST_S synchronization(eg:- PMSDm
UPPORTED 1001,1005,1004)
_RESTYPE

Defau
lt Description
stem Name Process
Value
PONTL1_C Whether support to convert LOID to

ACCE BmsPonEmsTL
ONVERT_L 1 PWD if specified the
SS 1
OID ONUIDTYPE(0:no;1:yes default:1)
Whether the connection type is

CONFIG_C displayed for combinations of
Nml_c PS_IS_SHO HVPN, PWE3 access to static
1
ps W_CONNE L3VPN N:1, and PWE3 access to
CTPOINT dynamic L3VPN service: 1: Yes
(default) 0: No
41,43,
DLM_BUL 71,75,
K_ACCESS 45,234
DLM BULK supporrted Access
PM _DEV_TYP 0,2350 PMSDm
device type
E_SUPPOR ,
TED 2346,2
339
90033,
90060,
90118,
DLM_BUL 90065,
K_ACCESS 90002,
DLM BULK supporrted resource
PM _RES_TYP 90045, PMSDm
type
E_SUPPOR 90046,
TED 90130,
90132,
90161,
90162
CONFIG_S
UPPORT_H
This item specifies whether HVPLS
VPLS_EXP
Nml_c composite services support
AND_DISC 0
ps extended discovery (site
OVERY_LO
customization) 0(default): No 1: Yes
CALCUSTO
M
PAUSE_AU
Pause NE auto backup and auto
TO_BACK
synchronization when NE is in DCServer,NEU
DC UP_SYNC_ 0
upgrading stage. 0:Do not pgrade
WHEN_UP
pause(default); 1:Pause.
GRADE
Specifies how many hours to check

LoopAlarm
Nml_c clock link loops and report alarm. 0:
CheckHourI 0 Nml_common
ommon No(default); 12 (suggest value if
ntervalTime
enable)

Defau
lt Description
stem Name Process
Value
CONFIG_L
Maximum number of L3VPN
3VPN_VRF
Nml_ip 100 services or VRF that can be
_EXPORT_
exported, the default value is 100.
MAXNUM
Whether to modify multicast VLAN

parameter in ONT VAS Profile to
personalized parameter 0: template
parameter, 1: personalized
parameter, default: 0. Notes: 1,
XPON_MULTVLAN_SPEC_CFG
is enabled (1) , if new ont bind the
XPON_MU VAS profile which is before
ACCE
LTVLAN_S 0 upgrade, Multicast VLAN BmsAccess
SS
PEC_CFG paramater will invalide. New ont
need to bind new VAS profile. 2,
XPON_MULTVLAN_SPEC_CFG
and
XPON_SUPPORT_LAN_IP_CON
FIG are enabled at the same time,
the system will generate a common
template.
TRAN bSdnSynSW Whether to open SNC-T service

0
S ITCH synchronization. 0:No. 1:Yes.
DelayTimeS
TRAN Synchronous service interval time
ynTSDNSer 600 Eml_PubSvr
S to SNC-T.
vice
Whether to erase the space at the

TL1_IS_TRI
ACCE begin or end of the string in the
M_NULL_S 0 TL1NBiDm
SS query results(0:NO,1:YES,Default:
TRING
0)
SHOW_AL Specifies whether to display the

ACCE
ARMTAB_S 0 Device Alarm Synchronization Info BmsAccess
SS
WITCH tab. (0: no, 1: yes; default: 0)
CONFIG_T
Specifies whether calculator route
UNNEL_RO
Nml_ip 0 twice for Tunnel. 0 (default): No, 1: Nml_ip
UTECAL_T
Yes.
WICE
BMS_SUPP
ORT_ONT_ if xPON service profile can config
ACCE
INTEROPE 0 or display interoperability BmsAccess
SS
RABILITY_ parameters (0:NO, 1: YES)
MODE1

Defau
lt Description
stem Name Process
Value
CMTS_MA
ACCE X_DUMP_ The max cmts dump command num
20 BmsAccess
SS NUM_FOR_ for NBI(20 by default)
NBI
IPLink control automatically creates

ENABLE_
an instance of the function switch.
PM MTN_AUT 0 PMSDm
0- not support, 1- support, the
O_CREATE
default value is 0.
This item specifies whether a

CONFIG_T message is displayed if the port
UNNEL_SH selected during tunnel creation or
Nml_ip 1
OW_PORT_ modification or route adjustment
ALARM generates an alarm. 0: No 1
(default): Yes.
BMS_LST_
ACCE DEV_CRTD Whether show GMT when querying TL1NBiDm,
0
SS ATE_SHOW device(0:NO,1:YES) inTL1NBiDm
_GMT
Specifies the xPON mode when it

XPON_MO
ACCE fails to be obtained from an NE. (0:
DE_DEFAU 0 BmsAccess
SS no, 1: distributing mode, 2: profile
LT
mode)
This item specifies whether adjust

CONFIG_T
subinterface links in the scene of
CAT_ADJU
Nml_ip 0 TCAT "IP Network Expansion Nml_ip
ST_SUB_IN
Wizard (Static Scenario)" is
ERFACE
enabled.
GET_NBI_F
ILE_FROM Enable to get NBI file from uTraffic
PM 0 TXTNBIDm
_NPMS_EN or Not : 0-No, 1-Yes, default is 0.
ABLE
OPERATIO
N_NUM_F Maximum number of tasks for
PM 20 PMSDm
OR_MUTE mutex obtaining
X
ChannelLoo Channel LoopBack Setting Type, 0:

Nml_ot
pbackSetTyp 0 Can Set All, 1: Can Set Only Nml_otn
n
e Current Level, default is 0
Optical Power Flatness Monitoring

Nml_ot FlatnessMon OMS Type , 0: Inter-NE OMS, 1:
0 Nml_otn
n itorOmsType Intra-NE and Inter-NE OMS,
default is 0

Defau
lt Description
stem Name Process
Value
ODDisableS Whether to disable OSNR and OD

Nml_ot
witchWithN 0 Optimization status with no license, Nml_otn
n
oLicense 0: Disable, 1: Enable, default is 0
Whether need to set port channel

Nml_ot bIsSetPortC used status and port service active
0 Nml_otn
n hannelStatus status, 0: disable, 1: enable, default
is 0
Whether need to open the

bOutNetFaul
Nml_ot correlational analysis about the off-
tCorrelateAn 0 Nml_otn
n network fault, 0: disable, 1: enable,
alyse
defaut is 0
Nml_ot g_bIsNeedM Whether need to manage otuk, 0:

0 Nml_otn
n anageOTUk disable, 1: enable, defaut is 0
g_bNeedMer
Nml_ot Whether need to merge optical trail,
geOpticalTra 0 Nml_otn
n 0: disable, 1: enable default is 0
il
CMTS_CM_ Specifies which mode is used as the

ACCE DESCRIPTI index for the update of descriptions
0 BmsAccess
SS ON_SWITC during CM synchronization (0: CM
H ID, 1: MAC address).
Specifies the maximum number of

CONFIG_T
tunnels to be bound to an MPLS
UNNEL_BI
Nml_ip 200 protection ring each time. (The Nml_ip
ND_RING_
value ranges from 1 to 1000). The
MAXNUM
Specifies whether the service area to

which a service belongs is displayed
by default. (The value 0 indicates
CONFIG_R
that the service area is not displayed
Nml_ip EGION_DIS 1 Nml_ip
by default, and value 1 indicates
PLAY
that the service area is displayed by
default). The service area is
displayed by default.

Defau
lt Description
stem Name Process
Value
The U2000 generates a buffer report

event every 30 minutes when alarm
serial number synchronization fails
and controls the event using the
ISENABLE
configuration item
_ALARMS
IPCom ISENABLE_ALARMSYNCFAILE
YNCFAILE 0 trapr0101_agent
mon D_NMEVENT. The value 0
D_NMEVE
indicates that event reporting is
NT
disabled, 1 indicates that the
generated event source is an NE
name, and 2 indicates that the
generated event source is OSS.
1911,1
912,19
13,188
PROXYCO 4,1888 The resource type list that need PMSDm,BulkC
PM LLECTOR_ , collected by PMSCollectorProxy, ollectorDm,SN
DEVTYPE 1808,1 separate by comma. MPCollectorDm
809,19
15,199
2,1993
GDM_AUT
Whether support update devtype
O_UPDATE
ACCE automatically(0:not update,1:update
_DEVTYPE 0 BmsAccess
SS only with same
_SWITCH_
role,OLT=>OLT,MDU=>MDU)
VERSION
VDSL2_SE
RIALNUM_ The VDSL2 Vendor Serial Number
ACCE
COMBINE_ 0 contains Version Number (0: No, 1: BmsAccess
SS
VERSION_ Yes)
GUI
GPON_VEN
ACCE The swith of VENDORID:1:string;
DER_ID_S 1 TL1NBiDm
SS 0:int;default(1).
WITH
CONFIG_T
NL_PROTE Whether allow create Tunnel APS
CT_GROUP Protect Group when working tunnel
Nml_ip 0 Nml_ip
_WITH_SA and protect tunnel has the same
ME_ROUT route. 0: close(default), 1: open
E

Defau
lt Description
stem Name Process
Value
Router
,Switc
h,IP-
PTN,V
MF,VS
M,Rou
terPT
The TDT name list that support to
RES_TREE N6900
select multiple topo NEs, when
_MULTI_SE ,OAM,
getting resource when creat
PM LECT_SUP TRAN PMSDm
instance, seperate by comma.
PORTED_T SMISS
(Using client plugin style:
DT ION,V
DefaultPlugin)
8TRA
NS,C
MF,V8
PTN,A
CCES
S,BIT
S
IP address of the primary server of

the unified data collection
United Main_Unite
interface,can be configured AgentIntegrate
Mgr _INF_IPs
multiple, using the semicolon ";"
separated
NOTIFY_P
ACCE MS_CMCN If need notify PMS when CMC
0 BmsAccess
SS AME_CHA name Changed(0:NO,1:YES)
NGEM
PVC_QUER Switch of query base serviceport

ACCE
Y_BASE_I 0 info for Q interface.(0:disable,
SS
NFO 1:enable)
Specifies whether to set all

templates to the key
IS_KPI_TE templates.please configure the
PM MPLATE_O 1 PMS_NORMAL_TEMPLATE_LIS PMSDm
N T that in pms*.cfg when you want
to set same templates to normal
template.
XPON_SUP
The node operates the page switch,
ACCE PORT_TR06
0 0 is not visible, 1 is visible. (Default BmsAccess
SS 9_OVER_G
0 is not visible)
ENERIC

Defau
lt Description
stem Name Process
Value
IPFPM_DC
P_MEASUR
PM E_COLOR_ 561 The value of IPFPM color config
FLAG_VAL
UE
NEMG fullSyncColl The timeout of data acquisition in

R_VM ectionTimeo 180 Router V8 device full-synchronize,
F ut Unit: minute. Default value:180.
NEMG fullSyncProc The timeout of data processing in

R_VM essorTimeou 120 Router V8 device full-synchronize,
F t Unit: minute. Default value:120.
Indicates the port of the

ACCE PONTL1_LI BmsPonEmsTL
13027 BmsPonEmsTL1 northbound
SS STENPORT 1
service(default:13027).
PONTL1AL Indicates the port of the

ACCE BmsPonAlarmT
ARM_LIST 13028 BmsPonAlarmTL1 northbound
SS L1
ENPORT service(default:13028).
ACCE CLTSI_LIS Indicates the port of the cltsi

9000 cltsi
SS TENPORT northbound service(default:9000).
LDPRemote Config Remote LDP Peer Keep

Nml_c
Peerkeeptim -1 time.(-1:defaule, Invaild
ommon
e value.Vlaue: 30-65535)
Indicates the idle time of the

ACCE PONTL1_ID BmsPonEmsTL
600 BmsPonEmsTL1 northbound
SS LETIME 1
PONTL1AL Indicates the idle time of the

ACCE BmsPonAlarmT
ARM_IDLE 600 BmsPonAlarmTL1 northbound
SS L1
TIME service(default:600).

ACCE CLTSI_IDL
600 TL1NBiDm northbound cltsi
SS ETIME

ACCE TL1_IDLET
600 TL1NBiDm northbound TL1NBiDm
SS IME
ACCE TL1_LISTE Indicates the port of the TL1NBiDm

9819 TL1NBiDm
SS NPORT northbound service(default:9819).
PON_TL1_S
Indicates the list of terminal types BmsAccess,TL1
ACCE N_LEN_SP
whose SN length needs to retain 16 NBiDm,BmsPo
SS ECIAL_ON
bytes at PON TL1. nEmsTL1
UTYPE

Defau
lt Description
stem Name Process
Value
Whether to support the SDH

TRAN bSupportTIS Eml_PubSvr,ne
0 function for TI.0: not
S DH mgr*
support(default),1: support.
UTRAFFIC
Indicates the uTraffic collection
_INSTANC PMSDm,SNMP
mode. Options are as follows: 0:
PM E_COLLEC 0 CollectorDm,Bu
uTraffic collection, 1: U2000
T_MODE_T lkCollectorDm
collection
RANS
IS_DISPLA Whether to display the TopN

PM Y_TOPN_I 0 instances, 0- not support, 1- support, PMSDm
NSTANCE the default value is 0.
CONFIG_C Whther CES Service Drop Packet

Nml_ip ES_DROP_ 0 Diag Is Supoort.(0:no,
CHECK 1:yes.default:no)
ONT_STIFF
ACCE _CHECK_T
10 ONT stiff check treshold(1-100) BmsAccess
SS HESHOLD_
SWITCH
ONT_ALAR ONT stiff check alarm

ACCE M_TIME_G time(1800s-86400s default: 3600s,
3600 BmsAccess
SS LOBAL_S when less than 1800s, will set
WITCH 1800s)
POLICYST
ACCE AT_MAX_T Max thread count of the statistical
8 BmsAccess
SS HREAD_N policy;parameter value: default(8);
UM
tcp://
localIP
:
13171
? Indicates the ActiveMQ TCP
NBI openwire wireFo connection mode. localIP indicates ActiveMQ
rmat.m the local IP address.
axInac
tivityD
uration
=0

Defau
lt Description
stem Name Process
Value
ssl://
localIP
:
13172
?
transp
ort.ena
bledCi
pherSu
ites=T
LS_RS
A_WI
TH_A
ES_12
8_CB Indicates the ActiveMQ SSL
NBI ssl C_SH connection mode. localIP indicates ActiveMQ
A&tra the local IP address.
nsport.
needCl
ientAu
th=true
&trans
port.en
abledP
rotocol
s=SSL
v2Hell
o,TLS
v1.1,T
LSv1.
2
SaveTELink
Nml_ot Record TELink Resource Usage,
ResourceUsa 0 Nml_ason_otn
n 0:disable,1:enable,default is 0
ge
MEMBER_ The resource type key list that

69103
SUPPORT_ support RTP in member instance,
PM 5,6910 PMSDm
RTP_REST only for SIMPLE_PATH resource
45
YPE_KEY type
RASTER_S
The spectrum configuration is
MSO ET_BEGIN_ 02:00
scheduled for delivery
TIME
CONVERT_
Convert Scheduling Center Tab
SCHEDULI
ACCE Description to One-off Tasks, Apply
NGCENTE 0 BmsAccess
SS Interconnection File Task to
R_DESCRIP
Periodic Tasks(0:no,1:yes)
TION

Defau
lt Description
stem Name Process
Value
CPESVC_O
Control cross-V version upgrade for
ACCE NT_V3RCU
0 ONT V3 and later.(0: close, 1: BmsAccess
SS PGRADE_N
open)
OTLIMIT
ISENABLE Whether enable the BFD alarm to

IPCom RouterMgrDm,
_BFDSESSI false refresh the link,true is enable,false
mon Nemgr_vmf
ONDOWN is disable
BMS_LSTS
Specifies whether LST-
ACCE ERVICEPO TL1NBiDm,
1 SERVICEPORT supports the
SS RT_SUP_O inTL1NBiDm
display of ONT IDs. (0: No 1: Yes)
NTID
IS_CONT_
Is continue to operate when
OPER_TPO
TPOAM params inconsisient. 0: Is
Nml_ip AM_PARA 0 Nml_ip
not continue;1: Continue to
M_INCONS
operate;Default:0.
ISIENT
XMLNBI_O
ACCE PTICALMO The Format of Optical module inbxmlsoap_age
0
SS DULE_TRA transmission distance(0:0; 1:550) nt
NS_DIST
Specifies whether the number of

used VPNs exceeds the upper limit
IS_VERIFY on the tunnel to which the PTN
_TNL_VPN 7900 or 3900 NE DNI PW is bound
Nml_ip 1
_NUM_FOR when a PWE3 service is created or
_DNI_PW the binding relationship between
PWs and tunnels is modified. 1: Yes
(default); 0: No
CONFIG_T Whether to draw tunnels in the

Nml_ip UNNEL_DR 1 Main Topology after tunnels are Nml_ip
AW_TOPO generated. 1: Yes(default) 0: No
Management Protocol using first

CONFIG_P
Nemgr while adding PTNV8 NEs in the
ROTOCOL_ 1 nemgr_v8ptn
_v8ptn Main Topology. The options are as
FLG
follows: 1: QX (default value),0: IP
RouterMgrDm,
IP links support enabling of the FrameSWMgrD
IsSupportPtn
IP_BA discovery based on PTN private m,BoxSWMgrD
PriProtclLin 0
SE protocols.<0:close; 1:open>. The m,SecurityMgr
k
default value is 0. Dm,DmsBaseD
m

Defau
lt Description
stem Name Process
Value
BMS_COM
For Third ONT, Whether
PARE_ONT
ACCE Comparing Current Version and
_VERSION 1 BmsAccess
SS Target Version After ONT
_FOR_UPG
upgraded. (0: No 1: Yes)
RADE
Specifies whether icons of

PTN7900s with the status type of nemgr_v8ptn,m
CONFIG_C
Nemgr Data inconsistency are displayed in c,uflight_dispatc
HANGE_FL 1
_v8ptn the Main Topology. The options are her,UniteUitlD
G
as follows: 1: Yes (default value),0: M
No
Specifies whether to display the

bQueryHisA alarms of both client trails and their
Nml_s
larmWithSer 0 server trails when users browse Nml_sdh
dh
verTrail client trail history alarms. 0: no, 1:
yes
DATA_REL
PMCO
IABLE_MA SNMPCollector
LLECT 100 Trusted data growth rate
X_VARIATI Dm
OR
ON
CHECKDO Check Domain Enable (0: disable -

NBI MAIN_ENA 0 get all NEs; 1: enable - only get XMLAgent
BLE NEs in user's domain ; default:0)
BmsPonEmsTL
BUFFER_C
ACCE Interval of TL1 buffer check time. 1,BmsPonAlarm
HECK_INT 10
SS (unit:s) TL1,TL1NBiD
ERVAL
m,inTL1NBiDm
BUFFER_E BmsPonEmsTL
Indicates the value of TL1 buffer
ACCE XCEED_AL 1,BmsPonAlarm
80 exceeds the alarm threshold.(unit:
SS ARM_THR TL1,TL1NBiD
%;range:0-100)
ESHOLD m,inTL1NBiDm
BUFFER_E BmsPonEmsTL
Indicates the value of TL1 buffer
ACCE XCEED_CL 1,BmsPonAlarm
75 threshold exceeding alarm is
SS EAR_THRE TL1,TL1NBiD
cleared.(unit:%;range:0-100)
SHOLD m,inTL1NBiDm
CONFIG_T
Specifies Whether cir is Config
UNNEL_ST
Nml_ip 0 When Create StaticCr.(1:yes,
ATICCR_CI
0:no,default:0)
R_CHECK

Defau
lt Description
stem Name Process
Value
CONFIG_T
UNNEL_SU
Whether Support Stack
Nml_ip PPORT_ST 0
Tunnel(1:yes,0:no,default:0)
ACK_TUN
NEL
WEBREND C:
ER_DIREC \Wind
ENV Webrender directory path setting client
TORY_SET ows
TING \Temp
CONFIG_T
UNNEL_U The maximum number of tunnel
Nml_ip NDO_BIND 10 services (1-200) that bind the MPLS Nml_ip
_RING_MA guard ring. The default value of 10
XNUM
ACCESS_N
ACCE whether shows NE Migrate BmsAccess,Bm
E_MIGRAT 0
SS interface(0:NO,1:YES) sCommon
E_SWITCH
RecoverTrail
when search trail, recover trail name
Nml_s NameFromN
0 from cross-connection of ne or not, Nml_sdh
dh EWhenSearc
0 from network(default), 1 from ne
h
bSNCPDNI Whether to enable the function of

Nml_s
AutoCalcula 0 calculating route for SNCP DNI, Nml_sdh
dh
te 1:enable; 0:disable
bSupportMo
Whether modify trail sncp attribute
Nml_s difySNCPAt
0 when modify trail, 0: not support, Nml_sdh
dh tiWhenModi
1:support, default 0
fyTrail
Whether support modify time slot of

Nml_s bSupportCha
0 source/sink ends of VC4 server Nml_sdh
dh ngeSvc4Ts
trail,0:disable(default),1:enable.
whether to support the batch

SupportTSP creation of cross-connection for
TRAN
BatchSDHX 0 TSP when creating SDH cross- Client
S
C connection, default is 0: not support,
1: support.
bIsSupportR Whether to support upload RSL

TRAN
SLPerfUploa 0 performance data. 0: not Eml_PubSvr
S
d support(default).1: support.

Defau
lt Description
stem Name Process
Value
The save time of RSL performance

TRAN RSLPerfSav
90 data.(the valid range should be: Eml_PubSvr
S edTime
10-365(day), default:90(day))
BUFFER_E
BmsPonEmsTL
XCEED_EV Buffer queue exceeds max
ACCE 1,BmsPonAlarm
ENT_REPO 10 command limit alarm report
SS TL1,TL1NBiD
RT_INTER interval.(unit:s)
m,inTL1NBiDm
VAL
BMS_OPEN
ACCE _DEV_PAN Switch of Opening Device Panel.
0 BmsAccess
SS EL_SWITC (0:disable,1:enable)
H
ACCESS_R
ACCE ESSTAT_N Max. batch size in notify stat
3 BmsAccess
SS OTIFY_DE task[1,500]
V_NUM
Encryption algorithm list for SSH

clients. 0 means all of the following
encryption algorithms are
supported:
PMCO SSH_CIPHE SSH_CIPHER_ID_AES_CBC_192,
BulkCollectorD
LLECT R_LIST_PM 0 SSH_CIPHER_ID_AES_CBC_256,
m,TXTNBIDm
OR S SSH_CIPHER_ID_AES_CTR_128,
SSH_CIPHER_ID_AES_CTR_192,
SSH_CIPHER_ID_AES_CTR_256.
Not blank means the list of specific
algorithms separated by a comma.
Digest algorithm list for SSH

clients. 0 means all of the following
digest algorithms are supported:
PMCO SSH_MAC_ID_SHA1,
SSH_MAC_ BulkCollectorD
LLECT 0 SSH_MAC_ID_SHA1_96,
LIST_PMS m,TXTNBIDm
OR SSH_MAC_ID_MD5,
SSH_MAC_ID_MD5_96. Not
blank means the list of specific
algorithms separated by a comma.

Defau
lt Description
stem Name Process
Value
Key exchange algorithm list for

SSH clients. 0 means all of the
following key exchange algorithms
are supported:
SSH_KEY_
PMCO SSH_KEYX_ID_DH_G1,
EXCHANG BulkCollectorD
LLECT 0 SSH_KEYX_ID_DH_G14,
E_LIST_PM m,TXTNBIDm
OR SSH_KEYX_ID_DH_GEX,
S
SSH_KEYX_ID_DH_GEX_SHA2
56. Not blank means the list of
specific algorithms separated by a
comma.
bIsSupportX Whether to support xc combine

TRAN
CCombineD 0 display. 0: not support(default).1: Client
S
isplay support.
CONFIG_FI Indicates whether tunnels in the

LTER_TUN Manage Tunnel window can be
Nml_ip 0
NEL_BY_O filtered by tunnel OIDs. 1: Yes 0:
ID No (default).
PVC_QUER Switch of query base MSAN

ACCE
Y_BASE_P 0 serviceport info for Q interface.
SS
VCINFO (0:disable,1:enable)
IS_MERGE
Whether support to show in one line
_HISTORIC
when saving the historical data to
AL_DATA_
PM 0 the file for microwave link, while PMSDm
FOR_MICR
only support CSV format. 0 means
OWAVE_LI
not support, and 1 means support.
NK
bmsAccess,bms
Switch control ADD-ONU
Common,bmsTe
XPON_ON command can increase the name of
st,TL1NBiDm,i
ACCE U_NAME_ the duplicate ONU (0: switch off,
0 nTL1NBiDm,B
SS REPEAT_S the name can not be repeated; 1:
msPonAlarmTL
WITCH switch open, the name can be
1,BmsPonEmsT
repeated)
L1
Whether the interface of Automatic

ONLINEBO
Upgrade/Online Board Upgrade is DCServer,NEU
DC ARD_AUT 1
opened automatically or not. 1:Yes; pgrade
O_POP_UP
0:No.
MAX_OPE
RATION_F Check the Mart interface to record
NBI 500 xmlagent
LOW_RES the maximum number of operations.
ULT

Defau
lt Description
stem Name Process
Value
MAX_QUE The cache queue size of the

NBI UE_SIZE_O 10 doProcess interface takes effect only xmlagent
F_MART when in asynchronous mode.
ACCESS_B
ACKUP_SE
ACCE whether backup service data for BmsAccess,Bm
RVICEDAT 0
SS restore.(0:no,1:yes) sCommon
A_FOR_RE
STORE
RouterMgrDm,
NEDIAG_P Process testCase interval,0:no FrameSWMgrD
IPCom
ROCESSIN 0 limit;other integer:the interval of the m,BoxSWMgrD
mon
TERVAL testcase; Unit:second m,SecurityMgr
Dm
INSTANCE View history data with breakpoint

PM _DRAW_FO 0 data, whether to connect: 0 - off, 1 - PMSDm
RMAT connect
Nml_ot TrailBackup Trail Backup Cycle(Unit:days),

7 Nml_otn
n Cycle value range in 1 to 31, default is 7
CONFIG_S
Is Support Config Pw Switch For
UPPORT_E
Nml_ip 0 Etree Serverice.(0:not,1:yes.default:
TREE_PW_
0)
SIWTICH
CONFIG_T
UNNEL_N Notice Bind ring after create
Nml_ip 0
OTICE_BA Tunnel.(Default 0: close, 1: open.)
ND_RING
CONFIG_E
XPORT_SE The number of export services is
Nml_ip 1000
RVICE_NU recommended no more than 5000
MBER
ACCESS_S
ACCE HOW_VSG whether show VSG license by olt. BmsAccess,Bm
1
SS _LICENSE_ (0:no,1:yes) sCommon
FOR_OLT
Whether to support more RTP, 0:

IS_SUPPOR
not supported, 1: support, the
PM T_MORE_R 0 PMSDm
default value is 0, modify the need
TP
to restart PMSDm, re-login client.
bReportInval Whether report the invalid alarms. 0

NBI 1 Agent_CORBA
idAlm for no, 1 for yes, default value is 1.

Defau
lt Description
stem Name Process
Value
CONFIG_IS
_SUPPORT Specifies whether to enable the
_PORT_IP_ TCAT to change the IP addresses of
Nml_ip 0
ADDRESS_ ports (0: disable;1:enable; the
MODIFY_I default value is 0.
N_TCAT
BMS_LSTO For LST-ONTPORT, whether to

ACCE TL1NBiDm,inT
NTPORT_S 0 return the NNI port.(0: No, 1: Yes,
SS L1NBiDm
HOW_NNI default: 0)
PMS_INST
ACCE ANCE_RES Whether to show intance name with
1 PMSDm
SS OURCE_RU CMC name(0:No,1:Yes,Default:1)
LE
CONFIG_A
Specifies whether adjust network is
Nml_ip DJUST_NE 0
support. (default 0:No, 1:Open)
TWORK
CONFIG_IP
Specifies whether IP Service
_SERVRICE
Nml_ip 0 Expand is Support.(staic Scenario).
_STATIC_E
(default 0:No, 1: Open)
XPAND
CONFIG_IP
_SERVRICE Specifies whether IP Service
Nml_ip _CUTOVER 0 CutOver Management is Support.
_MANAGE (default 0:No,1:Open)
MENT
CONFIG_IP Specifies whether IP Service

Nml_ip _SERVRICE 0 Migrate is Support.(default 0:No,
_MIGRATE 1:Open)
CONFIG_A
Specifies whether adjust tunnel
DJUST_TU
Nml_ip 0 route is Support.(default 0:No,
NNEL_ROU
1:Open)
TE
CONFIG_SI
Specifies whether siwtich service is
Nml_ip WTICH_SE 0
support.(default 0:No,1:Open)
RVICE
Network Management monitoring

TIME_STA equipment operation time
MP_PRINT consuming, for time-consuming
ACCE BmsAccess,Bm
_DEV_TIM 1000 more than a certain period of
SS sCommon
E_CONSU equipment operation printed in the
MING log(unit:ms, range:> 1000,Default:
1000)

Defau
lt Description
stem Name Process
Value
CPESVC_R
ACCE ONT configuration recovery(0:Off,
ECOVERY_ 0 BmsAccess
SS 1:On,default:0)
SWITCH
CONFIG_IP
E2E_COM
IPE2E common operate number
Nml_ip MON_OPE 5000
control.
RATE_NU
M
CONFIG_RI
Whether enable supporting add
NG_SUPPO
node or adjust of mpls ring on
Nml_ip RT_ADJUS 0 nml_ip
U2000 client. 0: disable, 1: enable
T_AND_AD
default is 0
DNODE
Maximum number of service slice

that can be modified in batch.The
CONFIG_S
operations include Tunnel, MPSL
ERVICE_SL
Nml_ip 100 Ring, PWE3, VPLS, L3VPN, Layer
ICE_MODI
2 Multicast Service. The default
FY_NUM
value is 100, The value ranges from
1 to 1000.
ITEM_L3V
PN_SERVIC limit the link of L3vpn service on
Nml_ip 10000 nml_ip
E_LINK_LI topo
MIT
Specifies whether the displayed

automatic discovery policies for
ITEM_VPL
VPLS services contain the options
S_AUTODI
Nml_ip 1 By VSI Key and ByVSI ID (PTN/ nml_ip
SC_POLIC
Hybrid MSTP device does nto
Y
support this automdisc policy.1
(default): Yes 0: No
CONFIG_DI
STRIBUTE_
Whether Set Max Resource Seed Id.
Nml_ip REOUCE_F 0
(0:no, 1:yes, default:0)
ROM_MAX
SEED
PONTL1_R
EPLACE_C Whether to replace the carriage BmsPonEmsTL
ACCE
R_LF_TO_S 0 return for the specified character (0: 1,BmsPonAlarm
SS
PEC_SWIT no, 1: yes) TL1
CH

Defau
lt Description
stem Name Process
Value
PONTL1_R
The carriage return character is BmsPonEmsTL
ACCE EPLACE_C
; replaced with the specified 1,BmsPonAlarm
SS R_LF_TO_S
character TL1
PEC
Cm_Down_
MSO 20;60 CM downstream SNR value range
SNR_Range
Cmc_Up_Ch
CMC upstream channel SNR
MSO annel_SNR_ 30;--
threshold range
Range
BMS_TL1_ High Priority user list(Allow

ACCE TL1NBiDm,inT
PRIORITY_ configuration of multiple priority
SS L1NBiDm
USER_LIST users,users separated by commas)
BMS_PONT
High Priority user list(Allow
ACCE L1_PRIORI BmsPonEmsTL
configuration of multiple priority
SS TY_USER_ 1
users,users separated by commas)
LIST
COLLECT_
POLICY_D
ACCE resstate init start time(default : BmsAccess,Bm
B_DATA_S 05:00
SS 05:00) sCommon
TART_TIM
E
COLLECT_
ACCE POLICY_D resstate init end time(default : BmsAccess,Bm
05:00
SS B_DATA_E 05:00) sCommon
ND_TIME
Whether support to merge the same

IS_MERGE template when saving the historical
PM _SAME_TE 0 data to the file, while only support PMSDm
MPLATE CSV format. 0 means not support,
and 1 means support.
ACCESS_X
Specifies whether the xml2tl1
ACCE ML2TL1_X
0 packets are in standard format (0: agt_cst_xml
SS ML_STAND
non-standard, 1: standard).
ARD
BMS_COM
PARE_ONT
_FOR_UPG
RADE

Defau
lt Description
stem Name Process
Value
BMS_COM
PARE_ONT
_FOR_UPG
RADE
TL1_OFFLI
The switch of Whether reset device
ACCE NE_CFG_M
0 when exec CFG-MDUEX by TL1NBiDm
SS DUEX_RES
schedule center,default value 0.
ET_DEV
Specifies the length of the ont sn.

ACCESS_O
ACCE (0: Displayed in 16-bit (12-bit) BmsAccess,
NT_SN_LE 0
SS format, 1: Display in 12 format, BmsCommon
NGTH
2:16 format), default value is 0
Whether to support querying the

nemgr_v8ptn,m
isSupportQu remaining bandwidth of static
Nemgr c,uflight_dispatc
eryRemainB false tunnels through the device,
_v8ptn her,UniteUitlD
wCt0 true:Support; false:Unsupported,
M
Default:false
TRAFFICB
ACCE URST_DET Traffic burst detection(0:Off,
0 BmsAccess
SS ECTION_S 1:On,default:0)
WITCH

CLTSI_MA
ACCE single-IP-address connections
X_IP_CON 15
SS allowed by the cltsi northbound
NECTION
service (value range: 1-1024).

PONTL1AL
single-IP-address connections
ACCE ARM_MAX BmsPonAlarmT
15 allowed by the BmsPonAlarmTL1
SS _IP_CONN L1
northbound service (value range:
ECTION
1–1024).

TL1_MAX_ single-IP-address connections
ACCE
IP_CONNE 15 allowed by the TL1NBiDm TL1NBiDm
SS
CTION northbound service (value range:
1–1024)

PONTL1_M single-IP-address connections
ACCE BmsPonEmsTL
AX_IP_CO 15 allowed by the BmsPonEmsTL1
SS 1
NNECTION northbound service (value range:
1–1024)

Defau
lt Description
stem Name Process
Value

INTL1_MA single-IP-address connections
ACCE
X_IP_CON 15 allowed by the inTL1NBiDm inTL1NBiDm
SS
NECTION northbound service (value range:
1–1024)
Specifies whether the manually

ISLINKAG RouterMgrDm,
created explicit path that is not
E_DELETE FrameSWMgrD
IP_BA occupied by any other tunnel will be
_MANUAL false m,BoxSWMgrD
SE deleted during tunnel deletion. true:
EXPLICITP m,SecurityMgr
yes, false: no. The default value is
ATH Dm
false
DISABLE_ Discard messages from LogOnOff

ACCE BmsAccess,Bm
MXU_LOG 0 events on a MXU device(0:disable,
SS sCommon
ONOFF 1:enable, default:0)
PMCO SNMP_TIM
SNMP_TIMEOUT_VALUE:Defaul PMSDm,SNMP
LLECT EOUT_VAL 3
t=3,range 1-10 CollectorDm
OR UE
PMCO SNMP_RET
SNMP_RETRIES_COUNT:Default PMSDm,SNMP
LLECT RIES_COU 2
= 2 , range 1-5 CollectorDm
OR NT
ALARM_D Identifies whether to enable the

United ERIVED_R alarm derivative relationship
0 InventoryDM
Mgr ELATION_ analysis(0:disable, 1:enable, default:
ANALYSIS 0)
nemgr_trans_*,
AlarmComp
United Alarm Compress Function nemgr_v8trans_
ressFunction 0
Mgr Switch(1:enable , 0:disable) 1,nemgr_v8ptn_
Switch
1,TrapReceiver*
For LST-FRAME, Whether display

TL1_IS_AD
ACCE FRAMELOCALNAME, SHELF TL1NBiDm,inT
D_BASICP 0
SS and FRAMESUPPLIER as default L1NBiDm
ROPERTY
para.(0: NO, 1: YES, default: 0)
NEMG
UserVlan_M The upper limit of UserVlan
R_RO 30000 RouterMgrDm
ax_Num number.The default value is 30000
UTER
BMS_NOR
ACCE Is support normal data format(0: BmsPonEmsTL
MAL_DAT 0
SS No, 1: Yes, default: 0) 1
A_RSPFMT

Defau
lt Description
stem Name Process
Value
GPON_VEN
The swith of VENDORID about
ACCE DORID_AU TL1NBiDm,inT
0 LST-GPONONTAUTOFIND:
SS TOFIND_S L1NBiDm
1:string;0:int;default(0).
WITH
EXPORT_O
ACCE MC_PSG_S Protection group file export start
23:00 BmsAccess
SS TART_TIM time
E
EXPORT_O
ACCE Protection group export switch 0:
MC_PSG_S 1 BmsAccess
SS off, 1: on
WITCH
EXPORT_O
ACCE MC_ONU_S
23:00 ONU file export start time BmsAccess
SS TART_TIM
E
EXPORT_O
ACCE ONU export switch switch 0: off, 1:
MC_ONU_S 1 BmsAccess
SS on
WITCH
EXPORT_O
ACCE ONU file export interval (unit:
MC_ONU_I 7 BmsAccess
SS days)
NTERVAL
EXPORT_O ONU UNI port export switch switch

ACCE MC_ONU_ 0: OFF, 1: ON (ONU UNI port
0 BmsAccess
SS UNI_SWIT export time and cycle same as
CH ONU)
EXPORT_O
ACCE MC_MG_S
23:00 Media gateway file export start time BmsAccess
SS TART_TIM
E
EXPORT_O
ACCE Media gateway export switch 0: off,
MC_MG_S 0 BmsAccess
SS 1: on
WITCH
EXPORT_O
ACCE Media gateway file export interval
MC_MG_IN 7 BmsAccess
SS (unit: days)
TERVAL
EXPORT_O
ACCE Link export switch switch 0: off, 1:
MC_LINK_ 1 BmsAccess
SS on
SWITCH

Defau
lt Description
stem Name Process
Value
EXPORT_O
ACCE MC_LINK_
23:00 Link file to export start time BmsAccess
SS START_TI
ME
EXPORT_O
ACCE
MC_LINK_I 7 Link file export interval (unit: days) BmsAccess
SS
NTERVAL
GPON autofind ont

GPON_AUT
ACCE timer,value(0-1440 in
OFIND_TI 0 BmsAccess
SS minutes)default(0:Irregular
ME_SWITH
collection)
OMC exports the master switch, the

default switch off, the switch is
EXPORT_O closed, all not exported, change the
ACCE
MC_ACCES 0 switch is turned on, and then BmsAccess
SS
S_SWITCH according to the subresource switch
to determine whether to export (0:
off, 1: open)
ALARM_A Whether use ONU name when add

ACCE DD_ONUN ONU name to ONT alarm. 0:use
0 TrapReceiver
SS AME_USE_ user label firstly,if it is null, then use
ONUNAME ONU name. 1:use ONU name
The configuration item specifies

GET_ONT
whether the LST-ONTWAN
ACCE WANINFO_
0 command queries WAN port BmsAccess
SS FROM_XM
configurations through the XML
L
file when an ONT is offline.
Transfer TL1 command to

tl1_translator process when device
ACCE TranslatorOf TL1NBiDm,
0 is offline,this switch can not open
SS fline inTL1NBiDm
when switch LoadOffline is
open(0:close,1:open)
Whether to export the script

TRAN NeedExport
1.0 includes EOS Information.(Default: nemgr_trans
S Script
1 Unsupport:0 Support:1)
BMS_LICE The interal of check ACCESS

ACCE NSE_VERIF license(range: 0-24; unit:hour; 0:not
1
SS Y_INTERV check),note:only open item need
AL restart BmsCommon

C.12 Managing Databases

This topic describes how to manage databases. To ensure the security of system data, the
MSuite provides the function of managing databases.
C.12.1 Backing Up the System Database

This topic describes how to back up the U2000 database through the MSuite, including
backing up the U2000 database to the local server and remote server. Backing up the U2000
data is the prerequisite to restoring the U2000 database in a fast and secure manner.
C.12.1.1 Immediately Backing Up the U2000 Data to a Local Server Through the
MSuite
This topic describes how to immediately back up the U2000 database to a local server through
the NMS maintenance suite (MSuite). After this configuration, the database can be safely and
quickly restored after a fault occurs.
Prerequisites
following command:
following command:
Context
The backup process cannot be canceled once it is started.

NOTICE
protected.
Procedure
NOTE
menu.
NOTE

default value.
2. Set the backup path for storing the backup file. Select Local server and then set the
Backup Path.
– It is recommended that you use the default backup path. If the system asks whether
to create a default backup path, click Yes to create the path.
– If you want to use another backup path, click Browse to select it.

NOTICE
Backup Path.

NOTE
If the U2000 is running, the follow box is displayed, please click the Yes and ensure that the NMS is not
performing configuration operations.

Step 7 After the backup is completed, click Finish.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, back up the
NOTICE
StoreMode local -FilePath Backup path
NOTE
l The backup directory must be a relative path (the root path is /opt/backup/dbbackup) that contains
letters, digits, underscores (_), or hyphens (-) and excludes the space, bracket, Chinese characters
and so on. The complete path name cannot exceed 60 characters. For Windows, the backup directory
must be located on the disk drive of the server.
MSuite password: The default user name of the MSuite is admin and the default password is
been changed, for system security, modify the default password and remember the new password. For
details, see C.3.1 Changing the Password of the MSuite.
C.12.1.2 Immediately Backing Up the U2000 Database to a Remote Server

Through the MSuite
This topic describes how to immediately back up the U2000 database to a remote server by
using the NMS maintenance suite (MSuite). After this configuration, the database can be
safely and quickly restored after a fault occurs.
Prerequisites

NOTE
following command:

Context
database.
NOTICE

Procedure
NOTE
menu.
NOTE

default value.
2. Select Remote server and then set the parameters associated with the remote server. The
parameter description is as follows:
– Transfer Mode: FTP or SFTP mode. SFTP is recommended because it is more
secure than FTP.
NOTE
– Backup Path: Path for storing the backup file of the remote server.

NOTE
n Backup Path on the Remote Server can not be null, and in Solaris or SUSE Linux, the
backup directory cannot be /. In Windows, the backup directory cannot be the root
directory for the SFTP or FTP service. The backup directory contains letters, digits,
underscores (_), or hyphens (-) and excludes space brackets, Chinese characters and so
on. The path name cannot exceed 60 characters.
n The backup path on the remote Windows server must be the same as that FTP/SFTP
service on the server provide, otherwise, backup fails.
n In case the ftpuser user is used for remote Solaris and SUSE Linux server backup, log in
to the remote server as the root user using the PuTTY to create the backup directory in
the ftpuser user's root directory (/opt/backup/ftpboot) on the remote server, and modify
the created directory rights (the created backup directory tmp is used as an example in
the following command):
n In case the ossuser user is used for remote Solaris and SUSE Linux server backup, enter
the Backup Path on the Remote Server.
○ If the entered Backup Path on the Remote Server is exist, make sure the
permission is ossuser:ossgroup and more than 700 or the task periodically
backing up the U2000 database to a remote server would failed.
○ If the entered Backup Path on the Remote Server is a relative path but not exist
in the ossuser user's root directory, the system displays a message asking you
whether to create the directory. Click Yes, the system will create the directory.
○ If the entered Backup Path on the Remote Server is an absolute path but failed
created. Log in to the remote server as root user using the PuTTY to create the
backup directory, and modify the created directory rights.

NOTE
l If the U2000 is running, the follow box is displayed, please click the Yes and ensure that the NMS is
not performing configuration operations.
l On Windows, if the default temporary directory does not exist or the disk space is insufficient, a
message is displayed asking you to select a temporary directory. Click Browse to select a disk with
enough space. Select only the drive letter, for example, F:\.
l If the entered Backup Path value does not exist, the system displays a message asking you whether
to create the directory. Click Yes.
Step 7 After the backup is complete, click Finish.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system,, back up the
NOTICE

FTPUserName FTP or SFTP user name -FilePath Backup path

NOTE
l IP address of the remote server: IP address of the remote server whether the backup file is stored.
l Password: Password of the FTP user or SFTP user.
l Backup path: Path for storing the backup file. Ensure that the FTP user or SFTP user have write
permissions for this path.
C.12.2 Restoring Data of a U2000 Single-Server System

(Windows)
backup U2000 data.
C.12.2.1 Restoring U2000 Single-Server System (Windows) Data from a Local

Server
local server.
Prerequisites
NOTE
the backup server.

Context
NOTICE
Procedure
menu.
Configurations.
----End
Follow-up Procedure
After restoring U2000 data, start the NMS processes. For details, see A.11.7 How to Start the

NOTE
C.12.2.2 Restoring U2000 Single-Server System (Windows) Data from a Remote

Server
remote server.
Prerequisites
NOTE
NOTE
the backup server.

Context
NOTICE
Procedure
menu.
stored.
NOTE
Configurations.
----End

Follow-up Procedure
After restoring U2000 data, start the NMS processes, for details, see A.11.7 How to Start the
NOTE
C.12.3 Restoring U2000 Single-Server System (Solaris) Data

backup U2000 data.
C.12.3.1 Restoring U2000 Single-Server System (Solaris) Data from a Local Server
local server.
Prerequisites
the backup server.
Service.

Context
NOTICE
Procedure
menu.
Configurations.
----End


NOTICE

StoreMode local
NOTE

3:Cancel, 0]:
Follow-up Procedure
NOTE
C.12.3.2 Restoring U2000 Single-Server System (Solaris) Data from a Remote

Server
remote server.
Prerequisites
the backup server.

Service.
NOTE
Context
# chmod -R 775 path
data.
NOTICE

Procedure
user.
ossuser user.
menu.
stored.
NOTE

Configurations.
----End


NOTICE

resides/201201211230
NOTE
Follow-up Procedure
NOTE
C.12.4 Restoring U2000 Single-Server System (SUSE Linux) Data

backup U2000 data.
C.12.4.1 Restoring U2000 Single-Server System (SUSE Linux) Data from a Local
Server
local server.

Prerequisites
the backup server.
Service.
Context
NOTICE
Procedure

menu.
Configurations.
----End

NOTICE

StoreMode local
NOTE

3:Cancel, 0]:
Follow-up Procedure

NOTE
C.12.4.2 Restoring U2000 Single-Server System (SUSE Linux) Data from a

Remote Server
remote server.
Prerequisites
the backup server.
Service.
NOTE
Context

owner, group and permissions of the /opt/tmp.
# chmod -R 775 path
data.
NOTICE
Procedure
user.
ossuser user.
menu.
stored.
NOTE

Configurations.
----End

NOTICE
resides/201201211230
NOTE

Follow-up Procedure
NOTE
C.12.5 Restoring U2000 High Availability System (Solaris) Data

backup U2000 data.
C.12.5.1 Restoring U2000 High Availability System (Solaris) Data from a Local
Server
local server.
Prerequisites
the backup server.
Linux).


Context
NOTICE
Procedure
Service.
MSuite Client.
menu.


NOTE
site.
----End

NOTICE
StoreMode local
NOTE

3:Cancel, 0]:
Follow-up Procedure

NOTE
C.12.5.2 Restoring U2000 High Availability System (Solaris) Data from a Remote
Server
remote server.
Prerequisites
the backup server.
Linux).
NOTE
Context

# chmod -R 775 path
data.
NOTICE
Procedure
Service.
user.
ossuser user.
MSuite Client.
stored.
NOTE

NOTE
site.
----End

NOTICE


resides/201201211230
NOTE
Follow-up Procedure
NOTE
C.12.6 Restoring U2000 High Availability System (SUSE Linux)

Data
backup U2000 data.
C.12.6.1 Restoring U2000 High Availability System (SUSE Linux) Data from a
Local Server
local server.
Prerequisites
the backup server.

Linux).
Context
NOTICE
Procedure
Service.
MSuite Client.
menu.


NOTE
site.
----End

NOTICE
StoreMode local

NOTE

3:Cancel, 0]:
Follow-up Procedure
NOTE
C.12.6.2 Restoring U2000 High Availability System (SUSE Linux) Data from a
Remote Server
remote server.
Prerequisites
the backup server.
Linux).

NOTE
Context
# chmod -R 775 path
data.
NOTICE
Procedure
Service.
user.
ossuser user.
MSuite Client.

stored.
NOTE
NOTE
site.
----End


NOTICE

resides/201201211230
NOTE
Follow-up Procedure
NOTE
C.12.7 Initializing the U2000 Database

This topic describes how to initialize the U2000 database before it is in disorder or restored,
or data is damaged.
Prerequisites

running:
Database.
Database Service.
Database Service.
Context
NOTICE
This operation will delete all U2000 data from the database and restore all U2000 information
to default settings. Therefore, back up the U2000 database and NMS deployment information
before performing initialization.
This operation will:
l Restore the login passwords of admin user for the U2000 client , NE Software
Management and the U2000 System Monitor client to the initial passwords (The initial
password of the admin user is Changeme_123. The password must be changed during
the first login to ensure system security. Keep the password confidential and change it
regularly.).
l Delete all service data that users configured on the U2000 client.
Procedure
NOTE
Step 2 On the MSuite client, choose System > Initialize Database from the main menu. The
initialization wizard and a prompt will be displayed.
Step 3 Read the initialization information carefully and click Next.
Step 4 Click Yes. The system starts initializing the database and displays a progress bar. Wait
patiently.

Step 5 After the initialization is complete, click Finish. A message is displayed indicating that the
U2000 server need to be started manually.
Step 6 Optional: In the HA system, unfreeze the AppService resource group. For more information,
see 11.5.4 Unlocking a Resource Group.
Step 7 Click OK, start the U2000 server manually. For more information, see 2 Starting the U2000
System.
----End

On Solaris or SUSE Linux OS, if you fail to log in to the GUI desktop system, initialize the
database through the CLI.
$ ./startclient.sh storage -ip 127.0.0.1 -port 12212 -username admin -InitDatabase
NOTE
Follow-up Procedure
l In the HA system, log in to the secondary site as the ossuser user after primary site
initialization is complete and run the following commands to delete flags reported by
hardware alarms or HA system alarms.
$ su - root
# rm -rf /var/ICMR/alarm/*ERROR
# rm -rf /var/ICMR/alarm/err_*
l If the CORBA NBI, XML NBI, SNMP NBI, or text NBI is configured for the U2000,
you must reconfigure the NBI instance after successfully initializing the database, and
the reconfigured instance must be the same as the instance before the database is
initialized. For details, see the related NBI user manual.
l To ensure system security, log in to the U2000 client and change the password according
to the message displayed upon the first login. For details, see 2.6 Logging In to a U2000
Client.

Administrator Guide D Solaris or SUSE Linux Command Reference
D Solaris or SUSE Linux Command

Reference
This describes the utility commands provided by the Solaris or SUSE Linux system, including
the commands for operating directories, the commands for operating folders, the commands
for viewing files, the commands for managing Solaris or SUSE Linux users, the commands
for managing the system resource, and the commands for network communication.
D.1 Commands for Solaris or SUSE Linux Folders

This describes the commands for Solaris or SUSE Linux folders. This also gives function
descriptions and examples.
D.2 Commands for Solaris or SUSE Linux Files
This describes the usage of the operation commands commonly used for files in the Solaris or
SUSE Linux operating system, including function description and application examples.
D.3 Commands for Viewing Solaris or SUSE Linux Files
This topic describes the commands used for viewing Solaris or SUSE Linux files, their
functions, along with examples.
D.4 Commands for Managing Solaris or SUSE Linux Users
This describes the user management commands that are frequently used in the Solaris or
SUSE Linux system. This also describes the functions of these commands and gives some
examples. Only the user root and the authorized users can add, modify, or delete users and
user groups.
D.5 Commands for Managing Solaris or SUSE Linux System Resources
This describes the commands for managing Solaris or SUSE Linux system resources. This
also describes the functions of these commands and gives some examples.
D.6 Commands for Network Communication in the Solaris or SUSE Linux
This topic describes the commands for network communication in the Solaris or SUSE Linux
system. It also describes the functions of these commands and gives some examples.
D.1 Commands for Solaris or SUSE Linux Folders

This describes the commands for Solaris or SUSE Linux folders. This also gives function
descriptions and examples.

D.1.1 pwd
This topic describes the pwd command used for viewing the current working folder.
Function
View the current working folder.
Example
# pwd
/export/home
D.1.2 cd
This topic describes the cd command used for switching the current folder to another folder.
Function
The cd command is used to switch the current folder to another folder. This command applies
to both absolute and relative paths.
Example
l To switch to the home folder, run the following command:
# cd
l To switch to the system root directory, run the following command:
# cd /
l To switch back one folder, run the following command:
# cd ..
l To switch back two folders, run the following command:
# cd ../..
l To switch to the /export/home folder by the absolute path, run the following command:
# cd /export/home
NOTE
If you run the cd command that is not followed by any parameter, the system is switched back to the
home folder.
# cd
D.1.3 mkdir
This topic describes the mkdir command used for creating a folder.

Function
The mkdir command is used to create a folder. When the path to the created folder is
determined, absolute and relative paths can be used.
Command Format
mkdir option directory
Option Description
Table D-1 Option description of the mkdir command

Option Description
-p Creating a folder through recursion. If the upper-level folder of the folder

to be created does not exist, the command creates the upper-level folder
and then the folder that you want to create.
Example
To create a subfolder data in /home1/omc, run the following command:
# mkdir /home1/omc/data
If the current folder is /home1/omc, run the following command:

# mkdir data
If the current folder is /home1 and the folder omc does not exist, run the following command
to create the folder omc and then the folder dir1:
# mkdir -p /home1/omc/dir1
D.1.4 rmdir
This topic describes the rmdir command used for deleting an empty folder that is no longer
useful.
Function
The rmdir command is used to delete an empty folder.
To delete a non-empty folder, run the rm -r command. For details, see D.2.4 rm.
NOTICE
l If the folder to be deleted is not empty, you must delete the files in the folder before
running the rmdir command.
l To delete the current folder, you must switch to the upper-level folder.

Example
To delete the data subfolder in the /home1/omc folder, run the following command:
# rmdir /home1/omc/data
If the current folder is /home1/omc, run the following command:

# rmdir data
D.1.5 ls
This topic describes the ls command used for listing the files and subfolders in a specific
folder.
Function
The ls command is used to list the files and subfolders in a folder. Run the ls command
without any parameter to list the content of the current folder. Run the ls command with
parameters to list the information about the size, type, and privileges of the file, and the date
when the file was created and modified.
Command Format
ls option Directory or File
Option Description
Several individual options and a combination of options can be used for the ls command.
Place the prefix - before the options. Table D-2 lists some common options.
Table D-2 Option description of the ls command

Option Description
-a Lists all files including the hidden files, that is, the files starting with a
dot ., for example, the .login file.
-F Specifies the type of a file by suffix signs.

The meaning of the suffixes are as follows:
l /: for folder files
l =: for pipe files
l @: for sign-linking files
l *: for executable files
-l Lists the detailed information about a file, such as the file type, privileges,
number of links, owner, file group, file size, file name, and the date of the
last modification.
If the file is a sign-linking file, after the ls -l command is executed, the -> sign is added at the
end of the file name for pointing to the linked file.

Example
To view the long-form content of the files in the current folder, run the following command:
# ls -l |more
total 11094632
drwxr-xr-x 2 sybase staff 1024 Sep 5 2001 bin
drwxr-xr-x 14 sybase staff 512 Sep 5 2001 charsets
drwxr-xr-x 3 sybase staff 512 Sep 5 2001 collate
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 config
-rw-r--r-- 1 sybase staff 2048000000 Mar 6 09:50 data_dev.dat
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 devlib
drwxr-xr-x 7 sybase staff 512 Sep 5 2001 diag
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 hs_data
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 include
drwxr-xr-x 7 sybase staff 512 Sep 5 2001 init
drwxr-xr-x 3 sybase staff 512 Sep 5 2001 install
-rw-r--r-- 1 sybase staff 268 Sep 5 2001 interf.old
-rw-r--r-- 1 sybase staff 402 Oct 29 15:25 interfaces
drwxr-xr-x 2 sybase staff 1024 Sep 5 2001 lib
drwxr-xr-x 2 sybase staff 512 Sep 5 2001 license
drwxr-xr-x 6 sybase staff 512 Sep 5 2001 locales
-rw-r--r-- 1 sybase staff 2048000000 Mar 6 10:51 log_dev.dat
-rw-r--r-- 1 sybase staff 2048000000 Mar 6 10:36 log_dev1.dat
drwxr-xr-x 5 sybase staff 512 Sep 5 2001 pad
-rw-r--r-- 1 sybase staff 5242880 Feb 19 10:10 phase2.dat
drwxr-xr-x 8 sybase staff 512 Sep 5 2001 sample
--More--
After you run the ls -l command, the result may be displayed in several screens. To view the
file contents, one screen at a time, run one of the following commands:
l # ls -la | more
l $ ls -la>ccc
Save the command output to the ccc file, and then run the following command to view
the output on screen at a time:
# more ccc
After you run the ls -l command, seven columns of information are displayed, which are
described as follows:
l The first column consists of 10 characters. The first character indicates the file type. For
example, the character - refers to a common file and the character d refers to a folder.
The following nine characters are three triplets indicating the access privileges of the file
owner. The first triplet pertains to the owner, the middle triplet pertains to members of
the user group, and the right-most one pertains to other users in the system. For example,
the characters r, w, and x indicate that the user has the privileges to read, write, and
execute a file, whereas the character - indicates that the user does not have any relevant
privileges for the file.
l The second column indicates the number of links of the file.
l The third and fourth columns display information such as the owner of the file, and the
user group to which the file belongs.
l The fifth column shows the size of the file in bytes.
l The sixth column shows the time and date when the file is last modified.
l The seventh column shows the file name.

D.2 Commands for Solaris or SUSE Linux Files

This describes the usage of the operation commands commonly used for files in the Solaris or
SUSE Linux operating system, including function description and application examples.
D.2.1 vi
This topic describes the vi command used for creating and modifying text files.
Function
As a powerful text editing tool, the vi editor is used to create and modify text files.
The vi editor works in two modes:

l Text input mode: to enter the text
l Command mode: to enter the control command
Format
l To start the vi editor, enter the following command:
vi file name
l Table D-3 lists the operations in the text input mode.
Table D-3 Operations in the text input mode

Command Function
a Insert text immediately after the cursor (append).
A Insert text at the end of the line where the cursor is.
i Insert text immediately before the cursor (insert).
I Insert text before the first nonblank character in the line where the
cursor is.
o Insert a new line below the current one and insert text (open).
O Insert a new line above the current one and insert text.
l Table D-4 lists the operations related to moving the cursor in the text input mode.
Table D-4 Operations related to moving the cursor in the text input mode
Command Function
h Move the cursor one character left.
j Move the cursor one character down.
k Move the cursor one character up.

Command Function
l Move the cursor one character right.
Line No. G Move the cursor to a specified line. For example, 1G means
that the cursor is moved to the first line.
G Move the cursor to the end of the text.
l Table D-5 lists the operation for exiting the text input mode and switching to the
command mode.
Table D-5 Operation for exiting the text input mode and switching to the command
mode
Command Function
ESC Exit the text input mode and switches to the command
mode.
l Table D-6 lists the operations related to deleting characters in the command mode.
Table D-6 Operations related to deleting characters in the command mode
Command Function
x Delete a character.
dd Delete a line.
l Exit the vi editor.

All the commands that exit vi editor must be run in the command mode. Therefore press
ESC before running the commands. Table D-7 describes the commands for exiting the
vi editor.
Table D-7 Commands for exiting the vi editor
Command Function
:wq Save a file and exit the vi editor.
:q Exit from the vi editor without saving the file.
:q! Exit from the vi editor and discard all the changes.
:w Save a file other than exit the vi editor.
D.2.2 cp
This topic describes the cp command used for copy the contents of a file to another file.

Function
The cp command is used to copy the contents of a file to another file.
Command Format
cp option source file object file
Option Description
The option -r indicates recursively copying a folder. That is, when copying a folder, copy the
files and subfolders included in the folder, and files and subfolders in the subfolders until the
last level of the folder.
Example
To copy the old_filename file in the current folder to the file new_filename, run the
following command:
# cp old_filename new_filename
D.2.3 mv
This topic describes the mv command used for moving and renaming a file.
Function
The mv command is used to move and rename a file.
NOTICE
l After you run the mv command, only the target file instead of the source file exists.
l After you run the cp command, the source file still exists and the target file is generated.
Command Format
mv source file object file
Example
To move the old_filename file in the root directory to the /home1/omc folder, and rename the
source file to new_filename, run the following command:
# mv old_filename /home1/omc/new_filename
D.2.4 rm
This topic describes the rm command used for deleting a specific file.

Function
The rm command is used to delete a file.
NOTICE
l In the Solaris or SUSE Linux system, a file, once deleted, cannot be restored. Therefore,
use the -i option to avoid the deletion of a file by mistake.
l To delete a folder, run either of the following commands: rmdir or rm -r. The difference
between the two commands is: rmdir deletes only empty folders but rm -r deletes any
folder.
Command Format
rm option file
Option Description
l -i: refers to interactive operations. Your confirmation is required before a command is
run.
l -r: recursively deletes a folder. That is, when deleting a folder, delete the files and
subfolders included in the folder, and files and subfolders in the subfolders until the root
folder.
l -f: removes all files (whether write-protected or not) in a directory without prompting the
user.
Example
To delete the old_filename file in the current folder, run the following command:
# rm -i old_filename
D.2.5 chmod
This topic describes the chmod command used for changing the access rights of a directory or
a file.
Function
The chmod command is used to change the access rights of a directory or a file.
NOTICE
Exercise this operation with caution, after you run the chmod command, the access rights of a
directory or a file will be changed.

Format
chmod option directory or file
Based on different notation methods of the option in the command, two modes are available:
l Symbol mode
chmod objectoperator rights file
l Digit mode
chmod lmn file
Option Description
l Symbol mode
Table D-8 lists common options in symbol mode of the chmod command.
Table D-8 Common options in symbol mode of the chmod command
Option Specified Option Description
Object u Owner of a file
g Users sharing the same group

with the file owner
o Other users except the file

owner and the users sharing the
same group with the file owner
a All users
Operator + Add a right
- Cancel a right
= Set a right
l Digit mode
The option lmn represents the following digits:
– l: the rights of the owner
– m: the rights of the users sharing the same group with the owner
– n: the rights of other users in the system
The value of each digit is equal to the sum of the values of r (read right), w (write right),
x (execute right), or - (no right) in each group. In each group, r = 4, w = 2, x = 1, and - =
0. In the following example -rwxr-xr-- 1 rms sbsrms 46098432 May 12
16:02 sdh*, the access rights of the file sdh is represented by the symbols rwxr-
xr--. The nine symbols are divided into three groups, with three symbols as a group.
The three groups represent the rights of the file owner, the rights of the users sharing the
same group with the file owner, and the rights of other users in the system. The three
groups can be represented in digits 754, which is calculated according to the formulas: 7
= 4 + 2 + 1, 5 = 4 + 0 + 1, and 4 = 4 + 0 + 0.

Directory or File: indicates the name of the directory or file whose rights are changed.
Example
l Symbol mode
Authorize the file1 owner with the read, write, and execute rights. Authorize the users
sharing the same group with the file owner with the read and execute rights. Authorize
other users with the read and execute rights. Run the following command:
# chmod u=rwx,go=rx file1
To authorize all the users with the read and write rights, run the following command:
# chmod a=rw file2
l Digit mode
Authorize the file1 owner with the read, write, and execute rights. Authorize the users
sharing the same group with the file owner with the read and execute rights. Authorize
other users without right. Run the following command:
# chmod 750 file1
To authorize all the users with the read and write rights, run the following command:
# chmod 666 file2
NOTE
l To configure the rights of a file for users in a group and other users in the system in symbol mode,
you must authorize these users with the execute right of the directory where a file exists. Run the
following command for the directory that requires you to set rights:
# chmod u=rw,+x .
You can also run the following command:
# chmod u=rwx,go=x .
In this command, the dot (.) indicates the current directory.
l In digit mode, the letters r, w, and x equal 4, 2, and 1 respectively, and the hyphen (-) equals 0.
These mappings are set according to the binary mode. For the three symbols r, w, and x in a group,
which represent the read permission, the write permission, and the execute permission, assign the
binary value 1 if a symbol has the corresponding right and assign the binary value 0 if a symbol
does not have the corresponding rights. Take the previous file sdh as an example. The file rights
are represented by the symbols rwxr-xr--. After converting the symbols into a binary value, you
can obtain "111101100". The binary value is divided into three 3-digit groups, with each group
representing a file right. After converting the binary value of each group into a decimal value, you
can obtain three values: 7, 5, and 4.
D.2.6 chown
This topic describes the chown command used for changing the owner of a file.
Function
The chown command is used to modify the owner of a file. In most Solaris or SUSE Linux
systems, this command can be run only by the root user.

NOTICE
Exercise this operation with caution, after you run the chown command, the owner of a file
will be modified.
Command Format
chown option owner file
Option Description
l -f: runs the command forcibly without displaying errors
l -R: recursive folder
l Owner: the modified owner
l File: the file of the owner to be modified
Example
l Assume that there is a user new_owner and a file in the system. Run the following
command to change the owner of the file to new_owner:
# chown new_owner file
l Assume that there is a user test in the system. Change the owner of all files in the /
export/home folder and the subfolders to test:
# chown -R test /export/home
D.2.7 chgrp
This topic describes the chgrp command used for moving all files from the user group to
which you belong to another user group.
Function
The chgrp command is used to move all files from the user group to which you belong, to
another user group. That is, you belong to at least two user groups at the same time.
NOTICE
Exercise this operation with caution, after you run the chgrp command, the user group of a
file will be moved to another user group.
Command Format
chgrp option group file

Option Description
l -f: runs the command forcibly without displaying errors
l -R: recursive folder
l Group: the modified user group
l File: the file the user group of which is to be modified
Example
To change the user group file to new_group, run the following command:
# chgrp new_group file
NOTICE
The new user group to which a file is moved should be created. Run the groups command to
list the groups to which you belong. For details on how to create a user group, see D.4
Commands for Managing Solaris or SUSE Linux Users.
After the owner or group of a folder is changed, the folder does not belong to that user or user
group any more. The attributes of the subfolders and files in the folder, however, are retained.
Run the chown command to modify the owner and the user group of a file at the same time:
# chown omc:staff file1
For example, run the command to modify the owner of file1 to omc and the group to staff.
D.2.8 find
This topic describes the find command used for searching for a file that meets the preset
conditions in the specified folders and subfolders.
Function
The find command is used to search for a file that meets the preset conditions in the specified
folders and subfolders. By using this command, you can find the file even if you forget the
correct path of the file.
Command Format
find folder condition
l Folder: indicates the folder to be searched. You can enter multiple folder names.
Separate the folder names by using spaces.
l Condition: indicates the conditions for file search, such as the file name, owner, and
time of the last modification.
Table D-9 describes the conditions for file search.

Table D-9 Conditions for file search

Condition Description
-name name The name of the file or folder to be searched.

Wildcards, such as-name '*.c', can be used.
-print Prints the path that meets the conditions.
-size n Searches for the files that use n blocks.
-type x Searches for files by file type. The file type x

includes:
l d: directory
l f: file
l b: block
l c: character
l p: pipe
-user user Searches all files of user. The value of user can be a
user name or UID.
-group group Searches all files of the user group. The value of
group can be a user group name or GID.
-links n Searches all files with the number of links as n.
-atime n Searches the files accessed before n days.
-mtime n Searches the files modified before n days.
-exec command {}\; Uses the found file as the object of the command to
be run. Put the parameters to be used in the command
execution between { and }.
Table D-10 describes the logical operators of conditions.
Table D-10 Logical operators of conditions

Logical Mean Example Description
Operator ing
! non ! -name "*.c" All the files except those with

the extension name as .c
-o or -size +10 -o -links 3 All the files with more than 10

blocks or with 3 links

Logical Mean Example Description

Operator ing
and -size +10 -links 3 All the files with more than 10
Condit blocks and with 3 links
ions in
and
relatio
nships
are
separat
ed by
spaces.
In the preceding table, +10 stands for more than 10 blocks and -10 for fewer than 10 blocks.
Example
To search for files in the /tmp folder with the file name starting with c, and then print the
paths, run the following command:
# find /tmp -name "c*" -print

/tmp/ctisql_0WBJgt
/tmp/ctisql_0dznJ_
/tmp/ctisql_0CpW34
/tmp/ctisql_0FO4vs
To search the file test in the current folder and then print the paths, run the following
command:
# find . -name test -print

./Report/reloc/resin1.2.0/conf/test
./Report/reloc/resin1.2.0/doc/examples/login/WEB-INF/classes/test
./Report/reloc/resin1.2.0/doc/examples/tags/WEB-INF/classes/test
NOTE
l The search may take several minutes. To save time, you can run this command in the background.
That is, the output for the command is exported to a file for later query. End the command line
with & so that the system runs the command in the background. For example:
# find / -name "abc*" -print> abc.file &
l After the search is complete, run the following command to view the result of the search:
# cat abc.file
l Different users may have different privileges for the same file. Therefore, ordinary users may find
only some files of the system. To list all the files that meet the set conditions, log in as the root
user and search from the root directory.
D.2.9 tar
This topic describes the tar command used for combining several files into one archive and
save it to a tape or disk.

Function
The tar command is used to combine several files into one archive and save it to a tape or
disk. When one of the files is required, obtain the file directly from an archive.
Command Format
tar function options modification options file
Option Description
l function options: sets the actions, such as read and write, of the tar command
l modification options: modifies the actions of the tar command
Table D-11 describes the options of the tar command.
Table D-11 Option description for the tar command

Option Specified Description
Option
Function options r Adds the specified file to an archive.
x Reads a file in an archive. If the file name is a

folder, this option reads the subfolders included
in the folder. This option is often used.
c Creates an archive. This option is often used.
g Creates a file at the beginning of an archive

rather than add the file in the last file.
Modification v Activates the display mode. The names of all

options the processed files are displayed. This option is
often used.
w Activates the confirmation mode. Your

confirmation is required before each file is
processed.
f Indicates that an archive is a file. If this

parameter is skipped, the preset tape or disk is
used as the object. This option is often used.
Example
l Run the tar command to back up files.
To back up all the files and subfolders in the /export/home folder in the current folder to
the default device and view the file information during the backup, run the following
command:
# tar cv /export/home
In current folder, back up all the files and subfolders in the /export/home folder to the
databak.tar file, and to view the file information during the backup, run the following
command:

# tar cvf databak.tar /export/home

l Use tar to restore files.
To restore the files in the default device to a hard disk, and to view the file information
during the restoration, run the following command:
# tar xv
In current folder, restore the databak.tar file to the /export/home folder, and to view the
file information during the restoration, run the following command:
# tar xvf databak.tar
NOTICE
l Do not enter "-" on the left of the function and modification options in the tar command.
l Run the following tar command to pack several files into a package:
# tar cvf filebak.tar file1 file2 file3
l Run the previous command to pack file1, file2, and file3 into a package named
filebak.tar.
l The names of the disk and tape devices used in file backup and restoration in the tar
command may vary according to the Solaris or SUSE Linux system. Check carefully
before running the command.
D.2.10 gtar
This topic describes the gtar command used for combining multiple files into an archive and
storing it in a tape or disk.
Function
The gtar command can merge multiple files into an archive and store it in tapes or disks. You
can obtain the required files from an archive, if required.
Format
gtar function options modification options file to be backed up or restored
Option Description
l Function option: sets the actions of the gtar command, such as read or write.
l Modification option: modifies the actions of the gtar command.
Table D-12 lists some options.

Table D-12 Descriptions of gtar command options

Option Specifie Description
d
Option
Function option r Adds the specified file to end of an archive.
x Reads a file in the archive. If the name is a directory, its

sub directories are also read. This option is common.
c Creates a new archive. This option is common.
g Creates a file from the beginning of the archive instead of

the end of the last file.
Modification v Starts the display mode. The gtar command can display all
option names of the processed file. This option is common.
w Activates the confirm mode. The gtar command requests

you to confirm before processing each file.
f Indicates that the archive is a file. Omission of this option

indicates that the object is the preset disk or tape. This
option is common.
Instance
l Run the gtar command to back up files.
In the current directory, back up all the files and folders in /export/home/sybdev to the
default device. During the backup, the file information is displayed.
# gtar cv /export/home/sybdev
In the current directory, back up all the files and folders in /export/home/sybdev and
save them as databak.tar. During the backup, the file information is displayed.
# gtar cvf databak.tar /export/home/sybdev
l Run the gtar command to restore files.
Restore the files of default devices in the backup files to a hard disk. During the
restoration, the file information is displayed.
# gtar xv
In the current directory, decompress the backup file databak.tar to /export/home/
sybdev. During the restoration, the file information is displayed.
# gtar xvf databak.tar

NOTICE
l There is no - symbol before the function option and modification option of gtar.
l The gtar command can pack multiple files. The command is as follows:
# gtar cvf filebak.tar file1 file2 file3
l This command packs the three files, that is, file1, file2, and file3, into the file named
filebak.tar.
l Under different Solaris systems, when using gtar to back up or restore files, note that
names of the floppy disk and tape are different. Ensure that you use the right names.
D.2.11 compress
This topic describes the compress command used for compressing files.
Function
The compress command is used to compress files and save the memory space. The name of
the compressed files ends with .Z. The command for decompressing such files is
uncompress.
Command Format
compress file
Example
To compress a file, run the following command:
# compress file
NOTICE
The difference between the tar command and the file compressing commands is as follows:
The tar command packs or combines files and packs many folders or files into a package. To
compress the combined files *.tar, use the compress or pack command.
D.2.12 uncompress
This topic describes the uncompress command used for decompressing files.
Function
The uncompress command is used to decompress the compressed files. The command for
compressing files is compress.

Command Format
uncompress compressed file ending with ".Z"
Example
To decompress the file.Z file, run the following command:
# uncompress file.Z
D.2.13 pack
This topic describes the pack command used for compressing files and saving memory space.
Function
Run the pack command to compress files. The name of the compressed files ends with .Z.
The space achieved through compression depends on file types. To extract files, use the
unpack command.
Command Format
pack file
Example
To pack a file, run the following command:
# pack file
NOTICE
l Do not run the pack command to compress files of small sizes. To compress such files,
use the pack command with the option -f for forced compression.
# pack -f filename
l The difference between the tar command and the file compression commands is as
follows:
The tar command packs or combines files and packs many folders or files into a
package. To compress the combined files *.tar, use the compress or pack command.
D.2.14 unpack
This topic describes the unpack command used for extracting files.
Function
The unpack command is used to extract the packed files. To pack files, use the pack
command.

Command Format
unpack compressed file ending with ".Z"
Example
To extract the file.Z file, run the following command:
# unpack file.Z
D.2.15 pkgadd
This topic describes the pkgadd command used for sending a file package to the system for
execution.
Function
The pkgadd command is used to send a file package to the system for execution. To remove a
package from the system, run the pkgrm command.
Command Format
pkgadd option file package name
Option Description
-d device: to install or copy a package from the device. The device can be an absolute path,
the identifier of a tape, or a disk such as /var/tmp or /floppy/floppy_name, or a device name
such as /floppy/floppy.
Example
To send a file package in the current folder to the file1 file, run the following command:
# pkgadd -d . file1
The dot in the command indicates that the folder is the current folder.
D.2.16 pkgrm
This topic describes the pkgrm command used for removing a package from the system.
Function
The pkgrm command is used to remove a package from the system. To pack and send a
package to the system, use the pkgadd command.
Command Format
pkgrm option file package name
Example
To remove the file1 file, run the following command:

# pkgrm file1
D.3 Commands for Viewing Solaris or SUSE Linux Files

This topic describes the commands used for viewing Solaris or SUSE Linux files, their
functions, along with examples.
D.3.1 echo
This topic describes the echo command used for sending a character string to a standard
output device such as the monitor screen.
Function
The echo command is used to send a character string to a standard output device such as the
monitor screen.
Command Format
echo character string option
Option Description
Table D-13 lists five options that are frequently used.
Table D-13 Option description of the echo command

Option Description
\c The RETURN character is not displayed.
\0n n is an 8-digit ASCII character code.
\t The TAB character is displayed.
\n The RETURN character is displayed.
\v The vertical TAB character is displayed.
Example
# echo $HOME
/export/home
/export/home displayed on the screen is the meaning of the character string "$HOME".
To prevent the system from displaying RETURN, run the following command:
# echo $HOME "\c"
/export/home
Or:

# echo "$HOME \c"
/export/home
NOTE
The options \c, \0n, \t, \n, \v are displayed in the character string enclosed in quotation marks. The
quotation marks can quote either one option or multiple options.
D.3.2 cat
This topic describes the cat command used for viewing the contents of a text file.
Function
The cat command is used to view the contents of a text file.
Command Format
cat option file
Option Description
l -n: number of each line of the displayed text
l -v: to view nonprinting characters rather than TAB and RETURN
Example
To view the contents of the cat_Table.txt file, run the following command:
# cat cat_Table.txt
Name Owner
Object_type
------------------------------ ------------------------------
----------------------
tbl128Addr cat
user table
tbl128IP cat
user table
tbl128Name cat
user table
tblAdapterIP cat
user table
tblAdjCell cat
user table
... ... ...
NOTE
To view several files at the same time, run the following command:
# cat file1 file2 file3
D.3.3 more
This topic describes the more command used for displaying the content of a large file in
different pages.

Function
You can use this command to view a file on screen at a time. You can also use this command
to browse the previous screens and to search for character strings.
Command Format
more option file
Option Description
Remember to insert the prefix - before the options when multiple options and combination of
options are used. Table D-14 lists four options that are frequently used.
Table D-14 Option description of the more command

Option Description
-c Clears the screen before the content is displayed.
-w Indicates that the system does not exit at the end of the input but waits for
the prompt.
-lines Displays the number of lines on each screen.
+/mode Searches for files in a preset mode.
Example
To view the contents of the cat_Table.txt file on screen at a time, run the following
command:
# more cat_Table.txt
Name Owner
Object_type
------------------------------ ------------------------------
----------------------
tbl128Addr cat
user table
tbl128IP cat
user table
tbl128Name cat
user table
tblAdapterIP cat
user table
tblAdjCell cat
user table
... ... ...

NOTE
l To view a file on screen at a time, press the following keys to perform relevant operations:
Space key: to view the next screen
Enter key: to view the next line
q: to exit
h: to view the online help
b: to switch back to the previous screen
/word: to search the character string "word" backward
l Solaris or SUSE Linux commands can be used in combinations. For example, add |more after
other commands to view relevant results on several screens.
D.3.4 head
This topic describes the function, format, and example of the head command.
Function
The head command is used to view the first few lines of a text file. By default, the first 10
lines are displayed.
Command Format
head value file
Example
To view the first three lines of the Table.txt file, run the following command:
# head -3 Table.txt
Name Owner
Object_type
------------------------------ ------------------------------
D.3.5 tail
This topic describes the tail command used for viewing the last few lines of a text.
Function
The tail command is used to view the last few lines of a text. By default, the last 10 lines are
displayed.
Command Format
tail value file
Example
To view the last ten lines of the cat_Table.txt file, run the following command:
# tail cat_Table.txt
Name Owner
Object_type

------------------------------ ------------------------------
----------------------
tbl128Addr cat
user table
tbl128IP cat
user table
tbl128Name cat
user table
tblAdapterIP cat
user table
tblAdjCell cat
user table
... ... ...
NOTE
A special function of the tail command is to view the latest changes of a log file, because all the latest
changes are added at the end of the log file. The command format is as follows:
# tail -f commdrv.log
The option -f refers to the function of monitoring a file.
D.3.6 clear
This topic describes the clear command used for clearing the contents on the screen.
Function
The clear command is used to clear the contents on the screen.
Example
To clear the screen, run the following command:
# clear
D.3.7 grep
This topic describes the grep command used for searching for a character string in a text file.
Function
The grep command is used to search for a character string in a text file and to print all the
lines that contain the character string.
Command Format
grep character string file
Example
To search the character string operation in the ifconfig.txt file, run the following command:
# grep operation ifconfig.txt
used to control operation of dhcpagent(1M), the DHCP client
operation, be used to modify the address or characteristics
dhcpagent wakes up to conduct another DHCP operation on the
given, and the operation is one that
requested operation will continue.

To search the character string "The following options are supported" in the ifconfig.txt file,
run the following the command:
# grep "The following options are supported" ifconfig.txt

The following options are supported:
NOTE
The character string "The following options are supported" includes spaces. Remember to enclose the
character string within quotation marks in the command line.
D.4 Commands for Managing Solaris or SUSE Linux Users

This describes the user management commands that are frequently used in the Solaris or
SUSE Linux system. This also describes the functions of these commands and gives some
examples. Only the user root and the authorized users can add, modify, or delete users and
user groups.
D.4.1 useradd
The useradd command is used to add a user in the Solaris or SUSE Linux system.
Function
The useradd command is performed to add a user in the Solaris or SUSE Linux system.
Command Format
useradd option new user name
Option Description
You can combine options of the useradd command. Add the prefix - before these options.
Table D-15 lists the common options.
Table D-15 option description of the useradd command
Option Remark
-c comment Indicate the comment.
-d directory Indicate the home folder.
-m Indicate the automatic creation of a home

folder if the home folder does not exist.
-g group Indicate the user group that the user belongs

to.
-s shell Indicate the shell that the user uses.

Example
Create a user named omc1 in the Solaris or SUSE Linux system. The user omc1 belongs to
the staff user group and the home folder is /home1/omc that is created automatically. In
addition, the comment is Test User and B shell is applied. To create a user named omc1 in the
Solaris or SUSE Linux system, run the following commands:
# useradd -c "Test User" -d /home1/omc -m -g staff -s /usr/bin/sh omc1
NOTICE
After a user is added, set the password for the added user. For details of setting the password,
see D.4.4 passwd. After the password is set, the user can log in as a new user.
D.4.2 userdel
This topic describes the userdel command used for deleting a specific user of the Solaris or
SUSE Linux operating system.
Function
The userdel command is used to delete a user. Some Solaris or SUSE Linux systems do not
allow deleting users completely. Run the userdel command to revoke the privileges granted to
the user.
Command Format
userdel option user name
Option Description
-r: Remove the user's home directory from the system. This directory must exist. The files
and directories under the home directory will no longer be accessible following successful
execution of the command.
l -r: Remove the whole home directory and the mail spool of the specified account. Files
located in other directories will have to be searched for and deleted manually.
l -f: Work with -r. This option is used to force the removal of files, even if not owned by
the account.
Example
Assume that there is user omc1 in the system. To delete the user omc1, run the following
command:
# userdel omc1

NOTICE
If the user has logged in, running the userdel command to delete the user fails. The system
prompts that the user account is in use.
D.4.3 usermod
This topic describes the usermod command used for modifying the user login information.
Function
The usermod command is used to modify the user login information.
Command Format
usermod option user name
Option Description
The combined option of the usermod command can be used. Add the prefix - before the
options. Table D-16 lists the common options.
Table D-16 Option description of the usermod command

Option Description
-c comment Modified comment
-d directory Modified home folder
-m Create a home folder automatically if the

home folder does not exist
-g group Modified user group
-s shell Used shell
-l new_logname Modified user name
Example
In Solaris or SUSE Linux, modify the login information of the user omc1. Run the following
command to change the user name to test, owner group to new_group, main directory to /
home, and comment to Tester:
# usermod -c "Test User" -d /home1 -g new_group -l test omc1

NOTICE
With the different operating system, do not run the usermod command to modify a user when
the user has logged in, or you must reboot operating system for some settings when perform
the command.
D.4.4 passwd
This topic describes the passwd command used for setting or changing a password for a user.
Function
The passwd command is used to set a password for an added user or to change the user
password.
Command Format
passwd user name
Precautions
From the security management aspect, you must change the user password periodically to
ensure the password security.
Example
Assume that the user omc1 is added. To set the password of omc1, run the following
command:
# passwd omc1
NOTE
Enter and confirm the password according to prompts. The entered password is displayed in cipher text.
It is recommended that the password should comply with the following rules:
1. The password contains at least eight characters.
2. The password contains at least two of the following items:
l At least one uppercase letter
l At least one lowercase letter
l At lease one of the following special characters: ` ~ @ # $ % ^ & * ( ) _ + - = { } [ ] | : \ " ;
' ? , . < > / and spaces
D.4.5 groupadd
This topic describes the groupadd command used for adding a user group in the Solaris or
SUSE Linux system.
Function
The groupadd command is used to add a user group in the Solaris or SUSE Linux system.

Command Format
groupadd user group name
Example
To add the user group staff1 in the Solaris or SUSE Linux system, run the following
command:
# groupadd staff1
D.4.6 groupdel
This topic describes the groupdel command used for deleting a user group in the Solaris or
SUSE Linux system.
Function
The groupdel command is used to delete a user group in the Solaris or SUSE Linux system.
Command Format
groupdel user group name
Example
To delete the user group staff1, run the following command:
# groupdel staff1
D.4.7 groupmod
This topic describes the groupmod command used for modifying the information about a user
group.
Function
The groupmod command is used to modify the information about a user group.
Command Format
groupmod user group name
-n name: the name of the modified user group
Example
To modify the name of the user group staff1 to staff2, run the following command:
# groupmod -n staff2 staff1

D.5 Commands for Managing Solaris or SUSE Linux

System Resources
This describes the commands for managing Solaris or SUSE Linux system resources. This
also describes the functions of these commands and gives some examples.
D.5.1 man
This topic describes the man command used for viewing the online help about a command.
Function
The man command is used to view the online help about a command.
Command Format
man option command
Example
To view the online help about the pwd command, run the following command:
# man pwd
Reformatting page. Wait... done
User Commands pwd(1)
NAME
pwd - return working directory name
SYNOPSIS
/usr/bin/pwd
DESCRIPTION
pwd writes an absolute path name of the current working
directory to standard output.
Both the Bourne shell, sh(1), and the Korn shell, ksh(1),
also have a built-in pwd command.
ENVIRONMENT
See environ(5) for descriptions of the following environment
variables that affect the execution of pwd: LC_MESSAGES and
NLSPATH.
EXIT STATUS
--More--(30%)
NOTE
Not all parameters in the man command are command names. For example, the man ascii command
displays all the ASCII characters and their expressions. The man shell_builtins command displays the
built-in command list and the shell using the commands.
D.5.2 df
This topic describes the df command used for viewing the free disk space.

Function
The df command is used to view the free disk space. The system administrator runs this
command frequently to check the usage of the disk space to avoid disk failure due to data
overflow.
Command Format
df option file system
Option Description
l -l: the local file system
l -k: to view the free disk space (unit: KB)
l -h: to print sizes in human readable format
Example
To check the free disk space, run the following command:
# df -k
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c0t0d0s0 2053605 997684 994313 51% /
/proc 0 0 0 0% /proc
fd 0 0 0 0% /dev/fd
/dev/dsk/c0t1d0s7 35009161 2562019 32097051 8% /export/home
swap 3431792 6664 3425128 1% /tmp
/dev/sda4 81242124 31102496 50139628 39% /
udev 3044112 704 3043408 1% /dev
/dev/sda1 136384 8420 127964 7% /boot/efi
/dev/sda3 52434552 53964 52380588 1% /home
The command result contains the following information:

l File system name
l File size (unit: KB)
l Used space
l Free space
l Capacity percentage of the filled file system and the mounting point
When you run the df command without any parameters, the free disk space in each mounted
device is displayed.
When the free disk space is reduced to the bottom line, the system administrator must take
immediate measures to locate the faulty file system.
D.5.3 du
This topic describes the du command used for viewing the disk space used by a specific
folder or file.
Function
The du command is used to view the disk space used by a specific folder or file.

Command Format
du option folder or file
Option Description
l -a : to view the disk space used by each file
l -s: to view the used total disk space
l -k: to view the result (unit: KB)
l -h: print sizes in human readable format
Example
l To view the disk space used by the files in the /etc folder, run the following command:
# du -k /etc |more
4 /etc/X11/fs
4 /etc/X11/twm
84 /etc/X11/xdm/pixmaps
157 /etc/X11/xdm
721 /etc/X11/xkb/rules
52 /etc/X11/xkb/types
16 /etc/X11/xkb/semantics
8 /etc/X11/xkb/geometry/ibm_vndr
44 /etc/X11/xkb/geometry/digital_vndr
44 /etc/X11/xkb/geometry/sgi_vndr
285 /etc/X11/xkb/geometry
81 /etc/X11/xkb/compat
28 /etc/X11/xkb/symbols/sun_vndr
16 /etc/X11/xkb/symbols/fujitsu_vndr
84 /etc/X11/xkb/symbols/macintosh_vndr
8 /etc/X11/xkb/symbols/nec_vndr
32 /etc/X11/xkb/symbols/digital_vndr
4 /etc/X11/xkb/symbols/sony_vndr
12 /etc/X11/xkb/symbols/xfree68_vndr
4 /etc/X11/xkb/symbols/hp_vndr
4 /etc/X11/xkb/symbols/sgi_vndr
850 /etc/X11/xkb/symbols
40 /etc/X11/xkb/keymap/sun_vndr
8 /etc/X11/xkb/keymap/digital_vndr
93 /etc/X11/xkb/keymap/sgi_vndr
181 /etc/X11/xkb/keymap
16 /etc/X11/xkb/keycodes/digital_vndr
12 /etc/X11/xkb/keycodes/sgi_vndr
108 /etc/X11/xkb/keycodes
2345 /etc/X11/xkb
4 /etc/X11/xsm
4 /etc/X11/lbxproxy
16 /etc/X11/fvwm2
4 /etc/X11/xserver/C/print/ddx-config/raster
4 /etc/X11/xserver/C/print/ddx-config
12 /etc/X11/xserver/C/print/attributes
245 /etc/X11/xserver/C/print/models/PSdefault/fonts
--More-
l To view the disk space used by all file systems in the current folder and send the results
to the sort command for sorting, run the following command:
# du -s * |sort -rn|more
28672 opt
3757 X11
2522 cups
1282 bootsplash
822 xscreensaver
808 sysconfig

661 services
661 init.d
473 postfix
428 apparmor
416 mono
389 joe
193 profile.d
165 ssl
165 apparmor.d
164 ssh
145 pam.d
145 lvm
112 fonts
109 xinetd.d
--More-
l To list the first ten file systems according to the file size, run the following command:
# du -s * |sort -rn|head -10
28672 opt
3757 X11
2522 cups
1282 bootsplash
822 xscreensaver
808 sysconfig
661 services
661 init.d
473 postfix
428 apparmor
D.5.4 ps
This topic describes the ps command used for viewing the status of the processes currently
running in the system.
Function
The ps command is used to view the status of the processes currently running in the system..
Command Format
ps option
Option Description
l -e: to view the status of all the processes that are running in the system
l -l: to view the running processes in a long-form list
l -u user: to view the process status of a specific user
l -f: to view all the status information about the processes that are running in the system
Example
l To view the status of all the running processes controlled by the login device (the
terminal), run the following command:
# ps
PID TTY TIME CMD
13726 pts/5 0:00 ksh
l To view the complete information about the active processes, run the following
command:

# ps -f
sybase 13726 13724 0 08:44:35 pts/5 0:00 -ksh
l To view the U2000 processes, run the following command:

# ps -ef|grep imap
root 22344 1 0 17:49:43 ? 0:03 imapsvcd -name
devdoc_agent -
sysagent DEFAULTSYSAGENT -port 31105 -agentid 0
root 22374 1 0 17:49:48 ? 0:02 imapsvcd -name am_agent -
sysa
gent DEFAULTSYSAGENT -port 31131 -agentid 0
root 22346 1 0 17:49:43 ? 0:01 imapsvcd -name em_agent -
sysa
gent DEFAULTSYSAGENT -port 31002 -agentid 0
root 22342 1 0 17:49:43 ? 0:11 imapsvcd -name cmdc_agent -
sy
sagent DEFAULTSYSAGENT -port 31103 -agentid 0
root 22355 1 0 17:49:45 ? 0:11 imapsvcd -name ifms_agent -
sy
sagent DEFAULTSYSAGENT -port 31011 -agentid 119
root 22338 1 0 17:49:42 ? 0:02 imapsvcd -name 3gpp_agent -
sy
......
NOTE
l After you run the ps command without any parameters, the screen displays information about all
running processes that are controlled by the login device (terminal).
l After you specify the -f parameter, more information is displayed. The information includes the
user name (UID), process ID (PID), parent process ID (PPID), technical number that indicates the
running time of the process (C), process start time (STIME), name of the terminal that activates the
process (TTY), and the process name (CMD). If TTY displays ?, infer that this process is not
associated with the terminal.
l To view all the processes related to specific characters, for example, the process related to the
U2000, run the grep command with the ps command.
D.5.5 kill
This topic describes the kill command used for terminating one or more processes.
Function
The kill command is used to terminate one or more processes.
Command Format
kill option processID
Option Description
l -l : lists names of all signals. If -l is present, processID is not provided.
l -s signal: sends the signal specified by signal to the process specified by processID.
processID: the ID of the process to be terminated, that is, the process ID

Example
l To list all the signal names, run the following command:
# kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL
5) SIGTRAP 6) SIGABRT 7) SIGEMT 8) SIGFPE
9) SIGKILL 10) SIGBUS 11) SIGSEGV 12) SIGSYS
13) SIGPIPE 14) SIGALRM 15) SIGTERM 16) SIGUSR1
17) SIGUSR2 18) SIGCHLD 19) SIGPWR 20) SIGWINCH
21) SIGURG 22) SIGIO 23) SIGSTOP 24) SIGTSTP
25) SIGCONT 26) SIGTTIN 27) SIGTTOU 28) SIGVTALRM
l To terminate the process with PID as 256, run the following command:
# kill -s KILL 256
NOTE
l The previous signal names can be expressed by code.

For example, -1 for HUP, -2 for INT, -3 for QUIT, -9 for KILL, -15 for TERM. The signal
KILL can be replaced with -9.
This signal is the most frequently used one in the kill command, and therefore it has the highest
priority.
The default signal 15 is used when no option is specified for the kill command. Run the following
command to terminate the process with the PID as 256:
# kill -9 256
l Run the ps command to check the execution of the kill command by listing the PIDs of the
terminated processes.
l The kill command may lead to a data loss. Run this command with care.
D.5.6 who
This topic describes the who command used for reporting the login information about all the
users in the current system.
Function
The who command reports the login information about all the users in the current system.
Command Format
who option
Option Description
l -b : display the system date and time of the last startup
l -m: display the related information about the users who run the command (the same as
the command who with two parameters am i)
am i: display the login information about the users who run the command
Example
l Display the login information about all the users in the current system:

# who
root pts/3 Feb 4 10:08 (10.129.16.60)
sybase pts/5 Feb 4 08:45 (10.129.28.44)
root pts/6 Feb 4 11:25 (10.129.16.60)
l Display the login information about the users who run the command:
# who am i
sybase pts/5 Feb 4 08:45 (10.129.28.44)
or:
# who -m
sybase pts/5 Feb 4 08:45 (10.129.28.44)
D.5.7 which
This topic describes the which command used for viewing the location where a command is
run.
Function
The which command is used to view the location where a command is run. The result may be
an absolute path or alias of the command found in the user environment variant PATH.
Command Format
which command
Example
To view the position where the commands pwd, who, and which are run, run the following
command:
# which pwd who which
/usr/bin/pwd
/usr/bin/who
/usr/bin/which
NOTE
If the command to be located does not exist in the file, the following error messages are displayed after
you run the which command:
# which qqqq
no qqqq in /usr/bin /usr/ucb /etc
D.5.8 hostname
This topic describes the hostname command used for viewing or setting the host name.
Function
The hostname command is used to view or set the host name.
Command Format
hostname host name

Example
To view the host name, run the following command:
# hostname
NOTE
If you run the hostname command without parameters, the host name of the equipment is displayed. If
you run the hostname command with parameters, the host name is set. Only the root user can run the
hostname command.
D.5.9 uname
This topic describes the uname command used for viewing the information about the
operating system.
Function
The uname command is used to view the information about the operating system. If you run
this command without parameters, only the name of the operating system is displayed. If you
run this command with parameters, more details about the operating system are displayed.
Format
uname option
Option Description
The options of the uname command can be combined. Add the prefix - before the options.
Table D-17 lists some frequently used options.
Table D-17 Description of the uname options

Option Description
-a Views all the information.
-i Views hardware information.
-m Views the name of the equipment hardware.

It is recommended that -p be used instead of
-m.
-n Views the name of the network equipment.
-p Views the ISA of the host or the type of the

processor.
-r Views the serial number of the operating

system of the host.
-s Views the name of the operating system of

the host (it is the default option).
-v Views the version of the operating system of

the host.

Option Description
-S system_name Sets the host name of the machine.

system_name stands for the host name set
by the user.
Example
To view the name, version, and serial number of the operating system on the host, run the
following command:
# uname -svr
D.5.10 ifconfig
This topic describes the ifconfig command used for viewing the IP address of the host.
Function
The ifconfig command is used to view the IP address of the host.
Command Format
ifconfig option
Option Description
-a: to view all the address information
Example
To view the IP address of the host, run the following command:
# ifconfig -a
lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232inet 127.0.0.1 netmask
ff000000
hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST>mtu 1500 inet
hme0:1:flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet
NOTE
In the previous output, the IP address of the displayed host is 10.9.169.143, and the logical IP address is
10.6.253.136. In the Solaris or SUSE Linux system, a network adapter can bind several logical IP
addresses, which realizes communications between different network segments.
D.5.11 script
This topic describes the script command used for recording in a script file all the screen input
and output that occur from the time when the script command is run to the time when the exit
command is entered.

Function
NOTICE
Close the script file before running the exit command to terminate the recording of the screen
I/O. If you do not close the script file, the script file builds up and hinders the normal
operation of the system.
Record in a script file all the screen input and output that occur from the time when the script
command is run to the time when the exit command is entered. The script command is
helpful for programming and debugging.
Format
script option file
Option Description
-a: appends the screen I/O content to a file. If you do not set this parameter, the screen I/O
overwrites the content of the file.
file: the file used to save the screen I/O content. If you do not specify the file name, the screen
I/O content is saved to the typescript file.
Example
To save the screen I/O content in the default destination file typescript, run the following
commands:
# script
Script started, file is typescript
# ps
PID TTY TIME CMD
256 pts/8 0:00 ksh
# pwd
/export/home
# date
Mon Feb 4 19:12:14 GMT 2002
# exit
Script done, file is typescript
To view the content of the typescript file, run the following command:
# cat typescript
Script started on Mon Feb 04 19:11:49 2002
$ ps

PID TTY TIME CMD

256 pts/8 0:00 ksh
$ pwd
/export/home
$ date
Mon Feb 4 19:12:14 GMT 2002
$ exit
exit
script done on Mon Feb 04 19:12:24 2002
D.5.12 date
This topic describes the date command used for viewing the current date and time of the
system.
Function
The date command is used to view the current date and time of the system. The root user can
run the date command to set the system date and time.
Format
date option +format
Option Description
l -u: to use the Greenwich mean time.
l +format: to specify the command output format.
Table D-18 describes the format of the command output.
Table D-18 Format of the command output
Format Description
%h Abbreviation of the month: from January to December
%j A day in a year: from 001 to 366
%n Switch to next line
%t The tab key
%y The last two digits of the year: from 00 to 99
%D Output format of the date: month/date/year
%H Hour: from 00 to 23
%M Minute: from 00 to 59
%S Second: from 00 to 59
%T Output format of time: hour:minute:second

Example
l To view the current date and time of the system, run the following command:
date
Mon Feb 4 20:26:16 GMT 2002
l To view the current system date and time in the Greenwich Mean Time, run the
following command:
date -u
Mon Feb 4 12:27:26 GMT 2002
l To view the current date of the system in the format of month/day/year, run the following
command:
date +%D
02/04/02
D.5.13 bc
This topic describes the bc command used for simple calculation.
Function
The bc command is used to perform a simple calculation.
Example
To multiply 4 by 5, run the following command:
# bc
4*5
20
NOTE
To get the result, run the bc command, and then press Enter. Type the formula 4*5, and then press
Enter. The result is displayed on the screen. Press Ctrl+D to exit from the bc program.
D.5.14 prtconf
This topic describes the prtconf command used for checking the system configuration.
Function
The prtconf command is used to check the system configuration.
Format
prtconf option device path
Instance
l Check all the configuration information about the system.
# prtconf
System Configuration: Oracle Corporation sun4u
Memory size: 32768 Megabytes

System Peripherals (Software Nodes):
SUNW,SPARC-Enterprise
scsi_vhci, instance #0
ssd, instance #0
ssd, instance #1
ssd, instance #2
packages (driver not attached)
SUNW,probe-error-handler (driver not attached)
SUNW,builtin-drivers (driver not attached)
deblocker (driver not attached)
disk-label (driver not attached)
terminal-emulator (driver not attached)
obp-tftp (driver not attached)
ufs-file-system (driver not attached)
hsfs-file-system (driver not attached)
chosen (driver not attached)
openprom (driver not attached)
client-services (driver not attached)
options, instance #0
aliases (driver not attached)
memory (driver not attached)
virtual-memory (driver not attached)
iscsi-hba (driver not attached)
disk (driver not attached)
pseudo-console, instance #0
nvram (driver not attached)
pseudo-mc, instance #0
cmp (driver not attached)
core (driver not attached)
cpu (driver not attached)


pci, instance #0
ebus, instance #0
flashprom (driver not attached)
serial, instance #0
scfc, instance #0
panel, instance #0
pci, instance #0
pci, instance #0
pci, instance #1
pci, instance #3
scsi, instance #0
sd, instance #3
sd, instance #4
sd, instance #5
network, instance #0
pci, instance #4
pci, instance #2
LSILogic,sas, instance #1
pci, instance #1
pci, instance #2
SUNW,qlc, instance #0
fp (driver not attached)
fp, instance #4
fp, instance #5
pci, instance #3
fp, instance #6
fp, instance #7
ramdisk-root (driver not attached)
os-io (driver not attached)
iscsi, instance #0
pseudo, instance #0
D.5.15 prstat
This topic describes the prstat command used for viewing the CPU usage.
Function
The CPU usage may be high when a large number of NE alarms are reported in a short period
or when the performance data is high. This command is used to find out the cause of these
alarms.

Permitted Users
User root and other common users are authorized to run the prstat command.
Example
# prstat
The command result contains the CPU usage of each process.
D.5.16 shutdown
This topic describes the shutdown command used for changing the system status, such as
restart or shut down the system.
Function
The shutdown command is used to change the system status.
Command Format
Solaris
shutdown parameter 1Parameter value 1 parameter 2Parameter value 2 ...
SUSE Linux
shutdown option time alarm information
Table D-19 describes the parameters of the shutdown command in Solaris. Table D-20
describes the parameters of the shutdown command in SUSE Linux.
Table D-19 Parameters of the shutdown command in Solaris

-i The parameters and functions are described as

follows:
l 0: enter the PROM(ok) state to set the hardware
parameters and shut down Solaris.
l 5: shut down Solaris and the power supply.
l 6: restart Solaris.
-g The parameter is an integer in seconds.

The shutdown command is run after the specified
time. The default value is 60.
-y The parameter is left blank. No confirmation

message is displayed before the shutdown command
is run.

Table D-20 Parameters of the shutdown command in SUSE Linux
option -c Cancel the previous shutdown command.
-h Shut down SUSE Linux and the power supply.
-k Send a message only without shutting down the

SUSE Linux.
-r Restart SUSE Linux.
time The parameters are described as follows:

l hh:mm
Run the shutdown command at hh:mm.
l +x
Run the shutdown command after x minutes.
l now
Run the shutdown command immediately.
alarm information The value is a string, which indicates the message

sent to the login user.
Example
Solaris
l Shut down Solaris and the power supply after 120s without notifying the user.
# shutdown -i5 -g120 -y
l Restart Solaris after 120s without notifying the user.
# shutdown -i6 -g120 -y
SUSE Linux
l Restart SUSE Linux immediately.

# shutdown -r now
l Shut down SUSE Linux and the power supply after two minutes, and send a message to
the login user, indicating that "System will be shut down after 2 minutes."
# shutdown -h +2 "System will be shut down after 2 minutes."
D.6 Commands for Network Communication in the

Solaris or SUSE Linux
This topic describes the commands for network communication in the Solaris or SUSE Linux
system. It also describes the functions of these commands and gives some examples.

D.6.1 ping
This topic describes the ping command used for checking the connection of networks.
Function
The ping command is used to check the physical connection of the network when the
communication between a user computer and the hosts in the network is interrupted.
Format
ping IP address of a host
Example
Check the physical connection between the current host and the host whose IP address is
10.9.0.1.
# ping 10.9.0.1
10.9.0.1 is alive
64 bytes from 10.9.0.1: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 10.9.0.1: icmp_seq=2 ttl=64 time=0.021 ms
NOTE
Other methods for using the ping are as follows:
l # ping -s 10.9.0.1
Send messages to the target host (IP address: 10.9.0.1) constantly to test the network connection.
Press Ctrl+C to stop sending messages.
l # ping -s 10.9.0.1 4096
Send messages to the target host (IP address: 10.9.0.1) constantly and specify that the size of the
tested message is 4096 bytes.
l # ping -s 10.9.0.1 4096 4
Send messages to the target host (IP address: 10.9.0.1) constantly, and specify that the size of the
tested message is 4096 bytes and the number sending times is four.
The Internet Control Message Protocol (ICMP) is used through the ping command to check
the network connection. An ICMP echo request message is sent to a specific host to request
an ICMP echo response message. If the response message is not received within a specified
time, the Host unreachable message is displayed on the screen.
The Host unreachable message is displayed in the following cases:
l The specified host is invalid.

l The network cables are not correctly connected.
l The two communicating hosts do not support the same communication protocol.
To analyze the causes, run the ping command to connect to other hosts in the same network
segment. If the ping command is successful, you can infer that the connection is functional. In
this case, check the physical connection and the operating status of the specified host. If the
ping command fails, check whether the physical network connection of the current host is
secure or whether the TCP/IP protocol is set correctly only for Windows 95 users.

D.6.2 telnet
This topic describes the telnet command used for logging in to the remote Solaris or SUSE
Linux host from the local computer.
Function
NOTICE
Before running the telnet command, ensure that a local computer is connected to the remote
Solaris or SUSE Linux host according to the TCP/IP protocol.
Telnet is the software used to log in to remote Solaris or SUSE Linux hosts through network
connection. Telnet takes the local computer as a simulated terminal of the remote Solaris or
SUSE Linux host and enables you to log in to the remote server from the local computer.
After you log in to the remote Solaris or SUSE Linux host successfully through telnet, you
become a remote simulated terminal user and you can use the local computer as a real Solaris
or SUSE Linux terminal. In this case, the resources and functions available and the operating
mode depend on the settings of the remote host and the access privileges of the login account.
Command Format
telnet IP address or domain name port
l IP address: the IP address of a remote Solaris or SUSE Linux host
l Domain: the domain name of a remote Solaris or SUSE Linux host
l port: the port number of the listening port of the telnet service. If the port number is
omitted, it indicates that the port with the number of 23 is connected to the telnet service
by default.
Example
Run the telnet command on a local computer and log in to a remote Solaris or SUSE Linux
host. Assume that the IP address of the Solaris or SUSE Linux host is 10.9.169.143.
1. On the local computer, choose Start > Run.
2. Enter telnet 10.9.169.143 and click OK.
NOTE
The telnet command can also be used to test the listening status of a port of a host. For example,
test whether port 22 of the host with the IP address of 10.9.169.143 is in listening status by
telnet 10.9.169.143 22
You can determine whether the port is in listening status according to the displayed message.
3. The Telnet dialog box appears and prompts you to enter the Solaris or SUSE Linux user
name and password.
login: root

Password: root password

NOTE
Enter the password on the right of Password. The entered password is not displayed.
The subsequent operations are the same as those that you perform on the Solaris or
SUSE Linux host.
D.6.3 ftp
This topic describes the ftp command used for transferring files between the local computer
and the remote host.
Function
The ftp command is used to transfer files between the local computer and the remote host.
You can transfer one or multiple files at a time between the remote Solaris or SUSE Linux
system and the local computer.
Format
ftp IP address or domain
l IP address: the IP address of the remote Solaris or SUSE Linux host
l Domain name: the domain name of the remote Solaris or SUSE Linux host
Example
Run the ftp command on the local computer. Assume that the IP address of the remote Solaris
or SUSE Linux host is 10.9.169.143.
Choose Start > Run on the local computer. In the displayed dialog box, enter ftp
10.9.169.143 and click OK. When the ftp window is displayed, enter the Solaris or SUSE
Linux user name and password.
User (10.9.169.143: (none) : ) ftpuser
Password: password of ftpuser

230 Login successful.
ftp>
NOTE
Enter the password after Password: . The password is not displayed.
Enter the ftp command behind the prompt ftp>. Table D-21 describes the ftp commands
that are commonly used.
Table D-21 Common ftp commands

ftp Command Description
!command Use a local command and return to ftp

immediately.

ftp Command Description
?|help command View the command help.
ascii Transfer files in ASCII format (default).
binary Transfer files in binary format.
cd folder Switch to the specified remote destination

directory (the directory on the computer that
provides the FTP service).
close Break the remote connection.
dir remote-directory local-file View the remote directory. If there is a local

file, save the result to the local file.
get file1 file2 Copy the remote file1 to the local file2.
lcd folder Switch to the specified local destination

directory (the directory on the computer that
provides the FTP service).
ls remote-directory local-file Same as dir, but the display format is

different.
mget several files Copy several remote files to the local

computer.
mput several files Copy several local files to the remote

computer.
open IP address or domain Reestablish a connection.
put file1 file2 Copy the remote file1 to the local file2.
pwd List the folders of the current remote host.
quit|bye Exit from the ftp.
status View the current ftp status.
l Copy all the files in the path C:\mydoc on the local computer to the /usr/local/tmp
folder on the remote host in binary format.
ftp> binary
ftp> lcd c:\mydoc
ftp> cd /usr/local/tmp
ftp> mput *.*
l Copy the .login file in the /usr/home/rms folder on the remote host to the path C:\temp
\from folder on the local computer.
ftp> ascii
ftp> lcd c:\temp\from
ftp> cd /usr/home/rms

ftp> get .login

l Copy all files in the /usr/home/rms folder on the remote computer to the path C:\temp
\from on the local computer in binary format.
ftp> binary
ftp> lcd c:\temp\from
ftp> cd /usr/home/rms
ftp> mget *
l To exit ftp.
ftp> quit
NOTICE
The Telnet and FTP protocols belong to the TCP/IP family. They are the protocols at the
application layer. They work in client/server mode. The telnet/ftp program running on the
local computer is a telnet/ftp client program. The telnet/ftp program connects to the server
program in the remote host through the TCP/IP protocol. Any system installed with the
telnet/ftp server-side software can serve as a remote host. In addition to the default network
protocol TCP/IP, the Solaris or SUSE Linux system supports the Telnet/FTP protocols.
Because a Solaris or SUSE Linux host is installed with both the telnet/ftp server software and
the client software, the Solaris or SUSE Linux host can serve as either a telnet/ftp server or a
telnet/ftp client.
D.6.4 finger
This topic describes the finger command used for viewing the information about the online
users who are using the Solaris or SUSE Linux system.
Function
The finger command is used to view the information about online users of the Solaris or
SUSE Linux system.
Command Format
finger user name@host domain|IP address
l user name: the user that has currently logged in to the local system.
l host domain: the Solaris or SUSE Linux host domain.
l IP address: the IP address of the Solaris or SUSE Linux host.
Example
Table D-22 lists some common examples of the finger command.

Table D-22 Examples of the finger command

Example Description
# finger View the information about all local users.
# finger root View the information about user root.
# finger @omcsyb2 View the information about all users in the

host omcsyb2.
# finger @omcsyb2.huawei.com.cn View the information about all users in the

host omcsyb2.huawei.com.cn.
# finger abc@omcsyb2 View the information about user abc in the

host omcsyb2.
# finger abc@10.10.10.1 View the information about user abc in the

host 10.10.10.1.
D.6.5 netstat
This topic describes the netstat command used for displaying the current network status.
Function
The netstat command is used to display the current network status. The netstat command is
powerful but complex in format. This describes common applications of the netstat
command.
Command Format
netstat [options]
Option Description
l For viewing all the sockets and routing tables (netstat -anv)
– -a: views all socket information.
– -n: views the information by number. If you do not specify this parameter, the
information is displayed by logical name.
– -v: views the information about sockets and routing tables of the additional
information.
l For viewing the IP address of the network adapter (netstat -i -I interface interval)
– -i: views the information about the network interface.
– -I interface: specifies an interface, for example, hme0:1
– interval: indicates a time interval.
l For viewing the routing table status (netstat -r -anv)
– -r: views the information about the routing table.
– -anv: refers to For viewing all the sockets and routing tables.

l For viewing the broadcast information (netstat -M -ns)

– -M: views broadcast routing tables.
– -n: views the information by number. If you do not specify this parameter, the
information is displayed by logical name.
– -s: summarizes the status of each protocol.
l For viewing the DHCP status (netstat -D -I interface)
-D: views the DHCP information.
Example 1
Use the command netstat -rn to view the information about the routing tables:
# netstat -rn
Routing Table:
10.105.28.0 10.105.28.202 U 4 2 hme0
10.0.0.0 10.105.31.254 UG 0 0
127.0.0.1 127.0.0.1 UH 0 896 lo0
Destination Gateway Genmask Flags MSS Window irtt Iface
10.71.158.0 10.0.0.0 255.255.255.128 U 0 0 0 eth2
10.254.0.0 10.0.0.0 255.255.0.0 U 0 0 0 eth2
127.0.0.0 10.0.0.0 255.0.0.0 U 0 0 0 lo
A router can be in any of the following five different flags: U, G, H, D, and M, as described in
Table D-23.
Table D-23 Description of routing flags

Flag Description
U U indicates that a route is currently available.
G G indicates that a route is destined for a gateway such as a router.

If this flag is not set, you can infer that the destination is connected directly.
Flag G distinguishes between direct and indirect routes. Flag G is
unnecessary for direct routes. The difference is that the packet sent through a
direct route carries both the destination IP address and the link-layer address.
In the packet sent through an indirect route, however, the IP address points
to the destination and the link layer address points to the gateway (for
example, the next router).
H H indicates a route destined for a host. That is, the destination address is a
complete host address.
NOTE
l If this flag is not set, you can infer that the route leads to a network and that the
destination address is a network address: either a network number or a network.
The part in the address for the host is 0.
l When you search the routing table for an IP address, the host address must exactly
match the destination address.
l The network address, however, is required to match only the network number and
subnet number of the destination address.
D D indicates that a route is created by a redirected packet.

Flag Description
M M indicates that a route is modified by a redirected packet.
The Ref (Reference count) column lists the number of routing progresses. The protocol for
connection, such as TCP, requires a fixed route when a connection is established. If the telnet
connection is established between the host svr4 and the host slip, the Ref is 1. If another telnet
connection is established, its value is changed to 2.
The next column (Use) displays the number of packets sent through a specified route. After
you run the ping command as the unique user of this route, the program sends five groups and
the number of packets is displayed as 5. The last column (Interface) indicates the name of
the local interface.
The name of the loop-back interface is permanent set to lo0. Flag G is not set because the
route is not destined for a gateway. Flag H indicates that the destination address, 127.0.0.1, is
a host address and not a network address. Because flag G is not set, the route here is a direct
route and the gateway column shows the outgoing IP address.
Each host has one or multiple default routes. That is, if a particular route is not found in the
table, the packet is sent to the router. In addition, the current host can access other systems
through the Sun router (and the slip link) on the internet, based on the settings of the routing
table. The flag UG refers to the gateway.
Example 2
Queries the information about the packet transmitted from the network interface and port.
l Queries the information about network interface lo0.
# netstat -I lo0
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queu
lo0 8232 loopback localhost 2201 0 2201 0 0 0
l Queries the information about the packet transmitted from network interface lo0, and
refreshes the information every 200s.
# netstat -I lo0 -an interval 200
input lo0 output input (Total) output
packets errs packets errs colls packets errs packets errs colls
2201 0 2201 0 0 2937974 0 631699 0 0
D.6.6 route
This topic describes the route command used for changing the maintenance routing table.
Function
The routing table relays IP address between network segments. The route command is used to
modify and maintain the routing table.
Format
route -fnvq command modifiers args
route -fnvq add|change|delete|get -host|net destination gateway args

route -n monitor
route -n flush
route add|del -host | -net destination gw gateway args
NOTE
The meaning of "|" is the same as that of the word "or".
Options of the route command can be combined. Table D-24 lists some common options.
Table D-24 Description of the route commands

Option Description
-f Refresh routing tables for all gateways.
-n View the information in characters instead of symbols.
-v View the additional information.
-v Suspend all outputs.
-command Refer to the add, change, flush (clear the gateways in the
routing table), get or monitor.
add|del
-net Set a route to a network segment.
-host Set a route to a host.
-destination Destination network segment. For example, 10.0.0.0 stands

for section 10, and 10.11.0.0 stands for section 10.11.
destination network segment (10.1.1.0/24, number of
network/subnet mask digits)
-gateway Indicate the IP address of the gateway.
Example
l Obtain the routing information about network segment 10.
# route -n get 10.0.0.0
route to: 10.0.0.0
destination: 10.0.0.0
mask: 255.0.0.0
gateway: 10.105.31.254
interface: hme0
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt, msec rttvar hopcount mtu expire
0 0 0 0 0 0
1500 0
l Clear the gateways in the routing table.

# route -n flush

10 10.105.31.254 done
#netstat -rn
Routing Table:
-------------------- -------------------- ----- ----- ------ ---------
10.105.28.0 10.105.28.202 U 4 6 hme0
127.0.0.1 127.0.0.1 UH 0 1500 lo0
# telnet 10.129.3.4
Trying 10.129.3.4...
telnet: Unable to connect to remote host: Network is unreachable
After the gateways in the routing table are cleared, the network segments beyond
10.105.28.202/34 are no longer accessible.
l Add a routing record.
Add the route to the network segment 10.9.0.0/16 with the gateway as 10.105.28.202.
# route add 10.9.0.0/16 10.105.28.202
add net 10.9.0.0: gateway 10.105.28.202
# netstat -rn
Routing Table:
-------------------- -------------------- ----- ----- ------ ---------
10.105.28.0 10.105.28.202 U 4 2 hme0
10.9.0.0 10.105.28.202 UG 0 0
10.0.0.0 10.105.31.254 UG 0 0
127.0.0.1 127.0.0.1 UH 0 313 lo0
NOTE
10.9.0.0 10.105.28.202 UG 0 0 is the newly-added routing record.

# route add -net 10.9.0.0/16 gw 10.105.28.202
# route
Destination Gateway Genmask Flags Metric Ref Use Iface
10.9.0.0 10.105.28.202 255.255.0.0 UG 0 0 0
NOTE
10.9.0.0 10.105.28.202 255.255.0.0 UG 0 0 0 is the added route.

l Modify the routing table.
# route change 10.9.0.0 10.2.3.4
change net 10.9.0.0: gateway 10.2.3.4
# netstat -rn
Routing Table:
-------------------- -------------------- ----- ----- ------ ---------
10.105.28.0 10.105.28.202 U 4 2 hme0
10.9.0.0 10.2.3.4 UG 0 0
10.0.0.0 10.105.31.254 UG 0 0
127.0.0.1 127.0.0.1 UH 0 445 lo0
NOTE
10.9.0.0 10.2.3.4 UG 0 0 is the routing record of the modified gateway.

l Delete a routing record.
Delete the route to the network segment 10.9.0.0/16 with the gateway as 10.105.28.202.
# route del -net 10.9.0.0/16 gw 10.105.28.202

# route delete -net 10.9.0.0/16 10.105.28.202

Administrator Guide E Sybase Database Command Reference
E Sybase Database Command Reference
This topic describes the common command reference of the Sybase database, including
command functions and usage examples.
E.1 startserver
This topic describes the startserver command used for starting the Sybase database.
E.2 showserver
This topic describes the showserver command used to view the running status of the Sybase
database.
E.3 isql
This topic describes the isql command used for connecting to the Sybase database.
E.4 shutdown
This topic describes the shutdown command used for shutting down the Sybase database.
E.5 sp_configure
This topic describes the sp_configure command used for viewing and setting the Sybase
database parameters.
E.1 startserver
This topic describes the startserver command used for starting the Sybase database.
Function
The startserver command is used to start the Sybase database instance or corresponding
backup instance.
Syntax
startserver -f parameter
Table E-1 describes the parameters.

Table E-1 Condition List Description
parameter The parameter is used to specified Sybase

database instance or corresponding backup
instance.
NOTE
l Parameters are named in RUN_DBSVR or
RUN_DBSVR_back format. DBSVR and
DBSVR_back stand for the Sybase database
instance and backup instance respectively.
l The Sybase database instance name and backup
instance name are specified when the Sybase
database is created. You can view the RUN* file
in ASE-*/install under the Sybase database
installation path.
The asterisk (*) stands for a wild card.
Examples
Assume that the Sybase database is installed in /opt/sybase, the database instance name is
DBSVR, the corresponding backup instance name is DBSVR_back.
In the command prompt window, run the following commands to start the Sybase database as
the user dbuser.
$ cd /opt/sybase/ASE-15_0/install
A large amount of start information is displayed. See E.2 showserver to check whether the
Sybase database is started successfully.
E.2 showserver
This topic describes the showserver command used to view the running status of the Sybase
database.
Function
The showserver command is used to view the running status of the Sybase database.
Syntax
showserver

None
Examples
DBSVR, and backup database instance name is DBSVR_back.
In the command prompt window, run the following command to view the running status of
the Sybase database.
$ cd /opt/sybase/ASE-15_0/install
$ ./showserver
The information similar to the following is displayed. If DBSVR and DBSVR_back are
displayed, it indicates that both the Sybase database instance and the backup database instance
run properly.
dbuser 22364 22363 0 16:59:39 ? 0:00 /opt/sybase/ASE-15_0/bin/backupserver
-SDBSVR_back -e/opt/sybase/ASE-15_0/install
dbuser 22305 22304 0 16:54:38 ? 3:40 /opt/sybase/ASE-15_0/bin/dataserver -
sDBSVR -d/opt/sybase/data/lv_master -e/opt/sybase
If the following information is displayed, it means that no Sybase database is started. See E.1
startserver to start the Sybase database.
E.3 isql
This topic describes the isql command used for connecting to the Sybase database.
Function
The isql command is used to connect to the Sybase database. You can run sql sentences in the
isql command line or configure the Sybase database.
Syntax
isql option1parameter1 option2parameter2...

Option Description
-Ssybase_instance_name -S is followed by the name

(sybase_instance_name) of the Sybase database
instance to connect to.

Option Description
-Usybase_user -U is followed by the user name (sybase_user)

of the Sybase database.
Examples
DBSVR, and the password of the sa user is password.
In the command prompt window, run the following commands to connect to the Sybase
database.
NOTE
If the Sybase database administrator sa is disabled, perform the operations as the database user who
replaces the sa user. For details about how to disable the sa user and create a user to replace the sa user,
see sec_adm -cmd modifyDBAUserName.
CAUTION
For an application developed based on the Sybase database, the environment variable of the
Sybase database is usually run automatically when you set the environment variable of the
application (such as U2000). In the condition that the environment variable of the application
does not conflict with that of the Sybase database, use method one to connect to the Sybase
database. Otherwise, use method two to avoid the conflict.
# isql -SSYB_server -Usa

Password:
If connecting to the Sybase database succeeds, the following prompt of the isql command line
is displayed:
1>
If connecting to the Sybase database fails, find out the cause according to the prompt.
E.4 shutdown
This topic describes the shutdown command used for shutting down the Sybase database.
Function
The shutdown command is used to shut down the Sybase database instance or corresponding
backup instance after you use the isql command to connect to the Sybase database.
Syntax
shutdown parameter

SYB_BACKUP This parameter is used to shut down the

connected Sybase database instance or
corresponding backup instance.
None If the parameter is null, it means that the

connected Sybase database instance is to be
shut down.
Examples
DBSVR, and the password of the sa user is password.
NOTE
If the Sybase database administrator sa is disabled, perform the operations as the database user who
replaces the sa user. For details about how to disable the sa user and create a user to replace the sa user,
see sec_adm -cmd modifyDBAUserName.
1. Run the environment variable of the Sybase database.

2. In the command prompt window, run the following command to connect to the Sybase
database. For details about the isql command, see E.3 isql.
Password:
3. Shut down the backup instance of the Sybase database.

2> go
If the information similar to the following is displayed, it indicates that the backup
instance of the Sybase database is shut down normally. Otherwise, find out the cause to a
failure according to the prompt.
Backup Server: 3.48.1.1: The Backup Server will go down immediately.
Terminating sessions.
4. Shut down the Sybase database instance.

1> shutdown
2> go
If the information similar to the following is displayed, it indicates that the Sybase
database instance is to be shut down normally. Otherwise, find out the cause to a failure

E.5 sp_configure
This topic describes the sp_configure command used for viewing and setting the Sybase
Function
The sp_configure command is run in the ISQL CLI and used to view and set the Sybase
Syntax
sp_configure parameter parameter value

parameters of the Sybase database Parameters of the Sybase database to be viewed

or set. When you view and set the parameters,
place a parameter name between single
quotation marks ('').
Examples
DBSVR, and the password of the sa user is password. The task in this example is to set the
max memory parameter of the Sybase database to 2048 MB.
NOTE
l For details about parameter settings, see the related documents of the Sybase database.
l If the Sybase database administrator sa is disabled, perform the operations as the database user who
replaces the sa user. For details about how to disable the sa user and create a user to replace the sa
user, see sec_adm -cmd modifyDBAUserName.
1. Run the environment variable of the Sybase database.

2. In the command prompt window, run the following command to connect to the Sybase
database. For details about the isql command, see E.3 isql.
Password:
3. Query the value of max memory:

1> sp_configure 'max memory'
2> go

The parameter value similar to the following is displayed:

Parameter Name Default Memory Used Config Value
Run Value Unit Type
------------------------------ ----------- ----------- ------------
------------ -------------------- ----------
max memory 53248 1048576 524288
524288 memory pages(2k) dynamic
(1 row affected)
(return status = 0)
4. Set the value of max memory:

1> sp_configure 'max memory',2097152
2> go
NOTE
l If the prompt contains (1 row affected) and (return status = 0), it indicates that the setting
is successful. In the case of a failure, find out the cause according to the prompt.
l In this sample, the memory unit is 2 KB, so the parameter value is 2097152 (2 KB), that is,
2048 MB x 1024 x 2.

iManager U2000 Unified Network Management System F Common Commands for HA System (Veritas Hot
Administrator Guide Standby)
F Common Commands for HA System

(Veritas Hot Standby)
The common commands and their functions for the HA system (Veritas Hot Standby) are
described.
F.1 Overview of Commands

The software for Veritas includes VxVM, VVR, VCS, and GCO. The common commands are
classified into status query commands and maintenance commands. The software for the high
availability (HA) system (Sun Cluster) includes VxVM and Sun Cluster. The common
commands are classified into status query commands and maintenance commands.
F.2 Status Query Commands
You can use the status query commands to check the statuses of the volume, RLink, RVG,
disks, disk groups, and HA system. The commands are usually used for routine patrol. In this
way, you can proceed with the next operation according to the current status.
F.3 Maintenance Command
When the HA system becomes abnormal, you can run the following command to repair the
fault.
F.1 Overview of Commands

The software for Veritas includes VxVM, VVR, VCS, and GCO. The common commands are
classified into status query commands and maintenance commands. The software for the high
availability (HA) system (Sun Cluster) includes VxVM and Sun Cluster. The common
commands are classified into status query commands and maintenance commands.
Commands
Table F-1 Common commands
Command Description
F.2.1 vxprint Displays the VxVM configuration

information.

Command Description
F.2.2 vxdisk Displays the disk information.
F.2.3 vxdg Displays the disk group information.
F.2.4 vradmin Displays the configuration information and

related commands of data replication.
F.2.5 hastatus Displays the current status information of

VCS.
F.3.1 hagrp Displays related commands of VCS

resource groups.
F.3.2 hastop Shuts down the VCS server.
Generic Naming Rules of Veritas Commands

l The commands of VxVM usually start with "vx".
l The commands of VVR usually start with "vr".
l The commands of VCS usually start with "ha".
Generic Formats of Veritas Commands

l Format of query commands of VxVM: command list
l Format of VCS commands (hares and hagrp): command -action, resource/resource group
-sys host name
NOTE
The actions often include online, offline, and clear.
Query methods of Veritas Command Help

l command -H
l man command
Directories of Saving Veritas Commands

l /opt/VRTS/bin
l /usr/bin
l /usr/sbin
F.2 Status Query Commands

You can use the status query commands to check the statuses of the volume, RLink, RVG,
disks, disk groups, and HA system. The commands are usually used for routine patrol. In this
way, you can proceed with the next operation according to the current status.

F.2.1 vxprint
You can check the statuses of the volume, RLink, and RVG.
l Check the statuses of the volume, RLink, and RVG.
l Query the status during routine patrol and fault maintenance.
Command Formats
l View the volume status:vxprint -v.
l View the RVG status:
– vxprint -V
– vxprint -l datarvg
l View the RLink status:
– vxprint -P
– vxprint -l datarlk
Screen Output Format

Table F-2 Screen output format description of vxprint

Screen Output Description
Format
TY Type. In general, "dg" indicates the disk group, "dm" indicates the
disk, "v" indicates the volume, "rl" indicates the RLink, and "rv"
indicates RVG. "pl" and "sd" can be neglected.
NAME Name. It indicates names of the volume, RVG, and RLink.
ASSOC Association. For the volume, if it is attached to an RVG, the RVG

name is displayed; otherwise, "gen" is displayed. For the RLink, if
it is attached to an RVG, the RVG name is displayed; otherwise,
"-" is displayed. For an srl_vol volume, if it is attached to an RVG,
the RVG name is displayed; otherwise, "fsgen" is displayed.
KSTATE Normally, it is ENABLED for the volume, CONNECT for the

RLink, and ENABLED for the RVG.
STATE Normally, it is ACTIVE for the volume, RLink, and RVG.
Table F-3 Screen output description of vxprint -l datarlk

Disk group The disk group to which RLINK belongs.

Rlink RLINK name.
info Some information about RLINK. timeout indicates timeout time,

and packet_size indicates packet length.
state The state of RLINK. Normally, it is ACTIVE, synchronous state is

off, latencyprot state is off and srlprot state is autodcm.
assoc Association information of RLINK.

l rvg refers to the RVG to which this RLINK belongs
l remote_host refers to remote host name
l IP_addr refers to the IP address of the remote host
l port refers to port No. of the remote host
l remote_dg refers to remote disk group
l remote_dg_dgid refers to remote disk group ID
l remote_rvg_version refers to remote host's RVG version No.
l remote_rlink refers to the name of remote host's RLINK
l remote_rlink_rid refers to remote host's RLINK ID
l local_host refers to local host's IP address
l port refers to port No. of local host
protocol Data synchronization protocol.
flags The flag for RLINK, which should be write enabled attached
consistent connected asynchronous in the normal state.
Table F-4 Screen output description of vxprint -l datarvg

Disk group The disk group to which this RVG belongs.
Rvg RVG name.
info The information about RVG.
state The state of RVG. Normally, it should be ACTIVE and kernel

should be ENABLED.
assoc The association information of RVG.

datavols refers to data disk volumes contained in RVG, srl refers
to the SRLog disk volume contained in RVG and rlinks refers to
the Rlink contained in RVG.
att The Rlink activated by RVG.
flags The flag information of RVG, which should be closed primary

enabled attached normally.

device The device information of RVG, containing device ID and trail.
perms The authority information of RVG.
F.2.2 vxdisk
You can check whether the disks managed by Veritas are normal.
l Check whether the disks managed by Veritas are normal.
l Check the disks during routine maintenance.
Command Formats
# vxdisk list

Table F-5 Screen output format description of vxdisk

Screen Output Format Description
DEVICE Equipment number. It is usually "c*t*d*",

which indicates a hard disk.
TYPE Type. It is usually "auto:sliced".
DISK Disk name.
GROUP Disk group name.
STATUS Normally, it is online.
F.2.3 vxdg
You can check whether the disk groups managed by Veritas are normal.
l Check whether the disk groups managed by Veritas are normal.
l Check the disk groups during routine maintenance.
Command Formats
# vxdg list


NAME STATE ID
Table F-6 Screen output format description of vxdg
Screen Output Description

Format
NAME Disk group name. It is datadg in the case of two hard disks, and
rootdg in the case of at least three hard disks.
STATE Enabled.
ID Disk group ID, which can be neglected.
F.2.4 vradmin
You can query the replication status.
l Query the replication status.
l Query the status during routine patrol and fault maintenance. In this way, you can
proceed with the next operation according to the current status.
Command Formats
l # vradmin printrvg RVG name
l # vradmin -g datadg repstatus RVG name

The screen output of vradmin printrvg datarvg is as follows:
Primary:
HostName: 10.9.1.1 <localhost>
RvgName: datarvg
DgName: datadg
Secondary:
HostName: 10.9.1.2
RvgName: datarvg
DgName: datadg
Table F-7 Screen output format description
Screen Output Format Description Example
Replicated Data Set RVG name. It is datarvg in this example.
Primary Active site, which is the data -

replication source.

HostName: IP address IP address of the local site. It is 10.9.1.1 in this

<localhost> example.
RvgName RVG name. It is datarvg in this example.
DgName Disk group that the RVG It is datadg in this example.

belongs to.
Secondary Standby site, which is the -

data replication sink.
HostName: IP address IP address of the remote It is 10.9.1.2 in this

site. example.
RvgName RVG name. It is datarvg in this example.
DgName Disk group that the RVG It is datadg in this example.

belongs to.
The screen output of vradmin -g datadg repstatus datarvg is as follows:

Primary:
Host name: 10.9.1.1
RVG name: datarvg
DG name: datadg
Data volumes: 1
VSets: 0
SRL name: srl_vol
SRL size: 1.00 G
Secondary:
Host name: 10.9.1.2
RVG name: datarvg
DG name: datadg
Logging to: SRL

Replicated Data Set RVG name. It is datarvg in this example.
Primary Active site. -
Host name IP address of the active site. It is 10.9.1.1 in this

example.
RVG name RVG name of the active site. It is datarvg in this example.
DG name Disk group that the RVG It is datadg in this example.

belongs to.

RVG state RVG status. Normally, the it is enabled for I/O in this
status is enabled for I/O. example.
Data volumes Disk volumes to be It is 1 in this example.

replicated.
SRL name SRL name. It is srl_vol in this example.
SRL size SRL size, which is usually It is 1G in this example.

1G.
Total secondaries Standby site count, which is It is 1 in this example.

usually 1.
Secondary Standby site. -
Host name IP address of the standby It is 10.9.1.1 in this

site. example.
RVG name RVG name of the standby It is datarvg in this example.

site.
DG name Disk group that the RVG It is datadg in this example.

belongs to.
Data status Data status. It is consistent, up-to-date in

l If the active site is this example.
synchronous with the
standby site, the status is
consistent, up-to-date.
l Otherwise, the status is
inconsistent (the number
of bytes to be
synchronized).
Replication status Replication status. It is replicating(connected)

Normally, the status is in this example.
replicating(connected).
Current mode Replication mode, which is It is asynchronous in this

usually asynchronous. example.
Logging to Buffer area, which is usually It is SRL in this example.

SRL. In the case of SRL
overflow, it is DCM.
Timestamp Information Time stamp. If the data is It is N/A in this example.

consistent between the
active and standby sites, it is
N/A. Otherwise, the time for
synchronization is specified.

F.2.5 hastatus
You can query the VCS status.
l Query the VCS status for the Veritas hot standby system.
l Query the status during routine patrol and fault maintenance. In this way, you can
proceed with the next operation according to the current status.
Command Examples
l # hastatus -sum
View the status of each service group in the VCS.
l # hastatus
View the status of each resource in the VCS.

The screen output of the hastatus -sum command is as follows:

A primary RUNNING 0 The VCS running status of the current node.

Normally, it is RUNNING.
B AppService Primary Y N ONLINE The name of the application group of the

primary node is AppService, and the status
is ONLINE.
B ClusterService Primary Y N ONLINE The name of the heartbeat group is

ClusterService, and the status is ONLINE.
B VVRService Primary Y N ONLINE The name of the data replication group is

VVRService, and the status is ONLINE.
L Icmp SecondaryCluster ALIVE The heartbeat status between the primary

and secondary nodes. Normally, it is
ALIVE.
M SecondaryCluster RUNNING The VCS running status of the remote node.

N secondaryCluster:secondary RUNNING 0 The running status of the secondary node.

O AppService SecondaryCluster:Secondary The application group of the secondary

Y N OFFLINE node. The status is OFFLINE.
The screen output of the hastatus command is as follows:

NOTE
To terminate the hastatus command, press the shortcut keys Ctrl+C.
SecondaryCluster RUNNING The running status of the remote node.

HB:Icmp SecondaryCluster ALIVE The heartbeat status of the remote node.

Normally, it is ALIVE.
SecondaryCluster:Secondary RUNNING The server running status of the remote site.

AppService localclus:Primary ONLINE The running status of the local application

group. Normally, the status on the active site
is ONLINE and the status on the standby
site is OFFLINE.
ClusterService localclus:Primary ONLINE The running status of the local heartbeat

group. Normally, it is ONLINE.
VVRService localclus:Primary ONLINE The running status of the local data

replication group. Normally, it is ONLINE.
AppService SecondaryCluster:Secondary The running status of the remote application

OFFLINE group. Normally, the status on the active site
is ONLINE and the status on the standby
site is OFFLINE.
EMSApp SecondaryCluster:Secondary The running status of a single local

OFFLINE resource. Normally, the application group
status of the active site is ONLINE, the
application group status of the standby site
is OFFLINE, and the status of resources in
other resource groups is ONLINE.
F.3 Maintenance Command

When the HA system becomes abnormal, you can run the following command to repair the
fault.
F.3.1 hagrp
You can control the VCS resource groups.
Control the VCS resource groups.

Command Formats
l # hagrp -online resource group name -sys host name
l # hagrp -offline resource group name -sys host name
l # hagrp -freeze resource group name -sys host name
l # hagrp -unfreeze resource group name -sys host name
l # hagrp -clear resource group name -sys host name
Examples
l # hagrp -online AppService -sys Primary
Start the U2000 server on the primary site.
NOTE
Prerequisites:
l All the groups that the resource group depends on are online.
l The resource group is not frozen.
Operation result: The U2000 server is started.
If you perform the online operation the first time, the -force parameter is required. For example:
hagrp -online -force AppService -sys Primary.
l # hagrp -offline AppService -sys Primary
Shut down the U2000 server on the primary site.
NOTE
Prerequisites:
l All the groups that depend on the resource group are offline.
l The resource group is not frozen.
Operation result: The U2000 server is shut down.
l # hagrp -freeze AppService -sys Primary
Freeze the AppService group on the primary site.
NOTE
Prerequisites: None
Operation result: The resource group is locked. The VCS no longer monitors this resource group.
That is, the VCS function is disabled.
l # hagrp -unfreeze AppService -sys Primary
Unfreeze the AppService group on the primary site.
NOTE
Prerequisites: None
Operation result: The resource group is unlocked. The VCS function is enabled.
l # hagrp -clear AppService -sys Primary
Clear faults of the AppService group on the primary site.
NOTE
Prerequisites: The status of a resource group is FAULT. In this case, a resource is usually faulty.
For example, a core dump of the U2000 process occurs.
Operation result: The error tag of the VCS is cleared. In this way, the online operation can be
performed.

F.3.2 hastop
This section describes how to forcibly shut down the VCS server in the Veritas hot standby.
Forcibly shut down the VCS server. The VCS server cannot be normally shut down by
running the /etc/rc3.d/S99vcs script.
Command Formats
Examples
Forcibly shut down the VCS server.
NOTE
Prerequisites: None
Operation result: The VCS server is forcibly shut down. The status of VCS resources is not offline.

Administrator Guide G Common Maintenance Tools
G Common Maintenance Tools
This topic describes the maintenance tools that are commonly used in the U2000.
Table G-1 show the maintenance tools that are commonly used in the U2000.
Table G-1 Common maintenance tools in the U2000

Tool Functions
NMS Maintenance Tool Deploys the U2000, manages the database, backs up and
restores the database, initializes the database, and maintains
the system.
SetSolaris Reinforces the security of the NMS in the Solaris OS.
SetWin Reinforces the security of the NMS in the Windows OS.
SetSuse Reinforces the security of the NMS in the SUSE Linux OS.
OfficeScan Reinforces the security of the NMS in the Windows OS.

Administrator Guide H Glossary and Abbreviations
H Glossary and Abbreviations
A
access control list A list of entities, together with their access rights, which are authorized to have access
to a resource.
access control right The level of right granted to a user for his access to certain items.
ACL See access control list
advanced telecom A platform that is used by the hardware of the N2510. To expand the system capacity
application smoothly, you only need to add certain boards to the shelf and need not replace the
environment server. This helps reduce the investments of the customer.
AIS See Alarm Indication Signal
Alarm A message reported when a fault is detected by a device or by the network
management system during the process of polling devices. Each alarm corresponds to
a recovery alarm. After a recovery alarm is received, the status of the corresponding
alarm changes to cleared.
alarm An operation performed on an alarm. Through this operation, the status of an alarm is
acknowledgement changed from unacknowledged to acknowledged, which indicates that the user starts
handling the alarm. The process during which when an alarm is generated, the
operator needs to acknowledge the alarm and take the right step to clear the alarm.
alarm correlation rule A process of analyzing the alarms that meet alarm correlation rules. If alarm 2 is
analyzing generated within 5 seconds after alarm 1 is generated and meets the alarm correlation
analysis rules, the EMS masks alarm 2 or improves its severity level according to the
alarm correlation rules.
alarm delay time The alarm delay time consists of the start delay time and the end delay time. When an
NE detects an alarm for a period, the period is the start delay time. When an NE
detects that the alarm disappears for a period, the period is the end delay time.
Unnecessary alarms that are caused by error reports or jitters can be avoided by setting
the delay time.

alarm indication On the cabinet of an NE, there are four indicators in different colors indicating the
current status of the NE. When the green indicator is on, it indicates that the NE is
powered on. When the red indicator is on, it indicates that a critical alarm is generated.
When the orange indicator is on, it indicates that a major alarm is generated. When the
yellow indicator is on, it indicates that a minor alarm is generated. The ALM alarm
indicator on the front panel of a board indicates the current status of the board. (Metro)
Alarm Indication A code sent downstream in a digital network as an indication that an upstream failure
Signal has been detected and alarmed. It is associated with multiple transport layers. Note:
See ITU-T Rec. G.707/Y.1322 for specific AIS signals.
alarm mask On the host, an alarm management method through which users can set conditions for
the system to discard (not to save, display, or query for) the alarm information meeting
the conditions.
alarm reporting to the On a device, an alarm is reported to the EMS at once after the alarm is generated. On
EMS immediately the EMS client, the corresponding alarm information is displayed on the alarm panel.
alarm severity The significance of a change in system performance or events. According to ITU-T
recommendations, an alarm can have one of the following severities:Critical, Major,
Minor, Warning.
alarm status The devices in the network report traps to the NMS, which displays the alarm statuses
in the topological view. The status of an alarm can be critical, major, minor and
prompt.
alarm synchronization When alarm synchronization is implemented, the EMS checks the alarm information
in its database and on the NEs. If the alarm information on the two locations is
inconsistent, the alarm information on the NEs is synchronized to the EMS database to
replace the original records.
ALC link A piece of end-to-end configuration information, which exists in the equipment
(single station) as an ALC link node. Through the ALC function of each node, it
fulfils optical power control on the line that contains the link.
ARP Proxy When a host sends an ARP request to another host, the request is processed by the
DSLAM connected to the two hosts. The process is called ARP proxy. This protocol
helps save the bandwidth in the networking of a low-rate WAN or helps implement the
layer 3 communication between access devices in the networking of layer 2 isolation.
Asynchronous A data transfer technology based on cell, in which packets allocation relies on channel
Transfer Mode demand. It supports fast packet switching to achieve efficient utilization of network
resources. The size of a cell is 53 bytes, which consist of 48-byte payload and 5-byte
header.
ATAE See advanced telecom application environment
ATM See Asynchronous Transfer Mode
Authority and Domain The function of the NMS for authority management. With this function, you can:
Based Management
1. Partition and control the management authority
2. Manage device nodes and service data by region
3. Allocate users with different management and operation rights for different
regions
auto-negotiation An optional function of the IEEE 802.3u Fast Ethernet standard that enables devices
to automatically exchange information over a link about speed and duplex abilities.

bandwidth A range of transmission frequencies that a transmission line or channel can carry in a
network. In fact, it is the difference between the highest and lowest frequencies the
transmission line or channel. The greater the bandwidth, the faster the data transfer
rate.
BASE A kind of bus or plane used to load software, transmit alarms and maintain
information exchange.
basic input/output A firmware stored in the computer mainboard. It contains basic input/output control
system programs, power-on self test (POST) programs, bootstraps, and system setting
information. The BIOS provides hardware setting and control functions for the
computer.
BFD See Bidirectional Forwarding Detection
Bidirectional A simple Hello protocol, similar to the adjacent detection in the route protocol. Two
Forwarding Detection systems periodically send BFD detection messages on the channel between the two
systems. If one system does not receive the detection message from the other system
for a long time, you can infer that the channel is faulty. Under some conditions, the
TX and RX rates between systems need to be negotiated to reduce traffic load.
BIOS See basic input/output system
board Board refers to an electronic part that can be plugged in to provide new capability. It
comprises chips and electronic components and these components are always on a flat
and hard base and connected through conductive paths. A board provides ports for
upstream connections or service provisioning.
Bond Bond: On the SUSE Linux OS, the bond technology is used to form a virtual layer
between the physical layer and the data link layer. This technology allows two server
NICs connecting to a switch to be bound to one IP address. The MAC addresses of the
two NICs are also automatically bound as one MAC address. In this manner, a virtual
NIC is formed. The bond technology supports two modes: double-live and primary/
secondary. In double-live mode, after receiving request data from a remote server, the
virtual NIC on the server determines data transmission based on an algorithm,
improving network throughput and usability of the server. In primary/secondary mode,
if an NIC does not function properly, services will be automatically switched to the
other NIC, ensuring service protection. The SUSE Linux OS supports the binding of
NICs in primary/secondary mode.
C/S See client/server software architecture

CAR See committed access rate
CAU See Client Auto Update
CDE See Common Desktop Environment
CIR See Committed Information Rate
client A device that sends requests, receives responses, and obtains services from the server.
Client Auto Update This function helps you to automatically detect the update of the client version and
upgrade the client. This keeps the version of the client is the same as that of the server.

Client/Server The model of interaction in a distributed system in which a program at one site sends a
request to a program at another site and awaits a response. The requesting program is
called a client. The program satisfying the request is called the server. It is usually
easier to build client software than build the server software.
client/server software A message-based and modular software architecture that comprises servers and
architecture clients. Compared with the centralized, mainframe, and time sharing computing, the
client/server software architecture improves the usability, flexibility, interoperability,
and scalability. In this architecture, a client is defined as the party that requires
services and a server is defined as the party that provides services. The client/server
architecture reduces network traffic by providing a query response rather than
transferring all files.
cluster A mechanism adopted to improve the system performance. Several devices of the
same type form a cluster. The exterior of a cluster is some like a kind of equipment. In
the interior of a cluster, the nodes share the load.
committed access rate A traffic control method that uses a set of rate limits to be applied to a router interface.
CAR is a configurable method by which incoming and outgoing packets can be
classified into QoS (Quality of Service) groups, and by which the input or output
transmission rate can be defined.
Committed The rate at which a frame relay network agrees to transfer information in normal
Information Rate conditions. Namely, it is the rate, measured in bit/s, at which the token is transferred to
the leaky bucket.
Common Desktop The Common Desktop Environment (CDE) is an integrated graphical user interface
Environment for open systems desktop computing. It delivers a single, standard graphical interface
for the management of data and files (the graphical desktop) and applications. CDE's
primary benefits -- deriving from ease-of-use, consistency, configurability, portability,
distributed design, and protection of investment in today's applications -- make open
systems desktop computers as easy to use as PCs, but with the added power of local
and network resources available at the click of a mouse.
Common Object A specification developed by the Object Management Group in 1992 in which pieces
Request Broker of programs (objects) communicate with other objects in other programs, even if the
Architecture two programs are written in different programming languages and are running on
different platforms. A program makes its request for objects through an object request
broker, or ORB, and thus does not need to know the structure of the program from
which the object comes. CORBA is designed to work in object-oriented environments.
See also IIOP, object (definition 2), Object Management Group, object-oriented.
Common Object A specification developed by the Object Management Group in 1992 in which pieces
Request Broker of programs (objects) communicate with other objects in other programs, even if the
Architecture two programs are written in different programming languages and are running on
different platforms. A program makes its request for objects through an object request
broker, or ORB, and thus does not need to know the structure of the program from
which the object comes. CORBA is designed to work in object-oriented environments.
See also IIOP, object (definition 2), Object Management Group, object-oriented.
CORBA See Common Object Request Broker Architecture
CORBA See Common Object Request Broker Architecture

D
Data Communication Data Communications Channel. The data channel that uses the D1-D12 bytes in the
Channel overhead of an STM-N signal to transmit information on operation, management,
maintenance and provision (OAM&P) between NEs. The DCC channels that are
composed of bytes D1-D3 is referred to as the 192 kbit/s DCC-R channel. The other
DCC channel that are composed of bytes D4-D12 is referred to as the 576 kbit/s DCC-
M channel.
data communication A communication network used in a TMN or between TMNs to support the data
network communication function.
data replication link A link used for data replication between the production machine and redundancy
machine. It is separated from the network of the primary links.
DCC See Data Communication Channel
DCN See data communication network
DDN See digital data network
Delay An average time taken by the service data to transmit across the network.
DG disk group
DHCP See Dynamic Host Configuration Protocol
digital data network A high-quality data transport tunnel that combines the digital channel (such as fiber
channel, digital microwave channel, or satellite channel) and the cross multiplex
technology.
disk mirroring A technique in which all or part of a hard disk is duplicated onto one or more other
hard disks, each of which ideally is attached to its own controller. With disk mirroring,
any change made to the original disk is simultaneously made to the other disks so that
if the original disk becomes damaged or corrupted, the mirror disks will contain a
current, undamaged collection of the data from the original disk.
Dynamic Host A client-server networking protocol. A DHCP server provides configuration
Configuration Protocol parameters specific to the DHCP client host requesting, generally, information
required by the host to participate on the Internet network. DHCP also provides a
mechanism for allocation of IP addresses to hosts.
E
E1 A European standard for high-speed data transmission at 2.048 Mbit/s. It provides 32
x 64 kbit/s channels.
ECC See embedded control channel
embedded control A logical channel that uses a data communications channel (DCC) as its physical
channel layer, to enable transmission of operation, administration, and maintenance (OAM)
information between NEs.
Equipment Serial A 32-bit number assigned by the mobile station manufacturer, uniquely identifying the
Number mobile station equipment.
ESN See Equipment Serial Number

F
Fabric A kind of bus/plane used to exchange system service data.
File Transfer Protocol A member of the TCP/IP suite of protocols, used to copy files between two computers
on the Internet. Both computers must support their respective FTP roles: one must be
an FTP client and the other an FTP server.
FTP See File Transfer Protocol
G
gateway A device to connect two network segments which use different protocols. It is used to
translate the data in the two network segments.
gateway network A network element that is used for communication between the NE application layer
element and the NM application layer
GE The IEEE standard dubbed 802.3z, which includes support for transmission rates of1
Gbps (gigabit per second)--1,000 Mbps (megabits per second)--over an Ethernet
network.
GMT See Greenwich Mean Time
GNE See gateway network element
graphical user A visual computer environment that represents programs, files, and options with
interface graphical images, such as icons, menus, and dialog boxes, on the screen.
Greenwich Mean Time The mean solar time at the Royal Greenwich Observatory in Greenwich near London
in England, which by convention is at 0 degrees geographic longitude.
GUI See graphical user interface
H
HA See High Availability
HA system See high availability system
half-duplex A transmitting mode in which a half-duplex system provides for communication in
both directions, but only one direction at a time (not simultaneously). Typically, once a
party begins receiving a signal, it must wait for the transmitter to stop transmitting,
before replying.
High Availability The ability of a system to continuously perform its functions during a long period,
which may exceeds the suggested working time of the independent components. You
can obtain the high availability (HA) by using the error tolerance method. Based on
learning cases one by one, you must also clearly understand the limitations of the
system that requires an HA ability and the degree to which the ability can reach.
high availability The high availability system (HA) system indicates that two servers are adopted by a
system same computer. When the primary server is faulty, the secondary server provides the
environment on which the software runs through the related technology.
History alarm The confirmed alarms that have been saved in the memory and other external
memories.

host The computer system that is connected with disks, disk subsystems, or file servers and
on which data is stored and I/Os are accessed. A host can be a large computer, server,
workstation, PC, multiprocessor computer, and computer cluster system.
I
IANA See Internet assigned numbers authority
ICA See independent computing architecture
ICMP See Internet Control Message Protocol
IE See Internet Explorer
IEEE See Institute of Electrical and Electronics Engineers
iMAP See integrated management application platform
independent An architecture that logically separates application execution from user interfaces to
computing transmit only keyboard actions, mouse responses, and screen updates on the network.
architecture
Institute of Electrical A society of engineering and electronics professionals based in the United States but
and Electronics boasting membership from numerous other countries. The IEEE focuses on electrical,
Engineers electronics, computer engineering, and science-related matters.
integrated N/A
management
application platform
International Standard One of two international standards bodies responsible for developing international
Organization data communications standards. International Organization for Standardization (ISO)
works closely with the International Electro- technical Commission (IEC) to define
standards of computing. They jointly published the ISO/IEC SQL-92 standard for
SQL.
International An organization that establishes recommendations and coordinates the development of
Telecommunication telecommunication standards for the entire world.
Union
Telecommunication
Standardization
Internet assigned The organization operated under the IAB. IANA delegates authority for IP address-
numbers authority space allocation and domain-name assignment to the NIC and other organizations.
IANA also maintains a database of assigned protocol identifiers used in the TCP/IP
suite, including autonomous system numbers.
Internet Control A network-layer (ISO/OSI level 3) Internet protocol that provides error correction and
Message Protocol other information relevant to IP packet processing. For example, it can let the IP
software on one machine inform another machine about an unreachable destination.
See also communications protocol, IP, ISO/OSI reference model, packet (definition 1).
Internet Explorer Microsoft's Web browsing software. Introduced in October 1995, the latest versions of
Internet Explorer include many features that allow you to customize your experience
on the Web. Internet Explorer is also available for the Macintosh and UNIX platforms.

Internet Protocol The TCP/IP standard protocol that defines the IP packet as the unit of information sent
across an Internet and provides the basis for connectionless, best-effort packet delivery
service. IP includes the ICMP control and error message protocol as an integral part.
The entire protocol suite is often referred to as TCP/IP because TCP and IP are the
two fundamental protocols. IP is standardized in RFC 791.
Internet Protocol A update version of IPv4. It is also called IP Next Generation (IPng). The
Version 6 specifications and standardizations provided by it are consistent with the Internet
Engineering Task Force (IETF).Internet Protocol Version 6 (IPv6) is also called. It is a
new version of the Internet Protocol, designed as the successor to IPv4. The
specifications and standardizations provided by it are consistent with the Internet
Engineering Task Force (IETF).The difference between IPv6 and IPv4 is that an IPv4
address has 32 bits while an IPv6 address has 128 bits.
inventory A physical inventory in the U2000, that is, a physical resource such as a
telecommunications room, rack, NE, subrack, board, subboard, port, optical module,
fiber/cable, fiber and cable pipe, link resource, interface resource, access service,
ONU, or NE e-label that can be managed on the U2000, and the relationship between
resources.
IP See Internet Protocol
IPv4 The abbreviation of Internet Protocol version 4. IPv4 utilizes a 32bit address which is
assigned to hosts. An address belongs to one of five classes (A, B, C, D, or E) and is
written as 4 octets separated by periods and may range from 0.0.0.0 through to
255.255.255.255. Each address consists of a network number, an optional subnetwork
number, and a host number. The network and subnetwork numbers together are used
for routing, and the host number is used to address an individual host within the
network or subnetwork. IPv4 addresses may also be represented using CIDR
(Classless Inter Domain Routing).
IPv6 See Internet Protocol Version 6
ISO See International Standard Organization
ITU-T See International Telecommunication Union Telecommunication Standardization
J
Java Virtual Machine The environment in which Java programs run. The Java Virtual Machine gives Java
programs a software-based computer they can interact with. Because the Java Virtual
Machine is not a real computer but exists in software, a Java program can run on any
physical computing platform.
JRE Java runtime environment
JVM See Java Virtual Machine
K
keyboard, video, and A hardware device installed in the integrated configuration cabinet. KVM serves as
mouse the input and output device for the components inside the cabinet. It consists of a
screen, a keyboard, and a mouse.
KVM See keyboard, video, and mouse

L
LAN See Local Area Network
LCT See Local Craft Terminal
LDAP See Lightweight Directory Access Protocol
License A permission that the vendor provides for the user with a specific function, capacity,
and durability of a product. A license can be a file or a serial number. Usually the
license consists of encrypted codes, and the operation authority varies with different
level of license.
Lightweight Directory An TCP/IP based network protocol that enables access to a DSA. It involves some
Access Protocol reduced functionality from X.500 DAP specification.
Link Layer Discovery The Link Layer Discovery Protocol (LLDP) is an L2D protocol defined in IEEE
Protocol 802.1ab. Using the LLDP, the NMS can rapidly obtain the Layer 2 network topology
and changes in topology when the network scales expand.
LLDP See Link Layer Discovery Protocol
load balancing The distribution of activity across two or more servers or components in order to
avoid overloading any one with too many requests or too much traffic.
Local Area Network A network formed by the computers and workstations within the coverage of a few
square kilometers or within a single building. It features high speed and low error rate.
Ethernet, FDDI, and Token Ring are three technologies used to implement a LAN.
Current LANs are generally based on switched Ethernet or Wi-Fi technology and
running at 1,000 Mbit/s (that is, 1 Gbit/s).
Local Craft Terminal Local Craft Terminal. The terminal software that is used for local maintenance and the
management of NEs in the singer-user mode, to realize integrated management of
multi-service transmission network. See also U2000.
M
MAN See Metropolitan Area Network
MD5 See Message-Digest Algorithm 5
MDP See message dispatch process
message dispatch N/A
process
Message-Digest A one-way hashing algorithm that produces a 128-bit hash. Both MD5 and Secure
Algorithm 5 Hash Algorithm (SHA) are variations on MD4 and are designed to strengthen the
security of the MD5 hashing algorithm.
Metropolitan Area A metropolitan area network (MAN) is a network that interconnects users with
Network computer resources in a geographic area or region larger than that covered by even a
large local area network (LAN) but smaller than the area covered by a wide area
network (WAN). The term is applied to the interconnection of networks in a city into a
single larger network (which may then also offer efficient connection to a wide area
network). It is also used to mean the interconnection of several local area networks by
bridging them with backbone lines. The latter usage is also sometimes referred to as a
campus network.

modem A device or program that enables a computer to transmit data over, for example,
telephone or cable lines. Computer information is stored digitally, whereas
information transmitted over telephone lines is transmitted in the form of analog
waves. A modem converts between these two forms.
MS Manual Switch
MSTP See multi-service transmission platform
MSuite NMS maintenance suite
multi-service A platform based on the SDH platform, capable of accessing, processing and
transmission platform transmitting TDM services, ATM services, and Ethernet services, and providing
unified management of these services.
N
NBI See northbound interface
NE See network element
network element A network element (NE) contains both the hardware and the software running on it.
One NE is at least equipped with one system control board which manages and
monitors the entire network element. The NE software runs on the system control
board.
network layer The network layer is layer 3 of the seven-layer OSI model of computer networking.
The network layer provides routing and addressing so that two terminal systems are
interconnected. In addition, the network layer provides congestion control and traffic
control. In the TCP/IP protocol suite, the functions of the network layer are specified
and implemented by IP protocols. Therefore, the network layer is also called IP layer.
Network Management A system in charge of the operation, administration, and maintenance of a network.
System
Network Time The Network Time Protocol (NTP) defines the time synchronization mechanism. It
Protocol synchronizes the time between the distributed time server and the client.
new technology file An advanced file system designed for use specifically with the Windows NT operating
system system. It supports long filenames, full security access control, file system recovery,
extremely large storage media, and various features for the Windows NT POSIX
subsystem. It also supports object-oriented applications by treating all files as objects
with user-defined and system-defined attributes.
NMS See Network Management System
northbound interface The interface that connects to the upper-layer device to realize service provisioning,
report alarms and performance statistics.
NTFS See new technology file system
NTP See Network Time Protocol
O
OAM See operation, administration and maintenance

Object Set A collection of managed objects. Object sets are established to facilitate the user right
management. If a user (or user group) is authorized with the operation rights of an
object set, the user (or user group) can perform all the authorized operations on all the
objects within the object set. This saves you the trouble of setting the management
rights for each NE one by one. Object sets can be created by geographical area,
network layer, equipment type and so on.
OMC See Operation and Maintenance Center
ONU See Optical Network Unit
Operation and An Operations and Maintenance Centre is an element within a network management
Maintenance Center system responsible for the operations and maintenance of a specific element or group
of elements. For example an OMC-Radio may be responsible for the management of a
radio subsystem where as an OMC-Switch may be responsible for the management of
a switch or exchange. However, these will in turn be under the control of a NMC
(Network Management Centre) which controls the entire network.
Operation Rights Operation Rights specify the concrete operation that the user can perform. The
operation right aims at the security objects. If one user has no right to manage one
device, he or she cannot operate the device.
Operation Set A collection of operations. Classifying operations into operation sets helps to manage
user operation rights. Operations performed by different users have different impacts
on system security. Operations with similar impacts are classified into an operation
set. Users or user groups entitled to an operation set can perform all the operations in
the operation set. The NMS provides some default operation sets. If the default
operation sets cannot meet the requirements for right allocation, users can create
operation sets as required.
Operation System Operation System is abbreviated to OS. OS is the interface between users and
computers. It manages all the system resources of the computer, and also provides an
abstract computer for users. With the help of OS, users can use the computers without
any direct operation on hardware. For the computer system, OS is a set of programs
used to manage all system resources; for users, OS provides a simple and abstract
method to use the system resources.
operation, A group of network support functions that monitor and sustain segment operation,
administration and activities that are concerned with, but not limited to, failure detection, notification,
maintenance location, and repairs that are intended to eliminate faults and keep a segment in an
operational state and support activities required to provide the services of a subscriber
access network to users/subscribers.
Operations Support A system whose main function is to run applications that manage network elements,
System networks and services.
Optical Network Unit A form of Access Node that converts optical signals transmitted via fiber to electrical
signals that can be transmitted via coaxial cable or twisted pair copper wiring to
individual subscribers.
OS See Operation System
OSS See Operations Support System
P
packet loss ratio The ratio of total lost packet outcomes to total transmitted packets in a population of
interest.

packet transport N/A

network
PC See Personal Computer
Peak Information Rate Peak Information Rate . A traffic parameter, expressed in bit/s, whose value should be
not less than the committed information rate.
Personal Computer A computer used by an individual at a time in a business, a school, or at home.
PIR See Peak Information Rate
PMU The unit that is used to monitor power supply in the equipment.
Point-to-Point Protocol PPPoE, point-to-point protocol over Ethernet, is a network protocol for encapsulating
over Ethernet PPP frames in Ethernet frames. It is used mainly with DSL services. It offers standard
PPP features such as authentication, encryption, and compression.
port 1. Of a device or network, a point of access where signals may be inserted or
extracted, or where the device or network variables may be observed or
measured. (188)
2. In a communications network, a point at which signals can enter or leave the
network en
Power and The power and environment monitoring unit is installed at the top of the cabinet of the
environment SDH equipment and is used to monitor the environment variables, such as the power
monitoring unit supply and temperature. With external signal input through the relay, fire alarm,
smoke alarm, burglary alarm, etc. can be monitored as well. With the display on NMS
system, the change of environment can be monitored timely and accurately. For the
equipment installed with a power & environment monitoring board, the following
parameters can be set: relay switch output control, temperature alarm threshold, relay
usage and alarm setting, query of DIP switch status, etc.
PPPoE See Point-to-Point Protocol over Ethernet
private network A network which provides services to a specific set of users only (see
Recommendation I.570).
PSTN See public switched telephone network
PTN See packet transport network
public switched Public Switched Telephone Network. A telecommunications network established to
telephone network perform telephone services for the public subscribers.Sometimes called POTS.
R
RADIUS See remote authentication dial-in user service
RADIUS See Remote Authentication Dial in User Service
RAID See Redundant Arrays of Independent Disks

Redundant Arrays of A data storage scheme that allows data to be stored and replicated in a hardware disk
Independent Disks group (logical hard disk) consisting of multiple hard disks (physical hard disks). When
multiple physical disks are set up to use the RAID technique, they are said to be in a
RAID array. The hard disks in a RAID array provides higher data reliability and input/
output performance. There are various defined levels of RAID, each offering differing
trade-offs among access speed, reliability, and cost. At present, there are seven basic
RAID levels from RAID 0 to RAID 6. These basic RAID levels can be further
combined to form new RAID levels, such as RAID 10 (a combination of RAID 0 and
RAID 1).
Remote Authentication RADIUS was originally used to manage the scattered users who use the serial
Dial in User Service interface and modem, and it has been widely used in NAS. NAS delivers the
information of users on authentication, authorization and accounting to the RADIUS
server. RADIUS stipulates how the user and accounting information is transferred
between NAS and RADIUS. The RADIUS server is responsible for receiving the
connection request from users to complete authentication, and returning the
configurations of the users to NAS.
remote authentication A security service that authenticates and authorizes dial-up users and is a centralized
dial-in user service access control mechanism. RADIUS uses the User Datagram Protocol (UDP) as its
transmission protocol to ensure real-time quality. RADIUS also supports the
retransmission and multi-server mechanisms to ensure good reliability.
replicated volume N/A
group
replication link A link used for data replication between the production machine and redundancy
machine. It is physically separated from the network of the primary links.
Rlink See data replication link
RTN Radio Transmission Node
RVG See replicated volume group
S
Script file It is the text file describing the physical information and configuration information of
the entire network, including the NE configuration file, port naming file, end-to-end
configuration file, NE physical view script file, NMS information file and service
implementation data script file.
SDH See Synchronous Digital Hierarchy
Secure File Transfer A network protocol designed to provide secure file transfer over SSH.
Protocol (SFTP)
Secure Shell (SSH) A set of standards and an associated network protocol that allows establishing a secure
channel between a local and a remote computer. A feature to protect information and
provide powerful authentication function for a network when a user logs in to the
network through an insecure network. It prevents IP addresses from being deceived
and plain text passwords from being captured.
Secure Sockets Layer A protocol for ensuring security and privacy in Internet communications. SSL
supports authentication of client, server, or both, as well as encryption during a
communications session.

Security Log Security logs record the security operations on the NMS, such as logging in to the
server, modifying the password, and exiting from the NMS server.
Serial Line Interface Serial Line Interface Protocol, defines the framing mode over the serial line to
Protocol implement transmission of messages over the serial line and provide the remote host
interconnection function with a known IP address.
server 1. On a local area network, a computer running administrative software that
controls access to the network and its resources, such as printers and disk drives,
and provides resources to computers functioning as workstations on the network.
2. On the Internet or other network, a computer or program that responds to
commands from a client. For example, a file server may contain an archive of
data or program files; when a client submits a request for a file, the server
transfers a copy of the file to the client.
3. A network device that provides services to network users by managing shared
resources, often used in the context of a client-server architecture for a LAN.
SFTP See Secure File Transfer Protocol (SFTP)

SSH See Secure Shell (SSH)
shelf management The shelf management board of the ATAE server.
module
Signal Noise Ratio The SNR or S/N (Signal to Noise Ratio) of the amplitude of the desired signal to the
amplitude of noise signals at a given point in time. SNR is expressed as 10 times the
logarithm of the power ratio and is usually expressed in dB (Decibel).
Signal to Noise Ratio The signal-to-noise ratio margin represents the amount of increased received noise (in
Margin dB) relative to the noise power that the system is designed to tolerate and still meet the
target BER of accounting for all coding gains included in the design.
Simple Mail Transfer The TCP/IP (Transmission Control Protocol/Internet Protocol) protocol which
Protocol facilitates the transfer of electronic-mail messages, specifies how two systems are to
interact, and the format of messages used to control the transfer of electronic mail.
Simple Network A network management protocol of TCP/IP. It enables remote users to view and
Management Protocol modify the management information of a network element. This protocol ensures the
transmission of management information between any two points. The polling
mechanism is adopted to provide basic function sets. According to SNMP, agents,
which can be hardware as well as software, can monitor the activities of various
devices on the network and report these activities to the network console workstation.
Control information about each device is maintained by a management information
block.
Simple Network Time A protocol that is adapted from the Network Time Protocol (NTP) and synchronizes
Protocol the clocks of computers over the Internet.
SLIP See Serial Line Interface Protocol
SMM See shelf management module
SMTP See Simple Mail Transfer Protocol
SNMP See Simple Network Management Protocol
SNR See Signal Noise Ratio
SNRM See Signal to Noise Ratio Margin

SNTP See Simple Network Time Protocol

SONET See Synchronous Optical Network
SQL See structured query language
SSL See Secure Sockets Layer
static route A route that cannot adapt to the change of network topology. Operators must configure
it manually. When a network topology is simple, the network can work in the normal
state if only the static route is configured. It can improve network performance and
ensure bandwidth for important applications. Its disadvantage is as follows: When a
network is faulty or the topology changes, the static route does not change
automatically. It must be changed by the operators.
Stelnet Secure Shell Telnet
structured query A database query and programming language widely used for accessing, querying,
language updating, and managing data in relational database systems.
SVM Solaris Volume Manager
Switching restoration It refers to the period of time between the start of detecting and the moment when the
time line is switched back to the original status after protection switching occurs in the
MSP sub-network.
Synchronous Digital SDH is a transmission scheme that follows ITU-T G.707, G.708, and G.709. It defines
Hierarchy the transmission features of digital signals such as frame structure, multiplexing mode,
transmission rate level, and interface code. SDH is an important part of ISDN and B-
ISDN. It interleaves the bytes of low-speed signals to multiplex the signals to high-
speed counterparts, and the line coding of scrambling is only used only for signals.
SDH is suitable for the fiber communication system with high speed and a large
capacity since it uses synchronous multiplexing and flexible mapping structure.
Synchronous Optical Synchronous Optical Network, is a method for communicating digital information
Network using lasers or light-emitting diodes (LEDs) over optical fiber. The method was
developed to replace the Plesiochronous Digital Hierarchy (PDH) system for
transporting large amounts of telephone and data traffic and to allow for
interoperability between equipment from different vendors. SONET defines interface
standards at the physical layer of the OSI seven-layer model. The standard defines a
hierarchy of interface rates that allow data streams at different rates to be multiplexed.
SONET establishes Optical Carrier (OC) levels from 51.8 Mbps (OC-1) to 9.95 Gbps
(OC-192).
SYSLOG Syslog is an industry standard protocol for recording device logs.
T
TCP See Transmission Control Protocol
TCP/IP See Transmission Control Protocol/Internet Protocol
Telecommunication The Telecommunications Management Network is a protocol model defined by ITU-T
Management Network for managing open systems in a communications network.An architecture for
management, including planning, provisioning, installation, maintenance, operation
and administration of telecommunications equipment, networks and services.

Telnet Standard terminal emulation protocol in the TCP/IP protocol stack. Telnet is used for
remote terminal connection, enabling users to log in to remote systems and use
resources as if they were connected to a local system. Telnet is defined in RFC 854.
TFTP See Trivial File Transfer Protocol
Time zone A division of the earth's surface, usually extending across 15 degrees of longitude
devised such that the standard time is the time at a meridian at the centre of the zone.
timing task The system can create a timing task (such as backing up, loading and recovering a
management task), run a timing task automatically, and suspend or resume a timing task.
TMN See Telecommunication Management Network
Transmission Control One of the core protocols of the Internet protocol suite. Using TCP, applications on
Protocol networked hosts can create connections to one another, over which they can exchange
streams of data. TCP guarantees reliable and in-order delivery of data from the sender
to the receiver. TCP also distinguishes data for multiple connections by concurrent
applications running on the same host.
Transmission Control Common name for the suite of protocols developed to support the construction of
Protocol/Internet worldwide internetworks.
Protocol
Trivial File Transfer A small and simple alternative to FTP for transferring files. TFTP is intended for
Protocol applications that do not need complex interactions between the client and server.
TFTP restricts operations to simple file transfers and does not provide authentication.
TFTP is small enough to be contained in ROM to be used for bootstrapping diskless
machines.
U
UDP See User Datagram Protocol
UPS Uninterruptible Power Supply
User Datagram A TCP/IP standard protocol that allows an application program on one device to send
Protocol a datagram to an application program on another. User Datagram Protocol (UDP) uses
IP to deliver datagrams. UDP provides application programs with the unreliable
connectionless packet delivery service. Thus, UDP messages can be lost, duplicated,
delayed, or delivered out of order. UDP is used to try to transmit the data packet, that
is, the destination device does not actively confirm whether the correct data packet is
received.
V
VCS See Veritas Cluster Server
Veritas Cluster Server A High-availability cluster software, for Unix, Linux and Microsoft Windows
computer systems, created by Veritas Software. It provides application cluster
capabilities to systems running Databases, file sharing on a network, electronic
commerce websites or other applications.
Veritas Volume A software product from veritas Inc.. The Veritas Volume Manager is used to manage
Manager disk storage.
Veritas Volume A wide area network data replication solution offered by VERITAS for multiple
Replicator operating systems. These include. AIX, HPUX and Solaris .

Virtual Local Area A logical grouping of two or more nodes which are not necessarily on the same
Network physical network segment but which share the same IP network number. This is often
associated with switched Ethernet.
Virtual Router A protocol used for multicast or multicast LANs such as an Ethernet. A group of
Redundancy Protocol routers (including an active router and several backup routers) in a LAN is regarded as
a virtual router, which is called a backup group. The virtual router has its own IP
address. The host in the network communicates with other networks through this
virtual router. If the active router in the backup group fails, one of the backup routers
become the active one and provides routing service for the host in the network.
VLAN See Virtual Local Area Network
volume A logical unit for disk virtualization management, and basic object for host
applications.
VRRP See Virtual Router Redundancy Protocol
VVM See Veritas Volume Manager
W
WAN See Wide Area Network
wavelength division A technology that utilizes the characteristics of broad bandwidth and low attenuation
multiplexing of single mode optical fiber, uses multiple wavelengths as carriers, and allows
multiple channels to transmit simultaneously in a single fiber.
WDM See wavelength division multiplexing
Wide Area Network A network composed of computers which are far away from each other which are
physically connected through specific protocols. WAN covers a broad area, such as a
province, a state or even a country.
Wireless Local Area A generic term covering a multitude of technologies providing local area networking
Network via a radio link. Examples of WLAN technologies include WiFi (Wireless Fidelity),
802.11b and 802.11a, HiperLAN, Bluetooth, etc.
WLAN See Wireless Local Area Network
work station A terminal or microcomputer, usually one that is connected to a mainframe or to a
network, at which a user can perform applications.
WS See work station

IManager U2000 V200R017C60 Administrator Guide 02 (PDF) - C

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

IManager U2000 V200R017C60 Administrator Guide 02 (PDF) - C

Загружено:

Авторское право:

Доступные форматы

iManager U2000 Unified Network Management

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 02 (2018-03-05) Huawei Proprietary and Confidential i

About This Document

Product Name Version

iManager U2000 V200R017C60

This document is intended for:

l U2000 system administrators

Indicates an imminently hazardous situation

Indicates a potentially hazardous situation

Indicates a potentially hazardous situation

Issue 02 (2018-03-05) Huawei Proprietary and Confidential ii

Indicates a potentially hazardous situation

Calls attention to important information,

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated by

[ x | y | ... ] Optional items are grouped in brackets and separated by

{ x | y | ... }* Optional items are grouped in braces and separated by

[ x | y | ... ]* Optional items are grouped in brackets and separated by

Boldface Buttons, menus, parameters, tabs, window, and dialog titles

Issue 02 (2018-03-05) Huawei Proprietary and Confidential iii

> Multi-level menus are in boldface and separated by the ">"

Used to fuzzify example IP address and

Changes in Issue 02 (2018-03-05) Based on Product Version V200R017C60

Changes in Issue 01 (2017-10-25) Based on Product Version V200R017C60

Issue 02 (2018-03-05) Huawei Proprietary and Confidential iv

About This Document.....................................................................................................................ii

3 Shutting Down a U2000..............................................................................................................45

Issue 02 (2018-03-05) Huawei Proprietary and Confidential v

3.3.2 Shutting Down the Database..................................................................................................................................... 50

4 Applying for and Updating the U2000 License..................................................................... 60

Issue 02 (2018-03-05) Huawei Proprietary and Confidential vi

5.2.4.3 Creating User-Defined Operation Sets................................................................................................................. 119

Issue 02 (2018-03-05) Huawei Proprietary and Confidential vii

5.3.2.4 Enableing or Disabling SSLv3 on the U2000...................................................................................................... 187

Issue 02 (2018-03-05) Huawei Proprietary and Confidential viii

5.4.5.2 Creating an NE User.............................................................................................................................................225

6 U2000 Fast Restoration..............................................................................................................246

Issue 02 (2018-03-05) Huawei Proprietary and Confidential ix

Issue 02 (2018-03-05) Huawei Proprietary and Confidential x

6.2.3.2 Manually Execute Restoration Tasks on the Secondary Site................................................................................379

7 Managing U2000 Keys.............................................................................................................. 388

8 Managing U2000 Files and Disks........................................................................................... 406

Issue 02 (2018-03-05) Huawei Proprietary and Confidential xi

8.5.1.5 Monitoring the Mounting Status of File Systems.................................................................................................423

9 Log Management....................................................................................................................... 433

Issue 02 (2018-03-05) Huawei Proprietary and Confidential xii

9.2.1 Configuring the Information Center on the NEs..................................................................................................... 492

10 Monitoring the U2000 Processes...........................................................................................505

11 Common Veritas Operations.................................................................................................564

Issue 02 (2018-03-05) Huawei Proprietary and Confidential xiii

11.5.6 Disabling a Resource Group.................................................................................................................................. 575

12 Changing the Host Name and IP Address..........................................................................583

Issue 02 (2018-03-05) Huawei Proprietary and Confidential xiv

A.1.12 How to Configure the minasshd Encryption Algorithm.......................................................................................618

Issue 02 (2018-03-05) Huawei Proprietary and Confidential xv

A.3.1.2 How to Add the Default Route............................................................................................................................ 684

Issue 02 (2018-03-05) Huawei Proprietary and Confidential xvi

A.3.4.16 How to Obtain Packet Headers on Solaris.........................................................................................................737