Versions Compared

Old Version 3

changes.mady.by.user Viktoryia Varapayeva

Saved on

compared with

New Version Current

changes.mady.by.user Viktoryia Varapayeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log in to the Standby Operations Center command line via SSH using the admin/admin system credentials.
  2. Execute In the administrative shell, execute the following administrative shell CLI commands on a newly installed or reset Standby Operations Center instance:
    1. Define the management port IP configuration for the Standby Operations Center:
      admin-na206.corp100.local> configure local> configure server
    2. Install the license for the Standby Operations Center:
      • For a physical appliance, generate a license by running the license generate command. For more information, see license generate command.
      • For a virtual appliance, run admin-na206.corp100.local> license local> license <license filename>.gpg
    3. Define server settings for the Standby Operations Center:
      admin-na206.corp100.local> configure local> configure server
      Make a note of your settings for Step 6 of this Procedure.

...


    1. The configure server command also generates a new self-signed certificate for the Standby Operations Center. In cases where a CA-signed certificate is used in the original Operations Center, the HTTPS certificates need to be configured using the procedures described in the topic NetMRI Security Settings in the NetMRI Administrator Guide and in the NetMRI online help.

...

  1. Verify your settings by entering the following commands:

...

    1. List the complete config settings for the Standby Operations Center

...

    1. :
      admin-na206.corp100.local> show

...

    1. settings
    2. Show the installed license for the Standby Operations Center:
      admin-na206.corp100.local> show license

...

  1. Via SCP, manually transfer the Primary Operations Center database archive to the Standby Operations Center.
    You can also configure the database backup for the Primary as an automated transfer, using the Settings icon > Database Settings > Scheduled Archive screen on the Primary Operations Center to archive the OC database to the system designated as the Standby. The backup directory, in this case, should be set as "Backup". For more information, see Database Archiving Functions in the Admin Guide and in the online Help.
    When using the automated database backup, you must first log in to the Standby Operations Center through your web browser, and set the admin password to a value different from the "admin" factory default.
    In this case, after the Standby OC system is activated as the Primary, click the Settings > Database Settings > Scheduled Archive tab and define another remote system to back up the new OC's database archive.
    If you schedule the transfer to occur within six hours of the start of weekly maintenance, no new archive will be created. Instead, the archive generated by weekly maintenance will be used. For large deployments with a lot of data, configuring backups to occur more frequently than the weekly interval may affect overall system performance.

...

  1. Using the administrative shell on the Standby Operations Center, restore the database archive on the Standby Operations Center. Restore time depends upon the size of the database, and may take several hours for a large system.
    admin-na206.corp100.local> restore
    ExampleNet_4050201203200004-20130221-641

...


...

  1. The admin credentials (that default to admin/admin) are changed on the Standby Operations Center following the database restore operation. The Standby Operations Center will use the admin credentials that previously applied to the Primary Operations Center.

...

  1. When the database restoration task finishes on the Standby Operations Center, run configure server a second time to regenerate the Standby Operations Center's self-signed certificate for HTTPS access. Retain your settings previously defined in Step 2 of this Procedure.

...

  1. In the administrative shell on the Standby Operations Center, configure the VPN tunnel server on the Standby Operations Center using the same VPN subnet and other settings as on the Primary. When asked for the server public name or IP address, be sure to enter the correct value for the Standby Operations Center. Do not configure a reference collector. The following listing is a sample capture for an entire session:

    Code Block
    admin-na206.corp100.local> configure tunserver

...

  1. 
+++ Configuring CA Settings

...

  1. 
CA key expiry in days [5475]:

...

  1. 
CA key size in bits [1024]:

...

  1. 
+++ Configuring Server

...

  1.  Setting
Server key expiry in days [5475]:

...

  1. 
Server key size in bits [1024]:

...

  1. 
Server Public Name or IP address: 172.23.27.170 <new IP address for Standby>

...

  1. 
Protocol (tcp, udp, udp6) [

...

  1. TCP]:

...

  1. 
Tunnel network base [5.0.0.0]:

...

  1. 
Block cipher:

...

  1. 

0. None (RSA auth)

...

  1. 

1. Blowfish-CBC

...

  1. 

2. AES-128-CBC

...

  1. 

3. Triple DES

...

  1. 

4. AES-256-CBC

...

  1. 

Enter Choice [2]:

...

  1. 

Use compression [y]:

...

  1. 

You can optionally designate a NetMRI client system as a "reference" system that will be used as a source of common settings.

...

  1. 

Enter reference system serial number or RETURN to skip: <press Enter here>

...

  1. 

Use these settings? (y/n) [n]: y

...

  1. 

+++ Initializing CA (may take a minute) ...

...

  1. 

+++ Creating Server Params and Keypair ...

...

  1. 

Generating DH parameters, 1024 bit long safe prime, generator 2

...

  1. 

This is going to take a long time

...

  1. 

....++*++*++*

...

  1. 

+++ Creating Server Config ...

...

  1. 

Successfully configured Tunnel CA and Server

...

  1. 

The server needs to be restarted for these changes to take effect.

...

  1. 

Do you wish to restart the server now? (y/n) [y]: y

...

  1. 

+++ Restarting Server ... OK

...


  2. Check the Standby Operation Center’s VPN tunnel server settings, which are used for communications between the Operations Center and its collectors, before proceeding:

    Code Block
    example-oc> show tunserver

...

  1. 

CA configured: Yes

...

  1. 

Server configured: Yes

...

  1. 

ServerPublicName: 172.23.27.170

...

  1. 

Proto: tcp

...

  1. 

Port: 443

...

  1. 

KeySize: 1024

...

  1. 

Network: 5.0.0.0

...

  1. 

Cipher: AES-128-CBC

...

  1. 

Compression: Yes

...

  1. 

Service running: Yes

...

  1. 

Reference NetMRI SN: N/A

...

  1. 

Reference NetMRI Import: Skipped

...

  1. 



Client Sessions:

...

  1. 

UnitSerialNo: 1200201202100020

...

  1. 

UnitName: oc-170-coll-1

...

  1. 

UnitIPAddress: 5.0.0.15

...

  1. 

Network: ExampleNet

...

  1. 

UnitID: 1

...

  1. 

Status: Offline: Last seen 2013-02-21 03:01:01

...

  1. 

...

...


  2. Using a Web browser, log in to the Standby Operations Center. Note that the admin password for the Standby Operations Center system will now be set to the password of the Primary Operations Center.

...

  1. To

...

  1. renable all data collectors needed for the configuration, click the Settings icon > Setup > Collection and Groups.

...


...

  1. You must re-enable SNMP collection on this page, as it is automatically disabled on a restore.

...

  1. To verify that all collectors are listed, click the Settings icon > Setup > Tunnels and Collectors,

...

...

  1.  Register the collectors to the Standby Operations Center by executing the following commands on each of the collectors. You use these commands to specify the Standby Operations Center IP address and new admin credentials:

    Code Block
    admin-collector111.corp100.local> reset tunclient

...

  1. 
admin-collector111.corp100.local> register

...


  2. Verify Operations Center collector registration and communication by entering the following:

    Code Block
    example-oc> show tunclient

...

  1. 
Client configured: Yes

...

  1. 
Server: 172.23.27.182

...

  1. 
Proto: tcp

...

  1. 
Port: 443

...

  1. 
Cipher: AES-128-CBC

...

  1. 
Compression: On

...

  1. 
Tunnel Server IP: 5.0.0.1

...

  1. 
Tunnel Client IP: 5.0.0.10

...

  1. 
Server reachable: Yes

...

  1. 
Service running: Yes

...

  1. 
Latest Service Log Entries:

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: VERIFY KU OK

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: Validating certificate extended key usage

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: VERIFY EKU OK

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: VERIFY OK: depth=0, /C=US/ST=CA/L=Santa_Clara/O=Infoblox/OU=na_Operations_Center/CN=OC182/name=Tunnel-Server/emailAddress=support@infoblox.com

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

...

  1. 
Apr 10 17:02:51 localhost openvpn[20804]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

...

  1. 
example-oc>

...


  2. In NetMRI UI, log back in to the Standby Operations Center.

...

  1. In Settings > Setup > Tunnels and Collectors, verify that each of the registered collectors is online. The Operations Center will begin receiving data from collectors immediately after the connection is established. Data processing and analysis will catch up in a time interval similar to how long the collectors were offline.

...

  1. In Settings > Database Settings > Scheduled Archive, define the new archiving settings that you will need for the new Operations Center system, including enabling automatic archiving, defining the recurrence pattern, and defining the remote systems that will receive the periodic archives.